From b48c5059d32c86b251507e5159c8947d66a172c5 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:16:45 -0500
Subject: [PATCH 01/12] allow release using standard github actions token

---
 .github/workflows/release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c00fc89bd..cff917029 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,8 @@ on:
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3

From d68408632f39db2562a14c0e47711bba5f1000c8 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:19:11 -0500
Subject: [PATCH 02/12] support newer network api features

---
 docs/resources/device.md                    |  3 -
 docs/resources/network.md                   |  2 +-
 docs/resources/port_profile.md              |  3 +-
 examples/resources/unifi_device/resource.tf |  3 -
 internal/provider/resource_device.go        |  9 ++
 internal/provider/resource_network.go       | 50 +++++------
 internal/provider/resource_port_profile.go  | 93 +++++++++++----------
 7 files changed, 87 insertions(+), 76 deletions(-)

diff --git a/docs/resources/device.md b/docs/resources/device.md
index 782694de5..b42cc95c5 100644
--- a/docs/resources/device.md
+++ b/docs/resources/device.md
@@ -26,9 +26,6 @@ resource "unifi_port_profile" "poe" {
   forward = "customize"
 
   native_networkconf_id = var.native_network_id
-  tagged_networkconf_ids = [
-    var.some_vlan_network_id,
-  ]
 
   poe_mode = "auto"
 }
diff --git a/docs/resources/network.md b/docs/resources/network.md
index 7c3a76ae6..f61843c7f 100644
--- a/docs/resources/network.md
+++ b/docs/resources/network.md
@@ -69,7 +69,6 @@ resource "unifi_network" "wan" {
 - `domain_name` (String) The domain name of this network.
 - `igmp_snooping` (Boolean) Specifies whether IGMP snooping is enabled or not.
 - `internet_access_enabled` (Boolean) Specifies whether this network should be allowed to access the internet or not. Defaults to `true`.
-- `intra_network_access_enabled` (Boolean) Specifies whether this network should be allowed to access other local networks or not. Defaults to `true`.
 - `ipv6_interface_type` (String) Specifies which type of IPv6 connection to use. Must be one of either `static`, `pd`, or `none`. Defaults to `none`.
 - `ipv6_pd_interface` (String) Specifies which WAN interface to use for IPv6 PD. Must be one of either `wan` or `wan2`.
 - `ipv6_pd_prefixid` (String) Specifies the IPv6 Prefix ID.
@@ -82,6 +81,7 @@ resource "unifi_network" "wan" {
 - `ipv6_static_subnet` (String) Specifies the static IPv6 subnet when `ipv6_interface_type` is 'static'.
 - `multicast_dns` (Boolean) Specifies whether Multicast DNS (mDNS) is enabled or not on the network (Controller >=v7).
 - `network_group` (String) The group of the network. Defaults to `LAN`.
+- `network_isolation_enabled`: (Boolean) Specifies whether this network should be not allowed to access other local networks. Defaults to `false`.
 - `site` (String) The name of the site to associate the network with.
 - `subnet` (String) The subnet of the network. Must be a valid CIDR address.
 - `vlan_id` (Number) The VLAN ID of the network.
diff --git a/docs/resources/port_profile.md b/docs/resources/port_profile.md
index cf868ce6f..eba932d95 100644
--- a/docs/resources/port_profile.md
+++ b/docs/resources/port_profile.md
@@ -46,6 +46,7 @@ resource "unifi_port_profile" "poe_disabled" {
 - `dot1x_idle_timeout` (Number) The timeout, in seconds, to use when using the MAC Based 802.1X control. Can be between 0 and 65535 Defaults to `300`.
 - `egress_rate_limit_kbps` (Number) The egress rate limit, in kpbs, for the port profile. Can be between `64` and `9999999`.
 - `egress_rate_limit_kbps_enabled` (Boolean) Enable egress rate limiting for the port profile. Defaults to `false`.
+- `excluded_networkconf_ids` (Set of String) The IDs of networks to block traffic for this port profile.
 - `forward` (String) The type forwarding to use for the port profile. Can be `all`, `native`, `customize` or `disabled`. Defaults to `native`.
 - `full_duplex` (Boolean) Enable full duplex for the port profile. Defaults to `false`.
 - `isolation` (Boolean) Enable port isolation for the port profile. Defaults to `false`.
@@ -61,6 +62,7 @@ resource "unifi_port_profile" "poe_disabled" {
 - `priority_queue2_level` (Number) The priority queue 2 level for the port profile. Can be between 0 and 100.
 - `priority_queue3_level` (Number) The priority queue 3 level for the port profile. Can be between 0 and 100.
 - `priority_queue4_level` (Number) The priority queue 4 level for the port profile. Can be between 0 and 100.
+- `show_traffic_restriction_as_allowlist` (Boolean) Show the Traffic Restriction as allow list. This only affect to the UI, the list need to be configured on `excluded_networkconf_ids` as black list.
 - `site` (String) The name of the site to associate the port profile with.
 - `speed` (Number) The link speed to set for the port profile. Can be one of `10`, `100`, `1000`, `2500`, `5000`, `10000`, `20000`, `25000`, `40000`, `50000` or `100000`
 - `stormctrl_bcast_enabled` (Boolean) Enable broadcast Storm Control for the port profile. Defaults to `false`.
@@ -74,7 +76,6 @@ resource "unifi_port_profile" "poe_disabled" {
 - `stormctrl_ucast_level` (Number) The unknown unicast Storm Control level for the port profile. Can be between 0 and 100.
 - `stormctrl_ucast_rate` (Number) The unknown unicast Storm Control rate for the port profile. Can be between 0 and 14880000.
 - `stp_port_mode` (Boolean) Enable spanning tree protocol on the port profile. Defaults to `true`.
-- `tagged_networkconf_ids` (Set of String) The IDs of networks to tag traffic with for the port profile.
 - `voice_networkconf_id` (String) The ID of network to use as the voice network on the port profile.
 
 ### Read-Only
diff --git a/examples/resources/unifi_device/resource.tf b/examples/resources/unifi_device/resource.tf
index 5417c23dc..571bdfccb 100644
--- a/examples/resources/unifi_device/resource.tf
+++ b/examples/resources/unifi_device/resource.tf
@@ -8,9 +8,6 @@ resource "unifi_port_profile" "poe" {
   forward = "customize"
 
   native_networkconf_id = var.native_network_id
-  tagged_networkconf_ids = [
-    var.some_vlan_network_id,
-  ]
 
   poe_mode = "auto"
 }
diff --git a/internal/provider/resource_device.go b/internal/provider/resource_device.go
index fc3a3a9e8..de9df9c39 100644
--- a/internal/provider/resource_device.go
+++ b/internal/provider/resource_device.go
@@ -80,6 +80,11 @@ func resourceDevice() *schema.Resource {
 							Type:        schema.TypeString,
 							Optional:    true,
 						},
+						"native_network_id": {
+							Description: "The ID of network to use as the main network on the port.",
+							Type:        schema.TypeString,
+							Optional:    true,
+						},
 						"port_profile_id": {
 							Description: "ID of the Port Profile used on this port.",
 							Type:        schema.TypeString,
@@ -109,6 +114,7 @@ func resourceDevice() *schema.Resource {
 							Type:         schema.TypeInt,
 							Optional:     true,
 							ValidateFunc: validation.IntBetween(2, 8),
+							Default:      0,
 							DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
 								if old == strconv.Itoa(0) && new == "" {
 									return true
@@ -364,6 +370,7 @@ func toPortOverride(data map[string]interface{}) (unifi.DevicePortOverrides, err
 	opMode := data["op_mode"].(string)
 	poeMode := data["poe_mode"].(string)
 	aggregateNumPorts := data["aggregate_num_ports"].(int)
+	nativeNetworkID := data["native_network_id"].(string)
 
 	return unifi.DevicePortOverrides{
 		PortIDX:           idx,
@@ -372,6 +379,7 @@ func toPortOverride(data map[string]interface{}) (unifi.DevicePortOverrides, err
 		OpMode:            opMode,
 		PoeMode:           poeMode,
 		AggregateNumPorts: aggregateNumPorts,
+		NATiveNetworkID:   nativeNetworkID,
 	}, nil
 }
 
@@ -383,6 +391,7 @@ func fromPortOverride(po unifi.DevicePortOverrides) (map[string]interface{}, err
 		"op_mode":             po.OpMode,
 		"poe_mode":            po.PoeMode,
 		"aggregate_num_ports": po.AggregateNumPorts,
+		"native_network_id":   po.NATiveNetworkID,
 	}, nil
 }
 
diff --git a/internal/provider/resource_network.go b/internal/provider/resource_network.go
index 3faf0b8c7..968253692 100644
--- a/internal/provider/resource_network.go
+++ b/internal/provider/resource_network.go
@@ -97,6 +97,12 @@ func resourceNetwork() *schema.Resource {
 				Optional:    true,
 				Default:     "LAN",
 			},
+			"network_isolation_enabled": {
+				Description: "Specifies whether this network should be not allowed to access other local networks.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
 			"dhcp_start": {
 				Description:  "The IPv4 address where the DHCP range of addresses starts.",
 				Type:         schema.TypeString,
@@ -253,12 +259,6 @@ func resourceNetwork() *schema.Resource {
 				Optional:    true,
 				Default:     true,
 			},
-			"intra_network_access_enabled": {
-				Description: "Specifies whether this network should be allowed to access other local networks or not.",
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     true,
-			},
 			"ipv6_ra_preferred_lifetime": {
 				Description: "Lifetime in which the address can be used. Address becomes deprecated afterwards. Must be lower than or equal to `ipv6_ra_valid_lifetime`",
 				Type:        schema.TypeInt,
@@ -415,22 +415,23 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 	}
 
 	return &unifi.Network{
-		Name:              d.Get("name").(string),
-		Purpose:           d.Get("purpose").(string),
-		VLAN:              vlan,
-		IPSubnet:          cidrOneBased(d.Get("subnet").(string)),
-		NetworkGroup:      d.Get("network_group").(string),
-		DHCPDStart:        d.Get("dhcp_start").(string),
-		DHCPDStop:         d.Get("dhcp_stop").(string),
-		DHCPDEnabled:      d.Get("dhcp_enabled").(bool),
-		DHCPDLeaseTime:    d.Get("dhcp_lease").(int),
-		DHCPDBootEnabled:  d.Get("dhcpd_boot_enabled").(bool),
-		DHCPDBootServer:   d.Get("dhcpd_boot_server").(string),
-		DHCPDBootFilename: d.Get("dhcpd_boot_filename").(string),
-		DHCPRelayEnabled:  d.Get("dhcp_relay_enabled").(bool),
-		DomainName:        d.Get("domain_name").(string),
-		IGMPSnooping:      d.Get("igmp_snooping").(bool),
-		MdnsEnabled:       d.Get("multicast_dns").(bool),
+		Name:                    d.Get("name").(string),
+		Purpose:                 d.Get("purpose").(string),
+		VLAN:                    vlan,
+		IPSubnet:                cidrOneBased(d.Get("subnet").(string)),
+		NetworkGroup:            d.Get("network_group").(string),
+		NetworkIsolationEnabled: d.Get("network_isolation_enabled").(bool),
+		DHCPDStart:              d.Get("dhcp_start").(string),
+		DHCPDStop:               d.Get("dhcp_stop").(string),
+		DHCPDEnabled:            d.Get("dhcp_enabled").(bool),
+		DHCPDLeaseTime:          d.Get("dhcp_lease").(int),
+		DHCPDBootEnabled:        d.Get("dhcpd_boot_enabled").(bool),
+		DHCPDBootServer:         d.Get("dhcpd_boot_server").(string),
+		DHCPDBootFilename:       d.Get("dhcpd_boot_filename").(string),
+		DHCPRelayEnabled:        d.Get("dhcp_relay_enabled").(bool),
+		DomainName:              d.Get("domain_name").(string),
+		IGMPSnooping:            d.Get("igmp_snooping").(bool),
+		MdnsEnabled:             d.Get("multicast_dns").(bool),
 
 		DHCPDDNSEnabled: len(dhcpDNS) > 0,
 		// this is kinda hacky but ¯\_(ツ)_/¯
@@ -466,8 +467,7 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 		IPV6RaPriority:          d.Get("ipv6_ra_priority").(string),
 		IPV6RaValidLifetime:     d.Get("ipv6_ra_valid_lifetime").(int),
 
-		InternetAccessEnabled:     d.Get("internet_access_enabled").(bool),
-		IntraNetworkAccessEnabled: d.Get("intra_network_access_enabled").(bool),
+		InternetAccessEnabled: d.Get("internet_access_enabled").(bool),
 
 		WANIP:           d.Get("wan_ip").(string),
 		WANType:         d.Get("wan_type").(string),
@@ -567,6 +567,7 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 	d.Set("vlan_id", vlan)
 	d.Set("subnet", cidrZeroBased(resp.IPSubnet))
 	d.Set("network_group", resp.NetworkGroup)
+	d.Set("network_isolation_enabled", resp.NetworkIsolationEnabled)
 
 	d.Set("dhcp_dns", dhcpDNS)
 	d.Set("dhcp_enabled", resp.DHCPDEnabled)
@@ -586,7 +587,6 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 	d.Set("domain_name", resp.DomainName)
 	d.Set("igmp_snooping", resp.IGMPSnooping)
 	d.Set("internet_access_enabled", resp.InternetAccessEnabled)
-	d.Set("intra_network_access_enabled", resp.IntraNetworkAccessEnabled)
 	d.Set("ipv6_interface_type", resp.IPV6InterfaceType)
 	d.Set("ipv6_pd_interface", resp.IPV6PDInterface)
 	d.Set("ipv6_pd_prefixid", resp.IPV6PDPrefixid)
diff --git a/internal/provider/resource_port_profile.go b/internal/provider/resource_port_profile.go
index dcf1fe33a..2772c7991 100644
--- a/internal/provider/resource_port_profile.go
+++ b/internal/provider/resource_port_profile.go
@@ -66,6 +66,12 @@ func resourcePortProfile() *schema.Resource {
 				Optional:    true,
 				Default:     false,
 			},
+			"excluded_networkconf_ids": {
+				Description: "The IDs of networks to block traffic for this port profile.",
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
 			"forward": {
 				Description:  "The type forwarding to use for the port profile. Can be `all`, `native`, `customize` or `disabled`.",
 				Type:         schema.TypeString,
@@ -157,6 +163,12 @@ func resourcePortProfile() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.IntBetween(0, 100),
 			},
+			"show_traffic_restriction_as_allowlist": {
+				Description: "Show the Traffic Restriction as allow list. This only affect to the UI, the list need to be configured on `excluded_networkconf_ids` as black list.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
 			"speed": {
 				Description:  "The link speed to set for the port profile. Can be one of `10`, `100`, `1000`, `2500`, `5000`, `10000`, `20000`, `25000`, `40000`, `50000` or `100000`",
 				Type:         schema.TypeInt,
@@ -232,13 +244,6 @@ func resourcePortProfile() *schema.Resource {
 				Optional:    true,
 				Default:     true,
 			},
-			// TODO: renamed to tagged_network_ids
-			"tagged_networkconf_ids": {
-				Description: "The IDs of networks to tag traffic with for the port profile.",
-				Type:        schema.TypeSet,
-				Optional:    true,
-				Elem:        &schema.Schema{Type: schema.TypeString},
-			},
 			// TODO: rename to voice_network_id
 			"voice_networkconf_id": {
 				Description: "The ID of network to use as the voice network on the port profile.",
@@ -277,46 +282,47 @@ func resourcePortProfileGetResourceData(d *schema.ResourceData) (*unifi.PortProf
 		return nil, err
 	}
 
-	taggedNetworkconfIds, err := setToStringSlice(d.Get("tagged_networkconf_ids").(*schema.Set))
+	excludedNetworkIds, err := setToStringSlice(d.Get("excluded_networkconf_ids").(*schema.Set))
 	if err != nil {
 		return nil, err
 	}
 
 	return &unifi.PortProfile{
-		Autoneg:                      d.Get("autoneg").(bool),
-		Dot1XCtrl:                    d.Get("dot1x_ctrl").(string),
-		Dot1XIDleTimeout:             d.Get("dot1x_idle_timeout").(int),
-		EgressRateLimitKbps:          d.Get("egress_rate_limit_kbps").(int),
-		EgressRateLimitKbpsEnabled:   d.Get("egress_rate_limit_kbps_enabled").(bool),
-		Forward:                      d.Get("forward").(string),
-		FullDuplex:                   d.Get("full_duplex").(bool),
-		Isolation:                    d.Get("isolation").(bool),
-		LldpmedEnabled:               d.Get("lldpmed_enabled").(bool),
-		LldpmedNotifyEnabled:         d.Get("lldpmed_notify_enabled").(bool),
-		NATiveNetworkID:              d.Get("native_networkconf_id").(string),
-		Name:                         d.Get("name").(string),
-		OpMode:                       d.Get("op_mode").(string),
-		PoeMode:                      d.Get("poe_mode").(string),
-		PortSecurityEnabled:          d.Get("port_security_enabled").(bool),
-		PortSecurityMACAddress:       portSecurityMacAddress,
-		PriorityQueue1Level:          d.Get("priority_queue1_level").(int),
-		PriorityQueue2Level:          d.Get("priority_queue2_level").(int),
-		PriorityQueue3Level:          d.Get("priority_queue3_level").(int),
-		PriorityQueue4Level:          d.Get("priority_queue4_level").(int),
-		Speed:                        d.Get("speed").(int),
-		StormctrlBroadcastastEnabled: d.Get("stormctrl_bcast_enabled").(bool),
-		StormctrlBroadcastastLevel:   d.Get("stormctrl_bcast_level").(int),
-		StormctrlBroadcastastRate:    d.Get("stormctrl_bcast_rate").(int),
-		StormctrlMcastEnabled:        d.Get("stormctrl_mcast_enabled").(bool),
-		StormctrlMcastLevel:          d.Get("stormctrl_mcast_level").(int),
-		StormctrlMcastRate:           d.Get("stormctrl_mcast_rate").(int),
-		StormctrlType:                d.Get("stormctrl_type").(string),
-		StormctrlUcastEnabled:        d.Get("stormctrl_ucast_enabled").(bool),
-		StormctrlUcastLevel:          d.Get("stormctrl_ucast_level").(int),
-		StormctrlUcastRate:           d.Get("stormctrl_ucast_rate").(int),
-		StpPortMode:                  d.Get("stp_port_mode").(bool),
-		TaggedNetworkIDs:             taggedNetworkconfIds,
-		VoiceNetworkID:               d.Get("voice_networkconf_id").(string),
+		Autoneg:                           d.Get("autoneg").(bool),
+		Dot1XCtrl:                         d.Get("dot1x_ctrl").(string),
+		Dot1XIDleTimeout:                  d.Get("dot1x_idle_timeout").(int),
+		EgressRateLimitKbps:               d.Get("egress_rate_limit_kbps").(int),
+		EgressRateLimitKbpsEnabled:        d.Get("egress_rate_limit_kbps_enabled").(bool),
+		Forward:                           d.Get("forward").(string),
+		ExcludedNetworkIDs:                excludedNetworkIds,
+		FullDuplex:                        d.Get("full_duplex").(bool),
+		Isolation:                         d.Get("isolation").(bool),
+		LldpmedEnabled:                    d.Get("lldpmed_enabled").(bool),
+		LldpmedNotifyEnabled:              d.Get("lldpmed_notify_enabled").(bool),
+		NATiveNetworkID:                   d.Get("native_networkconf_id").(string),
+		Name:                              d.Get("name").(string),
+		OpMode:                            d.Get("op_mode").(string),
+		PoeMode:                           d.Get("poe_mode").(string),
+		PortSecurityEnabled:               d.Get("port_security_enabled").(bool),
+		PortSecurityMACAddress:            portSecurityMacAddress,
+		PriorityQueue1Level:               d.Get("priority_queue1_level").(int),
+		PriorityQueue2Level:               d.Get("priority_queue2_level").(int),
+		PriorityQueue3Level:               d.Get("priority_queue3_level").(int),
+		PriorityQueue4Level:               d.Get("priority_queue4_level").(int),
+		ShowTrafficRestrictionAsAllowlist: d.Get("show_traffic_restriction_as_allowlist").(bool),
+		Speed:                             d.Get("speed").(int),
+		StormctrlBroadcastastEnabled:      d.Get("stormctrl_bcast_enabled").(bool),
+		StormctrlBroadcastastLevel:        d.Get("stormctrl_bcast_level").(int),
+		StormctrlBroadcastastRate:         d.Get("stormctrl_bcast_rate").(int),
+		StormctrlMcastEnabled:             d.Get("stormctrl_mcast_enabled").(bool),
+		StormctrlMcastLevel:               d.Get("stormctrl_mcast_level").(int),
+		StormctrlMcastRate:                d.Get("stormctrl_mcast_rate").(int),
+		StormctrlType:                     d.Get("stormctrl_type").(string),
+		StormctrlUcastEnabled:             d.Get("stormctrl_ucast_enabled").(bool),
+		StormctrlUcastLevel:               d.Get("stormctrl_ucast_level").(int),
+		StormctrlUcastRate:                d.Get("stormctrl_ucast_rate").(int),
+		StpPortMode:                       d.Get("stp_port_mode").(bool),
+		VoiceNetworkID:                    d.Get("voice_networkconf_id").(string),
 	}, nil
 }
 
@@ -328,6 +334,7 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("egress_rate_limit_kbps", resp.EgressRateLimitKbps)
 	d.Set("egress_rate_limit_kbps_enabled", resp.EgressRateLimitKbpsEnabled)
 	d.Set("forward", resp.Forward)
+	d.Set("excluded_networkconf_ids", stringSliceToSet(resp.ExcludedNetworkIDs))
 	d.Set("full_duplex", resp.FullDuplex)
 	d.Set("isolation", resp.Isolation)
 	d.Set("lldpmed_enabled", resp.LldpmedEnabled)
@@ -342,6 +349,7 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("priority_queue2_level", resp.PriorityQueue2Level)
 	d.Set("priority_queue3_level", resp.PriorityQueue3Level)
 	d.Set("priority_queue4_level", resp.PriorityQueue4Level)
+	d.Set("show_traffic_restriction_as_allowlist", resp.ShowTrafficRestrictionAsAllowlist)
 	d.Set("speed", resp.Speed)
 	d.Set("stormctrl_bcast_enabled", resp.StormctrlBroadcastastEnabled)
 	d.Set("stormctrl_bcast_level", resp.StormctrlBroadcastastLevel)
@@ -354,7 +362,6 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("stormctrl_ucast_level", resp.StormctrlUcastLevel)
 	d.Set("stormctrl_ucast_rate", resp.StormctrlUcastRate)
 	d.Set("stp_port_mode", resp.StpPortMode)
-	d.Set("tagged_networkconf_ids", stringSliceToSet(resp.TaggedNetworkIDs))
 	d.Set("voice_networkconf_id", resp.VoiceNetworkID)
 
 	return nil

From b95213da3483cd95792d6184a298a22ba9b2dce1 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:20:47 -0500
Subject: [PATCH 03/12] support skip for wlan passphrase

---
 docs/resources/wlan.md             | 2 +-
 internal/provider/resource_wlan.go | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/resources/wlan.md b/docs/resources/wlan.md
index bb469789b..861b3b2b4 100644
--- a/docs/resources/wlan.md
+++ b/docs/resources/wlan.md
@@ -75,7 +75,7 @@ resource "unifi_wlan" "wifi" {
 - `multicast_enhance` (Boolean) Indicates whether or not Multicast Enhance is turned of for the network.
 - `network_id` (String) ID of the network for this SSID
 - `no2ghz_oui` (Boolean) Connect high performance clients to 5 GHz only. Defaults to `true`.
-- `passphrase` (String, Sensitive) The passphrase for the network, this is only required if `security` is not set to `open`.
+- `passphrase` (String, Sensitive) The passphrase for the network, this is only required if `security` is not set to `open`. If you use the static string "skip", the provider will not modify the passphrase or store it in the state file.
 - `pmf_mode` (String) Enable Protected Management Frames. This cannot be disabled if using WPA 3. Valid values are `required`, `optional` and `disabled`. Defaults to `disabled`.
 - `proxy_arp` (Boolean) Reduces airtime usage by allowing APs to "proxy" common broadcast frames as unicast. Defaults to `false`.
 - `radius_profile_id` (String) ID of the RADIUS profile to use when security `wpaeap`. You can query this via the `unifi_radius_profile` data source.
diff --git a/internal/provider/resource_wlan.go b/internal/provider/resource_wlan.go
index 5c68eee7f..1da1724f3 100644
--- a/internal/provider/resource_wlan.go
+++ b/internal/provider/resource_wlan.go
@@ -249,6 +249,9 @@ func resourceWLANGetResourceData(d *schema.ResourceData, meta interface{}) (*uni
 	case "open":
 		passphrase = ""
 	}
+	if passphrase == "skip" {
+		passphrase = ""
+	}
 
 	pmf := d.Get("pmf_mode").(string)
 	wpa3 := d.Get("wpa3_support").(bool)
@@ -387,6 +390,11 @@ func resourceWLANSetResourceData(resp *unifi.WLAN, d *schema.ResourceData, meta
 		wpa3Transition = resp.WPA3Transition
 	}
 
+	inputPassphrase := d.Get("passphrase").(string)
+	if inputPassphrase == "skip" {
+		passphrase = "skip"
+	}
+
 	macFilterEnabled := resp.MACFilterEnabled
 	var macFilterList *schema.Set
 	macFilterPolicy := "deny"

From cde2814e4a091ae7293f3dae73d2f4d9d8b88814 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:21:52 -0500
Subject: [PATCH 04/12] adjust naming

---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index f753eb1e8..7167fe982 100644
--- a/main.go
+++ b/main.go
@@ -5,7 +5,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/plugin"
 
-	"github.com/paultyng/terraform-provider-unifi/internal/provider"
+	"github.com/akerl/terraform-provider-unifi/internal/provider"
 )
 
 // Generate docs for website

From 7251fb7164627d192eddd32a7ea8e514ee13293d Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:30:37 -0500
Subject: [PATCH 05/12] update vendoring

---
 go.mod                                        |   7 +-
 go.sum                                        |  14 +-
 .../helper/resource/testing.go                |   4 +-
 .../plancheck/expect_sensitive_value.go       |  61 ++++
 .../plancheck/expect_unknown_value.go         |  61 ++++
 .../tfjsonpath/doc.go                         |   6 +
 .../tfjsonpath/path.go                        | 107 ++++++
 .../tfjsonpath/step.go                        |  14 +
 .../go-unifi/unifi/device.generated.go        |  77 ++--
 .../go-unifi/unifi/network.generated.go       |  84 +++--
 .../go-unifi/unifi/port_profile.generated.go  |  71 ++--
 .../go-unifi/unifi/schedule_task.generated.go |  15 +-
 .../unifi/setting_guest_access.generated.go   |  41 +--
 ...etting_magic_site_to_site_vpn.generated.go |  87 +++++
 .../paultyng/go-unifi/unifi/user.generated.go |  30 +-
 .../paultyng/go-unifi/unifi/user.go           |  13 +
 .../go-unifi/unifi/version.generated.go       |   2 +-
 .../paultyng/go-unifi/unifi/wlan.generated.go |   1 -
 vendor/go.uber.org/multierr/CHANGELOG.md      |   8 +
 vendor/go.uber.org/multierr/error.go          | 345 ++++++++++--------
 vendor/modules.txt                            |  12 +-
 21 files changed, 730 insertions(+), 330 deletions(-)
 create mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_sensitive_value.go
 create mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_value.go
 create mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/doc.go
 create mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/path.go
 create mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/step.go
 create mode 100644 vendor/github.com/paultyng/go-unifi/unifi/setting_magic_site_to_site_vpn.generated.go

diff --git a/go.mod b/go.mod
index ea050e8ab..27538bc65 100644
--- a/go.mod
+++ b/go.mod
@@ -7,14 +7,15 @@ go 1.20
 // replace github.com/hashicorp/terraform-plugin-sdk/v2 => ../../hashicorp/terraform-plugin-sdk
 
 require (
+	github.com/akerl/terraform-provider-unifi v0.41.8
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/deckarep/golang-set/v2 v2.3.1
 	github.com/golangci/golangci-lint v1.53.3
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0
-	github.com/hashicorp/terraform-plugin-testing v1.3.0
-	github.com/paultyng/go-unifi v1.32.0
+	github.com/hashicorp/terraform-plugin-testing v1.4.0
+	github.com/paultyng/go-unifi v1.33.0
 	github.com/testcontainers/testcontainers-go v0.23.0
 	github.com/testcontainers/testcontainers-go/modules/compose v0.23.0
 )
@@ -324,7 +325,7 @@ require (
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.tmz.dev/musttag v0.7.0 // indirect
 	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/multierr v1.9.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.14.0 // indirect
 	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb // indirect
diff --git a/go.sum b/go.sum
index be0ce2c67..157b44b97 100644
--- a/go.sum
+++ b/go.sum
@@ -95,6 +95,8 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/akerl/terraform-provider-unifi v0.41.8 h1:BRPspSWwYoyJN3DYHWfms70zuKqbBIQMkL3mKsgHj0M=
+github.com/akerl/terraform-provider-unifi v0.41.8/go.mod h1:J4XzxDi6sORa52ESsk3GpLh9RaFu+cfKxokSV4Kli2M=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -548,8 +550,8 @@ github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9T
 github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 h1:wcOKYwPI9IorAJEBLzgclh3xVolO7ZorYd6U1vnok14=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0/go.mod h1:qH/34G25Ugdj5FcM95cSoXzUgIbgfhVLXCcEcYaMwq8=
-github.com/hashicorp/terraform-plugin-testing v1.3.0 h1:4Pn8fSspPCRUc5zRGPNZYc00VhQmQPEH6y6Pv4e/42M=
-github.com/hashicorp/terraform-plugin-testing v1.3.0/go.mod h1:mGOfGFTVIhP9buGPZyDQhmZFIO/Ig8E0Fo694UACr64=
+github.com/hashicorp/terraform-plugin-testing v1.4.0 h1:DVIXxw7VHZvnwWVik4HzhpC2yytaJ5FpiHxz5debKmE=
+github.com/hashicorp/terraform-plugin-testing v1.4.0/go.mod h1:b7Bha24iGrbZQjT+ZE8m9crck1YjdVOZ8mfGCQ19OxA=
 github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno=
 github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
@@ -785,8 +787,8 @@ github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJ
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
-github.com/paultyng/go-unifi v1.32.0 h1:k3zHkL57JEmzghRgvvRuDTSkw9CtD10zdxCB9OUweYI=
-github.com/paultyng/go-unifi v1.32.0/go.mod h1:i8D+gyo5NinnDlQ5ZGdqSvRqRyHuV4zA2CLZnHb0axE=
+github.com/paultyng/go-unifi v1.33.0 h1:m4GejxTXdy5zlFu6/FDwQSe8/8VIadbgGTfnciMUQdY=
+github.com/paultyng/go-unifi v1.33.0/go.mod h1:t1CIy42PeR7IiGsFXh7hwqL/xG3JQu7e4HbhEVr74CU=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
@@ -1064,8 +1066,8 @@ go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
-go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
+go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
+go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing.go b/vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing.go
index be7c01c6c..d1dcc3406 100644
--- a/vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing.go
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing.go
@@ -162,7 +162,7 @@ func runSweepers(regions []string, sweepers map[string]*Sweeper, allowFailures b
 		log.Printf("Sweeper Tests for region (%s) ran successfully:\n", region)
 		for sweeper, sweeperErr := range regionSweeperRunList {
 			if sweeperErr == nil {
-				fmt.Printf("\t- %s\n", sweeper)
+				log.Printf("\t- %s\n", sweeper)
 			} else {
 				regionSweeperErrorFound = true
 			}
@@ -173,7 +173,7 @@ func runSweepers(regions []string, sweepers map[string]*Sweeper, allowFailures b
 			log.Printf("Sweeper Tests for region (%s) ran unsuccessfully:\n", region)
 			for sweeper, sweeperErr := range regionSweeperRunList {
 				if sweeperErr != nil {
-					fmt.Printf("\t- %s: %s\n", sweeper, sweeperErr)
+					log.Printf("\t- %s: %s\n", sweeper, sweeperErr)
 				}
 			}
 		}
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_sensitive_value.go b/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_sensitive_value.go
new file mode 100644
index 000000000..b6c3a5194
--- /dev/null
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_sensitive_value.go
@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package plancheck
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
+)
+
+var _ PlanCheck = expectSensitiveValue{}
+
+type expectSensitiveValue struct {
+	resourceAddress string
+	attributePath   tfjsonpath.Path
+}
+
+// CheckPlan implements the plan check logic.
+func (e expectSensitiveValue) CheckPlan(ctx context.Context, req CheckPlanRequest, resp *CheckPlanResponse) {
+
+	for _, rc := range req.Plan.ResourceChanges {
+		if e.resourceAddress != rc.Address {
+			continue
+		}
+
+		result, err := tfjsonpath.Traverse(rc.Change.AfterSensitive, e.attributePath)
+		if err != nil {
+			resp.Error = err
+			return
+		}
+
+		isSensitive, ok := result.(bool)
+		if !ok {
+			resp.Error = fmt.Errorf("invalid path: the path value cannot be asserted as bool")
+			return
+		}
+
+		if !isSensitive {
+			resp.Error = fmt.Errorf("attribute at path is not sensitive")
+			return
+		}
+
+		return
+	}
+
+	resp.Error = fmt.Errorf("%s - Resource not found in plan ResourceChanges", e.resourceAddress)
+}
+
+// ExpectSensitiveValue returns a plan check that asserts that the specified attribute at the given resource has a sensitive value.
+//
+// Due to implementation differences between the terraform-plugin-sdk and the terraform-plugin-framework, representation of sensitive
+// values may differ. For example, terraform-plugin-sdk based providers may have less precise representations of sensitive values, such
+// as marking whole maps as sensitive rather than individual element values.
+func ExpectSensitiveValue(resourceAddress string, attributePath tfjsonpath.Path) PlanCheck {
+	return expectSensitiveValue{
+		resourceAddress: resourceAddress,
+		attributePath:   attributePath,
+	}
+}
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_value.go b/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_value.go
new file mode 100644
index 000000000..1569397c2
--- /dev/null
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_value.go
@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package plancheck
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
+)
+
+var _ PlanCheck = expectUnknownValue{}
+
+type expectUnknownValue struct {
+	resourceAddress string
+	attributePath   tfjsonpath.Path
+}
+
+// CheckPlan implements the plan check logic.
+func (e expectUnknownValue) CheckPlan(ctx context.Context, req CheckPlanRequest, resp *CheckPlanResponse) {
+
+	for _, rc := range req.Plan.ResourceChanges {
+		if e.resourceAddress != rc.Address {
+			continue
+		}
+
+		result, err := tfjsonpath.Traverse(rc.Change.AfterUnknown, e.attributePath)
+		if err != nil {
+			resp.Error = err
+			return
+		}
+
+		isUnknown, ok := result.(bool)
+		if !ok {
+			resp.Error = fmt.Errorf("invalid path: the path value cannot be asserted as bool")
+			return
+		}
+
+		if !isUnknown {
+			resp.Error = fmt.Errorf("attribute at path is known")
+			return
+		}
+
+		return
+	}
+
+	resp.Error = fmt.Errorf("%s - Resource not found in plan ResourceChanges", e.resourceAddress)
+}
+
+// ExpectUnknownValue returns a plan check that asserts that the specified attribute at the given resource has an unknown value.
+//
+// Due to implementation differences between the terraform-plugin-sdk and the terraform-plugin-framework, representation of unknown
+// values may differ. For example, terraform-plugin-sdk based providers may have less precise representations of unknown values, such
+// as marking whole maps as unknown rather than individual element values.
+func ExpectUnknownValue(resourceAddress string, attributePath tfjsonpath.Path) PlanCheck {
+	return expectUnknownValue{
+		resourceAddress: resourceAddress,
+		attributePath:   attributePath,
+	}
+}
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/doc.go b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/doc.go
new file mode 100644
index 000000000..4b1a4923b
--- /dev/null
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/doc.go
@@ -0,0 +1,6 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+// Package tfjsonpath implements terraform-json path functionality, which defines
+// traversals into Terraform JSON data, for testing purposes.
+package tfjsonpath
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/path.go b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/path.go
new file mode 100644
index 000000000..ef3930dfb
--- /dev/null
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/path.go
@@ -0,0 +1,107 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package tfjsonpath
+
+import (
+	"fmt"
+)
+
+// Path represents exact traversal steps specifying a value inside
+// Terraform JSON data. These steps always start from a MapStep with a key
+// specifying the name of a top-level JSON object or array.
+//
+// The [terraform-json] library serves as the de facto documentation
+// for JSON format of Terraform data.
+//
+// Use the New() function to create a Path with an initial AtMapKey() step.
+// Path functionality follows a builder pattern, which allows for chaining method
+// calls to construct a full path. The available traversal steps after Path
+// creation are:
+//
+//   - AtSliceIndex(): Step into a slice at a specific 0-based index
+//   - AtMapKey(): Step into a map at a specific key
+//
+// For example, to represent the first element of a JSON array
+// underneath a "some_array" property of this JSON value:
+//
+//	   {
+//	     "some_array": [true]
+//	   }
+//
+//	 The path code would be represented by:
+//
+//		tfjsonpath.New("some_array").AtSliceIndex(0)
+//
+// [terraform-json]: (https://pkg.go.dev/github.com/hashicorp/terraform-json)
+type Path struct {
+	steps []step
+}
+
+// New creates a new path with an initial MapStep.
+func New(name string) Path {
+	return Path{
+		steps: []step{
+			MapStep(name),
+		},
+	}
+}
+
+// AtSliceIndex returns a copied Path with a new SliceStep at the end.
+func (s Path) AtSliceIndex(index int) Path {
+	newSteps := append(s.steps, SliceStep(index))
+	s.steps = newSteps
+	return s
+}
+
+// AtMapKey returns a copied Path with a new MapStep at the end.
+func (s Path) AtMapKey(key string) Path {
+	newSteps := append(s.steps, MapStep(key))
+	s.steps = newSteps
+	return s
+}
+
+// Traverse returns the element found when traversing the given
+// object using the specified Path. The object is an unmarshalled
+// JSON object representing Terraform data.
+//
+// Traverse returns an error if the value specified by the Path
+// is not found in the given object or if the given object does not
+// conform to format of Terraform JSON data.
+func Traverse(object any, attrPath Path) (any, error) {
+	_, ok := object.(map[string]any)
+
+	if !ok {
+		return nil, fmt.Errorf("cannot convert given object to map[string]any")
+	}
+
+	result := object
+
+	for _, step := range attrPath.steps {
+		switch s := step.(type) {
+		case MapStep:
+			mapObj, ok := result.(map[string]any)
+			if !ok {
+				return nil, fmt.Errorf("path not found: cannot convert object at MapStep %s to map[string]any", string(s))
+			}
+			result, ok = mapObj[string(s)]
+			if !ok {
+				return nil, fmt.Errorf("path not found: specified key %s not found in map", string(s))
+			}
+
+		case SliceStep:
+			sliceObj, ok := result.([]any)
+			if !ok {
+				return nil, fmt.Errorf("path not found: cannot convert object at SliceStep %d to []any", s)
+			}
+
+			if int(s) >= len(sliceObj) {
+				return nil, fmt.Errorf("path not found: SliceStep index %d is out of range with slice length %d", s, len(sliceObj))
+			}
+
+			result = sliceObj[s]
+		}
+	}
+
+	return result, nil
+}
diff --git a/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/step.go b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/step.go
new file mode 100644
index 000000000..7b6813d60
--- /dev/null
+++ b/vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/step.go
@@ -0,0 +1,14 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package tfjsonpath
+
+// step represents a traversal type indicating the underlying Go type
+// representation for a Terraform JSON value.
+type step interface{}
+
+// MapStep represents a traversal for map[string]any
+type MapStep string
+
+// SliceStep represents a traversal for []any
+type SliceStep int
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
index 0ef1d747a..4ffd88c5b 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
@@ -51,8 +51,7 @@ type Device struct {
 	LcmIDleTimeout              int                               `json:"lcm_idle_timeout,omitempty"` // [1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-5][0-9][0-9]|3600
 	LcmIDleTimeoutOverride      bool                              `json:"lcm_idle_timeout_override,omitempty"`
 	LcmNightModeBegins          string                            `json:"lcm_night_mode_begins,omitempty"` // (^$)|(^(0[1-9])|(1[0-9])|(2[0-3])):([0-5][0-9]$)
-	LcmNightModeEnabled         bool                              `json:"lcm_night_mode_enabled,omitempty"`
-	LcmNightModeEnds            string                            `json:"lcm_night_mode_ends,omitempty"` // (^$)|(^(0[1-9])|(1[0-9])|(2[0-3])):([0-5][0-9]$)
+	LcmNightModeEnds            string                            `json:"lcm_night_mode_ends,omitempty"`   // (^$)|(^(0[1-9])|(1[0-9])|(2[0-3])):([0-5][0-9]$)
 	LcmSettingsRestrictedAccess bool                              `json:"lcm_settings_restricted_access,omitempty"`
 	LcmTrackerEnabled           bool                              `json:"lcm_tracker_enabled,omitempty"`
 	LcmTrackerSeed              string                            `json:"lcm_tracker_seed,omitempty"`              // .{0,50}
@@ -238,40 +237,46 @@ func (dst *DeviceOutletOverrides) UnmarshalJSON(b []byte) error {
 }
 
 type DevicePortOverrides struct {
-	AggregateNumPorts            int      `json:"aggregate_num_ports,omitempty"` // [2-8]
-	Autoneg                      bool     `json:"autoneg,omitempty"`
-	Dot1XCtrl                    string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
-	Dot1XIDleTimeout             int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
-	EgressRateLimitKbps          int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
-	EgressRateLimitKbpsEnabled   bool     `json:"egress_rate_limit_kbps_enabled,omitempty"`
-	FullDuplex                   bool     `json:"full_duplex,omitempty"`
-	Isolation                    bool     `json:"isolation,omitempty"`
-	LldpmedEnabled               bool     `json:"lldpmed_enabled,omitempty"`
-	LldpmedNotifyEnabled         bool     `json:"lldpmed_notify_enabled,omitempty"`
-	MirrorPortIDX                int      `json:"mirror_port_idx,omitempty"` // [1-9]|[1-4][0-9]|5[0-2]
-	Name                         string   `json:"name,omitempty"`            // .{0,128}
-	OpMode                       string   `json:"op_mode,omitempty"`         // switch|mirror|aggregate
-	PoeMode                      string   `json:"poe_mode,omitempty"`        // auto|pasv24|passthrough|off
-	PortIDX                      int      `json:"port_idx,omitempty"`        // [1-9]|[1-4][0-9]|5[0-2]
-	PortProfileID                string   `json:"portconf_id,omitempty"`     // [\d\w]+
-	PortSecurityEnabled          bool     `json:"port_security_enabled,omitempty"`
-	PortSecurityMACAddress       []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
-	PriorityQueue1Level          int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue2Level          int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue3Level          int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue4Level          int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	Speed                        int      `json:"speed,omitempty"`                     // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
-	StormctrlBroadcastastEnabled bool     `json:"stormctrl_bcast_enabled,omitempty"`
-	StormctrlBroadcastastLevel   int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlBroadcastastRate    int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlMcastEnabled        bool     `json:"stormctrl_mcast_enabled,omitempty"`
-	StormctrlMcastLevel          int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlMcastRate           int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlType                string   `json:"stormctrl_type,omitempty"`        // level|rate
-	StormctrlUcastEnabled        bool     `json:"stormctrl_ucast_enabled,omitempty"`
-	StormctrlUcastLevel          int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlUcastRate           int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StpPortMode                  bool     `json:"stp_port_mode,omitempty"`
+	AggregateNumPorts                 int      `json:"aggregate_num_ports,omitempty"` // [2-8]
+	Autoneg                           bool     `json:"autoneg,omitempty"`
+	Dot1XCtrl                         string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
+	Dot1XIDleTimeout                  int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
+	EgressRateLimitKbps               int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
+	EgressRateLimitKbpsEnabled        bool     `json:"egress_rate_limit_kbps_enabled,omitempty"`
+	ExcludedNetworkIDs                []string `json:"excluded_networkconf_ids,omitempty"`
+	Forward                           string   `json:"forward,omitempty"` // all|native|customize|disabled
+	FullDuplex                        bool     `json:"full_duplex,omitempty"`
+	Isolation                         bool     `json:"isolation,omitempty"`
+	LldpmedEnabled                    bool     `json:"lldpmed_enabled,omitempty"`
+	LldpmedNotifyEnabled              bool     `json:"lldpmed_notify_enabled,omitempty"`
+	MirrorPortIDX                     int      `json:"mirror_port_idx,omitempty"` // [1-9]|[1-4][0-9]|5[0-2]
+	NATiveNetworkID                   string   `json:"native_networkconf_id,omitempty"`
+	Name                              string   `json:"name,omitempty"`        // .{0,128}
+	OpMode                            string   `json:"op_mode,omitempty"`     // switch|mirror|aggregate
+	PoeMode                           string   `json:"poe_mode,omitempty"`    // auto|pasv24|passthrough|off
+	PortIDX                           int      `json:"port_idx,omitempty"`    // [1-9]|[1-4][0-9]|5[0-2]
+	PortProfileID                     string   `json:"portconf_id,omitempty"` // [\d\w]+
+	PortSecurityEnabled               bool     `json:"port_security_enabled,omitempty"`
+	PortSecurityMACAddress            []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
+	PriorityQueue1Level               int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue2Level               int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue3Level               int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue4Level               int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	SettingPreference                 string   `json:"setting_preference,omitempty"`        // auto|manual
+	ShowTrafficRestrictionAsAllowlist bool     `json:"show_traffic_restriction_as_allowlist,omitempty"`
+	Speed                             int      `json:"speed,omitempty"` // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
+	StormctrlBroadcastastEnabled      bool     `json:"stormctrl_bcast_enabled,omitempty"`
+	StormctrlBroadcastastLevel        int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlBroadcastastRate         int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlMcastEnabled             bool     `json:"stormctrl_mcast_enabled,omitempty"`
+	StormctrlMcastLevel               int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlMcastRate                int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlType                     string   `json:"stormctrl_type,omitempty"`        // level|rate
+	StormctrlUcastEnabled             bool     `json:"stormctrl_ucast_enabled,omitempty"`
+	StormctrlUcastLevel               int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlUcastRate                int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StpPortMode                       bool     `json:"stp_port_mode,omitempty"`
+	VoiceNetworkID                    string   `json:"voice_networkconf_id,omitempty"`
 }
 
 func (dst *DevicePortOverrides) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
index 3774ec91c..3774c62ac 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
@@ -26,7 +26,6 @@ type Network struct {
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
 	AutoScaleEnabled             bool                            `json:"auto_scale_enabled"`
-	ClientMACList                []string                        `json:"client_mac_list,omitempty"` // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
 	DHCPDBootEnabled             bool                            `json:"dhcpd_boot_enabled"`
 	DHCPDBootFilename            string                          `json:"dhcpd_boot_filename,omitempty"` // .{1,256}
 	DHCPDBootServer              string                          `json:"dhcpd_boot_server"`             // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$|(?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|[a-zA-Z0-9-]{1,63}|^$
@@ -80,13 +79,15 @@ type Network struct {
 	IGMPGroupmembership          int                             `json:"igmp_groupmembership,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
 	IGMPMaxresponse              int                             `json:"igmp_maxresponse,omitempty"`     // [1-9]|1[0-9]|2[0-5]|^$
 	IGMPMcrtrexpiretime          int                             `json:"igmp_mcrtrexpiretime,omitempty"` // [0-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
-	IGMPQuerier                  string                          `json:"igmp_querier"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	IGMPProxyDownstream          bool                            `json:"igmp_proxy_downstream"`
+	IGMPProxyUpstream            bool                            `json:"igmp_proxy_upstream"`
+	IGMPQuerier                  string                          `json:"igmp_querier"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
 	IGMPSnooping                 bool                            `json:"igmp_snooping"`
 	IGMPSupression               bool                            `json:"igmp_supression"`
 	IPSecDhGroup                 int                             `json:"ipsec_dh_group,omitempty"` // 2|5|14|15|16|19|20|21|25|26
 	IPSecDynamicRouting          bool                            `json:"ipsec_dynamic_routing"`
 	IPSecEncryption              string                          `json:"ipsec_encryption,omitempty"`   // aes128|aes192|aes256|3des
-	IPSecEspDhGroup              int                             `json:"ipsec_esp_dh_group,omitempty"` // 1|2|5|14|15|16|17|18
+	IPSecEspDhGroup              int                             `json:"ipsec_esp_dh_group,omitempty"` // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
 	IPSecHash                    string                          `json:"ipsec_hash,omitempty"`         // sha1|md5|sha256|sha384|sha512
 	IPSecIkeDhGroup              int                             `json:"ipsec_ike_dh_group,omitempty"` // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
 	IPSecInterface               string                          `json:"ipsec_interface,omitempty"`    // wan|wan2
@@ -107,8 +108,6 @@ type Network struct {
 	IPV6RaValidLifetime          int                             `json:"ipv6_ra_valid_lifetime,omitempty"`     // ^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[12][0-9]{7}|30[0-9]{6}|31[0-4][0-9]{5}|315[0-2][0-9]{4}|3153[0-5][0-9]{3}|31536000)$|^$
 	IPV6Subnet                   string                          `json:"ipv6_subnet,omitempty"`
 	InternetAccessEnabled        bool                            `json:"internet_access_enabled"`
-	IntraNetworkAccessEnabled    bool                            `json:"intra_network_access_enabled"`
-	IntraNetworks                []string                        `json:"intra_networks,omitempty"` // [\d\w]+
 	IsNAT                        bool                            `json:"is_nat"`
 	L2TpAllowWeakCiphers         bool                            `json:"l2tp_allow_weak_ciphers"`
 	L2TpInterface                string                          `json:"l2tp_interface,omitempty"`    // wan|wan2
@@ -121,10 +120,13 @@ type Network struct {
 	NATOutboundIPAddresses       []NetworkNATOutboundIPAddresses `json:"nat_outbound_ip_addresses,omitempty"`
 	Name                         string                          `json:"name,omitempty"`         // .{1,128}
 	NetworkGroup                 string                          `json:"networkgroup,omitempty"` // LAN[2-8]?
+	NetworkIsolationEnabled      bool                            `json:"network_isolation_enabled"`
 	OpenVPNConfiguration         string                          `json:"openvpn_configuration,omitempty"`
 	OpenVPNConfigurationFilename string                          `json:"openvpn_configuration_filename,omitempty"`
+	OpenVPNInterface             string                          `json:"openvpn_interface,omitempty"`      // wan|wan2
 	OpenVPNLocalAddress          string                          `json:"openvpn_local_address,omitempty"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
 	OpenVPNLocalPort             int                             `json:"openvpn_local_port,omitempty"`     // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	OpenVPNLocalWANIP            string                          `json:"openvpn_local_wan_ip,omitempty"`   // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
 	OpenVPNMode                  string                          `json:"openvpn_mode,omitempty"`           // site-to-site|client|server
 	OpenVPNRemoteAddress         string                          `json:"openvpn_remote_address,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
 	OpenVPNRemoteHost            string                          `json:"openvpn_remote_host,omitempty"`    // [^\"\' ]+|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
@@ -150,10 +152,12 @@ type Network struct {
 	VLANEnabled                  bool                            `json:"vlan_enabled"`
 	VPNClientDefaultRoute        bool                            `json:"vpn_client_default_route"`
 	VPNClientPullDNS             bool                            `json:"vpn_client_pull_dns"`
-	VPNType                      string                          `json:"vpn_type,omitempty"`           // auto|ipsec-vpn|openvpn-client|openvpn-vpn|pptp-client|l2tp-server|pptp-server|uid-server|wireguard-server
+	VPNProtocol                  string                          `json:"vpn_protocol,omitempty"`       // tcp|udp
+	VPNType                      string                          `json:"vpn_type,omitempty"`           // auto|ipsec-vpn|openvpn-client|openvpn-server|openvpn-vpn|pptp-client|l2tp-server|pptp-server|uid-server|wireguard-server
 	VrrpIPSubnetGw1              string                          `json:"vrrp_ip_subnet_gw1,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
 	VrrpIPSubnetGw2              string                          `json:"vrrp_ip_subnet_gw2,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
 	VrrpVrid                     int                             `json:"vrrp_vrid,omitempty"`          // [1-9]|[1-9][0-9]
+	WANDHCPCos                   int                             `json:"wan_dhcp_cos,omitempty"`       // [0-7]|^$
 	WANDHCPOptions               []NetworkWANDHCPOptions         `json:"wan_dhcp_options,omitempty"`
 	WANDHCPv6PDSize              int                             `json:"wan_dhcpv6_pd_size,omitempty"`      // ^(4[89]|5[0-9]|6[0-4])$|^$
 	WANDNS1                      string                          `json:"wan_dns1"`                          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
@@ -184,45 +188,53 @@ type Network struct {
 	WireguardInterface           string                          `json:"wireguard_interface,omitempty"`    // wan|wan2
 	WireguardLocalWANIP          string                          `json:"wireguard_local_wan_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
 	WireguardPublicKey           string                          `json:"wireguard_public_key,omitempty"`
+	XAuthKey                     string                          `json:"x_auth_key,omitempty"`
+	XCaCrt                       string                          `json:"x_ca_crt,omitempty"`
+	XCaKey                       string                          `json:"x_ca_key,omitempty"`
+	XDhKey                       string                          `json:"x_dh_key,omitempty"`
 	XIPSecPreSharedKey           string                          `json:"x_ipsec_pre_shared_key,omitempty"` // [^\"\' ]+
 	XOpenVPNPassword             string                          `json:"x_openvpn_password,omitempty"`
 	XOpenVPNSharedSecretKey      string                          `json:"x_openvpn_shared_secret_key,omitempty"` // [0-9A-Fa-f]{512}
 	XPptpcPassword               string                          `json:"x_pptpc_password,omitempty"`            // [^\"\' ]+
-	XWANPassword                 string                          `json:"x_wan_password,omitempty"`              // [^"' ]+
+	XServerCrt                   string                          `json:"x_server_crt,omitempty"`
+	XServerKey                   string                          `json:"x_server_key,omitempty"`
+	XSharedClientCrt             string                          `json:"x_shared_client_crt,omitempty"`
+	XSharedClientKey             string                          `json:"x_shared_client_key,omitempty"`
+	XWANPassword                 string                          `json:"x_wan_password,omitempty"` // [^"' ]+
 	XWireguardPrivateKey         string                          `json:"x_wireguard_private_key,omitempty"`
 }
 
 func (dst *Network) UnmarshalJSON(b []byte) error {
 	type Alias Network
 	aux := &struct {
-		DHCPDLeaseTime            emptyStringInt `json:"dhcpd_leasetime"`
-		DHCPDTimeOffset           emptyStringInt `json:"dhcpd_time_offset"`
-		DHCPDV6LeaseTime          emptyStringInt `json:"dhcpdv6_leasetime"`
-		IGMPGroupmembership       emptyStringInt `json:"igmp_groupmembership"`
-		IGMPMaxresponse           emptyStringInt `json:"igmp_maxresponse"`
-		IGMPMcrtrexpiretime       emptyStringInt `json:"igmp_mcrtrexpiretime"`
-		IPSecDhGroup              emptyStringInt `json:"ipsec_dh_group"`
-		IPSecEspDhGroup           emptyStringInt `json:"ipsec_esp_dh_group"`
-		IPSecIkeDhGroup           emptyStringInt `json:"ipsec_ike_dh_group"`
-		IPV6RaPreferredLifetime   emptyStringInt `json:"ipv6_ra_preferred_lifetime"`
-		IPV6RaValidLifetime       emptyStringInt `json:"ipv6_ra_valid_lifetime"`
-		InternetAccessEnabled     *bool          `json:"internet_access_enabled"`
-		IntraNetworkAccessEnabled *bool          `json:"intra_network_access_enabled"`
-		LocalPort                 emptyStringInt `json:"local_port"`
-		OpenVPNLocalPort          emptyStringInt `json:"openvpn_local_port"`
-		OpenVPNRemotePort         emptyStringInt `json:"openvpn_remote_port"`
-		PptpcRouteDistance        emptyStringInt `json:"pptpc_route_distance"`
-		Priority                  emptyStringInt `json:"priority"`
-		RouteDistance             emptyStringInt `json:"route_distance"`
-		VLAN                      emptyStringInt `json:"vlan"`
-		VrrpVrid                  emptyStringInt `json:"vrrp_vrid"`
-		WANDHCPv6PDSize           emptyStringInt `json:"wan_dhcpv6_pd_size"`
-		WANEgressQOS              emptyStringInt `json:"wan_egress_qos"`
-		WANLoadBalanceWeight      emptyStringInt `json:"wan_load_balance_weight"`
-		WANPrefixlen              emptyStringInt `json:"wan_prefixlen"`
-		WANSmartqDownRate         emptyStringInt `json:"wan_smartq_down_rate"`
-		WANSmartqUpRate           emptyStringInt `json:"wan_smartq_up_rate"`
-		WANVLAN                   emptyStringInt `json:"wan_vlan"`
+		DHCPDLeaseTime          emptyStringInt `json:"dhcpd_leasetime"`
+		DHCPDTimeOffset         emptyStringInt `json:"dhcpd_time_offset"`
+		DHCPDV6LeaseTime        emptyStringInt `json:"dhcpdv6_leasetime"`
+		IGMPGroupmembership     emptyStringInt `json:"igmp_groupmembership"`
+		IGMPMaxresponse         emptyStringInt `json:"igmp_maxresponse"`
+		IGMPMcrtrexpiretime     emptyStringInt `json:"igmp_mcrtrexpiretime"`
+		IPSecDhGroup            emptyStringInt `json:"ipsec_dh_group"`
+		IPSecEspDhGroup         emptyStringInt `json:"ipsec_esp_dh_group"`
+		IPSecIkeDhGroup         emptyStringInt `json:"ipsec_ike_dh_group"`
+		IPV6RaPreferredLifetime emptyStringInt `json:"ipv6_ra_preferred_lifetime"`
+		IPV6RaValidLifetime     emptyStringInt `json:"ipv6_ra_valid_lifetime"`
+		InternetAccessEnabled   *bool          `json:"internet_access_enabled"`
+		LocalPort               emptyStringInt `json:"local_port"`
+		OpenVPNLocalPort        emptyStringInt `json:"openvpn_local_port"`
+		OpenVPNRemotePort       emptyStringInt `json:"openvpn_remote_port"`
+		PptpcRouteDistance      emptyStringInt `json:"pptpc_route_distance"`
+		Priority                emptyStringInt `json:"priority"`
+		RouteDistance           emptyStringInt `json:"route_distance"`
+		VLAN                    emptyStringInt `json:"vlan"`
+		VrrpVrid                emptyStringInt `json:"vrrp_vrid"`
+		WANDHCPCos              emptyStringInt `json:"wan_dhcp_cos"`
+		WANDHCPv6PDSize         emptyStringInt `json:"wan_dhcpv6_pd_size"`
+		WANEgressQOS            emptyStringInt `json:"wan_egress_qos"`
+		WANLoadBalanceWeight    emptyStringInt `json:"wan_load_balance_weight"`
+		WANPrefixlen            emptyStringInt `json:"wan_prefixlen"`
+		WANSmartqDownRate       emptyStringInt `json:"wan_smartq_down_rate"`
+		WANSmartqUpRate         emptyStringInt `json:"wan_smartq_up_rate"`
+		WANVLAN                 emptyStringInt `json:"wan_vlan"`
 
 		*Alias
 	}{
@@ -245,7 +257,6 @@ func (dst *Network) UnmarshalJSON(b []byte) error {
 	dst.IPV6RaPreferredLifetime = int(aux.IPV6RaPreferredLifetime)
 	dst.IPV6RaValidLifetime = int(aux.IPV6RaValidLifetime)
 	dst.InternetAccessEnabled = emptyBoolToTrue(aux.InternetAccessEnabled)
-	dst.IntraNetworkAccessEnabled = emptyBoolToTrue(aux.IntraNetworkAccessEnabled)
 	dst.LocalPort = int(aux.LocalPort)
 	dst.OpenVPNLocalPort = int(aux.OpenVPNLocalPort)
 	dst.OpenVPNRemotePort = int(aux.OpenVPNRemotePort)
@@ -254,6 +265,7 @@ func (dst *Network) UnmarshalJSON(b []byte) error {
 	dst.RouteDistance = int(aux.RouteDistance)
 	dst.VLAN = int(aux.VLAN)
 	dst.VrrpVrid = int(aux.VrrpVrid)
+	dst.WANDHCPCos = int(aux.WANDHCPCos)
 	dst.WANDHCPv6PDSize = int(aux.WANDHCPv6PDSize)
 	dst.WANEgressQOS = int(aux.WANEgressQOS)
 	dst.WANLoadBalanceWeight = int(aux.WANLoadBalanceWeight)
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
index cec087b0a..e2c07d5d2 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
@@ -25,41 +25,42 @@ type PortProfile struct {
 	NoDelete bool   `json:"attr_no_delete,omitempty"`
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
-	Autoneg                      bool     `json:"autoneg"`
-	Dot1XCtrl                    string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
-	Dot1XIDleTimeout             int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
-	EgressRateLimitKbps          int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
-	EgressRateLimitKbpsEnabled   bool     `json:"egress_rate_limit_kbps_enabled"`
-	Forward                      string   `json:"forward,omitempty"` // all|native|customize|disabled
-	FullDuplex                   bool     `json:"full_duplex"`
-	Isolation                    bool     `json:"isolation"`
-	LldpmedEnabled               bool     `json:"lldpmed_enabled"`
-	LldpmedNotifyEnabled         bool     `json:"lldpmed_notify_enabled"`
-	NATiveNetworkID              string   `json:"native_networkconf_id"`
-	Name                         string   `json:"name,omitempty"`
-	OpMode                       string   `json:"op_mode,omitempty"`  // switch
-	PoeMode                      string   `json:"poe_mode,omitempty"` // auto|pasv24|passthrough|off
-	PortSecurityEnabled          bool     `json:"port_security_enabled"`
-	PortSecurityMACAddress       []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
-	PriorityQueue1Level          int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue2Level          int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue3Level          int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue4Level          int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	SettingPreference            string   `json:"setting_preference,omitempty"`        // auto|manual
-	Speed                        int      `json:"speed,omitempty"`                     // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
-	StormctrlBroadcastastEnabled bool     `json:"stormctrl_bcast_enabled"`
-	StormctrlBroadcastastLevel   int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlBroadcastastRate    int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlMcastEnabled        bool     `json:"stormctrl_mcast_enabled"`
-	StormctrlMcastLevel          int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlMcastRate           int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlType                string   `json:"stormctrl_type,omitempty"`        // level|rate
-	StormctrlUcastEnabled        bool     `json:"stormctrl_ucast_enabled"`
-	StormctrlUcastLevel          int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlUcastRate           int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StpPortMode                  bool     `json:"stp_port_mode"`
-	TaggedNetworkIDs             []string `json:"tagged_networkconf_ids,omitempty"`
-	VoiceNetworkID               string   `json:"voice_networkconf_id"`
+	Autoneg                           bool     `json:"autoneg"`
+	Dot1XCtrl                         string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
+	Dot1XIDleTimeout                  int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
+	EgressRateLimitKbps               int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
+	EgressRateLimitKbpsEnabled        bool     `json:"egress_rate_limit_kbps_enabled"`
+	ExcludedNetworkIDs                []string `json:"excluded_networkconf_ids,omitempty"`
+	Forward                           string   `json:"forward,omitempty"` // all|native|customize|disabled
+	FullDuplex                        bool     `json:"full_duplex"`
+	Isolation                         bool     `json:"isolation"`
+	LldpmedEnabled                    bool     `json:"lldpmed_enabled"`
+	LldpmedNotifyEnabled              bool     `json:"lldpmed_notify_enabled"`
+	NATiveNetworkID                   string   `json:"native_networkconf_id"`
+	Name                              string   `json:"name,omitempty"`
+	OpMode                            string   `json:"op_mode,omitempty"`  // switch
+	PoeMode                           string   `json:"poe_mode,omitempty"` // auto|off
+	PortSecurityEnabled               bool     `json:"port_security_enabled"`
+	PortSecurityMACAddress            []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
+	PriorityQueue1Level               int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue2Level               int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue3Level               int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue4Level               int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	SettingPreference                 string   `json:"setting_preference,omitempty"`        // auto|manual
+	ShowTrafficRestrictionAsAllowlist bool     `json:"show_traffic_restriction_as_allowlist"`
+	Speed                             int      `json:"speed,omitempty"` // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
+	StormctrlBroadcastastEnabled      bool     `json:"stormctrl_bcast_enabled"`
+	StormctrlBroadcastastLevel        int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlBroadcastastRate         int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlMcastEnabled             bool     `json:"stormctrl_mcast_enabled"`
+	StormctrlMcastLevel               int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlMcastRate                int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlType                     string   `json:"stormctrl_type,omitempty"`        // level|rate
+	StormctrlUcastEnabled             bool     `json:"stormctrl_ucast_enabled"`
+	StormctrlUcastLevel               int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlUcastRate                int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StpPortMode                       bool     `json:"stp_port_mode"`
+	VoiceNetworkID                    string   `json:"voice_networkconf_id"`
 }
 
 func (dst *PortProfile) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/schedule_task.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/schedule_task.generated.go
index 5e2e2615f..e9230a3ec 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/schedule_task.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/schedule_task.generated.go
@@ -25,16 +25,11 @@ type ScheduleTask struct {
 	NoDelete bool   `json:"attr_no_delete,omitempty"`
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
-	Action                  string                       `json:"action,omitempty"` // stream|upgrade
-	AdditionalSoundsEnabled bool                         `json:"additional_sounds_enabled"`
-	BroadcastgroupID        string                       `json:"broadcastgroup_id"`
-	CronExpr                string                       `json:"cron_expr,omitempty"`
-	ExecuteOnlyOnce         bool                         `json:"execute_only_once"`
-	MediafileID             string                       `json:"mediafile_id"`
-	Name                    string                       `json:"name,omitempty"`
-	SampleFilename          string                       `json:"sample_filename,omitempty"`
-	StreamType              string                       `json:"stream_type,omitempty"` // media|sample
-	UpgradeTargets          []ScheduleTaskUpgradeTargets `json:"upgrade_targets,omitempty"`
+	Action          string                       `json:"action,omitempty"` // upgrade
+	CronExpr        string                       `json:"cron_expr,omitempty"`
+	ExecuteOnlyOnce bool                         `json:"execute_only_once"`
+	Name            string                       `json:"name,omitempty"`
+	UpgradeTargets  []ScheduleTaskUpgradeTargets `json:"upgrade_targets,omitempty"`
 }
 
 func (dst *ScheduleTask) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
index b92679855..a6a6bcfbb 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
@@ -29,8 +29,7 @@ type SettingGuestAccess struct {
 
 	AllowedSubnet                          string   `json:"allowed_subnet_,omitempty"`
 	Auth                                   string   `json:"auth,omitempty"` // none|hotspot|facebook_wifi|custom
-	AuthorizeUseSandbox                    bool     `json:"authorize_use_sandbox"`
-	CustomIP                               string   `json:"custom_ip"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	CustomIP                               string   `json:"custom_ip"`      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
 	EcEnabled                              bool     `json:"ec_enabled"`
 	Expire                                 string   `json:"expire,omitempty"`        // [\d]+|custom
 	ExpireNumber                           int      `json:"expire_number,omitempty"` // ^[1-9][0-9]{0,5}|1000000$
@@ -41,31 +40,35 @@ type SettingGuestAccess struct {
 	FacebookWifiBlockHttps                 bool     `json:"facebook_wifi_block_https"`
 	FacebookWifiGwID                       string   `json:"facebook_wifi_gw_id"`
 	FacebookWifiGwName                     string   `json:"facebook_wifi_gw_name,omitempty"`
-	Gateway                                string   `json:"gateway,omitempty"` // paypal|stripe|authorize|quickpay|merchantwarrior|ippay
+	Gateway                                string   `json:"gateway,omitempty"` // stripe
 	GoogleClientID                         string   `json:"google_client_id"`
 	GoogleDomain                           string   `json:"google_domain,omitempty"`
 	GoogleEnabled                          bool     `json:"google_enabled"`
 	GoogleScopeEmail                       bool     `json:"google_scope_email"`
-	IPpayUseSandbox                        bool     `json:"ippay_use_sandbox"`
-	MerchantwarriorUseSandbox              bool     `json:"merchantwarrior_use_sandbox"`
 	PasswordEnabled                        bool     `json:"password_enabled"`
 	PaymentEnabled                         bool     `json:"payment_enabled"`
-	PaypalUseSandbox                       bool     `json:"paypal_use_sandbox"`
 	PortalCustomized                       bool     `json:"portal_customized"`
+	PortalCustomizedAuthenticationText     string   `json:"portal_customized_authentication_text,omitempty"`
 	PortalCustomizedBgColor                string   `json:"portal_customized_bg_color"` // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedBgImageEnabled         bool     `json:"portal_customized_bg_image_enabled"`
 	PortalCustomizedBgImageFilename        string   `json:"portal_customized_bg_image_filename,omitempty"`
 	PortalCustomizedBgImageTile            bool     `json:"portal_customized_bg_image_tile"`
+	PortalCustomizedBgType                 string   `json:"portal_customized_bg_type,omitempty"`     // color|image|gallery
 	PortalCustomizedBoxColor               string   `json:"portal_customized_box_color"`             // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedBoxLinkColor           string   `json:"portal_customized_box_link_color"`        // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedBoxOpacity             int      `json:"portal_customized_box_opacity,omitempty"` // ^[1-9][0-9]?$|^100$|^$
+	PortalCustomizedBoxRADIUS              int      `json:"portal_customized_box_radius,omitempty"`  // [0-9]|[1-4][0-9]|50
 	PortalCustomizedBoxTextColor           string   `json:"portal_customized_box_text_color"`        // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedButtonColor            string   `json:"portal_customized_button_color"`          // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
-	PortalCustomizedButtonTextColor        string   `json:"portal_customized_button_text_color"`     // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
-	PortalCustomizedLanguages              []string `json:"portal_customized_languages,omitempty"`   // ^[a-z]{2}(_[A-Z]{2})*$
-	PortalCustomizedLinkColor              string   `json:"portal_customized_link_color"`            // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
+	PortalCustomizedButtonText             string   `json:"portal_customized_button_text,omitempty"`
+	PortalCustomizedButtonTextColor        string   `json:"portal_customized_button_text_color"`   // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
+	PortalCustomizedLanguages              []string `json:"portal_customized_languages,omitempty"` // ^[a-z]{2}([_-][a-zA-Z]{2,4})*$
+	PortalCustomizedLinkColor              string   `json:"portal_customized_link_color"`          // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedLogoEnabled            bool     `json:"portal_customized_logo_enabled"`
 	PortalCustomizedLogoFilename           string   `json:"portal_customized_logo_filename,omitempty"`
+	PortalCustomizedLogoPosition           string   `json:"portal_customized_logo_position,omitempty"` // left|center|right
+	PortalCustomizedLogoSize               int      `json:"portal_customized_logo_size,omitempty"`     // 6[4-9]|[7-9][0-9]|1[0-8][0-9]|19[0-2]
+	PortalCustomizedSuccessText            string   `json:"portal_customized_success_text,omitempty"`
 	PortalCustomizedTextColor              string   `json:"portal_customized_text_color"` // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
 	PortalCustomizedTitle                  string   `json:"portal_customized_title,omitempty"`
 	PortalCustomizedTos                    string   `json:"portal_customized_tos,omitempty"`
@@ -78,7 +81,6 @@ type SettingGuestAccess struct {
 	PortalEnabled                          bool     `json:"portal_enabled"`
 	PortalHostname                         string   `json:"portal_hostname"` // ^[a-zA-Z0-9.-]+$|^$
 	PortalUseHostname                      bool     `json:"portal_use_hostname"`
-	QuickpayTestmode                       bool     `json:"quickpay_testmode"`
 	RADIUSAuthType                         string   `json:"radius_auth_type,omitempty"` // chap|mschapv2
 	RADIUSDisconnectEnabled                bool     `json:"radius_disconnect_enabled"`
 	RADIUSDisconnectPort                   int      `json:"radius_disconnect_port,omitempty"` // [1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5]
@@ -91,29 +93,16 @@ type SettingGuestAccess struct {
 	RestrictedDNSEnabled                   bool     `json:"restricted_dns_enabled"`
 	RestrictedDNSServers                   []string `json:"restricted_dns_servers,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
 	RestrictedSubnet                       string   `json:"restricted_subnet_,omitempty"`
-	SettingPreference                      string   `json:"setting_preference,omitempty"` // auto|manual
-	TemplateEngine                         string   `json:"template_engine,omitempty"`    // jsp|angular
+	TemplateEngine                         string   `json:"template_engine,omitempty"` // jsp|angular
 	VoucherCustomized                      bool     `json:"voucher_customized"`
 	VoucherEnabled                         bool     `json:"voucher_enabled"`
 	WechatAppID                            string   `json:"wechat_app_id"`
 	WechatEnabled                          bool     `json:"wechat_enabled"`
 	WechatShopID                           string   `json:"wechat_shop_id"`
-	XAuthorizeLoginid                      string   `json:"x_authorize_loginid,omitempty"`
-	XAuthorizeTransactionkey               string   `json:"x_authorize_transactionkey,omitempty"`
 	XFacebookAppSecret                     string   `json:"x_facebook_app_secret,omitempty"`
 	XFacebookWifiGwSecret                  string   `json:"x_facebook_wifi_gw_secret,omitempty"`
 	XGoogleClientSecret                    string   `json:"x_google_client_secret,omitempty"`
-	XIPpayTerminalid                       string   `json:"x_ippay_terminalid,omitempty"`
-	XMerchantwarriorApikey                 string   `json:"x_merchantwarrior_apikey,omitempty"`
-	XMerchantwarriorApipassphrase          string   `json:"x_merchantwarrior_apipassphrase,omitempty"`
-	XMerchantwarriorMerchantuuid           string   `json:"x_merchantwarrior_merchantuuid,omitempty"`
 	XPassword                              string   `json:"x_password,omitempty"`
-	XPaypalPassword                        string   `json:"x_paypal_password,omitempty"`
-	XPaypalSignature                       string   `json:"x_paypal_signature,omitempty"`
-	XPaypalUsername                        string   `json:"x_paypal_username,omitempty"`
-	XQuickpayAgreementid                   string   `json:"x_quickpay_agreementid,omitempty"`
-	XQuickpayApikey                        string   `json:"x_quickpay_apikey,omitempty"`
-	XQuickpayMerchantid                    string   `json:"x_quickpay_merchantid,omitempty"`
 	XStripeApiKey                          string   `json:"x_stripe_api_key,omitempty"`
 	XWechatAppSecret                       string   `json:"x_wechat_app_secret,omitempty"`
 	XWechatSecretKey                       string   `json:"x_wechat_secret_key,omitempty"`
@@ -125,6 +114,8 @@ func (dst *SettingGuestAccess) UnmarshalJSON(b []byte) error {
 		ExpireNumber               emptyStringInt `json:"expire_number"`
 		ExpireUnit                 emptyStringInt `json:"expire_unit"`
 		PortalCustomizedBoxOpacity emptyStringInt `json:"portal_customized_box_opacity"`
+		PortalCustomizedBoxRADIUS  emptyStringInt `json:"portal_customized_box_radius"`
+		PortalCustomizedLogoSize   emptyStringInt `json:"portal_customized_logo_size"`
 		RADIUSDisconnectPort       emptyStringInt `json:"radius_disconnect_port"`
 
