I'm sorry you experienced problems when unattended-upgrades applied security fixes.
Failure to restart a service is either an issue with the package or with the local configuration, thus I mark docker.io and containerd being affected.
The blacklist is listing _packages_ not services and not applied transitively to dependencies nor reverse dependencies, thus unattended-upgraded was and is expected to upgrade containerd.
Please list containerd in the blacklist if you would like to prevent it to be upgraded and trigger a docker restart.
I'm sorry you experienced problems when unattended-upgrades applied security fixes.
Failure to restart a service is either an issue with the package or with the local configuration, thus I mark docker.io and containerd being affected.
The blacklist is listing _packages_ not services and not applied transitively to dependencies nor reverse dependencies, thus unattended-upgraded was and is expected to upgrade containerd.
Please list containerd in the blacklist if you would like to prevent it to be upgraded and trigger a docker restart.