Updating docker dependency version to https://github.com/google/cadvisor:v28.0.2+incompatible(latest) to fix security vuln

[pbettadapura]

We found vulnerabilities in Go Docker module v26.1.4:

cadvisor/cmd/go.mod

Line 67 in f6e31a3

github.com/docker/docker v26.1.4+incompatible // indirect
More details:
GO (Go) Security Update for github.com/docker/docker (GHSA-v23v-6jw2-98fq)

A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.

Refer to Github security advisory [https://github.com/advisories/https://github.com/advisories/GHSA-v23v-6jw2-98fq] GHSA-v23v-6jw2-98fq for updates and patch information. Patch: Following are links for downloading patches to fix the vulnerabilities: [https://github.com/advisories/https://github.com/advisories/GHSA-v23v-6jw2-98fq] https://github.com/advisories/GHSA-v23v-6jw2-98fq:github.com/docker/docker

Fix for this vuln is to update github.com/docker/docker v26.1.4 to at least v26.1.5](GHSA-v23v-6jw2-98fq).

[pbettadapura]

@dims @iwankgb Could you please help review this ?

[iwankgb]

Is cAdvisor using this authorization code? I would rather say that it is server side of Docker, that makes use of them.

[pbettadapura]

Is cAdvisor using this authorization code? I would rather say that it is server side of Docker, that makes use of them.

@iwankgb In my opinion, we still need to update the dependency package version because the vulnerability exists in the binaries ? Please let me know your thoughts.