 		*Alias
@@ -139,6 +130,8 @@ func (dst *SettingGuestAccess) UnmarshalJSON(b []byte) error {
 	dst.ExpireNumber = int(aux.ExpireNumber)
 	dst.ExpireUnit = int(aux.ExpireUnit)
 	dst.PortalCustomizedBoxOpacity = int(aux.PortalCustomizedBoxOpacity)
+	dst.PortalCustomizedBoxRADIUS = int(aux.PortalCustomizedBoxRADIUS)
+	dst.PortalCustomizedLogoSize = int(aux.PortalCustomizedLogoSize)
 	dst.RADIUSDisconnectPort = int(aux.RADIUSDisconnectPort)
 
 	return nil
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_magic_site_to_site_vpn.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_magic_site_to_site_vpn.generated.go
new file mode 100644
index 000000000..4a744da4d
--- /dev/null
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_magic_site_to_site_vpn.generated.go
@@ -0,0 +1,87 @@
+// Code generated from ace.jar fields *.json files
+// DO NOT EDIT.
+
+package unifi
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+// just to fix compile issues with the import
+var (
+	_ context.Context
+	_ fmt.Formatter
+	_ json.Marshaler
+)
+
+type SettingMagicSiteToSiteVpn struct {
+	ID     string `json:"_id,omitempty"`
+	SiteID string `json:"site_id,omitempty"`
+
+	Hidden   bool   `json:"attr_hidden,omitempty"`
+	HiddenID string `json:"attr_hidden_id,omitempty"`
+	NoDelete bool   `json:"attr_no_delete,omitempty"`
+	NoEdit   bool   `json:"attr_no_edit,omitempty"`
+
+	Key string `json:"key"`
+
+	Enabled bool `json:"enabled"`
+}
+
+func (dst *SettingMagicSiteToSiteVpn) UnmarshalJSON(b []byte) error {
+	type Alias SettingMagicSiteToSiteVpn
+	aux := &struct {
+		*Alias
+	}{
+		Alias: (*Alias)(dst),
+	}
+
+	err := json.Unmarshal(b, &aux)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal alias: %w", err)
+	}
+
+	return nil
+}
+
+func (c *Client) getSettingMagicSiteToSiteVpn(ctx context.Context, site string) (*SettingMagicSiteToSiteVpn, error) {
+	var respBody struct {
+		Meta meta                        `json:"meta"`
+		Data []SettingMagicSiteToSiteVpn `json:"data"`
+	}
+
+	err := c.do(ctx, "GET", fmt.Sprintf("s/%s/get/setting/magic_site_to_site_vpn", site), nil, &respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respBody.Data) != 1 {
+		return nil, &NotFoundError{}
+	}
+
+	d := respBody.Data[0]
+	return &d, nil
+}
+
+func (c *Client) updateSettingMagicSiteToSiteVpn(ctx context.Context, site string, d *SettingMagicSiteToSiteVpn) (*SettingMagicSiteToSiteVpn, error) {
+	var respBody struct {
+		Meta meta                        `json:"meta"`
+		Data []SettingMagicSiteToSiteVpn `json:"data"`
+	}
+
+	d.Key = "magic_site_to_site_vpn"
+	err := c.do(ctx, "PUT", fmt.Sprintf("s/%s/set/setting/magic_site_to_site_vpn", site), d, &respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respBody.Data) != 1 {
+		return nil, &NotFoundError{}
+	}
+
+	new := respBody.Data[0]
+
+	return &new, nil
+}
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/user.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/user.generated.go
index bc8bca286..bf4cac5ab 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/user.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/user.generated.go
@@ -28,20 +28,22 @@ type User struct {
 	DevIdOverride int    `json:"dev_id_override,omitempty"` // non-generated field
 	IP            string `json:"ip,omitempty"`              // non-generated field
 
-	Blocked               bool   `json:"blocked,omitempty"`
-	FixedApEnabled        bool   `json:"fixed_ap_enabled"`
-	FixedApMAC            string `json:"fixed_ap_mac,omitempty"` // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
-	FixedIP               string `json:"fixed_ip,omitempty"`
-	Hostname              string `json:"hostname,omitempty"`
-	LastSeen              int    `json:"last_seen,omitempty"`
-	LocalDNSRecord        string `json:"local_dns_record,omitempty"`
-	LocalDNSRecordEnabled bool   `json:"local_dns_record_enabled"`
-	MAC                   string `json:"mac,omitempty"` // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
-	Name                  string `json:"name,omitempty"`
-	NetworkID             string `json:"network_id"`
-	Note                  string `json:"note,omitempty"`
-	UseFixedIP            bool   `json:"use_fixedip"`
-	UserGroupID           string `json:"usergroup_id"`
+	Blocked                       bool   `json:"blocked,omitempty"`
+	FixedApEnabled                bool   `json:"fixed_ap_enabled"`
+	FixedApMAC                    string `json:"fixed_ap_mac,omitempty"` // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
+	FixedIP                       string `json:"fixed_ip,omitempty"`
+	Hostname                      string `json:"hostname,omitempty"`
+	LastSeen                      int    `json:"last_seen,omitempty"`
+	LocalDNSRecord                string `json:"local_dns_record,omitempty"`
+	LocalDNSRecordEnabled         bool   `json:"local_dns_record_enabled"`
+	MAC                           string `json:"mac,omitempty"` // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
+	Name                          string `json:"name,omitempty"`
+	NetworkID                     string `json:"network_id"`
+	Note                          string `json:"note,omitempty"`
+	UseFixedIP                    bool   `json:"use_fixedip"`
+	UserGroupID                   string `json:"usergroup_id"`
+	VirtualNetworkOverrideEnabled bool   `json:"virtual_network_override_enabled"`
+	VirtualNetworkOverrideID      string `json:"virtual_network_override_id"`
 }
 
 func (dst *User) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/user.go b/vendor/github.com/paultyng/go-unifi/unifi/user.go
index 970cef086..e42cfa479 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/user.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/user.go
@@ -131,6 +131,19 @@ func (c *Client) DeleteUserByMAC(ctx context.Context, site, mac string) error {
 	return nil
 }
 
+func (c *Client) KickUserByMAC(ctx context.Context, site, mac string) error {
+	users, err := c.stamgr(ctx, site, "kick-sta", map[string]interface{}{
+		"mac": mac,
+	})
+	if err != nil {
+		return err
+	}
+	if len(users) != 1 {
+		return &NotFoundError{}
+	}
+	return nil
+}
+
 func (c *Client) OverrideUserFingerprint(ctx context.Context, site, mac string, devIdOveride int) error {
 	reqBody := map[string]interface{}{
 		"mac":             mac,
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
index 51ebee210..788d2e20c 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
@@ -2,4 +2,4 @@
 
 package unifi
 
-const UnifiVersion = "7.3.83"
+const UnifiVersion = "7.4.156"
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
index 8881a7bf9..44ce28601 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
@@ -73,7 +73,6 @@ type WLAN struct {
 	Priority                    string                     `json:"priority,omitempty"`   // medium|high|low
 	ProxyArp                    bool                       `json:"proxy_arp"`
 	RADIUSDasEnabled            bool                       `json:"radius_das_enabled"`
-	RADIUSFilterIDEnabled       bool                       `json:"radius_filter_id_enabled"`
 	RADIUSMACAuthEnabled        bool                       `json:"radius_mac_auth_enabled"`
 	RADIUSMACaclEmptyPassword   bool                       `json:"radius_macacl_empty_password"`
 	RADIUSMACaclFormat          string                     `json:"radius_macacl_format,omitempty"` // none_lower|hyphen_lower|colon_lower|none_upper|hyphen_upper|colon_upper
diff --git a/vendor/go.uber.org/multierr/CHANGELOG.md b/vendor/go.uber.org/multierr/CHANGELOG.md
index 3ba05276f..d2c8aadaf 100644
--- a/vendor/go.uber.org/multierr/CHANGELOG.md
+++ b/vendor/go.uber.org/multierr/CHANGELOG.md
@@ -1,6 +1,14 @@
 Releases
 ========
 
+v1.9.0 (2022-12-12)
+===================
+
+-   Add `AppendFunc` that allow passsing functions to similar to
+    `AppendInvoke`.
+
+-   Bump up yaml.v3 dependency to 3.0.1.
+
 v1.8.0 (2022-02-28)
 ===================
 
diff --git a/vendor/go.uber.org/multierr/error.go b/vendor/go.uber.org/multierr/error.go
index f45af149c..cdd91ae56 100644
--- a/vendor/go.uber.org/multierr/error.go
+++ b/vendor/go.uber.org/multierr/error.go
@@ -20,106 +20,109 @@
 
 // Package multierr allows combining one or more errors together.
 //
-// Overview
+// # Overview
 //
 // Errors can be combined with the use of the Combine function.
 //
-// 	multierr.Combine(
-// 		reader.Close(),
-// 		writer.Close(),
-// 		conn.Close(),
-// 	)
+//	multierr.Combine(
+//		reader.Close(),
+//		writer.Close(),
+//		conn.Close(),
+//	)
 //
 // If only two errors are being combined, the Append function may be used
 // instead.
 //
-// 	err = multierr.Append(reader.Close(), writer.Close())
+//	err = multierr.Append(reader.Close(), writer.Close())
 //
 // The underlying list of errors for a returned error object may be retrieved
 // with the Errors function.
 //
-// 	errors := multierr.Errors(err)
-// 	if len(errors) > 0 {
-// 		fmt.Println("The following errors occurred:", errors)
-// 	}
+//	errors := multierr.Errors(err)
+//	if len(errors) > 0 {
+//		fmt.Println("The following errors occurred:", errors)
+//	}
 //
-// Appending from a loop
+// # Appending from a loop
 //
 // You sometimes need to append into an error from a loop.
 //
-// 	var err error
-// 	for _, item := range items {
-// 		err = multierr.Append(err, process(item))
-// 	}
+//	var err error
+//	for _, item := range items {
+//		err = multierr.Append(err, process(item))
+//	}
 //
 // Cases like this may require knowledge of whether an individual instance
 // failed. This usually requires introduction of a new variable.
 //
-// 	var err error
-// 	for _, item := range items {
-// 		if perr := process(item); perr != nil {
-// 			log.Warn("skipping item", item)
-// 			err = multierr.Append(err, perr)
-// 		}
-// 	}
+//	var err error
+//	for _, item := range items {
+//		if perr := process(item); perr != nil {
+//			log.Warn("skipping item", item)
+//			err = multierr.Append(err, perr)
+//		}
+//	}
 //
 // multierr includes AppendInto to simplify cases like this.
 //
-// 	var err error
-// 	for _, item := range items {
-// 		if multierr.AppendInto(&err, process(item)) {
-// 			log.Warn("skipping item", item)
-// 		}
-// 	}
+//	var err error
+//	for _, item := range items {
+//		if multierr.AppendInto(&err, process(item)) {
+//			log.Warn("skipping item", item)
+//		}
+//	}
 //
 // This will append the error into the err variable, and return true if that
 // individual error was non-nil.
 //
-// See AppendInto for more information.
+// See [AppendInto] for more information.
 //
-// Deferred Functions
+// # Deferred Functions
 //
 // Go makes it possible to modify the return value of a function in a defer
 // block if the function was using named returns. This makes it possible to
 // record resource cleanup failures from deferred blocks.
 //
-// 	func sendRequest(req Request) (err error) {
-// 		conn, err := openConnection()
-// 		if err != nil {
-// 			return err
-// 		}
-// 		defer func() {
-// 			err = multierr.Append(err, conn.Close())
-// 		}()
-// 		// ...
-// 	}
+//	func sendRequest(req Request) (err error) {
+//		conn, err := openConnection()
+//		if err != nil {
+//			return err
+//		}
+//		defer func() {
+//			err = multierr.Append(err, conn.Close())
+//		}()
+//		// ...
+//	}
 //
 // multierr provides the Invoker type and AppendInvoke function to make cases
 // like the above simpler and obviate the need for a closure. The following is
 // roughly equivalent to the example above.
 //
-// 	func sendRequest(req Request) (err error) {
-// 		conn, err := openConnection()
-// 		if err != nil {
-// 			return err
-// 		}
-// 		defer multierr.AppendInvoke(&err, multierr.Close(conn))
-// 		// ...
-// 	}
+//	func sendRequest(req Request) (err error) {
+//		conn, err := openConnection()
+//		if err != nil {
+//			return err
+//		}
+//		defer multierr.AppendInvoke(&err, multierr.Close(conn))
+//		// ...
+//	}
 //
-// See AppendInvoke and Invoker for more information.
+// See [AppendInvoke] and [Invoker] for more information.
 //
-// Advanced Usage
+// NOTE: If you're modifying an error from inside a defer, you MUST use a named
+// return value for that function.
+//
+// # Advanced Usage
 //
 // Errors returned by Combine and Append MAY implement the following
 // interface.
 //
-// 	type errorGroup interface {
-// 		// Returns a slice containing the underlying list of errors.
-// 		//
-// 		// This slice MUST NOT be modified by the caller.
-// 		Errors() []error
-// 	}
+//	type errorGroup interface {
+//		// Returns a slice containing the underlying list of errors.
+//		//
+//		// This slice MUST NOT be modified by the caller.
+//		Errors() []error
+//	}
 //
 // Note that if you need access to list of errors behind a multierr error, you
 // should prefer using the Errors function. That said, if you need cheap
@@ -128,13 +131,13 @@
 // because errors returned by Combine and Append are not guaranteed to
 // implement this interface.
 //
-// 	var errors []error
-// 	group, ok := err.(errorGroup)
-// 	if ok {
-// 		errors = group.Errors()
-// 	} else {
-// 		errors = []error{err}
-// 	}
+//	var errors []error
+//	group, ok := err.(errorGroup)
+//	if ok {
+//		errors = group.Errors()
+//	} else {
+//		errors = []error{err}
+//	}
 package multierr // import "go.uber.org/multierr"
 
 import (
@@ -185,8 +188,8 @@ type errorGroup interface {
 // Errors returns a slice containing zero or more errors that the supplied
 // error is composed of. If the error is nil, a nil slice is returned.
 //
-// 	err := multierr.Append(r.Close(), w.Close())
-// 	errors := multierr.Errors(err)
+//	err := multierr.Append(r.Close(), w.Close())
+//	errors := multierr.Errors(err)
 //
 // If the error is not composed of other errors, the returned slice contains
 // just the error that was passed in.
@@ -209,10 +212,7 @@ func Errors(err error) []error {
 		return []error{err}
 	}
 
-	errors := eg.Errors()
-	result := make([]error, len(errors))
-	copy(result, errors)
-	return result
+	return append(([]error)(nil), eg.Errors()...)
 }
 
 // multiError is an error that holds one or more errors.
@@ -393,8 +393,7 @@ func fromSlice(errors []error) error {
 			// Otherwise "errors" escapes to the heap
 			// unconditionally for all other cases.
 			// This lets us optimize for the "no errors" case.
-			out := make([]error, len(errors))
-			copy(out, errors)
+			out := append(([]error)(nil), errors...)
 			return &multiError{errors: out}
 		}
 	}
@@ -420,32 +419,32 @@ func fromSlice(errors []error) error {
 // If zero arguments were passed or if all items are nil, a nil error is
 // returned.
 //
-// 	Combine(nil, nil)  // == nil
+//	Combine(nil, nil)  // == nil
 //
 // If only a single error was passed, it is returned as-is.
 //
-// 	Combine(err)  // == err
+//	Combine(err)  // == err
 //
 // Combine skips over nil arguments so this function may be used to combine
 // together errors from operations that fail independently of each other.
 //
-// 	multierr.Combine(
-// 		reader.Close(),
-// 		writer.Close(),
-// 		pipe.Close(),
-// 	)
+//	multierr.Combine(
+//		reader.Close(),
+//		writer.Close(),
+//		pipe.Close(),
+//	)
 //
 // If any of the passed errors is a multierr error, it will be flattened along
 // with the other errors.
 //
-// 	multierr.Combine(multierr.Combine(err1, err2), err3)
-// 	// is the same as
-// 	multierr.Combine(err1, err2, err3)
+//	multierr.Combine(multierr.Combine(err1, err2), err3)
+//	// is the same as
+//	multierr.Combine(err1, err2, err3)
 //
 // The returned error formats into a readable multi-line error message if
 // formatted with %+v.
 //
-// 	fmt.Sprintf("%+v", multierr.Combine(err1, err2))
+//	fmt.Sprintf("%+v", multierr.Combine(err1, err2))
 func Combine(errors ...error) error {
 	return fromSlice(errors)
 }
@@ -455,16 +454,19 @@ func Combine(errors ...error) error {
 // This function is a specialization of Combine for the common case where
 // there are only two errors.
 //
-// 	err = multierr.Append(reader.Close(), writer.Close())
+//	err = multierr.Append(reader.Close(), writer.Close())
 //
 // The following pattern may also be used to record failure of deferred
 // operations without losing information about the original error.
 //
-// 	func doSomething(..) (err error) {
-// 		f := acquireResource()
-// 		defer func() {
-// 			err = multierr.Append(err, f.Close())
-// 		}()
+//	func doSomething(..) (err error) {
+//		f := acquireResource()
+//		defer func() {
+//			err = multierr.Append(err, f.Close())
+//		}()
+//
+// Note that the variable MUST be a named return to append an error to it from
+// the defer statement. See also [AppendInvoke].
 func Append(left error, right error) error {
 	switch {
 	case left == nil:
@@ -494,37 +496,37 @@ func Append(left error, right error) error {
 // AppendInto appends an error into the destination of an error pointer and
 // returns whether the error being appended was non-nil.
 //
-// 	var err error
-// 	multierr.AppendInto(&err, r.Close())
-// 	multierr.AppendInto(&err, w.Close())
+//	var err error
+//	multierr.AppendInto(&err, r.Close())
+//	multierr.AppendInto(&err, w.Close())
 //
 // The above is equivalent to,
 //
-// 	err := multierr.Append(r.Close(), w.Close())
+//	err := multierr.Append(r.Close(), w.Close())
 //
 // As AppendInto reports whether the provided error was non-nil, it may be
 // used to build a multierr error in a loop more ergonomically. For example:
 //
-// 	var err error
-// 	for line := range lines {
-// 		var item Item
-// 		if multierr.AppendInto(&err, parse(line, &item)) {
-// 			continue
-// 		}
-// 		items = append(items, item)
-// 	}
+//	var err error
+//	for line := range lines {
+//		var item Item
+//		if multierr.AppendInto(&err, parse(line, &item)) {
+//			continue
+//		}
+//		items = append(items, item)
+//	}
 //
 // Compare this with a version that relies solely on Append:
 //
-// 	var err error
-// 	for line := range lines {
-// 		var item Item
-// 		if parseErr := parse(line, &item); parseErr != nil {
-// 			err = multierr.Append(err, parseErr)
-// 			continue
-// 		}
-// 		items = append(items, item)
-// 	}
+//	var err error
+//	for line := range lines {
+//		var item Item
+//		if parseErr := parse(line, &item); parseErr != nil {
+//			err = multierr.Append(err, parseErr)
+//			continue
+//		}
+//		items = append(items, item)
+//	}
 func AppendInto(into *error, err error) (errored bool) {
 	if into == nil {
 		// We panic if 'into' is nil. This is not documented above
@@ -545,7 +547,7 @@ func AppendInto(into *error, err error) (errored bool) {
 // AppendInvoke to append the result of calling the function into an error.
 // This allows you to conveniently defer capture of failing operations.
 //
-// See also, Close and Invoke.
+// See also, [Close] and [Invoke].
 type Invoker interface {
 	Invoke() error
 }
@@ -556,19 +558,22 @@ type Invoker interface {
 //
 // For example,
 //
-// 	func processReader(r io.Reader) (err error) {
-// 		scanner := bufio.NewScanner(r)
-// 		defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
-// 		for scanner.Scan() {
-// 			// ...
-// 		}
-// 		// ...
-// 	}
+//	func processReader(r io.Reader) (err error) {
+//		scanner := bufio.NewScanner(r)
+//		defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
+//		for scanner.Scan() {
+//			// ...
+//		}
+//		// ...
+//	}
 //
 // In this example, the following line will construct the Invoker right away,
 // but defer the invocation of scanner.Err() until the function returns.
 //
-// 	defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
+//	defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
+//
+// Note that the error you're appending to from the defer statement MUST be a
+// named return.
 type Invoke func() error
 
 // Invoke calls the supplied function and returns its result.
@@ -579,19 +584,22 @@ func (i Invoke) Invoke() error { return i() }
 //
 // For example,
 //
-// 	func processFile(path string) (err error) {
-// 		f, err := os.Open(path)
-// 		if err != nil {
-// 			return err
-// 		}
-// 		defer multierr.AppendInvoke(&err, multierr.Close(f))
-// 		return processReader(f)
-// 	}
+//	func processFile(path string) (err error) {
+//		f, err := os.Open(path)
+//		if err != nil {
+//			return err
+//		}
+//		defer multierr.AppendInvoke(&err, multierr.Close(f))
+//		return processReader(f)
+//	}
 //
 // In this example, multierr.Close will construct the Invoker right away, but
 // defer the invocation of f.Close until the function returns.
 //
-// 	defer multierr.AppendInvoke(&err, multierr.Close(f))
+//	defer multierr.AppendInvoke(&err, multierr.Close(f))
+//
+// Note that the error you're appending to from the defer statement MUST be a
+// named return.
 func Close(closer io.Closer) Invoker {
 	return Invoke(closer.Close)
 }
@@ -601,52 +609,73 @@ func Close(closer io.Closer) Invoker {
 // invocation of fallible operations until a function returns, and capture the
 // resulting errors.
 //
-// 	func doSomething(...) (err error) {
-// 		// ...
-// 		f, err := openFile(..)
-// 		if err != nil {
-// 			return err
-// 		}
+//	func doSomething(...) (err error) {
+//		// ...
+//		f, err := openFile(..)
+//		if err != nil {
+//			return err
+//		}
+//
+//		// multierr will call f.Close() when this function returns and
+//		// if the operation fails, its append its error into the
+//		// returned error.
+//		defer multierr.AppendInvoke(&err, multierr.Close(f))
 //
-// 		// multierr will call f.Close() when this function returns and
-// 		// if the operation fails, its append its error into the
-// 		// returned error.
-// 		defer multierr.AppendInvoke(&err, multierr.Close(f))
+//		scanner := bufio.NewScanner(f)
+//		// Similarly, this scheduled scanner.Err to be called and
+//		// inspected when the function returns and append its error
+//		// into the returned error.
+//		defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
 //
-// 		scanner := bufio.NewScanner(f)
-// 		// Similarly, this scheduled scanner.Err to be called and
-// 		// inspected when the function returns and append its error
-// 		// into the returned error.
-// 		defer multierr.AppendInvoke(&err, multierr.Invoke(scanner.Err))
+//		// ...
+//	}
 //
-// 		// ...
-// 	}
+// NOTE: If used with a defer, the error variable MUST be a named return.
 //
 // Without defer, AppendInvoke behaves exactly like AppendInto.
 //
-// 	err := // ...
-// 	multierr.AppendInvoke(&err, mutltierr.Invoke(foo))
+//	err := // ...
+//	multierr.AppendInvoke(&err, mutltierr.Invoke(foo))
 //
-// 	// ...is roughly equivalent to...
+//	// ...is roughly equivalent to...
 //
-// 	err := // ...
-// 	multierr.AppendInto(&err, foo())
+//	err := // ...
+//	multierr.AppendInto(&err, foo())
 //
 // The advantage of the indirection introduced by Invoker is to make it easy
 // to defer the invocation of a function. Without this indirection, the
 // invoked function will be evaluated at the time of the defer block rather
 // than when the function returns.
 //
-// 	// BAD: This is likely not what the caller intended. This will evaluate
-// 	// foo() right away and append its result into the error when the
-// 	// function returns.
-// 	defer multierr.AppendInto(&err, foo())
+//	// BAD: This is likely not what the caller intended. This will evaluate
+//	// foo() right away and append its result into the error when the
+//	// function returns.
+//	defer multierr.AppendInto(&err, foo())
 //
-// 	// GOOD: This will defer invocation of foo unutil the function returns.
-// 	defer multierr.AppendInvoke(&err, multierr.Invoke(foo))
+//	// GOOD: This will defer invocation of foo unutil the function returns.
+//	defer multierr.AppendInvoke(&err, multierr.Invoke(foo))
 //
 // multierr provides a few Invoker implementations out of the box for
-// convenience. See Invoker for more information.
+// convenience. See [Invoker] for more information.
 func AppendInvoke(into *error, invoker Invoker) {
 	AppendInto(into, invoker.Invoke())
 }
+
+// AppendFunc is a shorthand for [AppendInvoke].
+// It allows using function or method value directly
+// without having to wrap it into an [Invoker] interface.
+//
+//	func doSomething(...) (err error) {
+//		w, err := startWorker(...)
+//		if err != nil {
+//			return err
+//		}
+//
+//		// multierr will call w.Stop() when this function returns and
+//		// if the operation fails, it appends its error into the
+//		// returned error.
+//		defer multierr.AppendFunc(&err, w.Stop)
+//	}
+func AppendFunc(into *error, fn func() error) {
+	AppendInvoke(into, Invoke(fn))
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 1fa7ebddb..af49d96ab 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -87,6 +87,9 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
 # github.com/agext/levenshtein v1.2.3
 ## explicit
 github.com/agext/levenshtein
+# github.com/akerl/terraform-provider-unifi v0.41.8
+## explicit; go 1.20
+github.com/akerl/terraform-provider-unifi/internal/provider
 # github.com/alexkohler/nakedret/v2 v2.0.2
 ## explicit; go 1.18
 github.com/alexkohler/nakedret/v2
@@ -854,7 +857,7 @@ github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags
 github.com/hashicorp/terraform-plugin-sdk/v2/meta
 github.com/hashicorp/terraform-plugin-sdk/v2/plugin
 github.com/hashicorp/terraform-plugin-sdk/v2/terraform
-# github.com/hashicorp/terraform-plugin-testing v1.3.0
+# github.com/hashicorp/terraform-plugin-testing v1.4.0
 ## explicit; go 1.19
 github.com/hashicorp/terraform-plugin-testing/helper/acctest
 github.com/hashicorp/terraform-plugin-testing/helper/resource
@@ -867,6 +870,7 @@ github.com/hashicorp/terraform-plugin-testing/internal/plugintest
 github.com/hashicorp/terraform-plugin-testing/internal/tfdiags
 github.com/hashicorp/terraform-plugin-testing/plancheck
 github.com/hashicorp/terraform-plugin-testing/terraform
+github.com/hashicorp/terraform-plugin-testing/tfjsonpath
 github.com/hashicorp/terraform-plugin-testing/tfversion
 # github.com/hashicorp/terraform-registry-address v0.2.2
 ## explicit; go 1.19
@@ -1183,7 +1187,7 @@ github.com/opencontainers/image-spec/specs-go/v1
 # github.com/opencontainers/runc v1.1.9
 ## explicit; go 1.17
 github.com/opencontainers/runc/libcontainer/user
-# github.com/paultyng/go-unifi v1.32.0
+# github.com/paultyng/go-unifi v1.33.0
 ## explicit; go 1.18
 github.com/paultyng/go-unifi/unifi
 # github.com/pelletier/go-toml v1.9.5
@@ -1569,8 +1573,8 @@ go.tmz.dev/musttag
 # go.uber.org/atomic v1.10.0
 ## explicit; go 1.18
 go.uber.org/atomic
-# go.uber.org/multierr v1.8.0
-## explicit; go 1.14
+# go.uber.org/multierr v1.9.0
+## explicit; go 1.19
 go.uber.org/multierr
 # go.uber.org/zap v1.24.0
 ## explicit; go 1.19

From 7e2bf1d88425c6c84c729c65e2b5befc2978e72c Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:35:30 -0500
Subject: [PATCH 06/12] update mod name

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 27538bc65..0079a7a91 100644
--- a/go.mod
+++ b/go.mod
@@ -1,4 +1,4 @@
-module github.com/paultyng/terraform-provider-unifi
+module github.com/akerl/terraform-provider-unifi
 
 go 1.20
 

From 8e22812d9d1d7f9eaf4a5685c587af168d075291 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:40:52 -0500
Subject: [PATCH 07/12] fix vendoring

---
 go.mod             | 1 -
 go.sum             | 2 --
 vendor/modules.txt | 3 ---
 3 files changed, 6 deletions(-)

diff --git a/go.mod b/go.mod
index 0079a7a91..a59adcd2e 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,6 @@ go 1.20
 // replace github.com/hashicorp/terraform-plugin-sdk/v2 => ../../hashicorp/terraform-plugin-sdk
 
 require (
-	github.com/akerl/terraform-provider-unifi v0.41.8
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/deckarep/golang-set/v2 v2.3.1
 	github.com/golangci/golangci-lint v1.53.3
diff --git a/go.sum b/go.sum
index 157b44b97..55a419108 100644
--- a/go.sum
+++ b/go.sum
@@ -95,8 +95,6 @@ github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/O
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/akerl/terraform-provider-unifi v0.41.8 h1:BRPspSWwYoyJN3DYHWfms70zuKqbBIQMkL3mKsgHj0M=
-github.com/akerl/terraform-provider-unifi v0.41.8/go.mod h1:J4XzxDi6sORa52ESsk3GpLh9RaFu+cfKxokSV4Kli2M=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
diff --git a/vendor/modules.txt b/vendor/modules.txt
index af49d96ab..df03ee8dc 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -87,9 +87,6 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
 # github.com/agext/levenshtein v1.2.3
 ## explicit
 github.com/agext/levenshtein
-# github.com/akerl/terraform-provider-unifi v0.41.8
-## explicit; go 1.20
-github.com/akerl/terraform-provider-unifi/internal/provider
 # github.com/alexkohler/nakedret/v2 v2.0.2
 ## explicit; go 1.18
 github.com/alexkohler/nakedret/v2

From 57821a45880f64855b9dda224abe29f0c93fc401 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:44:35 -0500
Subject: [PATCH 08/12] remove unused linter

---
 .golangci.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 35ee77f81..d516ceeb9 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -11,7 +11,6 @@ linters:
     - "nakedret"
     - "nilerr"
     - "staticcheck"
-    - "structcheck"
     - "unconvert"
     - "unused"
 

From 65aca68783732ec91a7076099b51bb24f1afd161 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Sat, 25 Nov 2023 20:49:05 -0500
Subject: [PATCH 09/12] fix linter

---
 internal/provider/resource_device.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/provider/resource_device.go b/internal/provider/resource_device.go
index de9df9c39..e9200f8f7 100644
--- a/internal/provider/resource_device.go
+++ b/internal/provider/resource_device.go
@@ -104,7 +104,7 @@ func resourceDevice() *schema.Resource {
 							},
 						},
 						"poe_mode": {
-							Description: "PoE mode of the port; valid values are `auto`, `pasv24`, `passthrough`, and `off`.",
+							Description:  "PoE mode of the port; valid values are `auto`, `pasv24`, `passthrough`, and `off`.",
 							Type:         schema.TypeString,
 							Optional:     true,
 							ValidateFunc: validation.StringInSlice([]string{"auto", "pasv24", "passthrough", "off"}, false),

From 70f11506cd50822af71a5d9a93d2c4f64c0971ca Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Wed, 29 Nov 2023 23:09:34 -0500
Subject: [PATCH 10/12] update go-unifi

---
 go.mod | 197 ++++++++++++++-------------
 go.sum | 424 ++++++++++++++++++++++++++++++---------------------------
 2 files changed, 327 insertions(+), 294 deletions(-)

diff --git a/go.mod b/go.mod
index a59adcd2e..278875e87 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ go 1.20
 require (
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/deckarep/golang-set/v2 v2.3.1
-	github.com/golangci/golangci-lint v1.53.3
+	github.com/golangci/golangci-lint v1.55.2
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/terraform-plugin-docs v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0
@@ -23,58 +23,62 @@ require (
 	4d63.com/gocheckcompilerdirectives v1.2.1 // indirect
 	4d63.com/gochecknoglobals v0.2.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	github.com/4meepo/tagalign v1.2.2 // indirect
-	github.com/Abirdcfly/dupword v0.0.11 // indirect
+	github.com/4meepo/tagalign v1.3.3 // indirect
+	github.com/Abirdcfly/dupword v0.0.13 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AlecAivazis/survey/v2 v2.3.7 // indirect
-	github.com/Antonboom/errname v0.1.10 // indirect
-	github.com/Antonboom/nilnil v0.1.5 // indirect
+	github.com/Antonboom/errname v0.1.12 // indirect
+	github.com/Antonboom/nilnil v0.1.7 // indirect
+	github.com/Antonboom/testifylint v0.2.3 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
-	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect
+	github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/OpenPeeDeeP/depguard/v2 v2.1.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/alecthomas/go-check-sumtype v0.1.3 // indirect
 	github.com/alexkohler/nakedret/v2 v2.0.2 // indirect
 	github.com/alexkohler/prealloc v1.0.0 // indirect
 	github.com/alingse/asasalint v0.0.11 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/ashanbrown/forbidigo v1.5.3 // indirect
+	github.com/ashanbrown/forbidigo v1.6.0 // indirect
 	github.com/ashanbrown/makezero v1.1.1 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.20.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.33 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.32 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 // indirect
-	github.com/aws/smithy-go v1.14.1 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
+	github.com/aws/smithy-go v1.15.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/bkielbasa/cyclop v1.2.1 // indirect
 	github.com/blizzy78/varnamelen v0.8.0 // indirect
 	github.com/bombsimon/wsl/v3 v3.4.0 // indirect
-	github.com/breml/bidichk v0.2.4 // indirect
-	github.com/breml/errchkjson v0.3.1 // indirect
+	github.com/breml/bidichk v0.2.7 // indirect
+	github.com/breml/errchkjson v0.3.6 // indirect
 	github.com/buger/goterm v1.0.4 // indirect
-	github.com/butuzov/ireturn v0.2.0 // indirect
+	github.com/butuzov/ireturn v0.2.2 // indirect
 	github.com/butuzov/mirror v1.1.0 // indirect
+	github.com/catenacyber/perfsprint v0.2.0 // indirect
+	github.com/ccojocar/zxcvbn-go v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/charithe/durationcheck v0.0.10 // indirect
-	github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/chavacava/garif v0.1.0 // indirect
+	github.com/cloudflare/circl v1.3.5 // indirect
 	github.com/compose-spec/compose-go v1.18.1 // indirect
 	github.com/containerd/console v1.0.3 // indirect
 	github.com/containerd/containerd v1.7.3 // indirect
@@ -82,15 +86,16 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/curioswitch/go-reassign v0.2.0 // indirect
-	github.com/daixiang0/gci v0.10.1 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/daixiang0/gci v0.11.2 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/denis-tingaikin/go-header v0.4.3 // indirect
 	github.com/distribution/distribution/v3 v3.0.0-20230814232445-f1529a778201 // indirect
+	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/buildx v0.11.2 // indirect
-	github.com/docker/cli v24.0.5+incompatible // indirect
+	github.com/docker/cli v24.0.7+incompatible // indirect
 	github.com/docker/compose/v2 v2.20.3 // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v24.0.5+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
@@ -104,10 +109,11 @@ require (
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/firefart/nonamedreturns v1.0.4 // indirect
 	github.com/fsnotify/fsevents v0.1.1 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
 	github.com/fzipp/gocyclo v0.6.0 // indirect
-	github.com/go-critic/go-critic v0.8.1 // indirect
+	github.com/ghostiam/protogetter v0.2.3 // indirect
+	github.com/go-critic/go-critic v0.9.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
@@ -131,17 +137,17 @@ require (
 	github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
 	github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
 	github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
-	github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 // indirect
+	github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e // indirect
 	github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect
 	github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect
-	github.com/golangci/misspell v0.4.0 // indirect
-	github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect
+	github.com/golangci/misspell v0.4.1 // indirect
+	github.com/golangci/revgrep v0.5.2 // indirect
 	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
 	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/google/uuid v1.4.0 // indirect
 	github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/gostaticanalysis/analysisutil v0.7.1 // indirect
@@ -159,7 +165,7 @@ require (
 	github.com/hashicorp/go-plugin v1.5.1 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/hc-install v0.6.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/hashicorp/hcl/v2 v2.18.0 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.19.0 // indirect
@@ -170,11 +176,11 @@ require (
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
 	github.com/hexops/gotextdiff v1.0.3 // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jgautheron/goconst v1.5.1 // indirect
+	github.com/jgautheron/goconst v1.6.0 // indirect
 	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
 	github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
 	github.com/jonboulle/clockwork v0.4.0 // indirect
@@ -185,14 +191,15 @@ require (
 	github.com/kisielk/errcheck v1.6.3 // indirect
 	github.com/kisielk/gotool v1.0.0 // indirect
 	github.com/kkHAIKE/contextcheck v1.1.4 // indirect
-	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
 	github.com/kulti/thelper v0.6.3 // indirect
-	github.com/kunwardeep/paralleltest v1.0.7 // indirect
+	github.com/kunwardeep/paralleltest v1.0.8 // indirect
 	github.com/kyoh86/exportloopref v0.1.11 // indirect
 	github.com/ldez/gomoddirectives v0.2.3 // indirect
 	github.com/ldez/tagliatelle v0.5.0 // indirect
 	github.com/leonklingele/grouper v1.1.1 // indirect
 	github.com/lufeee/execinquery v1.2.1 // indirect
+	github.com/macabu/inamedparam v0.1.2 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/maratori/testableexamples v1.0.0 // indirect
@@ -202,9 +209,9 @@ require (
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
-	github.com/mgechev/revive v1.3.2 // indirect
+	github.com/mgechev/revive v1.3.4 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
@@ -216,7 +223,7 @@ require (
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/buildkit v0.12.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/patternmatcher v0.5.0 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
 	github.com/moby/sys/mountinfo v0.6.2 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
@@ -229,38 +236,39 @@ require (
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nakabonne/nestif v0.3.1 // indirect
-	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/nishanths/exhaustive v0.11.0 // indirect
 	github.com/nishanths/predeclared v0.2.2 // indirect
-	github.com/nunnatsa/ginkgolinter v0.12.1 // indirect
+	github.com/nunnatsa/ginkgolinter v0.14.1 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.9 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/polyfloyd/go-errorlint v1.4.2 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/polyfloyd/go-errorlint v1.4.5 // indirect
 	github.com/posener/complete v1.2.3 // indirect
-	github.com/prometheus/client_golang v1.16.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.11.1 // indirect
-	github.com/quasilyte/go-ruleguard v0.3.19 // indirect
+	github.com/prometheus/client_golang v1.17.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/quasilyte/go-ruleguard v0.4.0 // indirect
 	github.com/quasilyte/gogrep v0.5.0 // indirect
 	github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect
 	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/russross/blackfriday v1.6.0 // indirect
 	github.com/ryancurrah/gomodguard v1.3.0 // indirect
-	github.com/ryanrolds/sqlclosecheck v0.4.0 // indirect
+	github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect
+	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect
 	github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
-	github.com/sashamelentyev/usestdlibvars v1.23.0 // indirect
+	github.com/sashamelentyev/usestdlibvars v1.24.0 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
-	github.com/securego/gosec/v2 v2.16.0 // indirect
+	github.com/securego/gosec/v2 v2.18.2 // indirect
 	github.com/serialx/hashring v0.0.0-20200727003509-22c0c7ab6b1b // indirect
 	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
@@ -270,21 +278,21 @@ require (
 	github.com/sivchari/nosnakecase v1.7.0 // indirect
 	github.com/sivchari/tenv v1.7.1 // indirect
 	github.com/sonatard/noctx v0.0.2 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/sourcegraph/go-diff v0.7.0 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/afero v1.10.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.15.0 // indirect
+	github.com/spf13/viper v1.17.0 // indirect
 	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
 	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/stretchr/testify v1.8.4 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect
 	github.com/tdakkota/asciicheck v0.2.0 // indirect
-	github.com/tetafro/godot v1.4.11 // indirect
+	github.com/tetafro/godot v1.4.15 // indirect
 	github.com/theupdateframework/notary v0.7.0 // indirect
 	github.com/tilt-dev/fsnotify v1.4.8-0.20220602155310-fff9c274a375 // indirect
 	github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 // indirect
@@ -294,9 +302,9 @@ require (
 	github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb // indirect
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 // indirect
-	github.com/ultraware/funlen v0.0.3 // indirect
+	github.com/ultraware/funlen v0.1.0 // indirect
 	github.com/ultraware/whitespace v0.0.5 // indirect
-	github.com/uudashr/gocognit v1.0.6 // indirect
+	github.com/uudashr/gocognit v1.1.2 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
 	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
@@ -304,12 +312,13 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/xen0n/gosmopolitan v1.2.1 // indirect
+	github.com/xen0n/gosmopolitan v1.2.2 // indirect
 	github.com/yagipy/maintidx v1.0.0 // indirect
 	github.com/yeya24/promlinter v0.2.0 // indirect
-	github.com/ykadowak/zerologlint v0.1.2 // indirect
+	github.com/ykadowak/zerologlint v0.1.3 // indirect
 	github.com/zclconf/go-cty v1.14.0 // indirect
-	gitlab.com/bosi/decorder v0.2.3 // indirect
+	gitlab.com/bosi/decorder v0.4.1 // indirect
+	go-simpler.org/sloglint v0.1.2 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.42.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.42.0 // indirect
@@ -322,33 +331,32 @@ require (
 	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
 	go.opentelemetry.io/otel/trace v1.16.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.tmz.dev/musttag v0.7.0 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
-	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/oauth2 v0.11.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	go.tmz.dev/musttag v0.7.2 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.26.0 // indirect
+	golang.org/x/crypto v0.16.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/exp/typeparams v0.0.0-20230307190834-24139beb5833 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/net v0.19.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.12.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230814215434-ca7cfce7776a // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230814215434-ca7cfce7776a // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230814215434-ca7cfce7776a // indirect
-	google.golang.org/grpc v1.57.1 // indirect
+	golang.org/x/tools v0.16.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	honnef.co/go/tools v0.4.3 // indirect
+	honnef.co/go/tools v0.4.6 // indirect
 	k8s.io/api v0.27.4 // indirect
 	k8s.io/apimachinery v0.27.4 // indirect
 	k8s.io/client-go v0.27.4 // indirect
@@ -361,12 +369,13 @@ require (
 	mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
 // See testcontainers/testcontainers-go#632.
 replace (
 	github.com/cucumber/godog => github.com/laurazard/godog v0.0.0-20220922095256-4c4b17abdae7
+	github.com/paultyng/go-unifi => github.com/akerl/go-unifi v0.0.0-20231130040649-72458fa2bc15
 
 	// For k8s dependencies, we use a replace directive, to prevent them being
 	// upgraded to the version specified in containerd, which is not relevant to the
diff --git a/go.sum b/go.sum
index 55a419108..e965a8c60 100644
--- a/go.sum
+++ b/go.sum
@@ -21,14 +21,14 @@ cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHOb
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go v0.110.7 h1:rJyC7nWRg2jWGZ4wSJ5nY65GTdYJkg0cd/uXb+ACI6o=
+cloud.google.com/go v0.110.9 h1:e7ITSqGFFk4rbz/JFIqZh3G4VEHguhAL4BQcFlWtU68=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
+cloud.google.com/go/compute v1.23.2 h1:nWEMDhgbBkBJjfpVySqU4jgWdc22PLR0o4vEexZHers=
 cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
@@ -46,19 +46,21 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/4meepo/tagalign v1.2.2 h1:kQeUTkFTaBRtd/7jm8OKJl9iHk0gAO+TDFPHGSna0aw=
-github.com/4meepo/tagalign v1.2.2/go.mod h1:Q9c1rYMZJc9dPRkbQPpcBNCLEmY2njbAsXhQOZFE2dE=
-github.com/Abirdcfly/dupword v0.0.11 h1:z6v8rMETchZXUIuHxYNmlUAuKuB21PeaSymTed16wgU=
-github.com/Abirdcfly/dupword v0.0.11/go.mod h1:wH8mVGuf3CP5fsBTkfWwwwKTjDnVVCxtU8d8rgeVYXA=
+github.com/4meepo/tagalign v1.3.3 h1:ZsOxcwGD/jP4U/aw7qeWu58i7dwYemfy5Y+IF1ACoNw=
+github.com/4meepo/tagalign v1.3.3/go.mod h1:Q9c1rYMZJc9dPRkbQPpcBNCLEmY2njbAsXhQOZFE2dE=
+github.com/Abirdcfly/dupword v0.0.13 h1:SMS17YXypwP000fA7Lr+kfyBQyW14tTT+nRv9ASwUUo=
+github.com/Abirdcfly/dupword v0.0.13/go.mod h1:Ut6Ue2KgF/kCOawpW4LnExT+xZLQviJPE4klBPMK/5Y=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652 h1:+vTEFqeoeur6XSq06bs+roX3YiT49gUniJK7Zky7Xjg=
 github.com/AlecAivazis/survey/v2 v2.3.7 h1:6I/u8FvytdGsgonrYsVn2t8t4QiRnh6QSTqkkhIiSjQ=
 github.com/AlecAivazis/survey/v2 v2.3.7/go.mod h1:xUTIdE4KCOIjsBAE1JYsUPoCqYdZ1reCfTwbto0Fduo=
-github.com/Antonboom/errname v0.1.10 h1:RZ7cYo/GuZqjr1nuJLNe8ZH+a+Jd9DaZzttWzak9Bls=
-github.com/Antonboom/errname v0.1.10/go.mod h1:xLeiCIrvVNpUtsN0wxAh05bNIZpqE22/qDMnTBTttiA=
-github.com/Antonboom/nilnil v0.1.5 h1:X2JAdEVcbPaOom2TUa1FxZ3uyuUlex0XMLGYMemu6l0=
-github.com/Antonboom/nilnil v0.1.5/go.mod h1:I24toVuBKhfP5teihGWctrRiPbRKHwZIFOvc6v3HZXk=
+github.com/Antonboom/errname v0.1.12 h1:oh9ak2zUtsLp5oaEd/erjB4GPu9w19NyoIskZClDcQY=
+github.com/Antonboom/errname v0.1.12/go.mod h1:bK7todrzvlaZoQagP1orKzWXv59X/x0W0Io2XT1Ssro=
+github.com/Antonboom/nilnil v0.1.7 h1:ofgL+BA7vlA1K2wNQOsHzLJ2Pw5B5DpWRLdDAVvvTow=
+github.com/Antonboom/nilnil v0.1.7/go.mod h1:TP+ScQWVEq0eSIxqU8CbdT5DFWoHp0MbP+KMUO1BKYQ=
+github.com/Antonboom/testifylint v0.2.3 h1:MFq9zyL+rIVpsvLX4vDPLojgN7qODzWsrnftNX2Qh60=
+github.com/Antonboom/testifylint v0.2.3/go.mod h1:IYaXaOX9NbfAyO+Y04nfjGI8wDemC1rUyM/cYolz018=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -67,18 +69,19 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
-github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 h1:+r1rSv4gvYn0wmRjC8X7IAzX8QezqtFV9m0MUHFJgts=
-github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0/go.mod h1:b3g59n2Y+T5xmcxJL+UEG2f8cQploZm1mR/v6BW0mU0=
+github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0 h1:3ZBs7LAezy8gh0uECsA6CGU43FF3zsx5f4eah5FxTMA=
+github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0/go.mod h1:rZLTje5A9kFBe0pzhpe2TdhRniBF++PRHQuRpR8esVc=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
 github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
-github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek=
@@ -88,13 +91,19 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
 github.com/OpenPeeDeeP/depguard/v2 v2.1.0 h1:aQl70G173h/GZYhWf36aE5H0KaujXfVMnn/f1kSDVYY=
 github.com/OpenPeeDeeP/depguard/v2 v2.1.0/go.mod h1:PUBgk35fX4i7JDmwzlJwJ+GMe6NfO1723wmJMgPThNQ=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
-github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
-github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE=
+github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
 github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/akerl/go-unifi v0.0.0-20231130040649-72458fa2bc15 h1:1e+FtwMHdPHOYJ2jps+aE9enYvh8nNJNKMwnEUNJT6I=
+github.com/akerl/go-unifi v0.0.0-20231130040649-72458fa2bc15/go.mod h1:RFgeH7tc6FA3uFTY7X6yLAjXlFvpIZnxHWAZaXvTv8E=
+github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
+github.com/alecthomas/go-check-sumtype v0.1.3 h1:M+tqMxB68hcgccRXBMVCPI4UJ+QUfdSx0xdbypKCqA8=
+github.com/alecthomas/go-check-sumtype v0.1.3/go.mod h1:WyYPfhfkdhyrdaligV6svFopZV8Lqdzn5pyVBaV6jhQ=
+github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -117,35 +126,34 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/ashanbrown/forbidigo v1.5.3 h1:jfg+fkm/snMx+V9FBwsl1d340BV/99kZGv5jN9hBoXk=
-github.com/ashanbrown/forbidigo v1.5.3/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU=
+github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8gerOIVIY=
+github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU=
 github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
 github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
-github.com/aws/aws-sdk-go-v2 v1.20.1 h1:rZBf5DWr7YGrnlTK4kgDQGn1ltqOg5orCYb/UhOFZkg=
-github.com/aws/aws-sdk-go-v2 v1.20.1/go.mod h1:NU06lETsFm8fUC6ZjhgDpVBcGZTFQ6XM+LZWZxMI4ac=
-github.com/aws/aws-sdk-go-v2/config v1.18.33 h1:JKcw5SFxFW/rpM4mOPjv0VQ11E2kxW13F3exWOy7VZU=
-github.com/aws/aws-sdk-go-v2/config v1.18.33/go.mod h1:hXO/l9pgY3K5oZJldamP0pbZHdPqqk+4/maa7DSD3cA=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32 h1:lIH1eKPcCY1ylR4B6PkBGRWMHO3aVenOKJHWiS4/G2w=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.32/go.mod h1:lL8U3v/Y79YRG69WlAho0OHIKUXCyFvSXaIvfo81sls=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8 h1:DK/9C+UN/X+1+Wm8pqaDksQr2tSLzq+8X1/rI/ZxKEQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8/go.mod h1:ce7BgLQfYr5hQFdy67oX2svto3ufGtm6oBvmsHScI1Q=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38 h1:c8ed/T9T2K5I+h/JzmF5tpI46+OODQ74dzmdo+QnaMg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38/go.mod h1:qggunOChCMu9ZF/UkAfhTz25+U2rLVb3ya0Ua6TTfCA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32 h1:hNeAAymUY5gu11WrrmFb3CVIp9Dar9hbo44yzzcQpzA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32/go.mod h1:0ZXSqrty4FtQ7p8TEuRde/SZm9X05KT18LAUlR40Ln0=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39 h1:fc0ukRAiP1syoSGZYu+DaE+FulSYhTiJ8WpVu5jElU4=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39/go.mod h1:WLAW8PT7+JhjZfLSWe7WEJaJu0GNo0cKc2Zyo003RBs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32 h1:dGAseBFEYxth10V23b5e2mAS+tX7oVbfYHD6dnDdAsg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32/go.mod h1:4jwAWKEkCR0anWk5+1RbfSg1R5Gzld7NLiuaq5bTR/Y=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2 h1:A2RlEMo4SJSwbNoUUgkxTAEMduAy/8wG3eB2b2lP4gY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.13.2/go.mod h1:ju+nNXUunfIFamXUIZQiICjnO/TPlOmWcYhZcSy7xaE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2 h1:OJELEgyaT2kmaBGZ+myyZbTTLobfe3ox3FSh5eYK9Qs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2/go.mod h1:ubDBBaDFs1GHijSOTi8ljppML15GLG0HxhILtbjNNYQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2 h1:ympg1+Lnq33XLhcK/xTG4yZHPs1Oyxu+6DEWbl7qOzA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.21.2/go.mod h1:FQ/DQcOfESELfJi5ED+IPPAjI5xC6nxtSolVVB773jM=
-github.com/aws/smithy-go v1.14.1 h1:EFKMUmH/iHMqLiwoEDx2rRjRQpI1YCn5jTysoaDujFs=
-github.com/aws/smithy-go v1.14.1/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
+github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
+github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
+github.com/aws/aws-sdk-go-v2/config v1.19.1/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
+github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
+github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
+github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20150223135152-b965b613227f/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -163,10 +171,10 @@ github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkAp
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bombsimon/wsl/v3 v3.4.0 h1:RkSxjT3tmlptwfgEgTgU+KYKLI35p/tviNXNXiL2aNU=
 github.com/bombsimon/wsl/v3 v3.4.0/go.mod h1:KkIB+TXkqy6MvK9BDZVbZxKNYsE1/oLRJbIFtf14qqo=
-github.com/breml/bidichk v0.2.4 h1:i3yedFWWQ7YzjdZJHnPo9d/xURinSq3OM+gyM43K4/8=
-github.com/breml/bidichk v0.2.4/go.mod h1:7Zk0kRFt1LIZxtQdl9W9JwGAcLTTkOs+tN7wuEYGJ3s=
-github.com/breml/errchkjson v0.3.1 h1:hlIeXuspTyt8Y/UmP5qy1JocGNR00KQHgfaNtRAjoxQ=
-github.com/breml/errchkjson v0.3.1/go.mod h1:XroxrzKjdiutFyW3nWhw34VGg7kiMsDQox73yWCGI2U=
+github.com/breml/bidichk v0.2.7 h1:dAkKQPLl/Qrk7hnP6P+E0xOodrq8Us7+U0o4UBOAlQY=
+github.com/breml/bidichk v0.2.7/go.mod h1:YodjipAGI9fGcYM7II6wFvGhdMYsC5pHDlGzqvEW3tQ=
+github.com/breml/errchkjson v0.3.6 h1:VLhVkqSBH96AvXEyclMR37rZslRrY2kcyq+31HCsVrA=
+github.com/breml/errchkjson v0.3.6/go.mod h1:jhSDoFheAF2RSDOlCfhHO9KqhZgAYLyvHe7bRCX8f/U=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
 github.com/buger/goterm v1.0.4 h1:Z9YvGmOih81P0FbVtEYTFF6YsSgxSUKEhf/f9bTMXbY=
 github.com/buger/goterm v1.0.4/go.mod h1:HiFWV3xnkolgrBV3mY8m0X0Pumt4zg4QhbdOzQtB8tE=
@@ -176,12 +184,16 @@ github.com/bugsnag/bugsnag-go v1.5.0 h1:tP8hiPv1pGGW3LA6LKy5lW6WG+y9J2xWUdPd3WC4
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
 github.com/bugsnag/panicwrap v1.2.0 h1:OzrKrRvXis8qEvOkfcxNcYbOd2O7xXS2nnKMEMABFQA=
-github.com/butuzov/ireturn v0.2.0 h1:kCHi+YzC150GE98WFuZQu9yrTn6GEydO2AuPLbTgnO4=
-github.com/butuzov/ireturn v0.2.0/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
+github.com/butuzov/ireturn v0.2.2 h1:jWI36dxXwVrI+RnXDwux2IZOewpmfv930OuIRfaBUJ0=
+github.com/butuzov/ireturn v0.2.2/go.mod h1:RfGHUvvAuFFxoHKf4Z8Yxuh6OjlCw1KvR2zM1NFHeBk=
 github.com/butuzov/mirror v1.1.0 h1:ZqX54gBVMXu78QLoiqdwpl2mgmoOJTk7s4p4o+0avZI=
 github.com/butuzov/mirror v1.1.0/go.mod h1:8Q0BdQU6rC6WILDiBM60DBfvV78OLJmMmixe7GF45AE=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/catenacyber/perfsprint v0.2.0 h1:azOocHLscPjqXVJ7Mf14Zjlkn4uNua0+Hcg1wTR6vUo=
+github.com/catenacyber/perfsprint v0.2.0/go.mod h1:/wclWYompEyjUD2FuIIDVKNkqz7IgBIWXIH3V0Zol50=
+github.com/ccojocar/zxcvbn-go v1.0.1 h1:+sxrANSCj6CdadkcMnvde/GWU1vZiiXRbqYSCalV4/4=
+github.com/ccojocar/zxcvbn-go v1.0.1/go.mod h1:g1qkXtUSvHP8lhHp5GrSmTz6uWALGRMQdw6Qnz/hi60=
 github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -192,8 +204,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/charithe/durationcheck v0.0.10 h1:wgw73BiocdBDQPik+zcEoBG/ob8uyBHf2iyoHGPf5w4=
 github.com/charithe/durationcheck v0.0.10/go.mod h1:bCWXb7gYRysD1CU3C+u4ceO49LoGOY1C1L6uouGNreQ=
-github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 h1:W9o46d2kbNL06lq7UNDPV0zYLzkrde/bjIqO02eoll0=
-github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8/go.mod h1:gakxgyXaaPkxvLw1XQxNGK4I37ys9iBRzNUx/B7pUCo=
+github.com/chavacava/garif v0.1.0 h1:2JHa3hbYf5D9dsgseMKAmc/MZ109otzgNFk5s87H9Pc=
+github.com/chavacava/garif v0.1.0/go.mod h1:XMyYCkEL58DF0oyW4qDjjnPWONs2HBqYKI+UIPD+Gww=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -201,8 +213,9 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA=
 github.com/cloudflare/cfssl v1.6.4 h1:NMOvfrEjFfC63K3SGXgAnFdsgkmiq4kATme5BfcqrO8=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.5 h1:g+wWynZqVALYAlpSQFAa7TscDnUK8mKYtrxMpw6AUKo=
+github.com/cloudflare/circl v1.3.5/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -227,17 +240,18 @@ github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9Fqctt
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
 github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E=
 github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo=
 github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc=
-github.com/daixiang0/gci v0.10.1 h1:eheNA3ljF6SxnPD/vE4lCBusVHmV3Rs3dkKvFrJ7MR0=
-github.com/daixiang0/gci v0.10.1/go.mod h1:xtHP9N7AHdNvtRNfcx9gwTDfw7FRJx4bZUsiEfiNNAI=
+github.com/daixiang0/gci v0.11.2 h1:Oji+oPsp3bQ6bNNgX30NBAVT18P4uBH4sRZnlOlTj7Y=
+github.com/daixiang0/gci v0.11.2/go.mod h1:xtHP9N7AHdNvtRNfcx9gwTDfw7FRJx4bZUsiEfiNNAI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/deckarep/golang-set/v2 v2.3.1 h1:vjmkvJt/IV27WXPyYQpAh4bRyWJc5Y435D17XQ9QU5A=
 github.com/deckarep/golang-set/v2 v2.3.1/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/denis-tingaikin/go-header v0.4.3 h1:tEaZKAlqql6SKCY++utLmkPLd6K8IBM20Ha7UVm+mtU=
@@ -245,17 +259,19 @@ github.com/denis-tingaikin/go-header v0.4.3/go.mod h1:0wOCWuN71D5qIgE2nz9KrKmuYB
 github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/distribution/distribution/v3 v3.0.0-20230814232445-f1529a778201 h1:pXexAiGO3jtvpvcSRQfIr81hQ1xorM4KNGulY6U6UKU=
 github.com/distribution/distribution/v3 v3.0.0-20230814232445-f1529a778201/go.mod h1:+fqBJ4vPYo4Uu1ZE4d+bUtTLRXfdSL3NvCZIZ9GHv58=
+github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/buildx v0.11.2 h1:R3p9F0gnI4FwvQ0p40UwdX1T4ugap4UWxY3TFHoP4Ws=
 github.com/docker/buildx v0.11.2/go.mod h1:CWAABt10iIuGpleypA3103mplDfcGu0A2AvT03xfpTc=
-github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc=
-github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
+github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/compose/v2 v2.20.3 h1:UM6EaYgpjANQBKo7r7S4yNEdOeXr9IhBOpFFhOhqyd4=
 github.com/docker/compose/v2 v2.20.3/go.mod h1:xbMcMnkNJQfwh1PlMie2DfzIYAcqhtc2ipgcRGUOHfo=
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY=
-github.com/docker/docker v24.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
+github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
@@ -283,7 +299,7 @@ github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5y
 github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.10.1 h1:c0g45+xCJhdgFGw7a5QAfdS4byAbud7miNWJ1WwEVf8=
+github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
 github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStBA=
 github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0=
@@ -304,15 +320,17 @@ github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0X
 github.com/fsnotify/fsevents v0.1.1 h1:/125uxJvvoSDDBPen6yUZbil8J9ydKZnnl3TWWmvnkw=
 github.com/fsnotify/fsevents v0.1.1/go.mod h1:+d+hS27T6k5J8CRaPLKFgwKYcpS7GwW3Ule9+SC2ZRc=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
 github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
 github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
 github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-critic/go-critic v0.8.1 h1:16omCF1gN3gTzt4j4J6fKI/HnRojhEp+Eks6EuKw3vw=
-github.com/go-critic/go-critic v0.8.1/go.mod h1:kpzXl09SIJX1cr9TB/g/sAG+eFEl7ZS9f9cqvZtyNl0=
+github.com/ghostiam/protogetter v0.2.3 h1:qdv2pzo3BpLqezwqfGDLZ+nHEYmc5bUpIdsMbBVwMjw=
+github.com/ghostiam/protogetter v0.2.3/go.mod h1:KmNLOsy1v04hKbvZs8EfGI1fk39AgTdRDxWNYPfXVc4=
+github.com/go-critic/go-critic v0.9.0 h1:Pmys9qvU3pSML/3GEQ2Xd9RZ/ip+aXHKILuxczKGV/U=
+github.com/go-critic/go-critic v0.9.0/go.mod h1:5P8tdXL7m/6qnyG6oRAlYLORvoXH0WDypYgAEmagT40=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-git/v5 v5.8.1 h1:Zo79E4p7TRk0xoRgMq0RShiTHGKcKI4+DI6BfJc/Q+A=
@@ -340,7 +358,7 @@ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+
 github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
 github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
+github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-test/deep v1.0.8 h1:TDsG77qcSprGbC6vTN8OuXp5g+J+b5Pcguhf7Zt61VM=
@@ -377,7 +395,7 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -416,18 +434,18 @@ github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9
 github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
 github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe h1:6RGUuS7EGotKx6J5HIP8ZtyMdiDscjMLfRBSPuzVVeo=
 github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe/go.mod h1:gjqyPShc/m8pEMpk0a3SeagVb0kaqvhscv+i9jI5ZhQ=
-github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2 h1:amWTbTGqOZ71ruzrdA+Nx5WA3tV1N0goTspwmKCQvBY=
-github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2/go.mod h1:9wOXstvyDRshQ9LggQuzBCGysxs3b6Uo/1MvYCR2NMs=
-github.com/golangci/golangci-lint v1.53.3 h1:CUcRafczT4t1F+mvdkUm6KuOpxUZTl0yWN/rSU6sSMo=
-github.com/golangci/golangci-lint v1.53.3/go.mod h1:W4Gg3ONq6p3Jl+0s/h9Gr0j7yEgHJWWZO2bHl2tBUXM=
+github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e h1:ULcKCDV1LOZPFxGZaA6TlQbiM3J2GCPnkx/bGF6sX/g=
+github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e/go.mod h1:Pm5KhLPA8gSnQwrQ6ukebRcapGb/BG9iUkdaiCcGHJM=
+github.com/golangci/golangci-lint v1.55.2 h1:yllEIsSJ7MtlDBwDJ9IMBkyEUz2fYE0b5B8IUgO1oP8=
+github.com/golangci/golangci-lint v1.55.2/go.mod h1:H60CZ0fuqoTwlTvnbyjhpZPWp7KmsjwV2yupIMiMXbM=
 github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 h1:MfyDlzVjl1hoaPzPD4Gpb/QgoRfSBR0jdhwGyAWwMSA=
 github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
 github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA=
 github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
-github.com/golangci/misspell v0.4.0 h1:KtVB/hTK4bbL/S6bs64rYyk8adjmh1BygbBiaAiX+a0=
-github.com/golangci/misspell v0.4.0/go.mod h1:W6O/bwV6lGDxUCChm2ykw9NQdd5bYd1Xkjo88UcWyJc=
-github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 h1:DIPQnGy2Gv2FSA4B/hh8Q7xx3B7AIDk3DAMeHclH1vQ=
-github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6/go.mod h1:0AKcRCkMoKvUvlf89F6O7H2LYdhr1zBh736mBItOdRs=
+github.com/golangci/misspell v0.4.1 h1:+y73iSicVy2PqyX7kmUefHusENlrP9YwuHZHPLGQj/g=
+github.com/golangci/misspell v0.4.1/go.mod h1:9mAN1quEo3DlpbaIKKyEvRxK1pwqR9s/Sea1bJCtlNI=
+github.com/golangci/revgrep v0.5.2 h1:EndcWoRhcnfj2NHQ+28hyuXpLMF+dQmCN+YaeeIl4FU=
+github.com/golangci/revgrep v0.5.2/go.mod h1:bjAMA+Sh/QUfTDcHzxfyHxr4xKvllVr/0sCv2e7jJHA=
 github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 h1:zwtduBRr5SSWhqsYNgcuWO2kFlpdOZbP0+yRjmvPGys=
 github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -448,8 +466,9 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v50 v50.2.0/go.mod h1:VBY8FB6yPIjrtKhozXv4FQupxKLS6H4m6xFZlT43q8Q=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -474,8 +493,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
@@ -530,8 +549,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hc-install v0.6.0 h1:fDHnU7JNFNSQebVKYhHZ0va1bC6SrPQ8fpebsvNr2w4=
 github.com/hashicorp/hc-install v0.6.0/go.mod h1:10I912u3nntx9Umo1VAeYPUUuehk0aRQJYpMwbX5wQA=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
+github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
 github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8=
 github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
@@ -562,8 +581,9 @@ github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec h1:qv2VnGeEQHchGaZ/u
 github.com/hinshun/vt10x v0.0.0-20220119200601-820417d04eec/go.mod h1:Q48J4R4DvxnHolD5P8pOtXigYlRuPLGl6moFx3ulM68=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
@@ -575,8 +595,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jgautheron/goconst v1.5.1 h1:HxVbL1MhydKs8R8n/HE5NPvzfaYmQJA3o879lE4+WcM=
-github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jgautheron/goconst v1.6.0 h1:gbMLWKRMkzAc6kYsQL6/TxaoBUg3Jm9LSF/Ih1ADWGA=
+github.com/jgautheron/goconst v1.6.0/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
 github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
 github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs=
 github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
@@ -619,8 +639,8 @@ github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kkHAIKE/contextcheck v1.1.4 h1:B6zAaLhOEEcjvUgIYEqystmnFk1Oemn8bvJhbt0GMb8=
 github.com/kkHAIKE/contextcheck v1.1.4/go.mod h1:1+i/gWqokIa+dm31mqGLZhZJ7Uh44DJGZVmr6QRBNJg=
-github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I=
-github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -636,8 +656,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kulti/thelper v0.6.3 h1:ElhKf+AlItIu+xGnI990no4cE2+XaSu1ULymV2Yulxs=
 github.com/kulti/thelper v0.6.3/go.mod h1:DsqKShOvP40epevkFrvIwkCMNYxMeTNjdWL4dqWHZ6I=
-github.com/kunwardeep/paralleltest v1.0.7 h1:2uCk94js0+nVNQoHZNLBkAR1DQJrVzw6T0RMzJn55dQ=
-github.com/kunwardeep/paralleltest v1.0.7/go.mod h1:2C7s65hONVqY7Q5Efj5aLzRCNLjw2h4eMc9EcypGjcY=
+github.com/kunwardeep/paralleltest v1.0.8 h1:Ul2KsqtzFxTlSU7IP0JusWlLiNqQaloB9vguyjbE558=
+github.com/kunwardeep/paralleltest v1.0.8/go.mod h1:2C7s65hONVqY7Q5Efj5aLzRCNLjw2h4eMc9EcypGjcY=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ymEyhQ=
 github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA=
@@ -650,6 +670,8 @@ github.com/leonklingele/grouper v1.1.1/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7s
 github.com/lib/pq v0.0.0-20150723085316-0dad96c0b94f/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM=
 github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM=
+github.com/macabu/inamedparam v0.1.2 h1:RR5cnayM6Q7cDhQol32DE2BGAPGMnffJ31LFE+UklaU=
+github.com/macabu/inamedparam v0.1.2/go.mod h1:Xg25QvY7IBRl1KLPV9Rbml8JOMZtF/iAkNkmV7eQgjw=
 github.com/magiconair/properties v1.5.3/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
 github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
@@ -683,12 +705,12 @@ github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebG
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.6.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo=
 github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
-github.com/mgechev/revive v1.3.2 h1:Wb8NQKBaALBJ3xrrj4zpwJwqwNA6nDpyJSEQWcCka6U=
-github.com/mgechev/revive v1.3.2/go.mod h1:UCLtc7o5vg5aXCwdUTU1kEBQ1v+YXPAkYDIDXbrs5I0=
+github.com/mgechev/revive v1.3.4 h1:k/tO3XTaWY4DEHal9tWBkkUMJYO/dLDVyMmAQxmIMDc=
+github.com/mgechev/revive v1.3.4/go.mod h1:W+pZCMu9qj8Uhfs1iJMQsEFLRozUfvwFwqVvRbSNLVw=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
@@ -716,8 +738,8 @@ github.com/moby/buildkit v0.12.1 h1:vvMG7EZYCiQZpTtXQkvyeyj7HzT1JHhDWj+/aiGIzLM=
 github.com/moby/buildkit v0.12.1/go.mod h1:adB4y0SxxX8trnrY+oEulb48ODLqPO6pKMF0ppGcCoI=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
-github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
-github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
+github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
+github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
@@ -747,15 +769,13 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U=
 github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
-github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 h1:4kuARK6Y6FxaNu/BnU2OAaLF86eTVhP2hjTB6iMvItA=
-github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nishanths/exhaustive v0.11.0 h1:T3I8nUGhl/Cwu5Z2hfc92l0e04D2GEW6e0l8pzda2l0=
 github.com/nishanths/exhaustive v0.11.0/go.mod h1:RqwDsZ1xY0dNdqHho2z6X+bgzizwbLYOWnZbbl2wLB4=
 github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
 github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
-github.com/nunnatsa/ginkgolinter v0.12.1 h1:vwOqb5Nu05OikTXqhvLdHCGcx5uthIYIl0t79UVrERQ=
-github.com/nunnatsa/ginkgolinter v0.12.1/go.mod h1:AK8Ab1PypVrcGUusuKD8RDcl2KgsIwvNaaxAlyHSzso=
+github.com/nunnatsa/ginkgolinter v0.14.1 h1:khx0CqR5U4ghsscjJ+lZVthp3zjIFytRXPTaQ/TMiyA=
+github.com/nunnatsa/ginkgolinter v0.14.1/go.mod h1:nY0pafUSst7v7F637e7fymaMlQqI9c0Wka2fGsDkzWg=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
@@ -763,44 +783,43 @@ github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
+github.com/onsi/gomega v1.28.1 h1:MijcGUbfYuznzK/5R4CPNoUP/9Xvuo20sXfEm6XxoTA=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
-github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
+github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/runc v1.1.9 h1:XR0VIHTGce5eWPkaPesqTBrhW2yAcaraWfsEalNwQLM=
 github.com/opencontainers/runc v1.1.9/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
+github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
 github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
-github.com/paultyng/go-unifi v1.33.0 h1:m4GejxTXdy5zlFu6/FDwQSe8/8VIadbgGTfnciMUQdY=
-github.com/paultyng/go-unifi v1.33.0/go.mod h1:t1CIy42PeR7IiGsFXh7hwqL/xG3JQu7e4HbhEVr74CU=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/polyfloyd/go-errorlint v1.4.2 h1:CU+O4181IxFDdPH6t/HT7IiDj1I7zxNi1RIUxYwn8d0=
-github.com/polyfloyd/go-errorlint v1.4.2/go.mod h1:k6fU/+fQe38ednoZS51T7gSIGQW1y94d6TkSr35OzH8=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/polyfloyd/go-errorlint v1.4.5 h1:70YWmMy4FgRHehGNOUask3HtSFSOLKgmDn7ryNe7LqI=
+github.com/polyfloyd/go-errorlint v1.4.5/go.mod h1:sIZEbFoDOCnTYYZoVkjc4hTnM459tuWA9H/EkdXwsKk=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
@@ -811,23 +830,23 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -835,10 +854,10 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/quasilyte/go-ruleguard v0.3.19 h1:tfMnabXle/HzOb5Xe9CUZYWXKfkS1KwRmZyPmD9nVcc=
-github.com/quasilyte/go-ruleguard v0.3.19/go.mod h1:lHSn69Scl48I7Gt9cX3VrbsZYvYiBYszZOZW4A+oTEw=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+github.com/quasilyte/go-ruleguard v0.4.0 h1:DyM6r+TKL+xbKB4Nm7Afd1IQh9kEUKQs2pboWGKtvQo=
+github.com/quasilyte/go-ruleguard v0.4.0/go.mod h1:Eu76Z/R8IXtViWUIHkE3p8gdH3/PKk1eh3YGfaEof10=
 github.com/quasilyte/gogrep v0.5.0 h1:eTKODPXbI8ffJMN+W2aE0+oL0z/nh8/5eNdiO34SOAo=
 github.com/quasilyte/gogrep v0.5.0/go.mod h1:Cm9lpz9NZjEoL1tgZ2OgeUKPIxL1meE7eo60Z6Sk+Ng=
 github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl980XxGFEZSS6KlBGIV0diGdySzxATTWoqaU=
@@ -856,18 +875,22 @@ github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNl
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryancurrah/gomodguard v1.3.0 h1:q15RT/pd6UggBXVBuLps8BXRvl5GPBcwVA7BJHMLuTw=
 github.com/ryancurrah/gomodguard v1.3.0/go.mod h1:ggBxb3luypPEzqVtq33ee7YSN35V28XeGnid8dnni50=
-github.com/ryanrolds/sqlclosecheck v0.4.0 h1:i8SX60Rppc1wRuyQjMciLqIzV3xnoHB7/tXbr6RGYNI=
-github.com/ryanrolds/sqlclosecheck v0.4.0/go.mod h1:TBRRjzL31JONc9i4XMinicuo+s+E8yKZ5FN8X3G6CKQ=
+github.com/ryanrolds/sqlclosecheck v0.5.1 h1:dibWW826u0P8jNLsLN+En7+RqWWTYrjCB9fJfSfdyCU=
+github.com/ryanrolds/sqlclosecheck v0.5.1/go.mod h1:2g3dUjoS6AL4huFdv6wn55WpLIDjY7ZgUR4J8HOO/XQ=
+github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9cJvm4SvQ=
+github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
 github.com/sanposhiho/wastedassign/v2 v2.0.7 h1:J+6nrY4VW+gC9xFzUc+XjPD3g3wF3je/NsJFwFK7Uxc=
 github.com/sanposhiho/wastedassign/v2 v2.0.7/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
 github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw=
 github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ=
-github.com/sashamelentyev/usestdlibvars v1.23.0 h1:01h+/2Kd+NblNItNeux0veSL5cBF1jbEOPrEhDzGYq0=
-github.com/sashamelentyev/usestdlibvars v1.23.0/go.mod h1:YPwr/Y1LATzHI93CqoPUN/2BzGQ/6N/cl/KwgR0B/aU=
+github.com/sashamelentyev/usestdlibvars v1.24.0 h1:MKNzmXtGh5N0y74Z/CIaJh4GlB364l0K1RUT08WSWAc=
+github.com/sashamelentyev/usestdlibvars v1.24.0/go.mod h1:9cYkq+gYJ+a5W2RPdhfaSCnTVUC1OQP/bSiiBhq3OZE=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
 github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
-github.com/securego/gosec/v2 v2.16.0 h1:Pi0JKoasQQ3NnoRao/ww/N/XdynIB9NRYYZT5CyOs5U=
-github.com/securego/gosec/v2 v2.16.0/go.mod h1:xvLcVZqUfo4aAQu56TNv7/Ltz6emAOQAEsrZrt7uGlI=
+github.com/securego/gosec/v2 v2.18.2 h1:DkDt3wCiOtAHf1XkiXZBhQ6m6mK/b9T/wD257R3/c+I=
+github.com/securego/gosec/v2 v2.18.2/go.mod h1:xUuqSF6i0So56Y2wwohWAmB07EdBkUN6crbLlHwbyJs=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/serialx/hashring v0.0.0-20200727003509-22c0c7ab6b1b h1:h+3JX2VoWTFuyQEo87pStk/a99dzIO1mM9KxIyLPGTU=
 github.com/serialx/hashring v0.0.0-20200727003509-22c0c7ab6b1b/go.mod h1:/yeG0My1xr/u+HZrFQ1tOQQQQrOawfyMUH13ai5brBc=
@@ -896,28 +919,28 @@ github.com/sivchari/tenv v1.7.1/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl01
 github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM=
 github.com/sonatard/noctx v0.0.2 h1:L7Dz4De2zDQhW8S0t+KUjY0MAQJd6SgVwhzNIc4ok00=
 github.com/sonatard/noctx v0.0.2/go.mod h1:kzFz+CzWSjQ2OzIm46uJZoXuBpa2+0y3T36U18dWqIo=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
 github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0=
 github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spdx/tools-golang v0.5.1 h1:fJg3SVOGG+eIva9ZUBm/hvyA7PIPVFjRxUKe6fdAgwE=
-github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
-github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
+github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY=
+github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
 github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg=
 github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
+github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
 github.com/spf13/cobra v0.0.1/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v0.0.0-20150530192845-be5ff3e4840c/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=
-github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
-github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
+github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
+github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
 github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=
 github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
 github.com/stbenjam/no-sprintf-host-port v0.1.1 h1:tYugd/yrm1O0dV+ThCbaKZh195Dfm07ysF0U6JQXczc=
@@ -929,7 +952,6 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -940,11 +962,10 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
-github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c h1:+aPplBwWcHBo6q9xrfWdMrT9o4kltkmmvpemgIjep/8=
 github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c/go.mod h1:SbErYREK7xXdsRiigaQiQkI9McGRzYMvlKYaP3Nimdk=
 github.com/tdakkota/asciicheck v0.2.0 h1:o8jvnUANo0qXtnslk2d3nMKTFNlOnJjRrNcj0j9qkHM=
@@ -957,8 +978,8 @@ github.com/testcontainers/testcontainers-go v0.23.0 h1:ERYTSikX01QczBLPZpqsETTBO
 github.com/testcontainers/testcontainers-go v0.23.0/go.mod h1:3gzuZfb7T9qfcH2pHpV4RLlWrPjeWNQah6XlYQ32c4I=
 github.com/testcontainers/testcontainers-go/modules/compose v0.23.0 h1:Pc6m9JcfBTxUDTZq9TxtqDZkuZOmO4E9d/I2bQfZeMA=
 github.com/testcontainers/testcontainers-go/modules/compose v0.23.0/go.mod h1:HOs+yV997xwe8A+3Vd8obHuHqRXi1eEqX7n0PpkakSE=
-github.com/tetafro/godot v1.4.11 h1:BVoBIqAf/2QdbFmSwAWnaIqDivZdOV0ZRwEm6jivLKw=
-github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
+github.com/tetafro/godot v1.4.15 h1:QzdIs+XB8q+U1WmQEWKHQbKmCw06QuQM7gLx/dky2RM=
+github.com/tetafro/godot v1.4.15/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio=
 github.com/theupdateframework/notary v0.7.0 h1:QyagRZ7wlSpjT5N2qQAh/pN+DVqgekv4DzbAiAiEL3c=
 github.com/theupdateframework/notary v0.7.0/go.mod h1:c9DRxcmhHmVLDay4/2fUYdISnHqbFDGRSlXPO0AhYWw=
 github.com/tilt-dev/fsnotify v1.4.8-0.20220602155310-fff9c274a375 h1:QB54BJwA6x8QU9nHY3xJSZR2kX9bgpZekRKGkLTmEXA=
@@ -978,13 +999,13 @@ github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea h1:SXhTLE6pb6eld/
 github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea/go.mod h1:WPnis/6cRcDZSUvVmezrxJPkiO87ThFYsoUiMwWNDJk=
 github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 h1:Y/M5lygoNPKwVNLMPXgVfsRT40CSFKXCxuU8LoHySjs=
 github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531/go.mod h1:ulncasL3N9uLrVann0m+CDlJKWsIAP34MPcOJF6VRvc=
-github.com/ultraware/funlen v0.0.3 h1:5ylVWm8wsNwH5aWo9438pwvsK0QiqVuUrt9bn7S/iLA=
-github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
+github.com/ultraware/funlen v0.1.0 h1:BuqclbkY6pO+cvxoq7OsktIXZpgBSkYTQtmwhAK81vI=
+github.com/ultraware/funlen v0.1.0/go.mod h1:XJqmOQja6DpxarLj6Jj1U7JuoS8PvL4nEqDaQhy22p4=
 github.com/ultraware/whitespace v0.0.5 h1:hh+/cpIcopyMYbZNVov9iSxvJU3OYQg78Sfaqzi/CzI=
 github.com/ultraware/whitespace v0.0.5/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/uudashr/gocognit v1.0.6 h1:2Cgi6MweCsdB6kpcVQp7EW4U23iBFQWfTXiWlyp842Y=
-github.com/uudashr/gocognit v1.0.6/go.mod h1:nAIUuVBnYU7pcninia3BHOvQkpQCeO76Uscky5BOwcY=
-github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
+github.com/uudashr/gocognit v1.1.2 h1:l6BAEKJqQH2UpKAPKdMfZf5kE4W/2xk8pfU1OVLvniI=
+github.com/uudashr/gocognit v1.1.2/go.mod h1:aAVdLURqcanke8h3vg35BC++eseDm66Z7KmchI5et4k=
+github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -1002,14 +1023,14 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xen0n/gosmopolitan v1.2.1 h1:3pttnTuFumELBRSh+KQs1zcz4fN6Zy7aB0xlnQSn1Iw=
-github.com/xen0n/gosmopolitan v1.2.1/go.mod h1:JsHq/Brs1o050OOdmzHeOr0N7OtlnKRAGAsElF8xBQA=
+github.com/xen0n/gosmopolitan v1.2.2 h1:/p2KTnMzwRexIW8GlKawsTWOxn7UHA+jCMF/V8HHtvU=
+github.com/xen0n/gosmopolitan v1.2.2/go.mod h1:7XX7Mj61uLYrj0qmeN0zi7XDon9JRAEhYQqAPLVNTeg=
 github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=
 github.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk=
 github.com/yeya24/promlinter v0.2.0 h1:xFKDQ82orCU5jQujdaD8stOHiv8UN68BSdn2a8u8Y3o=
 github.com/yeya24/promlinter v0.2.0/go.mod h1:u54lkmBOZrpEbQQ6gox2zWKKLKu2SGe+2KOiextY+IA=
-github.com/ykadowak/zerologlint v0.1.2 h1:Um4P5RMmelfjQqQJKtE8ZW+dLZrXrENeIzWWKw800U4=
-github.com/ykadowak/zerologlint v0.1.2/go.mod h1:KaUskqF3e/v59oPmdq1U1DnKcuHokl2/K1U4pmIELKg=
+github.com/ykadowak/zerologlint v0.1.3 h1:TLy1dTW3Nuc+YE3bYRPToG1Q9Ej78b5UUN6bjbGdxPE=
+github.com/ykadowak/zerologlint v0.1.3/go.mod h1:KaUskqF3e/v59oPmdq1U1DnKcuHokl2/K1U4pmIELKg=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1021,9 +1042,11 @@ github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc
 github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 h1:DZH5n7L3L8RxKdSyJHZt7WePgwdhHnPhQFdQSJaHF+o=
 github.com/zmap/zlint/v3 v3.5.0 h1:Eh2B5t6VKgVH0DFmTwOqE50POvyDhUaU9T2mJOe1vfQ=
-gitlab.com/bosi/decorder v0.2.3 h1:gX4/RgK16ijY8V+BRQHAySfQAb354T7/xQpDB2n10P0=
-gitlab.com/bosi/decorder v0.2.3/go.mod h1:9K1RB5+VPNQYtXtTDAzd2OEftsZb1oV0IrJrzChSdGE=
-go-simpler.org/assert v0.5.0 h1:+5L/lajuQtzmbtEfh69sr5cRf2/xZzyJhFjoOz/PPqs=
+gitlab.com/bosi/decorder v0.4.1 h1:VdsdfxhstabyhZovHafFw+9eJ6eU0d2CkFNJcZz/NU4=
+gitlab.com/bosi/decorder v0.4.1/go.mod h1:jecSqWUew6Yle1pCr2eLWTensJMmsxHsBwt+PVbkAqA=
+go-simpler.org/assert v0.6.0 h1:QxSrXa4oRuo/1eHMXSBFHKvJIpWABayzKldqZyugG7E=
+go-simpler.org/sloglint v0.1.2 h1:IjdhF8NPxyn0Ckn2+fuIof7ntSnVUAqBFcQRrnG9AiM=
+go-simpler.org/sloglint v0.1.2/go.mod h1:2LL+QImPfTslD5muNPydAEYmpXIj6o/WYcqnJjLi4o4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -1056,19 +1079,17 @@ go.opentelemetry.io/otel/trace v1.16.0/go.mod h1:Yt9vYq1SdNz3xdjZZK7wcXv1qv2pwLk
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
 go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.tmz.dev/musttag v0.7.0 h1:QfytzjTWGXZmChoX0L++7uQN+yRCPfyFm+whsM+lfGc=
-go.tmz.dev/musttag v0.7.0/go.mod h1:oTFPvgOkJmp5kYL02S8+jrH0eLrBIl57rzWeA26zDEM=
+go.tmz.dev/musttag v0.7.2 h1:1J6S9ipDbalBSODNT5jCep8dhZyMr4ttnjQagmGYR5s=
+go.tmz.dev/musttag v0.7.2/go.mod h1:m6q5NiiSKMnQYokefa2xGoyoXnrswCbJ0AWYzf4Zs28=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
-go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -1082,13 +1103,14 @@ golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1099,12 +1121,12 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb h1:mIKbk8weKhSeLH2GmUTrvx8CjkyJmnU1wFmg59CUjFA=
-golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
+golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2 h1:J74nGeMgeFnYQJN59eFwh06jX/V8g0lB7LWpjSLxtgU=
-golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20230307190834-24139beb5833 h1:jWGQJV4niP+CCmFW9ekjA9Zx8vYORzOUH2/Nl5WPuLQ=
+golang.org/x/exp/typeparams v0.0.0-20230307190834-24139beb5833/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1135,8 +1157,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1175,6 +1197,7 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
@@ -1183,8 +1206,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1196,8 +1219,8 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw=
-golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
-golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
+golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
+golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1211,8 +1234,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1280,7 +1303,6 @@ golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1289,8 +1311,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -1301,8 +1323,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1312,14 +1334,15 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1395,8 +1418,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
 golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
 golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.12.0 h1:YW6HUoUmYBpwSgyaGaZq1fHjrBjX1rlpZ54T6mu2kss=
-golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM=
+golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
+golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1426,8 +1449,9 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1467,12 +1491,12 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230814215434-ca7cfce7776a h1:+pp9kgkk8qyqFeQyXoDBFI4U+YYB15cmRkQ3pi6v/h4=
-google.golang.org/genproto v0.0.0-20230814215434-ca7cfce7776a/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4=
-google.golang.org/genproto/googleapis/api v0.0.0-20230814215434-ca7cfce7776a h1:ICnet6R+XBkBfhCeApORkkEZbXfPUIHmqOC+5MdMtaQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20230814215434-ca7cfce7776a/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230814215434-ca7cfce7776a h1:5rTPHLf5eLPfqGvw3fLpEmUpko2Ky91ft14LxGs5BZc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230814215434-ca7cfce7776a/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.0.5/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1493,8 +1517,8 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg=
-google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1555,8 +1579,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.4.3 h1:o/n5/K5gXqk8Gozvs2cnL0F2S1/g1vcGCAx2vETjITw=
-honnef.co/go/tools v0.4.3/go.mod h1:36ZgoUOrqOk1GxwHhyryEkq8FQWkUO2xGuSMhUCcdvA=
+honnef.co/go/tools v0.4.6 h1:oFEHCKeID7to/3autwsWfnuv69j3NsfcXbvJKuIcep8=
+honnef.co/go/tools v0.4.6/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
 k8s.io/api v0.26.7 h1:Lf4iEBEJb5OFNmawtBfSZV/UNi9riSJ0t1qdhyZqI40=
 k8s.io/api v0.26.7/go.mod h1:Vk9bMadzA49UHPmHB//lX7VRCQSXGoVwfLd3Sc1SSXI=
 k8s.io/apimachinery v0.26.7 h1:590jSBwaSHCAFCqltaEogY/zybFlhGsnLteLpuF2wig=
@@ -1584,5 +1608,5 @@ sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMm
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
 sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=

