[release-1.26] Bump version to 1.26.9

[dashea]

What type of PR is this?

/kind other

What this PR does / why we need it:

New release for changes for CVE-2024-11218

How to verify it

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

[nalind]

Can you pull in this .cirrus.yml chunk?

[nalind]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dashea, nalind

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [nalind]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nalind]

Thanks!
/lgtm

[nalind]

/hold
Bot's supposed to wait for tests to finish before putting it in the merge pool.

[nalind]

/unhold

[TomSweeneyRedHat]

@dashea @cevich I unfortunately don't have SSO access at the moment and can't double check, but do we need Buildah 1.26 for RHEL 8.6, or Buildah 1.27?

[dashea]

@TomSweeneyRedHat 1.26. Here's the last advisory we took care for for 8.6, updated to buildah-1.26.8: https://access.redhat.com/errata/RHSA-2024:8703

[dashea]

@TomSweeneyRedHat ...but podman in 8.6 uses buildah 1.27.

[TomSweeneyRedHat]

@dashea, thanks! I had written down 1.27 on my notes for this CVE, and had forgotten that was the version vendored into Podman, yet Buildah itself was 1.26 on RHEL 8.6. So ugh, looks like we'll need both versions of Buildah updated.