From 74982ee9cf7d84fd00874c365576edb45e556df3 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Wed, 29 Nov 2023 23:14:24 -0500
Subject: [PATCH 11/12] update vendoring

---
 .../github.com/4meepo/tagalign/.golangci.yml  |    3 +-
 vendor/github.com/4meepo/tagalign/README.md   |   69 +-
 vendor/github.com/4meepo/tagalign/options.go  |    9 +
 vendor/github.com/4meepo/tagalign/tagalign.go |  161 +-
 vendor/github.com/Abirdcfly/dupword/README.md |    6 +-
 .../github.com/Abirdcfly/dupword/dupword.go   |   33 +-
 .../errname/pkg/analyzer/analyzer.go          |   17 +-
 .../Antonboom/errname/pkg/analyzer/facts.go   |   12 +-
 .../Antonboom/nilnil/pkg/analyzer/analyzer.go |    2 +-
 .../github.com/Antonboom/testifylint/LICENSE  |   21 +
 .../testifylint/analyzer/analyzer.go          |  175 ++
 .../testifylint/analyzer/checkers_factory.go  |   48 +
 .../testifylint/internal/analysisutil/doc.go  |    9 +
 .../testifylint/internal/analysisutil/file.go |   28 +
 .../internal/analysisutil/format.go           |   34 +
 .../internal/analysisutil/object.go           |   34 +
 .../testifylint/internal/analysisutil/pkg.go  |   19 +
 .../internal/checkers/bool_compare.go         |  223 ++
 .../testifylint/internal/checkers/checker.go  |   59 +
 .../internal/checkers/checkers_registry.go    |  101 +
 .../testifylint/internal/checkers/compares.go |   95 +
 .../internal/checkers/diagnostic.go           |   60 +
 .../testifylint/internal/checkers/empty.go    |  172 ++
 .../internal/checkers/error_is_as.go          |  124 +
 .../internal/checkers/error_nil.go            |  109 +
 .../internal/checkers/expected_actual.go      |  156 +
 .../internal/checkers/float_compare.go        |   63 +
 .../testifylint/internal/checkers/len.go      |   86 +
 .../internal/checkers/require_error.go        |   35 +
 .../internal/checkers/suite_dont_use_pkg.go   |   96 +
 .../checkers/suite_extra_assert_call.go       |   99 +
 .../internal/checkers/suite_thelper.go        |  130 +
 .../testifylint/internal/config/config.go     |   53 +
 .../internal/config/flag_value_types.go       |  105 +
 .../testifylint/internal/testify/const.go     |   13 +
 .../v2/pkg/analyzer/analyzer.go               |  289 --
 .../v2/pkg/analyzer/patterns-list.go          |   68 -
 .../v2/pkg/analyzer/struct-fields.go          |   61 -
 .../go-exhaustruct/{v2 => v3}/LICENSE         |    0
 .../go-exhaustruct/v3/analyzer/analyzer.go    |  268 ++
 .../v3/internal/fields/struct.go              |  124 +
 .../v3/internal/pattern/list.go               |   82 +
 .../Masterminds/sprig/v3/CHANGELOG.md         |   15 +-
 .../github.com/Masterminds/sprig/v3/README.md |    9 +-
 .../go-crypto/openpgp/internal/ecc/x448.go    |    4 +-
 .../openpgp/packet/symmetrically_encrypted.go |    8 +-
 .../packet/symmetrically_encrypted_aead.go    |   35 +-
 .../go-check-sumtype/.goreleaser.yml          |   32 +
 .../alecthomas/go-check-sumtype/COPYING       |    3 +
 .../alecthomas/go-check-sumtype/LICENSE-MIT}  |    4 +-
 .../alecthomas/go-check-sumtype/README.md     |  120 +
 .../alecthomas/go-check-sumtype/UNLICENSE     |   24 +
 .../alecthomas/go-check-sumtype/check.go      |  184 ++
 .../alecthomas/go-check-sumtype/decl.go       |   68 +
 .../alecthomas/go-check-sumtype/def.go        |  157 +
 .../alecthomas/go-check-sumtype/doc.go        |   53 +
 .../alecthomas/go-check-sumtype/run.go        |   26 +
 .../forbidigo/forbidigo/forbidigo.go          |   35 +-
 .../github.com/aws/aws-sdk-go-v2/CHANGELOG.md | 1013 ++++++
 vendor/github.com/aws/aws-sdk-go-v2/Makefile  |    5 +-
 .../aws-sdk-go-v2/aws/go_module_metadata.go   |    2 +-
 .../aws/protocol/query/object.go              |   13 +
 .../aws-sdk-go-v2/aws/protocol/query/value.go |    9 +
 .../aws/retry/retryable_error.go              |   16 +-
 .../aws/signer/internal/v4/headers.go         |    1 +
 .../aws/aws-sdk-go-v2/ci-find-smithy-go.sh    |   20 +-
 .../aws/aws-sdk-go-v2/config/CHANGELOG.md     |   59 +
 .../aws/aws-sdk-go-v2/config/config.go        |   25 +-
 .../aws/aws-sdk-go-v2/config/env_config.go    |   14 +-
 .../config/go_module_metadata.go              |    2 +-
 .../aws/aws-sdk-go-v2/config/load_options.go  |   24 +
 .../aws/aws-sdk-go-v2/config/provider.go      |   20 +
 .../aws/aws-sdk-go-v2/config/resolve.go       |    4 -
 .../aws/aws-sdk-go-v2/config/shared_config.go |   68 +-
 .../aws-sdk-go-v2/credentials/CHANGELOG.md    |   44 +
 .../credentials/go_module_metadata.go         |    2 +-
 .../feature/ec2/imds/CHANGELOG.md             |   20 +
 .../feature/ec2/imds/go_module_metadata.go    |    2 +-
 .../internal/configsources/CHANGELOG.md       |   20 +
 .../configsources/go_module_metadata.go       |    2 +-
 .../endpoints/awsrulesfn/partitions.json      |    7 +
 .../internal/endpoints/v2/CHANGELOG.md        |   20 +
 .../endpoints/v2/go_module_metadata.go        |    2 +-
 .../aws-sdk-go-v2/internal/ini/CHANGELOG.md   |   25 +
 .../internal/ini/go_module_metadata.go        |    2 +-
 .../internal/ini/literal_tokens.go            |  186 +-
 .../internal/ini/number_helper.go             |  152 -
 .../aws-sdk-go-v2/internal/ini/value_util.go  |  161 -
 .../aws/aws-sdk-go-v2/internal/ini/visitor.go |    6 +-
 .../github.com/aws/aws-sdk-go-v2/modman.toml  |    2 +-
 .../internal/presigned-url/CHANGELOG.md       |   20 +
 .../presigned-url/go_module_metadata.go       |    2 +-
 .../aws-sdk-go-v2/service/sso/CHANGELOG.md    |   37 +
 .../aws-sdk-go-v2/service/sso/endpoints.go    |  292 +-
 .../service/sso/go_module_metadata.go         |    2 +-
 .../sso/internal/endpoints/endpoints.go       |   34 +
 .../service/ssooidc/CHANGELOG.md              |   37 +
 .../service/ssooidc/endpoints.go              |  292 +-
 .../service/ssooidc/go_module_metadata.go     |    2 +-
 .../ssooidc/internal/endpoints/endpoints.go   |   34 +
 .../aws-sdk-go-v2/service/sts/CHANGELOG.md    |   29 +
 .../service/sts/go_module_metadata.go         |    2 +-
 vendor/github.com/aws/smithy-go/CHANGELOG.md  |   10 +
 vendor/github.com/aws/smithy-go/README.md     |   15 +
 .../aws/smithy-go/go_module_metadata.go       |    2 +-
 .../http/middleware_header_comment.go         |   81 +
 .../breml/bidichk/pkg/bidichk/bidichk.go      |    2 +-
 .../breml/errchkjson/.goreleaser.yml          |   15 +-
 .../github.com/breml/errchkjson/errchkjson.go |   20 +-
 .../butuzov/ireturn/analyzer/analyzer.go      |   12 +-
 .../analyzer/internal/config/config.go        |    8 +-
 .../butuzov/ireturn/analyzer/std.go           |    6 +
 .../github.com/catenacyber/perfsprint/LICENSE |   21 +
 .../perfsprint/analyzer/analyzer.go           |  333 ++
 .../github.com/ccojocar/zxcvbn-go/.gitignore  |    5 +
 .../ccojocar/zxcvbn-go/.golangci.yml          |   39 +
 .../ccojocar/zxcvbn-go/.goreleaser.yml        |   27 +
 .../zxcvbn-go/LICENSE.txt                     |    0
 vendor/github.com/ccojocar/zxcvbn-go/Makefile |   61 +
 .../zxcvbn-go/README.md                       |    0
 .../zxcvbn-go/adjacency/adjcmartix.go         |   21 +-
 .../zxcvbn-go/data/bindata.go                 |   14 +-
 .../zxcvbn-go/entropy/entropyCalculator.go    |   45 +-
 .../zxcvbn-go/frequency/frequency.go          |    6 +-
 .../zxcvbn-go/match/match.go                  |    8 +-
 .../zxcvbn-go/matching/dateMatchers.go        |   23 +-
 .../zxcvbn-go/matching/dictionaryMatch.go     |    9 +-
 .../zxcvbn-go/matching/leet.go                |   12 +-
 .../zxcvbn-go/matching/matching.go            |   15 +-
 .../zxcvbn-go/matching/repeatMatch.go         |   17 +-
 .../zxcvbn-go/matching/sequenceMatch.go       |   10 +-
 .../zxcvbn-go/matching/spatialMatch.go        |   33 +-
 .../zxcvbn-go/scoring/scoring.go              |   34 +-
 .../zxcvbn-go/utils/math/mathutils.go         |    0
 .../zxcvbn-go/zxcvbn.go                       |    8 +-
 vendor/github.com/chavacava/garif/enums.go    |   41 +
 vendor/github.com/chavacava/garif/models.go   |    4 +-
 .../cloudflare/circl/ecc/goldilocks/twist.go  |    2 +-
 .../cloudflare/circl/internal/sha3/keccakf.go |   12 +-
 .../cloudflare/circl/internal/sha3/sha3.go    |   11 +-
 .../cloudflare/circl/internal/sha3/shake.go   |   40 +
 .../cloudflare/circl/math/primes.go           |   34 +
 .../cloudflare/circl/sign/ed25519/ed25519.go  |    2 +-
 .../daixiang0/gci/pkg/config/config.go        |   13 +-
 .../github.com/daixiang0/gci/pkg/gci/gci.go   |   26 +-
 .../daixiang0/gci/pkg/gci/testdata.go         | 1245 ++++++++
 .../github.com/daixiang0/gci/pkg/io/file.go   |    9 +-
 .../github.com/daixiang0/gci/pkg/io/search.go |   38 +-
 .../daixiang0/gci/pkg/section/prefix.go       |    1 +
 .../gci/pkg/section/standard_list.go          |    8 +-
 .../daixiang0/gci/pkg/utils/constants.go      |    5 +-
 .../distribution/reference/.gitattributes     |    1 +
 .../distribution/reference/.gitignore         |    2 +
 .../distribution/reference/.golangci.yml      |   18 +
 .../distribution/reference/CODE-OF-CONDUCT.md |    5 +
 .../distribution/reference/CONTRIBUTING.md    |  114 +
 .../distribution/reference/GOVERNANCE.md      |  144 +
 .../github.com/distribution/reference/LICENSE |  202 ++
 .../distribution/reference/MAINTAINERS        |   26 +
 .../distribution/reference/Makefile           |   25 +
 .../distribution/reference/README.md          |   30 +
 .../distribution/reference/SECURITY.md        |    7 +
 .../reference/distribution-logo.svg           |    1 +
 .../distribution/reference/helpers.go         |    2 +-
 .../distribution/reference/normalize.go       |  131 +-
 .../distribution/reference/reference.go       |   27 +-
 .../distribution/reference/regexp.go          |  163 +
 .../github.com/distribution/reference/sort.go |   75 +
 .../docker/cli/cli/command/events_utils.go    |   14 +-
 .../docker/cli/cli/command/image/build.go     |    2 +-
 .../cli/command/image/build/dockerignore.go   |    9 +-
 .../docker/cli/cli/command/registry.go        |   11 +-
 .../github.com/docker/cli/cli/hints/hints.go  |   18 +
 .../docker/cli/cli/registry/client/client.go  |    7 +-
 .../cli/cli/registry/client/endpoint.go       |    9 +-
 .../docker/cli/cli/registry/client/fetcher.go |    8 +-
 .../docker/distribution/.golangci.yml         |   10 +-
 .../github.com/docker/distribution/.mailmap   |    3 +
 .../docker/distribution/BUILDING.md           |    2 +-
 .../github.com/docker/distribution/Dockerfile |    8 +-
 .../github.com/docker/distribution/Makefile   |    2 +-
 .../github.com/docker/distribution/blobs.go   |    2 +-
 .../reference/helpers_deprecated.go           |   34 +
 .../reference/normalize_deprecated.go         |   92 +
 .../reference/reference_deprecated.go         |  172 ++
 .../docker/distribution/reference/regexp.go   |  143 -
 .../reference/regexp_deprecated.go            |   50 +
 .../distribution/reference/sort_deprecated.go |   10 +
 .../docker/distribution/registry.go           |    2 +-
 .../registry/api/v2/descriptors.go            |    2 +-
 .../distribution/registry/api/v2/urls.go      |    2 +-
 .../registry/client/blob_writer.go            |    2 +
 .../distribution/registry/client/errors.go    |   51 +-
 .../registry/client/repository.go             |    2 +-
 .../registry/storage/cache/memory/memory.go   |    2 +-
 .../docker/distribution/vendor.conf           |    3 +-
 .../github.com/docker/docker/api/swagger.yaml |    4 +-
 .../docker/docker/api/types/filters/parse.go  |   10 +-
 .../docker/api/types/versions/compare.go      |    8 +-
 .../docker/docker/pkg/archive/diff.go         |   19 +
 .../github.com/fsnotify/fsnotify/.cirrus.yml  |   13 +
 .../github.com/fsnotify/fsnotify/.gitignore   |    1 +
 .../github.com/fsnotify/fsnotify/CHANGELOG.md |   83 +-
 vendor/github.com/fsnotify/fsnotify/README.md |   81 +-
 .../fsnotify/fsnotify/backend_fen.go          |  552 +++-
 .../fsnotify/fsnotify/backend_inotify.go      |  377 ++-
 .../fsnotify/fsnotify/backend_kqueue.go       |  295 +-
 .../fsnotify/fsnotify/backend_other.go        |  205 +-
 .../fsnotify/fsnotify/backend_windows.go      |  247 +-
 .../github.com/fsnotify/fsnotify/fsnotify.go  |   91 +-
 vendor/github.com/fsnotify/fsnotify/mkdoc.zsh |  125 +-
 .../ghostiam/protogetter/.goreleaser.yaml     |   24 +
 .../protogetter}/LICENSE                      |    4 +-
 .../github.com/ghostiam/protogetter/Makefile  |    9 +
 .../github.com/ghostiam/protogetter/README.md |   73 +
 .../ghostiam/protogetter/posfilter.go         |   65 +
 .../ghostiam/protogetter/processor.go         |  234 ++
 .../ghostiam/protogetter/protogetter.go       |  183 ++
 .../go-critic/go-critic/linter/linter.go      |   21 +-
 vendor/github.com/golangci/gofmt/gofmt/doc.go |    8 +-
 .../github.com/golangci/gofmt/gofmt/gofmt.go  |   58 +-
 .../golangci/gofmt/gofmt/golangci.go          |   16 +-
 .../golangci/gofmt/gofmt/internal.go          |    7 +
 .../gofmt/gofmt/internal/diff/diff.go         |  290 +-
 .../gofmt/gofmt/internal/execabs/execabs.go   |   70 -
 .../github.com/golangci/gofmt/gofmt/readme.md |    2 +
 .../golangci/gofmt/gofmt/simplify.go          |   22 +-
 .../golangci/gofmt/goimports/goimports.go     |    2 +-
 .../golangci/gofmt/goimports/golangci.go      |    4 +-
 .../golangci/gofmt/goimports/readme.md        |    1 +
 .../golangci-lint/pkg/commands/executor.go    |    2 +-
 .../golangci-lint/pkg/commands/help.go        |   10 +-
 .../golangci-lint/pkg/commands/linters.go     |   14 +-
 .../golangci-lint/pkg/commands/root.go        |    4 +-
 .../golangci-lint/pkg/config/config.go        |    4 +-
 .../golangci-lint/pkg/config/issues.go        |    2 +-
 .../pkg/config/linters_settings.go            |   97 +-
 .../golangci-lint/pkg/golinters/decorder.go   |    8 +
 .../golangci-lint/pkg/golinters/dupword.go    |    1 +
 .../pkg/golinters/exhaustruct.go              |    2 +-
 .../golangci-lint/pkg/golinters/funlen.go     |    2 +-
 .../golangci-lint/pkg/golinters/gci.go        |    2 +-
 .../pkg/golinters/ginkgolinter.go             |   14 +-
 .../pkg/golinters/gochecksumtype.go           |   80 +
 .../pkg/golinters/gofmt_common.go             |   10 +
 .../golangci-lint/pkg/golinters/govet.go      |   14 +-
 .../pkg/golinters/inamedparam.go              |   19 +
 .../pkg/golinters/paralleltest.go             |    5 +-
 .../golangci-lint/pkg/golinters/perfsprint.go |   19 +
 .../pkg/golinters/protogetter.go              |   59 +
 .../golangci-lint/pkg/golinters/revive.go     |    8 +-
 .../golangci-lint/pkg/golinters/sloglint.go   |   27 +
 .../golangci-lint/pkg/golinters/tagalign.go   |    5 +
 .../pkg/golinters/testifylint.go              |   36 +
 .../golangci-lint/pkg/golinters/unused.go     |   56 +-
 .../golangci-lint/pkg/lint/linter/config.go   |    8 +-
 .../pkg/lint/lintersdb/custom_linters.go      |  131 +
 .../pkg/lint/lintersdb/enabled_set.go         |   20 +-
 .../pkg/lint/lintersdb/manager.go             |  181 +-
 .../golangci-lint/pkg/logutils/logutils.go    |    2 +-
 .../golangci-lint/pkg/printers/github.go      |    8 +-
 .../golangci/misspell/.golangci.yml           |   11 +-
 .../github.com/golangci/misspell/Dockerfile   |    5 +-
 vendor/github.com/golangci/misspell/Makefile  |   15 +-
 vendor/github.com/golangci/misspell/case.go   |    6 +-
 .../golangci/misspell/goreleaser.yml          |    3 +-
 .../golangci/misspell/install-misspell.sh     |   11 +-
 .../github.com/golangci/misspell/replace.go   |    3 +-
 .../github.com/golangci/revgrep/.golangci.yml |   19 +-
 vendor/github.com/golangci/revgrep/revgrep.go |  121 +-
 .../github.com/google/go-cmp/cmp/compare.go   |   38 +-
 .../cmp/{export_unsafe.go => export.go}       |    5 -
 .../google/go-cmp/cmp/export_panic.go         |   16 -
 .../value/{pointer_unsafe.go => pointer.go}   |    3 -
 .../cmp/internal/value/pointer_purego.go      |   34 -
 .../github.com/google/go-cmp/cmp/options.go   |   84 +-
 vendor/github.com/google/go-cmp/cmp/path.go   |   46 +-
 .../google/go-cmp/cmp/report_reflect.go       |    2 +-
 vendor/github.com/google/uuid/.travis.yml     |    9 -
 vendor/github.com/google/uuid/CHANGELOG.md    |   21 +
 vendor/github.com/google/uuid/CONTRIBUTING.md |   16 +
 vendor/github.com/google/uuid/README.md       |   10 +-
 vendor/github.com/google/uuid/node_js.go      |    2 +-
 vendor/github.com/google/uuid/uuid.go         |   36 +-
 vendor/github.com/hashicorp/hcl/decoder.go    |   46 +-
 .../github.com/hashicorp/hcl/hcl/ast/ast.go   |   15 +-
 vendor/github.com/huandu/xstrings/.travis.yml |    7 -
 vendor/github.com/huandu/xstrings/README.md   |  182 +-
 vendor/github.com/huandu/xstrings/convert.go  |    2 +-
 .../github.com/jgautheron/goconst/.gitignore  |    2 +
 .../github.com/jgautheron/goconst/parser.go   |    6 +-
 .../github.com/jgautheron/goconst/visitor.go  |    4 -
 .../klauspost/compress/.goreleaser.yml        |   20 +-
 .../github.com/klauspost/compress/README.md   |   19 +
 .../klauspost/compress/fse/bitwriter.go       |    3 +-
 .../klauspost/compress/fse/compress.go        |    3 +-
 .../klauspost/compress/huff0/bitwriter.go     |    3 +-
 .../klauspost/compress/huff0/compress.go      |   20 +-
 .../klauspost/compress/zstd/bitreader.go      |   34 +-
 .../klauspost/compress/zstd/bitwriter.go      |    3 +-
 .../klauspost/compress/zstd/blockenc.go       |   29 +-
 .../klauspost/compress/zstd/dict.go           |  379 ++-
 .../klauspost/compress/zstd/enc_best.go       |   11 +-
 .../klauspost/compress/zstd/encoder.go        |   13 +-
 .../klauspost/compress/zstd/frameenc.go       |    4 +-
 .../klauspost/compress/zstd/seqdec.go         |   17 +-
 .../klauspost/compress/zstd/seqdec_amd64.s    |  128 +-
 .../klauspost/compress/zstd/seqdec_generic.go |    2 +-
 .../klauspost/compress/zstd/snappy.go         |    5 +-
 .../pkg/paralleltest/paralleltest.go          |   47 +-
 .../github.com/macabu/inamedparam/.gitignore  |   21 +
 .../github.com/macabu/inamedparam/LICENSE-MIT |   21 +
 .../github.com/macabu/inamedparam/README.md   |   18 +
 .../macabu/inamedparam/inamedparam.go         |   67 +
 .../{ => v2}/LICENSE                          |    0
 .../{ => v2}/NOTICE                           |    0
 .../{ => v2}/pbutil/.gitignore                |    0
 .../{ => v2}/pbutil/Makefile                  |    0
 .../{ => v2}/pbutil/decode.go                 |   16 +-
 .../{ => v2}/pbutil/doc.go                    |    0
 .../{ => v2}/pbutil/encode.go                 |    5 +-
 .../mgechev/revive/config/config.go           |   14 +-
 .../mgechev/revive/formatter/sarif.go         |    2 +-
 .../mgechev/revive/internal/ifelse/args.go    |   11 +
 .../mgechev/revive/internal/ifelse/branch.go  |   93 +
 .../revive/internal/ifelse/branch_kind.go     |  101 +
 .../mgechev/revive/internal/ifelse/chain.go   |   10 +
 .../mgechev/revive/internal/ifelse/doc.go     |    6 +
 .../mgechev/revive/internal/ifelse/func.go    |   51 +
 .../mgechev/revive/internal/ifelse/rule.go    |  105 +
 .../mgechev/revive/internal/ifelse/target.go  |   25 +
 .../github.com/mgechev/revive/lint/config.go  |   28 +
 vendor/github.com/mgechev/revive/lint/file.go |    3 +
 .../mgechev/revive/lint/filefilter.go         |  128 +
 .../mgechev/revive/rule/argument-limit.go     |    9 +-
 .../mgechev/revive/rule/banned-characters.go  |    4 +-
 .../revive/rule/cognitive-complexity.go       |   10 +-
 .../mgechev/revive/rule/confusing-naming.go   |   11 +-
 .../mgechev/revive/rule/cyclomatic.go         |    9 +-
 .../github.com/mgechev/revive/rule/defer.go   |   15 +-
 .../mgechev/revive/rule/dot-imports.go        |    5 +-
 .../mgechev/revive/rule/early-return.go       |  165 +-
 .../mgechev/revive/rule/enforce-map-style.go  |  164 +
 .../mgechev/revive/rule/file-header.go        |   13 +-
 .../mgechev/revive/rule/function-length.go    |    9 +-
 .../revive/rule/function-result-limit.go      |   10 +-
 .../revive/rule/import-alias-naming.go        |   79 +
 .../mgechev/revive/rule/import-shadowing.go   |   11 +-
 .../mgechev/revive/rule/imports-blacklist.go  |    4 -
 .../mgechev/revive/rule/indent-error-flow.go  |   79 +-
 .../mgechev/revive/rule/line-length-limit.go  |    9 +-
 .../mgechev/revive/rule/max-public-structs.go |    9 +-
 .../revive/rule/redundant-import-alias.go     |   52 +
 .../mgechev/revive/rule/string-format.go      |   10 +-
 .../mgechev/revive/rule/superfluous-else.go   |  110 +-
 .../mgechev/revive/rule/time-equal.go         |    4 +-
 .../revive/rule/unchecked-type-assertion.go   |  194 ++
 .../mgechev/revive/rule/unused-param.go       |   67 +-
 .../mgechev/revive/rule/unused-receiver.go    |   66 +-
 .../mgechev/revive/rule/var-naming.go         |  111 +-
 .../patternmatcher/ignorefile/ignorefile.go   |   73 +
 .../github.com/nbutton23/zxcvbn-go/.gitignore |    2 -
 .../github.com/nbutton23/zxcvbn-go/Makefile   |   15 -
 .../nunnatsa/ginkgolinter/.golangci.yml       |    3 +
 .../nunnatsa/ginkgolinter/README.md           |  246 +-
 .../nunnatsa/ginkgolinter/ginkgo_linter.go    |  272 +-
 .../ginkgolinter/ginkgohandler/handler.go     |   97 +
 .../ginkgolinter/gomegahandler/handler.go     |    9 +-
 .../nunnatsa/ginkgolinter/types/config.go     |   53 +-
 .../go-digest}/digestset/set.go               |   15 +
 .../image-spec/specs-go/v1/descriptor.go      |    2 +-
 .../image-spec/specs-go/v1/layout.go          |    6 +-
 .../image-spec/specs-go/version.go            |    2 +-
 .../paultyng/go-unifi/unifi/ap_group.go       |    2 +-
 .../go-unifi/unifi/device.generated.go        |  176 +-
 .../paultyng/go-unifi/unifi/device.go         |    1 -
 .../paultyng/go-unifi/unifi/firewall_rule.go  |   24 +
 .../go-unifi/unifi/network.generated.go       |  464 +--
 .../go-unifi/unifi/port_profile.generated.go  |   73 +-
 .../go-unifi/unifi/setting_doh.generated.go   |   88 +
 .../unifi/setting_guest_access.generated.go   |   22 +-
 .../go-unifi/unifi/setting_ips.generated.go   |   26 +-
 .../unifi/setting_radio_ai.generated.go       |    2 +-
 .../unifi/setting_super_mgmt.generated.go     |    1 -
 .../paultyng/go-unifi/unifi/sites.go          |    3 +-
 .../paultyng/go-unifi/unifi/unifi.go          |    4 +-
 .../paultyng/go-unifi/unifi/user.go           |    4 +-
 .../go-unifi/unifi/version.generated.go       |    2 +-
 .../paultyng/go-unifi/unifi/wlan.generated.go |   25 +
 .../pelletier/go-toml/v2/.goreleaser.yaml     |    3 +
 .../github.com/pelletier/go-toml/v2/LICENSE   |    3 +-
 .../github.com/pelletier/go-toml/v2/README.md |   46 +-
 vendor/github.com/pelletier/go-toml/v2/ci.sh  |    3 +-
 .../github.com/pelletier/go-toml/v2/decode.go |    2 +-
 .../pelletier/go-toml/v2/marshaler.go         |   66 +-
 .../pelletier/go-toml/v2/unmarshaler.go       |   91 +-
 .../pelletier/go-toml/v2/unstable/ast.go      |    2 +-
 .../pelletier/go-toml/v2/unstable/parser.go   |  140 +-
 .../pelletier/go-toml/v2/unstable/scanner.go  |    1 -
 .../go-errorlint/errorlint/allowed.go         |   81 +-
 .../go-errorlint/errorlint/analysis.go        |   18 +-
 .../polyfloyd/go-errorlint/errorlint/lint.go  |   34 +-
 .../client_golang/prometheus/counter.go       |   26 +-
 .../client_golang/prometheus/desc.go          |   28 +-
 .../prometheus/expvar_collector.go            |    2 +-
 .../client_golang/prometheus/gauge.go         |    8 +-
 .../client_golang/prometheus/histogram.go     |  118 +-
 .../prometheus/internal/difflib.go            |    2 +-
 .../client_golang/prometheus/labels.go        |   58 +-
 .../client_golang/prometheus/metric.go        |    3 +
 .../prometheus/promhttp/instrument_server.go  |    9 +-
 .../client_golang/prometheus/registry.go      |    6 +-
 .../client_golang/prometheus/summary.go       |   41 +-
 .../client_golang/prometheus/value.go         |   55 +-
 .../client_golang/prometheus/vec.go           |  106 +-
 .../prometheus/client_model/go/metrics.pb.go  |  350 ++-
 .../prometheus/common/expfmt/decode.go        |    2 +-
 .../prometheus/common/expfmt/encode.go        |    2 +-
 .../prometheus/procfs/Makefile.common         |    2 +-
 .../prometheus/procfs/fs_statfs_notype.go     |    4 +-
 .../prometheus/procfs/fs_statfs_type.go       |    4 +-
 .../prometheus/procfs/mountstats.go           |   83 +-
 .../prometheus/procfs/proc_fdinfo.go          |    8 +-
 .../github.com/prometheus/procfs/proc_maps.go |   20 +-
 .../prometheus/procfs/proc_status.go          |   21 +-
 .../go-ruleguard/internal/goenv/goenv.go      |   36 +-
 .../go-ruleguard/ruleguard/engine.go          |    3 +-
 .../ruleguard/ir/gen_filter_op.go             |    4 +-
 .../go-ruleguard/ruleguard/ir_loader.go       |    4 +-
 .../ruleguard/quasigo/gen_opcodes.go          |    4 +-
 .../go-ruleguard/ruleguard/runner.go          |    4 +-
 .../sqlclosecheck/pkg/analyzer/analyzer.go    |  150 +-
 .../sagikazarmark/locafero/.editorconfig      |   21 +
 .../github.com/sagikazarmark/locafero/.envrc  |    4 +
 .../sagikazarmark/locafero/.gitignore         |    8 +
 .../sagikazarmark/locafero/.golangci.yaml     |   27 +
 .../github.com/sagikazarmark/locafero/LICENSE |   19 +
 .../sagikazarmark/locafero/README.md          |   37 +
 .../sagikazarmark/locafero/file_type.go       |   28 +
 .../sagikazarmark/locafero/finder.go          |  165 +
 .../sagikazarmark/locafero/flake.lock         |  273 ++
 .../sagikazarmark/locafero/flake.nix          |   47 +
 .../sagikazarmark/locafero/helpers.go         |   41 +
 .../sagikazarmark/locafero/justfile           |   11 +
 .../sagikazarmark/slog-shim/.editorconfig     |   18 +
 .../github.com/sagikazarmark/slog-shim/.envrc |    4 +
 .../sagikazarmark/slog-shim/.gitignore        |    4 +
 .../sagikazarmark/slog-shim/LICENSE           |   27 +
 .../sagikazarmark/slog-shim/README.md         |   81 +
 .../sagikazarmark/slog-shim/attr.go           |   74 +
 .../sagikazarmark/slog-shim/attr_120.go       |   75 +
 .../sagikazarmark/slog-shim/flake.lock        |  273 ++
 .../sagikazarmark/slog-shim/flake.nix         |   57 +
 .../sagikazarmark/slog-shim/handler.go        |   45 +
 .../sagikazarmark/slog-shim/handler_120.go    |   45 +
 .../sagikazarmark/slog-shim/json_handler.go   |   23 +
 .../slog-shim/json_handler_120.go             |   24 +
 .../sagikazarmark/slog-shim/level.go          |   61 +
 .../sagikazarmark/slog-shim/level_120.go      |   61 +
 .../sagikazarmark/slog-shim/logger.go         |   98 +
 .../sagikazarmark/slog-shim/logger_120.go     |   99 +
 .../sagikazarmark/slog-shim/record.go         |   31 +
 .../sagikazarmark/slog-shim/record_120.go     |   32 +
 .../sagikazarmark/slog-shim/text_handler.go   |   23 +
 .../slog-shim/text_handler_120.go             |   24 +
 .../sagikazarmark/slog-shim/value.go          |  109 +
 .../sagikazarmark/slog-shim/value_120.go      |  110 +
 .../pkg/analyzer/internal/mapping/mapping.go  |    3 +
 .../securego/gosec/v2/.golangci.yml           |    6 +-
 vendor/github.com/securego/gosec/v2/Makefile  |   12 +-
 vendor/github.com/securego/gosec/v2/README.md |   40 +-
 vendor/github.com/securego/gosec/v2/USERS.md  |    1 +
 .../github.com/securego/gosec/v2/action.yml   |    2 +-
 .../github.com/securego/gosec/v2/analyzer.go  |  222 +-
 .../gosec/v2/analyzers/slice_bounds.go        |  386 +++
 .../securego/gosec/v2/analyzers/ssrf.go       |   57 -
 .../securego/gosec/v2/analyzers/util.go       |    6 +-
 vendor/github.com/securego/gosec/v2/config.go |    5 +
 .../github.com/securego/gosec/v2/cwe/data.go  |  241 +-
 .../github.com/securego/gosec/v2/helpers.go   |   58 +-
 .../securego/gosec/v2/issue/issue.go          |   17 +-
 vendor/github.com/securego/gosec/v2/rule.go   |    2 +-
 .../securego/gosec/v2/rules/fileperms.go      |   46 +
 .../gosec/v2/rules/hardcoded_credentials.go   |  218 +-
 .../gosec/v2/rules/implicit_aliasing.go       |   28 +-
 .../securego/gosec/v2/rules/rulelist.go       |    1 +
 .../github.com/securego/gosec/v2/rules/sql.go |   51 +-
 .../securego/gosec/v2/rules/subproc.go        |    2 +-
 .../securego/gosec/v2/rules/unsafe.go         |    2 +-
 .../github.com/sourcegraph/conc/.golangci.yml |   11 +
 vendor/github.com/sourcegraph/conc/LICENSE    |   21 +
 vendor/github.com/sourcegraph/conc/README.md  |  464 +++
 .../internal/multierror/multierror_go119.go   |   10 +
 .../internal/multierror/multierror_go120.go   |   10 +
 .../github.com/sourcegraph/conc/iter/iter.go  |   85 +
 .../github.com/sourcegraph/conc/iter/map.go   |   65 +
 .../sourcegraph/conc/panics/panics.go         |  102 +
 .../github.com/sourcegraph/conc/panics/try.go |   11 +
 .../github.com/sourcegraph/conc/waitgroup.go  |   52 +
 vendor/github.com/spf13/afero/afero.go        |    2 +-
 vendor/github.com/spf13/afero/basepath.go     |    1 -
 vendor/github.com/spf13/afero/const_bsds.go   |    4 +-
 .../github.com/spf13/afero/const_win_unix.go  |    4 +-
 .../github.com/spf13/afero/copyOnWriteFs.go   |    9 +-
 vendor/github.com/spf13/afero/ioutil.go       |   11 +-
 vendor/github.com/spf13/afero/mem/file.go     |    7 +-
 vendor/github.com/spf13/afero/memmap.go       |   68 +-
 vendor/github.com/spf13/afero/regexpfs.go     |    1 -
 vendor/github.com/spf13/afero/symlink.go      |    6 +-
 vendor/github.com/spf13/afero/unionFile.go    |    7 +-
 vendor/github.com/spf13/afero/util.go         |    7 +-
 vendor/github.com/spf13/cast/README.md        |   12 +-
 vendor/github.com/spf13/cast/caste.go         |   32 +-
 vendor/github.com/spf13/cobra/.golangci.yml   |    8 +-
 vendor/github.com/spf13/cobra/README.md       |    8 +-
 vendor/github.com/spf13/cobra/active_help.go  |   10 +-
 vendor/github.com/spf13/cobra/active_help.md  |  157 -
 .../spf13/cobra/bash_completions.go           |    2 +-
 .../spf13/cobra/bash_completions.md           |   93 -
 .../spf13/cobra/bash_completionsV2.go         |    2 +-
 vendor/github.com/spf13/cobra/cobra.go        |   13 +-
 vendor/github.com/spf13/cobra/command.go      |   69 +-
 vendor/github.com/spf13/cobra/completions.go  |   29 +-
 .../spf13/cobra/fish_completions.go           |    2 +-
 .../spf13/cobra/fish_completions.md           |    4 -
 vendor/github.com/spf13/cobra/flag_groups.go  |   68 +-
 .../spf13/cobra/powershell_completions.go     |    6 +-
 .../spf13/cobra/powershell_completions.md     |    3 -
 .../spf13/cobra/projects_using_cobra.md       |   64 -
 .../spf13/cobra/shell_completions.md          |  576 ----
 vendor/github.com/spf13/cobra/user_guide.md   |  726 -----
 .../github.com/spf13/cobra/zsh_completions.md |   48 -
 .../spf13/jwalterweatherman/.gitignore        |   24 -
 .../spf13/jwalterweatherman/README.md         |  148 -
 .../jwalterweatherman/default_notepad.go      |  111 -
 .../spf13/jwalterweatherman/log_counter.go    |   46 -
 .../spf13/jwalterweatherman/notepad.go        |  225 --
 vendor/github.com/spf13/viper/.editorconfig   |    3 +
 vendor/github.com/spf13/viper/.envrc          |    4 +
 vendor/github.com/spf13/viper/.gitignore      |    3 +
 vendor/github.com/spf13/viper/.golangci.yaml  |    8 +-
 vendor/github.com/spf13/viper/.yamlignore     |    2 +
 vendor/github.com/spf13/viper/.yamllint.yaml  |    6 +
 vendor/github.com/spf13/viper/Makefile        |   47 +-
 vendor/github.com/spf13/viper/README.md       |   64 +-
 .../spf13/viper/experimental_logger.go        |   11 -
 vendor/github.com/spf13/viper/flags.go        |    2 +-
 vendor/github.com/spf13/viper/flake.lock      |  255 ++
 vendor/github.com/spf13/viper/flake.nix       |   56 +
 vendor/github.com/spf13/viper/fs.go           |   65 -
 .../spf13/viper/internal/encoding/decoder.go  |    6 +-
 .../viper/internal/encoding/dotenv/codec.go   |    6 +-
 .../internal/encoding/dotenv/map_utils.go     |   16 +-
 .../spf13/viper/internal/encoding/encoder.go  |    6 +-
 .../viper/internal/encoding/hcl/codec.go      |    4 +-
 .../viper/internal/encoding/ini/codec.go      |    6 +-
 .../viper/internal/encoding/ini/map_utils.go  |   24 +-
 .../internal/encoding/javaproperties/codec.go |    6 +-
 .../encoding/javaproperties/map_utils.go      |   24 +-
 .../viper/internal/encoding/json/codec.go     |    4 +-
 .../viper/internal/encoding/toml/codec.go     |    4 +-
 .../viper/internal/encoding/yaml/codec.go     |    4 +-
 vendor/github.com/spf13/viper/logger.go       |   57 +-
 vendor/github.com/spf13/viper/util.go         |   50 +-
 vendor/github.com/spf13/viper/viper.go        |  290 +-
 vendor/github.com/spf13/viper/viper_go1_15.go |    3 +-
 vendor/github.com/spf13/viper/viper_go1_16.go |   28 +-
 vendor/github.com/spf13/viper/watch.go        |    1 -
 .../spf13/viper/watch_unsupported.go          |    1 -
 .../github.com/subosito/gotenv/CHANGELOG.md   |   37 +
 vendor/github.com/subosito/gotenv/gotenv.go   |   50 +-
 vendor/github.com/tetafro/godot/.golangci.yml |    3 +-
 vendor/github.com/tetafro/godot/README.md     |    4 +-
 vendor/github.com/tetafro/godot/checks.go     |    3 +
 vendor/github.com/tetafro/godot/getters.go    |   10 +-
 vendor/github.com/tetafro/godot/godot.go      |    7 +-
 vendor/github.com/ultraware/funlen/README.md  |   42 +-
 vendor/github.com/ultraware/funlen/main.go    |   28 +-
 vendor/github.com/uudashr/gocognit/README.md  |   56 +-
 .../github.com/uudashr/gocognit/gocognit.go   |   62 +-
 .../github.com/xen0n/gosmopolitan/README.md   |   77 +-
 .../xen0n/gosmopolitan/README.zh-Hans.md      |   64 +-
 .../github.com/ykadowak/zerologlint/README.md |   12 +
 .../ykadowak/zerologlint/zerologlint.go       |  102 +-
 vendor/gitlab.com/bosi/decorder/.gitignore    |    2 +-
 .../gitlab.com/bosi/decorder/.gitlab-ci.yml   |   10 +-
 vendor/gitlab.com/bosi/decorder/README.md     |   22 +-
 vendor/gitlab.com/bosi/decorder/analyzer.go   |   87 +-
 vendor/gitlab.com/bosi/decorder/renovate.json |   26 +-
 vendor/go-simpler.org/sloglint/.golangci.yml  |   22 +
 .../go-simpler.org/sloglint/.goreleaser.yml   |   18 +
 vendor/go-simpler.org/sloglint/LICENSE        |  373 +++
 vendor/go-simpler.org/sloglint/README.md      |  102 +
 vendor/go-simpler.org/sloglint/sloglint.go    |  226 ++
 vendor/go.tmz.dev/musttag/musttag.go          |   57 +-
 vendor/go.tmz.dev/musttag/utils.go            |   62 +-
 vendor/go.uber.org/atomic/.codecov.yml        |   19 -
 vendor/go.uber.org/atomic/.gitignore          |   15 -
 vendor/go.uber.org/atomic/CHANGELOG.md        |  117 -
 vendor/go.uber.org/atomic/Makefile            |   79 -
 vendor/go.uber.org/atomic/README.md           |   63 -
 vendor/go.uber.org/atomic/bool.go             |   88 -
 vendor/go.uber.org/atomic/doc.go              |   23 -
 vendor/go.uber.org/atomic/duration.go         |   89 -
 vendor/go.uber.org/atomic/duration_ext.go     |   40 -
 vendor/go.uber.org/atomic/error.go            |   62 -
 vendor/go.uber.org/atomic/float32.go          |   77 -
 vendor/go.uber.org/atomic/float32_ext.go      |   76 -
 vendor/go.uber.org/atomic/float64.go          |   77 -
 vendor/go.uber.org/atomic/float64_ext.go      |   76 -
 vendor/go.uber.org/atomic/gen.go              |   27 -
 vendor/go.uber.org/atomic/int32.go            |  109 -
 vendor/go.uber.org/atomic/int64.go            |  109 -
 vendor/go.uber.org/atomic/nocmp.go            |   35 -
 vendor/go.uber.org/atomic/pointer_go118.go    |   60 -
 vendor/go.uber.org/atomic/pointer_go119.go    |   61 -
 vendor/go.uber.org/atomic/string.go           |   65 -
 vendor/go.uber.org/atomic/string_ext.go       |   43 -
 vendor/go.uber.org/atomic/time_ext.go         |   36 -
 vendor/go.uber.org/atomic/uint32.go           |  109 -
 vendor/go.uber.org/atomic/uint64.go           |  109 -
 vendor/go.uber.org/atomic/uintptr.go          |  109 -
 vendor/go.uber.org/atomic/unsafe_pointer.go   |   65 -
 vendor/go.uber.org/atomic/value.go            |   31 -
 vendor/go.uber.org/multierr/CHANGELOG.md      |   15 +
 vendor/go.uber.org/multierr/README.md         |   22 +-
 vendor/go.uber.org/multierr/error.go          |   63 +-
 .../error_post_go120.go}                      |   35 +-
 .../go.uber.org/multierr/error_pre_go120.go   |   79 +
 vendor/go.uber.org/multierr/glide.yaml        |    8 -
 vendor/go.uber.org/zap/.golangci.yml          |   77 +
 vendor/go.uber.org/zap/CHANGELOG.md           |  242 +-
 vendor/go.uber.org/zap/Makefile               |   87 +-
 vendor/go.uber.org/zap/README.md              |   62 +-
 vendor/go.uber.org/zap/array.go               |  127 +
 vendor/go.uber.org/zap/array_go118.go         |  156 -
 vendor/go.uber.org/zap/buffer/buffer.go       |    5 +
 vendor/go.uber.org/zap/buffer/pool.go         |   20 +-
 vendor/go.uber.org/zap/config.go              |   84 +-
 vendor/go.uber.org/zap/error.go               |   14 +-
 vendor/go.uber.org/zap/field.go               |  194 +-
 vendor/go.uber.org/zap/http_handler.go        |   19 +-
 .../go.uber.org/zap/internal/level_enabler.go |    2 +
 .../bool_ext.go => zap/internal/pool/pool.go} |   49 +-
 .../stacktrace/stack.go}                      |   81 +-
 vendor/go.uber.org/zap/level.go               |    9 +-
 vendor/go.uber.org/zap/logger.go              |   48 +-
 vendor/go.uber.org/zap/sink.go                |    5 +-
 vendor/go.uber.org/zap/sugar.go               |   69 +-
 vendor/go.uber.org/zap/writer.go              |   12 +-
 .../zap/zapcore/console_encoder.go            |   14 +-
 vendor/go.uber.org/zap/zapcore/core.go        |    6 +-
 vendor/go.uber.org/zap/zapcore/entry.go       |   22 +-
 vendor/go.uber.org/zap/zapcore/error.go       |   14 +-
 .../go.uber.org/zap/zapcore/json_encoder.go   |  155 +-
 .../time.go => zap/zapcore/lazy_with.go}      |   51 +-
 vendor/go.uber.org/zap/zapcore/sampler.go     |    9 +-
 .../x/crypto/argon2/blamka_amd64.go           |    1 -
 .../golang.org/x/crypto/argon2/blamka_amd64.s |    1 -
 .../golang.org/x/crypto/argon2/blamka_ref.go  |    1 -
 .../x/crypto/blake2b/blake2bAVX2_amd64.go     |    1 -
 .../x/crypto/blake2b/blake2bAVX2_amd64.s      |    1 -
 .../x/crypto/blake2b/blake2b_amd64.go         |    1 -
 .../x/crypto/blake2b/blake2b_amd64.s          |    1 -
 .../x/crypto/blake2b/blake2b_ref.go           |    1 -
 .../golang.org/x/crypto/blake2b/register.go   |    1 -
 .../x/crypto/chacha20/chacha_arm64.go         |    1 -
 .../x/crypto/chacha20/chacha_arm64.s          |    1 -
 .../x/crypto/chacha20/chacha_noasm.go         |    1 -
 .../x/crypto/chacha20/chacha_ppc64le.go       |    1 -
 .../x/crypto/chacha20/chacha_ppc64le.s        |    1 -
 .../x/crypto/chacha20/chacha_s390x.go         |    1 -
 .../x/crypto/chacha20/chacha_s390x.s          |    1 -
 .../curve25519/internal/field/fe_amd64.go     |    1 -
 .../curve25519/internal/field/fe_amd64.s      |    1 -
 .../internal/field/fe_amd64_noasm.go          |    1 -
 .../curve25519/internal/field/fe_arm64.go     |    1 -
 .../curve25519/internal/field/fe_arm64.s      |    1 -
 .../internal/field/fe_arm64_noasm.go          |    1 -
 vendor/golang.org/x/crypto/hkdf/hkdf.go       |    4 +-
 .../x/crypto/internal/alias/alias.go          |    1 -
 .../x/crypto/internal/alias/alias_purego.go   |    1 -
 .../x/crypto/internal/poly1305/bits_compat.go |    1 -
 .../x/crypto/internal/poly1305/bits_go1.13.go |    1 -
 .../x/crypto/internal/poly1305/mac_noasm.go   |    1 -
 .../x/crypto/internal/poly1305/sum_amd64.go   |    1 -
 .../x/crypto/internal/poly1305/sum_amd64.s    |    1 -
 .../x/crypto/internal/poly1305/sum_ppc64le.go |    1 -
 .../x/crypto/internal/poly1305/sum_ppc64le.s  |    1 -
 .../x/crypto/internal/poly1305/sum_s390x.go   |    1 -
 .../x/crypto/internal/poly1305/sum_s390x.s    |    1 -
 .../x/crypto/sha3/hashes_generic.go           |    1 -
 vendor/golang.org/x/crypto/sha3/keccakf.go    |    1 -
 .../golang.org/x/crypto/sha3/keccakf_amd64.go |    1 -
 .../golang.org/x/crypto/sha3/keccakf_amd64.s  |    1 -
 vendor/golang.org/x/crypto/sha3/register.go   |    1 -
 vendor/golang.org/x/crypto/sha3/sha3_s390x.go |    1 -
 vendor/golang.org/x/crypto/sha3/sha3_s390x.s  |    1 -
 .../golang.org/x/crypto/sha3/shake_generic.go |    1 -
 vendor/golang.org/x/crypto/sha3/xor.go        |    1 -
 .../golang.org/x/crypto/sha3/xor_unaligned.go |    2 -
 .../golang.org/x/crypto/ssh/agent/client.go   |   13 +-
 .../golang.org/x/crypto/ssh/agent/server.go   |    2 +-
 vendor/golang.org/x/crypto/ssh/client_auth.go |   20 +-
 vendor/golang.org/x/crypto/ssh/common.go      |   11 +-
 vendor/golang.org/x/crypto/ssh/handshake.go   |    7 +
 vendor/golang.org/x/crypto/ssh/keys.go        |   19 +-
 vendor/golang.org/x/crypto/ssh/server.go      |   25 +-
 vendor/golang.org/x/crypto/ssh/tcpip.go       |   35 +
 vendor/golang.org/x/exp/slog/attr.go          |  102 +
 vendor/golang.org/x/exp/slog/doc.go           |  316 ++
 vendor/golang.org/x/exp/slog/handler.go       |  559 ++++
 .../x/exp/slog/internal/buffer/buffer.go      |   84 +
 .../x/exp/slog/internal/ignorepc.go           |    9 +
 vendor/golang.org/x/exp/slog/json_handler.go  |  336 ++
 vendor/golang.org/x/exp/slog/level.go         |  201 ++
 vendor/golang.org/x/exp/slog/logger.go        |  343 +++
 vendor/golang.org/x/exp/slog/noplog.bench     |   36 +
 vendor/golang.org/x/exp/slog/record.go        |  207 ++
 vendor/golang.org/x/exp/slog/text_handler.go  |  161 +
 vendor/golang.org/x/exp/slog/value.go         |  456 +++
 vendor/golang.org/x/exp/slog/value_119.go     |   53 +
 vendor/golang.org/x/exp/slog/value_120.go     |   39 +
 vendor/golang.org/x/mod/modfile/rule.go       |   16 +-
 vendor/golang.org/x/net/context/context.go    |   56 -
 vendor/golang.org/x/net/context/go17.go       |   73 -
 vendor/golang.org/x/net/context/go19.go       |   21 -
 vendor/golang.org/x/net/context/pre_go17.go   |  301 --
 vendor/golang.org/x/net/context/pre_go19.go   |  110 -
 vendor/golang.org/x/net/http2/databuffer.go   |   59 +-
 vendor/golang.org/x/net/http2/go111.go        |   30 -
 vendor/golang.org/x/net/http2/go115.go        |   27 -
 vendor/golang.org/x/net/http2/go118.go        |   17 -
 vendor/golang.org/x/net/http2/not_go111.go    |   21 -
 vendor/golang.org/x/net/http2/not_go115.go    |   31 -
 vendor/golang.org/x/net/http2/not_go118.go    |   17 -
 vendor/golang.org/x/net/http2/server.go       |   24 +-
 vendor/golang.org/x/net/http2/transport.go    |   33 +-
 vendor/golang.org/x/net/idna/go118.go         |    1 -
 vendor/golang.org/x/net/idna/idna10.0.0.go    |    1 -
 vendor/golang.org/x/net/idna/idna9.0.0.go     |    1 -
 vendor/golang.org/x/net/idna/pre_go118.go     |    1 -
 vendor/golang.org/x/net/idna/tables10.0.0.go  |    1 -
 vendor/golang.org/x/net/idna/tables11.0.0.go  |    1 -
 vendor/golang.org/x/net/idna/tables12.0.0.go  |    1 -
 vendor/golang.org/x/net/idna/tables13.0.0.go  |    1 -
 vendor/golang.org/x/net/idna/tables15.0.0.go  |    1 -
 vendor/golang.org/x/net/idna/tables9.0.0.go   |    1 -
 vendor/golang.org/x/net/idna/trie12.0.0.go    |    1 -
 vendor/golang.org/x/net/idna/trie13.0.0.go    |    1 -
 vendor/golang.org/x/oauth2/deviceauth.go      |  198 ++
 vendor/golang.org/x/oauth2/internal/token.go  |   70 +-
 vendor/golang.org/x/oauth2/oauth2.go          |   33 +-
 vendor/golang.org/x/oauth2/pkce.go            |   68 +
 vendor/golang.org/x/oauth2/token.go           |    2 +-
 vendor/golang.org/x/sync/errgroup/go120.go    |    1 -
 .../golang.org/x/sync/errgroup/pre_go120.go   |    1 -
 vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s   |    1 -
 vendor/golang.org/x/sys/cpu/cpu_aix.go        |    1 -
 vendor/golang.org/x/sys/cpu/cpu_arm64.s       |    1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go   |    1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go   |    1 -
 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go     |    2 -
 .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go   |    1 -
 .../golang.org/x/sys/cpu/cpu_gccgo_s390x.go   |    1 -
 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c   |    2 -
 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go  |    2 -
 vendor/golang.org/x/sys/cpu/cpu_linux.go      |    1 -
 .../golang.org/x/sys/cpu/cpu_linux_mips64x.go |    2 -
 .../golang.org/x/sys/cpu/cpu_linux_noinit.go  |    1 -
 .../golang.org/x/sys/cpu/cpu_linux_ppc64x.go  |    2 -
 vendor/golang.org/x/sys/cpu/cpu_loong64.go    |    1 -
 vendor/golang.org/x/sys/cpu/cpu_mips64x.go    |    1 -
 vendor/golang.org/x/sys/cpu/cpu_mipsx.go      |    1 -
 vendor/golang.org/x/sys/cpu/cpu_other_arm.go  |    1 -
 .../golang.org/x/sys/cpu/cpu_other_arm64.go   |    1 -
 .../golang.org/x/sys/cpu/cpu_other_mips64x.go |    2 -
 .../golang.org/x/sys/cpu/cpu_other_ppc64x.go  |    3 -
 .../golang.org/x/sys/cpu/cpu_other_riscv64.go |    1 -
 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go     |    1 -
 vendor/golang.org/x/sys/cpu/cpu_riscv64.go    |    1 -
 vendor/golang.org/x/sys/cpu/cpu_s390x.s       |    1 -
 vendor/golang.org/x/sys/cpu/cpu_wasm.go       |    1 -
 vendor/golang.org/x/sys/cpu/cpu_x86.go        |    1 -
 vendor/golang.org/x/sys/cpu/cpu_x86.s         |    2 -
 vendor/golang.org/x/sys/cpu/endian_big.go     |    1 -
 vendor/golang.org/x/sys/cpu/endian_little.go  |    1 -
 .../x/sys/cpu/proc_cpuinfo_linux.go           |    1 -
 .../x/sys/cpu/runtime_auxv_go121.go           |    1 -
 .../golang.org/x/sys/cpu/syscall_aix_gccgo.go |    1 -
 .../x/sys/cpu/syscall_aix_ppc64_gc.go         |    1 -
 .../golang.org/x/sys/execabs/execabs_go118.go |    1 -
 .../golang.org/x/sys/execabs/execabs_go119.go |    1 -
 .../golang.org/x/sys/plan9/pwd_go15_plan9.go  |    1 -
 vendor/golang.org/x/sys/plan9/pwd_plan9.go    |    1 -
 vendor/golang.org/x/sys/plan9/race.go         |    1 -
 vendor/golang.org/x/sys/plan9/race0.go        |    1 -
 vendor/golang.org/x/sys/plan9/str.go          |    1 -
 vendor/golang.org/x/sys/plan9/syscall.go      |    1 -
 .../x/sys/plan9/zsyscall_plan9_386.go         |    1 -
 .../x/sys/plan9/zsyscall_plan9_amd64.go       |    1 -
 .../x/sys/plan9/zsyscall_plan9_arm.go         |    1 -
 vendor/golang.org/x/sys/unix/aliases.go       |    2 -
 vendor/golang.org/x/sys/unix/asm_aix_ppc64.s  |    1 -
 vendor/golang.org/x/sys/unix/asm_bsd_386.s    |    2 -
 vendor/golang.org/x/sys/unix/asm_bsd_amd64.s  |    2 -
 vendor/golang.org/x/sys/unix/asm_bsd_arm.s    |    2 -
 vendor/golang.org/x/sys/unix/asm_bsd_arm64.s  |    2 -
 vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s  |    2 -
 .../golang.org/x/sys/unix/asm_bsd_riscv64.s   |    2 -
 vendor/golang.org/x/sys/unix/asm_linux_386.s  |    1 -
 .../golang.org/x/sys/unix/asm_linux_amd64.s   |    1 -
 vendor/golang.org/x/sys/unix/asm_linux_arm.s  |    1 -
 .../golang.org/x/sys/unix/asm_linux_arm64.s   |    3 -
 .../golang.org/x/sys/unix/asm_linux_loong64.s |    3 -
 .../golang.org/x/sys/unix/asm_linux_mips64x.s |    3 -
 .../golang.org/x/sys/unix/asm_linux_mipsx.s   |    3 -
 .../golang.org/x/sys/unix/asm_linux_ppc64x.s  |    3 -
 .../golang.org/x/sys/unix/asm_linux_riscv64.s |    2 -
 .../golang.org/x/sys/unix/asm_linux_s390x.s   |    3 -
 .../x/sys/unix/asm_openbsd_mips64.s           |    1 -
 .../golang.org/x/sys/unix/asm_solaris_amd64.s |    1 -
 vendor/golang.org/x/sys/unix/asm_zos_s390x.s  |    3 -
 vendor/golang.org/x/sys/unix/cap_freebsd.go   |    1 -
 vendor/golang.org/x/sys/unix/constants.go     |    1 -
 vendor/golang.org/x/sys/unix/dev_aix_ppc.go   |    1 -
 vendor/golang.org/x/sys/unix/dev_aix_ppc64.go |    1 -
 vendor/golang.org/x/sys/unix/dev_zos.go       |    1 -
 vendor/golang.org/x/sys/unix/dirent.go        |    1 -
 vendor/golang.org/x/sys/unix/endian_big.go    |    1 -
 vendor/golang.org/x/sys/unix/endian_little.go |    1 -
 vendor/golang.org/x/sys/unix/env_unix.go      |    1 -
 vendor/golang.org/x/sys/unix/epoll_zos.go     |    1 -
 vendor/golang.org/x/sys/unix/fcntl.go         |    3 +-
 .../x/sys/unix/fcntl_linux_32bit.go           |    1 -
 vendor/golang.org/x/sys/unix/fdset.go         |    1 -
 vendor/golang.org/x/sys/unix/fstatfs_zos.go   |    1 -
 vendor/golang.org/x/sys/unix/gccgo.go         |    1 -
 vendor/golang.org/x/sys/unix/gccgo_c.c        |    1 -
 .../x/sys/unix/gccgo_linux_amd64.go           |    1 -
 vendor/golang.org/x/sys/unix/ifreq_linux.go   |    1 -
 vendor/golang.org/x/sys/unix/ioctl_linux.go   |    5 +
 vendor/golang.org/x/sys/unix/ioctl_signed.go  |    1 -
 .../golang.org/x/sys/unix/ioctl_unsigned.go   |    1 -
 vendor/golang.org/x/sys/unix/ioctl_zos.go     |    1 -
 vendor/golang.org/x/sys/unix/mkerrors.sh      |    4 +-
 vendor/golang.org/x/sys/unix/mmap_nomremap.go |    1 -
 vendor/golang.org/x/sys/unix/mremap.go        |    1 -
 vendor/golang.org/x/sys/unix/pagesize_unix.go |    1 -
 .../golang.org/x/sys/unix/pledge_openbsd.go   |   92 +-
 vendor/golang.org/x/sys/unix/ptrace_darwin.go |    1 -
 vendor/golang.org/x/sys/unix/ptrace_ios.go    |    1 -
 vendor/golang.org/x/sys/unix/race.go          |    1 -
 vendor/golang.org/x/sys/unix/race0.go         |    1 -
 .../x/sys/unix/readdirent_getdents.go         |    1 -
 .../x/sys/unix/readdirent_getdirentries.go    |    1 -
 vendor/golang.org/x/sys/unix/sockcmsg_unix.go |    1 -
 .../x/sys/unix/sockcmsg_unix_other.go         |    1 -
 vendor/golang.org/x/sys/unix/syscall.go       |    1 -
 vendor/golang.org/x/sys/unix/syscall_aix.go   |    4 +-
 .../golang.org/x/sys/unix/syscall_aix_ppc.go  |    1 -
 .../x/sys/unix/syscall_aix_ppc64.go           |    1 -
 vendor/golang.org/x/sys/unix/syscall_bsd.go   |    3 +-
 .../x/sys/unix/syscall_darwin_amd64.go        |    1 -
 .../x/sys/unix/syscall_darwin_arm64.go        |    1 -
 .../x/sys/unix/syscall_darwin_libSystem.go    |    1 -
 .../x/sys/unix/syscall_dragonfly_amd64.go     |    1 -
 .../x/sys/unix/syscall_freebsd_386.go         |    1 -
 .../x/sys/unix/syscall_freebsd_amd64.go       |    1 -
 .../x/sys/unix/syscall_freebsd_arm.go         |    1 -
 .../x/sys/unix/syscall_freebsd_arm64.go       |    1 -
 .../x/sys/unix/syscall_freebsd_riscv64.go     |    1 -
 vendor/golang.org/x/sys/unix/syscall_hurd.go  |    1 -
 .../golang.org/x/sys/unix/syscall_hurd_386.go |    1 -
 .../golang.org/x/sys/unix/syscall_illumos.go  |    1 -
 vendor/golang.org/x/sys/unix/syscall_linux.go |   33 +-
 .../x/sys/unix/syscall_linux_386.go           |    1 -
 .../x/sys/unix/syscall_linux_alarm.go         |    2 -
 .../x/sys/unix/syscall_linux_amd64.go         |    1 -
 .../x/sys/unix/syscall_linux_amd64_gc.go      |    1 -
 .../x/sys/unix/syscall_linux_arm.go           |    1 -
 .../x/sys/unix/syscall_linux_arm64.go         |    1 -
 .../golang.org/x/sys/unix/syscall_linux_gc.go |    1 -
 .../x/sys/unix/syscall_linux_gc_386.go        |    1 -
 .../x/sys/unix/syscall_linux_gc_arm.go        |    1 -
 .../x/sys/unix/syscall_linux_gccgo_386.go     |    1 -
 .../x/sys/unix/syscall_linux_gccgo_arm.go     |    1 -
 .../x/sys/unix/syscall_linux_loong64.go       |    1 -
 .../x/sys/unix/syscall_linux_mips64x.go       |    2 -
 .../x/sys/unix/syscall_linux_mipsx.go         |    2 -
 .../x/sys/unix/syscall_linux_ppc.go           |    1 -
 .../x/sys/unix/syscall_linux_ppc64x.go        |    2 -
 .../x/sys/unix/syscall_linux_riscv64.go       |    1 -
 .../x/sys/unix/syscall_linux_s390x.go         |    1 -
 .../x/sys/unix/syscall_linux_sparc64.go       |    1 -
 .../x/sys/unix/syscall_netbsd_386.go          |    1 -
 .../x/sys/unix/syscall_netbsd_amd64.go        |    1 -
 .../x/sys/unix/syscall_netbsd_arm.go          |    1 -
 .../x/sys/unix/syscall_netbsd_arm64.go        |    1 -
 .../golang.org/x/sys/unix/syscall_openbsd.go  |   28 +-
 .../x/sys/unix/syscall_openbsd_386.go         |    1 -
 .../x/sys/unix/syscall_openbsd_amd64.go       |    1 -
 .../x/sys/unix/syscall_openbsd_arm.go         |    1 -
 .../x/sys/unix/syscall_openbsd_arm64.go       |    1 -
 .../x/sys/unix/syscall_openbsd_libc.go        |    1 -
 .../x/sys/unix/syscall_openbsd_ppc64.go       |    1 -
 .../x/sys/unix/syscall_openbsd_riscv64.go     |    1 -
 .../golang.org/x/sys/unix/syscall_solaris.go  |    5 +-
 .../x/sys/unix/syscall_solaris_amd64.go       |    1 -
 vendor/golang.org/x/sys/unix/syscall_unix.go  |    1 -
 .../golang.org/x/sys/unix/syscall_unix_gc.go  |    2 -
 .../x/sys/unix/syscall_unix_gc_ppc64x.go      |    3 -
 .../x/sys/unix/syscall_zos_s390x.go           |    3 +-
 vendor/golang.org/x/sys/unix/sysvshm_linux.go |    1 -
 vendor/golang.org/x/sys/unix/sysvshm_unix.go  |    1 -
 .../x/sys/unix/sysvshm_unix_other.go          |    1 -
 vendor/golang.org/x/sys/unix/timestruct.go    |    1 -
 .../golang.org/x/sys/unix/unveil_openbsd.go   |   41 +-
 vendor/golang.org/x/sys/unix/xattr_bsd.go     |    1 -
 .../golang.org/x/sys/unix/zerrors_aix_ppc.go  |    1 -
 .../x/sys/unix/zerrors_aix_ppc64.go           |    1 -
 .../x/sys/unix/zerrors_darwin_amd64.go        |    1 -
 .../x/sys/unix/zerrors_darwin_arm64.go        |    1 -
 .../x/sys/unix/zerrors_dragonfly_amd64.go     |    1 -
 .../x/sys/unix/zerrors_freebsd_386.go         |    1 -
 .../x/sys/unix/zerrors_freebsd_amd64.go       |    1 -
 .../x/sys/unix/zerrors_freebsd_arm.go         |    1 -
 .../x/sys/unix/zerrors_freebsd_arm64.go       |    1 -
 .../x/sys/unix/zerrors_freebsd_riscv64.go     |    1 -
 vendor/golang.org/x/sys/unix/zerrors_linux.go |   14 +-
 .../x/sys/unix/zerrors_linux_386.go           |    1 -
 .../x/sys/unix/zerrors_linux_amd64.go         |    1 -
 .../x/sys/unix/zerrors_linux_arm.go           |    1 -
 .../x/sys/unix/zerrors_linux_arm64.go         |    1 -
 .../x/sys/unix/zerrors_linux_loong64.go       |    2 +-
 .../x/sys/unix/zerrors_linux_mips.go          |    1 -
 .../x/sys/unix/zerrors_linux_mips64.go        |    1 -
 .../x/sys/unix/zerrors_linux_mips64le.go      |    1 -
 .../x/sys/unix/zerrors_linux_mipsle.go        |    1 -
 .../x/sys/unix/zerrors_linux_ppc.go           |    1 -
 .../x/sys/unix/zerrors_linux_ppc64.go         |    1 -
 .../x/sys/unix/zerrors_linux_ppc64le.go       |    1 -
 .../x/sys/unix/zerrors_linux_riscv64.go       |    4 +-
 .../x/sys/unix/zerrors_linux_s390x.go         |    1 -
 .../x/sys/unix/zerrors_linux_sparc64.go       |    1 -
 .../x/sys/unix/zerrors_netbsd_386.go          |    1 -
 .../x/sys/unix/zerrors_netbsd_amd64.go        |    1 -
 .../x/sys/unix/zerrors_netbsd_arm.go          |    1 -
 .../x/sys/unix/zerrors_netbsd_arm64.go        |    1 -
 .../x/sys/unix/zerrors_openbsd_386.go         |    1 -
 .../x/sys/unix/zerrors_openbsd_amd64.go       |    1 -
 .../x/sys/unix/zerrors_openbsd_arm.go         |    1 -
 .../x/sys/unix/zerrors_openbsd_arm64.go       |    1 -
 .../x/sys/unix/zerrors_openbsd_mips64.go      |    1 -
 .../x/sys/unix/zerrors_openbsd_ppc64.go       |    1 -
 .../x/sys/unix/zerrors_openbsd_riscv64.go     |    1 -
 .../x/sys/unix/zerrors_solaris_amd64.go       |    1 -
 .../x/sys/unix/zerrors_zos_s390x.go           |    1 -
 .../x/sys/unix/zptrace_armnn_linux.go         |    2 -
 .../x/sys/unix/zptrace_mipsnn_linux.go        |    2 -
 .../x/sys/unix/zptrace_mipsnnle_linux.go      |    2 -
 .../x/sys/unix/zptrace_x86_linux.go           |    2 -
 .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |    1 -
 .../x/sys/unix/zsyscall_aix_ppc64.go          |    1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |    1 -
 .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |    1 -
 .../x/sys/unix/zsyscall_darwin_amd64.go       |    1 -
 .../x/sys/unix/zsyscall_darwin_arm64.go       |    1 -
 .../x/sys/unix/zsyscall_dragonfly_amd64.go    |    1 -
 .../x/sys/unix/zsyscall_freebsd_386.go        |    1 -
 .../x/sys/unix/zsyscall_freebsd_amd64.go      |    1 -
 .../x/sys/unix/zsyscall_freebsd_arm.go        |    1 -
 .../x/sys/unix/zsyscall_freebsd_arm64.go      |    1 -
 .../x/sys/unix/zsyscall_freebsd_riscv64.go    |    1 -
 .../x/sys/unix/zsyscall_illumos_amd64.go      |    1 -
 .../golang.org/x/sys/unix/zsyscall_linux.go   |   26 +-
 .../x/sys/unix/zsyscall_linux_386.go          |    1 -
 .../x/sys/unix/zsyscall_linux_amd64.go        |    1 -
 .../x/sys/unix/zsyscall_linux_arm.go          |    1 -
 .../x/sys/unix/zsyscall_linux_arm64.go        |    1 -
 .../x/sys/unix/zsyscall_linux_loong64.go      |    1 -
 .../x/sys/unix/zsyscall_linux_mips.go         |    1 -
 .../x/sys/unix/zsyscall_linux_mips64.go       |    1 -
 .../x/sys/unix/zsyscall_linux_mips64le.go     |    1 -
 .../x/sys/unix/zsyscall_linux_mipsle.go       |    1 -
 .../x/sys/unix/zsyscall_linux_ppc.go          |    1 -
 .../x/sys/unix/zsyscall_linux_ppc64.go        |    1 -
 .../x/sys/unix/zsyscall_linux_ppc64le.go      |    1 -
 .../x/sys/unix/zsyscall_linux_riscv64.go      |    1 -
 .../x/sys/unix/zsyscall_linux_s390x.go        |    1 -
 .../x/sys/unix/zsyscall_linux_sparc64.go      |    1 -
 .../x/sys/unix/zsyscall_netbsd_386.go         |    1 -
 .../x/sys/unix/zsyscall_netbsd_amd64.go       |    1 -
 .../x/sys/unix/zsyscall_netbsd_arm.go         |    1 -
 .../x/sys/unix/zsyscall_netbsd_arm64.go       |    1 -
 .../x/sys/unix/zsyscall_openbsd_386.go        |   72 +-
 .../x/sys/unix/zsyscall_openbsd_386.s         |   20 +
 .../x/sys/unix/zsyscall_openbsd_amd64.go      |   72 +-
 .../x/sys/unix/zsyscall_openbsd_amd64.s       |   20 +
 .../x/sys/unix/zsyscall_openbsd_arm.go        |   72 +-
 .../x/sys/unix/zsyscall_openbsd_arm.s         |   20 +
 .../x/sys/unix/zsyscall_openbsd_arm64.go      |   72 +-
 .../x/sys/unix/zsyscall_openbsd_arm64.s       |   20 +
 .../x/sys/unix/zsyscall_openbsd_mips64.go     |   72 +-
 .../x/sys/unix/zsyscall_openbsd_mips64.s      |   20 +
 .../x/sys/unix/zsyscall_openbsd_ppc64.go      |   72 +-
 .../x/sys/unix/zsyscall_openbsd_ppc64.s       |   24 +
 .../x/sys/unix/zsyscall_openbsd_riscv64.go    |   72 +-
 .../x/sys/unix/zsyscall_openbsd_riscv64.s     |   20 +
 .../x/sys/unix/zsyscall_solaris_amd64.go      |    1 -
 .../x/sys/unix/zsyscall_zos_s390x.go          |    1 -
 .../x/sys/unix/zsysctl_openbsd_386.go         |    1 -
 .../x/sys/unix/zsysctl_openbsd_amd64.go       |    1 -
 .../x/sys/unix/zsysctl_openbsd_arm.go         |    1 -
 .../x/sys/unix/zsysctl_openbsd_arm64.go       |    1 -
 .../x/sys/unix/zsysctl_openbsd_mips64.go      |    1 -
 .../x/sys/unix/zsysctl_openbsd_ppc64.go       |    1 -
 .../x/sys/unix/zsysctl_openbsd_riscv64.go     |    1 -
 .../x/sys/unix/zsysnum_darwin_amd64.go        |    1 -
 .../x/sys/unix/zsysnum_darwin_arm64.go        |    1 -
 .../x/sys/unix/zsysnum_dragonfly_amd64.go     |    1 -
 .../x/sys/unix/zsysnum_freebsd_386.go         |    1 -
 .../x/sys/unix/zsysnum_freebsd_amd64.go       |    1 -
 .../x/sys/unix/zsysnum_freebsd_arm.go         |    1 -
 .../x/sys/unix/zsysnum_freebsd_arm64.go       |    1 -
 .../x/sys/unix/zsysnum_freebsd_riscv64.go     |    1 -
 .../x/sys/unix/zsysnum_linux_386.go           |    2 +-
 .../x/sys/unix/zsysnum_linux_amd64.go         |    3 +-
 .../x/sys/unix/zsysnum_linux_arm.go           |    2 +-
 .../x/sys/unix/zsysnum_linux_arm64.go         |    2 +-
 .../x/sys/unix/zsysnum_linux_loong64.go       |    2 +-
 .../x/sys/unix/zsysnum_linux_mips.go          |    2 +-
 .../x/sys/unix/zsysnum_linux_mips64.go        |    2 +-
 .../x/sys/unix/zsysnum_linux_mips64le.go      |    2 +-
 .../x/sys/unix/zsysnum_linux_mipsle.go        |    2 +-
 .../x/sys/unix/zsysnum_linux_ppc.go           |    2 +-
 .../x/sys/unix/zsysnum_linux_ppc64.go         |    2 +-
 .../x/sys/unix/zsysnum_linux_ppc64le.go       |    2 +-
 .../x/sys/unix/zsysnum_linux_riscv64.go       |    2 +-
 .../x/sys/unix/zsysnum_linux_s390x.go         |    2 +-
 .../x/sys/unix/zsysnum_linux_sparc64.go       |    2 +-
 .../x/sys/unix/zsysnum_netbsd_386.go          |    1 -
 .../x/sys/unix/zsysnum_netbsd_amd64.go        |    1 -
 .../x/sys/unix/zsysnum_netbsd_arm.go          |    1 -
 .../x/sys/unix/zsysnum_netbsd_arm64.go        |    1 -
 .../x/sys/unix/zsysnum_openbsd_386.go         |    1 -
 .../x/sys/unix/zsysnum_openbsd_amd64.go       |    1 -
 .../x/sys/unix/zsysnum_openbsd_arm.go         |    1 -
 .../x/sys/unix/zsysnum_openbsd_arm64.go       |    1 -
 .../x/sys/unix/zsysnum_openbsd_mips64.go      |    1 -
 .../x/sys/unix/zsysnum_openbsd_ppc64.go       |    1 -
 .../x/sys/unix/zsysnum_openbsd_riscv64.go     |    1 -
 .../x/sys/unix/zsysnum_zos_s390x.go           |    1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc.go   |    1 -
 .../golang.org/x/sys/unix/ztypes_aix_ppc64.go |    1 -
 .../x/sys/unix/ztypes_darwin_amd64.go         |    1 -
 .../x/sys/unix/ztypes_darwin_arm64.go         |    1 -
 .../x/sys/unix/ztypes_dragonfly_amd64.go      |    1 -
 .../x/sys/unix/ztypes_freebsd_386.go          |    1 -
 .../x/sys/unix/ztypes_freebsd_amd64.go        |    1 -
 .../x/sys/unix/ztypes_freebsd_arm.go          |    1 -
 .../x/sys/unix/ztypes_freebsd_arm64.go        |    1 -
 .../x/sys/unix/ztypes_freebsd_riscv64.go      |    1 -
 vendor/golang.org/x/sys/unix/ztypes_linux.go  |   45 +-
 .../golang.org/x/sys/unix/ztypes_linux_386.go |    1 -
 .../x/sys/unix/ztypes_linux_amd64.go          |    1 -
 .../golang.org/x/sys/unix/ztypes_linux_arm.go |    1 -
 .../x/sys/unix/ztypes_linux_arm64.go          |    1 -
 .../x/sys/unix/ztypes_linux_loong64.go        |    1 -
 .../x/sys/unix/ztypes_linux_mips.go           |    1 -
 .../x/sys/unix/ztypes_linux_mips64.go         |    1 -
 .../x/sys/unix/ztypes_linux_mips64le.go       |    1 -
 .../x/sys/unix/ztypes_linux_mipsle.go         |    1 -
 .../golang.org/x/sys/unix/ztypes_linux_ppc.go |    1 -
 .../x/sys/unix/ztypes_linux_ppc64.go          |    1 -
 .../x/sys/unix/ztypes_linux_ppc64le.go        |    1 -
 .../x/sys/unix/ztypes_linux_riscv64.go        |    1 -
 .../x/sys/unix/ztypes_linux_s390x.go          |    1 -
 .../x/sys/unix/ztypes_linux_sparc64.go        |    1 -
 .../x/sys/unix/ztypes_netbsd_386.go           |    1 -
 .../x/sys/unix/ztypes_netbsd_amd64.go         |    1 -
 .../x/sys/unix/ztypes_netbsd_arm.go           |    1 -
 .../x/sys/unix/ztypes_netbsd_arm64.go         |    1 -
 .../x/sys/unix/ztypes_openbsd_386.go          |    1 -
 .../x/sys/unix/ztypes_openbsd_amd64.go        |    1 -
 .../x/sys/unix/ztypes_openbsd_arm.go          |    1 -
 .../x/sys/unix/ztypes_openbsd_arm64.go        |    1 -
 .../x/sys/unix/ztypes_openbsd_mips64.go       |    1 -
 .../x/sys/unix/ztypes_openbsd_ppc64.go        |    1 -
 .../x/sys/unix/ztypes_openbsd_riscv64.go      |    1 -
 .../x/sys/unix/ztypes_solaris_amd64.go        |    1 -
 .../golang.org/x/sys/unix/ztypes_zos_s390x.go |    1 -
 vendor/golang.org/x/sys/windows/aliases.go    |    1 -
 vendor/golang.org/x/sys/windows/empty.s       |    1 -
 vendor/golang.org/x/sys/windows/eventlog.go   |    1 -
 vendor/golang.org/x/sys/windows/mksyscall.go  |    1 -
 vendor/golang.org/x/sys/windows/race.go       |    1 -
 vendor/golang.org/x/sys/windows/race0.go      |    1 -
 .../golang.org/x/sys/windows/registry/key.go  |    1 -
 .../x/sys/windows/registry/mksyscall.go       |    1 -
 .../x/sys/windows/registry/syscall.go         |    1 -
 .../x/sys/windows/registry/value.go           |    1 -
 vendor/golang.org/x/sys/windows/service.go    |    1 -
 vendor/golang.org/x/sys/windows/str.go        |    1 -
 vendor/golang.org/x/sys/windows/syscall.go    |    1 -
 .../x/sys/windows/syscall_windows.go          |    6 +-
 .../golang.org/x/sys/windows/types_windows.go |   28 +-
 .../x/sys/windows/zsyscall_windows.go         |   28 +
 vendor/golang.org/x/term/term_unix.go         |    1 -
 vendor/golang.org/x/term/term_unix_bsd.go     |    1 -
 vendor/golang.org/x/term/term_unix_other.go   |    1 -
 vendor/golang.org/x/term/term_unsupported.go  |    1 -
 vendor/golang.org/x/text/cases/icu.go         |    1 -
 .../golang.org/x/text/cases/tables10.0.0.go   |    1 -
 .../golang.org/x/text/cases/tables11.0.0.go   |    1 -
 .../golang.org/x/text/cases/tables12.0.0.go   |    1 -
 .../golang.org/x/text/cases/tables13.0.0.go   |    1 -
 .../golang.org/x/text/cases/tables15.0.0.go   |    1 -
 vendor/golang.org/x/text/cases/tables9.0.0.go |    1 -
 vendor/golang.org/x/text/encoding/encoding.go |  335 ++
 .../internal/identifier/identifier.go         |   81 +
 .../text/encoding/internal/identifier/mib.go  | 1627 ++++++++++
 .../x/text/encoding/internal/internal.go      |   75 +
 .../x/text/encoding/unicode/override.go       |   82 +
 .../x/text/encoding/unicode/unicode.go        |  512 ++++
 .../internal/utf8internal/utf8internal.go     |   87 +
 .../x/text/secure/bidirule/bidirule10.0.0.go  |    1 -
 .../x/text/secure/bidirule/bidirule9.0.0.go   |    1 -
 .../x/text/unicode/bidi/tables10.0.0.go       |    1 -
 .../x/text/unicode/bidi/tables11.0.0.go       |    1 -
 .../x/text/unicode/bidi/tables12.0.0.go       |    1 -
 .../x/text/unicode/bidi/tables13.0.0.go       |    1 -
 .../x/text/unicode/bidi/tables15.0.0.go       |    1 -
 .../x/text/unicode/bidi/tables9.0.0.go        |    1 -
 .../x/text/unicode/norm/tables10.0.0.go       |    1 -
 .../x/text/unicode/norm/tables11.0.0.go       |    1 -
 .../x/text/unicode/norm/tables12.0.0.go       |    1 -
 .../x/text/unicode/norm/tables13.0.0.go       |    1 -
 .../x/text/unicode/norm/tables15.0.0.go       |    1 -
 .../x/text/unicode/norm/tables9.0.0.go        |    1 -
 .../golang.org/x/text/width/tables10.0.0.go   |    1 -
 .../golang.org/x/text/width/tables11.0.0.go   |    1 -
 .../golang.org/x/text/width/tables12.0.0.go   |    1 -
 .../golang.org/x/text/width/tables13.0.0.go   |    1 -
 .../golang.org/x/text/width/tables15.0.0.go   |    1 -
 vendor/golang.org/x/text/width/tables9.0.0.go |    1 -
 .../x/tools/cmd/stringer/stringer.go          |    5 +-
 vendor/golang.org/x/tools/go/analysis/doc.go  |    2 +-
 .../go/analysis/passes/appends/appends.go     |   47 +
 .../x/tools/go/analysis/passes/appends/doc.go |   20 +
 .../tools/go/analysis/passes/assign/assign.go |    3 +-
 .../tools/go/analysis/passes/atomic/atomic.go |   16 +-
 .../passes/atomicalign/atomicalign.go         |   32 +-
 .../x/tools/go/analysis/passes/bools/bools.go |   49 +-
 .../go/analysis/passes/buildssa/buildssa.go   |   30 +-
 .../go/analysis/passes/cgocall/cgocall.go     |    3 +-
 .../go/analysis/passes/copylock/copylock.go   |    9 +-
 .../passes/deepequalerrors/deepequalerrors.go |    7 +-
 .../tools/go/analysis/passes/defers/defers.go |   59 +
 .../x/tools/go/analysis/passes/defers/doc.go  |   25 +
 .../go/analysis/passes/directive/directive.go |  209 ++
 .../go/analysis/passes/errorsas/errorsas.go   |   10 +-
 .../passes/httpresponse/httpresponse.go       |   16 +-
 .../passes/internal/analysisutil/util.go      |   58 +-
 .../go/analysis/passes/loopclosure/doc.go     |   13 +-
 .../passes/loopclosure/loopclosure.go         |   33 +-
 .../go/analysis/passes/nilness/nilness.go     |   14 +-
 .../tools/go/analysis/passes/printf/printf.go |    7 +-
 .../reflectvaluecompare.go                    |   13 +-
 .../x/tools/go/analysis/passes/slog/doc.go    |   23 +
 .../x/tools/go/analysis/passes/slog/slog.go   |  234 ++
 .../go/analysis/passes/sortslice/analyzer.go  |    9 +-
 .../analysis/passes/testinggoroutine/doc.go   |    2 +-
 .../testinggoroutine/testinggoroutine.go      |  277 +-
 .../analysis/passes/testinggoroutine/util.go  |   96 +
 .../x/tools/go/analysis/passes/tests/tests.go |    8 +-
 .../analysis/passes/timeformat/timeformat.go  |   21 +-
 .../go/analysis/passes/unsafeptr/unsafeptr.go |   18 +-
 .../passes/unusedresult/unusedresult.go       |    4 +-
 .../x/tools/go/analysis/validate.go           |    2 +
 .../x/tools/go/buildutil/fakecontext.go       |    3 +-
 .../x/tools/go/buildutil/overlay.go           |    3 +-
 .../golang.org/x/tools/go/internal/cgo/cgo.go |    6 +-
 .../x/tools/go/internal/cgo/cgo_pkgconfig.go  |    2 +-
 .../tools/go/internal/packagesdriver/sizes.go |   24 +-
 vendor/golang.org/x/tools/go/loader/loader.go |    2 +
 vendor/golang.org/x/tools/go/packages/doc.go  |    2 +-
 .../x/tools/go/packages/external.go           |    2 +-
 .../golang.org/x/tools/go/packages/golist.go  |   92 +-
 .../x/tools/go/packages/golist_overlay.go     |  492 ---
 .../x/tools/go/packages/packages.go           |  186 +-
 vendor/golang.org/x/tools/go/ssa/builder.go   |  837 +++--
 vendor/golang.org/x/tools/go/ssa/create.go    |  171 +-
 vendor/golang.org/x/tools/go/ssa/doc.go       |    3 -
 vendor/golang.org/x/tools/go/ssa/emit.go      |   96 +-
 vendor/golang.org/x/tools/go/ssa/func.go      |  171 +-
 vendor/golang.org/x/tools/go/ssa/identical.go |   12 -
 .../golang.org/x/tools/go/ssa/identical_17.go |   12 -
 .../golang.org/x/tools/go/ssa/instantiate.go  |  169 +-
 vendor/golang.org/x/tools/go/ssa/lift.go      |    7 +-
 vendor/golang.org/x/tools/go/ssa/methods.go   |  396 ++-
 .../x/tools/go/ssa/parameterized.go           |   48 +-
 vendor/golang.org/x/tools/go/ssa/sanity.go    |    3 +-
 vendor/golang.org/x/tools/go/ssa/source.go    |   39 +-
 vendor/golang.org/x/tools/go/ssa/ssa.go       |  129 +-
 .../golang.org/x/tools/go/ssa/ssautil/load.go |   39 +
 .../x/tools/go/ssa/ssautil/visit.go           |  144 +-
 vendor/golang.org/x/tools/go/ssa/util.go      |   31 +-
 vendor/golang.org/x/tools/go/ssa/wrappers.go  |  205 +-
 .../x/tools/go/types/objectpath/objectpath.go |  116 +-
 vendor/golang.org/x/tools/imports/forward.go  |    4 +-
 .../x/tools/internal/fastwalk/fastwalk.go     |  196 --
 .../internal/fastwalk/fastwalk_darwin.go      |  119 -
 .../fastwalk/fastwalk_dirent_fileno.go        |   14 -
 .../internal/fastwalk/fastwalk_dirent_ino.go  |   15 -
 .../fastwalk/fastwalk_dirent_namlen_bsd.go    |   14 -
 .../fastwalk/fastwalk_dirent_namlen_linux.go  |   29 -
 .../internal/fastwalk/fastwalk_portable.go    |   38 -
 .../tools/internal/fastwalk/fastwalk_unix.go  |  153 -
 .../x/tools/internal/gcimporter/gcimporter.go |    3 +-
 .../x/tools/internal/gocommand/invoke.go      |   27 +-
 .../x/tools/internal/gopathwalk/walk.go       |  227 +-
 .../x/tools/internal/imports/fix.go           |    7 +-
 .../x/tools/internal/imports/mod.go           |    5 +-
 .../x/tools/internal/imports/zstdlib.go       |  230 ++
 .../internal/packagesinternal/packages.go     |    8 -
 .../x/tools/internal/typeparams/coretype.go   |    8 +-
 .../x/tools/internal/typeparams/termlist.go   |    2 +-
 .../x/tools/internal/typeparams/typeterm.go   |    9 +-
 .../x/tools/internal/typesinternal/types.go   |   16 -
 .../x/tools/internal/versions/gover.go        |  172 ++
 .../x/tools/internal/versions/types.go        |   19 +
 .../x/tools/internal/versions/types_go121.go  |   20 +
 .../x/tools/internal/versions/types_go122.go  |   24 +
 .../tools/internal/versions/versions_go121.go |   49 +
 .../tools/internal/versions/versions_go122.go |   38 +
 .../google.golang.org/appengine/.travis.yml   |   18 -
 .../appengine/CONTRIBUTING.md                 |    6 +-
 vendor/google.golang.org/appengine/README.md  |    6 +-
 .../google.golang.org/appengine/appengine.go  |   23 +-
 .../appengine/appengine_vm.go                 |   12 +-
 .../appengine/datastore/datastore.go          |    2 +-
 .../appengine/datastore/doc.go                |   21 +-
 .../appengine/datastore/key.go                |    2 +-
 .../appengine/datastore/keycompat.go          |    3 +-
 .../appengine/datastore/metadata.go           |   17 +-
 .../appengine/datastore/query.go              |    6 +-
 .../appengine/datastore/transaction.go        |    3 +-
 .../google.golang.org/appengine/identity.go   |    3 +-
 .../appengine/internal/api.go                 |  347 +--
 .../appengine/internal/api_classic.go         |   29 +-
 .../appengine/internal/api_common.go          |   50 +-
 .../appengine/internal/identity.go            |    7 +-
 .../appengine/internal/identity_classic.go    |   23 +-
 .../appengine/internal/identity_flex.go       |    1 +
 .../appengine/internal/identity_vm.go         |   20 +-
 .../appengine/internal/main.go                |    1 +
 .../appengine/internal/main_vm.go             |    3 +-
 .../appengine/internal/transaction.go         |   10 +-
 .../google.golang.org/appengine/namespace.go  |    3 +-
 vendor/google.golang.org/appengine/timeout.go |    2 +-
 .../appengine/travis_install.sh               |   18 -
 .../appengine/travis_test.sh                  |   12 -
 .../appengine/urlfetch/urlfetch.go            |    9 +-
 vendor/google.golang.org/grpc/README.md       |   60 +-
 .../grpc/attributes/attributes.go             |   35 +-
 .../grpc/balancer/balancer.go                 |   62 +-
 .../grpc/balancer/base/balancer.go            |   22 +-
 .../grpc/balancer_conn_wrappers.go            |   75 +-
 .../grpc_binarylog_v1/binarylog.pb.go         |    2 +-
 vendor/google.golang.org/grpc/call.go         |   11 +-
 vendor/google.golang.org/grpc/clientconn.go   |  157 +-
 vendor/google.golang.org/grpc/codec.go        |    8 +-
 vendor/google.golang.org/grpc/dialoptions.go  |   19 +-
 .../grpc/encoding/encoding.go                 |   17 +-
 .../grpc/encoding/gzip/gzip.go                |    4 +-
 .../grpc/encoding/proto/proto.go              |    4 +-
 .../grpc/grpclog/component.go                 |   40 +-
 .../google.golang.org/grpc/grpclog/grpclog.go |   30 +-
 .../google.golang.org/grpc/grpclog/logger.go  |   30 +-
 .../grpc/grpclog/loggerv2.go                  |   56 +-
 .../google.golang.org/grpc/health/client.go   |    2 +-
 .../grpc/health/grpc_health_v1/health.pb.go   |    2 +-
 .../health/grpc_health_v1/health_grpc.pb.go   |   22 +-
 vendor/google.golang.org/grpc/interceptor.go  |   12 +-
 .../grpc/internal/backoff/backoff.go          |   36 +
 .../balancer/gracefulswitch/gracefulswitch.go |   59 +-
 .../grpc/internal/balancerload/load.go        |    4 +-
 .../grpc/internal/binarylog/method_logger.go  |    4 +-
 .../grpc/internal/buffer/unbounded.go         |   18 +-
 .../grpc/internal/channelz/funcs.go           |   69 +-
 .../grpc/internal/channelz/logging.go         |   12 +-
 .../grpc/internal/channelz/types.go           |    5 +
 .../grpc/internal/channelz/util_linux.go      |    2 +-
 .../grpc/internal/channelz/util_nonlinux.go   |    2 +-
 .../grpc/internal/credentials/credentials.go  |    8 +-
 .../grpc/internal/envconfig/envconfig.go      |    9 +-
 .../grpc/internal/grpclog/grpclog.go          |   40 +-
 .../grpc/internal/grpclog/prefixLogger.go     |    8 +-
 .../internal/grpcsync/callback_serializer.go  |   54 +-
 .../grpc/internal/grpcsync/pubsub.go          |   43 +-
 .../grpc/{ => internal/idle}/idle.go          |  188 +-
 .../grpc/internal/internal.go                 |   51 +-
 .../grpc/internal/metadata/metadata.go        |    2 +-
 .../grpc/internal/pretty/pretty.go            |    2 +-
 .../grpc/internal/resolver/config_selector.go |    4 +-
 .../grpc/internal/status/status.go            |   36 +-
 .../grpc/internal/transport/controlbuf.go     |   16 +-
 .../grpc/internal/transport/handler_server.go |   13 +-
 .../grpc/internal/transport/http2_client.go   |   56 +-
 .../grpc/internal/transport/http2_server.go   |   20 +-
 .../grpc/internal/transport/http_util.go      |   77 +-
 .../grpc/internal/transport/transport.go      |   19 +-
 .../google.golang.org/grpc/picker_wrapper.go  |   34 +-
 vendor/google.golang.org/grpc/pickfirst.go    |   88 +-
 vendor/google.golang.org/grpc/preloader.go    |    2 +-
 .../grpc_reflection_v1/reflection.pb.go       |    2 +-
 .../grpc_reflection_v1alpha/reflection.pb.go  |    2 +-
 vendor/google.golang.org/grpc/resolver/map.go |   10 +-
 .../grpc/resolver/resolver.go                 |   76 +-
 .../grpc/resolver_conn_wrapper.go             |   10 +-
 vendor/google.golang.org/grpc/rpc_util.go     |   17 +-
 vendor/google.golang.org/grpc/server.go       |  204 +-
 .../grpc/shared_buffer_pool.go                |    4 +-
 vendor/google.golang.org/grpc/stats/stats.go  |   14 +-
 .../google.golang.org/grpc/status/status.go   |   14 +-
 vendor/google.golang.org/grpc/stream.go       |  126 +-
 vendor/google.golang.org/grpc/tap/tap.go      |    6 +
 vendor/google.golang.org/grpc/trace.go        |    6 +-
 vendor/google.golang.org/grpc/version.go      |    2 +-
 vendor/google.golang.org/grpc/vet.sh          |   10 +-
 .../honnef.co/go/tools/analysis/lint/lint.go  |   30 +-
 vendor/honnef.co/go/tools/go/ir/builder.go    |   99 +-
 vendor/honnef.co/go/tools/go/ir/methods.go    |    4 +-
 vendor/honnef.co/go/tools/go/ir/source.go     |    4 +-
 .../go/tools/go/types/typeutil/util.go        |    2 +
 .../go/tools/knowledge/deprecated.go          |   54 +-
 vendor/honnef.co/go/tools/pattern/match.go    |    5 +-
 vendor/honnef.co/go/tools/simple/lint.go      |   27 +-
 vendor/honnef.co/go/tools/staticcheck/lint.go |   20 +-
 vendor/honnef.co/go/tools/stylecheck/names.go |    6 +-
 vendor/honnef.co/go/tools/unused/unused.go    |    6 +-
 vendor/modules.txt                            |  346 ++-
 vendor/sigs.k8s.io/yaml/LICENSE               |  256 ++
 vendor/sigs.k8s.io/yaml/OWNERS                |    8 +-
 vendor/sigs.k8s.io/yaml/fields.go             |   55 +-
 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE     |  201 ++
 .../yaml/goyaml.v2/LICENSE.libyaml            |   31 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE      |   13 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS      |   24 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/README.md   |  143 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go     |  744 +++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go   |  815 +++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go | 1685 ++++++++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go   |  390 +++
 vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go  | 1095 +++++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go  |  412 +++
 vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go  |  258 ++
 vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go | 2711 +++++++++++++++++
 vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go   |  113 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go  |   26 +
 vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go     |  478 +++
 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go    |  739 +++++
 .../yaml/goyaml.v2/yamlprivateh.go            |  173 ++
 vendor/sigs.k8s.io/yaml/yaml.go               |  145 +-
 vendor/sigs.k8s.io/yaml/yaml_go110.go         |   17 +
 1366 files changed, 47066 insertions(+), 16756 deletions(-)
 create mode 100644 vendor/github.com/Antonboom/testifylint/LICENSE
 create mode 100644 vendor/github.com/Antonboom/testifylint/analyzer/analyzer.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/analyzer/checkers_factory.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/analysisutil/doc.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/analysisutil/file.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/analysisutil/format.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/analysisutil/object.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/analysisutil/pkg.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/bool_compare.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/checker.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/checkers_registry.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/compares.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/diagnostic.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/empty.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/error_is_as.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/error_nil.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/expected_actual.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/float_compare.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/len.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/require_error.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/suite_dont_use_pkg.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/suite_extra_assert_call.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/checkers/suite_thelper.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/config/config.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/config/flag_value_types.go
 create mode 100644 vendor/github.com/Antonboom/testifylint/internal/testify/const.go
 delete mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/analyzer.go
 delete mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/patterns-list.go
 delete mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/struct-fields.go
 rename vendor/github.com/GaijinEntertainment/go-exhaustruct/{v2 => v3}/LICENSE (100%)
 create mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer/analyzer.go
 create mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields/struct.go
 create mode 100644 vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern/list.go
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/.goreleaser.yml
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/COPYING
 rename vendor/{go.uber.org/atomic/LICENSE.txt => github.com/alecthomas/go-check-sumtype/LICENSE-MIT} (94%)
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/README.md
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/UNLICENSE
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/check.go
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/decl.go
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/def.go
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/doc.go
 create mode 100644 vendor/github.com/alecthomas/go-check-sumtype/run.go
 delete mode 100644 vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
 create mode 100644 vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
 create mode 100644 vendor/github.com/catenacyber/perfsprint/LICENSE
 create mode 100644 vendor/github.com/catenacyber/perfsprint/analyzer/analyzer.go
 create mode 100644 vendor/github.com/ccojocar/zxcvbn-go/.gitignore
 create mode 100644 vendor/github.com/ccojocar/zxcvbn-go/.golangci.yml
 create mode 100644 vendor/github.com/ccojocar/zxcvbn-go/.goreleaser.yml
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/LICENSE.txt (100%)
 create mode 100644 vendor/github.com/ccojocar/zxcvbn-go/Makefile
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/README.md (100%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/adjacency/adjcmartix.go (82%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/data/bindata.go (99%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/entropy/entropyCalculator.go (77%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/frequency/frequency.go (96%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/match/match.go (80%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/dateMatchers.go (93%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/dictionaryMatch.go (89%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/leet.go (95%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/matching.go (87%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/repeatMatch.go (74%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/sequenceMatch.go (88%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/matching/spatialMatch.go (59%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/scoring/scoring.go (84%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/utils/math/mathutils.go (100%)
 rename vendor/github.com/{nbutton23 => ccojocar}/zxcvbn-go/zxcvbn.go (76%)
 create mode 100644 vendor/github.com/chavacava/garif/enums.go
 create mode 100644 vendor/github.com/cloudflare/circl/math/primes.go
 create mode 100644 vendor/github.com/daixiang0/gci/pkg/gci/testdata.go
 create mode 100644 vendor/github.com/distribution/reference/.gitattributes
 create mode 100644 vendor/github.com/distribution/reference/.gitignore
 create mode 100644 vendor/github.com/distribution/reference/.golangci.yml
 create mode 100644 vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
 create mode 100644 vendor/github.com/distribution/reference/CONTRIBUTING.md
 create mode 100644 vendor/github.com/distribution/reference/GOVERNANCE.md
 create mode 100644 vendor/github.com/distribution/reference/LICENSE
 create mode 100644 vendor/github.com/distribution/reference/MAINTAINERS
 create mode 100644 vendor/github.com/distribution/reference/Makefile
 create mode 100644 vendor/github.com/distribution/reference/README.md
 create mode 100644 vendor/github.com/distribution/reference/SECURITY.md
 create mode 100644 vendor/github.com/distribution/reference/distribution-logo.svg
 rename vendor/github.com/{docker => }/distribution/reference/helpers.go (94%)
 rename vendor/github.com/{docker => }/distribution/reference/normalize.go (52%)
 rename vendor/github.com/{docker => }/distribution/reference/reference.go (93%)
 create mode 100644 vendor/github.com/distribution/reference/regexp.go
 create mode 100644 vendor/github.com/distribution/reference/sort.go
 create mode 100644 vendor/github.com/docker/cli/cli/hints/hints.go
 create mode 100644 vendor/github.com/docker/distribution/reference/helpers_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/normalize_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/reference_deprecated.go
 delete mode 100644 vendor/github.com/docker/distribution/reference/regexp.go
 create mode 100644 vendor/github.com/docker/distribution/reference/regexp_deprecated.go
 create mode 100644 vendor/github.com/docker/distribution/reference/sort_deprecated.go
 create mode 100644 vendor/github.com/fsnotify/fsnotify/.cirrus.yml
 create mode 100644 vendor/github.com/ghostiam/protogetter/.goreleaser.yaml
 rename vendor/github.com/{spf13/jwalterweatherman => ghostiam/protogetter}/LICENSE (94%)
 create mode 100644 vendor/github.com/ghostiam/protogetter/Makefile
 create mode 100644 vendor/github.com/ghostiam/protogetter/README.md
 create mode 100644 vendor/github.com/ghostiam/protogetter/posfilter.go
 create mode 100644 vendor/github.com/ghostiam/protogetter/processor.go
 create mode 100644 vendor/github.com/ghostiam/protogetter/protogetter.go
 delete mode 100644 vendor/github.com/golangci/gofmt/gofmt/internal/execabs/execabs.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/gochecksumtype.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/inamedparam.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/perfsprint.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/protogetter.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/sloglint.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/golinters/testifylint.go
 create mode 100644 vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/custom_linters.go
 rename vendor/github.com/google/go-cmp/cmp/{export_unsafe.go => export.go} (94%)
 delete mode 100644 vendor/github.com/google/go-cmp/cmp/export_panic.go
 rename vendor/github.com/google/go-cmp/cmp/internal/value/{pointer_unsafe.go => pointer.go} (95%)
 delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
 delete mode 100644 vendor/github.com/google/uuid/.travis.yml
 create mode 100644 vendor/github.com/google/uuid/CHANGELOG.md
 delete mode 100644 vendor/github.com/huandu/xstrings/.travis.yml
 create mode 100644 vendor/github.com/jgautheron/goconst/.gitignore
 create mode 100644 vendor/github.com/macabu/inamedparam/.gitignore
 create mode 100644 vendor/github.com/macabu/inamedparam/LICENSE-MIT
 create mode 100644 vendor/github.com/macabu/inamedparam/README.md
 create mode 100644 vendor/github.com/macabu/inamedparam/inamedparam.go
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/LICENSE (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/NOTICE (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/.gitignore (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/Makefile (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/decode.go (83%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/doc.go (100%)
 rename vendor/github.com/matttproud/golang_protobuf_extensions/{ => v2}/pbutil/encode.go (91%)
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/args.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/branch.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/branch_kind.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/chain.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/doc.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/func.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/rule.go
 create mode 100644 vendor/github.com/mgechev/revive/internal/ifelse/target.go
 create mode 100644 vendor/github.com/mgechev/revive/lint/filefilter.go
 create mode 100644 vendor/github.com/mgechev/revive/rule/enforce-map-style.go
 create mode 100644 vendor/github.com/mgechev/revive/rule/import-alias-naming.go
 create mode 100644 vendor/github.com/mgechev/revive/rule/redundant-import-alias.go
 create mode 100644 vendor/github.com/mgechev/revive/rule/unchecked-type-assertion.go
 create mode 100644 vendor/github.com/moby/patternmatcher/ignorefile/ignorefile.go
 delete mode 100644 vendor/github.com/nbutton23/zxcvbn-go/.gitignore
 delete mode 100644 vendor/github.com/nbutton23/zxcvbn-go/Makefile
 create mode 100644 vendor/github.com/nunnatsa/ginkgolinter/.golangci.yml
 create mode 100644 vendor/github.com/nunnatsa/ginkgolinter/ginkgohandler/handler.go
 rename vendor/github.com/{docker/distribution => opencontainers/go-digest}/digestset/set.go (91%)
 create mode 100644 vendor/github.com/paultyng/go-unifi/unifi/setting_doh.generated.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.editorconfig
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.envrc
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.gitignore
 create mode 100644 vendor/github.com/sagikazarmark/locafero/.golangci.yaml
 create mode 100644 vendor/github.com/sagikazarmark/locafero/LICENSE
 create mode 100644 vendor/github.com/sagikazarmark/locafero/README.md
 create mode 100644 vendor/github.com/sagikazarmark/locafero/file_type.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/finder.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/flake.lock
 create mode 100644 vendor/github.com/sagikazarmark/locafero/flake.nix
 create mode 100644 vendor/github.com/sagikazarmark/locafero/helpers.go
 create mode 100644 vendor/github.com/sagikazarmark/locafero/justfile
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.editorconfig
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.envrc
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/.gitignore
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/LICENSE
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/README.md
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/attr.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/attr_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/flake.lock
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/flake.nix
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/json_handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/level.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/level_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/logger.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/logger_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/record.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/record_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/text_handler.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/value.go
 create mode 100644 vendor/github.com/sagikazarmark/slog-shim/value_120.go
 create mode 100644 vendor/github.com/securego/gosec/v2/analyzers/slice_bounds.go
 delete mode 100644 vendor/github.com/securego/gosec/v2/analyzers/ssrf.go
 create mode 100644 vendor/github.com/sourcegraph/conc/.golangci.yml
 create mode 100644 vendor/github.com/sourcegraph/conc/LICENSE
 create mode 100644 vendor/github.com/sourcegraph/conc/README.md
 create mode 100644 vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
 create mode 100644 vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
 create mode 100644 vendor/github.com/sourcegraph/conc/iter/iter.go
 create mode 100644 vendor/github.com/sourcegraph/conc/iter/map.go
 create mode 100644 vendor/github.com/sourcegraph/conc/panics/panics.go
 create mode 100644 vendor/github.com/sourcegraph/conc/panics/try.go
 create mode 100644 vendor/github.com/sourcegraph/conc/waitgroup.go
 delete mode 100644 vendor/github.com/spf13/cobra/active_help.md
 delete mode 100644 vendor/github.com/spf13/cobra/bash_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/fish_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/powershell_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/projects_using_cobra.md
 delete mode 100644 vendor/github.com/spf13/cobra/shell_completions.md
 delete mode 100644 vendor/github.com/spf13/cobra/user_guide.md
 delete mode 100644 vendor/github.com/spf13/cobra/zsh_completions.md
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/.gitignore
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/README.md
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/default_notepad.go
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/log_counter.go
 delete mode 100644 vendor/github.com/spf13/jwalterweatherman/notepad.go
 create mode 100644 vendor/github.com/spf13/viper/.envrc
 create mode 100644 vendor/github.com/spf13/viper/.yamlignore
 create mode 100644 vendor/github.com/spf13/viper/.yamllint.yaml
 delete mode 100644 vendor/github.com/spf13/viper/experimental_logger.go
 create mode 100644 vendor/github.com/spf13/viper/flake.lock
 create mode 100644 vendor/github.com/spf13/viper/flake.nix
 delete mode 100644 vendor/github.com/spf13/viper/fs.go
 create mode 100644 vendor/go-simpler.org/sloglint/.golangci.yml
 create mode 100644 vendor/go-simpler.org/sloglint/.goreleaser.yml
 create mode 100644 vendor/go-simpler.org/sloglint/LICENSE
 create mode 100644 vendor/go-simpler.org/sloglint/README.md
 create mode 100644 vendor/go-simpler.org/sloglint/sloglint.go
 delete mode 100644 vendor/go.uber.org/atomic/.codecov.yml
 delete mode 100644 vendor/go.uber.org/atomic/.gitignore
 delete mode 100644 vendor/go.uber.org/atomic/CHANGELOG.md
 delete mode 100644 vendor/go.uber.org/atomic/Makefile
 delete mode 100644 vendor/go.uber.org/atomic/README.md
 delete mode 100644 vendor/go.uber.org/atomic/bool.go
 delete mode 100644 vendor/go.uber.org/atomic/doc.go
 delete mode 100644 vendor/go.uber.org/atomic/duration.go
 delete mode 100644 vendor/go.uber.org/atomic/duration_ext.go
 delete mode 100644 vendor/go.uber.org/atomic/error.go
 delete mode 100644 vendor/go.uber.org/atomic/float32.go
 delete mode 100644 vendor/go.uber.org/atomic/float32_ext.go
 delete mode 100644 vendor/go.uber.org/atomic/float64.go
 delete mode 100644 vendor/go.uber.org/atomic/float64_ext.go
 delete mode 100644 vendor/go.uber.org/atomic/gen.go
 delete mode 100644 vendor/go.uber.org/atomic/int32.go
 delete mode 100644 vendor/go.uber.org/atomic/int64.go
 delete mode 100644 vendor/go.uber.org/atomic/nocmp.go
 delete mode 100644 vendor/go.uber.org/atomic/pointer_go118.go
 delete mode 100644 vendor/go.uber.org/atomic/pointer_go119.go
 delete mode 100644 vendor/go.uber.org/atomic/string.go
 delete mode 100644 vendor/go.uber.org/atomic/string_ext.go
 delete mode 100644 vendor/go.uber.org/atomic/time_ext.go
 delete mode 100644 vendor/go.uber.org/atomic/uint32.go
 delete mode 100644 vendor/go.uber.org/atomic/uint64.go
 delete mode 100644 vendor/go.uber.org/atomic/uintptr.go
 delete mode 100644 vendor/go.uber.org/atomic/unsafe_pointer.go
 delete mode 100644 vendor/go.uber.org/atomic/value.go
 rename vendor/go.uber.org/{atomic/error_ext.go => multierr/error_post_go120.go} (65%)
 create mode 100644 vendor/go.uber.org/multierr/error_pre_go120.go
 delete mode 100644 vendor/go.uber.org/multierr/glide.yaml
 create mode 100644 vendor/go.uber.org/zap/.golangci.yml
 delete mode 100644 vendor/go.uber.org/zap/array_go118.go
 rename vendor/go.uber.org/{atomic/bool_ext.go => zap/internal/pool/pool.go} (56%)
 rename vendor/go.uber.org/zap/{stacktrace.go => internal/stacktrace/stack.go} (73%)
 rename vendor/go.uber.org/{atomic/time.go => zap/zapcore/lazy_with.go} (60%)
 create mode 100644 vendor/golang.org/x/exp/slog/attr.go
 create mode 100644 vendor/golang.org/x/exp/slog/doc.go
 create mode 100644 vendor/golang.org/x/exp/slog/handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
 create mode 100644 vendor/golang.org/x/exp/slog/internal/ignorepc.go
 create mode 100644 vendor/golang.org/x/exp/slog/json_handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/level.go
 create mode 100644 vendor/golang.org/x/exp/slog/logger.go
 create mode 100644 vendor/golang.org/x/exp/slog/noplog.bench
 create mode 100644 vendor/golang.org/x/exp/slog/record.go
 create mode 100644 vendor/golang.org/x/exp/slog/text_handler.go
 create mode 100644 vendor/golang.org/x/exp/slog/value.go
 create mode 100644 vendor/golang.org/x/exp/slog/value_119.go
 create mode 100644 vendor/golang.org/x/exp/slog/value_120.go
 delete mode 100644 vendor/golang.org/x/net/context/context.go
 delete mode 100644 vendor/golang.org/x/net/context/go17.go
 delete mode 100644 vendor/golang.org/x/net/context/go19.go
 delete mode 100644 vendor/golang.org/x/net/context/pre_go17.go
 delete mode 100644 vendor/golang.org/x/net/context/pre_go19.go
 delete mode 100644 vendor/golang.org/x/net/http2/go111.go
 delete mode 100644 vendor/golang.org/x/net/http2/go115.go
 delete mode 100644 vendor/golang.org/x/net/http2/go118.go
 delete mode 100644 vendor/golang.org/x/net/http2/not_go111.go
 delete mode 100644 vendor/golang.org/x/net/http2/not_go115.go
 delete mode 100644 vendor/golang.org/x/net/http2/not_go118.go
 create mode 100644 vendor/golang.org/x/oauth2/deviceauth.go
 create mode 100644 vendor/golang.org/x/oauth2/pkce.go
 create mode 100644 vendor/golang.org/x/text/encoding/encoding.go
 create mode 100644 vendor/golang.org/x/text/encoding/internal/identifier/identifier.go
 create mode 100644 vendor/golang.org/x/text/encoding/internal/identifier/mib.go
 create mode 100644 vendor/golang.org/x/text/encoding/internal/internal.go
 create mode 100644 vendor/golang.org/x/text/encoding/unicode/override.go
 create mode 100644 vendor/golang.org/x/text/encoding/unicode/unicode.go
 create mode 100644 vendor/golang.org/x/text/internal/utf8internal/utf8internal.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/appends/doc.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/defers/doc.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/slog/doc.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go
 create mode 100644 vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go
 delete mode 100644 vendor/golang.org/x/tools/go/ssa/identical.go
 delete mode 100644 vendor/golang.org/x/tools/go/ssa/identical_17.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
 delete mode 100644 vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/gover.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/types.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/types_go121.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/types_go122.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/versions_go121.go
 create mode 100644 vendor/golang.org/x/tools/internal/versions/versions_go122.go
 delete mode 100644 vendor/google.golang.org/appengine/.travis.yml
 delete mode 100644 vendor/google.golang.org/appengine/travis_install.sh
 delete mode 100644 vendor/google.golang.org/appengine/travis_test.sh
 rename vendor/google.golang.org/grpc/{ => internal/idle}/idle.go (61%)
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
 create mode 100644 vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go

diff --git a/vendor/github.com/4meepo/tagalign/.golangci.yml b/vendor/github.com/4meepo/tagalign/.golangci.yml
index 99baa8c21..e65f604fe 100644
--- a/vendor/github.com/4meepo/tagalign/.golangci.yml
+++ b/vendor/github.com/4meepo/tagalign/.golangci.yml
@@ -42,7 +42,6 @@ linters-settings:
       - name: receiver-naming
       - name: redefines-builtin-id
       - name: string-of-int
-      - name: struct-tag
       - name: superfluous-else
       - name: time-naming
       - name: unconditional-recursion
@@ -81,7 +80,7 @@ linters:
     - goprintffuncname
     - gosec
     - gosimple
-    - govet
+    # - govet
     - importas
     - ineffassign
     - makezero
diff --git a/vendor/github.com/4meepo/tagalign/README.md b/vendor/github.com/4meepo/tagalign/README.md
index 9181e7a19..9d04dccbf 100644
--- a/vendor/github.com/4meepo/tagalign/README.md
+++ b/vendor/github.com/4meepo/tagalign/README.md
@@ -41,6 +41,40 @@ type FooBar struct {
 }
 ```
 
+## Usage
+
+By default tagalign will only align tags, but not sort them. But alignment and [sort feature](https://github.com/4meepo/tagalign#sort-tag) can work together or separately.
+
+* As a Golangci Linter (Recommended)
+
+    Tagalign is a built-in linter in [Golangci Lint](https://golangci-lint.run/usage/linters/#tagalign) since `v1.53`.
+    > Note: In order to have the best experience,  add the `--fix` flag to `golangci-lint` to enable the autofix feature.
+
+* Standalone Mode
+
+    Install it using `GO` or download it [here](https://github.com/4meepo/tagalign/releases).
+
+    ```bash
+    go install github.com/4meepo/tagalign/cmd/tagalign@latest
+    ```
+
+    Run it in your terminal.
+
+    ```bash
+    # Only align tags.
+    tagalign -fix {package path}
+    # Only sort tags with fixed order.
+    tagalign -fix -noalign -sort -order "json,xml" {package path}
+    # Align and sort together.
+    tagalign -fix -sort -order "json,xml" {package path}
+    # Align and sort together in strict style.
+    tagalign -fix -sort -order "json,xml" -strict {package path}
+    ```
+
+## Advanced Features
+
+### Sort Tag
+
 In addition to alignment, it can also sort tags with fixed order. If we enable sort with fixed order `json,xml`, the following code
 
 ```go
@@ -63,32 +97,29 @@ type SortExample struct {
 
 The fixed order is `json,xml`, so the tags `json` and `xml` will be sorted and aligned first, and the rest tags will be sorted and aligned in the dictionary order.
 
-## Install
-
-```bash
-go install github.com/4meepo/tagalign/cmd/tagalign
-```
-
-## Usage
+### Strict Style
 
-By default tagalign will only align tags, but not sort them. But alignment and sort can work together or separately.
+Sometimes, you may want to align your tags in strict style. In this style, the tags will be sorted and aligned in the dictionary order, and the tags with the same name will be aligned together. For example, the following code
 
-If you don't want to align tags, you can use `-noalign` to disable alignment.
+```go
+type StrictStyleExample struct {
+    Foo int ` xml:"baz" yaml:"bar" zip:"foo" binding:"required" gorm:"column:foo"  validate:"required"`
+    Bar int `validate:"required" gorm:"column:bar"  yaml:"foo" xml:"bar" binding:"required" json:"bar,omitempty" `
+}
+```
 
-You can use `-sort` to enable sort and `-order` to set the fixed order of tags.
+will be aligned to
 
-```bash
-# Only align tags.
-tagalign -fix {package path}
-# Only sort tags with fixed order.
-tagalign -fix -noalign -sort -order "json,xml" {package path}
-# Align and sort together.
-tagalign -fix -sort -order "json,xml" {package path}
+```go
+type StrictStyleExample struct {
+    Foo int `binding:"required" gorm:"column:foo"                      validate:"required" xml:"baz" yaml:"bar" zip:"foo"`
+    Bar int `binding:"required" gorm:"column:bar" json:"bar,omitempty" validate:"required" xml:"bar" yaml:"foo"`
+}
 ```
 
-TODO: integrate with golangci-lint
+> ⚠️Note: The strict style can't run without the align or sort feature enabled.
 
-## Reference
+## References
 
 [Golang AST Visualizer](http://goast.yuroyoro.net/)
 
diff --git a/vendor/github.com/4meepo/tagalign/options.go b/vendor/github.com/4meepo/tagalign/options.go
index 4deaf8cbc..ddec98da7 100644
--- a/vendor/github.com/4meepo/tagalign/options.go
+++ b/vendor/github.com/4meepo/tagalign/options.go
@@ -26,3 +26,12 @@ func WithAlign(enabled bool) Option {
 		h.align = enabled
 	}
 }
+
+// WithStrictStyle configure whether enable strict style.
+// StrictStyle is disabled by default.
+// Note: StrictStyle must be used with WithAlign(true) and WithSort(...) together, or it will be ignored.
+func WithStrictStyle() Option {
+	return func(h *Helper) {
+		h.style = StrictStyle
+	}
+}
diff --git a/vendor/github.com/4meepo/tagalign/tagalign.go b/vendor/github.com/4meepo/tagalign/tagalign.go
index 3dae96bc3..4734b5666 100644
--- a/vendor/github.com/4meepo/tagalign/tagalign.go
+++ b/vendor/github.com/4meepo/tagalign/tagalign.go
@@ -22,6 +22,17 @@ const (
 	GolangciLintMode
 )
 
+type Style int
+
+const (
+	DefaultStyle Style = iota
+	StrictStyle
+)
+
+const (
+	errTagValueSyntax = "bad syntax for struct tag value"
+)
+
 func NewAnalyzer(options ...Option) *analysis.Analyzer {
 	return &analysis.Analyzer{
 		Name: "tagalign",
@@ -38,12 +49,18 @@ func Run(pass *analysis.Pass, options ...Option) []Issue {
 	for _, f := range pass.Files {
 		h := &Helper{
 			mode:  StandaloneMode,
+			style: DefaultStyle,
 			align: true,
 		}
 		for _, opt := range options {
 			opt(h)
 		}
 
+		//  StrictStyle must be used with WithAlign(true) and WithSort(...) together, or it will be ignored.
+		if h.style == StrictStyle && (!h.align || !h.sort) {
+			h.style = DefaultStyle
+		}
+
 		if !h.align && !h.sort {
 			// do nothing
 			return nil
@@ -62,6 +79,8 @@ func Run(pass *analysis.Pass, options ...Option) []Issue {
 type Helper struct {
 	mode Mode
 
+	style Style
+
 	align         bool     // whether enable tags align.
 	sort          bool     // whether enable tags sort.
 	fixedTagOrder []string // the order of tags, the other tags will be sorted by name.
@@ -182,16 +201,36 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 
 		var maxTagNum int
 		var tagsGroup, notSortedTagsGroup [][]*structtag.Tag
-		for i, field := range fields {
-			offsets[i] = pass.Fset.Position(field.Tag.Pos()).Column
+
+		var uniqueKeys []string
+		addKey := func(k string) {
+			for _, key := range uniqueKeys {
+				if key == k {
+					return
+				}
+			}
+			uniqueKeys = append(uniqueKeys, k)
+		}
+
+		for i := 0; i < len(fields); {
+			field := fields[i]
+			column := pass.Fset.Position(field.Tag.Pos()).Column - 1
+			offsets[i] = column
+
 			tag, err := strconv.Unquote(field.Tag.Value)
 			if err != nil {
-				break
+				// if tag value is not a valid string, report it directly
+				w.report(pass, field, column, errTagValueSyntax, field.Tag.Value)
+				fields = removeField(fields, i)
+				continue
 			}
 
 			tags, err := structtag.Parse(tag)
 			if err != nil {
-				break
+				// if tag value is not a valid struct tag, report it directly
+				w.report(pass, field, column, err.Error(), field.Tag.Value)
+				fields = removeField(fields, i)
+				continue
 			}
 
 			maxTagNum = max(maxTagNum, tags.Len())
@@ -204,24 +243,47 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 				notSortedTagsGroup = append(notSortedTagsGroup, cp)
 				sortBy(w.fixedTagOrder, tags)
 			}
-
+			for _, t := range tags.Tags() {
+				addKey(t.Key)
+			}
 			tagsGroup = append(tagsGroup, tags.Tags())
+
+			i++
 		}
 
-		// if w.align{
-		// record the max length of each column tag
-		tagMaxLens := make([]int, maxTagNum)
+		if w.sort && StrictStyle == w.style {
+			sortAllKeys(w.fixedTagOrder, uniqueKeys)
+			maxTagNum = len(uniqueKeys)
+		}
 
+		// record the max length of each column tag
+		type tagLen struct {
+			Key string // present only when sort enabled
+			Len int
+		}
+		tagMaxLens := make([]tagLen, maxTagNum)
 		for j := 0; j < maxTagNum; j++ {
 			var maxLength int
+			var key string
 			for i := 0; i < len(tagsGroup); i++ {
-				if len(tagsGroup[i]) <= j {
-					// in case of index out of range
-					continue
+				if w.style == StrictStyle {
+					key = uniqueKeys[j]
+					// search by key
+					for _, tag := range tagsGroup[i] {
+						if tag.Key == key {
+							maxLength = max(maxLength, len(tag.String()))
+							break
+						}
+					}
+				} else {
+					if len(tagsGroup[i]) <= j {
+						// in case of index out of range
+						continue
+					}
+					maxLength = max(maxLength, len(tagsGroup[i][j].String()))
 				}
-				maxLength = max(maxLength, len(tagsGroup[i][j].String()))
 			}
-			tagMaxLens[j] = maxLength
+			tagMaxLens[j] = tagLen{key, maxLength}
 		}
 
 		for i, field := range fields {
@@ -231,9 +293,28 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 			if w.align {
 				// if align enabled, align tags.
 				newTagBuilder := strings.Builder{}
-				for i, tag := range tags {
-					format := alignFormat(tagMaxLens[i] + 1) // with an extra space
-					newTagBuilder.WriteString(fmt.Sprintf(format, tag.String()))
+				for i, n := 0, 0; i < len(tags) && n < len(tagMaxLens); {
+					tag := tags[i]
+					var format string
+					if w.style == StrictStyle {
+						if tagMaxLens[n].Key == tag.Key {
+							// match
+							format = alignFormat(tagMaxLens[n].Len + 1) // with an extra space
+							newTagBuilder.WriteString(fmt.Sprintf(format, tag.String()))
+							i++
+							n++
+						} else {
+							// tag missing
+							format = alignFormat(tagMaxLens[n].Len + 1)
+							newTagBuilder.WriteString(fmt.Sprintf(format, ""))
+							n++
+						}
+					} else {
+						format = alignFormat(tagMaxLens[n].Len + 1) // with an extra space
+						newTagBuilder.WriteString(fmt.Sprintf(format, tag.String()))
+						i++
+						n++
+					}
 				}
 				newTagStr = newTagBuilder.String()
 			} else {
@@ -249,7 +330,8 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 				newTagStr = strings.Join(tagsStr, " ")
 			}
 
-			unquoteTag := strings.TrimSpace(newTagStr)
+			unquoteTag := strings.TrimRight(newTagStr, " ")
+			// unquoteTag := newTagStr
 			newTagValue := fmt.Sprintf("`%s`", unquoteTag)
 			if field.Tag.Value == newTagValue {
 				// nothing changed
@@ -258,19 +340,22 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 
 			msg := "tag is not aligned, should be: " + unquoteTag
 
-			w.report(pass, field, offsets[i]-1, msg, newTagValue)
+			w.report(pass, field, offsets[i], msg, newTagValue)
 		}
 	}
 
 	// process single fields
 	for _, field := range w.singleFields {
+		column := pass.Fset.Position(field.Tag.Pos()).Column - 1
 		tag, err := strconv.Unquote(field.Tag.Value)
 		if err != nil {
+			w.report(pass, field, column, errTagValueSyntax, field.Tag.Value)
 			continue
 		}
 
 		tags, err := structtag.Parse(tag)
 		if err != nil {
+			w.report(pass, field, column, err.Error(), field.Tag.Value)
 			continue
 		}
 		originalTags := append([]*structtag.Tag(nil), tags.Tags()...)
@@ -278,20 +363,15 @@ func (w *Helper) Process(pass *analysis.Pass) { //nolint:gocognit
 			sortBy(w.fixedTagOrder, tags)
 		}
 
-		if reflect.DeepEqual(originalTags, tags.Tags()) {
-			// if tags order not changed, do nothing
-			continue
-		}
-
 		newTagValue := fmt.Sprintf("`%s`", tags.String())
-		if field.Tag.Value == newTagValue {
-			// nothing changed
+		if reflect.DeepEqual(originalTags, tags.Tags()) && field.Tag.Value == newTagValue {
+			// if tags order not changed, do nothing
 			continue
 		}
 
 		msg := "tag is not aligned , should be: " + tags.String()
 
-		w.report(pass, field, pass.Fset.Position(field.Tag.Pos()).Column-1, msg, newTagValue)
+		w.report(pass, field, column, msg, newTagValue)
 	}
 }
 
@@ -329,6 +409,27 @@ func sortBy(fixedOrder []string, tags *structtag.Tags) {
 	})
 }
 
+func sortAllKeys(fixedOrder []string, keys []string) {
+	sort.Slice(keys, func(i, j int) bool {
+		oi := findIndex(fixedOrder, keys[i])
+		oj := findIndex(fixedOrder, keys[j])
+
+		if oi == -1 && oj == -1 {
+			return keys[i] < keys[j]
+		}
+
+		if oi == -1 {
+			return false
+		}
+
+		if oj == -1 {
+			return true
+		}
+
+		return oi < oj
+	})
+}
+
 func findIndex(s []string, e string) int {
 	for i, a := range s {
 		if a == e {
@@ -348,3 +449,11 @@ func max(a, b int) int {
 	}
 	return b
 }
+
+func removeField(fields []*ast.Field, index int) []*ast.Field {
+	if index < 0 || index >= len(fields) {
+		return fields
+	}
+
+	return append(fields[:index], fields[index+1:]...)
+}
diff --git a/vendor/github.com/Abirdcfly/dupword/README.md b/vendor/github.com/Abirdcfly/dupword/README.md
index 6917acae2..e6c5b919f 100644
--- a/vendor/github.com/Abirdcfly/dupword/README.md
+++ b/vendor/github.com/Abirdcfly/dupword/README.md
@@ -109,10 +109,12 @@ Flags:
         apply all suggested fixes
   -flags
         print analyzer flags in JSON
+  -ignore value
+        ignore words
   -json
         emit JSON output
   -keyword value
-        key words for detecting duplicate words
+        keywords for detecting duplicate words
   -memprofile string
         write memory profile to this file
   -source
@@ -128,7 +130,7 @@ Flags:
 
 ### 5. my advice
 
-use `--keyword=the,and,a` and `-fix` together. I personally think that specifying only common repeated prepositions can effectively avoid false positives. 
+use `--keyword=the,and,a` and `-fix` together. I think that specifying only commonly repeated prepositions can effectively avoid false positives. 
 
 see [dupword#4](https://github.com/Abirdcfly/dupword/issues/4) for real code example.
 
diff --git a/vendor/github.com/Abirdcfly/dupword/dupword.go b/vendor/github.com/Abirdcfly/dupword/dupword.go
index 508caca52..c291eab52 100644
--- a/vendor/github.com/Abirdcfly/dupword/dupword.go
+++ b/vendor/github.com/Abirdcfly/dupword/dupword.go
@@ -52,6 +52,7 @@ This analyzer checks miswritten duplicate words in comments or package doc or st
 var (
 	defaultWord = []string{}
 	// defaultWord = []string{"the", "and", "a"}
+	ignoreWord = map[string]bool{}
 )
 
 type analyzer struct {
@@ -70,7 +71,31 @@ func (a *analyzer) Set(w string) error {
 	return nil
 }
 
+type ignore struct {
+}
+
+func (a *ignore) String() string {
+	t := make([]string,0,  len(ignoreWord))
+	for k := range ignoreWord {
+		t = append(t, k)
+	}
+	return strings.Join(t, ",")
+}
+
+func (a *ignore) Set(w string) error {
+	for _, k := range strings.Split(w, ","){
+		ignoreWord[k] = true
+	}
+	return nil
+}
+
+// for test only
+func ClearIgnoreWord() {
+	ignoreWord = map[string]bool{}
+}
+
 func NewAnalyzer() *analysis.Analyzer {
+	ignore := &ignore{}
 	analyzer := &analyzer{KeyWord: defaultWord}
 	a := &analysis.Analyzer{
 		Name:             Name,
@@ -80,7 +105,8 @@ func NewAnalyzer() *analysis.Analyzer {
 		RunDespiteErrors: true,
 	}
 	a.Flags.Init(Name, flag.ExitOnError)
-	a.Flags.Var(analyzer, "keyword", "key words for detecting duplicate words")
+	a.Flags.Var(analyzer, "keyword", "keywords for detecting duplicate words")
+	a.Flags.Var(ignore, "ignore", "ignore words")
 	a.Flags.Var(version{}, "V", "print version and exit")
 	return a
 }
@@ -176,7 +202,7 @@ func (a *analyzer) fixDuplicateWordInString(pass *analysis.Pass, lit *ast.BasicL
 	}
 }
 
-// CheckOneKey use to check there is defined duplicate word in a string.
+// CheckOneKey use to check there is a defined duplicate word in a string.
 // raw is checked line. key is the keyword to check. empty means just check duplicate word.
 func CheckOneKey(raw, key string) (new string, findWord string, find bool) {
 	if key == "" {
@@ -298,5 +324,8 @@ func ExcludeWords(word string) (exclude bool) {
 	if unicode.IsSymbol(firstRune) {
 		return true
 	}
+	if _, exist := ignoreWord[word]; exist {
+		return true
+	}
 	return false
 }
diff --git a/vendor/github.com/Antonboom/errname/pkg/analyzer/analyzer.go b/vendor/github.com/Antonboom/errname/pkg/analyzer/analyzer.go
index 6425db137..aa8522510 100644
--- a/vendor/github.com/Antonboom/errname/pkg/analyzer/analyzer.go
+++ b/vendor/github.com/Antonboom/errname/pkg/analyzer/analyzer.go
@@ -1,6 +1,7 @@
 package analyzer
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
 	"strconv"
@@ -25,16 +26,16 @@ func New() *analysis.Analyzer {
 type stringSet = map[string]struct{}
 
 var (
-	imports = []ast.Node{(*ast.ImportSpec)(nil)}
-	types   = []ast.Node{(*ast.TypeSpec)(nil)}
-	funcs   = []ast.Node{(*ast.FuncDecl)(nil)}
+	importNodes = []ast.Node{(*ast.ImportSpec)(nil)}
+	typeNodes   = []ast.Node{(*ast.TypeSpec)(nil)}
+	funcNodes   = []ast.Node{(*ast.FuncDecl)(nil)}
 )
 
 func run(pass *analysis.Pass) (interface{}, error) {
 	insp := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
 
 	pkgAliases := map[string]string{}
-	insp.Preorder(imports, func(node ast.Node) {
+	insp.Preorder(importNodes, func(node ast.Node) {
 		i := node.(*ast.ImportSpec)
 		if n := i.Name; n != nil && i.Path != nil {
 			if path, err := strconv.Unquote(i.Path.Value); err == nil {
@@ -45,14 +46,14 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 	allTypes := stringSet{}
 	typesSpecs := map[string]*ast.TypeSpec{}
-	insp.Preorder(types, func(node ast.Node) {
+	insp.Preorder(typeNodes, func(node ast.Node) {
 		t := node.(*ast.TypeSpec)
 		allTypes[t.Name.Name] = struct{}{}
 		typesSpecs[t.Name.Name] = t
 	})
 
 	errorTypes := stringSet{}
-	insp.Preorder(funcs, func(node ast.Node) {
+	insp.Preorder(funcNodes, func(node ast.Node) {
 		f := node.(*ast.FuncDecl)
 		t, ok := isMethodError(f)
 		if !ok {
@@ -62,7 +63,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 		tSpec, ok := typesSpecs[t]
 		if !ok {
-			panic("no specification for type " + t)
+			panic(fmt.Sprintf("no specification for type %q", t))
 		}
 
 		if _, ok := tSpec.Type.(*ast.ArrayType); ok {
@@ -75,7 +76,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	})
 
 	errorFuncs := stringSet{}
-	insp.Preorder(funcs, func(node ast.Node) {
+	insp.Preorder(funcNodes, func(node ast.Node) {
 		f := node.(*ast.FuncDecl)
 		if isFuncReturningErr(f.Type, allTypes, errorTypes) {
 			errorFuncs[f.Name.Name] = struct{}{}
diff --git a/vendor/github.com/Antonboom/errname/pkg/analyzer/facts.go b/vendor/github.com/Antonboom/errname/pkg/analyzer/facts.go
index 8711f9cf5..06f8d61d8 100644
--- a/vendor/github.com/Antonboom/errname/pkg/analyzer/facts.go
+++ b/vendor/github.com/Antonboom/errname/pkg/analyzer/facts.go
@@ -1,8 +1,10 @@
 package analyzer
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
+	"go/types"
 	"strings"
 	"unicode"
 )
@@ -34,15 +36,19 @@ func isMethodError(f *ast.FuncDecl) (typeName string, ok bool) {
 			if i, ok := v.X.(*ast.Ident); ok {
 				return i.Name
 			}
+		case *ast.IndexListExpr:
+			if i, ok := v.X.(*ast.Ident); ok {
+				return i.Name
+			}
 		}
-		return ""
+		panic(fmt.Errorf("unsupported Error() receiver type %q", types.ExprString(e)))
 	}
 
 	switch rt := f.Recv.List[0].Type; v := rt.(type) {
-	case *ast.Ident, *ast.IndexExpr: // SomeError, SomeError[T]
+	case *ast.Ident, *ast.IndexExpr, *ast.IndexListExpr: // SomeError, SomeError[T], SomeError[T1, T2, ...]
 		receiverType = unwrapIdentName(rt)
 
-	case *ast.StarExpr: // *SomeError, *SomeError[T]
+	case *ast.StarExpr: // *SomeError, *SomeError[T], *SomeError[T1, T2, ...]
 		receiverType = unwrapIdentName(v.X)
 	}
 
diff --git a/vendor/github.com/Antonboom/nilnil/pkg/analyzer/analyzer.go b/vendor/github.com/Antonboom/nilnil/pkg/analyzer/analyzer.go
index 6bed7696a..e980db546 100644
--- a/vendor/github.com/Antonboom/nilnil/pkg/analyzer/analyzer.go
+++ b/vendor/github.com/Antonboom/nilnil/pkg/analyzer/analyzer.go
@@ -89,7 +89,7 @@ func (n *nilNil) run(pass *analysis.Pass) (interface{}, error) {
 
 			fRes1, fRes2 := ft.Results.List[0], ft.Results.List[1]
 			if !(n.isDangerNilField(fRes1, typeSpecs) && n.isErrorField(fRes2)) {
-				return
+				return false
 			}
 
 			rRes1, rRes2 := v.Results[0], v.Results[1]
diff --git a/vendor/github.com/Antonboom/testifylint/LICENSE b/vendor/github.com/Antonboom/testifylint/LICENSE
new file mode 100644
index 000000000..9b1cf3a39
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Anton Telyshev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/Antonboom/testifylint/analyzer/analyzer.go b/vendor/github.com/Antonboom/testifylint/analyzer/analyzer.go
new file mode 100644
index 000000000..c0b98f83c
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/analyzer/analyzer.go
@@ -0,0 +1,175 @@
+package analyzer
+
+import (
+	"fmt"
+	"go/ast"
+	"go/types"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/ast/inspector"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+	"github.com/Antonboom/testifylint/internal/checkers"
+	"github.com/Antonboom/testifylint/internal/config"
+	"github.com/Antonboom/testifylint/internal/testify"
+)
+
+const (
+	name = "testifylint"
+	doc  = "Checks usage of " + testify.ModulePath + "."
+	url  = "https://github.com/antonboom/" + name
+)
+
+// New returns new instance of testifylint analyzer.
+func New() *analysis.Analyzer {
+	cfg := config.NewDefault()
+
+	analyzer := &analysis.Analyzer{
+		Name: name,
+		Doc:  doc,
+		URL:  url,
+		Run: func(pass *analysis.Pass) (any, error) {
+			regularCheckers, advancedCheckers, err := newCheckers(cfg)
+			if err != nil {
+				return nil, fmt.Errorf("build checkers: %v", err)
+			}
+
+			tl := &testifyLint{
+				regularCheckers:  regularCheckers,
+				advancedCheckers: advancedCheckers,
+			}
+			return tl.run(pass)
+		},
+	}
+	config.BindToFlags(&cfg, &analyzer.Flags)
+
+	return analyzer
+}
+
+type testifyLint struct {
+	regularCheckers  []checkers.RegularChecker
+	advancedCheckers []checkers.AdvancedChecker
+}
+
+func (tl *testifyLint) run(pass *analysis.Pass) (any, error) {
+	filesToAnalysis := make([]*ast.File, 0, len(pass.Files))
+	for _, f := range pass.Files {
+		if !analysisutil.Imports(f, testify.AssertPkgPath, testify.RequirePkgPath, testify.SuitePkgPath) {
+			continue
+		}
+		filesToAnalysis = append(filesToAnalysis, f)
+	}
+
+	insp := inspector.New(filesToAnalysis)
+
+	// Regular checkers.
+	insp.Preorder([]ast.Node{(*ast.CallExpr)(nil)}, func(node ast.Node) {
+		tl.regularCheck(pass, node.(*ast.CallExpr))
+	})
+
+	// Advanced checkers.
+	for _, ch := range tl.advancedCheckers {
+		for _, d := range ch.Check(pass, insp) {
+			pass.Report(d)
+		}
+	}
+
+	return nil, nil
+}
+
+func (tl *testifyLint) regularCheck(pass *analysis.Pass, ce *ast.CallExpr) {
+	se, ok := ce.Fun.(*ast.SelectorExpr)
+	if !ok || se.Sel == nil {
+		return
+	}
+	fnName := se.Sel.Name
+
+	initiatorPkg, isPkgCall := func() (*types.Package, bool) {
+		// Examples:
+		// s.Assert         -> method of *suite.Suite        -> package suite ("vendor/github.com/stretchr/testify/suite")
+		// s.Assert().Equal -> method of *assert.Assertions  -> package assert ("vendor/github.com/stretchr/testify/assert")
+		// s.Equal          -> method of *assert.Assertions  -> package assert ("vendor/github.com/stretchr/testify/assert")
+		// reqObj.Falsef    -> method of *require.Assertions -> package require ("vendor/github.com/stretchr/testify/require")
+		if sel, ok := pass.TypesInfo.Selections[se]; ok {
+			return sel.Obj().Pkg(), false
+		}
+
+		// Examples:
+		// assert.False      -> assert  -> package assert ("vendor/github.com/stretchr/testify/assert")
+		// require.NotEqualf -> require -> package require ("vendor/github.com/stretchr/testify/require")
+		if id, ok := se.X.(*ast.Ident); ok {
+			if selObj := pass.TypesInfo.ObjectOf(id); selObj != nil {
+				if pkg, ok := selObj.(*types.PkgName); ok {
+					return pkg.Imported(), true
+				}
+			}
+		}
+		return nil, false
+	}()
+	if initiatorPkg == nil {
+		return
+	}
+
+	isAssert := analysisutil.IsPkg(initiatorPkg, testify.AssertPkgName, testify.AssertPkgPath)
+	isRequire := analysisutil.IsPkg(initiatorPkg, testify.RequirePkgName, testify.RequirePkgPath)
+	if !(isAssert || isRequire) {
+		return
+	}
+
+	call := &checkers.CallMeta{
+		Range:        ce,
+		IsPkg:        isPkgCall,
+		IsAssert:     isAssert,
+		Selector:     se,
+		SelectorXStr: analysisutil.NodeString(pass.Fset, se.X),
+		Fn: checkers.FnMeta{
+			Range: se.Sel,
+			Name:  fnName,
+			IsFmt: strings.HasSuffix(fnName, "f"),
+		},
+		Args:    trimTArg(pass, isAssert, ce.Args),
+		ArgsRaw: ce.Args,
+	}
+	for _, ch := range tl.regularCheckers {
+		if d := ch.Check(pass, call); d != nil {
+			pass.Report(*d)
+			// NOTE(a.telyshev): I'm not interested in multiple diagnostics per assertion.
+			// This simplifies the code and also makes the linter more efficient.
+			return
+		}
+	}
+}
+
+func trimTArg(pass *analysis.Pass, isAssert bool, args []ast.Expr) []ast.Expr {
+	if len(args) == 0 {
+		return args
+	}
+
+	if isTestingTPtr(pass, isAssert, args[0]) {
+		return args[1:]
+	}
+	return args
+}
+
+func isTestingTPtr(pass *analysis.Pass, isAssert bool, arg ast.Expr) bool {
+	pkgPath := testify.RequirePkgPath
+	if isAssert {
+		pkgPath = testify.AssertPkgPath
+	}
+
+	testingInterfaceObj := analysisutil.ObjectOf(pass.Pkg, pkgPath, "TestingT")
+	if testingInterfaceObj == nil {
+		return false
+	}
+
+	argType := pass.TypesInfo.TypeOf(arg)
+	if argType == nil {
+		return false
+	}
+
+	return types.Implements(
+		argType,
+		testingInterfaceObj.Type().Underlying().(*types.Interface),
+	)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/analyzer/checkers_factory.go b/vendor/github.com/Antonboom/testifylint/analyzer/checkers_factory.go
new file mode 100644
index 000000000..e87e35e50
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/analyzer/checkers_factory.go
@@ -0,0 +1,48 @@
+package analyzer
+
+import (
+	"fmt"
+
+	"github.com/Antonboom/testifylint/internal/checkers"
+	"github.com/Antonboom/testifylint/internal/config"
+)
+
+// newCheckers accepts linter config and returns slices of enabled checkers sorted by priority.
+func newCheckers(cfg config.Config) ([]checkers.RegularChecker, []checkers.AdvancedChecker, error) {
+	enabledCheckers := cfg.EnabledCheckers
+	if len(enabledCheckers) == 0 {
+		enabledCheckers = checkers.EnabledByDefault()
+	}
+	if cfg.EnableAll {
+		enabledCheckers = checkers.All()
+	}
+
+	checkers.SortByPriority(enabledCheckers)
+
+	regularCheckers := make([]checkers.RegularChecker, 0, len(enabledCheckers))
+	advancedCheckers := make([]checkers.AdvancedChecker, 0, len(enabledCheckers)/2)
+
+	for _, name := range enabledCheckers {
+		ch, ok := checkers.Get(name)
+		if !ok {
+			return nil, nil, fmt.Errorf("unknown checker %q", name)
+		}
+
+		switch c := ch.(type) {
+		case *checkers.ExpectedActual:
+			c.SetExpVarPattern(cfg.ExpectedActual.ExpVarPattern.Regexp)
+
+		case *checkers.SuiteExtraAssertCall:
+			c.SetMode(cfg.SuiteExtraAssertCall.Mode)
+		}
+
+		switch casted := ch.(type) {
+		case checkers.RegularChecker:
+			regularCheckers = append(regularCheckers, casted)
+		case checkers.AdvancedChecker:
+			advancedCheckers = append(advancedCheckers, casted)
+		}
+	}
+
+	return regularCheckers, advancedCheckers, nil
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/analysisutil/doc.go b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/doc.go
new file mode 100644
index 000000000..b57cbd938
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/doc.go
@@ -0,0 +1,9 @@
+// Package analysisutil contains functions common for `analyzer` and `internal/checkers` packages.
+// In addition, it is intended to "lighten" these packages.
+//
+// If the function is common to several packages, or it makes sense to test it separately without
+// "polluting" the target package with tests of private functionality, then you can put function in this package.
+//
+// It's important to avoid dependency on `golang.org/x/tools/go/analysis` in the helpers API.
+// This makes the API "narrower" and also allows you to test functions without some "abstraction leaks".
+package analysisutil
diff --git a/vendor/github.com/Antonboom/testifylint/internal/analysisutil/file.go b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/file.go
new file mode 100644
index 000000000..3fc1f42b8
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/file.go
@@ -0,0 +1,28 @@
+package analysisutil
+
+import (
+	"go/ast"
+	"strconv"
+)
+
+// Imports tells if the file imports at least one of the packages.
+// If no packages provided then function returns false.
+func Imports(file *ast.File, pkgs ...string) bool {
+	for _, i := range file.Imports {
+		if i.Path == nil {
+			continue
+		}
+
+		path, err := strconv.Unquote(i.Path.Value)
+		if err != nil {
+			continue
+		}
+		// NOTE(a.telyshev): Don't use `slices.Contains` to keep the minimum module version 1.20.
+		for _, pkg := range pkgs { // Small O(n).
+			if pkg == path {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/analysisutil/format.go b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/format.go
new file mode 100644
index 000000000..fcb4b847f
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/format.go
@@ -0,0 +1,34 @@
+package analysisutil
+
+import (
+	"bytes"
+	"go/ast"
+	"go/format"
+	"go/token"
+)
+
+// NodeString is a more powerful analogue of types.ExprString.
+// Return empty string if node AST is invalid.
+func NodeString(fset *token.FileSet, node ast.Node) string {
+	if v := formatNode(fset, node); v != nil {
+		return v.String()
+	}
+	return ""
+}
+
+// NodeBytes works as NodeString but returns a byte slice.
+// Return nil if node AST is invalid.
+func NodeBytes(fset *token.FileSet, node ast.Node) []byte {
+	if v := formatNode(fset, node); v != nil {
+		return v.Bytes()
+	}
+	return nil
+}
+
+func formatNode(fset *token.FileSet, node ast.Node) *bytes.Buffer {
+	buf := new(bytes.Buffer)
+	if err := format.Node(buf, fset, node); err != nil {
+		return nil
+	}
+	return buf
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/analysisutil/object.go b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/object.go
new file mode 100644
index 000000000..e01fba5c1
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/object.go
@@ -0,0 +1,34 @@
+package analysisutil
+
+import (
+	"go/ast"
+	"go/types"
+)
+
+// ObjectOf works in context of Golang package and returns types.Object for the given object's package and name.
+// The search is based on the provided package and its dependencies (imports).
+// Returns nil if the object is not found.
+func ObjectOf(pkg *types.Package, objPkg, objName string) types.Object {
+	if pkg.Path() == objPkg {
+		return pkg.Scope().Lookup(objName)
+	}
+
+	for _, i := range pkg.Imports() {
+		if trimVendor(i.Path()) == objPkg {
+			return i.Scope().Lookup(objName)
+		}
+	}
+	return nil
+}
+
+// IsObj returns true if expression is identifier which notes to given types.Object.
+// Useful in combination with types.Universe objects.
+func IsObj(typesInfo *types.Info, expr ast.Expr, expected types.Object) bool {
+	id, ok := expr.(*ast.Ident)
+	if !ok {
+		return false
+	}
+
+	obj := typesInfo.ObjectOf(id)
+	return obj.Id() == expected.Id()
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/analysisutil/pkg.go b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/pkg.go
new file mode 100644
index 000000000..d34be5d34
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/analysisutil/pkg.go
@@ -0,0 +1,19 @@
+package analysisutil
+
+import (
+	"go/types"
+	"strings"
+)
+
+// IsPkg checks that package has corresponding objName and path.
+// Supports vendored packages.
+func IsPkg(pkg *types.Package, name, path string) bool {
+	return pkg.Name() == name && trimVendor(pkg.Path()) == path
+}
+
+func trimVendor(path string) string {
+	if strings.HasPrefix(path, "vendor/") {
+		return path[len("vendor/"):]
+	}
+	return path
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/bool_compare.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/bool_compare.go
new file mode 100644
index 000000000..8245ab58e
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/bool_compare.go
@@ -0,0 +1,223 @@
+package checkers
+
+import (
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// BoolCompare detects situations like
+//
+//	assert.Equal(t, false, result)
+//	assert.NotEqual(t, result, true)
+//	assert.False(t, !result)
+//	assert.True(t, result == true)
+//	...
+//
+// and requires
+//
+//	assert.False(t, result)
+//	assert.True(t, result)
+type BoolCompare struct{} //
+
+// NewBoolCompare constructs BoolCompare checker.
+func NewBoolCompare() BoolCompare { return BoolCompare{} }
+func (BoolCompare) Name() string  { return "bool-compare" }
+
+func (checker BoolCompare) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	newUseFnDiagnostic := func(proposed string, survivingArg ast.Node, replaceStart, replaceEnd token.Pos) *analysis.Diagnostic {
+		return newUseFunctionDiagnostic(checker.Name(), call, proposed,
+			newSuggestedFuncReplacement(call, proposed, analysis.TextEdit{
+				Pos:     replaceStart,
+				End:     replaceEnd,
+				NewText: analysisutil.NodeBytes(pass.Fset, survivingArg),
+			}),
+		)
+	}
+
+	newUseTrueDiagnostic := func(survivingArg ast.Node, replaceStart, replaceEnd token.Pos) *analysis.Diagnostic {
+		return newUseFnDiagnostic("True", survivingArg, replaceStart, replaceEnd)
+	}
+
+	newUseFalseDiagnostic := func(survivingArg ast.Node, replaceStart, replaceEnd token.Pos) *analysis.Diagnostic {
+		return newUseFnDiagnostic("False", survivingArg, replaceStart, replaceEnd)
+	}
+
+	newNeedSimplifyDiagnostic := func(survivingArg ast.Node, replaceStart, replaceEnd token.Pos) *analysis.Diagnostic {
+		return newDiagnostic(checker.Name(), call, "need to simplify the assertion",
+			&analysis.SuggestedFix{
+				Message: "Simplify the assertion",
+				TextEdits: []analysis.TextEdit{{
+					Pos:     replaceStart,
+					End:     replaceEnd,
+					NewText: analysisutil.NodeBytes(pass.Fset, survivingArg),
+				}},
+			},
+		)
+	}
+
+	switch call.Fn.Name {
+	case "Equal", "Equalf":
+		if len(call.Args) < 2 {
+			return nil
+		}
+
+		arg1, arg2 := call.Args[0], call.Args[1]
+		t1, t2 := isUntypedTrue(pass, arg1), isUntypedTrue(pass, arg2)
+		f1, f2 := isUntypedFalse(pass, arg1), isUntypedFalse(pass, arg2)
+
+		switch {
+		case xor(t1, t2):
+			survivingArg, _ := anyVal([]bool{t1, t2}, arg2, arg1)
+			return newUseTrueDiagnostic(survivingArg, arg1.Pos(), arg2.End())
+
+		case xor(f1, f2):
+			survivingArg, _ := anyVal([]bool{f1, f2}, arg2, arg1)
+			return newUseFalseDiagnostic(survivingArg, arg1.Pos(), arg2.End())
+		}
+
+	case "NotEqual", "NotEqualf":
+		if len(call.Args) < 2 {
+			return nil
+		}
+
+		arg1, arg2 := call.Args[0], call.Args[1]
+		t1, t2 := isUntypedTrue(pass, arg1), isUntypedTrue(pass, arg2)
+		f1, f2 := isUntypedFalse(pass, arg1), isUntypedFalse(pass, arg2)
+
+		switch {
+		case xor(t1, t2):
+			survivingArg, _ := anyVal([]bool{t1, t2}, arg2, arg1)
+			return newUseFalseDiagnostic(survivingArg, arg1.Pos(), arg2.End())
+
+		case xor(f1, f2):
+			survivingArg, _ := anyVal([]bool{f1, f2}, arg2, arg1)
+			return newUseTrueDiagnostic(survivingArg, arg1.Pos(), arg2.End())
+		}
+
+	case "True", "Truef":
+		if len(call.Args) < 1 {
+			return nil
+		}
+		expr := call.Args[0]
+
+		{
+			arg1, ok1 := isComparisonWithTrue(pass, expr, token.EQL)
+			arg2, ok2 := isComparisonWithFalse(pass, expr, token.NEQ)
+
+			if survivingArg, ok := anyVal([]bool{ok1, ok2}, arg1, arg2); ok {
+				return newNeedSimplifyDiagnostic(survivingArg, expr.Pos(), expr.End())
+			}
+		}
+
+		{
+			arg1, ok1 := isComparisonWithTrue(pass, expr, token.NEQ)
+			arg2, ok2 := isComparisonWithFalse(pass, expr, token.EQL)
+			arg3, ok3 := isNegation(expr)
+
+			if survivingArg, ok := anyVal([]bool{ok1, ok2, ok3}, arg1, arg2, arg3); ok {
+				return newUseFalseDiagnostic(survivingArg, expr.Pos(), expr.End())
+			}
+		}
+
+	case "False", "Falsef":
+		if len(call.Args) < 1 {
+			return nil
+		}
+		expr := call.Args[0]
+
+		{
+			arg1, ok1 := isComparisonWithTrue(pass, expr, token.EQL)
+			arg2, ok2 := isComparisonWithFalse(pass, expr, token.NEQ)
+
+			if survivingArg, ok := anyVal([]bool{ok1, ok2}, arg1, arg2); ok {
+				return newNeedSimplifyDiagnostic(survivingArg, expr.Pos(), expr.End())
+			}
+		}
+
+		{
+			arg1, ok1 := isComparisonWithTrue(pass, expr, token.NEQ)
+			arg2, ok2 := isComparisonWithFalse(pass, expr, token.EQL)
+			arg3, ok3 := isNegation(expr)
+
+			if survivingArg, ok := anyVal([]bool{ok1, ok2, ok3}, arg1, arg2, arg3); ok {
+				return newUseTrueDiagnostic(survivingArg, expr.Pos(), expr.End())
+			}
+		}
+	}
+	return nil
+}
+
+var (
+	falseObj = types.Universe.Lookup("false")
+	trueObj  = types.Universe.Lookup("true")
+)
+
+func isUntypedTrue(pass *analysis.Pass, e ast.Expr) bool {
+	return analysisutil.IsObj(pass.TypesInfo, e, trueObj)
+}
+
+func isUntypedFalse(pass *analysis.Pass, e ast.Expr) bool {
+	return analysisutil.IsObj(pass.TypesInfo, e, falseObj)
+}
+
+func isComparisonWithTrue(pass *analysis.Pass, e ast.Expr, op token.Token) (ast.Expr, bool) {
+	return isComparisonWith(pass, e, isUntypedTrue, op)
+}
+
+func isComparisonWithFalse(pass *analysis.Pass, e ast.Expr, op token.Token) (ast.Expr, bool) {
+	return isComparisonWith(pass, e, isUntypedFalse, op)
+}
+
+type predicate func(pass *analysis.Pass, e ast.Expr) bool
+
+func isComparisonWith(pass *analysis.Pass, e ast.Expr, predicate predicate, op token.Token) (ast.Expr, bool) {
+	be, ok := e.(*ast.BinaryExpr)
+	if !ok {
+		return nil, false
+	}
+	if be.Op != op {
+		return nil, false
+	}
+
+	t1, t2 := predicate(pass, be.X), predicate(pass, be.Y)
+	if xor(t1, t2) {
+		if t1 {
+			return be.Y, true
+		}
+		return be.X, true
+	}
+	return nil, false
+}
+
+func isNegation(e ast.Expr) (ast.Expr, bool) {
+	ue, ok := e.(*ast.UnaryExpr)
+	if !ok {
+		return nil, false
+	}
+	return ue.X, ue.Op == token.NOT
+}
+
+func xor(a, b bool) bool {
+	return a != b
+}
+
+// anyVal returns the first value[i] for which bools[i] is true.
+func anyVal[T any](bools []bool, vals ...T) (T, bool) {
+	if len(bools) != len(vals) {
+		panic("inconsistent usage of valOr") //nolint:forbidigo // Does not depend on the code being analyzed.
+	}
+
+	for i, b := range bools {
+		if b {
+			return vals[i], true
+		}
+	}
+
+	var _default T
+	return _default, false
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/checker.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/checker.go
new file mode 100644
index 000000000..f3249dc3c
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/checker.go
@@ -0,0 +1,59 @@
+package checkers
+
+import (
+	"go/ast"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/ast/inspector"
+)
+
+// CallMeta stores meta info about assertion function/method call, for example
+//
+//	assert.Equal(t, 42, result, "helpful comment")
+type CallMeta struct {
+	// Range contains start and end position of assertion call.
+	analysis.Range
+	// IsPkg true if this is package (not object) call.
+	IsPkg bool
+	// IsAssert true if this is "testify/assert" package (or object) call.
+	IsAssert bool
+	// Selector is the AST expression of "assert.Equal".
+	Selector *ast.SelectorExpr
+	// SelectorXStr is a string representation of Selector's left part – value before point, e.g. "assert".
+	SelectorXStr string
+	// Fn stores meta info about assertion function itself.
+	Fn FnMeta
+	// Args stores assertion call arguments but without `t *testing.T` argument.
+	// E.g [42, result, "helpful comment"].
+	Args []ast.Expr
+	// ArgsRaw stores assertion call initial arguments.
+	// E.g [t, 42, result, "helpful comment"].
+	ArgsRaw []ast.Expr
+}
+
+// FnMeta stores meta info about assertion function itself, for example "Equal".
+type FnMeta struct {
+	// Range contains start and end position of function Name.
+	analysis.Range
+	// Name is a function name.
+	Name string
+	// IsFmt is true if function is formatted, e.g. "Equalf".
+	IsFmt bool
+}
+
+// Checker describes named checker.
+type Checker interface {
+	Name() string
+}
+
+// RegularChecker check assertion call presented in CallMeta form.
+type RegularChecker interface {
+	Checker
+	Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic
+}
+
+// AdvancedChecker implements complex Check logic different from trivial CallMeta check.
+type AdvancedChecker interface {
+	Checker
+	Check(pass *analysis.Pass, inspector *inspector.Inspector) []analysis.Diagnostic
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/checkers_registry.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/checkers_registry.go
new file mode 100644
index 000000000..47eaafb76
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/checkers_registry.go
@@ -0,0 +1,101 @@
+package checkers
+
+import (
+	"sort"
+)
+
+// registry stores checkers meta information in checkers' priority order.
+var registry = checkersRegistry{
+	// Regular checkers.
+	{factory: asCheckerFactory(NewFloatCompare), enabledByDefault: true},
+	{factory: asCheckerFactory(NewBoolCompare), enabledByDefault: true},
+	{factory: asCheckerFactory(NewEmpty), enabledByDefault: true},
+	{factory: asCheckerFactory(NewLen), enabledByDefault: true},
+	{factory: asCheckerFactory(NewCompares), enabledByDefault: true},
+	{factory: asCheckerFactory(NewErrorNil), enabledByDefault: true},
+	{factory: asCheckerFactory(NewErrorIsAs), enabledByDefault: true},
+	{factory: asCheckerFactory(NewRequireError), enabledByDefault: true},
+	{factory: asCheckerFactory(NewExpectedActual), enabledByDefault: true},
+	{factory: asCheckerFactory(NewSuiteExtraAssertCall), enabledByDefault: true},
+	{factory: asCheckerFactory(NewSuiteDontUsePkg), enabledByDefault: true},
+	// Advanced checkers.
+	{factory: asCheckerFactory(NewSuiteTHelper), enabledByDefault: false},
+}
+
+type checkersRegistry []checkerMeta
+
+type checkerMeta struct {
+	factory          checkerFactory
+	enabledByDefault bool
+}
+
+type checkerFactory func() Checker
+
+func asCheckerFactory[T Checker](fn func() T) checkerFactory {
+	return func() Checker {
+		return fn()
+	}
+}
+
+func (r checkersRegistry) get(name string) (m checkerMeta, priority int, found bool) {
+	for i, meta := range r {
+		if meta.factory().Name() == name {
+			return meta, i, true
+		}
+	}
+	return checkerMeta{}, 0, false
+}
+
+// All returns all checkers names sorted by checker's priority.
+func All() []string {
+	result := make([]string, 0, len(registry))
+	for _, meta := range registry {
+		result = append(result, meta.factory().Name())
+	}
+	return result
+}
+
+// EnabledByDefault returns checkers enabled by default sorted by checker's priority.
+func EnabledByDefault() []string {
+	result := make([]string, 0, len(registry))
+	for _, meta := range registry {
+		if meta.enabledByDefault {
+			result = append(result, meta.factory().Name())
+		}
+	}
+	return result
+}
+
+// Get returns new checker instance by checker's name.
+func Get(name string) (Checker, bool) {
+	meta, _, ok := registry.get(name)
+	if ok {
+		return meta.factory(), true
+	}
+	return nil, false
+}
+
+// IsKnown checks if there is a checker with that name.
+func IsKnown(name string) bool {
+	_, _, ok := registry.get(name)
+	return ok
+}
+
+// IsEnabledByDefault returns true if a checker is enabled by default.
+// Returns false if there is no such checker in the registry.
+// For pre-validation use Get or IsKnown.
+func IsEnabledByDefault(name string) bool {
+	meta, _, ok := registry.get(name)
+	return ok && meta.enabledByDefault
+}
+
+// SortByPriority mutates the input checkers names by sorting them in checker priority order.
+// Ignores unknown checkers. For pre-validation use Get or IsKnown.
+func SortByPriority(checkers []string) {
+	sort.Slice(checkers, func(i, j int) bool {
+		lhs, rhs := checkers[i], checkers[j]
+		_, lhsPriority, _ := registry.get(lhs)
+		_, rhsPriority, _ := registry.get(rhs)
+		return lhsPriority < rhsPriority
+	})
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/compares.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/compares.go
new file mode 100644
index 000000000..afc829f97
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/compares.go
@@ -0,0 +1,95 @@
+package checkers
+
+import (
+	"bytes"
+	"go/ast"
+	"go/token"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// Compares detects situations like
+//
+//	assert.True(t, a == b)
+//	assert.True(t, a != b)
+//	assert.True(t, a > b)
+//	assert.True(t, a >= b)
+//	assert.True(t, a < b)
+//	assert.True(t, a <= b)
+//	...
+//
+// and requires
+//
+//	assert.Equal(t, a, b)
+//	assert.NotEqual(t, a, b)
+//	assert.Greater(t, a, b)
+//	assert.GreaterOrEqual(t, a, b)
+//	assert.Less(t, a, b)
+//	assert.LessOrEqual(t, a, b)
+type Compares struct{}
+
+// NewCompares constructs Compares checker.
+func NewCompares() Compares   { return Compares{} }
+func (Compares) Name() string { return "compares" }
+
+func (checker Compares) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	if len(call.Args) < 1 {
+		return nil
+	}
+
+	be, ok := call.Args[0].(*ast.BinaryExpr)
+	if !ok {
+		return nil
+	}
+
+	var tokenToProposedFn map[token.Token]string
+
+	switch call.Fn.Name {
+	case "True", "Truef":
+		tokenToProposedFn = tokenToProposedFnInsteadOfTrue
+	case "False", "Falsef":
+		tokenToProposedFn = tokenToProposedFnInsteadOfFalse
+	default:
+		return nil
+	}
+
+	if proposedFn, ok := tokenToProposedFn[be.Op]; ok {
+		a, b := be.X, be.Y
+		return newUseFunctionDiagnostic(checker.Name(), call, proposedFn,
+			newSuggestedFuncReplacement(call, proposedFn, analysis.TextEdit{
+				Pos:     be.X.Pos(),
+				End:     be.Y.End(),
+				NewText: formatAsCallArgs(pass, a, b),
+			}),
+		)
+	}
+	return nil
+}
+
+var tokenToProposedFnInsteadOfTrue = map[token.Token]string{
+	token.EQL: "Equal",
+	token.NEQ: "NotEqual",
+	token.GTR: "Greater",
+	token.GEQ: "GreaterOrEqual",
+	token.LSS: "Less",
+	token.LEQ: "LessOrEqual",
+}
+
+var tokenToProposedFnInsteadOfFalse = map[token.Token]string{
+	token.EQL: "NotEqual",
+	token.NEQ: "Equal",
+	token.GTR: "LessOrEqual",
+	token.GEQ: "Less",
+	token.LSS: "GreaterOrEqual",
+	token.LEQ: "Greater",
+}
+
+// formatAsCallArgs joins a and b and return bytes like `a, b`.
+func formatAsCallArgs(pass *analysis.Pass, a, b ast.Node) []byte {
+	return bytes.Join([][]byte{
+		analysisutil.NodeBytes(pass.Fset, a),
+		analysisutil.NodeBytes(pass.Fset, b),
+	}, []byte(", "))
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/diagnostic.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/diagnostic.go
new file mode 100644
index 000000000..4ab69c69b
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/diagnostic.go
@@ -0,0 +1,60 @@
+package checkers
+
+import (
+	"fmt"
+
+	"golang.org/x/tools/go/analysis"
+)
+
+func newUseFunctionDiagnostic(
+	checker string,
+	call *CallMeta,
+	proposedFn string,
+	fix *analysis.SuggestedFix,
+) *analysis.Diagnostic {
+	f := proposedFn
+	if call.Fn.IsFmt {
+		f += "f"
+	}
+	msg := fmt.Sprintf("use %s.%s", call.SelectorXStr, f)
+
+	return newDiagnostic(checker, call, msg, fix)
+}
+
+func newDiagnostic(
+	checker string,
+	rng analysis.Range,
+	msg string,
+	fix *analysis.SuggestedFix,
+) *analysis.Diagnostic {
+	d := analysis.Diagnostic{
+		Pos:      rng.Pos(),
+		End:      rng.End(),
+		Category: checker,
+		Message:  checker + ": " + msg,
+	}
+	if fix != nil {
+		d.SuggestedFixes = []analysis.SuggestedFix{*fix}
+	}
+	return &d
+}
+
+func newSuggestedFuncReplacement(
+	call *CallMeta,
+	proposedFn string,
+	additionalEdits ...analysis.TextEdit,
+) *analysis.SuggestedFix {
+	if call.Fn.IsFmt {
+		proposedFn += "f"
+	}
+	return &analysis.SuggestedFix{
+		Message: fmt.Sprintf("Replace `%s` with `%s`", call.Fn.Name, proposedFn),
+		TextEdits: append([]analysis.TextEdit{
+			{
+				Pos:     call.Fn.Pos(),
+				End:     call.Fn.End(),
+				NewText: []byte(proposedFn),
+			},
+		}, additionalEdits...),
+	}
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/empty.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/empty.go
new file mode 100644
index 000000000..79c64205f
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/empty.go
@@ -0,0 +1,172 @@
+package checkers
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// Empty detects situations like
+//
+//	assert.Len(t, arr, 0)
+//	assert.Equal(t, 0, len(arr))
+//	assert.NotEqual(t, 0, len(arr))
+//	assert.GreaterOrEqual(t, len(arr), 1)
+//	...
+//
+// and requires
+//
+//	assert.Empty(t, arr)
+//	assert.NotEmpty(t, arr)
+type Empty struct{}
+
+// NewEmpty constructs Empty checker.
+func NewEmpty() Empty      { return Empty{} }
+func (Empty) Name() string { return "empty" }
+
+func (checker Empty) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	if d := checker.checkEmpty(pass, call); d != nil {
+		return d
+	}
+	return checker.checkNotEmpty(pass, call)
+}
+
+func (checker Empty) checkEmpty(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic { //nolint:gocognit
+	newUseEmptyDiagnostic := func(replaceStart, replaceEnd token.Pos, replaceWith ast.Expr) *analysis.Diagnostic {
+		const proposed = "Empty"
+		return newUseFunctionDiagnostic(checker.Name(), call, proposed,
+			newSuggestedFuncReplacement(call, proposed, analysis.TextEdit{
+				Pos:     replaceStart,
+				End:     replaceEnd,
+				NewText: analysisutil.NodeBytes(pass.Fset, replaceWith),
+			}),
+		)
+	}
+
+	if len(call.Args) < 2 {
+		return nil
+	}
+	a, b := call.Args[0], call.Args[1]
+
+	switch call.Fn.Name {
+	case "Len", "Lenf":
+		if isZero(b) {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), a)
+		}
+
+	case "Equal", "Equalf":
+		arg1, ok1 := isLenCallAndZero(pass, a, b)
+		arg2, ok2 := isLenCallAndZero(pass, b, a)
+
+		if lenArg, ok := anyVal([]bool{ok1, ok2}, arg1, arg2); ok {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "LessOrEqual", "LessOrEqualf":
+		if lenArg, ok := isBuiltinLenCall(pass, a); ok && isZero(b) {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "GreaterOrEqual", "GreaterOrEqualf":
+		if lenArg, ok := isBuiltinLenCall(pass, b); ok && isZero(a) {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "Less", "Lessf":
+		if lenArg, ok := isBuiltinLenCall(pass, a); ok && isOne(b) {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "Greater", "Greaterf":
+		if lenArg, ok := isBuiltinLenCall(pass, b); ok && isOne(a) {
+			return newUseEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+	}
+	return nil
+}
+
+func (checker Empty) checkNotEmpty(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic { //nolint:gocognit
+	newUseNotEmptyDiagnostic := func(replaceStart, replaceEnd token.Pos, replaceWith ast.Expr) *analysis.Diagnostic {
+		const proposed = "NotEmpty"
+		return newUseFunctionDiagnostic(checker.Name(), call, proposed,
+			newSuggestedFuncReplacement(call, proposed, analysis.TextEdit{
+				Pos:     replaceStart,
+				End:     replaceEnd,
+				NewText: analysisutil.NodeBytes(pass.Fset, replaceWith),
+			}),
+		)
+	}
+
+	if len(call.Args) < 2 {
+		return nil
+	}
+	a, b := call.Args[0], call.Args[1]
+
+	switch call.Fn.Name {
+	case "NotEqual", "NotEqualf":
+		arg1, ok1 := isLenCallAndZero(pass, a, b)
+		arg2, ok2 := isLenCallAndZero(pass, b, a)
+
+		if lenArg, ok := anyVal([]bool{ok1, ok2}, arg1, arg2); ok {
+			return newUseNotEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "Greater", "Greaterf":
+		if lenArg, ok := isBuiltinLenCall(pass, a); ok && isZero(b) || isOne(b) {
+			return newUseNotEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "Less", "Lessf":
+		if lenArg, ok := isBuiltinLenCall(pass, b); ok && isZero(a) || isOne(a) {
+			return newUseNotEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "GreaterOrEqual", "GreaterOrEqualf":
+		if lenArg, ok := isBuiltinLenCall(pass, a); ok && isOne(b) {
+			return newUseNotEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+
+	case "LessOrEqual", "LessOrEqualf":
+		if lenArg, ok := isBuiltinLenCall(pass, b); ok && isOne(a) {
+			return newUseNotEmptyDiagnostic(a.Pos(), b.End(), lenArg)
+		}
+	}
+	return nil
+}
+
+var lenObj = types.Universe.Lookup("len")
+
+func isLenCallAndZero(pass *analysis.Pass, a, b ast.Expr) (ast.Expr, bool) {
+	lenArg, ok := isBuiltinLenCall(pass, a)
+	return lenArg, ok && isZero(b)
+}
+
+func isBuiltinLenCall(pass *analysis.Pass, e ast.Expr) (ast.Expr, bool) {
+	ce, ok := e.(*ast.CallExpr)
+	if !ok {
+		return nil, false
+	}
+
+	if analysisutil.IsObj(pass.TypesInfo, ce.Fun, lenObj) && len(ce.Args) == 1 {
+		return ce.Args[0], true
+	}
+	return nil, false
+}
+
+func isZero(e ast.Expr) bool {
+	return isIntNumber(e, 0)
+}
+
+func isOne(e ast.Expr) bool {
+	return isIntNumber(e, 1)
+}
+
+func isIntNumber(e ast.Expr, v int) bool {
+	bl, ok := e.(*ast.BasicLit)
+	return ok && bl.Kind == token.INT && bl.Value == fmt.Sprintf("%d", v)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/error_is_as.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/error_is_as.go
new file mode 100644
index 000000000..e6abd0ba4
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/error_is_as.go
@@ -0,0 +1,124 @@
+package checkers
+
+import (
+	"fmt"
+	"go/ast"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// ErrorIsAs detects situations like
+//
+//	assert.Error(t, err, errSentinel)
+//	assert.NoError(t, err, errSentinel)
+//	assert.True(t, errors.Is(err, errSentinel))
+//	assert.False(t, errors.Is(err, errSentinel))
+//	assert.True(t, errors.As(err, &target))
+//
+// and requires
+//
+//	assert.ErrorIs(t, err, errSentinel)
+//	assert.NotErrorIs(t, err, errSentinel)
+//	assert.ErrorAs(t, err, &target)
+type ErrorIsAs struct{}
+
+// NewErrorIsAs constructs ErrorIsAs checker.
+func NewErrorIsAs() ErrorIsAs  { return ErrorIsAs{} }
+func (ErrorIsAs) Name() string { return "error-is-as" }
+
+func (checker ErrorIsAs) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	switch call.Fn.Name {
+	case "Error", "Errorf":
+		if len(call.Args) >= 2 && isError(pass, call.Args[1]) {
+			const proposed = "ErrorIs"
+			msg := fmt.Sprintf("invalid usage of %[1]s.Error, use %[1]s.%[2]s instead", call.SelectorXStr, proposed)
+			return newDiagnostic(checker.Name(), call, msg, newSuggestedFuncReplacement(call, proposed))
+		}
+
+	case "NoError", "NoErrorf":
+		if len(call.Args) >= 2 && isError(pass, call.Args[1]) {
+			const proposed = "NotErrorIs"
+			msg := fmt.Sprintf("invalid usage of %[1]s.NoError, use %[1]s.%[2]s instead", call.SelectorXStr, proposed)
+			return newDiagnostic(checker.Name(), call, msg, newSuggestedFuncReplacement(call, proposed))
+		}
+
+	case "True", "Truef":
+		if len(call.Args) < 1 {
+			return nil
+		}
+
+		ce, ok := call.Args[0].(*ast.CallExpr)
+		if !ok {
+			return nil
+		}
+		if len(ce.Args) != 2 {
+			return nil
+		}
+
+		var proposed string
+		switch {
+		case isErrorsIsCall(pass, ce):
+			proposed = "ErrorIs"
+		case isErrorsAsCall(pass, ce):
+			proposed = "ErrorAs"
+		}
+		if proposed != "" {
+			return newUseFunctionDiagnostic(checker.Name(), call, proposed,
+				newSuggestedFuncReplacement(call, proposed, analysis.TextEdit{
+					Pos:     ce.Pos(),
+					End:     ce.End(),
+					NewText: formatAsCallArgs(pass, ce.Args[0], ce.Args[1]),
+				}),
+			)
+		}
+
+	case "False", "Falsef":
+		if len(call.Args) < 1 {
+			return nil
+		}
+
+		ce, ok := call.Args[0].(*ast.CallExpr)
+		if !ok {
+			return nil
+		}
+		if len(ce.Args) != 2 {
+			return nil
+		}
+
+		if isErrorsIsCall(pass, ce) {
+			const proposed = "NotErrorIs"
+			return newUseFunctionDiagnostic(checker.Name(), call, proposed,
+				newSuggestedFuncReplacement(call, proposed, analysis.TextEdit{
+					Pos:     ce.Pos(),
+					End:     ce.End(),
+					NewText: formatAsCallArgs(pass, ce.Args[0], ce.Args[1]),
+				}),
+			)
+		}
+	}
+	return nil
+}
+
+func isErrorsIsCall(pass *analysis.Pass, ce *ast.CallExpr) bool {
+	return isErrorsPkgFnCall(pass, ce, "Is")
+}
+
+func isErrorsAsCall(pass *analysis.Pass, ce *ast.CallExpr) bool {
+	return isErrorsPkgFnCall(pass, ce, "As")
+}
+
+func isErrorsPkgFnCall(pass *analysis.Pass, ce *ast.CallExpr, fn string) bool {
+	se, ok := ce.Fun.(*ast.SelectorExpr)
+	if !ok {
+		return false
+	}
+
+	errorsIsObj := analysisutil.ObjectOf(pass.Pkg, "errors", fn)
+	if errorsIsObj == nil {
+		return false
+	}
+
+	return analysisutil.IsObj(pass.TypesInfo, se.Sel, errorsIsObj)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/error_nil.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/error_nil.go
new file mode 100644
index 000000000..b45629a48
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/error_nil.go
@@ -0,0 +1,109 @@
+package checkers
+
+import (
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// ErrorNil detects situations like
+//
+//	assert.Nil(t, err)
+//	assert.NotNil(t, err)
+//	assert.Equal(t, err, nil)
+//	assert.NotEqual(t, err, nil)
+//
+// and requires
+//
+//	assert.NoError(t, err)
+//	assert.Error(t, err)
+type ErrorNil struct{}
+
+// NewErrorNil constructs ErrorNil checker.
+func NewErrorNil() ErrorNil   { return ErrorNil{} }
+func (ErrorNil) Name() string { return "error-nil" }
+
+func (checker ErrorNil) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	const (
+		errorFn   = "Error"
+		noErrorFn = "NoError"
+	)
+
+	proposedFn, survivingArg, replacementEndPos := func() (string, ast.Expr, token.Pos) {
+		switch call.Fn.Name {
+		case "NotNil", "NotNilf":
+			if len(call.Args) >= 1 && isError(pass, call.Args[0]) {
+				return errorFn, call.Args[0], call.Args[0].End()
+			}
+
+		case "Nil", "Nilf":
+			if len(call.Args) >= 1 && isError(pass, call.Args[0]) {
+				return noErrorFn, call.Args[0], call.Args[0].End()
+			}
+
+		case "Equal", "Equalf":
+			if len(call.Args) < 2 {
+				return "", nil, token.NoPos
+			}
+			a, b := call.Args[0], call.Args[1]
+
+			switch {
+			case isError(pass, a) && isNil(pass, b):
+				return noErrorFn, a, b.End()
+			case isNil(pass, a) && isError(pass, b):
+				return noErrorFn, b, b.End()
+			}
+
+		case "NotEqual", "NotEqualf":
+			if len(call.Args) < 2 {
+				return "", nil, token.NoPos
+			}
+			a, b := call.Args[0], call.Args[1]
+
+			switch {
+			case isError(pass, a) && isNil(pass, b):
+				return errorFn, a, b.End()
+			case isNil(pass, a) && isError(pass, b):
+				return errorFn, b, b.End()
+			}
+		}
+		return "", nil, token.NoPos
+	}()
+
+	if proposedFn != "" {
+		return newUseFunctionDiagnostic(checker.Name(), call, proposedFn,
+			newSuggestedFuncReplacement(call, proposedFn, analysis.TextEdit{
+				Pos:     call.Args[0].Pos(),
+				End:     replacementEndPos,
+				NewText: analysisutil.NodeBytes(pass.Fset, survivingArg),
+			}),
+		)
+	}
+	return nil
+}
+
+var errIface = types.Universe.Lookup("error").Type().Underlying().(*types.Interface)
+
+func isError(pass *analysis.Pass, expr ast.Expr) bool {
+	t := pass.TypesInfo.TypeOf(expr)
+	if t == nil {
+		return false
+	}
+
+	_, ok := t.Underlying().(*types.Interface)
+	return ok && types.Implements(t, errIface)
+}
+
+func isNil(pass *analysis.Pass, expr ast.Expr) bool {
+	t := pass.TypesInfo.TypeOf(expr)
+	if t == nil {
+		return false
+	}
+
+	b, ok := t.(*types.Basic)
+	return ok && b.Kind()&types.UntypedNil > 0
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/expected_actual.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/expected_actual.go
new file mode 100644
index 000000000..ff8243980
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/expected_actual.go
@@ -0,0 +1,156 @@
+package checkers
+
+import (
+	"go/ast"
+	"go/types"
+	"regexp"
+
+	"golang.org/x/tools/go/analysis"
+)
+
+// DefaultExpectedVarPattern matches variables with "expected" or "wanted" prefix or suffix in the name.
+var DefaultExpectedVarPattern = regexp.MustCompile(
+	`(^(exp(ected)?|want(ed)?)([A-Z]\w*)?$)|(^(\w*[a-z])?(Exp(ected)?|Want(ed)?)$)`)
+
+// ExpectedActual detects situation like
+//
+//	assert.NotEqual(t, result, "expected value")
+//
+// and requires
+//
+//	assert.NotEqual(t, "expected value", result)
+type ExpectedActual struct {
+	expVarPattern *regexp.Regexp
+}
+
+// NewExpectedActual constructs ExpectedActual checker using DefaultExpectedVarPattern.
+func NewExpectedActual() *ExpectedActual {
+	return &ExpectedActual{expVarPattern: DefaultExpectedVarPattern}
+}
+
+func (ExpectedActual) Name() string { return "expected-actual" }
+
+func (checker *ExpectedActual) SetExpVarPattern(p *regexp.Regexp) *ExpectedActual {
+	if p != nil {
+		checker.expVarPattern = p
+	}
+	return checker
+}
+
+func (checker ExpectedActual) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	switch call.Fn.Name {
+	case "Equal", "Equalf", "NotEqual", "NotEqualf",
+		"JSONEq", "JSONEqf", "YAMLEq", "YAMLEqf":
+	default:
+		return nil
+	}
+
+	if len(call.Args) < 2 {
+		return nil
+	}
+	first, second := call.Args[0], call.Args[1]
+
+	if checker.isWrongExpectedActualOrder(pass, first, second) {
+		return newDiagnostic(checker.Name(), call, "need to reverse actual and expected values", &analysis.SuggestedFix{
+			Message: "Reverse actual and expected values",
+			TextEdits: []analysis.TextEdit{
+				{
+					Pos:     first.Pos(),
+					End:     second.End(),
+					NewText: formatAsCallArgs(pass, second, first),
+				},
+			},
+		})
+	}
+	return nil
+}
+
+func (checker ExpectedActual) isWrongExpectedActualOrder(pass *analysis.Pass, first, second ast.Expr) bool {
+	leftIsCandidate := checker.isExpectedValueCandidate(pass, first)
+	rightIsCandidate := checker.isExpectedValueCandidate(pass, second)
+	return rightIsCandidate && !leftIsCandidate
+}
+
+func (checker ExpectedActual) isExpectedValueCandidate(pass *analysis.Pass, expr ast.Expr) bool {
+	switch v := expr.(type) {
+	case *ast.CompositeLit:
+		return true
+
+	case *ast.CallExpr:
+		return isCastedBasicLitOrExpectedValue(v, checker.expVarPattern) ||
+			isExpectedValueFactory(v, checker.expVarPattern)
+	}
+
+	return isBasicLit(expr) ||
+		isUntypedConst(pass, expr) ||
+		isTypedConst(pass, expr) ||
+		isIdentNamedAsExpected(checker.expVarPattern, expr) ||
+		isStructFieldNamedAsExpected(checker.expVarPattern, expr)
+}
+
+func isCastedBasicLitOrExpectedValue(ce *ast.CallExpr, pattern *regexp.Regexp) bool {
+	if len(ce.Args) != 1 {
+		return false
+	}
+
+	fn, ok := ce.Fun.(*ast.Ident)
+	if !ok {
+		return false
+	}
+
+	switch fn.Name {
+	case "complex64", "complex128":
+		return true
+
+	case "uint", "uint8", "uint16", "uint32", "uint64",
+		"int", "int8", "int16", "int32", "int64",
+		"float32", "float64",
+		"rune", "string":
+		return isBasicLit(ce.Args[0]) || isIdentNamedAsExpected(pattern, ce.Args[0])
+	}
+	return false
+}
+
+func isExpectedValueFactory(ce *ast.CallExpr, pattern *regexp.Regexp) bool {
+	if len(ce.Args) != 0 {
+		return false
+	}
+
+	switch fn := ce.Fun.(type) {
+	case *ast.Ident:
+		return pattern.MatchString(fn.Name)
+	case *ast.SelectorExpr:
+		return pattern.MatchString(fn.Sel.Name)
+	}
+	return false
+}
+
+func isBasicLit(e ast.Expr) bool {
+	_, ok := e.(*ast.BasicLit)
+	return ok
+}
+
+func isUntypedConst(p *analysis.Pass, e ast.Expr) bool {
+	t := p.TypesInfo.TypeOf(e)
+	if t == nil {
+		return false
+	}
+
+	b, ok := t.(*types.Basic)
+	return ok && b.Info()&types.IsUntyped > 0
+}
+
+func isTypedConst(p *analysis.Pass, e ast.Expr) bool {
+	tt, ok := p.TypesInfo.Types[e]
+	return ok && tt.IsValue() && tt.Value != nil
+}
+
+func isIdentNamedAsExpected(pattern *regexp.Regexp, e ast.Expr) bool {
+	id, ok := e.(*ast.Ident)
+	return ok && pattern.MatchString(id.Name)
+}
+
+func isStructFieldNamedAsExpected(pattern *regexp.Regexp, e ast.Expr) bool {
+	s, ok := e.(*ast.SelectorExpr)
+	return ok && isIdentNamedAsExpected(pattern, s.Sel)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/float_compare.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/float_compare.go
new file mode 100644
index 000000000..7d5b358b3
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/float_compare.go
@@ -0,0 +1,63 @@
+package checkers
+
+import (
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+)
+
+// FloatCompare detects situation like
+//
+//	assert.Equal(t, 42.42, a)
+//	assert.True(t, a == 42.42)
+//	assert.False(t, a != 42.42)
+//
+// and requires
+//
+//	assert.InEpsilon(t, 42.42, a, 0.0001) // Or assert.InDelta
+type FloatCompare struct{}
+
+// NewFloatCompare constructs FloatCompare checker.
+func NewFloatCompare() FloatCompare { return FloatCompare{} }
+func (FloatCompare) Name() string   { return "float-compare" }
+
+func (checker FloatCompare) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	invalid := func() bool {
+		switch call.Fn.Name {
+		case "Equal", "Equalf":
+			return len(call.Args) > 1 && isFloat(pass, call.Args[0]) && isFloat(pass, call.Args[1])
+
+		case "True", "Truef":
+			return len(call.Args) > 0 && isFloatCompare(pass, call.Args[0], token.EQL)
+
+		case "False", "Falsef":
+			return len(call.Args) > 0 && isFloatCompare(pass, call.Args[0], token.NEQ)
+		}
+		return false
+	}()
+
+	if invalid {
+		return newUseFunctionDiagnostic(checker.Name(), call, "InEpsilon (or InDelta)", nil)
+	}
+	return nil
+}
+
+func isFloat(pass *analysis.Pass, expr ast.Expr) bool {
+	t := pass.TypesInfo.TypeOf(expr)
+	if t == nil {
+		return false
+	}
+
+	bt, ok := t.Underlying().(*types.Basic)
+	return ok && (bt.Info()&types.IsFloat > 0)
+}
+
+func isFloatCompare(p *analysis.Pass, e ast.Expr, op token.Token) bool {
+	be, ok := e.(*ast.BinaryExpr)
+	if !ok {
+		return false
+	}
+	return be.Op == op && (isFloat(p, be.X) || isFloat(p, be.Y))
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/len.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/len.go
new file mode 100644
index 000000000..f10412f63
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/len.go
@@ -0,0 +1,86 @@
+package checkers
+
+import (
+	"go/ast"
+	"go/token"
+
+	"golang.org/x/tools/go/analysis"
+)
+
+// Len detects situations like
+//
+//	assert.Equal(t, 3, len(arr))
+//	assert.True(t, len(arr) == 3)
+//
+// and requires
+//
+//	assert.Len(t, arr, 3)
+type Len struct{}
+
+// NewLen constructs Len checker.
+func NewLen() Len        { return Len{} }
+func (Len) Name() string { return "len" }
+
+func (checker Len) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	const proposedFn = "Len"
+
+	switch call.Fn.Name {
+	case "Equal", "Equalf":
+		if len(call.Args) < 2 {
+			return nil
+		}
+		a, b := call.Args[0], call.Args[1]
+
+		if lenArg, expectedLen, ok := xorLenCall(pass, a, b); ok {
+			return newUseFunctionDiagnostic(checker.Name(), call, proposedFn,
+				newSuggestedFuncReplacement(call, proposedFn, analysis.TextEdit{
+					Pos:     a.Pos(),
+					End:     b.End(),
+					NewText: formatAsCallArgs(pass, lenArg, expectedLen),
+				}),
+			)
+		}
+
+	case "True", "Truef":
+		if len(call.Args) < 1 {
+			return nil
+		}
+		expr := call.Args[0]
+
+		if lenArg, expectedLen, ok := isLenEquality(pass, expr); ok {
+			return newUseFunctionDiagnostic(checker.Name(), call, proposedFn,
+				newSuggestedFuncReplacement(call, proposedFn, analysis.TextEdit{
+					Pos:     expr.Pos(),
+					End:     expr.End(),
+					NewText: formatAsCallArgs(pass, lenArg, expectedLen),
+				}),
+			)
+		}
+	}
+	return nil
+}
+
+func xorLenCall(pass *analysis.Pass, a, b ast.Expr) (lenArg ast.Expr, expectedLen ast.Expr, ok bool) {
+	arg1, ok1 := isBuiltinLenCall(pass, a)
+	arg2, ok2 := isBuiltinLenCall(pass, b)
+
+	if xor(ok1, ok2) {
+		if ok1 {
+			return arg1, b, true
+		}
+		return arg2, a, true
+	}
+	return nil, nil, false
+}
+
+func isLenEquality(pass *analysis.Pass, e ast.Expr) (ast.Expr, ast.Expr, bool) {
+	be, ok := e.(*ast.BinaryExpr)
+	if !ok {
+		return nil, nil, false
+	}
+
+	if be.Op != token.EQL {
+		return nil, nil, false
+	}
+	return xorLenCall(pass, be.X, be.Y)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/require_error.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/require_error.go
new file mode 100644
index 000000000..2da71ed81
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/require_error.go
@@ -0,0 +1,35 @@
+package checkers
+
+import "golang.org/x/tools/go/analysis"
+
+// RequireError detects situations like
+//
+//	assert.NoError(t, err)
+//	s.ErrorIs(err, io.EOF)
+//	s.Assert().Error(err)
+//
+// and requires
+//
+//	require.NoError(t, err)
+//	s.Require().ErrorIs(err, io.EOF)
+//	s.Require().Error(err)
+type RequireError struct{}
+
+// NewRequireError constructs RequireError checker.
+func NewRequireError() RequireError { return RequireError{} }
+func (RequireError) Name() string   { return "require-error" }
+
+func (checker RequireError) Check(_ *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	if !call.IsAssert {
+		return nil
+	}
+
+	const msg = "for error assertions use require"
+
+	switch call.Fn.Name {
+	case "Error", "ErrorIs", "ErrorAs", "EqualError", "ErrorContains", "NoError", "NotErrorIs",
+		"Errorf", "ErrorIsf", "ErrorAsf", "EqualErrorf", "ErrorContainsf", "NoErrorf", "NotErrorIsf":
+		return newDiagnostic(checker.Name(), call, msg, nil)
+	}
+	return nil
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_dont_use_pkg.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_dont_use_pkg.go
new file mode 100644
index 000000000..bf84f6378
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_dont_use_pkg.go
@@ -0,0 +1,96 @@
+package checkers
+
+import (
+	"fmt"
+	"go/ast"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+	"github.com/Antonboom/testifylint/internal/testify"
+)
+
+// SuiteDontUsePkg detects situation like
+//
+//	func (s *MySuite) TestSomething() {
+//		assert.Equal(s.T(), 42, value)
+//	}
+//
+// and requires
+//
+//	func (s *MySuite) TestSomething() {
+//		s.Equal(42, value)
+//	}
+type SuiteDontUsePkg struct{}
+
+// NewSuiteDontUsePkg constructs SuiteDontUsePkg checker.
+func NewSuiteDontUsePkg() SuiteDontUsePkg { return SuiteDontUsePkg{} }
+func (SuiteDontUsePkg) Name() string      { return "suite-dont-use-pkg" }
+
+func (checker SuiteDontUsePkg) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	if !call.IsPkg {
+		return nil
+	}
+
+	args := call.ArgsRaw
+	if len(args) < 2 {
+		return nil
+	}
+	t := args[0]
+
+	ce, ok := t.(*ast.CallExpr)
+	if !ok {
+		return nil
+	}
+	se, ok := ce.Fun.(*ast.SelectorExpr)
+	if !ok {
+		return nil
+	}
+	if se.X == nil || !implementsTestifySuiteIface(pass, se.X) {
+		return nil
+	}
+	if se.Sel == nil || se.Sel.Name != "T" {
+		return nil
+	}
+	rcv, ok := se.X.(*ast.Ident) // At this point we ensure that `s.T()` is used as the first argument of assertion.
+	if !ok {
+		return nil
+	}
+
+	newSelector := rcv.Name
+	if !call.IsAssert {
+		newSelector += "." + "Require()"
+	}
+
+	msg := fmt.Sprintf("use %s.%s", newSelector, call.Fn.Name)
+	return newDiagnostic(checker.Name(), call, msg, &analysis.SuggestedFix{
+		Message: fmt.Sprintf("Replace `%s` with `%s`", call.SelectorXStr, newSelector),
+		TextEdits: []analysis.TextEdit{
+			// Replace package function with suite method.
+			{
+				Pos:     call.Selector.X.Pos(),
+				End:     call.Selector.X.End(),
+				NewText: []byte(newSelector),
+			},
+			// Remove `s.T()`.
+			{
+				Pos:     t.Pos(),
+				End:     args[1].Pos(),
+				NewText: []byte(""),
+			},
+		},
+	})
+}
+
+func implementsTestifySuiteIface(pass *analysis.Pass, rcv ast.Expr) bool {
+	suiteIface := analysisutil.ObjectOf(pass.Pkg, testify.SuitePkgPath, "TestingSuite")
+	if suiteIface == nil {
+		return false
+	}
+
+	return types.Implements(
+		pass.TypesInfo.TypeOf(rcv),
+		suiteIface.Type().Underlying().(*types.Interface),
+	)
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_extra_assert_call.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_extra_assert_call.go
new file mode 100644
index 000000000..791488b65
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_extra_assert_call.go
@@ -0,0 +1,99 @@
+package checkers
+
+import (
+	"fmt"
+	"go/ast"
+
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+)
+
+// SuiteExtraAssertCallMode reflects different modes of work of SuiteExtraAssertCall checker.
+type SuiteExtraAssertCallMode int
+
+const (
+	SuiteExtraAssertCallModeRemove SuiteExtraAssertCallMode = iota
+	SuiteExtraAssertCallModeRequire
+)
+
+const DefaultSuiteExtraAssertCallMode = SuiteExtraAssertCallModeRemove
+
+// SuiteExtraAssertCall detects situation like
+//
+//	func (s *MySuite) TestSomething() {
+//		s.Assert().Equal(42, value)
+//	}
+//
+// and requires
+//
+//	func (s *MySuite) TestSomething() {
+//		s.Equal(42, value)
+//	}
+//
+// or vice versa (depending on the configurable mode).
+type SuiteExtraAssertCall struct {
+	mode SuiteExtraAssertCallMode
+}
+
+// NewSuiteExtraAssertCall constructs SuiteExtraAssertCall checker.
+func NewSuiteExtraAssertCall() *SuiteExtraAssertCall {
+	return &SuiteExtraAssertCall{mode: DefaultSuiteExtraAssertCallMode}
+}
+
+func (SuiteExtraAssertCall) Name() string { return "suite-extra-assert-call" }
+
+func (checker *SuiteExtraAssertCall) SetMode(m SuiteExtraAssertCallMode) *SuiteExtraAssertCall {
+	checker.mode = m
+	return checker
+}
+
+func (checker SuiteExtraAssertCall) Check(pass *analysis.Pass, call *CallMeta) *analysis.Diagnostic {
+	if call.IsPkg {
+		return nil
+	}
+
+	switch checker.mode {
+	case SuiteExtraAssertCallModeRequire:
+		x, ok := call.Selector.X.(*ast.Ident) // s.True
+		if !ok || x == nil || !implementsTestifySuiteIface(pass, x) {
+			return nil
+		}
+
+		msg := fmt.Sprintf("use an explicit %s.Assert().%s", analysisutil.NodeString(pass.Fset, x), call.Fn.Name)
+		return newDiagnostic(checker.Name(), call, msg, &analysis.SuggestedFix{
+			Message: "Add `Assert()` call",
+			TextEdits: []analysis.TextEdit{{
+				Pos:     x.End(),
+				End:     x.End(), // Pure insertion.
+				NewText: []byte(".Assert()"),
+			}},
+		})
+
+	case SuiteExtraAssertCallModeRemove:
+		x, ok := call.Selector.X.(*ast.CallExpr) // s.Assert().True
+		if !ok {
+			return nil
+		}
+
+		se, ok := x.Fun.(*ast.SelectorExpr)
+		if !ok || se == nil || !implementsTestifySuiteIface(pass, se.X) {
+			return nil
+		}
+		if se.Sel == nil || se.Sel.Name != "Assert" {
+			return nil
+		}
+
+		msg := fmt.Sprintf("need to simplify the assertion to %s.%s", analysisutil.NodeString(pass.Fset, se.X), call.Fn.Name)
+		return newDiagnostic(checker.Name(), call, msg, &analysis.SuggestedFix{
+			Message: "Remove `Assert()` call",
+			TextEdits: []analysis.TextEdit{{
+				Pos:     se.Sel.Pos(),
+				End:     x.End() + 1, // +1 for dot.
+				NewText: []byte(""),
+			}},
+		})
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_thelper.go b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_thelper.go
new file mode 100644
index 000000000..5cadc93ad
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/checkers/suite_thelper.go
@@ -0,0 +1,130 @@
+package checkers
+
+import (
+	"fmt"
+	"go/ast"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/ast/inspector"
+
+	"github.com/Antonboom/testifylint/internal/analysisutil"
+	"github.com/Antonboom/testifylint/internal/testify"
+)
+
+// SuiteTHelper requires t.Helper() call in suite helpers:
+//
+//	func (s *RoomSuite) assertRoomRound(roundID RoundID) {
+//		s.T().Helper()
+//		s.Equal(roundID, s.getRoom().CurrentRound.ID)
+//	}
+type SuiteTHelper struct{}
+
+// NewSuiteTHelper constructs SuiteTHelper checker.
+func NewSuiteTHelper() SuiteTHelper { return SuiteTHelper{} }
+func (SuiteTHelper) Name() string   { return "suite-thelper" }
+
+func (checker SuiteTHelper) Check(pass *analysis.Pass, inspector *inspector.Inspector) (diagnostics []analysis.Diagnostic) {
+	inspector.Preorder([]ast.Node{(*ast.FuncDecl)(nil)}, func(node ast.Node) {
+		fd := node.(*ast.FuncDecl)
+		if !isTestifySuiteMethod(pass, fd) {
+			return
+		}
+
+		if ident := fd.Name; ident == nil || isTestMethod(ident.Name) || isServiceMethod(ident.Name) {
+			return
+		}
+
+		if !containsSuiteAssertions(pass, fd) {
+			return
+		}
+
+		rcv := fd.Recv.List[0]
+		if len(rcv.Names) != 1 || rcv.Names[0] == nil {
+			return
+		}
+		rcvName := rcv.Names[0].Name
+
+		helperCallStr := fmt.Sprintf("%s.T().Helper()", rcvName)
+
+		firstStmt := fd.Body.List[0]
+		if analysisutil.NodeString(pass.Fset, firstStmt) == helperCallStr {
+			return
+		}
+
+		msg := fmt.Sprintf("suite helper method must start with " + helperCallStr)
+		d := newDiagnostic(checker.Name(), fd, msg, &analysis.SuggestedFix{
+			Message: fmt.Sprintf("Insert `%s`", helperCallStr),
+			TextEdits: []analysis.TextEdit{
+				{
+					Pos:     firstStmt.Pos(),
+					End:     firstStmt.Pos(), // Pure insertion.
+					NewText: []byte(helperCallStr + "\n\n"),
+				},
+			},
+		})
+		diagnostics = append(diagnostics, *d)
+	})
+	return diagnostics
+}
+
+func isTestifySuiteMethod(pass *analysis.Pass, fDecl *ast.FuncDecl) bool {
+	if fDecl.Recv == nil || len(fDecl.Recv.List) != 1 {
+		return false
+	}
+
+	rcv := fDecl.Recv.List[0]
+	return implementsTestifySuiteIface(pass, rcv.Type)
+}
+
+func isTestMethod(name string) bool {
+	return strings.HasPrefix(name, "Test")
+}
+
+func isServiceMethod(name string) bool {
+	// https://github.com/stretchr/testify/blob/master/suite/interfaces.go
+	switch name {
+	case "T", "SetT", "SetS", "SetupSuite", "SetupTest", "TearDownSuite", "TearDownTest",
+		"BeforeTest", "AfterTest", "HandleStats", "SetupSubTest", "TearDownSubTest":
+		return true
+	}
+	return false
+}
+
+func containsSuiteAssertions(pass *analysis.Pass, fn *ast.FuncDecl) bool {
+	if fn.Body == nil {
+		return false
+	}
+
+	for _, s := range fn.Body.List {
+		if isSuiteAssertion(pass, s) {
+			return true
+		}
+	}
+	return false
+}
+
+func isSuiteAssertion(pass *analysis.Pass, stmt ast.Stmt) bool {
+	expr, ok := stmt.(*ast.ExprStmt)
+	if !ok {
+		return false
+	}
+
+	ce, ok := expr.X.(*ast.CallExpr)
+	if !ok {
+		return false
+	}
+
+	se, ok := ce.Fun.(*ast.SelectorExpr)
+	if !ok || se.Sel == nil {
+		return false
+	}
+
+	if sel, ok := pass.TypesInfo.Selections[se]; ok {
+		pkg := sel.Obj().Pkg()
+		isAssert := analysisutil.IsPkg(pkg, testify.AssertPkgName, testify.AssertPkgPath)
+		isRequire := analysisutil.IsPkg(pkg, testify.RequirePkgName, testify.RequirePkgPath)
+		return isAssert || isRequire
+	}
+	return false
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/config/config.go b/vendor/github.com/Antonboom/testifylint/internal/config/config.go
new file mode 100644
index 000000000..51f627008
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/config/config.go
@@ -0,0 +1,53 @@
+package config
+
+import (
+	"flag"
+
+	"github.com/Antonboom/testifylint/internal/checkers"
+)
+
+// NewDefault builds default testifylint config.
+func NewDefault() Config {
+	return Config{
+		EnableAll:       false,
+		EnabledCheckers: checkers.EnabledByDefault(),
+		ExpectedActual: ExpectedActualConfig{
+			ExpVarPattern: RegexpValue{checkers.DefaultExpectedVarPattern},
+		},
+		SuiteExtraAssertCall: SuiteExtraAssertCallConfig{
+			Mode: checkers.DefaultSuiteExtraAssertCallMode,
+		},
+	}
+}
+
+// Config implements testifylint configuration.
+type Config struct {
+	EnableAll            bool
+	EnabledCheckers      KnownCheckersValue
+	ExpectedActual       ExpectedActualConfig
+	SuiteExtraAssertCall SuiteExtraAssertCallConfig
+}
+
+// ExpectedActualConfig implements configuration of checkers.ExpectedActual.
+type ExpectedActualConfig struct {
+	ExpVarPattern RegexpValue
+}
+
+// SuiteExtraAssertCallConfig implements configuration of checkers.SuiteExtraAssertCall.
+type SuiteExtraAssertCallConfig struct {
+	Mode checkers.SuiteExtraAssertCallMode
+}
+
+// BindToFlags binds Config fields to according flags.
+func BindToFlags(cfg *Config, fs *flag.FlagSet) {
+	fs.BoolVar(&cfg.EnableAll, "enable-all", false, "enable all checkers")
+	fs.Var(&cfg.EnabledCheckers, "enable", "comma separated list of enabled checkers")
+	fs.Var(&cfg.ExpectedActual.ExpVarPattern, "expected-actual.pattern", "regexp for expected variable name")
+	fs.Var(NewEnumValue(suiteExtraAssertCallModeAsString, &cfg.SuiteExtraAssertCall.Mode),
+		"suite-extra-assert-call.mode", "to require or remove extra Assert() call")
+}
+
+var suiteExtraAssertCallModeAsString = map[string]checkers.SuiteExtraAssertCallMode{
+	"remove":  checkers.SuiteExtraAssertCallModeRemove,
+	"require": checkers.SuiteExtraAssertCallModeRequire,
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/config/flag_value_types.go b/vendor/github.com/Antonboom/testifylint/internal/config/flag_value_types.go
new file mode 100644
index 000000000..2f0ee978f
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/config/flag_value_types.go
@@ -0,0 +1,105 @@
+package config
+
+import (
+	"flag"
+	"fmt"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/Antonboom/testifylint/internal/checkers"
+)
+
+var (
+	_ flag.Value = (*KnownCheckersValue)(nil)
+	_ flag.Value = (*RegexpValue)(nil)
+	_ flag.Value = (*EnumValue[checkers.SuiteExtraAssertCallMode])(nil)
+)
+
+// KnownCheckersValue implements comma separated list of testify checkers.
+type KnownCheckersValue []string
+
+func (kcv KnownCheckersValue) String() string {
+	return strings.Join(kcv, ",")
+}
+
+func (kcv *KnownCheckersValue) Set(v string) error {
+	chckrs := strings.Split(v, ",")
+	for _, checkerName := range chckrs {
+		if ok := checkers.IsKnown(checkerName); !ok {
+			return fmt.Errorf("unknown checker %q", checkerName)
+		}
+	}
+
+	*kcv = chckrs
+	return nil
+}
+
+// RegexpValue is a special wrapper for support of flag.FlagSet over regexp.Regexp.
+// Original regexp is available through RegexpValue.Regexp.
+type RegexpValue struct {
+	*regexp.Regexp
+}
+
+func (rv RegexpValue) String() string {
+	if rv.Regexp == nil {
+		return ""
+	}
+	return rv.Regexp.String()
+}
+
+func (rv *RegexpValue) Set(v string) error {
+	compiled, err := regexp.Compile(v)
+	if err != nil {
+		return err
+	}
+
+	rv.Regexp = compiled
+	return nil
+}
+
+// EnumValue is a special type for support of flag.FlagSet over user-defined constants.
+type EnumValue[EnumT comparable] struct {
+	mapping map[string]EnumT
+	keys    []string
+	dst     *EnumT
+}
+
+// NewEnumValue takes the "enum-value-name to enum-value" mapping and a destination for the value passed through the CLI.
+// Returns an EnumValue instance suitable for flag.FlagSet.Var.
+func NewEnumValue[EnumT comparable](mapping map[string]EnumT, dst *EnumT) *EnumValue[EnumT] {
+	keys := make([]string, 0, len(mapping))
+	for k := range mapping {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	return &EnumValue[EnumT]{
+		mapping: mapping,
+		keys:    keys,
+		dst:     dst,
+	}
+}
+
+func (e EnumValue[EnumT]) String() string {
+	if e.dst == nil {
+		return ""
+	}
+
+	for k, v := range e.mapping {
+		if v == *e.dst {
+			return k
+		}
+	}
+	return ""
+}
+
+func (e *EnumValue[EnumT]) Set(s string) error {
+	v, ok := e.mapping[s]
+	if !ok {
+		return fmt.Errorf("use one of (%v)", strings.Join(e.keys, " | "))
+	}
+
+	*e.dst = v
+	return nil
+}
diff --git a/vendor/github.com/Antonboom/testifylint/internal/testify/const.go b/vendor/github.com/Antonboom/testifylint/internal/testify/const.go
new file mode 100644
index 000000000..45731aa97
--- /dev/null
+++ b/vendor/github.com/Antonboom/testifylint/internal/testify/const.go
@@ -0,0 +1,13 @@
+package testify
+
+const (
+	ModulePath = "github.com/stretchr/testify"
+
+	AssertPkgName  = "assert"
+	RequirePkgName = "require"
+	SuitePkgName   = "suite"
+
+	AssertPkgPath  = ModulePath + "/" + AssertPkgName
+	RequirePkgPath = ModulePath + "/" + RequirePkgName
+	SuitePkgPath   = ModulePath + "/" + SuitePkgName
+)
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/analyzer.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/analyzer.go
deleted file mode 100644
index 279f2189d..000000000
--- a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/analyzer.go
+++ /dev/null
@@ -1,289 +0,0 @@
-package analyzer
-
-import (
-	"errors"
-	"flag"
-	"go/ast"
-	"go/types"
-	"strings"
-	"sync"
-
-	"golang.org/x/tools/go/analysis"
-	"golang.org/x/tools/go/analysis/passes/inspect"
-	"golang.org/x/tools/go/ast/inspector"
-)
-
-var (
-	ErrEmptyPattern = errors.New("pattern can't be empty")
-)
-
-type analyzer struct {
-	include PatternsList
-	exclude PatternsList
-
-	typesProcessCache   map[types.Type]bool
-	typesProcessCacheMu sync.RWMutex
-
-	structFieldsCache   map[types.Type]*StructFields
-	structFieldsCacheMu sync.RWMutex
-}
-
-// NewAnalyzer returns a go/analysis-compatible analyzer.
-//   -i arguments adds include patterns
-//   -e arguments adds exclude patterns
-func NewAnalyzer(include []string, exclude []string) (*analysis.Analyzer, error) {
-	a := analyzer{ //nolint:exhaustruct
-		typesProcessCache: map[types.Type]bool{},
-
-		structFieldsCache: map[types.Type]*StructFields{},
-	}
-
-	var err error
-
-	a.include, err = newPatternsList(include)
-	if err != nil {
-		return nil, err
-	}
-
-	a.exclude, err = newPatternsList(exclude)
-	if err != nil {
-		return nil, err
-	}
-
-	return &analysis.Analyzer{ //nolint:exhaustruct
-		Name:     "exhaustruct",
-		Doc:      "Checks if all structure fields are initialized",
-		Run:      a.run,
-		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    a.newFlagSet(),
-	}, nil
-}
-
-func (a *analyzer) newFlagSet() flag.FlagSet {
-	fs := flag.NewFlagSet("exhaustruct flags", flag.PanicOnError)
-
-	fs.Var(
-		&reListVar{values: &a.include},
-		"i",
-		"Regular expression to match struct packages and names, can receive multiple flags",
-	)
-	fs.Var(
-		&reListVar{values: &a.exclude},
-		"e",
-		"Regular expression to exclude struct packages and names, can receive multiple flags",
-	)
-
-	return *fs
-}
-
-func (a *analyzer) run(pass *analysis.Pass) (interface{}, error) {
-	insp := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) //nolint:forcetypeassert
-
-	nodeTypes := []ast.Node{
-		(*ast.CompositeLit)(nil),
-		(*ast.ReturnStmt)(nil),
-	}
-
-	insp.Preorder(nodeTypes, a.newVisitor(pass))
-
-	return nil, nil //nolint:nilnil
-}
-
-//nolint:cyclop
-func (a *analyzer) newVisitor(pass *analysis.Pass) func(node ast.Node) {
-	var ret *ast.ReturnStmt
-
-	return func(node ast.Node) {
-		if retLit, ok := node.(*ast.ReturnStmt); ok {
-			// save return statement for future (to detect error-containing returns)
-			ret = retLit
-
-			return
-		}
-
-		lit, _ := node.(*ast.CompositeLit)
-		if lit.Type == nil {
-			// we're not interested in non-typed literals
-			return
-		}
-
-		typ := pass.TypesInfo.TypeOf(lit.Type)
-		if typ == nil {
-			return
-		}
-
-		strct, ok := typ.Underlying().(*types.Struct)
-		if !ok {
-			// we also not interested in non-structure literals
-			return
-		}
-
-		strctName := exprName(lit.Type)
-		if strctName == "" {
-			return
-		}
-
-		if !a.shouldProcessType(typ) {
-			return
-		}
-
-		if len(lit.Elts) == 0 && ret != nil {
-			if ret.End() < lit.Pos() {
-				// we're outside last return statement
-				ret = nil
-			} else if returnContainsLiteral(ret, lit) && returnContainsError(ret, pass) {
-				// we're okay with empty literals in return statements with non-nil errors, like
-				// `return my.Struct{}, fmt.Errorf("non-nil error!")`
-				return
-			}
-		}
-
-		missingFields := a.structMissingFields(lit, strct, strings.HasPrefix(typ.String(), pass.Pkg.Path()+"."))
-
-		if len(missingFields) == 1 {
-			pass.Reportf(node.Pos(), "%s is missing in %s", missingFields[0], strctName)
-		} else if len(missingFields) > 1 {
-			pass.Reportf(node.Pos(), "%s are missing in %s", strings.Join(missingFields, ", "), strctName)
-		}
-	}
-}
-
-func (a *analyzer) shouldProcessType(typ types.Type) bool {
-	if len(a.include) == 0 && len(a.exclude) == 0 {
-		// skip whole part with cache, since we have no restrictions and have to check everything
-		return true
-	}
-
-	a.typesProcessCacheMu.RLock()
-	v, ok := a.typesProcessCache[typ]
-	a.typesProcessCacheMu.RUnlock()
-
-	if !ok {
-		a.typesProcessCacheMu.Lock()
-		defer a.typesProcessCacheMu.Unlock()
-
-		v = true
-		typStr := typ.String()
-
-		if len(a.include) > 0 && !a.include.MatchesAny(typStr) {
-			v = false
-		}
-
-		if v && a.exclude.MatchesAny(typStr) {
-			v = false
-		}
-
-		a.typesProcessCache[typ] = v
-	}
-
-	return v
-}
-
-func (a *analyzer) structMissingFields(lit *ast.CompositeLit, strct *types.Struct, private bool) []string {
-	keys, unnamed := literalKeys(lit)
-	fields := a.structFields(strct)
-
-	if unnamed {
-		if private {
-			return fields.All[len(keys):]
-		}
-
-		return fields.Public[len(keys):]
-	}
-
-	if private {
-		return difference(fields.AllRequired, keys)
-	}
-
-	return difference(fields.PublicRequired, keys)
-}
-
-func (a *analyzer) structFields(strct *types.Struct) *StructFields {
-	typ := strct.Underlying()
-
-	a.structFieldsCacheMu.RLock()
-	fields, ok := a.structFieldsCache[typ]
-	a.structFieldsCacheMu.RUnlock()
-
-	if !ok {
-		a.structFieldsCacheMu.Lock()
-		defer a.structFieldsCacheMu.Unlock()
-
-		fields = NewStructFields(strct)
-		a.structFieldsCache[typ] = fields
-	}
-
-	return fields
-}
-
-func returnContainsLiteral(ret *ast.ReturnStmt, lit *ast.CompositeLit) bool {
-	for _, result := range ret.Results {
-		if l, ok := result.(*ast.CompositeLit); ok {
-			if lit == l {
-				return true
-			}
-		}
-	}
-
-	return false
-}
-
-func returnContainsError(ret *ast.ReturnStmt, pass *analysis.Pass) bool {
-	for _, result := range ret.Results {
-		if pass.TypesInfo.TypeOf(result).String() == "error" {
-			return true
-		}
-	}
-
-	return false
-}
-
-func literalKeys(lit *ast.CompositeLit) (keys []string, unnamed bool) {
-	for _, elt := range lit.Elts {
-		if k, ok := elt.(*ast.KeyValueExpr); ok {
-			if ident, ok := k.Key.(*ast.Ident); ok {
-				keys = append(keys, ident.Name)
-			}
-
-			continue
-		}
-
-		// in case we deal with unnamed initialization - no need to iterate over all
-		// elements - simply create slice with proper size
-		unnamed = true
-		keys = make([]string, len(lit.Elts))
-
-		return
-	}
-
-	return
-}
-
-// difference returns elements that are in `a` and not in `b`.
-func difference(a, b []string) (diff []string) {
-	mb := make(map[string]struct{}, len(b))
-	for _, x := range b {
-		mb[x] = struct{}{}
-	}
-
-	for _, x := range a {
-		if _, found := mb[x]; !found {
-			diff = append(diff, x)
-		}
-	}
-
-	return diff
-}
-
-func exprName(expr ast.Expr) string {
-	if i, ok := expr.(*ast.Ident); ok {
-		return i.Name
-	}
-
-	s, ok := expr.(*ast.SelectorExpr)
-	if !ok {
-		return ""
-	}
-
-	return s.Sel.Name
-}
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/patterns-list.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/patterns-list.go
deleted file mode 100644
index 2884cab62..000000000
--- a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/patterns-list.go
+++ /dev/null
@@ -1,68 +0,0 @@
-package analyzer
-
-import (
-	"fmt"
-	"regexp"
-)
-
-type PatternsList []*regexp.Regexp
-
-// MatchesAny matches provided string against all regexps in a slice.
-func (l PatternsList) MatchesAny(str string) bool {
-	for _, r := range l {
-		if r.MatchString(str) {
-			return true
-		}
-	}
-
-	return false
-}
-
-// newPatternsList parses slice of strings to a slice of compiled regular
-// expressions.
-func newPatternsList(in []string) (PatternsList, error) {
-	list := PatternsList{}
-
-	for _, str := range in {
-		re, err := strToRegexp(str)
-		if err != nil {
-			return nil, err
-		}
-
-		list = append(list, re)
-	}
-
-	return list, nil
-}
-
-type reListVar struct {
-	values *PatternsList
-}
-
-func (v *reListVar) Set(value string) error {
-	re, err := strToRegexp(value)
-	if err != nil {
-		return err
-	}
-
-	*v.values = append(*v.values, re)
-
-	return nil
-}
-
-func (v *reListVar) String() string {
-	return ""
-}
-
-func strToRegexp(str string) (*regexp.Regexp, error) {
-	if str == "" {
-		return nil, ErrEmptyPattern
-	}
-
-	re, err := regexp.Compile(str)
-	if err != nil {
-		return nil, fmt.Errorf("unable to compile %s as regular expression: %w", str, err)
-	}
-
-	return re, nil
-}
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/struct-fields.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/struct-fields.go
deleted file mode 100644
index 56eda05f7..000000000
--- a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer/struct-fields.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package analyzer
-
-import (
-	"go/types"
-	"reflect"
-
-	"golang.org/x/exp/slices"
-)
-
-type StructFields struct {
-	All         []string
-	AllRequired []string
-
-	Public         []string
-	PublicRequired []string
-}
-
-func NewStructFields(strct *types.Struct) *StructFields {
-	sf := StructFields{
-		All:            make([]string, strct.NumFields()),
-		AllRequired:    make([]string, 0, strct.NumFields()),
-		Public:         make([]string, 0, strct.NumFields()),
-		PublicRequired: make([]string, 0, strct.NumFields()),
-	}
-
-	for i := 0; i < strct.NumFields(); i++ {
-		f := strct.Field(i)
-		isOptional := isFieldOptional(strct.Tag(i))
-
-		sf.All[i] = f.Name()
-		if !isOptional {
-			sf.AllRequired = append(sf.AllRequired, f.Name())
-		}
-
-		if f.Exported() {
-			sf.Public = append(sf.Public, f.Name())
-
-			if !isOptional {
-				sf.PublicRequired = append(sf.PublicRequired, f.Name())
-			}
-		}
-	}
-
-	sf.All = slices.Clip(sf.All)
-	sf.AllRequired = slices.Clip(sf.AllRequired)
-	sf.Public = slices.Clip(sf.Public)
-	sf.PublicRequired = slices.Clip(sf.PublicRequired)
-
-	return &sf
-}
-
-const (
-	TagName          = "exhaustruct"
-	OptionalTagValue = "optional"
-)
-
-// isFieldOptional checks if field tags has an optional tag, and therefore can
-// be omitted during structure initialization.
-func isFieldOptional(tags string) bool {
-	return reflect.StructTag(tags).Get(TagName) == OptionalTagValue
-}
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/LICENSE b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/LICENSE
similarity index 100%
rename from vendor/github.com/GaijinEntertainment/go-exhaustruct/v2/LICENSE
rename to vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/LICENSE
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer/analyzer.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer/analyzer.go
new file mode 100644
index 000000000..d0cd2d5bb
--- /dev/null
+++ b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer/analyzer.go
@@ -0,0 +1,268 @@
+package analyzer
+
+import (
+	"flag"
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"sync"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/ast/inspector"
+
+	"github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields"
+	"github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern"
+)
+
+type analyzer struct {
+	include pattern.List `exhaustruct:"optional"`
+	exclude pattern.List `exhaustruct:"optional"`
+
+	fieldsCache   map[types.Type]fields.StructFields
+	fieldsCacheMu sync.RWMutex `exhaustruct:"optional"`
+
+	typeProcessingNeed   map[string]bool
+	typeProcessingNeedMu sync.RWMutex `exhaustruct:"optional"`
+}
+
+func NewAnalyzer(include, exclude []string) (*analysis.Analyzer, error) {
+	a := analyzer{
+		fieldsCache:        make(map[types.Type]fields.StructFields),
+		typeProcessingNeed: make(map[string]bool),
+	}
+
+	var err error
+
+	a.include, err = pattern.NewList(include...)
+	if err != nil {
+		return nil, err //nolint:wrapcheck
+	}
+
+	a.exclude, err = pattern.NewList(exclude...)
+	if err != nil {
+		return nil, err //nolint:wrapcheck
+	}
+
+	return &analysis.Analyzer{ //nolint:exhaustruct
+		Name:     "exhaustruct",
+		Doc:      "Checks if all structure fields are initialized",
+		Run:      a.run,
+		Requires: []*analysis.Analyzer{inspect.Analyzer},
+		Flags:    a.newFlagSet(),
+	}, nil
+}
+
+func (a *analyzer) newFlagSet() flag.FlagSet {
+	fs := flag.NewFlagSet("", flag.PanicOnError)
+
+	fs.Var(&a.include, "i", `Regular expression to match type names, can receive multiple flags.
+Anonymous structs can be matched by '<anonymous>' alias.
+4ex: 
+	github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer\.<anonymous>
+	github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer\.TypeInfo`)
+	fs.Var(&a.exclude, "e", `Regular expression to exclude type names, can receive multiple flags.
+Anonymous structs can be matched by '<anonymous>' alias.
+4ex: 
+	github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer\.<anonymous>
+	github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer\.TypeInfo`)
+
+	return *fs
+}
+
+func (a *analyzer) run(pass *analysis.Pass) (any, error) {
+	insp := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) //nolint:forcetypeassert
+
+	insp.WithStack(
+		[]ast.Node{
+			(*ast.CompositeLit)(nil),
+		},
+		a.newVisitor(pass),
+	)
+
+	return nil, nil //nolint:nilnil
+}
+
+// newVisitor returns visitor that only expects [ast.CompositeLit] nodes.
+func (a *analyzer) newVisitor(pass *analysis.Pass) func(n ast.Node, push bool, stack []ast.Node) bool {
+	return func(n ast.Node, push bool, stack []ast.Node) bool {
+		if !push {
+			return true
+		}
+
+		lit, ok := n.(*ast.CompositeLit)
+		if !ok {
+			// this should never happen, but better be prepared
+			return true
+		}
+
+		structTyp, typeInfo, ok := getStructType(pass, lit)
+		if !ok {
+			return true
+		}
+
+		if len(lit.Elts) == 0 {
+			if ret, ok := stackParentIsReturn(stack); ok {
+				if returnContainsNonNilError(pass, ret) {
+					// it is okay to return uninitialized structure in case struct's direct parent is
+					// a return statement containing non-nil error
+					//
+					// we're unable to check if returned error is custom, but at least we're able to
+					// cover str [error] type.
+					return true
+				}
+			}
+		}
+
+		pos, msg := a.processStruct(pass, lit, structTyp, typeInfo)
+		if pos != nil {
+			pass.Reportf(*pos, msg)
+		}
+
+		return true
+	}
+}
+
+func getStructType(pass *analysis.Pass, lit *ast.CompositeLit) (*types.Struct, *TypeInfo, bool) {
+	switch typ := pass.TypesInfo.TypeOf(lit).(type) {
+	case *types.Named: // named type
+		if structTyp, ok := typ.Underlying().(*types.Struct); ok {
+			pkg := typ.Obj().Pkg()
+			ti := TypeInfo{
+				Name:        typ.Obj().Name(),
+				PackageName: pkg.Name(),
+				PackagePath: pkg.Path(),
+			}
+
+			return structTyp, &ti, true
+		}
+
+		return nil, nil, false
+
+	case *types.Struct: // anonymous struct
+		ti := TypeInfo{
+			Name:        "<anonymous>",
+			PackageName: pass.Pkg.Name(),
+			PackagePath: pass.Pkg.Path(),
+		}
+
+		return typ, &ti, true
+
+	default:
+		return nil, nil, false
+	}
+}
+
+func stackParentIsReturn(stack []ast.Node) (*ast.ReturnStmt, bool) {
+	// it is safe to skip boundary check, since stack always has at least one element
+	// - whole file.
+	ret, ok := stack[len(stack)-2].(*ast.ReturnStmt)
+
+	return ret, ok
+}
+
+func returnContainsNonNilError(pass *analysis.Pass, ret *ast.ReturnStmt) bool {
+	// errors are mostly located at the end of return statement, so we're starting
+	// from the end.
+	for i := len(ret.Results) - 1; i >= 0; i-- {
+		if pass.TypesInfo.TypeOf(ret.Results[i]).String() == "error" {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (a *analyzer) processStruct(
+	pass *analysis.Pass,
+	lit *ast.CompositeLit,
+	structTyp *types.Struct,
+	info *TypeInfo,
+) (*token.Pos, string) {
+	if !a.shouldProcessType(info) {
+		return nil, ""
+	}
+
+	// unnamed structures are only defined in same package, along with types that has
+	// prefix identical to current package name.
+	isSamePackage := info.PackagePath == pass.Pkg.Path()
+
+	if f := a.litSkippedFields(lit, structTyp, !isSamePackage); len(f) > 0 {
+		pos := lit.Pos()
+
+		if len(f) == 1 {
+			return &pos, fmt.Sprintf("%s is missing field %s", info.ShortString(), f.String())
+		}
+
+		return &pos, fmt.Sprintf("%s is missing fields %s", info.ShortString(), f.String())
+	}
+
+	return nil, ""
+}
+
+// shouldProcessType returns true if type should be processed basing off include
+// and exclude patterns, defined though constructor and\or flags.
+func (a *analyzer) shouldProcessType(info *TypeInfo) bool {
+	if len(a.include) == 0 && len(a.exclude) == 0 {
+		return true
+	}
+
+	name := info.String()
+
+	a.typeProcessingNeedMu.RLock()
+	res, ok := a.typeProcessingNeed[name]
+	a.typeProcessingNeedMu.RUnlock()
+
+	if !ok {
+		a.typeProcessingNeedMu.Lock()
+		res = true
+
+		if a.include != nil && !a.include.MatchFullString(name) {
+			res = false
+		}
+
+		if res && a.exclude != nil && a.exclude.MatchFullString(name) {
+			res = false
+		}
+
+		a.typeProcessingNeed[name] = res
+		a.typeProcessingNeedMu.Unlock()
+	}
+
+	return res
+}
+
+//revive:disable-next-line:unused-receiver
+func (a *analyzer) litSkippedFields(
+	lit *ast.CompositeLit,
+	typ *types.Struct,
+	onlyExported bool,
+) fields.StructFields {
+	a.fieldsCacheMu.RLock()
+	f, ok := a.fieldsCache[typ]
+	a.fieldsCacheMu.RUnlock()
+
+	if !ok {
+		a.fieldsCacheMu.Lock()
+		f = fields.NewStructFields(typ)
+		a.fieldsCache[typ] = f
+		a.fieldsCacheMu.Unlock()
+	}
+
+	return f.SkippedFields(lit, onlyExported)
+}
+
+type TypeInfo struct {
+	Name        string
+	PackageName string
+	PackagePath string
+}
+
+func (t TypeInfo) String() string {
+	return t.PackagePath + "." + t.Name
+}
+
+func (t TypeInfo) ShortString() string {
+	return t.PackageName + "." + t.Name
+}
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields/struct.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields/struct.go
new file mode 100644
index 000000000..af2390e87
--- /dev/null
+++ b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields/struct.go
@@ -0,0 +1,124 @@
+package fields
+
+import (
+	"go/ast"
+	"go/types"
+	"reflect"
+)
+
+const (
+	TagName          = "exhaustruct"
+	OptionalTagValue = "optional"
+)
+
+type StructField struct {
+	Name     string
+	Exported bool
+	Optional bool
+}
+
+type StructFields []*StructField
+
+// NewStructFields creates a new [StructFields] from a given struct type.
+// StructFields items are listed in order they appear in the struct.
+func NewStructFields(strct *types.Struct) StructFields {
+	sf := make(StructFields, 0, strct.NumFields())
+
+	for i := 0; i < strct.NumFields(); i++ {
+		f := strct.Field(i)
+
+		sf = append(sf, &StructField{
+			Name:     f.Name(),
+			Exported: f.Exported(),
+			Optional: HasOptionalTag(strct.Tag(i)),
+		})
+	}
+
+	return sf
+}
+
+func HasOptionalTag(tags string) bool {
+	return reflect.StructTag(tags).Get(TagName) == OptionalTagValue
+}
+
+// String returns a comma-separated list of field names.
+func (sf StructFields) String() (res string) {
+	for i := 0; i < len(sf); i++ {
+		if res != "" {
+			res += ", "
+		}
+
+		res += sf[i].Name
+	}
+
+	return res
+}
+
+// SkippedFields returns a list of fields that are not present in the given
+// literal, but expected to.
+//
+//revive:disable-next-line:cyclomatic
+func (sf StructFields) SkippedFields(lit *ast.CompositeLit, onlyExported bool) StructFields {
+	if len(lit.Elts) != 0 && !isNamedLiteral(lit) {
+		if len(lit.Elts) == len(sf) {
+			return nil
+		}
+
+		return sf[len(lit.Elts):]
+	}
+
+	em := sf.existenceMap()
+	res := make(StructFields, 0, len(sf))
+
+	for i := 0; i < len(lit.Elts); i++ {
+		kv, ok := lit.Elts[i].(*ast.KeyValueExpr)
+		if !ok {
+			continue
+		}
+
+		k, ok := kv.Key.(*ast.Ident)
+		if !ok {
+			continue
+		}
+
+		em[k.Name] = true
+	}
+
+	for i := 0; i < len(sf); i++ {
+		if em[sf[i].Name] || (!sf[i].Exported && onlyExported) || sf[i].Optional {
+			continue
+		}
+
+		res = append(res, sf[i])
+	}
+
+	if len(res) == 0 {
+		return nil
+	}
+
+	return res
+}
+
+func (sf StructFields) existenceMap() map[string]bool {
+	m := make(map[string]bool, len(sf))
+
+	for i := 0; i < len(sf); i++ {
+		m[sf[i].Name] = false
+	}
+
+	return m
+}
+
+// isNamedLiteral returns true if the given literal is unnamed.
+//
+// The logic is basing on the principle that literal is named or unnamed,
+// therefore is literal's first element is a [ast.KeyValueExpr], it is named.
+//
+// Method will panic if the given literal is empty.
+func isNamedLiteral(lit *ast.CompositeLit) bool {
+	if _, ok := lit.Elts[0].(*ast.KeyValueExpr); !ok {
+		return false
+	}
+
+	return true
+}
diff --git a/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern/list.go b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern/list.go
new file mode 100644
index 000000000..a16e5058d
--- /dev/null
+++ b/vendor/github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern/list.go
@@ -0,0 +1,82 @@
+package pattern
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+var (
+	ErrEmptyPattern      = fmt.Errorf("pattern can't be empty")
+	ErrCompilationFailed = fmt.Errorf("pattern compilation failed")
+)
+
+// List is a list of regular expressions.
+type List []*regexp.Regexp
+
+// NewList parses slice of strings to a slice of compiled regular expressions.
+func NewList(strs ...string) (List, error) {
+	if len(strs) == 0 {
+		return nil, nil
+	}
+
+	l := make(List, 0, len(strs))
+
+	for _, str := range strs {
+		re, err := strToRe(str)
+		if err != nil {
+			return nil, err
+		}
+
+		l = append(l, re)
+	}
+
+	return l, nil
+}
+
+// MatchFullString matches provided string against all regexps in a slice and returns
+// true if any of them matches whole string.
+func (l List) MatchFullString(str string) bool {
+	for i := 0; i < len(l); i++ {
+		if m := l[i].FindStringSubmatch(str); len(m) > 0 && m[0] == str {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (l *List) Set(value string) error {
+	re, err := strToRe(value)
+	if err != nil {
+		return err
+	}
+
+	*l = append(*l, re)
+
+	return nil
+}
+
+func (l *List) String() string {
+	res := make([]string, 0, len(*l))
+
+	for _, re := range *l {
+		res = append(res, `"`+re.String()+`"`)
+	}
+
+	return strings.Join(res, ", ")
+}
+
+// strToRe parses string to a compiled regular expression that matches full string.
+func strToRe(str string) (*regexp.Regexp, error) {
+	if str == "" {
+		return nil, ErrEmptyPattern
+	}
+
+	re, err := regexp.Compile(str)
+	if err != nil {
+		return nil, fmt.Errorf("%w: %s: %w", ErrCompilationFailed, str, err)
+	}
+
+	return re, nil
+}
diff --git a/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md b/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md
index fcdd4e88a..2ce45dd4e 100644
--- a/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md
+++ b/vendor/github.com/Masterminds/sprig/v3/CHANGELOG.md
@@ -1,8 +1,21 @@
 # Changelog
 
+## Release 3.2.3 (2022-11-29)
+
+### Changed
+
+- Updated docs (thanks @book987 @aJetHorn @neelayu @pellizzetti @apricote @SaigyoujiYuyuko233 @AlekSi)
+- #348: Updated huandu/xstrings which fixed a snake case bug (thanks @yxxhero)
+- #353: Updated masterminds/semver which included bug fixes
+- #354: Updated golang.org/x/crypto which included bug fixes
+
+## Release 3.2.2 (2021-02-04)
+
+This is a re-release of 3.2.1 to satisfy something with the Go module system.
+
 ## Release 3.2.1 (2021-02-04)
 
-### Changed 
+### Changed
 
 - Upgraded `Masterminds/goutils` to `v1.1.1`. see the [Security Advisory](https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr)
 
diff --git a/vendor/github.com/Masterminds/sprig/v3/README.md b/vendor/github.com/Masterminds/sprig/v3/README.md
index c37ba01c2..3e22c60e1 100644
--- a/vendor/github.com/Masterminds/sprig/v3/README.md
+++ b/vendor/github.com/Masterminds/sprig/v3/README.md
@@ -17,10 +17,9 @@ JavaScript libraries, such as [underscore.js](http://underscorejs.org/).
 ## IMPORTANT NOTES
 
 Sprig leverages [mergo](https://github.com/imdario/mergo) to handle merges. In
-its v0.3.9 release there was a behavior change that impacts merging template
-functions in sprig. It is currently recommended to use v0.3.8 of that package.
-Using v0.3.9 will cause sprig tests to fail. The issue in mergo is tracked at
-https://github.com/imdario/mergo/issues/139.
+its v0.3.9 release, there was a behavior change that impacts merging template
+functions in sprig. It is currently recommended to use v0.3.10 or later of that package.
+Using v0.3.9 will cause sprig tests to fail.
 
 ## Package Versions
 
@@ -51,7 +50,7 @@ To load the Sprig `FuncMap`:
 ```go
 
 import (
-  "github.com/Masterminds/sprig"
+  "github.com/Masterminds/sprig/v3"
   "html/template"
 )
 
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
index ffdd51513..df04262e9 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
@@ -73,7 +73,9 @@ func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err er
 func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
 	var pk, ss x448lib.Key
 	seed, e, err := c.generateKeyPairBytes(rand)
-
+	if err != nil {
+		return nil, nil, err
+	}
 	copy(pk[:], point)
 	x448lib.Shared(&ss, &seed, &pk)
 
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
index 609e9fc1f..e9bbf0327 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
@@ -24,10 +24,10 @@ type SymmetricallyEncrypted struct {
 	prefix []byte
 
 	// Specific to version 2
-	cipher        CipherFunction
-	mode          AEADMode
-	chunkSizeByte byte
-	salt          [aeadSaltSize]byte
+	Cipher        CipherFunction
+	Mode          AEADMode
+	ChunkSizeByte byte
+	Salt          [aeadSaltSize]byte
 }
 
 const (
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
index 969c42236..e96252c19 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
@@ -7,9 +7,10 @@ package packet
 import (
 	"crypto/cipher"
 	"crypto/sha256"
+	"io"
+
 	"github.com/ProtonMail/go-crypto/openpgp/errors"
 	"golang.org/x/crypto/hkdf"
-	"io"
 )
 
 // parseAead parses a V2 SEIPD packet (AEAD) as specified in
@@ -21,26 +22,26 @@ func (se *SymmetricallyEncrypted) parseAead(r io.Reader) error {
 	}
 
 	// Cipher
-	se.cipher = CipherFunction(headerData[0])
+	se.Cipher = CipherFunction(headerData[0])
 	// cipherFunc must have block size 16 to use AEAD
-	if se.cipher.blockSize() != 16 {
-		return errors.UnsupportedError("invalid aead cipher: " + string(se.cipher))
+	if se.Cipher.blockSize() != 16 {
+		return errors.UnsupportedError("invalid aead cipher: " + string(se.Cipher))
 	}
 
 	// Mode
-	se.mode = AEADMode(headerData[1])
-	if se.mode.TagLength() == 0 {
-		return errors.UnsupportedError("unknown aead mode: " + string(se.mode))
+	se.Mode = AEADMode(headerData[1])
+	if se.Mode.TagLength() == 0 {
+		return errors.UnsupportedError("unknown aead mode: " + string(se.Mode))
 	}
 
 	// Chunk size
-	se.chunkSizeByte = headerData[2]
-	if se.chunkSizeByte > 16 {
-		return errors.UnsupportedError("invalid aead chunk size byte: " + string(se.chunkSizeByte))
+	se.ChunkSizeByte = headerData[2]
+	if se.ChunkSizeByte > 16 {
+		return errors.UnsupportedError("invalid aead chunk size byte: " + string(se.ChunkSizeByte))
 	}
 
 	// Salt
-	if n, err := io.ReadFull(r, se.salt[:]); n < aeadSaltSize {
+	if n, err := io.ReadFull(r, se.Salt[:]); n < aeadSaltSize {
 		return errors.StructuralError("could not read aead salt: " + err.Error())
 	}
 
@@ -52,19 +53,19 @@ func (se *SymmetricallyEncrypted) associatedData() []byte {
 	return []byte{
 		0xD2,
 		symmetricallyEncryptedVersionAead,
-		byte(se.cipher),
-		byte(se.mode),
-		se.chunkSizeByte,
+		byte(se.Cipher),
+		byte(se.Mode),
+		se.ChunkSizeByte,
 	}
 }
 
 // decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in
 // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
 func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) {
-	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.cipher, se.mode, inputKey, se.salt[:], se.associatedData())
+	aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData())
 
 	// Carry the first tagLen bytes
-	tagLen := se.mode.TagLength()
+	tagLen := se.Mode.TagLength()
 	peekedBytes := make([]byte, tagLen)
 	n, err := io.ReadFull(se.Contents, peekedBytes)
 	if n < tagLen || (err != nil && err != io.EOF) {
@@ -74,7 +75,7 @@ func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, e
 	return &aeadDecrypter{
 		aeadCrypter: aeadCrypter{
 			aead:           aead,
-			chunkSize:      decodeAEADChunkSize(se.chunkSizeByte),
+			chunkSize:      decodeAEADChunkSize(se.ChunkSizeByte),
 			initialNonce:   nonce,
 			associatedData: se.associatedData(),
 			chunkIndex:     make([]byte, 8),
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/.goreleaser.yml b/vendor/github.com/alecthomas/go-check-sumtype/.goreleaser.yml
new file mode 100644
index 000000000..33bd03d06
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/.goreleaser.yml
@@ -0,0 +1,32 @@
+project_name: go-check-sumtype
+release:
+  github:
+    owner: alecthomas
+    name: go-check-sumtype
+env:
+  - CGO_ENABLED=0
+builds:
+- goos:
+    - linux
+    - darwin
+    - windows
+  goarch:
+    - arm64
+    - amd64
+    - "386"
+  goarm:
+    - "6"
+  main: ./cmd/go-check-sumtype
+  binary: go-check-sumtype
+archives:
+  -
+    format: tar.gz
+    name_template: '{{ .Binary }}-{{ .Version }}-{{ .Os }}-{{ .Arch }}{{ if .Arm }}v{{
+    .Arm }}{{ end }}'
+    files:
+      - COPYING
+      - README*
+snapshot:
+  name_template: SNAPSHOT-{{ .Commit }}
+checksum:
+  name_template: '{{ .ProjectName }}-{{ .Version }}-checksums.txt'
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/COPYING b/vendor/github.com/alecthomas/go-check-sumtype/COPYING
new file mode 100644
index 000000000..bb9c20a09
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/COPYING
@@ -0,0 +1,3 @@
+This project is dual-licensed under the Unlicense and MIT licenses.
+
+You may use this code under the terms of either license.
diff --git a/vendor/go.uber.org/atomic/LICENSE.txt b/vendor/github.com/alecthomas/go-check-sumtype/LICENSE-MIT
similarity index 94%
rename from vendor/go.uber.org/atomic/LICENSE.txt
rename to vendor/github.com/alecthomas/go-check-sumtype/LICENSE-MIT
index 8765c9fbc..3b0a5dc09 100644
--- a/vendor/go.uber.org/atomic/LICENSE.txt
+++ b/vendor/github.com/alecthomas/go-check-sumtype/LICENSE-MIT
@@ -1,4 +1,6 @@
-Copyright (c) 2016 Uber Technologies, Inc.
+The MIT License (MIT)
+
+Copyright (c) 2015 Andrew Gallant
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/README.md b/vendor/github.com/alecthomas/go-check-sumtype/README.md
new file mode 100644
index 000000000..36614ef40
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/README.md
@@ -0,0 +1,120 @@
+**Note: This is a fork of the great project [go-sumtype](https://github.com/BurntSushi/go-sumtype) by BurntSushi.**
+**The original seems largely unmaintained, and the changes in this fork are backwards incompatible.**
+
+# go-check-sumtype [![CI](https://github.com/alecthomas/go-check-sumtype/actions/workflows/ci.yml/badge.svg)](https://github.com/alecthomas/go-check-sumtype/actions/workflows/ci.yml)
+A simple utility for running exhaustiveness checks on type switch statements.
+Exhaustiveness checks are only run on interfaces that are declared to be
+"sum types."
+
+Dual-licensed under MIT or the [UNLICENSE](http://unlicense.org).
+
+This work was inspired by our code at
+[Diffeo](https://diffeo.com).
+
+## Installation
+
+```go
+$ go get github.com/alecthomas/go-check-sumtype
+```
+
+For usage info, just run the command:
+
+```
+$ go-check-sumtype
+```
+
+Typical usage might look like this:
+
+```
+$ go-check-sumtype $(go list ./... | grep -v vendor)
+```
+
+## Usage
+
+`go-check-sumtype` takes a list of Go package paths or files and looks for sum type
+declarations in each package/file provided. Exhaustiveness checks are then
+performed for each use of a declared sum type in a type switch statement.
+Namely, `go-check-sumtype` will report an error for any type switch statement that
+either lacks a `default` clause or does not account for all possible variants.
+
+Declarations are provided in comments like so:
+
+```
+//sumtype:decl
+type MySumType interface { ... }
+```
+
+`MySumType` must be *sealed*. That is, part of its interface definition
+contains an unexported method.
+
+`go-check-sumtype` will produce an error if any of the above is not true.
+
+For valid declarations, `go-check-sumtype` will look for all occurrences in which a
+value of type `MySumType` participates in a type switch statement. In those
+occurrences, it will attempt to detect whether the type switch is exhaustive
+or not. If it's not, `go-check-sumtype` will report an error. For example, running
+`go-check-sumtype` on this source file:
+
+```go
+package main
+
+//sumtype:decl
+type MySumType interface {
+        sealed()
+}
+
+type VariantA struct{}
+
+func (*VariantA) sealed() {}
+
+type VariantB struct{}
+
+func (*VariantB) sealed() {}
+
+func main() {
+        switch MySumType(nil).(type) {
+        case *VariantA:
+        }
+}
+```
+
+produces the following:
+
+```
+$ sumtype mysumtype.go
+mysumtype.go:18:2: exhaustiveness check failed for sum type 'MySumType': missing cases for VariantB
+```
+
+Adding either a `default` clause or a clause to handle `*VariantB` will cause
+exhaustive checks to pass.
+
+As a special case, if the type switch statement contains a `default` clause
+that always panics, then exhaustiveness checks are still performed.
+
+## Details and motivation
+
+Sum types are otherwise known as discriminated unions. That is, a sum type is
+a finite set of disjoint values. In type systems that support sum types, the
+language will guarantee that if one has a sum type `T`, then its value must
+be one of its variants.
+
+Go's type system does not support sum types. A typical proxy for representing
+sum types in Go is to use an interface with an unexported method and define
+each variant of the sum type in the same package to satisfy said interface.
+This guarantees that the set of types that satisfy the interface is closed
+at compile time. Performing case analysis on these types is then done with
+a type switch statement, e.g., `switch x.(type) { ... }`. Each clause of the
+type switch corresponds to a *variant* of the sum type. The downside of this
+approach is that Go's type system is not aware of the set of variants, so it
+cannot tell you whether case analysis over a sum type is complete or not.
+
+The `go-check-sumtype` command recognizes this pattern, but it needs a small amount
+of help to recognize which interfaces should be treated as sum types, which
+is why the `//sumtype:decl` annotation is required. `go-check-sumtype` will
+figure out all of the variants of a sum type by finding the set of types
+defined in the same package that satisfy the interface specified by the
+declaration.
+
+The `go-check-sumtype` command will prove its worth when you need to add a variant
+to an existing sum type. Running `go-check-sumtype` will tell you immediately which
+case analyses need to be updated to account for the new variant.
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/UNLICENSE b/vendor/github.com/alecthomas/go-check-sumtype/UNLICENSE
new file mode 100644
index 000000000..68a49daad
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/UNLICENSE
@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org/>
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/check.go b/vendor/github.com/alecthomas/go-check-sumtype/check.go
new file mode 100644
index 000000000..21d751af4
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/check.go
@@ -0,0 +1,184 @@
+package gochecksumtype
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"sort"
+	"strings"
+
+	"golang.org/x/tools/go/packages"
+)
+
+// inexhaustiveError is returned from check for each occurrence of inexhaustive
+// case analysis in a Go type switch statement.
+type inexhaustiveError struct {
+	Position token.Position
+	Def      sumTypeDef
+	Missing  []types.Object
+}
+
+func (e inexhaustiveError) Pos() token.Position { return e.Position }
+func (e inexhaustiveError) Error() string {
+	return fmt.Sprintf(
+		"%s: exhaustiveness check failed for sum type %q (from %s): missing cases for %s",
+		e.Pos(), e.Def.Decl.TypeName, e.Def.Decl.Pos, strings.Join(e.Names(), ", "))
+}
+
+// Names returns a sorted list of names corresponding to the missing variant
+// cases.
+func (e inexhaustiveError) Names() []string {
+	var list []string
+	for _, o := range e.Missing {
+		list = append(list, o.Name())
+	}
+	sort.Strings(list)
+	return list
+}
+
+// check does exhaustiveness checking for the given sum type definitions in the
+// given package. Every instance of inexhaustive case analysis is returned.
+func check(pkg *packages.Package, defs []sumTypeDef) []error {
+	var errs []error
+	for _, astfile := range pkg.Syntax {
+		ast.Inspect(astfile, func(n ast.Node) bool {
+			swtch, ok := n.(*ast.TypeSwitchStmt)
+			if !ok {
+				return true
+			}
+			if err := checkSwitch(pkg, defs, swtch); err != nil {
+				errs = append(errs, err)
+			}
+			return true
+		})
+	}
+	return errs
+}
+
+// checkSwitch performs an exhaustiveness check on the given type switch
+// statement. If the type switch is used on a sum type and does not cover
+// all variants of that sum type, then an error is returned indicating which
+// variants were missed.
+//
+// Note that if the type switch contains a non-panicing default case, then
+// exhaustiveness checks are disabled.
+func checkSwitch(
+	pkg *packages.Package,
+	defs []sumTypeDef,
+	swtch *ast.TypeSwitchStmt,
+) error {
+	def, missing := missingVariantsInSwitch(pkg, defs, swtch)
+	if len(missing) > 0 {
+		return inexhaustiveError{
+			Position: pkg.Fset.Position(swtch.Pos()),
+			Def:      *def,
+			Missing:  missing,
+		}
+	}
+	return nil
+}
+
+// missingVariantsInSwitch returns a list of missing variants corresponding to
+// the given switch statement. The corresponding sum type definition is also
+// returned. (If no sum type definition could be found, then no exhaustiveness
+// checks are performed, and therefore, no missing variants are returned.)
+func missingVariantsInSwitch(
+	pkg *packages.Package,
+	defs []sumTypeDef,
+	swtch *ast.TypeSwitchStmt,
+) (*sumTypeDef, []types.Object) {
+	asserted := findTypeAssertExpr(swtch)
+	ty := pkg.TypesInfo.TypeOf(asserted)
+	def := findDef(defs, ty)
+	if def == nil {
+		// We couldn't find a corresponding sum type, so there's
+		// nothing we can do to check it.
+		return nil, nil
+	}
+	variantExprs, hasDefault := switchVariants(swtch)
+	if hasDefault && !defaultClauseAlwaysPanics(swtch) {
+		// A catch-all case defeats all exhaustiveness checks.
+		return def, nil
+	}
+	var variantTypes []types.Type
+	for _, expr := range variantExprs {
+		variantTypes = append(variantTypes, pkg.TypesInfo.TypeOf(expr))
+	}
+	return def, def.missing(variantTypes)
+}
+
+// switchVariants returns all case expressions found in a type switch. This
+// includes expressions from cases that have a list of expressions.
+func switchVariants(swtch *ast.TypeSwitchStmt) (exprs []ast.Expr, hasDefault bool) {
+	for _, stmt := range swtch.Body.List {
+		clause := stmt.(*ast.CaseClause)
+		if clause.List == nil {
+			hasDefault = true
+		} else {
+			exprs = append(exprs, clause.List...)
+		}
+	}
+	return
+}
+
+// defaultClauseAlwaysPanics returns true if the given switch statement has a
+// default clause that always panics. Note that this is done on a best-effort
+// basis. While there will never be any false positives, there may be false
+// negatives.
+//
+// If the given switch statement has no default clause, then this function
+// panics.
+func defaultClauseAlwaysPanics(swtch *ast.TypeSwitchStmt) bool {
+	var clause *ast.CaseClause
+	for _, stmt := range swtch.Body.List {
+		c := stmt.(*ast.CaseClause)
+		if c.List == nil {
+			clause = c
+			break
+		}
+	}
+	if clause == nil {
+		panic("switch statement has no default clause")
+	}
+	if len(clause.Body) != 1 {
+		return false
+	}
+	exprStmt, ok := clause.Body[0].(*ast.ExprStmt)
+	if !ok {
+		return false
+	}
+	callExpr, ok := exprStmt.X.(*ast.CallExpr)
+	if !ok {
+		return false
+	}
+	fun, ok := callExpr.Fun.(*ast.Ident)
+	if !ok {
+		return false
+	}
+	return fun.Name == "panic"
+}
+
+// findTypeAssertExpr extracts the expression that is being type asserted from a
+// type swtich statement.
+func findTypeAssertExpr(swtch *ast.TypeSwitchStmt) ast.Expr {
+	var expr ast.Expr
+	if assign, ok := swtch.Assign.(*ast.AssignStmt); ok {
+		expr = assign.Rhs[0]
+	} else {
+		expr = swtch.Assign.(*ast.ExprStmt).X
+	}
+	return expr.(*ast.TypeAssertExpr).X
+}
+
+// findDef returns the sum type definition corresponding to the given type. If
+// no such sum type definition exists, then nil is returned.
+func findDef(defs []sumTypeDef, needle types.Type) *sumTypeDef {
+	for i := range defs {
+		def := &defs[i]
+		if types.Identical(needle.Underlying(), def.Ty) {
+			return def
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/decl.go b/vendor/github.com/alecthomas/go-check-sumtype/decl.go
new file mode 100644
index 000000000..ea2cd06df
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/decl.go
@@ -0,0 +1,68 @@
+package gochecksumtype
+
+import (
+	"go/ast"
+	"go/token"
+	"strings"
+
+	"golang.org/x/tools/go/packages"
+)
+
+// sumTypeDecl is a declaration of a sum type in a Go source file.
+type sumTypeDecl struct {
+	// The package path that contains this decl.
+	Package *packages.Package
+	// The type named by this decl.
+	TypeName string
+	// Position where the declaration was found.
+	Pos token.Position
+}
+
+// Location returns a short string describing where this declaration was found.
+func (d sumTypeDecl) Location() string {
+	return d.Pos.String()
+}
+
+// findSumTypeDecls searches every package given for sum type declarations of
+// the form `sumtype:decl`.
+func findSumTypeDecls(pkgs []*packages.Package) ([]sumTypeDecl, error) {
+	var decls []sumTypeDecl
+	var retErr error
+	for _, pkg := range pkgs {
+		for _, file := range pkg.Syntax {
+			ast.Inspect(file, func(node ast.Node) bool {
+				if node == nil {
+					return true
+				}
+				decl, ok := node.(*ast.GenDecl)
+				if !ok || decl.Doc == nil {
+					return true
+				}
+				var tspec *ast.TypeSpec
+				for _, spec := range decl.Specs {
+					ts, ok := spec.(*ast.TypeSpec)
+					if !ok {
+						continue
+					}
+					tspec = ts
+				}
+				for _, line := range decl.Doc.List {
+					if !strings.HasPrefix(line.Text, "//sumtype:decl") {
+						continue
+					}
+					pos := pkg.Fset.Position(decl.Pos())
+					if tspec == nil {
+						retErr = notFoundError{Decl: sumTypeDecl{Package: pkg, Pos: pos}}
+						return false
+					}
+					pos = pkg.Fset.Position(tspec.Pos())
+					decl := sumTypeDecl{Package: pkg, TypeName: tspec.Name.Name, Pos: pos}
+					decls = append(decls, decl)
+					break
+				}
+				return true
+			})
+		}
+	}
+	return decls, retErr
+}
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/def.go b/vendor/github.com/alecthomas/go-check-sumtype/def.go
new file mode 100644
index 000000000..811b98f98
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/def.go
@@ -0,0 +1,157 @@
+package gochecksumtype
+
+import (
+	"fmt"
+	"go/token"
+	"go/types"
+)
+
+// Error as returned by Run()
+type Error interface {
+	error
+	Pos() token.Position
+}
+
+// unsealedError corresponds to a declared sum type whose interface is not
+// sealed. A sealed interface requires at least one unexported method.
+type unsealedError struct {
+	Decl sumTypeDecl
+}
+
+func (e unsealedError) Pos() token.Position { return e.Decl.Pos }
+func (e unsealedError) Error() string {
+	return fmt.Sprintf(
+		"%s: interface '%s' is not sealed "+
+			"(sealing requires at least one unexported method)",
+		e.Decl.Location(), e.Decl.TypeName)
+}
+
+// notFoundError corresponds to a declared sum type whose type definition
+// could not be found in the same Go package.
+type notFoundError struct {
+	Decl sumTypeDecl
+}
+
+func (e notFoundError) Pos() token.Position { return e.Decl.Pos }
+func (e notFoundError) Error() string {
+	return fmt.Sprintf("%s: type '%s' is not defined", e.Decl.Location(), e.Decl.TypeName)
+}
+
+// notInterfaceError corresponds to a declared sum type that does not
+// correspond to an interface.
+type notInterfaceError struct {
+	Decl sumTypeDecl
+}
+
+func (e notInterfaceError) Pos() token.Position { return e.Decl.Pos }
+func (e notInterfaceError) Error() string {
+	return fmt.Sprintf("%s: type '%s' is not an interface", e.Decl.Location(), e.Decl.TypeName)
+}
+
+// sumTypeDef corresponds to the definition of a Go interface that is
+// interpreted as a sum type. Its variants are determined by finding all types
+// that implement said interface in the same package.
+type sumTypeDef struct {
+	Decl     sumTypeDecl
+	Ty       *types.Interface
+	Variants []types.Object
+}
+
+// findSumTypeDefs attempts to find a Go type definition for each of the given
+// sum type declarations. If no such sum type definition could be found for
+// any of the given declarations, then an error is returned.
+func findSumTypeDefs(decls []sumTypeDecl) ([]sumTypeDef, []error) {
+	var defs []sumTypeDef
+	var errs []error
+	for _, decl := range decls {
+		def, err := newSumTypeDef(decl.Package.Types, decl)
+		if err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		if def == nil {
+			errs = append(errs, notFoundError{decl})
+			continue
+		}
+		defs = append(defs, *def)
+	}
+	return defs, errs
+}
+
+// newSumTypeDef attempts to extract a sum type definition from a single
+// package. If no such type corresponds to the given decl, then this function
+// returns a nil def and a nil error.
+//
+// If the decl corresponds to a type that isn't an interface containing at
+// least one unexported method, then this returns an error.
+func newSumTypeDef(pkg *types.Package, decl sumTypeDecl) (*sumTypeDef, error) {
+	obj := pkg.Scope().Lookup(decl.TypeName)
+	if obj == nil {
+		return nil, nil
+	}
+	iface, ok := obj.Type().Underlying().(*types.Interface)
+	if !ok {
+		return nil, notInterfaceError{decl}
+	}
+	hasUnexported := false
+	for i := 0; i < iface.NumMethods(); i++ {
+		if !iface.Method(i).Exported() {
+			hasUnexported = true
+			break
+		}
+	}
+	if !hasUnexported {
+		return nil, unsealedError{decl}
+	}
+	def := &sumTypeDef{
+		Decl: decl,
+		Ty:   iface,
+	}
+	for _, name := range pkg.Scope().Names() {
+		obj, ok := pkg.Scope().Lookup(name).(*types.TypeName)
+		if !ok {
+			continue
+		}
+		ty := obj.Type()
+		if types.Identical(ty.Underlying(), iface) {
+			continue
+		}
+		if types.Implements(ty, iface) || types.Implements(types.NewPointer(ty), iface) {
+			def.Variants = append(def.Variants, obj)
+		}
+	}
+	return def, nil
+}
+
+func (def *sumTypeDef) String() string {
+	return def.Decl.TypeName
+}
+
+// missing returns a list of variants in this sum type that are not in the
+// given list of types.
+func (def *sumTypeDef) missing(tys []types.Type) []types.Object {
+	// TODO(ag): This is O(n^2). Fix that. /shrug
+	var missing []types.Object
+	for _, v := range def.Variants {
+		found := false
+		varty := indirect(v.Type())
+		for _, ty := range tys {
+			ty = indirect(ty)
+			if types.Identical(varty, ty) {
+				found = true
+			}
+		}
+		if !found {
+			missing = append(missing, v)
+		}
+	}
+	return missing
+}
+
+// indirect dereferences through an arbitrary number of pointer types.
+func indirect(ty types.Type) types.Type {
+	if ty, ok := ty.(*types.Pointer); ok {
+		return indirect(ty.Elem())
+	}
+	return ty
+}
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/doc.go b/vendor/github.com/alecthomas/go-check-sumtype/doc.go
new file mode 100644
index 000000000..2b6e86764
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/doc.go
@@ -0,0 +1,53 @@
+/*
+sumtype takes a list of Go package paths or files and looks for sum type
+declarations in each package/file provided. Exhaustiveness checks are then
+performed for each use of a declared sum type in a type switch statement.
+Namely, sumtype will report an error for any type switch statement that
+either lacks a default clause or does not account for all possible variants.
+
+Declarations are provided in comments like so:
+
+	//sumtype:decl
+	type MySumType interface { ... }
+
+MySumType must be *sealed*. That is, part of its interface definition contains
+an unexported method.
+
+sumtype will produce an error if any of the above is not true.
+
+For valid declarations, sumtype will look for all occurrences in which a
+value of type MySumType participates in a type switch statement. In those
+occurrences, it will attempt to detect whether the type switch is exhaustive
+or not. If it's not, sumtype will report an error. For example:
+
+	$ cat mysumtype.go
+	package gochecksumtype
+
+	//sumtype:decl
+	type MySumType interface {
+		sealed()
+	}
+
+	type VariantA struct{}
+
+	func (a *VariantA) sealed() {}
+
+	type VariantB struct{}
+
+	func (b *VariantB) sealed() {}
+
+	func main() {
+		switch MySumType(nil).(type) {
+		case *VariantA:
+		}
+	}
+	$ sumtype mysumtype.go
+	mysumtype.go:18:2: exhaustiveness check failed for sum type 'MySumType': missing cases for VariantB
+
+Adding either a default clause or a clause to handle *VariantB will cause
+exhaustive checks to pass.
+
+As a special case, if the type switch statement contains a default clause
+that always panics, then exhaustiveness checks are still performed.
+*/
+package gochecksumtype
diff --git a/vendor/github.com/alecthomas/go-check-sumtype/run.go b/vendor/github.com/alecthomas/go-check-sumtype/run.go
new file mode 100644
index 000000000..fdcb643c5
--- /dev/null
+++ b/vendor/github.com/alecthomas/go-check-sumtype/run.go
@@ -0,0 +1,26 @@
+package gochecksumtype
+
+import "golang.org/x/tools/go/packages"
+
+// Run sumtype checking on the given packages.
+func Run(pkgs []*packages.Package) []error {
+	var errs []error
+
+	decls, err := findSumTypeDecls(pkgs)
+	if err != nil {
+		return []error{err}
+	}
+
+	defs, defErrs := findSumTypeDefs(decls)
+	errs = append(errs, defErrs...)
+	if len(defs) == 0 {
+		return errs
+	}
+
+	for _, pkg := range pkgs {
+		if pkgErrs := check(pkg, defs); pkgErrs != nil {
+			errs = append(errs, pkgErrs...)
+		}
+	}
+	return errs
+}
diff --git a/vendor/github.com/ashanbrown/forbidigo/forbidigo/forbidigo.go b/vendor/github.com/ashanbrown/forbidigo/forbidigo/forbidigo.go
index 943a69975..a7a3ab591 100644
--- a/vendor/github.com/ashanbrown/forbidigo/forbidigo/forbidigo.go
+++ b/vendor/github.com/ashanbrown/forbidigo/forbidigo/forbidigo.go
@@ -186,7 +186,40 @@ func (v *visitor) Visit(node ast.Node) ast.Visitor {
 		if isGodocExample && v.cfg.ExcludeGodocExamples {
 			return nil
 		}
-		return v
+		ast.Walk(v, node.Type)
+		if node.Body != nil {
+			ast.Walk(v, node.Body)
+		}
+		return nil
+	// Ignore constant and type names
+	case *ast.ValueSpec:
+		// Look at only type and values for const and variable specs, and not names
+		if node.Type != nil {
+			ast.Walk(v, node.Type)
+		}
+		if node.Values != nil {
+			for _, x := range node.Values {
+				ast.Walk(v, x)
+			}
+		}
+		return nil
+	// Ignore import alias names
+	case *ast.ImportSpec:
+		return nil
+	// Ignore type names
+	case *ast.TypeSpec:
+		// Look at only type parameters for type spec
+		if node.TypeParams != nil {
+			ast.Walk(v, node.TypeParams)
+		}
+		ast.Walk(v, node.Type)
+		return nil
+	// Ignore field names
+	case *ast.Field:
+		if node.Type != nil {
+			ast.Walk(v, node.Type)
+		}
+		return nil
 	// The following two are handled below.
 	case *ast.SelectorExpr:
 	case *ast.Ident:
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
index 804f5f15c..1f4384c96 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/CHANGELOG.md
@@ -1,3 +1,1016 @@
+# Release (2023-10-12)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.21.2
+  * **Bug Fix**: Improve recognition of retryable DNS errors.
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.45](config/CHANGELOG.md#v11845-2023-10-12)
+  * **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.27.0](service/auditmanager/CHANGELOG.md#v1270-2023-10-12)
+  * **Feature**: This release introduces a new limit to the awsAccounts parameter. When you create or update an assessment, there is now a limit of 200 AWS accounts that can be specified in the assessment scope.
+* `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.31.0](service/autoscaling/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Update the NotificationMetadata field to only allow visible ascii characters. Add paginators to DescribeInstanceRefreshes, DescribeLoadBalancers, and DescribeLoadBalancerTargetGroups
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.37.0](service/configservice/CHANGELOG.md#v1370-2023-10-12)
+  * **Feature**: Add enums for resource types supported by Config
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.4.0](service/controltower/CHANGELOG.md#v140-2023-10-12)
+  * **Feature**: Added new EnabledControl resource details to ListEnabledControls API and added new GetEnabledControl API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.29.0](service/customerprofiles/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles Calculated Attribute API model.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.125.0](service/ec2/CHANGELOG.md#v11250-2023-10-12)
+  * **Feature**: This release adds Ubuntu Pro as a supported platform for On-Demand Capacity Reservations and adds support for setting an Amazon Machine Image (AMI) to disabled state. Disabling the AMI makes it private if it was previously shared, and prevents new EC2 instance launches from it.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.6](service/elasticloadbalancingv2/CHANGELOG.md#v1216-2023-10-12)
+  * **Documentation**: This release enables routing policies with Availability Zone affinity for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.63.0](service/glue/CHANGELOG.md#v1630-2023-10-12)
+  * **Feature**: Extending version control support to GitLab and Bitbucket from AWSGlue
+* `github.com/aws/aws-sdk-go-v2/service/inspector2`: [v1.17.0](service/inspector2/CHANGELOG.md#v1170-2023-10-12)
+  * **Feature**: Add MacOs ec2 platform support
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.5.0](service/ivsrealtime/CHANGELOG.md#v150-2023-10-12)
+  * **Feature**: Update GetParticipant to return additional metadata.
+* `github.com/aws/aws-sdk-go-v2/service/lambda`: [v1.40.0](service/lambda/CHANGELOG.md#v1400-2023-10-12)
+  * **Feature**: Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.28.0](service/location/CHANGELOG.md#v1280-2023-10-12)
+  * **Feature**: This release adds endpoint updates for all AWS Location resource operations.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.18.0](service/machinelearning/CHANGELOG.md#v1180-2023-10-12)
+  * **Feature**: This release marks Password field as sensitive
+* `github.com/aws/aws-sdk-go-v2/service/pricing`: [v1.21.9](service/pricing/CHANGELOG.md#v1219-2023-10-12)
+  * **Documentation**: Documentation updates for Price List
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.56.0](service/rds/CHANGELOG.md#v1560-2023-10-12)
+  * **Feature**: This release adds support for adding a dedicated log volume to open-source RDS instances.
+* `github.com/aws/aws-sdk-go-v2/service/rekognition`: [v1.31.0](service/rekognition/CHANGELOG.md#v1310-2023-10-12)
+  * **Feature**: Amazon Rekognition introduces support for Custom Moderation. This allows the enhancement of accuracy for detect moderation labels operations by creating custom adapters tuned on customer data.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.111.0](service/sagemaker/CHANGELOG.md#v11110-2023-10-12)
+  * **Feature**: Amazon SageMaker Canvas adds KendraSettings and DirectDeploySettings support for CanvasAppSettings
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.25.0](service/textract/CHANGELOG.md#v1250-2023-10-12)
+  * **Feature**: This release adds 9 new APIs for adapter and adapter version management, 3 new APIs for tagging, and updates AnalyzeDocument and StartDocumentAnalysis API parameters for using adapters.
+* `github.com/aws/aws-sdk-go-v2/service/transcribe`: [v1.29.0](service/transcribe/CHANGELOG.md#v1290-2023-10-12)
+  * **Feature**: This release is to enable m4a format to customers
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.2](service/workspaces/CHANGELOG.md#v1312-2023-10-12)
+  * **Documentation**: Updated the CreateWorkspaces action documentation to clarify that the PCoIP protocol is only available for Windows bundles.
+
+# Release (2023-10-06)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.124.0](service/ec2/CHANGELOG.md#v11240-2023-10-06)
+  * **Feature**: Documentation updates for Elastic Compute Cloud (EC2).
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.33.0](service/fsx/CHANGELOG.md#v1330-2023-10-06)
+  * **Feature**: After performing steps to repair the Active Directory configuration of a file system, use this action to initiate the process of attempting to recover to the file system.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecatalog`: [v1.18.0](service/marketplacecatalog/CHANGELOG.md#v1180-2023-10-06)
+  * **Feature**: This release adds support for Document type as an alternative for stringified JSON for StartChangeSet, DescribeChangeSet and DescribeEntity APIs
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.45.0](service/quicksight/CHANGELOG.md#v1450-2023-10-06)
+  * **Feature**: NullOption in FilterListConfiguration; Dataset schema/table max length increased; Support total placement for pivot table visual; Lenient mode relaxes the validation to create resources with definition; Data sources can be added to folders; Redshift data sources support IAM Role-based authentication
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.34.0](service/transfer/CHANGELOG.md#v1340-2023-10-06)
+  * **Feature**: This release updates the max character limit of PreAuthenticationLoginBanner and PostAuthenticationLoginBanner to 4096 characters
+
+# Release (2023-10-05)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.10.0](service/omics/CHANGELOG.md#v1100-2023-10-05)
+  * **Feature**: Add Etag Support for Omics Storage in ListReadSets and GetReadSetMetadata API
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.1](service/rds/CHANGELOG.md#v1551-2023-10-05)
+  * **Documentation**: Updates Amazon RDS documentation for corrections and minor improvements.
+* `github.com/aws/aws-sdk-go-v2/service/route53`: [v1.30.0](service/route53/CHANGELOG.md#v1300-2023-10-05)
+  * **Feature**: Add hostedzonetype filter to ListHostedZones API.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.37.0](service/securityhub/CHANGELOG.md#v1370-2023-10-05)
+  * **Feature**: Added new resource detail objects to ASFF, including resources for AwsEventsEventbus, AwsEventsEndpoint, AwsDmsEndpoint, AwsDmsReplicationTask, AwsDmsReplicationInstance, AwsRoute53HostedZone, and AwsMskCluster
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.21.0](service/storagegateway/CHANGELOG.md#v1210-2023-10-05)
+  * **Feature**: Add SoftwareVersion to response of DescribeGatewayInformation.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.31.0](service/workspaces/CHANGELOG.md#v1310-2023-10-05)
+  * **Feature**: This release introduces Manage applications. This feature allows users to manage their WorkSpaces applications by associating or disassociating their WorkSpaces with applications. The DescribeWorkspaces API will now additionally return OperatingSystemName in its responses.
+
+# Release (2023-10-04)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.21.0](service/appconfig/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: AWS AppConfig introduces KMS customer-managed key (CMK) encryption support for data saved to AppConfig's hosted configuration store.
+* `github.com/aws/aws-sdk-go-v2/service/datazone`: [v1.0.0](service/datazone/CHANGELOG.md#v100-2023-10-04)
+  * **Release**: New AWS service client module
+  * **Feature**: Initial release of Amazon DataZone
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.28.0](service/mediatailor/CHANGELOG.md#v1280-2023-10-04)
+  * **Feature**: Updates DescribeVodSource to include a list of ad break opportunities in the response
+* `github.com/aws/aws-sdk-go-v2/service/mgn`: [v1.21.0](service/mgn/CHANGELOG.md#v1210-2023-10-04)
+  * **Feature**: This release includes the following new APIs: ListConnectors, CreateConnector,  UpdateConnector, DeleteConnector and UpdateSourceServer to support the source action framework feature.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.110.0](service/sagemaker/CHANGELOG.md#v11100-2023-10-04)
+  * **Feature**: Adding support for AdditionalS3DataSource, a data source used for training or inference that is in addition to the input dataset or model data.
+
+# Release (2023-10-03)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.69.0](service/connect/CHANGELOG.md#v1690-2023-10-03)
+  * **Feature**: GetMetricDataV2 API: Update to include new metrics CONTACTS_RESOLVED_IN_X , AVG_HOLD_TIME_ALL_CONTACTS , AVG_RESOLUTION_TIME , ABANDONMENT_RATE , AGENT_NON_RESPONSE_WITHOUT_CUSTOMER_ABANDONS with added features: Interval Period, TimeZone, Negate MetricFilters, Extended date time range.
+* `github.com/aws/aws-sdk-go-v2/service/location`: [v1.27.0](service/location/CHANGELOG.md#v1270-2023-10-03)
+  * **Feature**: Amazon Location Service adds support for bounding polygon queries. Additionally, the GeofenceCount field has been added to the DescribeGeofenceCollection API response.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.43.0](service/mediaconvert/CHANGELOG.md#v1430-2023-10-03)
+  * **Feature**: This release adds the ability to replace video frames without modifying the audio essence.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.4.0](service/oam/CHANGELOG.md#v140-2023-10-03)
+  * **Feature**: This release adds support for sharing AWS::ApplicationInsights::Application resources.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.109.0](service/sagemaker/CHANGELOG.md#v11090-2023-10-03)
+  * **Feature**: This release allows users to run Selective Execution in SageMaker Pipelines without SourcePipelineExecutionArn if selected steps do not have any dependent steps.
+* `github.com/aws/aws-sdk-go-v2/service/wellarchitected`: [v1.23.0](service/wellarchitected/CHANGELOG.md#v1230-2023-10-03)
+  * **Feature**: AWS Well-Architected now supports Review Templates that allows you to create templates with pre-filled answers for Well-Architected and Custom Lens best practices.
+
+# Release (2023-10-02)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.1.0](service/bedrock/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Provisioned throughput feature with Amazon and third-party base models, and update validators for model identifier and taggable resource ARNs.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.1.0](service/bedrockruntime/CHANGELOG.md#v110-2023-10-02)
+  * **Feature**: Add model timeout exception for InvokeModelWithResponseStream API and update validator for invoke model identifier.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.123.0](service/ec2/CHANGELOG.md#v11230-2023-10-02)
+  * **Feature**: Introducing Amazon EC2 R7iz instances with 3.9 GHz sustained all-core turbo frequency and deliver up to 20% better performance than previous generation z1d instances.
+* `github.com/aws/aws-sdk-go-v2/service/managedblockchain`: [v1.16.6](service/managedblockchain/CHANGELOG.md#v1166-2023-10-02)
+  * **Documentation**: Remove Rinkeby as option from Ethereum APIs
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.55.0](service/rds/CHANGELOG.md#v1550-2023-10-02)
+  * **Feature**: Adds DefaultCertificateForNewLaunches field in the DescribeCertificates API response.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.15.0](service/sso/CHANGELOG.md#v1150-2023-10-02)
+  * **Feature**: Fix FIPS Endpoints in aws-us-gov.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.23.0](service/sts/CHANGELOG.md#v1230-2023-10-02)
+  * **Feature**: STS API updates for assumeRole
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.9](service/transfer/CHANGELOG.md#v1339-2023-10-02)
+  * **Documentation**: Documentation updates for AWS Transfer Family
+
+# Release (2023-09-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.0.0](service/bedrock/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Model Invocation logging added to enable or disable logs in customer account. Model listing and description support added. Provisioned Throughput feature added. Custom model support added for creating custom models. Also includes list, and delete functions for custom model.
+* `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.0.0](service/bedrockruntime/CHANGELOG.md#v100-2023-09-28)
+  * **Release**: New AWS service client module
+  * **Feature**: Run Inference: Added support to run the inference on models.  Includes set of APIs for running inference in streaming and non-streaming mode.
+* `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.17.0](service/budgets/CHANGELOG.md#v1170-2023-09-28)
+  * **Feature**: Update DescribeBudgets and DescribeBudgetNotificationsForAccount MaxResults limit to 1000.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.122.0](service/ec2/CHANGELOG.md#v11220-2023-09-28)
+  * **Feature**: Adds support for Customer Managed Key encryption for Amazon Verified Access resources
+* `github.com/aws/aws-sdk-go-v2/service/iotfleetwise`: [v1.6.0](service/iotfleetwise/CHANGELOG.md#v160-2023-09-28)
+  * **Feature**: AWS IoT FleetWise now supports encryption through a customer managed AWS KMS key. The PutEncryptionConfiguration and GetEncryptionConfiguration APIs were added.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.108.0](service/sagemaker/CHANGELOG.md#v11080-2023-09-28)
+  * **Feature**: Online store feature groups supports Standard and InMemory tier storage types for low latency storage for real-time data retrieval. The InMemory tier supports collection types List, Set, and Vector.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerfeaturestoreruntime`: [v1.18.0](service/sagemakerfeaturestoreruntime/CHANGELOG.md#v1180-2023-09-28)
+  * **Feature**: Feature Store supports read/write of records with collection type features.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.1](service/wafv2/CHANGELOG.md#v1391-2023-09-28)
+  * **Documentation**: Correct and improve the documentation for the FieldToMatch option JA3 fingerprint.
+
+# Release (2023-09-27)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.27.0](service/cognitoidentityprovider/CHANGELOG.md#v1270-2023-09-27)
+  * **Feature**: The UserPoolType Status field is no longer used.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.19.0](service/firehose/CHANGELOG.md#v1190-2023-09-27)
+  * **Feature**: Features : Adding support for new data ingestion source to Kinesis Firehose - AWS Managed Services Kafka.
+* `github.com/aws/aws-sdk-go-v2/service/iot`: [v1.40.0](service/iot/CHANGELOG.md#v1400-2023-09-27)
+  * **Feature**: Added support for IoT Rules Engine Kafka Action Headers
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.24.0](service/textract/CHANGELOG.md#v1240-2023-09-27)
+  * **Feature**: This release adds new feature - Layout to Analyze Document API which can automatically extract layout elements such as titles, paragraphs, headers, section headers, lists, page numbers, footers, table areas, key-value areas and figure areas and order the elements as a human would read.
+
+# Release (2023-09-26)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.18.0](service/appintegrations/CHANGELOG.md#v1180-2023-09-26)
+  * **Feature**: The Amazon AppIntegrations service adds a set of APIs (in preview) to manage third party applications to be used in Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.21.0](service/apprunner/CHANGELOG.md#v1210-2023-09-26)
+  * **Feature**: This release allows an App Runner customer to specify a custom source directory to run the build & start command. This change allows App Runner to support monorepo based repositories
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.1](service/codedeploy/CHANGELOG.md#v1181-2023-09-26)
+  * **Documentation**: CodeDeploy now supports In-place and Blue/Green EC2 deployments with multiple Classic Load Balancers and multiple Target Groups.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.68.0](service/connect/CHANGELOG.md#v1680-2023-09-26)
+  * **Feature**: This release updates a set of Amazon Connect APIs that provides the ability to integrate third party applications in the Amazon Connect agent workspace.
+* `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.22.0](service/dynamodb/CHANGELOG.md#v1220-2023-09-26)
+  * **Feature**: Amazon DynamoDB now supports Incremental Export as an enhancement to the existing Export Table
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.121.0](service/ec2/CHANGELOG.md#v11210-2023-09-26)
+  * **Feature**: The release includes AWS verified access to support FIPs compliance in North America regions
+* `github.com/aws/aws-sdk-go-v2/service/lakeformation`: [v1.24.0](service/lakeformation/CHANGELOG.md#v1240-2023-09-26)
+  * **Feature**: This release adds three new API support "CreateLakeFormationOptIn", "DeleteLakeFormationOptIn" and "ListLakeFormationOptIns", and also updates the corresponding documentation.
+* `github.com/aws/aws-sdk-go-v2/service/pinpoint`: [v1.22.6](service/pinpoint/CHANGELOG.md#v1226-2023-09-26)
+  * **Documentation**: Update documentation for RemoveAttributes to more accurately reflect its behavior when attributes are deleted.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.40.0](service/s3/CHANGELOG.md#v1400-2023-09-26)
+  * **Feature**: This release adds a new field COMPLETED to the ReplicationStatus Enum. You can now use this field to validate the replication status of S3 objects using the AWS SDK.
+
+# Release (2023-09-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.13.0](service/amplifyuibuilder/CHANGELOG.md#v1130-2023-09-25)
+  * **Feature**: Support for generating code that is compatible with future versions of amplify project dependencies.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.9.0](service/chimesdkmediapipelines/CHANGELOG.md#v190-2023-09-25)
+  * **Feature**: Adds support for sending WebRTC audio to Amazon Kineses Video Streams.
+* `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.11.0](service/emrserverless/CHANGELOG.md#v1110-2023-09-25)
+  * **Feature**: This release adds support for application-wide default job configurations.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.17.0](service/finspacedata/CHANGELOG.md#v1170-2023-09-25)
+  * **Feature**: Adding sensitive trait to attributes. Change max SessionDuration from 720 to 60. Correct "ApiAccess" attribute to "apiAccess" to maintain consistency between APIs.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.44.0](service/quicksight/CHANGELOG.md#v1440-2023-09-25)
+  * **Feature**: Added ability to tag users upon creation.
+* `github.com/aws/aws-sdk-go-v2/service/ssm`: [v1.38.0](service/ssm/CHANGELOG.md#v1380-2023-09-25)
+  * **Feature**: This release updates the enum values for ResourceType in SSM DescribeInstanceInformation input and ConnectionStatus in GetConnectionStatus output.
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.39.0](service/wafv2/CHANGELOG.md#v1390-2023-09-25)
+  * **Feature**: You can now perform an exact match against the web request's JA3 fingerprint.
+
+# Release (2023-09-22)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/config`: [v1.18.42](config/CHANGELOG.md#v11842-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/internal/ini`: [v1.3.43](internal/ini/CHANGELOG.md#v1343-2023-09-22)
+  * **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+  * **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.20.0](service/braket/CHANGELOG.md#v1200-2023-09-22)
+  * **Feature**: This release adds support to view the device queue depth (the number of queued quantum tasks and hybrid jobs on a device) and queue position for a quantum task and hybrid job.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.18.0](service/cloudwatchevents/CHANGELOG.md#v1180-2023-09-22)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.31.0](service/databasemigrationservice/CHANGELOG.md#v1310-2023-09-22)
+  * **Feature**: new vendors for DMS CSF: MongoDB, MariaDB, DocumentDb and Redshift
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.120.0](service/ec2/CHANGELOG.md#v11200-2023-09-22)
+  * **Feature**: EC2 M2 Pro Mac instances are powered by Apple M2 Pro Mac Mini computers featuring 12 core CPU, 19 core GPU, 32 GiB of memory, and 16 core Apple Neural Engine and uniquely enabled by the AWS Nitro System through high-speed Thunderbolt connections.
+* `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.21.7](service/efs/CHANGELOG.md#v1217-2023-09-22)
+  * **Documentation**: Documentation updates for Elastic File System
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.28.0](service/guardduty/CHANGELOG.md#v1280-2023-09-22)
+  * **Feature**: Add `EKS_CLUSTER_NAME` to filter and sort key.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.42.0](service/mediaconvert/CHANGELOG.md#v1420-2023-09-22)
+  * **Feature**: This release supports the creation of of audio-only tracks in CMAF output groups.
+
+# Release (2023-09-20)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.20.0](service/appconfig/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Enabling boto3 paginators for list APIs and adding documentation around ServiceQuotaExceededException errors
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.20.0](service/apprunner/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: This release adds improvements for managing App Runner auto scaling configuration resources. New APIs: UpdateDefaultAutoScalingConfiguration and ListServicesForAutoScalingConfiguration. Updated API: DeleteAutoScalingConfiguration.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.24.0](service/cloudwatchlogs/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Add ClientToken to QueryDefinition CFN Handler in CWL
+* `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.20.0](service/codeartifact/CHANGELOG.md#v1200-2023-09-20)
+  * **Feature**: Add support for the Swift package format.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideo`: [v1.18.4](service/kinesisvideo/CHANGELOG.md#v1184-2023-09-20)
+  * **Documentation**: Updated DescribeMediaStorageConfiguration, StartEdgeConfigurationUpdate, ImageGenerationConfiguration$SamplingInterval, and UpdateMediaStorageConfiguration to match AWS Docs.
+* `github.com/aws/aws-sdk-go-v2/service/s3`: [v1.39.0](service/s3/CHANGELOG.md#v1390-2023-09-20)
+  * **Feature**: Fix an issue where the SDK can fail to unmarshall response due to NumberFormatException
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.24.0](service/servicediscovery/CHANGELOG.md#v1240-2023-09-20)
+  * **Feature**: Adds a new DiscoverInstancesRevision API and also adds InstanceRevision field to the DiscoverInstances API response.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.17.0](service/ssooidc/CHANGELOG.md#v1170-2023-09-20)
+  * **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# Release (2023-09-19)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.119.0](service/ec2/CHANGELOG.md#v11190-2023-09-19)
+  * **Feature**: This release adds support for C7i, and R7a instance types.
+* `github.com/aws/aws-sdk-go-v2/service/outposts`: [v1.30.0](service/outposts/CHANGELOG.md#v1300-2023-09-19)
+  * **Feature**: This release adds the InstanceFamilies field to the ListAssets response.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.107.0](service/sagemaker/CHANGELOG.md#v11070-2023-09-19)
+  * **Feature**: This release adds support for one-time model monitoring schedules that are executed immediately without delay, explicit data analysis windows for model monitoring schedules and exclude features attributes to remove features from model monitor analysis.
+
+# Release (2023-09-18)
+
+## General Highlights
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/accessanalyzer`: [v1.21.0](service/accessanalyzer/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/acm`: [v1.19.0](service/acm/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/amplify`: [v1.15.0](service/amplify/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi`: [v1.13.0](service/apigatewaymanagementapi/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.19.0](service/appconfig/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appconfigdata`: [v1.8.0](service/appconfigdata/CHANGELOG.md#v180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.2.0](service/appfabric/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.17.0](service/appintegrations/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/applicationcostprofiler`: [v1.12.0](service/applicationcostprofiler/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.19.0](service/appmesh/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.3.0](service/arczonalshift/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/autoscalingplans`: [v1.15.0](service/autoscalingplans/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupgateway`: [v1.11.0](service/backupgateway/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/backupstorage`: [v1.3.0](service/backupstorage/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.19.0](service/braket/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.9.0](service/chimesdkvoice/CHANGELOG.md#v190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/clouddirectory`: [v1.15.0](service/clouddirectory/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsmv2`: [v1.16.0](service/cloudhsmv2/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearch`: [v1.16.0](service/cloudsearch/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudsearchdomain`: [v1.14.0](service/cloudsearchdomain/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudtraildata`: [v1.2.0](service/cloudtraildata/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codebuild`: [v1.22.0](service/codebuild/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.18.0](service/codedeploy/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codeguruprofiler`: [v1.15.0](service/codeguruprofiler/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurureviewer`: [v1.19.0](service/codegurureviewer/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.2.0](service/codegurusecurity/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestar`: [v1.15.0](service/codestar/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/codestarnotifications`: [v1.16.0](service/codestarnotifications/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentity`: [v1.17.0](service/cognitoidentity/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/cognitosync`: [v1.14.0](service/cognitosync/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.7.0](service/connectcases/CHANGELOG.md#v170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.15.0](service/connectcontactlens/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.3.0](service/controltower/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/databrew`: [v1.23.0](service/databrew/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dataexchange`: [v1.21.0](service/dataexchange/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/datapipeline`: [v1.16.0](service/datapipeline/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/dax`: [v1.14.0](service/dax/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/devicefarm`: [v1.17.0](service/devicefarm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/docdbelastic`: [v1.3.0](service/docdbelastic/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect`: [v1.17.0](service/ec2instanceconnect/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.18.0](service/ecrpublic/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk`: [v1.17.0](service/elasticbeanstalk/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing`: [v1.17.0](service/elasticloadbalancing/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/elastictranscoder`: [v1.16.0](service/elastictranscoder/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/evidently`: [v1.13.0](service/evidently/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.16.0](service/finspacedata/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/fis`: [v1.16.0](service/fis/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecast`: [v1.27.0](service/forecast/CHANGELOG.md#v1270-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/forecastquery`: [v1.15.0](service/forecastquery/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/gamesparks`: [v1.4.0](service/gamesparks/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.16.0](service/glacier/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrass`: [v1.17.0](service/greengrass/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/greengrassv2`: [v1.24.0](service/greengrassv2/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/honeycode`: [v1.15.0](service/honeycode/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/inspector`: [v1.15.0](service/inspector/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickdevicesservice`: [v1.13.0](service/iot1clickdevicesservice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iot1clickprojects`: [v1.14.0](service/iot1clickprojects/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotanalytics`: [v1.16.0](service/iotanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotevents`: [v1.17.0](service/iotevents/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ioteventsdata`: [v1.15.0](service/ioteventsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotfleethub`: [v1.15.0](service/iotfleethub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotjobsdataplane`: [v1.14.0](service/iotjobsdataplane/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotroborunner`: [v1.3.0](service/iotroborunner/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling`: [v1.17.0](service/iotsecuretunneling/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/iotthingsgraph`: [v1.16.0](service/iotthingsgraph/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ivschat`: [v1.6.0](service/ivschat/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kendraranking`: [v1.2.0](service/kendraranking/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesis`: [v1.19.0](service/kinesis/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisanalytics`: [v1.16.0](service/kinesisanalytics/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideoarchivedmedia`: [v1.17.0](service/kinesisvideoarchivedmedia/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideomedia`: [v1.13.0](service/kinesisvideomedia/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideosignaling`: [v1.13.0](service/kinesisvideosignaling/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/kinesisvideowebrtcstorage`: [v1.4.0](service/kinesisvideowebrtcstorage/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexmodelbuildingservice`: [v1.19.0](service/lexmodelbuildingservice/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimeservice`: [v1.15.0](service/lexruntimeservice/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lexruntimev2`: [v1.19.0](service/lexruntimev2/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanager`: [v1.20.0](service/licensemanager/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerlinuxsubscriptions`: [v1.3.0](service/licensemanagerlinuxsubscriptions/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/licensemanagerusersubscriptions`: [v1.4.0](service/licensemanagerusersubscriptions/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutmetrics`: [v1.21.0](service/lookoutmetrics/CHANGELOG.md#v1210-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutvision`: [v1.17.0](service/lookoutvision/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/machinelearning`: [v1.17.0](service/machinelearning/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie`: [v1.17.0](service/macie/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/macie2`: [v1.29.7](service/macie2/CHANGELOG.md#v1297-2023-09-18)
+  * **Documentation**: This release changes the default managedDataIdentifierSelector setting for new classification jobs to RECOMMENDED. By default, new classification jobs now use the recommended set of managed data identifiers.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacecommerceanalytics`: [v1.14.0](service/marketplacecommerceanalytics/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplaceentitlementservice`: [v1.14.0](service/marketplaceentitlementservice/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/marketplacemetering`: [v1.16.0](service/marketplacemetering/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagev2`: [v1.2.0](service/mediapackagev2/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediapackagevod`: [v1.24.0](service/mediapackagevod/CHANGELOG.md#v1240-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastore`: [v1.15.0](service/mediastore/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mediastoredata`: [v1.15.0](service/mediastoredata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/medicalimaging`: [v1.2.0](service/medicalimaging/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhub`: [v1.15.0](service/migrationhub/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubconfig`: [v1.15.0](service/migrationhubconfig/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhuborchestrator`: [v1.3.0](service/migrationhuborchestrator/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/migrationhubstrategy`: [v1.11.0](service/migrationhubstrategy/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mobile`: [v1.14.0](service/mobile/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/mturk`: [v1.16.0](service/mturk/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/neptune`: [v1.22.0](service/neptune/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/networkmanager`: [v1.19.0](service/networkmanager/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/nimble`: [v1.18.0](service/nimble/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/oam`: [v1.3.0](service/oam/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opensearchserverless`: [v1.5.0](service/opensearchserverless/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworks`: [v1.16.0](service/opsworks/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/opsworkscm`: [v1.17.0](service/opsworkscm/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/osis`: [v1.2.0](service/osis/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/panorama`: [v1.13.0](service/panorama/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptography`: [v1.2.0](service/paymentcryptography/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeevents`: [v1.15.0](service/personalizeevents/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/personalizeruntime`: [v1.15.0](service/personalizeruntime/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointemail`: [v1.14.0](service/pinpointemail/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoice`: [v1.13.0](service/pinpointsmsvoice/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pinpointsmsvoicev2`: [v1.3.0](service/pinpointsmsvoicev2/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/pipes`: [v1.4.0](service/pipes/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/qldbsession`: [v1.16.0](service/qldbsession/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rbin`: [v1.10.0](service/rbin/CHANGELOG.md#v1100-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rdsdata`: [v1.15.0](service/rdsdata/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/redshiftserverless`: [v1.6.0](service/redshiftserverless/CHANGELOG.md#v160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourceexplorer2`: [v1.4.0](service/resourceexplorer2/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroups`: [v1.16.0](service/resourcegroups/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi`: [v1.16.0](service/resourcegroupstaggingapi/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/robomaker`: [v1.20.0](service/robomaker/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycluster`: [v1.13.0](service/route53recoverycluster/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoverycontrolconfig`: [v1.13.0](service/route53recoverycontrolconfig/CHANGELOG.md#v1130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53recoveryreadiness`: [v1.11.0](service/route53recoveryreadiness/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/route53resolver`: [v1.20.0](service/route53resolver/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/rum`: [v1.12.0](service/rum/CHANGELOG.md#v1120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/s3outposts`: [v1.18.0](service/s3outposts/CHANGELOG.md#v1180-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakera2iruntime`: [v1.17.0](service/sagemakera2iruntime/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakeredge`: [v1.15.0](service/sagemakeredge/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakergeospatial`: [v1.5.0](service/sagemakergeospatial/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sagemakermetrics`: [v1.2.0](service/sagemakermetrics/CHANGELOG.md#v120-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/scheduler`: [v1.3.0](service/scheduler/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/schemas`: [v1.17.0](service/schemas/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/serverlessapplicationrepository`: [v1.14.0](service/serverlessapplicationrepository/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalogappregistry`: [v1.19.0](service/servicecatalogappregistry/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/servicediscovery`: [v1.23.0](service/servicediscovery/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/shield`: [v1.20.0](service/shield/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sms`: [v1.15.0](service/sms/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/snowdevicemanagement`: [v1.11.0](service/snowdevicemanagement/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sns`: [v1.22.0](service/sns/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmcontacts`: [v1.17.0](service/ssmcontacts/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmincidents`: [v1.23.0](service/ssmincidents/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssmsap`: [v1.5.0](service/ssmsap/CHANGELOG.md#v150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sso`: [v1.14.0](service/sso/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/ssooidc`: [v1.16.0](service/ssooidc/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/storagegateway`: [v1.20.0](service/storagegateway/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/sts`: [v1.22.0](service/sts/CHANGELOG.md#v1220-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/supportapp`: [v1.4.0](service/supportapp/CHANGELOG.md#v140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/synthetics`: [v1.19.0](service/synthetics/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/textract`: [v1.23.0](service/textract/CHANGELOG.md#v1230-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamquery`: [v1.17.0](service/timestreamquery/CHANGELOG.md#v1170-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/timestreamwrite`: [v1.19.0](service/timestreamwrite/CHANGELOG.md#v1190-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/tnb`: [v1.3.0](service/tnb/CHANGELOG.md#v130-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/transcribestreaming`: [v1.11.0](service/transcribestreaming/CHANGELOG.md#v1110-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/voiceid`: [v1.15.0](service/voiceid/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/waf`: [v1.14.0](service/waf/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/wafregional`: [v1.15.0](service/wafregional/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workdocs`: [v1.16.0](service/workdocs/CHANGELOG.md#v1160-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/worklink`: [v1.15.0](service/worklink/CHANGELOG.md#v1150-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* `github.com/aws/aws-sdk-go-v2/service/workmail`: [v1.20.0](service/workmail/CHANGELOG.md#v1200-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+  * **Feature**: This release includes four new APIs UpdateUser, UpdateGroup, ListGroupsForEntity and DescribeEntity, along with RemoteUsers and some enhancements to existing APIs.
+* `github.com/aws/aws-sdk-go-v2/service/workmailmessageflow`: [v1.14.0](service/workmailmessageflow/CHANGELOG.md#v1140-2023-09-18)
+  * **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+
+# Release (2023-09-15)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.24.0](service/appstream/CHANGELOG.md#v1240-2023-09-15)
+  * **Feature**: This release introduces app block builder, allowing customers to provision a resource to package applications into an app block
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.67.0](service/connect/CHANGELOG.md#v1670-2023-09-15)
+  * **Feature**: New rule type (OnMetricDataUpdate) has been added
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.1](service/datasync/CHANGELOG.md#v1291-2023-09-15)
+  * **Documentation**: Documentation-only updates for AWS DataSync.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.106.0](service/sagemaker/CHANGELOG.md#v11060-2023-09-15)
+  * **Feature**: This release introduces Skip Model Validation for Model Packages
+
+# Release (2023-09-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.23.0](service/appstream/CHANGELOG.md#v1230-2023-09-14)
+  * **Feature**: This release introduces multi-session fleets, allowing customers to provision more than one user session on a single fleet instance.
+* `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.34.6](service/cloudformation/CHANGELOG.md#v1346-2023-09-14)
+  * **Documentation**: Documentation updates for AWS CloudFormation
+* `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.2.0](service/entityresolution/CHANGELOG.md#v120-2023-09-14)
+  * **Feature**: Changed "ResolutionTechniques" and "MappedInputFields" in workflow and schema mapping operations to be required fields.
+* `github.com/aws/aws-sdk-go-v2/service/lookoutequipment`: [v1.19.0](service/lookoutequipment/CHANGELOG.md#v1190-2023-09-14)
+  * **Feature**: This release adds APIs for the new scheduled retraining feature.
+
+# Release (2023-09-13)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.8](service/cloud9/CHANGELOG.md#v1188-2023-09-13)
+  * **Documentation**: Update to include information on Ubuntu 18 deprecation.
+* `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.16.0](service/drs/CHANGELOG.md#v1160-2023-09-13)
+  * **Feature**: Updated existing APIs and added new ones to support using AWS Elastic Disaster Recovery post-launch actions. Added support for new regions.
+* `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.18.0](service/firehose/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: DocumentIdOptions has been added for the Amazon OpenSearch destination.
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.27.0](service/guardduty/CHANGELOG.md#v1270-2023-09-13)
+  * **Feature**: Add `managementType` field to ListCoverage API response.
+* `github.com/aws/aws-sdk-go-v2/service/internetmonitor`: [v1.6.0](service/internetmonitor/CHANGELOG.md#v160-2023-09-13)
+  * **Feature**: This release updates the Amazon CloudWatch Internet Monitor API domain name.
+* `github.com/aws/aws-sdk-go-v2/service/ivsrealtime`: [v1.4.4](service/ivsrealtime/CHANGELOG.md#v144-2023-09-13)
+  * **Documentation**: Doc only update that changes description for ParticipantToken.
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.1](service/simspaceweaver/CHANGELOG.md#v151-2023-09-13)
+  * **Documentation**: Edited the introductory text for the API reference.
+* `github.com/aws/aws-sdk-go-v2/service/xray`: [v1.18.0](service/xray/CHANGELOG.md#v1180-2023-09-13)
+  * **Feature**: Add StartTime field in GetTraceSummaries API response for each TraceSummary.
+
+# Release (2023-09-12)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.118.0](service/ec2/CHANGELOG.md#v11180-2023-09-12)
+  * **Feature**: This release adds support for restricting public sharing of AMIs through AMI Block Public Access
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.22.0](service/eventbridge/CHANGELOG.md#v1220-2023-09-12)
+  * **Feature**: Adds sensitive trait to various shapes in Jetstream Connections API model.
+* `github.com/aws/aws-sdk-go-v2/service/kendra`: [v1.43.0](service/kendra/CHANGELOG.md#v1430-2023-09-12)
+  * **Feature**: Amazon Kendra now supports confidence score buckets for retrieved passage results using the Retrieve API.
+
+# Release (2023-09-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ecr`: [v1.20.0](service/ecr/CHANGELOG.md#v1200-2023-09-11)
+  * **Feature**: This release will have ValidationException be thrown from ECR LifecyclePolicy APIs in regions LifecyclePolicy is not supported, this includes existing Amazon Dedicated Cloud (ADC) regions. This release will also change Tag: TagValue and Tag: TagKey to required.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.37.0](service/medialive/CHANGELOG.md#v1370-2023-09-11)
+  * **Feature**: AWS Elemental Link now supports attaching a Link UHD device to a MediaConnect flow.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.43.0](service/quicksight/CHANGELOG.md#v1430-2023-09-11)
+  * **Feature**: This release launches new updates to QuickSight KPI visuals - support for sparklines, new templated layout and new targets for conditional formatting rules.
+
+# Release (2023-09-08)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.6](service/fsx/CHANGELOG.md#v1326-2023-09-08)
+  * **Documentation**: Amazon FSx documentation fixes
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.105.0](service/sagemaker/CHANGELOG.md#v11050-2023-09-08)
+  * **Feature**: Autopilot APIs will now support holiday featurization for Timeseries models. The models will now hold holiday metadata and should be able to accommodate holiday effect during inference.
+* `github.com/aws/aws-sdk-go-v2/service/ssoadmin`: [v1.18.0](service/ssoadmin/CHANGELOG.md#v1180-2023-09-08)
+  * **Feature**: Content updates to IAM Identity Center API for China Regions.
+* `github.com/aws/aws-sdk-go-v2/service/workspaces`: [v1.30.0](service/workspaces/CHANGELOG.md#v1300-2023-09-08)
+  * **Feature**: A new field "ErrorDetails" will be added to the output of "DescribeWorkspaceImages" API call. This field provides in-depth details about the error occurred during image import process. These details include the possible causes of the errors and troubleshooting information.
+
+# Release (2023-09-07)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.36.2](service/securityhub/CHANGELOG.md#v1362-2023-09-07)
+  * **Documentation**: Documentation updates for AWS Security Hub
+* `github.com/aws/aws-sdk-go-v2/service/simspaceweaver`: [v1.5.0](service/simspaceweaver/CHANGELOG.md#v150-2023-09-07)
+  * **Feature**: BucketName and ObjectKey are now required for the S3Location data type. BucketName is now required for the S3Destination data type.
+
+# Release (2023-09-06)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.35.0](service/appflow/CHANGELOG.md#v1350-2023-09-06)
+  * **Feature**: Adding OAuth2.0 support for servicenow connector.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.117.0](service/ec2/CHANGELOG.md#v11170-2023-09-06)
+  * **Feature**: This release adds 'outpost' location type to the DescribeInstanceTypeOfferings API, allowing customers that have been allowlisted for outpost to query their offerings in the API.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.4](service/elasticloadbalancingv2/CHANGELOG.md#v1214-2023-09-06)
+  * **Documentation**: This release enables default UDP connection termination and disabling unhealthy target connection termination for Network Load Balancers.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.36.0](service/medialive/CHANGELOG.md#v1360-2023-09-06)
+  * **Feature**: Adds advanced Output Locking options for Epoch Locking: Custom Epoch and Jam Sync Time
+* `github.com/aws/aws-sdk-go-v2/service/wafv2`: [v1.38.0](service/wafv2/CHANGELOG.md#v1380-2023-09-06)
+  * **Feature**: The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API.
+
+# Release (2023-09-05)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.9.0](service/billingconductor/CHANGELOG.md#v190-2023-09-05)
+  * **Feature**: This release adds support for line item filtering in for the custom line item resource.
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.7](service/cloud9/CHANGELOG.md#v1187-2023-09-05)
+  * **Documentation**: Added support for Ubuntu 22.04 that was not picked up in a previous Trebuchet request. Doc-only update.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.27.0](service/computeoptimizer/CHANGELOG.md#v1270-2023-09-05)
+  * **Feature**: This release adds support to provide recommendations for G4dn and P3 instances that use NVIDIA GPUs.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.116.0](service/ec2/CHANGELOG.md#v11160-2023-09-05)
+  * **Feature**: Introducing Amazon EC2 C7gd, M7gd, and R7gd Instances with up to 3.8 TB of local NVMe-based SSD block-level storage. These instances are powered by AWS Graviton3 processors, delivering up to 25% better performance over Graviton2-based instances.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.1](service/ecs/CHANGELOG.md#v1301-2023-09-05)
+  * **Documentation**: Documentation only update for Amazon ECS.
+* `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.21.0](service/eventbridge/CHANGELOG.md#v1210-2023-09-05)
+  * **Feature**: Improve Endpoint Ruleset test coverage.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.54.0](service/rds/CHANGELOG.md#v1540-2023-09-05)
+  * **Feature**: Add support for feature integration with AWS Backup.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.104.0](service/sagemaker/CHANGELOG.md#v11040-2023-09-05)
+  * **Feature**: SageMaker Neo now supports data input shape derivation for Pytorch 2.0  and XGBoost compilation job for cloud instance targets. You can skip DataInputConfig field during compilation job creation. You can also access derived information from model in DescribeCompilationJob response.
+* `github.com/aws/aws-sdk-go-v2/service/vpclattice`: [v1.2.0](service/vpclattice/CHANGELOG.md#v120-2023-09-05)
+  * **Feature**: This release adds Lambda event structure version config support for LAMBDA target groups. It also adds newline support for auth policies.
+
+# Release (2023-09-01)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.8.0](service/chimesdkmediapipelines/CHANGELOG.md#v180-2023-09-01)
+  * **Feature**: This release adds support for the Voice Analytics feature for customer-owned KVS streams as part of the Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.66.0](service/connect/CHANGELOG.md#v1660-2023-09-01)
+  * **Feature**: Amazon Connect adds the ability to read, create, update, delete, and list view resources, and adds the ability to read, create, delete, and list view versions.
+* `github.com/aws/aws-sdk-go-v2/service/identitystore`: [v1.18.0](service/identitystore/CHANGELOG.md#v1180-2023-09-01)
+  * **Feature**: New Identity Store content for China Region launch
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.1](service/neptunedata/CHANGELOG.md#v101-2023-09-01)
+  * **Documentation**: Removed the descriptive text in the introduction.
+
+# Release (2023-08-31)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.7.0](service/chimesdkmediapipelines/CHANGELOG.md#v170-2023-08-31)
+  * **Feature**: This release adds support for feature Voice Enhancement for Call Recording as part of Amazon Chime SDK call analytics.
+* `github.com/aws/aws-sdk-go-v2/service/cloudhsm`: [v1.15.0](service/cloudhsm/CHANGELOG.md#v1150-2023-08-31)
+  * **Feature**: Deprecating CloudHSM Classic API Service.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.17.0](service/cloudwatchevents/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Documentation updates for CloudWatch Events.
+* `github.com/aws/aws-sdk-go-v2/service/connectcampaigns`: [v1.4.0](service/connectcampaigns/CHANGELOG.md#v140-2023-08-31)
+  * **Feature**: Amazon Connect outbound campaigns has launched agentless dialing mode which enables customers to make automated outbound calls without agent engagement. This release updates three of the campaign management API's to support the new agentless dialing mode and the new dialing capacity field.
+* `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.17.0](service/connectparticipant/CHANGELOG.md#v1170-2023-08-31)
+  * **Feature**: Amazon Connect Participant Service adds the ability to get a view resource using a view token, which is provided in a participant message, with the release of the DescribeView API.
+* `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.28.0](service/customerprofiles/CHANGELOG.md#v1280-2023-08-31)
+  * **Feature**: Adds sensitive trait to various shapes in Customer Profiles API model.
+* `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.30.0](service/ecs/CHANGELOG.md#v1300-2023-08-31)
+  * **Feature**: This release adds support for an account-level setting that you can use to configure the number of days for AWS Fargate task retirement.
+* `github.com/aws/aws-sdk-go-v2/service/health`: [v1.19.0](service/health/CHANGELOG.md#v1190-2023-08-31)
+  * **Feature**: Adds new API DescribeEntityAggregatesForOrganization that retrieves entity aggregates across your organization. Also adds support for resource status filtering in DescribeAffectedEntitiesForOrganization, resource status aggregates in the DescribeEntityAggregates response, and new resource statuses.
+* `github.com/aws/aws-sdk-go-v2/service/ivs`: [v1.26.0](service/ivs/CHANGELOG.md#v1260-2023-08-31)
+  * **Feature**: Updated "type" description for CreateChannel, UpdateChannel, Channel, and ChannelSummary.
+* `github.com/aws/aws-sdk-go-v2/service/kafkaconnect`: [v1.11.0](service/kafkaconnect/CHANGELOG.md#v1110-2023-08-31)
+  * **Feature**: Minor model changes for Kafka Connect as well as endpoint updates.
+* `github.com/aws/aws-sdk-go-v2/service/paymentcryptographydata`: [v1.2.0](service/paymentcryptographydata/CHANGELOG.md#v120-2023-08-31)
+  * **Feature**: Make KeyCheckValue field optional when using asymmetric keys as Key Check Values typically only apply to symmetric keys
+* `github.com/aws/aws-sdk-go-v2/service/sagemakerruntime`: [v1.21.0](service/sagemakerruntime/CHANGELOG.md#v1210-2023-08-31)
+  * **Feature**: This release adds a new InvokeEndpointWithResponseStream API to support streaming of model responses.
+
+# Release (2023-08-30)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.34.0](service/appflow/CHANGELOG.md#v1340-2023-08-30)
+  * **Feature**: Add SAP source connector parallel and pagination feature
+* `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.19.0](service/apprunner/CHANGELOG.md#v1190-2023-08-30)
+  * **Feature**: App Runner adds support for Bitbucket. You can now create App Runner connection that connects to your Bitbucket repositories and deploy App Runner service with the source code stored in a Bitbucket repository.
+* `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.4.0](service/cleanrooms/CHANGELOG.md#v140-2023-08-30)
+  * **Feature**: This release decouples member abilities in a collaboration. With this change, the member who can run queries no longer needs to be the same as the member who can receive results.
+* `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.29.0](service/datasync/CHANGELOG.md#v1290-2023-08-30)
+  * **Feature**: AWS DataSync introduces Task Reports, a new feature that provides detailed reports of data transfer operations for each task execution.
+* `github.com/aws/aws-sdk-go-v2/service/neptunedata`: [v1.0.0](service/neptunedata/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: Allows customers to execute data plane actions like bulk loading graphs, issuing graph queries using Gremlin and openCypher directly from the SDK.
+* `github.com/aws/aws-sdk-go-v2/service/networkfirewall`: [v1.30.0](service/networkfirewall/CHANGELOG.md#v1300-2023-08-30)
+  * **Feature**: Network Firewall increasing pagination token string length
+* `github.com/aws/aws-sdk-go-v2/service/pcaconnectorad`: [v1.0.0](service/pcaconnectorad/CHANGELOG.md#v100-2023-08-30)
+  * **Release**: New AWS service client module
+  * **Feature**: The Connector for AD allows you to use a fully-managed AWS Private CA as a drop-in replacement for your self-managed enterprise CAs without local agents or proxy servers. Enterprises that use AD to manage Windows environments can reduce their private certificate authority (CA) costs and complexity.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.103.0](service/sagemaker/CHANGELOG.md#v11030-2023-08-30)
+  * **Feature**: Amazon SageMaker Canvas adds IdentityProviderOAuthSettings support for CanvasAppSettings
+
+# Release (2023-08-29)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.26.0](service/cognitoidentityprovider/CHANGELOG.md#v1260-2023-08-29)
+  * **Feature**: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.5](service/fsx/CHANGELOG.md#v1325-2023-08-29)
+  * **Documentation**: Documentation updates for project quotas.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.9.0](service/omics/CHANGELOG.md#v190-2023-08-29)
+  * **Feature**: Add RetentionMode support for Runs.
+* `github.com/aws/aws-sdk-go-v2/service/sesv2`: [v1.20.0](service/sesv2/CHANGELOG.md#v1200-2023-08-29)
+  * **Feature**: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.
+
+# Release (2023-08-28)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.25.0](service/backup/CHANGELOG.md#v1250-2023-08-28)
+  * **Feature**: Add support for customizing time zone for backup window in backup plan rules.
+* `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.26.0](service/computeoptimizer/CHANGELOG.md#v1260-2023-08-28)
+  * **Feature**: This release enables AWS Compute Optimizer to analyze and generate licensing optimization recommendations for sql server running on EC2 instances.
+* `github.com/aws/aws-sdk-go-v2/service/organizations`: [v1.20.6](service/organizations/CHANGELOG.md#v1206-2023-08-28)
+  * **Documentation**: Documentation updates for permissions and links.
+* `github.com/aws/aws-sdk-go-v2/service/securitylake`: [v1.7.0](service/securitylake/CHANGELOG.md#v170-2023-08-28)
+  * **Feature**: Remove incorrect regex enforcement on pagination tokens.
+* `github.com/aws/aws-sdk-go-v2/service/servicequotas`: [v1.16.0](service/servicequotas/CHANGELOG.md#v1160-2023-08-28)
+  * **Feature**: Service Quotas now supports viewing the applied quota value and requesting a quota increase for a specific resource in an AWS account.
+* `github.com/aws/aws-sdk-go-v2/service/workspacesweb`: [v1.12.0](service/workspacesweb/CHANGELOG.md#v1120-2023-08-28)
+  * **Feature**: WorkSpaces Web now enables Admins to configure which cookies are synchronized from an end-user's local browser to the in-session browser. In conjunction with a browser extension, this feature enables enhanced Single-Sign On capability by reducing the number of times an end-user has to authenticate.
+
+# Release (2023-08-25)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.29.0](service/cloudtrail/CHANGELOG.md#v1290-2023-08-25)
+  * **Feature**: Add ThrottlingException with error code 429 to handle CloudTrail Delegated Admin request rate exceeded on organization resources.
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.27.7](service/cloudwatch/CHANGELOG.md#v1277-2023-08-25)
+  * **Documentation**: Doc-only update to get doc bug fixes into the SDK docs
+
+# Release (2023-08-24)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.115.0](service/ec2/CHANGELOG.md#v11150-2023-08-24)
+  * **Feature**: Amazon EC2 M7a instances, powered by 4th generation AMD EPYC processors, deliver up to 50% higher performance compared to M6a instances. Amazon EC2 Hpc7a instances, powered by 4th Gen AMD EPYC processors, deliver up to 2.5x better performance compared to Amazon EC2 Hpc6a instances.
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.62.0](service/glue/CHANGELOG.md#v1620-2023-08-24)
+  * **Feature**: Added API attributes that help in the monitoring of sessions.
+* `github.com/aws/aws-sdk-go-v2/service/mediaconvert`: [v1.41.0](service/mediaconvert/CHANGELOG.md#v1410-2023-08-24)
+  * **Feature**: This release includes additional audio channel tags in Quicktime outputs, support for film grain synthesis for AV1 outputs, ability to create audio-only FLAC outputs, and ability to specify Amazon S3 destination storage class.
+* `github.com/aws/aws-sdk-go-v2/service/medialive`: [v1.35.0](service/medialive/CHANGELOG.md#v1350-2023-08-24)
+  * **Feature**: MediaLive now supports passthrough of KLV data to a HLS output group with a TS container. MediaLive now supports setting an attenuation mode for AC3 audio when the coding mode is 3/2 LFE. MediaLive now supports specifying whether to include filler NAL units in RTMP output group settings.
+* `github.com/aws/aws-sdk-go-v2/service/mediatailor`: [v1.27.0](service/mediatailor/CHANGELOG.md#v1270-2023-08-24)
+  * **Feature**: Adds new source location AUTODETECT_SIGV4 access type.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.42.0](service/quicksight/CHANGELOG.md#v1420-2023-08-24)
+  * **Feature**: Excel support in Snapshot Export APIs. Removed Required trait for some insight Computations. Namespace-shared Folders support. Global Filters support. Table pin Column support.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.53.0](service/rds/CHANGELOG.md#v1530-2023-08-24)
+  * **Feature**: This release updates the supported versions for Percona XtraBackup in Aurora MySQL.
+* `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.33.0](service/s3control/CHANGELOG.md#v1330-2023-08-24)
+  * **Feature**: Updates to endpoint ruleset tests to address Smithy validation issues and standardize the capitalization of DualStack.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.1](service/verifiedpermissions/CHANGELOG.md#v121-2023-08-24)
+  * **Documentation**: Documentation updates for Amazon Verified Permissions.
+
+# Release (2023-08-23)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.18.0](service/apigateway/CHANGELOG.md#v1180-2023-08-23)
+  * **Feature**: This release adds RootResourceId to GetRestApi response.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.31.0](service/polly/CHANGELOG.md#v1310-2023-08-23)
+  * **Feature**: Amazon Polly adds 1 new voice - Zayd (ar-AE)
+
+# Release (2023-08-22)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.28.0](service/costexplorer/CHANGELOG.md#v1280-2023-08-22)
+  * **Feature**: This release adds the LastUpdatedDate and LastUsedDate timestamps to help you manage your cost allocation tags.
+* `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.17.7](service/globalaccelerator/CHANGELOG.md#v1177-2023-08-22)
+  * **Documentation**: Global Accelerator now supports Client Ip Preservation for Network Load Balancer endpoints.
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.52.0](service/rds/CHANGELOG.md#v1520-2023-08-22)
+  * **Feature**: Adding parameters to CreateCustomDbEngineVersion reserved for future use.
+* `github.com/aws/aws-sdk-go-v2/service/verifiedpermissions`: [v1.2.0](service/verifiedpermissions/CHANGELOG.md#v120-2023-08-22)
+  * **Feature**: Documentation updates for Amazon Verified Permissions. Increases max results per page for ListPolicyStores, ListPolicies, and ListPolicyTemplates APIs from 20 to 50.
+
+# Release (2023-08-21)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.21.0
+  * **Feature**: Add support for polly SynthesizeSpeech GET request presigner
+* `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.18.6](service/cloud9/CHANGELOG.md#v1186-2023-08-21)
+  * **Documentation**: Doc only update to add Ubuntu 22.04 as an Image ID option for Cloud9
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.114.0](service/ec2/CHANGELOG.md#v11140-2023-08-21)
+  * **Feature**: The DeleteKeyPair API has been updated to return the keyPairId when an existing key pair is deleted.
+* `github.com/aws/aws-sdk-go-v2/service/finspace`: [v1.12.0](service/finspace/CHANGELOG.md#v1120-2023-08-21)
+  * **Feature**: Allow customers to manage outbound traffic from their Kx Environment when attaching a transit gateway by providing network acl entries. Allow the customer to choose how they want to update the databases on a cluster allowing updates to possibly be faster than usual.
+* `github.com/aws/aws-sdk-go-v2/service/polly`: [v1.30.0](service/polly/CHANGELOG.md#v1300-2023-08-21)
+  * **Feature**: Add support for polly SynthesizeSpeech GET request presigner
+* `github.com/aws/aws-sdk-go-v2/service/rds`: [v1.51.0](service/rds/CHANGELOG.md#v1510-2023-08-21)
+  * **Feature**: Adding support for RDS Aurora Global Database Unplanned Failover
+* `github.com/aws/aws-sdk-go-v2/service/route53domains`: [v1.17.3](service/route53domains/CHANGELOG.md#v1173-2023-08-21)
+  * **Documentation**: Fixed typos in description fields
+
+# Release (2023-08-18)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/codecommit`: [v1.16.0](service/codecommit/CHANGELOG.md#v1160-2023-08-18)
+  * **Feature**: Add new ListFileCommitHistory operation to retrieve commits which introduced changes to a specific file.
+* `github.com/aws/aws-sdk-go-v2/service/securityhub`: [v1.36.0](service/securityhub/CHANGELOG.md#v1360-2023-08-18)
+  * **Feature**: Added Inspector Lambda code Vulnerability section to ASFF, including GeneratorDetails, EpssScore, ExploitAvailable, and CodeVulnerabilities.
+
+# Release (2023-08-17)
+
+## General Highlights
+* **Dependency Update**: Updated to the latest SDK module versions
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2`: v1.20.2
+  * **Bug Fix**: Sign `X-Amz-Server-Side-Encryption-Context` header to fix signing for PutObject requests that set `SSEKMSEncryptionContext`.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.113.0](service/ec2/CHANGELOG.md#v11130-2023-08-17)
+  * **Feature**: Adds support for SubnetConfigurations to allow users to select their own IPv4 and IPv6 addresses for Interface VPC endpoints
+* `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.22.0](service/gamelift/CHANGELOG.md#v1220-2023-08-17)
+  * **Feature**: Amazon GameLift updates its instance types support.
+* `github.com/aws/aws-sdk-go-v2/service/s3control`: [v1.32.3](service/s3control/CHANGELOG.md#v1323-2023-08-17)
+  * **Announcement**: BREAKFIX: corrected function spelling in environment config from GetS3DisableMultRegionAccessPoints to GetS3DisableMultiRegionAccessPoints
+  * **Bug Fix**: Adds DisableMRAP option to config loader, and DisableMRAP client resolver to achieve parity with other S3 options in the config loader. Additionally, added breakfix to correct spelling.
+
+# Release (2023-08-16)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.27.3](service/cloudwatch/CHANGELOG.md#v1273-2023-08-16)
+  * **Documentation**: Doc-only update to incorporate several doc bug fixes
+
+# Release (2023-08-15)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings`: [v1.17.0](service/chimesdkmeetings/CHANGELOG.md#v1170-2023-08-15)
+  * **Feature**: Updated API documentation to include additional exceptions.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.112.0](service/ec2/CHANGELOG.md#v11120-2023-08-15)
+  * **Feature**: Documentation updates for Elastic Compute Cloud (EC2).
+* `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.61.0](service/glue/CHANGELOG.md#v1610-2023-08-15)
+  * **Feature**: AWS Glue Crawlers can now accept SerDe overrides from a custom csv classifier. The two SerDe options are LazySimpleSerDe and OpenCSVSerDe. In case, the user wants crawler to do the selection, "None" can be selected for this purpose.
+* `github.com/aws/aws-sdk-go-v2/service/pi`: [v1.19.0](service/pi/CHANGELOG.md#v1190-2023-08-15)
+  * **Feature**: AWS Performance Insights for Amazon RDS is launching Performance Analysis On Demand, a new feature that allows you to analyze database performance metrics and find out the performance issues. You can now use SDK to create, list, get, delete, and manage tags of performance analysis reports.
+* `github.com/aws/aws-sdk-go-v2/service/route53domains`: [v1.17.0](service/route53domains/CHANGELOG.md#v1170-2023-08-15)
+  * **Feature**: Provide explanation if CheckDomainTransferability return false. Provide requestId if a request is already submitted.  Add sensitive protection for customer information
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.102.0](service/sagemaker/CHANGELOG.md#v11020-2023-08-15)
+  * **Feature**: SageMaker Inference Recommender now provides SupportedResponseMIMETypes from DescribeInferenceRecommendationsJob response
+
+# Release (2023-08-14)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/mediapackage`: [v1.23.0](service/mediapackage/CHANGELOG.md#v1230-2023-08-14)
+  * **Feature**: Fix SDK logging of certain fields.
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.8.0](service/omics/CHANGELOG.md#v180-2023-08-14)
+  * **Feature**: This release provides support for annotation store versioning and cross account sharing for Omics Analytics
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.4](service/transfer/CHANGELOG.md#v1334-2023-08-14)
+  * **Documentation**: Documentation updates for AWS Transfer Family
+
+# Release (2023-08-11)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/amplifybackend`: [v1.16.0](service/amplifybackend/CHANGELOG.md#v1160-2023-08-11)
+  * **Feature**: Adds sensitive trait to required input shapes.
+* `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.36.0](service/configservice/CHANGELOG.md#v1360-2023-08-11)
+  * **Feature**: Updated ResourceType enum with new resource types onboarded by AWS Config in July 2023.
+* `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.111.0](service/ec2/CHANGELOG.md#v11110-2023-08-11)
+  * **Feature**: Amazon EC2 P5 instances, powered by the latest NVIDIA H100 Tensor Core GPUs, deliver the highest performance in EC2 for deep learning (DL) and HPC applications. M7i-flex and M7i instances are next-generation general purpose instances powered by custom 4th Generation Intel Xeon Scalable processors.
+* `github.com/aws/aws-sdk-go-v2/service/quicksight`: [v1.41.0](service/quicksight/CHANGELOG.md#v1410-2023-08-11)
+  * **Feature**: New Authentication method for Account subscription - IAM Identity Center. Hierarchy layout support, default column width support and related style properties for pivot table visuals. Non-additive topic field aggregations for Topic API
+* `github.com/aws/aws-sdk-go-v2/service/ses`: [v1.16.3](service/ses/CHANGELOG.md#v1163-2023-08-11)
+  * **Documentation**: Doc only updates to include: 1) Clarified which part of an email address where it's okay to have Punycode when it contains non-ASCII characters for the SendRawEmail action and other actions where this is applicable. 2) Updated S3Action description with new MB max bucket size from 30 to 40.
+* `github.com/aws/aws-sdk-go-v2/service/swf`: [v1.17.0](service/swf/CHANGELOG.md#v1170-2023-08-11)
+  * **Feature**: This release adds new API parameters to override workflow task list for workflow executions.
+
+# Release (2023-08-10)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.28.3](service/cloudtrail/CHANGELOG.md#v1283-2023-08-10)
+  * **Documentation**: Documentation updates for CloudTrail.
+* `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.65.0](service/connect/CHANGELOG.md#v1650-2023-08-10)
+  * **Feature**: This release adds APIs to provision agents that are global / available in multiple AWS regions and distribute them across these regions by percentage.
+* `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.21.0](service/elasticloadbalancingv2/CHANGELOG.md#v1210-2023-08-10)
+  * **Feature**: This release enables configuring security groups for Network Load Balancers
+* `github.com/aws/aws-sdk-go-v2/service/omics`: [v1.7.0](service/omics/CHANGELOG.md#v170-2023-08-10)
+  * **Feature**: This release adds instanceType to GetRunTask & ListRunTasks responses.
+* `github.com/aws/aws-sdk-go-v2/service/secretsmanager`: [v1.21.0](service/secretsmanager/CHANGELOG.md#v1210-2023-08-10)
+  * **Feature**: Add additional InvalidRequestException to list of possible exceptions for ListSecret.
+* `github.com/aws/aws-sdk-go-v2/service/transfer`: [v1.33.3](service/transfer/CHANGELOG.md#v1333-2023-08-10)
+  * **Documentation**: Documentation updates for AW Transfer Family
+
+# Release (2023-08-09)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.8.0](service/chimesdkvoice/CHANGELOG.md#v180-2023-08-09)
+  * **Feature**: Updating CreatePhoneNumberOrder, UpdatePhoneNumber and BatchUpdatePhoneNumbers APIs, adding phone number name
+* `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.32.0](service/fsx/CHANGELOG.md#v1320-2023-08-09)
+  * **Feature**: For FSx for Lustre, add new data repository task type, RELEASE_DATA_FROM_FILESYSTEM, to release files that have been archived to S3. For FSx for Windows, enable support for configuring and updating SSD IOPS, and for updating storage type. For FSx for OpenZFS, add new deployment type, MULTI_AZ_1.
+* `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.17.3](service/globalaccelerator/CHANGELOG.md#v1173-2023-08-09)
+  * **Documentation**: Documentation update for dualstack EC2 endpoint support
+* `github.com/aws/aws-sdk-go-v2/service/guardduty`: [v1.26.0](service/guardduty/CHANGELOG.md#v1260-2023-08-09)
+  * **Feature**: Added autoEnable ALL to UpdateOrganizationConfiguration and DescribeOrganizationConfiguration APIs.
+* `github.com/aws/aws-sdk-go-v2/service/sagemaker`: [v1.101.0](service/sagemaker/CHANGELOG.md#v11010-2023-08-09)
+  * **Feature**: This release adds support for cross account access for SageMaker Model Cards through AWS RAM.
+
+# Release (2023-08-08)
+
+## Module Highlights
+* `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.24.0](service/backup/CHANGELOG.md#v1240-2023-08-08)
+  * **Feature**: This release introduces a new logically air-gapped vault (Preview) in AWS Backup that stores immutable backup copies, which are locked by default and isolated with encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure recovery of application data across accounts.
+* `github.com/aws/aws-sdk-go-v2/service/elasticache`: [v1.29.0](service/elasticache/CHANGELOG.md#v1290-2023-08-08)
+  * **Feature**: Added support for cluster mode in online migration and test migration API
+* `github.com/aws/aws-sdk-go-v2/service/servicecatalog`: [v1.21.0](service/servicecatalog/CHANGELOG.md#v1210-2023-08-08)
+  * **Feature**: Introduce support for HashiCorp Terraform Cloud in Service Catalog by addying TERRAFORM_CLOUD product type in CreateProduct and CreateProvisioningArtifact API.
+
 # Release (2023-08-07)
 
 ## General Highlights
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/Makefile b/vendor/github.com/aws/aws-sdk-go-v2/Makefile
index 996c13e1a..9dc36fe4e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/Makefile
+++ b/vendor/github.com/aws/aws-sdk-go-v2/Makefile
@@ -86,7 +86,10 @@ tidy-modules-. add-module-license-files gen-aws-ptrs format
 
 generate-tmpreplace-smithy: smithy-generate update-requires gen-repo-mod-replace update-module-metadata smithy-annotate-stable \
 gen-config-asserts gen-internal-codegen copy-attributevalue-feature gen-mod-replace-smithy-. min-go-version-. \
-tidy-modules-. add-module-license-files gen-aws-ptrs format gen-mod-dropreplace-smithy-.
+tidy-modules-. add-module-license-files gen-aws-ptrs format gen-mod-dropreplace-smithy-. reset-sum
+
+reset-sum:
+	find . -name go.sum -exec git checkout -- {} \;
 
 smithy-generate:
 	cd codegen && ./gradlew clean build -Plog-tests && ./gradlew clean
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
index c0af5602a..cd38b9280 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go
@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.20.1"
+const goModuleVersion = "1.21.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
index 6a99d4ea8..455b92515 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go
@@ -41,6 +41,12 @@ func (o *Object) Key(name string) Value {
 	return o.key(name, false)
 }
 
+// KeyWithValues adds the given named key to the Query object.
+// Returns a Value encoder that should be used to encode a Query list of values.
+func (o *Object) KeyWithValues(name string) Value {
+	return o.keyWithValues(name, false)
+}
+
 // FlatKey adds the given named key to the Query object.
 // Returns a Value encoder that should be used to encode a Query value type. The
 // value will be flattened if it is a map or array.
@@ -54,3 +60,10 @@ func (o *Object) key(name string, flatValue bool) Value {
 	}
 	return newValue(o.values, name, flatValue)
 }
+
+func (o *Object) keyWithValues(name string, flatValue bool) Value {
+	if o.prefix != "" {
+		return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+	}
+	return newAppendValue(o.values, name, flatValue)
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
index 302525ab1..a9251521f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go
@@ -27,6 +27,15 @@ func newValue(values url.Values, key string, flat bool) Value {
 	}
 }
 
+func newAppendValue(values url.Values, key string, flat bool) Value {
+	return Value{
+		values:     values,
+		key:        key,
+		flat:       flat,
+		queryValue: httpbinding.NewQueryValue(values, key, true),
+	}
+}
+
 func newBaseValue(values url.Values) Value {
 	return Value{
 		values:     values,
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
index 00d7d3eee..987affdde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go
@@ -97,11 +97,21 @@ func (r RetryableConnectionError) IsErrorRetryable(err error) aws.Ternary {
 	var netOpErr *net.OpError
 	var dnsError *net.DNSError
 
-	switch {
-	case errors.As(err, &dnsError):
+	if errors.As(err, &dnsError) {
 		// NXDOMAIN errors should not be retried
-		retryable = !dnsError.IsNotFound && dnsError.IsTemporary
+		if dnsError.IsNotFound {
+			return aws.BoolTernary(false)
+		}
+
+		// if !dnsError.Temporary(), error may or may not be temporary,
+		// (i.e. !Temporary() =/=> !retryable) so we should fall through to
+		// remaining checks
+		if dnsError.Temporary() {
+			return aws.BoolTernary(true)
+		}
+	}
 
+	switch {
 	case errors.As(err, &conErr) && conErr.ConnectionError():
 		retryable = true
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
index 64c4c4845..71b1a3521 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go
@@ -48,6 +48,7 @@ var RequiredSignedHeaders = Rules{
 			"X-Amz-Request-Payer":                                         struct{}{},
 			"X-Amz-Server-Side-Encryption":                                struct{}{},
 			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
+			"X-Amz-Server-Side-Encryption-Context":                        struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
 			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
index a3eb9b31f..4da5d09cb 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
+++ b/vendor/github.com/aws/aws-sdk-go-v2/ci-find-smithy-go.sh
@@ -10,8 +10,7 @@
 #  - feat-foo
 
 if [ -z "$SMITHY_GO_REPOSITORY" ]; then
-    echo env SMITHY_GO_REPOSITORY is required
-    exit 1
+    SMITHY_GO_REPOSITORY=aws/smithy-go
 fi
 
 if [ -z "$RUNNER_TMPDIR" ]; then
@@ -19,23 +18,30 @@ if [ -z "$RUNNER_TMPDIR" ]; then
     exit 1
 fi
 
-branch=`git branch --show-current`
+branch=$(git branch --show-current)
 if [ "$branch" == main ]; then
     echo aws-sdk-go-v2 is on branch main, stop
     exit 0
 fi
 
+# For PR workflows, only the triggering ref is checked out, which in isolation
+# is not recognized as a branch by git. Use the specific workflow env instead.
+if [ -z "$branch" ]; then
+    branch=$GITHUB_HEAD_REF
+fi
+
 if [ -n "$GIT_PAT" ]; then
     repository=https://$GIT_PAT@github.com/$SMITHY_GO_REPOSITORY
 else
     repository=https://github.com/$SMITHY_GO_REPOSITORY
 fi
 
+echo on branch \"$branch\"
 while [ -n "$branch" ] && [[ "$branch" == *-* ]]; do
-    echo looking for $branch...
-    git ls-remote --exit-code --heads $repository refs/heads/$branch
+    echo looking for "$branch"...
+    git ls-remote --exit-code --heads "$repository" refs/heads/"$branch"
     if [ "$?" == 0 ]; then
-        echo found $branch
+        echo found "$branch"
         matched_branch=$branch
         break
     fi
@@ -48,5 +54,5 @@ if [ -z "$matched_branch" ]; then
     exit 0
 fi
 
-git clone -b $matched_branch $repository $RUNNER_TMPDIR/smithy-go
+git clone -b "$matched_branch" "$repository" "$RUNNER_TMPDIR"/smithy-go
 SMITHY_GO_SRC=$RUNNER_TMPDIR/smithy-go make gen-mod-replace-smithy-.
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
index 5309131d2..a1ecda86f 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md
@@ -1,3 +1,62 @@
+# v1.19.1 (2023-10-24)
+
+* No change notes available for this release.
+
+# v1.19.0 (2023-10-16)
+
+* **Feature**: Modify logic of retrieving user agent appID from env config
+
+# v1.18.45 (2023-10-12)
+
+* **Bug Fix**: Fail to load config if an explicitly provided profile doesn't exist.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.43 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.42 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.41 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.40 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.39 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.38 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.37 (2023-08-23)
+
+* No change notes available for this release.
+
+# v1.18.36 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.35 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.18.34 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.18.33 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
index 138f8e76d..bf26eab9a 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/config.go
@@ -2,18 +2,11 @@ package config
 
 import (
 	"context"
+	"os"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
 )
 
-// defaultLoaders are a slice of functions that will read external configuration
-// sources for configuration values. These values are read by the AWSConfigResolvers
-// using interfaces to extract specific information from the external configuration.
-var defaultLoaders = []loader{
-	loadEnvConfig,
-	loadSharedConfigIgnoreNotExist,
-}
-
 // defaultAWSConfigResolvers are a slice of functions that will resolve external
 // configuration values into AWS configuration values.
 //
@@ -190,7 +183,7 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 	// assign Load Options to configs
 	var cfgCpy = configs{options}
 
-	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, defaultLoaders)
+	cfgCpy, err = cfgCpy.AppendFromLoaders(ctx, resolveConfigLoaders(&options))
 	if err != nil {
 		return aws.Config{}, err
 	}
@@ -202,3 +195,17 @@ func LoadDefaultConfig(ctx context.Context, optFns ...func(*LoadOptions) error)
 
 	return cfg, nil
 }
+
+func resolveConfigLoaders(options *LoadOptions) []loader {
+	loaders := make([]loader, 2)
+	loaders[0] = loadEnvConfig
+
+	// specification of a profile should cause a load failure if it doesn't exist
+	if os.Getenv(awsProfileEnvVar) != "" || options.SharedConfigProfile != "" {
+		loaders[1] = loadSharedConfig
+	} else {
+		loaders[1] = loadSharedConfigIgnoreNotExist
+	}
+
+	return loaders
+}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
index 18c8e0121..a142a45c5 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go
@@ -69,6 +69,7 @@ const (
 
 	awsRetryMaxAttempts = "AWS_MAX_ATTEMPTS"
 	awsRetryMode        = "AWS_RETRY_MODE"
+	awsSdkAppID         = "AWS_SDK_UA_APP_ID"
 )
 
 var (
@@ -248,6 +249,9 @@ type EnvConfig struct {
 	//
 	// aws_retry_mode=standard
 	RetryMode aws.RetryMode
+
+	// aws sdk app ID that can be added to user agent header string
+	AppID string
 }
 
 // loadEnvConfig reads configuration values from the OS's environment variables.
@@ -288,6 +292,8 @@ func NewEnvConfig() (EnvConfig, error) {
 	cfg.RoleARN = os.Getenv(awsRoleARNEnvVar)
 	cfg.RoleSessionName = os.Getenv(awsRoleSessionNameEnvVar)
 
+	cfg.AppID = os.Getenv(awsSdkAppID)
+
 	if err := setEndpointDiscoveryTypeFromEnvVal(&cfg.EnableEndpointDiscovery, []string{awsEnableEndpointDiscoveryEnvVar}); err != nil {
 		return cfg, err
 	}
@@ -335,6 +341,10 @@ func (c EnvConfig) getDefaultsMode(ctx context.Context) (aws.DefaultsMode, bool,
 	return c.DefaultsMode, true, nil
 }
 
+func (c EnvConfig) getAppID(context.Context) (string, bool, error) {
+	return c.AppID, len(c.AppID) > 0, nil
+}
+
 // GetRetryMaxAttempts returns the value of AWS_MAX_ATTEMPTS if was specified,
 // and not 0.
 func (c EnvConfig) GetRetryMaxAttempts(ctx context.Context) (int, bool, error) {
@@ -482,9 +492,9 @@ func (c EnvConfig) GetS3UseARNRegion(ctx context.Context) (value, ok bool, err e
 	return *c.S3UseARNRegion, true, nil
 }
 
-// GetS3DisableMultRegionAccessPoints returns whether to disable multi-region access point
+// GetS3DisableMultiRegionAccessPoints returns whether to disable multi-region access point
 // support for the S3 client.
-func (c EnvConfig) GetS3DisableMultRegionAccessPoints(ctx context.Context) (value, ok bool, err error) {
+func (c EnvConfig) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (value, ok bool, err error) {
 	if c.S3DisableMultiRegionAccessPoints == nil {
 		return false, false, nil
 	}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
index 34137c882..887131d08 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go
@@ -3,4 +3,4 @@
 package config
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.18.33"
+const goModuleVersion = "1.19.1"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
index d2280dae6..7480bb45e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go
@@ -172,6 +172,10 @@ type LoadOptions struct {
 	// the region, the client's requests are sent to.
 	S3UseARNRegion *bool
 
+	// S3DisableMultiRegionAccessPoints specifies if the S3 service should disable
+	// the S3 Multi-Region access points feature.
+	S3DisableMultiRegionAccessPoints *bool
+
 	// EnableEndpointDiscovery specifies if endpoint discovery is enable for
 	// the client.
 	EnableEndpointDiscovery aws.EndpointDiscoveryEnableState
@@ -876,6 +880,26 @@ func WithS3UseARNRegion(v bool) LoadOptionsFunc {
 	}
 }
 
+// GetS3DisableMultiRegionAccessPoints returns whether to disable
+// the S3 multi-region access points feature.
+func (o LoadOptions) GetS3DisableMultiRegionAccessPoints(ctx context.Context) (v bool, found bool, err error) {
+	if o.S3DisableMultiRegionAccessPoints == nil {
+		return false, false, nil
+	}
+	return *o.S3DisableMultiRegionAccessPoints, true, nil
+}
+
+// WithS3DisableMultiRegionAccessPoints is a helper function to construct functional options
+// that can be used to set S3DisableMultiRegionAccessPoints on LoadOptions.
+// If multiple WithS3DisableMultiRegionAccessPoints calls are made, the last call overrides
+// the previous call values.
+func WithS3DisableMultiRegionAccessPoints(v bool) LoadOptionsFunc {
+	return func(o *LoadOptions) error {
+		o.S3DisableMultiRegionAccessPoints = &v
+		return nil
+	}
+}
+
 // GetEnableEndpointDiscovery returns if the EnableEndpointDiscovery flag is set.
 func (o LoadOptions) GetEnableEndpointDiscovery(ctx context.Context) (value aws.EndpointDiscoveryEnableState, ok bool, err error) {
 	if o.EnableEndpointDiscovery == aws.EndpointDiscoveryUnset {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
index 69e54b77f..b05623515 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/provider.go
@@ -122,6 +122,26 @@ func getRegion(ctx context.Context, configs configs) (value string, found bool,
 	return
 }
 
+// IgnoreConfiguredEndpointsProvider is needed to search for all providers
+// that provide a flag to disable configured endpoints.
+type IgnoreConfiguredEndpointsProvider interface {
+	GetIgnoreConfiguredEndpoints(ctx context.Context) (bool, bool, error)
+}
+
+// GetIgnoreConfiguredEndpoints is used in knowing when to disable configured
+// endpoints feature.
+func GetIgnoreConfiguredEndpoints(ctx context.Context, configs []Config) (value bool, found bool, err error) {
+	for _, cfg := range configs {
+		if p, ok := cfg.(IgnoreConfiguredEndpointsProvider); ok {
+			value, found, err = p.GetIgnoreConfiguredEndpoints(ctx)
+			if err != nil || found {
+				break
+			}
+		}
+	}
+	return
+}
+
 // appIDProvider provides access to the sdk app ID value
 type appIDProvider interface {
 	getAppID(ctx context.Context) (string, bool, error)
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
index b03705350..1187e8c48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go
@@ -113,10 +113,6 @@ func resolveAppID(ctx context.Context, cfg *aws.Config, configs configs) error {
 		return err
 	}
 
-	// if app ID is set in env var, it should precedence shared config value
-	if appID := os.Getenv(`AWS_SDK_UA_APP_ID`); len(appID) > 0 {
-		ID = appID
-	}
 	cfg.AppID = ID
 	return nil
 }
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
index e699194d3..ae5ba7658 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go
@@ -740,6 +740,8 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			defaultsModeKey,
 			retryModeKey,
 			caBundleKey,
+			roleDurationSecondsKey,
+			retryMaxAttemptsKey,
 
 			ssoSessionNameKey,
 			ssoAccountIDKey,
@@ -753,16 +755,6 @@ func mergeSections(dst *ini.Sections, src ini.Sections) error {
 			}
 		}
 
-		intKeys := []string{
-			roleDurationSecondsKey,
-			retryMaxAttemptsKey,
-		}
-		for i := range intKeys {
-			if err := mergeIntKey(&srcSection, &dstSection, sectionName, intKeys[i]); err != nil {
-				return err
-			}
-		}
-
 		// set srcSection on dst srcSection
 		*dst = dst.SetSection(sectionName, dstSection)
 	}
@@ -789,26 +781,6 @@ func mergeStringKey(srcSection *ini.Section, dstSection *ini.Section, sectionNam
 	return nil
 }
 
-func mergeIntKey(srcSection *ini.Section, dstSection *ini.Section, sectionName, key string) error {
-	if srcSection.Has(key) {
-		srcValue := srcSection.Int(key)
-		v, err := ini.NewIntValue(srcValue)
-		if err != nil {
-			return fmt.Errorf("error merging %s, %w", key, err)
-		}
-
-		if dstSection.Has(key) {
-			dstSection.Logs = append(dstSection.Logs, newMergeKeyLogMessage(sectionName, key,
-				dstSection.SourceFile[key], srcSection.SourceFile[key]))
-
-		}
-
-		dstSection.UpdateValue(key, v)
-		dstSection.UpdateSourceFile(key, srcSection.SourceFile[key])
-	}
-	return nil
-}
-
 func newMergeKeyLogMessage(sectionName, key, dstSourceFile, srcSourceFile string) string {
 	return fmt.Sprintf("For profile: %v, overriding %v value, defined in %v "+
 		"with a %v value found in a duplicate profile defined at file %v. \n",
@@ -962,9 +934,16 @@ func (c *SharedConfig) setFromIniSection(profile string, section ini.Section) er
 	updateString(&c.SSOAccountID, section, ssoAccountIDKey)
 	updateString(&c.SSORoleName, section, ssoRoleNameKey)
 
+	// we're retaining a behavioral quirk with this field that existed before
+	// the removal of literal parsing for #2276:
+	//   - if the key is missing, the config field will not be set
+	//   - if the key is set to a non-numeric, the config field will be set to 0
 	if section.Has(roleDurationSecondsKey) {
-		d := time.Duration(section.Int(roleDurationSecondsKey)) * time.Second
-		c.RoleDurationSeconds = &d
+		if v, ok := section.Int(roleDurationSecondsKey); ok {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(v) * time.Second)
+		} else {
+			c.RoleDurationSeconds = aws.Duration(time.Duration(0))
+		}
 	}
 
 	updateString(&c.CredentialProcess, section, credentialProcessKey)
@@ -1314,12 +1293,13 @@ func updateInt(dst *int, section ini.Section, key string) error {
 	if !section.Has(key) {
 		return nil
 	}
-	if vt, _ := section.ValueType(key); vt != ini.IntegerType {
-		return fmt.Errorf("invalid value %s=%s, expect integer",
-			key, section.String(key))
 
+	v, ok := section.Int(key)
+	if !ok {
+		return fmt.Errorf("invalid value %s=%s, expect integer", key, section.String(key))
 	}
-	*dst = int(section.Int(key))
+
+	*dst = int(v)
 	return nil
 }
 
@@ -1329,7 +1309,10 @@ func updateBool(dst *bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
-	*dst = section.Bool(key)
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
+	*dst = v
 }
 
 // updateBoolPtr will only update the dst with the value in the section key,
@@ -1338,8 +1321,11 @@ func updateBoolPtr(dst **bool, section ini.Section, key string) {
 	if !section.Has(key) {
 		return
 	}
+
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	v, _ := section.Bool(key)
 	*dst = new(bool)
-	**dst = section.Bool(key)
+	**dst = v
 }
 
 // updateEndpointDiscoveryType will only update the dst with the value in the section, if
@@ -1371,7 +1357,8 @@ func updateUseDualStackEndpoint(dst *aws.DualStackEndpointState, section ini.Sec
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.DualStackEndpointStateEnabled
 	} else {
 		*dst = aws.DualStackEndpointStateDisabled
@@ -1387,7 +1374,8 @@ func updateUseFIPSEndpoint(dst *aws.FIPSEndpointState, section ini.Section, key
 		return
 	}
 
-	if section.Bool(key) {
+	// retains pre-#2276 behavior where non-bool value would resolve to false
+	if v, _ := section.Bool(key); v {
 		*dst = aws.FIPSEndpointStateEnabled
 	} else {
 		*dst = aws.FIPSEndpointStateDisabled
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
index 5c09f58b5..ed558d3b9 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md
@@ -1,3 +1,47 @@
+# v1.13.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.41 (2023-10-02)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.40 (2023-09-22)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.39 (2023-09-20)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.38 (2023-09-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.37 (2023-09-05)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.36 (2023-08-31)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.32 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
index 38bd167ac..5cf1064a6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go
@@ -3,4 +3,4 @@
 package credentials
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.32"
+const goModuleVersion = "1.13.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
index 0c3ea6eff..5605f42d6 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.13.13 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.12 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.11 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.10 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.9 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.8 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
index fb22bca68..ab96ef614 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go
@@ -3,4 +3,4 @@
 package imds
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.8"
+const goModuleVersion = "1.13.13"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
index 3c7fb90a4..efcbed2e7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.1.43 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.42 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.41 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.40 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.1.39 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.1.38 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
index acf968aa7..2eab5803b 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go
@@ -3,4 +3,4 @@
 package configsources
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.1.38"
+const goModuleVersion = "1.1.43"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
index 4e0c6f123..ab107ca55 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json
@@ -4,6 +4,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com",
       "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-east-1",
       "name" : "aws",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -103,6 +104,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com.cn",
       "dualStackDnsSuffix" : "api.amazonwebservices.com.cn",
+      "implicitGlobalRegion" : "cn-northwest-1",
       "name" : "aws-cn",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -124,6 +126,7 @@
     "outputs" : {
       "dnsSuffix" : "amazonaws.com",
       "dualStackDnsSuffix" : "api.aws",
+      "implicitGlobalRegion" : "us-gov-west-1",
       "name" : "aws-us-gov",
       "supportsDualStack" : true,
       "supportsFIPS" : true
@@ -145,6 +148,7 @@
     "outputs" : {
       "dnsSuffix" : "c2s.ic.gov",
       "dualStackDnsSuffix" : "c2s.ic.gov",
+      "implicitGlobalRegion" : "us-iso-east-1",
       "name" : "aws-iso",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -166,6 +170,7 @@
     "outputs" : {
       "dnsSuffix" : "sc2s.sgov.gov",
       "dualStackDnsSuffix" : "sc2s.sgov.gov",
+      "implicitGlobalRegion" : "us-isob-east-1",
       "name" : "aws-iso-b",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -184,6 +189,7 @@
     "outputs" : {
       "dnsSuffix" : "cloud.adc-e.uk",
       "dualStackDnsSuffix" : "cloud.adc-e.uk",
+      "implicitGlobalRegion" : "eu-isoe-west-1",
       "name" : "aws-iso-e",
       "supportsDualStack" : false,
       "supportsFIPS" : true
@@ -195,6 +201,7 @@
     "outputs" : {
       "dnsSuffix" : "csp.hci.ic.gov",
       "dualStackDnsSuffix" : "csp.hci.ic.gov",
+      "implicitGlobalRegion" : "us-isof-south-1",
       "name" : "aws-iso-f",
       "supportsDualStack" : false,
       "supportsFIPS" : true
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
index 0c49cf68b..bd830abea 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v2.4.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v2.4.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v2.4.32 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
index 06c328c97..085819076 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go
@@ -3,4 +3,4 @@
 package endpoints
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "2.4.32"
+const goModuleVersion = "2.4.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
index 16ff6332d..8aab66186 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md
@@ -1,3 +1,28 @@
+# v1.3.45 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.44 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.43 (2023-09-22)
+
+* **Bug Fix**: Fixed a bug where merging `max_attempts` or `duration_seconds` fields across shared config files with invalid values would silently default them to 0.
+* **Bug Fix**: Move type assertion of config values out of the parsing stage, which resolves an issue where the contents of a profile would silently be dropped with certain numeric formats.
+
+# v1.3.42 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.41 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.3.40 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.3.39 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
index b653c0513..f92dc23cc 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ini
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.3.39"
+const goModuleVersion = "1.3.45"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
index eca42d1b2..efcd2e6c7 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/literal_tokens.go
@@ -12,34 +12,6 @@ var (
 	runesFalse = []rune("false")
 )
 
-var literalValues = [][]rune{
-	runesTrue,
-	runesFalse,
-}
-
-func isBoolValue(b []rune) bool {
-	for _, lv := range literalValues {
-		if isCaselessLitValue(lv, b) {
-			return true
-		}
-	}
-	return false
-}
-
-func isLitValue(want, have []rune) bool {
-	if len(have) < len(want) {
-		return false
-	}
-
-	for i := 0; i < len(want); i++ {
-		if want[i] != have[i] {
-			return false
-		}
-	}
-
-	return true
-}
-
 // isCaselessLitValue is a caseless value comparison, assumes want is already lower-cased for efficiency.
 func isCaselessLitValue(want, have []rune) bool {
 	if len(have) < len(want) {
@@ -55,68 +27,6 @@ func isCaselessLitValue(want, have []rune) bool {
 	return true
 }
 
-// isNumberValue will return whether not the leading characters in
-// a byte slice is a number. A number is delimited by whitespace or
-// the newline token.
-//
-// A number is defined to be in a binary, octal, decimal (int | float), hex format,
-// or in scientific notation.
-func isNumberValue(b []rune) bool {
-	negativeIndex := 0
-	helper := numberHelper{}
-	needDigit := false
-
-	for i := 0; i < len(b); i++ {
-		negativeIndex++
-
-		switch b[i] {
-		case '-':
-			if helper.IsNegative() || negativeIndex != 1 {
-				return false
-			}
-			helper.Determine(b[i])
-			needDigit = true
-			continue
-		case 'e', 'E':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			negativeIndex = 0
-			needDigit = true
-			continue
-		case 'b':
-			if helper.numberFormat == hex {
-				break
-			}
-			fallthrough
-		case 'o', 'x':
-			needDigit = true
-			if i == 0 {
-				return false
-			}
-
-			fallthrough
-		case '.':
-			if err := helper.Determine(b[i]); err != nil {
-				return false
-			}
-			needDigit = true
-			continue
-		}
-
-		if i > 0 && (isNewline(b[i:]) || isWhitespace(b[i])) {
-			return !needDigit
-		}
-
-		if !helper.CorrectByte(b[i]) {
-			return false
-		}
-		needDigit = false
-	}
-
-	return !needDigit
-}
-
 func isValid(b []rune) (bool, int, error) {
 	if len(b) == 0 {
 		// TODO: should probably return an error
@@ -138,14 +48,8 @@ func (v ValueType) String() string {
 	switch v {
 	case NoneType:
 		return "NONE"
-	case DecimalType:
-		return "FLOAT"
-	case IntegerType:
-		return "INT"
 	case StringType:
 		return "STRING"
-	case BoolType:
-		return "BOOL"
 	}
 
 	return ""
@@ -154,11 +58,9 @@ func (v ValueType) String() string {
 // ValueType enums
 const (
 	NoneType = ValueType(iota)
-	DecimalType
-	IntegerType
 	StringType
 	QuotedStringType
-	BoolType
+	// FUTURE(2226) MapType
 )
 
 // Value is a union container
@@ -166,10 +68,8 @@ type Value struct {
 	Type ValueType
 	raw  []rune
 
-	integer int64
-	decimal float64
-	boolean bool
-	str     string
+	str string
+	// FUTURE(2226) mp map[string]string
 }
 
 func newValue(t ValueType, base int, raw []rune) (Value, error) {
@@ -177,36 +77,15 @@ func newValue(t ValueType, base int, raw []rune) (Value, error) {
 		Type: t,
 		raw:  raw,
 	}
-	var err error
 
 	switch t {
-	case DecimalType:
-		v.decimal, err = strconv.ParseFloat(string(raw), 64)
-	case IntegerType:
-		if base != 10 {
-			raw = raw[2:]
-		}
-
-		v.integer, err = strconv.ParseInt(string(raw), base, 64)
 	case StringType:
 		v.str = string(raw)
 	case QuotedStringType:
 		v.str = string(raw[1 : len(raw)-1])
-	case BoolType:
-		v.boolean = isCaselessLitValue(runesTrue, v.raw)
-	}
-
-	// issue 2253
-	//
-	// if the value trying to be parsed is too large, then we will use
-	// the 'StringType' and raw value instead.
-	if nerr, ok := err.(*strconv.NumError); ok && nerr.Err == strconv.ErrRange {
-		v.Type = StringType
-		v.str = string(raw)
-		err = nil
 	}
 
-	return v, err
+	return v, nil
 }
 
 // NewStringValue returns a Value type generated using a string input.
@@ -214,24 +93,12 @@ func NewStringValue(str string) (Value, error) {
 	return newValue(StringType, 10, []rune(str))
 }
 
-// NewIntValue returns a Value type generated using an int64 input.
-func NewIntValue(i int64) (Value, error) {
-	v := strconv.FormatInt(i, 10)
-	return newValue(IntegerType, 10, []rune(v))
-}
-
 func (v Value) String() string {
 	switch v.Type {
-	case DecimalType:
-		return fmt.Sprintf("decimal: %f", v.decimal)
-	case IntegerType:
-		return fmt.Sprintf("integer: %d", v.integer)
 	case StringType:
 		return fmt.Sprintf("string: %s", string(v.raw))
 	case QuotedStringType:
 		return fmt.Sprintf("quoted string: %s", string(v.raw))
-	case BoolType:
-		return fmt.Sprintf("bool: %t", v.boolean)
 	default:
 		return "union not set"
 	}
@@ -249,24 +116,6 @@ func newLitToken(b []rune) (Token, int, error) {
 		}
 
 		token = newToken(TokenLit, b[:n], QuotedStringType)
-	} else if isNumberValue(b) {
-		var base int
-		base, n, err = getNumericalValue(b)
-		if err != nil {
-			return token, 0, err
-		}
-
-		value := b[:n]
-		vType := IntegerType
-		if contains(value, '.') || hasExponent(value) {
-			vType = DecimalType
-		}
-		token = newToken(TokenLit, value, vType)
-		token.base = base
-	} else if isBoolValue(b) {
-		n, err = getBoolValue(b)
-
-		token = newToken(TokenLit, b[:n], BoolType)
 	} else {
 		n, err = getValue(b)
 		token = newToken(TokenLit, b[:n], StringType)
@@ -276,18 +125,33 @@ func newLitToken(b []rune) (Token, int, error) {
 }
 
 // IntValue returns an integer value
-func (v Value) IntValue() int64 {
-	return v.integer
+func (v Value) IntValue() (int64, bool) {
+	i, err := strconv.ParseInt(string(v.raw), 0, 64)
+	if err != nil {
+		return 0, false
+	}
+	return i, true
 }
 
 // FloatValue returns a float value
-func (v Value) FloatValue() float64 {
-	return v.decimal
+func (v Value) FloatValue() (float64, bool) {
+	f, err := strconv.ParseFloat(string(v.raw), 64)
+	if err != nil {
+		return 0, false
+	}
+	return f, true
 }
 
 // BoolValue returns a bool value
-func (v Value) BoolValue() bool {
-	return v.boolean
+func (v Value) BoolValue() (bool, bool) {
+	// we don't use ParseBool as it recognizes more than what we've
+	// historically supported
+	if isCaselessLitValue(runesTrue, v.raw) {
+		return true, true
+	} else if isCaselessLitValue(runesFalse, v.raw) {
+		return false, true
+	}
+	return false, false
 }
 
 func isTrimmable(r rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
deleted file mode 100644
index a45c0bc56..000000000
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/number_helper.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package ini
-
-import (
-	"bytes"
-	"fmt"
-	"strconv"
-)
-
-const (
-	none = numberFormat(iota)
-	binary
-	octal
-	decimal
-	hex
-	exponent
-)
-
-type numberFormat int
-
-// numberHelper is used to dictate what format a number is in
-// and what to do for negative values. Since -1e-4 is a valid
-// number, we cannot just simply check for duplicate negatives.
-type numberHelper struct {
-	numberFormat numberFormat
-
-	negative         bool
-	negativeExponent bool
-}
-
-func (b numberHelper) Exists() bool {
-	return b.numberFormat != none
-}
-
-func (b numberHelper) IsNegative() bool {
-	return b.negative || b.negativeExponent
-}
-
-func (b *numberHelper) Determine(c rune) error {
-	if b.Exists() {
-		return NewParseError(fmt.Sprintf("multiple number formats: 0%v", string(c)))
-	}
-
-	switch c {
-	case 'b':
-		b.numberFormat = binary
-	case 'o':
-		b.numberFormat = octal
-	case 'x':
-		b.numberFormat = hex
-	case 'e', 'E':
-		b.numberFormat = exponent
-	case '-':
-		if b.numberFormat != exponent {
-			b.negative = true
-		} else {
-			b.negativeExponent = true
-		}
-	case '.':
-		b.numberFormat = decimal
-	default:
-		return NewParseError(fmt.Sprintf("invalid number character: %v", string(c)))
-	}
-
-	return nil
-}
-
-func (b numberHelper) CorrectByte(c rune) bool {
-	switch {
-	case b.numberFormat == binary:
-		if !isBinaryByte(c) {
-			return false
-		}
-	case b.numberFormat == octal:
-		if !isOctalByte(c) {
-			return false
-		}
-	case b.numberFormat == hex:
-		if !isHexByte(c) {
-			return false
-		}
-	case b.numberFormat == decimal:
-		if !isDigit(c) {
-			return false
-		}
-	case b.numberFormat == exponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negativeExponent:
-		if !isDigit(c) {
-			return false
-		}
-	case b.negative:
-		if !isDigit(c) {
-			return false
-		}
-	default:
-		if !isDigit(c) {
-			return false
-		}
-	}
-
-	return true
-}
-
-func (b numberHelper) Base() int {
-	switch b.numberFormat {
-	case binary:
-		return 2
-	case octal:
-		return 8
-	case hex:
-		return 16
-	default:
-		return 10
-	}
-}
-
-func (b numberHelper) String() string {
-	buf := bytes.Buffer{}
-	i := 0
-
-	switch b.numberFormat {
-	case binary:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": binary format\n")
-	case octal:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": octal format\n")
-	case hex:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": hex format\n")
-	case exponent:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": exponent format\n")
-	default:
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": integer format\n")
-	}
-
-	if b.negative {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative format\n")
-	}
-
-	if b.negativeExponent {
-		i++
-		buf.WriteString(strconv.Itoa(i) + ": negative exponent format\n")
-	}
-
-	return buf.String()
-}
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
index b5480fdeb..d38a9cd48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/value_util.go
@@ -41,149 +41,6 @@ func getStringValue(b []rune) (int, error) {
 	return i + 1, nil
 }
 
-// getBoolValue will return a boolean and the amount
-// of bytes read
-//
-// an error will be returned if the boolean is not of a correct
-// value
-func getBoolValue(b []rune) (int, error) {
-	if len(b) < 4 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	n := 0
-	for _, lv := range literalValues {
-		if len(lv) > len(b) {
-			continue
-		}
-
-		if isCaselessLitValue(lv, b) {
-			n = len(lv)
-		}
-	}
-
-	if n == 0 {
-		return 0, NewParseError("invalid boolean value")
-	}
-
-	return n, nil
-}
-
-// getNumericalValue will return a numerical string, the amount
-// of bytes read, and the base of the number
-//
-// an error will be returned if the number is not of a correct
-// value
-func getNumericalValue(b []rune) (int, int, error) {
-	if !isDigit(b[0]) {
-		return 0, 0, NewParseError("invalid digit value")
-	}
-
-	i := 0
-	helper := numberHelper{}
-
-loop:
-	for negativeIndex := 0; i < len(b); i++ {
-		negativeIndex++
-
-		if !isDigit(b[i]) {
-			switch b[i] {
-			case '-':
-				if helper.IsNegative() || negativeIndex != 1 {
-					return 0, 0, NewParseError("parse error '-'")
-				}
-
-				n := getNegativeNumber(b[i:])
-				i += (n - 1)
-				helper.Determine(b[i])
-				continue
-			case '.':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			case 'e', 'E':
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-
-				negativeIndex = 0
-			case 'b':
-				if helper.numberFormat == hex {
-					break
-				}
-				fallthrough
-			case 'o', 'x':
-				if i == 0 && b[i] != '0' {
-					return 0, 0, NewParseError("incorrect base format, expected leading '0'")
-				}
-
-				if i != 1 {
-					return 0, 0, NewParseError(fmt.Sprintf("incorrect base format found %s at %d index", string(b[i]), i))
-				}
-
-				if err := helper.Determine(b[i]); err != nil {
-					return 0, 0, err
-				}
-			default:
-				if isWhitespace(b[i]) {
-					break loop
-				}
-
-				if isNewline(b[i:]) {
-					break loop
-				}
-
-				if !(helper.numberFormat == hex && isHexByte(b[i])) {
-					if i+2 < len(b) && !isNewline(b[i:i+2]) {
-						return 0, 0, NewParseError("invalid numerical character")
-					} else if !isNewline([]rune{b[i]}) {
-						return 0, 0, NewParseError("invalid numerical character")
-					}
-
-					break loop
-				}
-			}
-		}
-	}
-
-	return helper.Base(), i, nil
-}
-
-// isDigit will return whether or not something is an integer
-func isDigit(b rune) bool {
-	return b >= '0' && b <= '9'
-}
-
-func hasExponent(v []rune) bool {
-	return contains(v, 'e') || contains(v, 'E')
-}
-
-func isBinaryByte(b rune) bool {
-	switch b {
-	case '0', '1':
-		return true
-	default:
-		return false
-	}
-}
-
-func isOctalByte(b rune) bool {
-	switch b {
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		return true
-	default:
-		return false
-	}
-}
-
-func isHexByte(b rune) bool {
-	if isDigit(b) {
-		return true
-	}
-	return (b >= 'A' && b <= 'F') ||
-		(b >= 'a' && b <= 'f')
-}
-
 func getValue(b []rune) (int, error) {
 	i := 0
 
@@ -211,24 +68,6 @@ func getValue(b []rune) (int, error) {
 	return i, nil
 }
 
-// getNegativeNumber will return a negative number from a
-// byte slice. This will iterate through all characters until
-// a non-digit has been found.
-func getNegativeNumber(b []rune) int {
-	if b[0] != '-' {
-		return 0
-	}
-
-	i := 1
-	for ; i < len(b); i++ {
-		if !isDigit(b[i]) {
-			return i
-		}
-	}
-
-	return i
-}
-
 // isEscaped will return whether or not the character is an escaped
 // character.
 func isEscaped(value []rune, b rune) bool {
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
index a07a63738..97fb3d7f3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/internal/ini/visitor.go
@@ -245,17 +245,17 @@ func (t Section) ValueType(k string) (ValueType, bool) {
 }
 
 // Bool returns a bool value at k
-func (t Section) Bool(k string) bool {
+func (t Section) Bool(k string) (bool, bool) {
 	return t.values[k].BoolValue()
 }
 
 // Int returns an integer value at k
-func (t Section) Int(k string) int64 {
+func (t Section) Int(k string) (int64, bool) {
 	return t.values[k].IntValue()
 }
 
 // Float64 returns a float value at k
-func (t Section) Float64(k string) float64 {
+func (t Section) Float64(k string) (float64, bool) {
 	return t.values[k].FloatValue()
 }
 
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
index a4a343671..e505f5314 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
+++ b/vendor/github.com/aws/aws-sdk-go-v2/modman.toml
@@ -1,7 +1,7 @@
 
 [dependencies]
   "github.com/aws/aws-sdk-go" = "v1.44.28"
-  "github.com/aws/smithy-go" = "v1.14.1"
+  "github.com/aws/smithy-go" = "v1.15.0"
   "github.com/google/go-cmp" = "v0.5.8"
   "github.com/jmespath/go-jmespath" = "v0.4.0"
   "golang.org/x/net" = "v0.1.0"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
index ad4244324..318955895 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md
@@ -1,3 +1,23 @@
+# v1.9.37 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.36 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.35 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.34 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.9.33 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.9.32 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
index 7cd0b2d81..1d73a0cde 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go
@@ -3,4 +3,4 @@
 package presignedurl
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.9.32"
+const goModuleVersion = "1.9.37"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
index 58aa3ecc4..0b2700161 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md
@@ -1,3 +1,40 @@
+# v1.15.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.0 (2023-10-02)
+
+* **Feature**: Fix FIPS Endpoints in aws-us-gov.
+
+# v1.14.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.14.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.13.6 (2023-08-31)
+
+* No change notes available for this release.
+
+# v1.13.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.13.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.13.2 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
index 9395e91e2..6a2c7eb3e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go
@@ -411,6 +411,25 @@ func (r *resolver) ResolveEndpoint(
 			}
 			if _UseFIPS == true {
 				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://portal.sso.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
 					uriString := func() string {
 						var out strings.Builder
 						out.WriteString("https://portal.sso-fips.")
@@ -455,279 +474,6 @@ func (r *resolver) ResolveEndpoint(
 				}
 				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
 			}
-			if _Region == "ap-east-1" {
-				uriString := "https://portal.sso.ap-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-1" {
-				uriString := "https://portal.sso.ap-northeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-2" {
-				uriString := "https://portal.sso.ap-northeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-3" {
-				uriString := "https://portal.sso.ap-northeast-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-south-1" {
-				uriString := "https://portal.sso.ap-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-1" {
-				uriString := "https://portal.sso.ap-southeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-2" {
-				uriString := "https://portal.sso.ap-southeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ca-central-1" {
-				uriString := "https://portal.sso.ca-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-central-1" {
-				uriString := "https://portal.sso.eu-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-north-1" {
-				uriString := "https://portal.sso.eu-north-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-south-1" {
-				uriString := "https://portal.sso.eu-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-1" {
-				uriString := "https://portal.sso.eu-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-2" {
-				uriString := "https://portal.sso.eu-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-3" {
-				uriString := "https://portal.sso.eu-west-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "me-south-1" {
-				uriString := "https://portal.sso.me-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "sa-east-1" {
-				uriString := "https://portal.sso.sa-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-1" {
-				uriString := "https://portal.sso.us-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-2" {
-				uriString := "https://portal.sso.us-east-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-west-2" {
-				uriString := "https://portal.sso.us-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-east-1" {
-				uriString := "https://portal.sso.us-gov-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-west-1" {
-				uriString := "https://portal.sso.us-gov-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
 			uriString := func() string {
 				var out strings.Builder
 				out.WriteString("https://portal.sso.")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
index ac980ae3f..0f216f4ef 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sso
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.13.2"
+const goModuleVersion = "1.15.2"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
index 1da26791c..f044afde4 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "portal.sso.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
index d38e94554..536619724 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md
@@ -1,3 +1,40 @@
+# v1.17.3 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.2 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.17.1 (2023-09-22)
+
+* No change notes available for this release.
+
+# v1.17.0 (2023-09-20)
+
+* **Feature**: Update FIPS endpoints in aws-us-gov.
+
+# v1.16.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.15.6 (2023-09-05)
+
+* No change notes available for this release.
+
+# v1.15.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.15.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.15.2 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
index 282d078b5..e8d190e48 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go
@@ -411,6 +411,25 @@ func (r *resolver) ResolveEndpoint(
 			}
 			if _UseFIPS == true {
 				if true == _PartitionResult.SupportsFIPS {
+					if "aws-us-gov" == _PartitionResult.Name {
+						uriString := func() string {
+							var out strings.Builder
+							out.WriteString("https://oidc.")
+							out.WriteString(_Region)
+							out.WriteString(".amazonaws.com")
+							return out.String()
+						}()
+
+						uri, err := url.Parse(uriString)
+						if err != nil {
+							return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
+						}
+
+						return smithyendpoints.Endpoint{
+							URI:     *uri,
+							Headers: http.Header{},
+						}, nil
+					}
 					uriString := func() string {
 						var out strings.Builder
 						out.WriteString("https://oidc-fips.")
@@ -455,279 +474,6 @@ func (r *resolver) ResolveEndpoint(
 				}
 				return endpoint, fmt.Errorf("endpoint rule error, %s", "DualStack is enabled but this partition does not support DualStack")
 			}
-			if _Region == "ap-east-1" {
-				uriString := "https://oidc.ap-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-1" {
-				uriString := "https://oidc.ap-northeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-2" {
-				uriString := "https://oidc.ap-northeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-northeast-3" {
-				uriString := "https://oidc.ap-northeast-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-south-1" {
-				uriString := "https://oidc.ap-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-1" {
-				uriString := "https://oidc.ap-southeast-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ap-southeast-2" {
-				uriString := "https://oidc.ap-southeast-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "ca-central-1" {
-				uriString := "https://oidc.ca-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-central-1" {
-				uriString := "https://oidc.eu-central-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-north-1" {
-				uriString := "https://oidc.eu-north-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-south-1" {
-				uriString := "https://oidc.eu-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-1" {
-				uriString := "https://oidc.eu-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-2" {
-				uriString := "https://oidc.eu-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "eu-west-3" {
-				uriString := "https://oidc.eu-west-3.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "me-south-1" {
-				uriString := "https://oidc.me-south-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "sa-east-1" {
-				uriString := "https://oidc.sa-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-1" {
-				uriString := "https://oidc.us-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-east-2" {
-				uriString := "https://oidc.us-east-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-west-2" {
-				uriString := "https://oidc.us-west-2.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-east-1" {
-				uriString := "https://oidc.us-gov-east-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
-			if _Region == "us-gov-west-1" {
-				uriString := "https://oidc.us-gov-west-1.amazonaws.com"
-
-				uri, err := url.Parse(uriString)
-				if err != nil {
-					return endpoint, fmt.Errorf("Failed to parse uri: %s", uriString)
-				}
-
-				return smithyendpoints.Endpoint{
-					URI:     *uri,
-					Headers: http.Header{},
-				}, nil
-			}
 			uriString := func() string {
 				var out strings.Builder
 				out.WriteString("https://oidc.")
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
index f6d156607..fab953b91 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go
@@ -3,4 +3,4 @@
 package ssooidc
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.15.2"
+const goModuleVersion = "1.17.3"
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
index 8df344e93..c48da8b88 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go
@@ -227,6 +227,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-central-1",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "eu-central-2",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.eu-central-2.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "eu-central-2",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "eu-north-1",
 			}: endpoints.Endpoint{
@@ -267,6 +275,14 @@ var defaultPartitions = endpoints.Partitions{
 					Region: "eu-west-3",
 				},
 			},
+			endpoints.EndpointKey{
+				Region: "il-central-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.il-central-1.amazonaws.com",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "il-central-1",
+				},
+			},
 			endpoints.EndpointKey{
 				Region: "me-south-1",
 			}: endpoints.Endpoint{
@@ -351,6 +367,24 @@ var defaultPartitions = endpoints.Partitions{
 		},
 		RegionRegex:    partitionRegexp.AwsCn,
 		IsRegionalized: true,
+		Endpoints: endpoints.Endpoints{
+			endpoints.EndpointKey{
+				Region: "cn-north-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-north-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-north-1",
+				},
+			},
+			endpoints.EndpointKey{
+				Region: "cn-northwest-1",
+			}: endpoints.Endpoint{
+				Hostname: "oidc.cn-northwest-1.amazonaws.com.cn",
+				CredentialScope: endpoints.CredentialScope{
+					Region: "cn-northwest-1",
+				},
+			},
+		},
 	},
 	{
 		ID: "aws-iso",
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
index 2804b794c..d94dc1ab3 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md
@@ -1,3 +1,32 @@
+# v1.23.2 (2023-10-12)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.1 (2023-10-06)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.23.0 (2023-10-02)
+
+* **Feature**: STS API updates for assumeRole
+
+# v1.22.0 (2023-09-18)
+
+* **Announcement**: [BREAKFIX] Change in MaxResults datatype from value to pointer type in cognito-sync service.
+* **Feature**: Adds several endpoint ruleset changes across all models: smaller rulesets, removed non-unique regional endpoints, fixes FIPS and DualStack endpoints, and make region not required in SDK::Endpoint. Additional breakfix to cognito-sync field.
+
+# v1.21.5 (2023-08-21)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.4 (2023-08-18)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
+# v1.21.3 (2023-08-17)
+
+* **Dependency Update**: Updated to the latest SDK module versions
+
 # v1.21.2 (2023-08-07)
 
 * **Dependency Update**: Updated to the latest SDK module versions
diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
index 5312046b7..90dc95f1e 100644
--- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
+++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go
@@ -3,4 +3,4 @@
 package sts
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.21.2"
+const goModuleVersion = "1.23.2"
diff --git a/vendor/github.com/aws/smithy-go/CHANGELOG.md b/vendor/github.com/aws/smithy-go/CHANGELOG.md
index a1754c221..8a3540e04 100644
--- a/vendor/github.com/aws/smithy-go/CHANGELOG.md
+++ b/vendor/github.com/aws/smithy-go/CHANGELOG.md
@@ -1,3 +1,13 @@
+# Release (2023-10-06)
+
+## Module Highlights
+* `github.com/aws/smithy-go`: v1.15.0
+  * **Feature**: Add `http.WithHeaderComment` middleware.
+
+# Release (2023-08-18)
+
+* No change notes available for this release.
+
 # Release (2023-08-07)
 
 ## Module Highlights
diff --git a/vendor/github.com/aws/smithy-go/README.md b/vendor/github.com/aws/smithy-go/README.md
index a4bb43fbe..c374f6928 100644
--- a/vendor/github.com/aws/smithy-go/README.md
+++ b/vendor/github.com/aws/smithy-go/README.md
@@ -6,6 +6,21 @@
 
 **WARNING: All interfaces are subject to change.**
 
+## Can I use this?
+
+In order to generate a usable smithy client you must provide a [protocol definition](https://github.com/aws/smithy-go/blob/main/codegen/smithy-go-codegen/src/main/java/software/amazon/smithy/go/codegen/integration/ProtocolGenerator.java),
+such as [AWS restJson1](https://smithy.io/2.0/aws/protocols/aws-restjson1-protocol.html),
+in order to generate transport mechanisms and serialization/deserialization
+code ("serde") accordingly.
+
+The code generator does not currently support any protocols out of the box,
+therefore the useability of this project on its own is currently limited.
+Support for all [AWS protocols](https://smithy.io/2.0/aws/protocols/index.html)
+exists in [aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2). We are
+tracking the movement of those out of the SDK into smithy-go in
+[#458](https://github.com/aws/smithy-go/issues/458), but there's currently no
+timeline for doing so.
+
 ## License
 
 This project is licensed under the Apache-2.0 License.
diff --git a/vendor/github.com/aws/smithy-go/go_module_metadata.go b/vendor/github.com/aws/smithy-go/go_module_metadata.go
index 5dffb6360..6b795a2c8 100644
--- a/vendor/github.com/aws/smithy-go/go_module_metadata.go
+++ b/vendor/github.com/aws/smithy-go/go_module_metadata.go
@@ -3,4 +3,4 @@
 package smithy
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.14.1"
+const goModuleVersion = "1.15.0"
diff --git a/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
new file mode 100644
index 000000000..855c22720
--- /dev/null
+++ b/vendor/github.com/aws/smithy-go/transport/http/middleware_header_comment.go
@@ -0,0 +1,81 @@
+package http
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/aws/smithy-go/middleware"
+)
+
+// WithHeaderComment instruments a middleware stack to append an HTTP field
+// comment to the given header as specified in RFC 9110
+// (https://www.rfc-editor.org/rfc/rfc9110#name-comments).
+//
+// The header is case-insensitive. If the provided header exists when the
+// middleware runs, the content will be inserted as-is enclosed in parentheses.
+//
+// Note that per the HTTP specification, comments are only allowed in fields
+// containing "comment" as part of their field value definition, but this API
+// will NOT verify whether the provided header is one of them.
+//
+// WithHeaderComment MAY be applied more than once to a middleware stack and/or
+// more than once per header.
+func WithHeaderComment(header, content string) func(*middleware.Stack) error {
+	return func(s *middleware.Stack) error {
+		m, err := getOrAddHeaderComment(s)
+		if err != nil {
+			return fmt.Errorf("get or add header comment: %v", err)
+		}
+
+		m.values.Add(header, content)
+		return nil
+	}
+}
+
+type headerCommentMiddleware struct {
+	values http.Header // hijack case-insensitive access APIs
+}
+
+func (*headerCommentMiddleware) ID() string {
+	return "headerComment"
+}
+
+func (m *headerCommentMiddleware) HandleBuild(ctx context.Context, in middleware.BuildInput, next middleware.BuildHandler) (
+	out middleware.BuildOutput, metadata middleware.Metadata, err error,
+) {
+	r, ok := in.Request.(*Request)
+	if !ok {
+		return out, metadata, fmt.Errorf("unknown transport type %T", in.Request)
+	}
+
+	for h, contents := range m.values {
+		for _, c := range contents {
+			if existing := r.Header.Get(h); existing != "" {
+				r.Header.Set(h, fmt.Sprintf("%s (%s)", existing, c))
+			}
+		}
+	}
+
+	return next.HandleBuild(ctx, in)
+}
+
+func getOrAddHeaderComment(s *middleware.Stack) (*headerCommentMiddleware, error) {
+	id := (*headerCommentMiddleware)(nil).ID()
+	m, ok := s.Build.Get(id)
+	if !ok {
+		m := &headerCommentMiddleware{values: http.Header{}}
+		if err := s.Build.Add(m, middleware.After); err != nil {
+			return nil, fmt.Errorf("add build: %v", err)
+		}
+
+		return m, nil
+	}
+
+	hc, ok := m.(*headerCommentMiddleware)
+	if !ok {
+		return nil, fmt.Errorf("existing middleware w/ id %s is not *headerCommentMiddleware", id)
+	}
+
+	return hc, nil
+}
diff --git a/vendor/github.com/breml/bidichk/pkg/bidichk/bidichk.go b/vendor/github.com/breml/bidichk/pkg/bidichk/bidichk.go
index 2e1e89934..f1bf20fab 100644
--- a/vendor/github.com/breml/bidichk/pkg/bidichk/bidichk.go
+++ b/vendor/github.com/breml/bidichk/pkg/bidichk/bidichk.go
@@ -15,7 +15,7 @@ import (
 
 const (
 	doc           = "bidichk detects dangerous unicode character sequences"
-	disallowedDoc = `coma separated list of disallowed runes (full name or short name)
+	disallowedDoc = `comma separated list of disallowed runes (full name or short name)
 
 Supported runes
 
diff --git a/vendor/github.com/breml/errchkjson/.goreleaser.yml b/vendor/github.com/breml/errchkjson/.goreleaser.yml
index 5f23690f1..a05c172cb 100644
--- a/vendor/github.com/breml/errchkjson/.goreleaser.yml
+++ b/vendor/github.com/breml/errchkjson/.goreleaser.yml
@@ -14,13 +14,14 @@ builds:
       - windows
       - darwin
 archives:
-  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
+  - name_template: >-
+      {{- .Binary }}_
+      {{- .Version }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end -}}
 snapshot:
   name_template: "{{ .Tag }}-next"
 changelog:
diff --git a/vendor/github.com/breml/errchkjson/errchkjson.go b/vendor/github.com/breml/errchkjson/errchkjson.go
index 746709c76..4a23929cf 100644
--- a/vendor/github.com/breml/errchkjson/errchkjson.go
+++ b/vendor/github.com/breml/errchkjson/errchkjson.go
@@ -308,14 +308,14 @@ func (e *errchkjson) inspectArgs(pass *analysis.Pass, args []ast.Expr) {
 }
 
 // Construct *types.Interface for interface encoding.TextMarshaler
-//     type TextMarshaler interface {
-//         MarshalText() (text []byte, err error)
-//     }
 //
+//	type TextMarshaler interface {
+//	    MarshalText() (text []byte, err error)
+//	}
 func textMarshalerInterface() *types.Interface {
 	textMarshalerInterface := types.NewInterfaceType([]*types.Func{
-		types.NewFunc(token.NoPos, nil, "MarshalText", types.NewSignature(
-			nil, nil, types.NewTuple(
+		types.NewFunc(token.NoPos, nil, "MarshalText", types.NewSignatureType(
+			nil, nil, nil, nil, types.NewTuple(
 				types.NewVar(token.NoPos, nil, "text",
 					types.NewSlice(
 						types.Universe.Lookup("byte").Type())),
@@ -328,14 +328,14 @@ func textMarshalerInterface() *types.Interface {
 }
 
 // Construct *types.Interface for interface json.Marshaler
-//     type Marshaler interface {
-//         MarshalJSON() ([]byte, error)
-//     }
 //
+//	type Marshaler interface {
+//	    MarshalJSON() ([]byte, error)
+//	}
 func jsonMarshalerInterface() *types.Interface {
 	textMarshalerInterface := types.NewInterfaceType([]*types.Func{
-		types.NewFunc(token.NoPos, nil, "MarshalJSON", types.NewSignature(
-			nil, nil, types.NewTuple(
+		types.NewFunc(token.NoPos, nil, "MarshalJSON", types.NewSignatureType(
+			nil, nil, nil, nil, types.NewTuple(
 				types.NewVar(token.NoPos, nil, "",
 					types.NewSlice(
 						types.Universe.Lookup("byte").Type())),
diff --git a/vendor/github.com/butuzov/ireturn/analyzer/analyzer.go b/vendor/github.com/butuzov/ireturn/analyzer/analyzer.go
index 3a0bf7402..21e5897b2 100644
--- a/vendor/github.com/butuzov/ireturn/analyzer/analyzer.go
+++ b/vendor/github.com/butuzov/ireturn/analyzer/analyzer.go
@@ -23,6 +23,7 @@ type validator interface {
 
 type analyzer struct {
 	once    sync.Once
+	mu      sync.RWMutex
 	handler validator
 	err     error
 
@@ -83,11 +84,13 @@ func (a *analyzer) run(pass *analysis.Pass) (interface{}, error) {
 			}
 			seen[key] = true
 
-			a.found = append(a.found, issue.ExportDiagnostic())
+			a.addDiagnostic(issue.ExportDiagnostic())
 		}
 	})
 
 	// 02. Printing reports.
+	a.mu.RLock()
+	defer a.mu.RUnlock()
 	for i := range a.found {
 		pass.Report(a.found[i])
 	}
@@ -95,6 +98,13 @@ func (a *analyzer) run(pass *analysis.Pass) (interface{}, error) {
 	return nil, nil
 }
 
+func (a *analyzer) addDiagnostic(d analysis.Diagnostic) {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+
+	a.found = append(a.found, d)
+}
+
 func (a *analyzer) readConfiguration(fs *flag.FlagSet) {
 	cnf, err := config.New(fs)
 	if err != nil {
diff --git a/vendor/github.com/butuzov/ireturn/analyzer/internal/config/config.go b/vendor/github.com/butuzov/ireturn/analyzer/internal/config/config.go
index e2f1aef6e..46c73170a 100644
--- a/vendor/github.com/butuzov/ireturn/analyzer/internal/config/config.go
+++ b/vendor/github.com/butuzov/ireturn/analyzer/internal/config/config.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"regexp"
+	"sync"
 
 	"github.com/butuzov/ireturn/analyzer/internal/types"
 )
@@ -13,16 +14,13 @@ type defaultConfig struct {
 	List []string
 
 	// private fields (for search optimization look ups)
-	init  bool
+	once  sync.Once
 	quick uint8
 	list  []*regexp.Regexp
 }
 
 func (config *defaultConfig) Has(i types.IFace) bool {
-	if !config.init {
-		config.compileList()
-		config.init = true
-	}
+	config.once.Do(config.compileList)
 
 	if config.quick&uint8(i.Type) > 0 {
 		return true
diff --git a/vendor/github.com/butuzov/ireturn/analyzer/std.go b/vendor/github.com/butuzov/ireturn/analyzer/std.go
index ec361cd44..4c6c4e420 100644
--- a/vendor/github.com/butuzov/ireturn/analyzer/std.go
+++ b/vendor/github.com/butuzov/ireturn/analyzer/std.go
@@ -191,4 +191,10 @@ var std = map[string]struct{}{
 	// added in Go v1.20 in compare to v1.19 (docker image)
 	"crypto/ecdh":      {},
 	"runtime/coverage": {},
+	// added in Go v1.21 in compare to v1.20 (docker image)
+	"cmp":              {},
+	"log/slog":         {},
+	"maps":             {},
+	"slices":           {},
+	"testing/slogtest": {},
 }
diff --git a/vendor/github.com/catenacyber/perfsprint/LICENSE b/vendor/github.com/catenacyber/perfsprint/LICENSE
new file mode 100644
index 000000000..14c2b9e73
--- /dev/null
+++ b/vendor/github.com/catenacyber/perfsprint/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Catena cyber
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/catenacyber/perfsprint/analyzer/analyzer.go b/vendor/github.com/catenacyber/perfsprint/analyzer/analyzer.go
new file mode 100644
index 000000000..69087802a
--- /dev/null
+++ b/vendor/github.com/catenacyber/perfsprint/analyzer/analyzer.go
@@ -0,0 +1,333 @@
+package analyzer
+
+import (
+	"bytes"
+	"go/ast"
+	"go/format"
+	"go/token"
+	"go/types"
+	"strconv"
+
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/ast/inspector"
+
+	"golang.org/x/tools/go/analysis"
+)
+
+var Analyzer = &analysis.Analyzer{
+	Name:     "perfsprint",
+	Doc:      "Checks that fmt.Sprintf can be replaced with a faster alternative.",
+	Run:      run,
+	Requires: []*analysis.Analyzer{inspect.Analyzer},
+}
+
+func run(pass *analysis.Pass) (interface{}, error) {
+	var fmtSprintObj, fmtSprintfObj types.Object
+	for _, pkg := range pass.Pkg.Imports() {
+		if pkg.Path() == "fmt" {
+			fmtSprintObj = pkg.Scope().Lookup("Sprint")
+			fmtSprintfObj = pkg.Scope().Lookup("Sprintf")
+		}
+	}
+	if fmtSprintfObj == nil {
+		return nil, nil
+	}
+
+	insp := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+	nodeFilter := []ast.Node{
+		(*ast.CallExpr)(nil),
+	}
+	insp.Preorder(nodeFilter, func(node ast.Node) {
+		call := node.(*ast.CallExpr)
+		called, ok := call.Fun.(*ast.SelectorExpr)
+		if !ok {
+			return
+		}
+		calledObj := pass.TypesInfo.ObjectOf(called.Sel)
+
+		var (
+			fn    string
+			verb  string
+			value ast.Expr
+			err   error
+		)
+		switch {
+		case calledObj == fmtSprintObj && len(call.Args) == 1:
+			fn = "fmt.Sprint"
+			verb = "%v"
+			value = call.Args[0]
+
+		case calledObj == fmtSprintfObj && len(call.Args) == 2:
+			verbLit, ok := call.Args[0].(*ast.BasicLit)
+			if !ok {
+				return
+			}
+			verb, err = strconv.Unquote(verbLit.Value)
+			if err != nil {
+				// Probably unreachable.
+				return
+			}
+
+			fn = "fmt.Sprintf"
+			value = call.Args[1]
+
+		default:
+			return
+		}
+
+		switch verb {
+		default:
+			return
+		case "%d", "%v", "%x", "%t", "%s":
+		}
+
+		valueType := pass.TypesInfo.TypeOf(value)
+		a, isArray := valueType.(*types.Array)
+		s, isSlice := valueType.(*types.Slice)
+
+		var d *analysis.Diagnostic
+		switch {
+		case isBasicType(valueType, types.String) && oneOf(verb, "%v", "%s"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with just using the string",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Just use string value",
+						TextEdits: []analysis.TextEdit{{
+							Pos:     call.Pos(),
+							End:     call.End(),
+							NewText: []byte(formatNode(pass.Fset, value)),
+						}},
+					},
+				},
+			}
+
+		case types.Implements(valueType, errIface) && oneOf(verb, "%v", "%s"):
+			errMethodCall := formatNode(pass.Fset, value) + ".Error()"
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with " + errMethodCall,
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use " + errMethodCall,
+						TextEdits: []analysis.TextEdit{{
+							Pos:     call.Pos(),
+							End:     call.End(),
+							NewText: []byte(errMethodCall),
+						}},
+					},
+				},
+			}
+
+		case isBasicType(valueType, types.Bool) && oneOf(verb, "%v", "%t"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.FormatBool",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.FormatBool",
+						TextEdits: []analysis.TextEdit{{
+							Pos:     call.Pos(),
+							End:     value.Pos(),
+							NewText: []byte("strconv.FormatBool("),
+						}},
+					},
+				},
+			}
+
+		case isArray && isBasicType(a.Elem(), types.Uint8) && oneOf(verb, "%x"):
+			if _, ok := value.(*ast.Ident); !ok {
+				// Doesn't support array literals.
+				return
+			}
+
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster hex.EncodeToString",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use hex.EncodeToString",
+						TextEdits: []analysis.TextEdit{
+							{
+								Pos:     call.Pos(),
+								End:     value.Pos(),
+								NewText: []byte("hex.EncodeToString("),
+							},
+							{
+								Pos:     value.End(),
+								End:     value.End(),
+								NewText: []byte("[:]"),
+							},
+						},
+					},
+				},
+			}
+		case isSlice && isBasicType(s.Elem(), types.Uint8) && oneOf(verb, "%x"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster hex.EncodeToString",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use hex.EncodeToString",
+						TextEdits: []analysis.TextEdit{{
+							Pos:     call.Pos(),
+							End:     value.Pos(),
+							NewText: []byte("hex.EncodeToString("),
+						}},
+					},
+				},
+			}
+
+		case isBasicType(valueType, types.Int8, types.Int16, types.Int32) && oneOf(verb, "%v", "%d"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.Itoa",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.Itoa",
+						TextEdits: []analysis.TextEdit{
+							{
+								Pos:     call.Pos(),
+								End:     value.Pos(),
+								NewText: []byte("strconv.Itoa(int("),
+							},
+							{
+								Pos:     value.End(),
+								End:     value.End(),
+								NewText: []byte(")"),
+							},
+						},
+					},
+				},
+			}
+		case isBasicType(valueType, types.Int) && oneOf(verb, "%v", "%d"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.Itoa",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.Itoa",
+						TextEdits: []analysis.TextEdit{{
+							Pos:     call.Pos(),
+							End:     value.Pos(),
+							NewText: []byte("strconv.Itoa("),
+						}},
+					},
+				},
+			}
+		case isBasicType(valueType, types.Int64) && oneOf(verb, "%v", "%d"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.FormatInt",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.FormatInt",
+						TextEdits: []analysis.TextEdit{
+							{
+								Pos:     call.Pos(),
+								End:     value.Pos(),
+								NewText: []byte("strconv.FormatInt("),
+							},
+							{
+								Pos:     value.End(),
+								End:     value.End(),
+								NewText: []byte(", 10"),
+							},
+						},
+					},
+				},
+			}
+
+		case isBasicType(valueType, types.Uint8, types.Uint16, types.Uint32, types.Uint) && oneOf(verb, "%v", "%d"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.FormatUint",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.FormatUint",
+						TextEdits: []analysis.TextEdit{
+							{
+								Pos:     call.Pos(),
+								End:     value.Pos(),
+								NewText: []byte("strconv.FormatUint(uint64("),
+							},
+							{
+								Pos:     value.End(),
+								End:     value.End(),
+								NewText: []byte("), 10"),
+							},
+						},
+					},
+				},
+			}
+		case isBasicType(valueType, types.Uint64) && oneOf(verb, "%v", "%d"):
+			d = &analysis.Diagnostic{
+				Pos:     call.Pos(),
+				End:     call.End(),
+				Message: fn + " can be replaced with faster strconv.FormatUint",
+				SuggestedFixes: []analysis.SuggestedFix{
+					{
+						Message: "Use strconv.FormatUint",
+						TextEdits: []analysis.TextEdit{
+							{
+								Pos:     call.Pos(),
+								End:     value.Pos(),
+								NewText: []byte("strconv.FormatUint("),
+							},
+							{
+								Pos:     value.End(),
+								End:     value.End(),
+								NewText: []byte(", 10"),
+							},
+						},
+					},
+				},
+			}
+		}
+
+		if d != nil {
+			// Need to run goimports to fix using of fmt, strconv or encoding/hex afterwards.
+			pass.Report(*d)
+		}
+	})
+
+	return nil, nil
+}
+
+var errIface = types.Universe.Lookup("error").Type().Underlying().(*types.Interface)
+
+func isBasicType(lhs types.Type, expected ...types.BasicKind) bool {
+	for _, rhs := range expected {
+		if types.Identical(lhs, types.Typ[rhs]) {
+			return true
+		}
+	}
+	return false
+}
+
+func formatNode(fset *token.FileSet, node ast.Node) string {
+	buf := new(bytes.Buffer)
+	if err := format.Node(buf, fset, node); err != nil {
+		return ""
+	}
+	return buf.String()
+}
+
+func oneOf[T comparable](v T, expected ...T) bool {
+	for _, rhs := range expected {
+		if v == rhs {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/ccojocar/zxcvbn-go/.gitignore b/vendor/github.com/ccojocar/zxcvbn-go/.gitignore
new file mode 100644
index 000000000..e032cc2fc
--- /dev/null
+++ b/vendor/github.com/ccojocar/zxcvbn-go/.gitignore
@@ -0,0 +1,5 @@
+zxcvbn
+debug.test
+
+# SBOMs generated during CI
+/bom.json
diff --git a/vendor/github.com/ccojocar/zxcvbn-go/.golangci.yml b/vendor/github.com/ccojocar/zxcvbn-go/.golangci.yml
new file mode 100644
index 000000000..b54f70092
--- /dev/null
+++ b/vendor/github.com/ccojocar/zxcvbn-go/.golangci.yml
@@ -0,0 +1,39 @@
+linters:
+  enable:
+    - asciicheck
+    - bodyclose
+    - dogsled
+    - durationcheck
+    - errcheck
+    - errorlint
+    - exportloopref
+    - gci
+    - ginkgolinter
+    - gofmt
+    - gofumpt
+    - goimports
+    - gosimple
+    - govet
+    - importas
+    - ineffassign
+    - megacheck
+    - misspell
+    - nakedret
+    - nolintlint
+    - revive
+    - staticcheck
+    - typecheck
+    - unconvert
+    - unparam
+    - unused
+    - wastedassign
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/ccojocar)
+
+run:
+  timeout: 5m
diff --git a/vendor/github.com/ccojocar/zxcvbn-go/.goreleaser.yml b/vendor/github.com/ccojocar/zxcvbn-go/.goreleaser.yml
new file mode 100644
index 000000000..2386aeee5
--- /dev/null
+++ b/vendor/github.com/ccojocar/zxcvbn-go/.goreleaser.yml
@@ -0,0 +1,27 @@
+---
+project_name: zxcvbn-go
+
+release:
+  extra_files:
+    - glob: ./bom.json
+  github:
+    owner: ccojocar
+    name: zxcvbn-go
+
+builds:
+  - main: ./testapp/
+    binary: zxcvbn-go
+    goos:
+      - darwin
+      - linux
+      - windows
+    goarch:
+      - amd64
+      - arm64
+      - s390x
+    ldflags: -X main.Version={{.Version}} -X main.GitTag={{.Tag}} -X main.BuildDate={{.Date}}
+    env:
+      - CGO_ENABLED=0
+
+gomod:
+  proxy: true
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/LICENSE.txt b/vendor/github.com/ccojocar/zxcvbn-go/LICENSE.txt
similarity index 100%
rename from vendor/github.com/nbutton23/zxcvbn-go/LICENSE.txt
rename to vendor/github.com/ccojocar/zxcvbn-go/LICENSE.txt
diff --git a/vendor/github.com/ccojocar/zxcvbn-go/Makefile b/vendor/github.com/ccojocar/zxcvbn-go/Makefile
new file mode 100644
index 000000000..0690f3753
--- /dev/null
+++ b/vendor/github.com/ccojocar/zxcvbn-go/Makefile
@@ -0,0 +1,61 @@
+GIT_TAG?= $(shell git describe --always --tags)
+BIN = zxcvbn-go
+FMT_CMD = $(gofmt -s -l -w $(find . -type f -name '*.go' -not -path './vendor/*') | tee /dev/stderr)
+IMAGE_REPO = ccojocar
+DATE_FMT=+%Y-%m-%d
+ifdef SOURCE_DATE_EPOCH
+    BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)")
+else
+    BUILD_DATE ?= $(shell date "$(DATE_FMT)")
+endif
+BUILDFLAGS := "-w -s -X 'main.Version=$(GIT_TAG)' -X 'main.GitTag=$(GIT_TAG)' -X 'main.BuildDate=$(BUILD_DATE)'"
+CGO_ENABLED = 0
+GO := GO111MODULE=on go
+GO_NOMOD :=GO111MODULE=off go
+GOPATH ?= $(shell $(GO) env GOPATH)
+GOBIN ?= $(GOPATH)/bin
+GO_MINOR_VERSION = $(shell $(GO) version | cut -c 14- | cut -d' ' -f1 | cut -d'.' -f2)
+GOVULN_MIN_VERSION = 17
+GO_VERSION = 1.20
+
+default: 
+	$(MAKE) test
+
+install-govulncheck:
+	@if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \
+		go install golang.org/x/vuln/cmd/govulncheck@latest; \
+	fi
+
+test-all: fmt vet lint sec govulncheck test
+
+test:
+	go test -v ./...
+
+fmt:
+	@echo "FORMATTING"
+	@FORMATTED=`$(GO) fmt ./...`
+	@([ ! -z "$(FORMATTED)" ] && printf "Fixed unformatted files:\n$(FORMATTED)") || true
+
+vet:
+	@echo "VETTING"
+	$(GO) vet ./...
+
+lint:
+	@echo "LINTING: golangci-lint"
+	golangci-lint run
+
+sec:
+	@echo "SECURITY SCANNING"
+	gosec ./...
+
+govulncheck: install-govulncheck
+	@echo "CHECKING VULNERABILITIES"
+	@if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \
+		govulncheck ./...; \
+	fi
+
+clean:
+	rm -rf build vendor dist coverage.txt
+	rm -f release image $(BIN)
+
+.PHONY: test test-all fmt vet govulncheck clean
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/README.md b/vendor/github.com/ccojocar/zxcvbn-go/README.md
similarity index 100%
rename from vendor/github.com/nbutton23/zxcvbn-go/README.md
rename to vendor/github.com/ccojocar/zxcvbn-go/README.md
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/adjacency/adjcmartix.go b/vendor/github.com/ccojocar/zxcvbn-go/adjacency/adjcmartix.go
similarity index 82%
rename from vendor/github.com/nbutton23/zxcvbn-go/adjacency/adjcmartix.go
rename to vendor/github.com/ccojocar/zxcvbn-go/adjacency/adjcmartix.go
index 66ad30b82..34526685c 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/adjacency/adjcmartix.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/adjacency/adjcmartix.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"log"
 
-	"github.com/nbutton23/zxcvbn-go/data"
+	"github.com/ccojocar/zxcvbn-go/data"
 )
 
 // Graph holds information about different graphs
@@ -25,7 +25,7 @@ func init() {
 	GraphMap["l33t"] = BuildLeet()
 }
 
-//BuildQwerty builds the Qwerty Graph
+// BuildQwerty builds the Qwerty Graph
 func BuildQwerty() Graph {
 	data, err := data.Asset("data/Qwerty.json")
 	if err != nil {
@@ -34,7 +34,7 @@ func BuildQwerty() Graph {
 	return getAdjancencyGraphFromFile(data, "qwerty")
 }
 
-//BuildDvorak builds the Dvorak Graph
+// BuildDvorak builds the Dvorak Graph
 func BuildDvorak() Graph {
 	data, err := data.Asset("data/Dvorak.json")
 	if err != nil {
@@ -43,7 +43,7 @@ func BuildDvorak() Graph {
 	return getAdjancencyGraphFromFile(data, "dvorak")
 }
 
-//BuildKeypad builds the Keypad Graph
+// BuildKeypad builds the Keypad Graph
 func BuildKeypad() Graph {
 	data, err := data.Asset("data/Keypad.json")
 	if err != nil {
@@ -52,7 +52,7 @@ func BuildKeypad() Graph {
 	return getAdjancencyGraphFromFile(data, "keypad")
 }
 
-//BuildMacKeypad builds the Mac Keypad Graph
+// BuildMacKeypad builds the Mac Keypad Graph
 func BuildMacKeypad() Graph {
 	data, err := data.Asset("data/MacKeypad.json")
 	if err != nil {
@@ -61,7 +61,7 @@ func BuildMacKeypad() Graph {
 	return getAdjancencyGraphFromFile(data, "mac_keypad")
 }
 
-//BuildLeet builds the L33T Graph
+// BuildLeet builds the L33T Graph
 func BuildLeet() Graph {
 	data, err := data.Asset("data/L33t.json")
 	if err != nil {
@@ -71,7 +71,6 @@ func BuildLeet() Graph {
 }
 
 func getAdjancencyGraphFromFile(data []byte, name string) Graph {
-
 	var graph Graph
 	err := json.Unmarshal(data, &graph)
 	if err != nil {
@@ -82,9 +81,9 @@ func getAdjancencyGraphFromFile(data []byte, name string) Graph {
 }
 
 // CalculateAvgDegree calclates the average degree between nodes in the graph
-//on qwerty, 'g' has degree 6, being adjacent to 'ftyhbv'. '\' has degree 1.
-//this calculates the average over all keys.
-//TODO double check that i ported this correctly scoring.coffee ln 5
+// on qwerty, 'g' has degree 6, being adjacent to 'ftyhbv'. '\' has degree 1.
+// this calculates the average over all keys.
+// TODO double check that i ported this correctly scoring.coffee ln 5
 func (adjGrp Graph) CalculateAvgDegree() float64 {
 	if adjGrp.averageDegree != float64(0) {
 		return adjGrp.averageDegree
@@ -92,14 +91,12 @@ func (adjGrp Graph) CalculateAvgDegree() float64 {
 	var avg float64
 	var count float64
 	for _, value := range adjGrp.Graph {
-
 		for _, char := range value {
 			if len(char) != 0 || char != " " {
 				avg += float64(len(char))
 				count++
 			}
 		}
-
 	}
 
 	adjGrp.averageDegree = avg / count
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/data/bindata.go b/vendor/github.com/ccojocar/zxcvbn-go/data/bindata.go
similarity index 99%
rename from vendor/github.com/nbutton23/zxcvbn-go/data/bindata.go
rename to vendor/github.com/ccojocar/zxcvbn-go/data/bindata.go
index f3a0c010c..3db0f1b10 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/data/bindata.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/data/bindata.go
@@ -33,7 +33,7 @@ func bindataRead(data []byte, name string) ([]byte, error) {
 	}
 
 	var buf bytes.Buffer
-	_, err = io.Copy(&buf, gz)
+	_, err = io.Copy(&buf, gz) // #nosec
 	clErr := gz.Close()
 
 	if err != nil {
@@ -345,11 +345,13 @@ var _bindata = map[string]func() (*asset, error){
 // directory embedded in the file by go-bindata.
 // For example if you run go-bindata on data/... and data contains the
 // following hierarchy:
-//     data/
-//       foo.txt
-//       img/
-//         a.png
-//         b.png
+//
+//	data/
+//	  foo.txt
+//	  img/
+//	    a.png
+//	    b.png
+//
 // then AssetDir("data") would return []string{"foo.txt", "img"}
 // AssetDir("data/img") would return []string{"a.png", "b.png"}
 // AssetDir("foo.txt") and AssetDir("notexist") would return an error
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/entropy/entropyCalculator.go b/vendor/github.com/ccojocar/zxcvbn-go/entropy/entropyCalculator.go
similarity index 77%
rename from vendor/github.com/nbutton23/zxcvbn-go/entropy/entropyCalculator.go
rename to vendor/github.com/ccojocar/zxcvbn-go/entropy/entropyCalculator.go
index 8f57ea0a4..80432572b 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/entropy/entropyCalculator.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/entropy/entropyCalculator.go
@@ -1,12 +1,13 @@
 package entropy
 
 import (
-	"github.com/nbutton23/zxcvbn-go/adjacency"
-	"github.com/nbutton23/zxcvbn-go/match"
-	"github.com/nbutton23/zxcvbn-go/utils/math"
 	"math"
 	"regexp"
 	"unicode"
+
+	"github.com/ccojocar/zxcvbn-go/adjacency"
+	"github.com/ccojocar/zxcvbn-go/match"
+	zxcvbnmath "github.com/ccojocar/zxcvbn-go/utils/math"
 )
 
 const (
@@ -27,7 +28,7 @@ var (
 func DictionaryEntropy(match match.Match, rank float64) float64 {
 	baseEntropy := math.Log2(rank)
 	upperCaseEntropy := extraUpperCaseEntropy(match)
-	//TODO: L33t
+	// TODO: L33t
 	return baseEntropy + upperCaseEntropy
 }
 
@@ -46,18 +47,18 @@ func extraUpperCaseEntropy(match match.Match) float64 {
 		return float64(0)
 	}
 
-	//a capitalized word is the most common capitalization scheme,
-	//so it only doubles the search space (uncapitalized + capitalized): 1 extra bit of entropy.
-	//allcaps and end-capitalized are common enough too, underestimate as 1 extra bit to be safe.
+	// a capitalized word is the most common capitalization scheme,
+	// so it only doubles the search space (uncapitalized + capitalized): 1 extra bit of entropy.
+	// allcaps and end-capitalized are common enough too, underestimate as 1 extra bit to be safe.
 
 	for _, matcher := range []*regexp.Regexp{startUpperRx, endUpperRx, allUpperRx} {
 		if matcher.MatchString(word) {
 			return float64(1)
 		}
 	}
-	//Otherwise calculate the number of ways to capitalize U+L uppercase+lowercase letters with U uppercase letters or
-	//less. Or, if there's more uppercase than lower (for e.g. PASSwORD), the number of ways to lowercase U+L letters
-	//with L lowercase letters or less.
+	// Otherwise calculate the number of ways to capitalize U+L uppercase+lowercase letters with U uppercase letters or
+	// less. Or, if there's more uppercase than lower (for e.g. PASSwORD), the number of ways to lowercase U+L letters
+	// with L lowercase letters or less.
 
 	countUpper, countLower := float64(0), float64(0)
 	for _, char := range word {
@@ -71,21 +72,21 @@ func extraUpperCaseEntropy(match match.Match) float64 {
 	var possibililities float64
 
 	for i := float64(0); i <= math.Min(countUpper, countLower); i++ {
-		possibililities += float64(zxcvbnmath.NChoseK(totalLenght, i))
+		possibililities += zxcvbnmath.NChoseK(totalLenght, i)
 	}
 
 	if possibililities < 1 {
 		return float64(1)
 	}
 
-	return float64(math.Log2(possibililities))
+	return (math.Log2(possibililities))
 }
 
 // SpatialEntropy calculates the entropy for spatial matches
 func SpatialEntropy(match match.Match, turns int, shiftCount int) float64 {
 	var s, d float64
 	if match.DictionaryName == "qwerty" || match.DictionaryName == "dvorak" {
-		//todo: verify qwerty and dvorak have the same length and degree
+		// todo: verify qwerty and dvorak have the same length and degree
 		s = float64(len(adjacency.BuildQwerty().Graph))
 		d = adjacency.BuildQwerty().CalculateAvgDegree()
 	} else {
@@ -97,8 +98,8 @@ func SpatialEntropy(match match.Match, turns int, shiftCount int) float64 {
 
 	length := float64(len(match.Token))
 
-	//TODO: Should this be <= or just < ?
-	//Estimate the number of possible patterns w/ length L or less with t turns or less
+	// TODO: Should this be <= or just < ?
+	// Estimate the number of possible patterns w/ length L or less with t turns or less
 	for i := float64(2); i <= length+1; i++ {
 		possibleTurns := math.Min(float64(turns), i-1)
 		for j := float64(1); j <= possibleTurns+1; j++ {
@@ -108,8 +109,8 @@ func SpatialEntropy(match match.Match, turns int, shiftCount int) float64 {
 	}
 
 	entropy := math.Log2(possibilities)
-	//add extra entropu for shifted keys. ( % instead of 5 A instead of a)
-	//Math is similar to extra entropy for uppercase letters in dictionary matches.
+	// add extra entropu for shifted keys. ( % instead of 5 A instead of a)
+	// Math is similar to extra entropy for uppercase letters in dictionary matches.
 
 	if S := float64(shiftCount); S > float64(0) {
 		possibilities = float64(0)
@@ -134,7 +135,7 @@ func RepeatEntropy(match match.Match) float64 {
 }
 
 // CalcBruteForceCardinality calculates the brute force cardinality
-//TODO: Validate against python
+// TODO: Validate against python
 func CalcBruteForceCardinality(password string) float64 {
 	lower, upper, digits, symbols := float64(0), float64(0), float64(0), float64(0)
 
@@ -157,12 +158,12 @@ func CalcBruteForceCardinality(password string) float64 {
 // SequenceEntropy calculates the entropy for sequences such as 4567 or cdef
 func SequenceEntropy(match match.Match, dictionaryLength int, ascending bool) float64 {
 	firstChar := match.Token[0]
-	baseEntropy := float64(0)
+	var baseEntropy float64
 	if string(firstChar) == "a" || string(firstChar) == "1" {
 		baseEntropy = float64(0)
 	} else {
 		baseEntropy = math.Log2(float64(dictionaryLength))
-		//TODO: should this be just the first or any char?
+		// TODO: should this be just the first or any char?
 		if unicode.IsUpper(rune(firstChar)) {
 			baseEntropy++
 		}
@@ -183,7 +184,7 @@ func ExtraLeetEntropy(match match.Match, password string) float64 {
 		if string(char) != string(match.Token[index]) {
 			subsitutions++
 		} else {
-			//TODO: Make this only true for 1337 chars that are not subs?
+			// TODO: Make this only true for 1337 chars that are not subs?
 			unsub++
 		}
 	}
@@ -210,7 +211,7 @@ func DateEntropy(dateMatch match.DateMatch) float64 {
 	}
 
 	if dateMatch.Separator != "" {
-		entropy += 2 //add two bits for separator selection [/,-,.,etc]
+		entropy += 2 // add two bits for separator selection [/,-,.,etc]
 	}
 	return entropy
 }
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/frequency/frequency.go b/vendor/github.com/ccojocar/zxcvbn-go/frequency/frequency.go
similarity index 96%
rename from vendor/github.com/nbutton23/zxcvbn-go/frequency/frequency.go
rename to vendor/github.com/ccojocar/zxcvbn-go/frequency/frequency.go
index d056e4d4e..4f51369e1 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/frequency/frequency.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/frequency/frequency.go
@@ -4,7 +4,7 @@ import (
 	"encoding/json"
 	"log"
 
-	"github.com/nbutton23/zxcvbn-go/data"
+	"github.com/ccojocar/zxcvbn-go/data"
 )
 
 // List holds a frequency list
@@ -28,8 +28,8 @@ func init() {
 	Lists["Surname"] = getStringListFromAsset(surnameFilePath, "Surname")
 	Lists["English"] = getStringListFromAsset(englishFilePath, "English")
 	Lists["Passwords"] = getStringListFromAsset(passwordsFilePath, "Passwords")
-
 }
+
 func getAsset(name string) []byte {
 	data, err := data.Asset(name)
 	if err != nil {
@@ -38,8 +38,8 @@ func getAsset(name string) []byte {
 
 	return data
 }
-func getStringListFromAsset(data []byte, name string) List {
 
+func getStringListFromAsset(data []byte, name string) List {
 	var tempList List
 	err := json.Unmarshal(data, &tempList)
 	if err != nil {
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/match/match.go b/vendor/github.com/ccojocar/zxcvbn-go/match/match.go
similarity index 80%
rename from vendor/github.com/nbutton23/zxcvbn-go/match/match.go
rename to vendor/github.com/ccojocar/zxcvbn-go/match/match.go
index dd30bea04..998dde111 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/match/match.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/match/match.go
@@ -1,14 +1,16 @@
 package match
 
-//Matches is an alies for []Match used for sorting
+// Matches is an alies for []Match used for sorting
 type Matches []Match
 
 func (s Matches) Len() int {
 	return len(s)
 }
+
 func (s Matches) Swap(i, j int) {
 	s[i], s[j] = s[j], s[i]
 }
+
 func (s Matches) Less(i, j int) bool {
 	if s[i].I < s[j].I {
 		return true
@@ -28,7 +30,7 @@ type Match struct {
 	Entropy        float64
 }
 
-//DateMatch is specifilly a match for type date
+// DateMatch is specifilly a match for type date
 type DateMatch struct {
 	Pattern          string
 	I, J             int
@@ -37,7 +39,7 @@ type DateMatch struct {
 	Day, Month, Year int64
 }
 
-//Matcher are a func and ID that can be used to match different passwords
+// Matcher are a func and ID that can be used to match different passwords
 type Matcher struct {
 	MatchingFunc func(password string) []Match
 	ID           string
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/dateMatchers.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/dateMatchers.go
similarity index 93%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/dateMatchers.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/dateMatchers.go
index 8dfdf2410..fd7f38332 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/dateMatchers.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/dateMatchers.go
@@ -5,8 +5,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 const (
@@ -20,12 +20,12 @@ var (
 	dateWithOutSepMatch = regexp.MustCompile(`\d{4,8}`)
 )
 
-//FilterDateSepMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterDateSepMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterDateSepMatcher(m match.Matcher) bool {
 	return m.ID == dateSepMatcherName
 }
 
-//FilterDateWithoutSepMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterDateWithoutSepMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterDateWithoutSepMatcher(m match.Matcher) bool {
 	return m.ID == dateWithOutSepMatcherName
 }
@@ -64,8 +64,8 @@ func dateSepMatcher(password string) []match.Match {
 
 	return matches
 }
-func dateSepMatchHelper(password string) []match.DateMatch {
 
+func dateSepMatchHelper(password string) []match.DateMatch {
 	var matches []match.DateMatch
 
 	for _, v := range dateRxYearSuffix.FindAllString(password, len(password)) {
@@ -101,7 +101,6 @@ func dateSepMatchHelper(password string) []match.DateMatch {
 		}
 	}
 	return out
-
 }
 
 type dateMatchCandidate struct {
@@ -136,7 +135,7 @@ func dateWithoutSepMatch(password string) []match.Match {
 	return matches
 }
 
-//TODO Has issues with 6 digit dates
+// TODO Has issues with 6 digit dates
 func dateWithoutSepMatchHelper(password string) (matches []match.DateMatch) {
 	for _, v := range dateWithOutSepMatch.FindAllString(password, len(password)) {
 		i := strings.Index(password, v)
@@ -146,17 +145,17 @@ func dateWithoutSepMatchHelper(password string) (matches []match.DateMatch) {
 		var candidatesRoundOne []dateMatchCandidate
 
 		if length <= 6 {
-			//2-digit year prefix
+			// 2-digit year prefix
 			candidatesRoundOne = append(candidatesRoundOne, buildDateMatchCandidate(v[2:], v[0:2], i, j))
 
-			//2-digityear suffix
+			// 2-digityear suffix
 			candidatesRoundOne = append(candidatesRoundOne, buildDateMatchCandidate(v[0:lastIndex-2], v[lastIndex-2:], i, j))
 		}
 		if length >= 6 {
-			//4-digit year prefix
+			// 4-digit year prefix
 			candidatesRoundOne = append(candidatesRoundOne, buildDateMatchCandidate(v[4:], v[0:4], i, j))
 
-			//4-digit year sufix
+			// 4-digit year sufix
 			candidatesRoundOne = append(candidatesRoundOne, buildDateMatchCandidate(v[0:lastIndex-3], v[lastIndex-3:], i, j))
 		}
 
@@ -179,7 +178,6 @@ func dateWithoutSepMatchHelper(password string) (matches []match.DateMatch) {
 			}
 
 			intMonth, err := strconv.ParseInt(candidate.Month, 10, 16)
-
 			if err != nil {
 				continue
 			}
@@ -204,6 +202,5 @@ func buildDateMatchCandidate(dayMonth, year string, i, j int) dateMatchCandidate
 }
 
 func buildDateMatchCandidateTwo(day, month string, year string, i, j int) dateMatchCandidateTwo {
-
 	return dateMatchCandidateTwo{Day: day, Month: month, Year: year, I: i, J: j}
 }
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/dictionaryMatch.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/dictionaryMatch.go
similarity index 89%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/dictionaryMatch.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/dictionaryMatch.go
index 4ddb2c3b0..d0d450188 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/dictionaryMatch.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/dictionaryMatch.go
@@ -3,8 +3,8 @@ package matching
 import (
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 func buildDictMatcher(dictName string, rankedDict map[string]int) func(password string) []match.Match {
@@ -15,7 +15,6 @@ func buildDictMatcher(dictName string, rankedDict map[string]int) func(password
 		}
 		return matches
 	}
-
 }
 
 func dictionaryMatch(password string, dictionaryName string, rankedDict map[string]int) []match.Match {
@@ -29,7 +28,8 @@ func dictionaryMatch(password string, dictionaryName string, rankedDict map[stri
 		for j := i; j < length; j++ {
 			word := pwLowerRunes[i : j+1]
 			if val, ok := rankedDict[string(word)]; ok {
-				matchDic := match.Match{Pattern: "dictionary",
+				matchDic := match.Match{
+					Pattern:        "dictionary",
 					DictionaryName: dictionaryName,
 					I:              i,
 					J:              j,
@@ -46,7 +46,6 @@ func dictionaryMatch(password string, dictionaryName string, rankedDict map[stri
 }
 
 func buildRankedDict(unrankedList []string) map[string]int {
-
 	result := make(map[string]int)
 
 	for i, v := range unrankedList {
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/leet.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/leet.go
similarity index 95%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/leet.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/leet.go
index 610f1973f..1f303aa6e 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/leet.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/leet.go
@@ -3,14 +3,14 @@ package matching
 import (
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 // L33TMatcherName id
 const L33TMatcherName = "l33t"
 
-//FilterL33tMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterL33tMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterL33tMatcher(m match.Matcher) bool {
 	return m.ID == L33TMatcherName
 }
@@ -105,7 +105,7 @@ func createListOfMapsWithoutConflicts(table map[string][]string) []map[string][]
 	return result
 }
 
-// This function retrieves the list of values that appear for one or more keys. This is usefull to
+// This function retrieves the list of values that appear for one or more keys. This is useful to
 // know which l33t chars can represent more than one letter.
 func retrieveConflictsListFromTable(table map[string][]string) []string {
 	result := []string{}
@@ -128,7 +128,7 @@ func retrieveConflictsListFromTable(table map[string][]string) []string {
 }
 
 // This function aims to create different maps for a given char if this char represents a conflict.
-// If the specified char is not a conflit one, the same map will be returned. In scenarios which
+// If the specified char is not a conflict one, the same map will be returned. In scenarios which
 // the provided char can not be found on map, an empty list will be returned. This function was
 // designed to be used on conflicts situations.
 func createDifferentMapsForLeetChar(table map[string][]string, leetChar string) []map[string][]string {
@@ -158,7 +158,7 @@ func retrieveListOfKeysWithSpecificValueFromTable(table map[string][]string, val
 	return result
 }
 
-// This function returns a lsit of substitution map from a given table. Each map in the result will
+// This function returns a list of substitution map from a given table. Each map in the result will
 // provide only one representation for each value. As an example, if the provided map contains the
 // values "@" and "4" in the possibilities to represent "a", two maps will be created where one
 // will contain "a" mapping to "@" and the other one will provide "a" mapping to "4".
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/matching.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/matching.go
similarity index 87%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/matching.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/matching.go
index 4577db8a4..c6948067b 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/matching.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/matching.go
@@ -3,9 +3,9 @@ package matching
 import (
 	"sort"
 
-	"github.com/nbutton23/zxcvbn-go/adjacency"
-	"github.com/nbutton23/zxcvbn-go/frequency"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/adjacency"
+	"github.com/ccojocar/zxcvbn-go/frequency"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 var (
@@ -23,8 +23,7 @@ func init() {
 
 // Omnimatch runs all matchers against the password
 func Omnimatch(password string, userInputs []string, filters ...func(match.Matcher) bool) (matches []match.Match) {
-
-	//Can I run into the issue where nil is not equal to nil?
+	// Can I run into the issue where nil is not equal to nil?
 	if dictionaryMatchers == nil || adjacencyGraphs == nil {
 		loadFrequencyList()
 	}
@@ -51,7 +50,6 @@ func Omnimatch(password string, userInputs []string, filters ...func(match.Match
 }
 
 func loadFrequencyList() {
-
 	for n, list := range frequency.Lists {
 		dictionaryMatchers = append(dictionaryMatchers, match.Matcher{MatchingFunc: buildDictMatcher(n, buildRankedDict(list.List)), ID: n})
 	}
@@ -63,8 +61,8 @@ func loadFrequencyList() {
 	adjacencyGraphs = append(adjacencyGraphs, adjacency.GraphMap["keypad"])
 	adjacencyGraphs = append(adjacencyGraphs, adjacency.GraphMap["macKeypad"])
 
-	//l33tFilePath, _ := filepath.Abs("adjacency/L33t.json")
-	//L33T_TABLE = adjacency.GetAdjancencyGraphFromFile(l33tFilePath, "l33t")
+	// l33tFilePath, _ := filepath.Abs("adjacency/L33t.json")
+	// L33T_TABLE = adjacency.GetAdjancencyGraphFromFile(l33tFilePath, "l33t")
 
 	sequences = make(map[string]string)
 	sequences["lower"] = "abcdefghijklmnopqrstuvwxyz"
@@ -78,5 +76,4 @@ func loadFrequencyList() {
 	matchers = append(matchers, match.Matcher{MatchingFunc: l33tMatch, ID: L33TMatcherName})
 	matchers = append(matchers, match.Matcher{MatchingFunc: dateSepMatcher, ID: dateSepMatcherName})
 	matchers = append(matchers, match.Matcher{MatchingFunc: dateWithoutSepMatch, ID: dateWithOutSepMatcherName})
-
 }
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/repeatMatch.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/repeatMatch.go
similarity index 74%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/repeatMatch.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/repeatMatch.go
index a93e45935..d52ba4254 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/repeatMatch.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/repeatMatch.go
@@ -3,13 +3,13 @@ package matching
 import (
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 const repeatMatcherName = "REPEAT"
 
-//FilterRepeatMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterRepeatMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterRepeatMatcher(m match.Matcher) bool {
 	return m.ID == repeatMatcherName
 }
@@ -17,7 +17,7 @@ func FilterRepeatMatcher(m match.Matcher) bool {
 func repeatMatch(password string) []match.Match {
 	var matches []match.Match
 
-	//Loop through password. if current == prev currentStreak++ else if currentStreak > 2 {buildMatch; currentStreak = 1} prev = current
+	// Loop through password. if current == prev currentStreak++ else if currentStreak > 2 {buildMatch; currentStreak = 1} prev = current
 	var current, prev string
 	currentStreak := 1
 	var i int
@@ -29,9 +29,8 @@ func repeatMatch(password string) []match.Match {
 			continue
 		}
 
-		if strings.ToLower(current) == strings.ToLower(prev) {
+		if strings.EqualFold(current, prev) {
 			currentStreak++
-
 		} else if currentStreak > 2 {
 			iPos := i - currentStreak
 			jPos := i - 1
@@ -40,7 +39,8 @@ func repeatMatch(password string) []match.Match {
 				I:              iPos,
 				J:              jPos,
 				Token:          password[iPos : jPos+1],
-				DictionaryName: prev}
+				DictionaryName: prev,
+			}
 			matchRepeat.Entropy = entropy.RepeatEntropy(matchRepeat)
 			matches = append(matches, matchRepeat)
 			currentStreak = 1
@@ -59,7 +59,8 @@ func repeatMatch(password string) []match.Match {
 			I:              iPos,
 			J:              jPos,
 			Token:          password[iPos : jPos+1],
-			DictionaryName: prev}
+			DictionaryName: prev,
+		}
 		matchRepeat.Entropy = entropy.RepeatEntropy(matchRepeat)
 		matches = append(matches, matchRepeat)
 	}
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/sequenceMatch.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/sequenceMatch.go
similarity index 88%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/sequenceMatch.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/sequenceMatch.go
index e0ed05229..697194583 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/sequenceMatch.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/sequenceMatch.go
@@ -3,13 +3,13 @@ package matching
 import (
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 const sequenceMatcherName = "SEQ"
 
-//FilterSequenceMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterSequenceMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterSequenceMatcher(m match.Matcher) bool {
 	return m.ID == sequenceMatcherName
 }
@@ -64,10 +64,8 @@ func sequenceMatch(password string) []match.Match {
 						matches = append(matches, matchSequence)
 					}
 					break
-				} else {
-					j++
 				}
-
+				j++
 			}
 		}
 		i = j
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/matching/spatialMatch.go b/vendor/github.com/ccojocar/zxcvbn-go/matching/spatialMatch.go
similarity index 59%
rename from vendor/github.com/nbutton23/zxcvbn-go/matching/spatialMatch.go
rename to vendor/github.com/ccojocar/zxcvbn-go/matching/spatialMatch.go
index fd858f5d1..101ccea5e 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/matching/spatialMatch.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/matching/spatialMatch.go
@@ -3,14 +3,14 @@ package matching
 import (
 	"strings"
 
-	"github.com/nbutton23/zxcvbn-go/adjacency"
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/adjacency"
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
 )
 
 const spatialMatcherName = "SPATIAL"
 
-//FilterSpatialMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
+// FilterSpatialMatcher can be pass to zxcvbn-go.PasswordStrength to skip that matcher
 func FilterSpatialMatcher(m match.Matcher) bool {
 	return m.ID == spatialMatcherName
 }
@@ -25,39 +25,38 @@ func spatialMatch(password string) (matches []match.Match) {
 }
 
 func spatialMatchHelper(password string, graph adjacency.Graph) (matches []match.Match) {
-
 	for i := 0; i < len(password)-1; {
 		j := i + 1
-		lastDirection := -99 //an int that it should never be!
+		lastDirection := -99 // an int that it should never be!
 		turns := 0
 		shiftedCount := 0
 
 		for {
 			prevChar := password[j-1]
 			found := false
-			foundDirection := -1
+			var foundDirection int
 			curDirection := -1
-			//My graphs seem to be wrong. . . and where the hell is qwerty
+			// My graphs seem to be wrong. . . and where the hell is qwerty
 			adjacents := graph.Graph[string(prevChar)]
-			//Consider growing pattern by one character if j hasn't gone over the edge
+			// Consider growing pattern by one character if j hasn't gone over the edge
 			if j < len(password) {
 				curChar := password[j]
 				for _, adj := range adjacents {
 					curDirection++
 
-					if strings.Index(adj, string(curChar)) != -1 {
+					if strings.Contains(adj, string(curChar)) {
 						found = true
 						foundDirection = curDirection
 
 						if strings.Index(adj, string(curChar)) == 1 {
-							//index 1 in the adjacency means the key is shifted, 0 means unshifted: A vs a, % vs 5, etc.
-							//for example, 'q' is adjacent to the entry '2@'. @ is shifted w/ index 1, 2 is unshifted.
+							// index 1 in the adjacency means the key is shifted, 0 means unshifted: A vs a, % vs 5, etc.
+							// for example, 'q' is adjacent to the entry '2@'. @ is shifted w/ index 1, 2 is unshifted.
 							shiftedCount++
 						}
 
 						if lastDirection != foundDirection {
-							//adding a turn is correct even in the initial case when last_direction is null:
-							//every spatial pattern starts with a turn.
+							// adding a turn is correct even in the initial case when last_direction is null:
+							// every spatial pattern starts with a turn.
 							turns++
 							lastDirection = foundDirection
 						}
@@ -66,12 +65,12 @@ func spatialMatchHelper(password string, graph adjacency.Graph) (matches []match
 				}
 			}
 
-			//if the current pattern continued, extend j and try to grow again
+			// if the current pattern continued, extend j and try to grow again
 			if found {
 				j++
 			} else {
-				//otherwise push the pattern discovered so far, if any...
-				//don't consider length 1 or 2 chains.
+				// otherwise push the pattern discovered so far, if any...
+				// don't consider length 1 or 2 chains.
 				if j-i > 2 {
 					matchSpc := match.Match{Pattern: "spatial", I: i, J: j - 1, Token: password[i:j], DictionaryName: graph.Name}
 					matchSpc.Entropy = entropy.SpatialEntropy(matchSpc, turns, shiftedCount)
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/scoring/scoring.go b/vendor/github.com/ccojocar/zxcvbn-go/scoring/scoring.go
similarity index 84%
rename from vendor/github.com/nbutton23/zxcvbn-go/scoring/scoring.go
rename to vendor/github.com/ccojocar/zxcvbn-go/scoring/scoring.go
index 4f68a6dca..dbe331884 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/scoring/scoring.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/scoring/scoring.go
@@ -2,11 +2,12 @@ package scoring
 
 import (
 	"fmt"
-	"github.com/nbutton23/zxcvbn-go/entropy"
-	"github.com/nbutton23/zxcvbn-go/match"
-	"github.com/nbutton23/zxcvbn-go/utils/math"
 	"math"
 	"sort"
+
+	"github.com/ccojocar/zxcvbn-go/entropy"
+	"github.com/ccojocar/zxcvbn-go/match"
+	zxcvbnmath "github.com/ccojocar/zxcvbn-go/utils/math"
 )
 
 const (
@@ -15,7 +16,7 @@ const (
 	//adjust for your site accordingly if you use another hash function, possibly by
 	//several orders of magnitude!
 	singleGuess     float64 = 0.010
-	numAttackers    float64 = 100 //Cores used to make guesses
+	numAttackers    float64 = 100 // Cores used to make guesses
 	secondsPerGuess float64 = singleGuess / numAttackers
 )
 
@@ -33,11 +34,11 @@ type MinEntropyMatch struct {
 /*
 MinimumEntropyMatchSequence returns the minimum entropy
 
-    Takes a list of overlapping matches, returns the non-overlapping sublist with
-    minimum entropy. O(nm) dp alg for length-n password with m candidate matches.
+	Takes a list of overlapping matches, returns the non-overlapping sublist with
+	minimum entropy. O(nm) dp alg for length-n password with m candidate matches.
 */
 func MinimumEntropyMatchSequence(password string, matches []match.Match) MinEntropyMatch {
-	bruteforceCardinality := float64(entropy.CalcBruteForceCardinality(password))
+	bruteforceCardinality := entropy.CalcBruteForceCardinality(password)
 	upToK := make([]float64, len(password))
 	backPointers := make([]match.Match, len(password))
 
@@ -50,7 +51,7 @@ func MinimumEntropyMatchSequence(password string, matches []match.Match) MinEntr
 			}
 
 			i, j := match.I, match.J
-			//see if best entropy up to i-1 + entropy of match is less that current min at j
+			// see if best entropy up to i-1 + entropy of match is less that current min at j
 			upTo := get(upToK, i-1)
 			candidateEntropy := upTo + match.Entropy
 
@@ -62,7 +63,7 @@ func MinimumEntropyMatchSequence(password string, matches []match.Match) MinEntr
 		}
 	}
 
-	//walk backwards and decode the best sequence
+	// walk backwards and decode the best sequence
 	var matchSequence []match.Match
 	passwordLen := len(password)
 	passwordLen--
@@ -80,12 +81,13 @@ func MinimumEntropyMatchSequence(password string, matches []match.Match) MinEntr
 	sort.Sort(match.Matches(matchSequence))
 
 	makeBruteForceMatch := func(i, j int) match.Match {
-		return match.Match{Pattern: "bruteforce",
+		return match.Match{
+			Pattern: "bruteforce",
 			I:       i,
 			J:       j,
 			Token:   password[i : j+1],
-			Entropy: math.Log2(math.Pow(bruteforceCardinality, float64(j-i)))}
-
+			Entropy: math.Log2(math.Pow(bruteforceCardinality, float64(j-i))),
+		}
 	}
 
 	k := 0
@@ -110,14 +112,16 @@ func MinimumEntropyMatchSequence(password string, matches []match.Match) MinEntr
 	}
 
 	crackTime := roundToXDigits(entropyToCrackTime(minEntropy), 3)
-	return MinEntropyMatch{Password: password,
+	return MinEntropyMatch{
+		Password:         password,
 		Entropy:          roundToXDigits(minEntropy, 3),
 		MatchSequence:    matchSequenceCopy,
 		CrackTime:        crackTime,
 		CrackTimeDisplay: displayTime(crackTime),
-		Score:            crackTimeToScore(crackTime)}
-
+		Score:            crackTimeToScore(crackTime),
+	}
 }
+
 func get(a []float64, i int) float64 {
 	if i < 0 || i >= len(a) {
 		return float64(0)
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/utils/math/mathutils.go b/vendor/github.com/ccojocar/zxcvbn-go/utils/math/mathutils.go
similarity index 100%
rename from vendor/github.com/nbutton23/zxcvbn-go/utils/math/mathutils.go
rename to vendor/github.com/ccojocar/zxcvbn-go/utils/math/mathutils.go
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/zxcvbn.go b/vendor/github.com/ccojocar/zxcvbn-go/zxcvbn.go
similarity index 76%
rename from vendor/github.com/nbutton23/zxcvbn-go/zxcvbn.go
rename to vendor/github.com/ccojocar/zxcvbn-go/zxcvbn.go
index 9c34b1c8c..f3dc19e4c 100644
--- a/vendor/github.com/nbutton23/zxcvbn-go/zxcvbn.go
+++ b/vendor/github.com/ccojocar/zxcvbn-go/zxcvbn.go
@@ -3,10 +3,10 @@ package zxcvbn
 import (
 	"time"
 
-	"github.com/nbutton23/zxcvbn-go/match"
-	"github.com/nbutton23/zxcvbn-go/matching"
-	"github.com/nbutton23/zxcvbn-go/scoring"
-	"github.com/nbutton23/zxcvbn-go/utils/math"
+	"github.com/ccojocar/zxcvbn-go/match"
+	"github.com/ccojocar/zxcvbn-go/matching"
+	"github.com/ccojocar/zxcvbn-go/scoring"
+	zxcvbnmath "github.com/ccojocar/zxcvbn-go/utils/math"
 )
 
 // PasswordStrength takes a password, userInputs and optional filters and returns a MinEntropyMatch
diff --git a/vendor/github.com/chavacava/garif/enums.go b/vendor/github.com/chavacava/garif/enums.go
new file mode 100644
index 000000000..dea2daf13
--- /dev/null
+++ b/vendor/github.com/chavacava/garif/enums.go
@@ -0,0 +1,41 @@
+package garif
+
+type ResultKind string
+
+// declare JSON values
+const (
+	_pass          ResultKind = "pass"
+	_open          ResultKind = "open"
+	_informational ResultKind = "informational"
+	_notApplicable ResultKind = "notApplicable"
+	_review        ResultKind = "review"
+	_fail          ResultKind = "fail"
+)
+
+// create public visible constants with a namespace as enums
+const (
+	ResultKind_Pass          ResultKind = _pass
+	ResultKind_Open          ResultKind = _open
+	ResultKind_Informational ResultKind = _informational
+	ResultKind_NotApplicable ResultKind = _notApplicable
+	ResultKind_Review        ResultKind = _review
+	ResultKind_Fail          ResultKind = _fail
+)
+
+type ResultLevel string
+
+// declare JSON values
+const (
+	_warning ResultLevel = "warning"
+	_error   ResultLevel = "error"
+	_note    ResultLevel = "note"
+	_none    ResultLevel = "none"
+)
+
+// create public visible constants with a namespace as enums
+const (
+	ResultLevel_Warning ResultLevel = _warning
+	ResultLevel_Error   ResultLevel = _error
+	ResultLevel_Note    ResultLevel = _note
+	ResultLevel_None    ResultLevel = _none
+)
diff --git a/vendor/github.com/chavacava/garif/models.go b/vendor/github.com/chavacava/garif/models.go
index 3668436a3..f16a86136 100644
--- a/vendor/github.com/chavacava/garif/models.go
+++ b/vendor/github.com/chavacava/garif/models.go
@@ -935,10 +935,10 @@ type Result struct {
 	HostedViewerUri string `json:"hostedViewerUri,omitempty"`
 
 	// A value that categorizes results by evaluation state.
-	Kind interface{} `json:"kind,omitempty"`
+	Kind ResultKind `json:"kind,omitempty"`
 
 	// A value specifying the severity level of the result.
-	Level interface{} `json:"level,omitempty"`
+	Level ResultLevel `json:"level,omitempty"`
 
 	// The set of locations where the result was detected. Specify only one location unless the problem indicated by the result can only be corrected by making a change at every specified location.
 	Locations []*Location `json:"locations,omitempty"`
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
index 8cd4e333b..83d7cdadd 100644
--- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
@@ -9,7 +9,7 @@ import (
 	fp "github.com/cloudflare/circl/math/fp448"
 )
 
-// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogeneous to Goldilocks.
+// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogenous to Goldilocks.
 type twistCurve struct{}
 
 // Identity returns the identity point.
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
index ab19d0ad1..1755fd1e6 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
@@ -6,13 +6,21 @@ package sha3
 
 // KeccakF1600 applies the Keccak permutation to a 1600b-wide
 // state represented as a slice of 25 uint64s.
+// If turbo is true, applies the 12-round variant instead of the
+// regular 24-round variant.
 // nolint:funlen
-func KeccakF1600(a *[25]uint64) {
+func KeccakF1600(a *[25]uint64, turbo bool) {
 	// Implementation translated from Keccak-inplace.c
 	// in the keccak reference code.
 	var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
 
-	for i := 0; i < 24; i += 4 {
+	i := 0
+
+	if turbo {
+		i = 12
+	}
+
+	for ; i < 24; i += 4 {
 		// Combines the 5 steps in each round into 2 steps.
 		// Unrolls 4 rounds per loop and spreads some steps across rounds.
 
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
index b35cd006b..a0df5aa6c 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
@@ -51,6 +51,7 @@ type State struct {
 	// Specific to SHA-3 and SHAKE.
 	outputLen int             // the default output size in bytes
 	state     spongeDirection // whether the sponge is absorbing or squeezing
+	turbo     bool            // Whether we're using 12 rounds instead of 24
 }
 
 // BlockSize returns the rate of sponge underlying this hash function.
@@ -86,11 +87,11 @@ func (d *State) permute() {
 		xorIn(d, d.buf())
 		d.bufe = 0
 		d.bufo = 0
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutation before
 		// copying more output.
-		KeccakF1600(&d.a)
+		KeccakF1600(&d.a, d.turbo)
 		d.bufe = d.rate
 		d.bufo = 0
 		copyOut(d, d.buf())
@@ -136,7 +137,7 @@ func (d *State) Write(p []byte) (written int, err error) {
 			// The fast path; absorb a full "rate" bytes of input and apply the permutation.
 			xorIn(d, p[:d.rate])
 			p = p[d.rate:]
-			KeccakF1600(&d.a)
+			KeccakF1600(&d.a, d.turbo)
 		} else {
 			// The slow path; buffer the input until we can fill the sponge, and then xor it in.
 			todo := d.rate - bufl
@@ -193,3 +194,7 @@ func (d *State) Sum(in []byte) []byte {
 	_, _ = dup.Read(hash)
 	return append(in, hash...)
 }
+
+func (d *State) IsAbsorbing() bool {
+	return d.state == spongeAbsorbing
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
index b92c5b7d7..77817f758 100644
--- a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
@@ -57,6 +57,17 @@ func NewShake128() State {
 	return State{rate: rate128, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake128(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate128, dsbyte: D, turbo: true}
+}
+
 // NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
 // Its generic security strength is 256 bits against all attacks if
 // at least 64 bytes of its output are used.
@@ -64,6 +75,17 @@ func NewShake256() State {
 	return State{rate: rate256, dsbyte: dsbyteShake}
 }
 
+// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake256(D byte) State {
+	if D == 0 || D > 0x7f {
+		panic("turboshake: D out of range")
+	}
+	return State{rate: rate256, dsbyte: D, turbo: true}
+}
+
 // ShakeSum128 writes an arbitrary-length digest of data into hash.
 func ShakeSum128(hash, data []byte) {
 	h := NewShake128()
@@ -77,3 +99,21 @@ func ShakeSum256(hash, data []byte) {
 	_, _ = h.Write(data)
 	_, _ = h.Read(hash)
 }
+
+// TurboShakeSum128 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum128(hash, data []byte, D byte) {
+	h := NewTurboShake128(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+// TurboShakeSum256 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum256(hash, data []byte, D byte) {
+	h := NewTurboShake256(D)
+	_, _ = h.Write(data)
+	_, _ = h.Read(hash)
+}
+
+func (d *State) SwitchDS(D byte) {
+	d.dsbyte = D
+}
diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go
new file mode 100644
index 000000000..158fd83a7
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/primes.go
@@ -0,0 +1,34 @@
+package math
+
+import (
+	"crypto/rand"
+	"io"
+	"math/big"
+)
+
+// IsSafePrime reports whether p is (probably) a safe prime.
+// The prime p=2*q+1 is safe prime if both p and q are primes.
+// Note that ProbablyPrime is not suitable for judging primes
+// that an adversary may have crafted to fool the test.
+func IsSafePrime(p *big.Int) bool {
+	pdiv2 := new(big.Int).Rsh(p, 1)
+	return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20)
+}
+
+// SafePrime returns a number of the given bit length that is a safe prime with high probability.
+// The number returned p=2*q+1 is a safe prime if both p and q are primes.
+// SafePrime will return error for any error returned by rand.Read or if bits < 2.
+func SafePrime(random io.Reader, bits int) (*big.Int, error) {
+	one := big.NewInt(1)
+	p := new(big.Int)
+	for {
+		q, err := rand.Prime(random, bits-1)
+		if err != nil {
+			return nil, err
+		}
+		p.Lsh(q, 1).Add(p, one)
+		if p.ProbablyPrime(20) {
+			return p, nil
+		}
+	}
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
index 08ca65d79..2c73c26fb 100644
--- a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
@@ -1,7 +1,7 @@
 // Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
 //
 // This package provides optimized implementations of the three signature
-// variants and maintaining closer compatiblilty with crypto/ed25519.
+// variants and maintaining closer compatibility with crypto/ed25519.
 //
 //	| Scheme Name | Sign Function     | Verification  | Context           |
 //	|-------------|-------------------|---------------|-------------------|
diff --git a/vendor/github.com/daixiang0/gci/pkg/config/config.go b/vendor/github.com/daixiang0/gci/pkg/config/config.go
index b32148b18..98513c056 100644
--- a/vendor/github.com/daixiang0/gci/pkg/config/config.go
+++ b/vendor/github.com/daixiang0/gci/pkg/config/config.go
@@ -1,7 +1,6 @@
 package config
 
 import (
-	"io/ioutil"
 	"sort"
 	"strings"
 
@@ -23,6 +22,7 @@ type BoolConfig struct {
 	NoPrefixComments bool `yaml:"no-prefixComments"`
 	Debug            bool `yaml:"-"`
 	SkipGenerated    bool `yaml:"skipGenerated"`
+	SkipVendor       bool `yaml:"skipVendor"`
 	CustomOrder      bool `yaml:"customOrder"`
 }
 
@@ -72,19 +72,18 @@ func (g YamlConfig) Parse() (*Config, error) {
 	return &Config{g.Cfg, sections, sectionSeparators}, nil
 }
 
-func InitializeGciConfigFromYAML(filePath string) (*Config, error) {
+func ParseConfig(in string) (*Config, error) {
 	config := YamlConfig{}
-	yamlData, err := ioutil.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-	err = yaml.Unmarshal(yamlData, &config)
+
+	err := yaml.Unmarshal([]byte(in), &config)
 	if err != nil {
 		return nil, err
 	}
+
 	gciCfg, err := config.Parse()
 	if err != nil {
 		return nil, err
 	}
+
 	return gciCfg, nil
 }
diff --git a/vendor/github.com/daixiang0/gci/pkg/gci/gci.go b/vendor/github.com/daixiang0/gci/pkg/gci/gci.go
index 0fd7a0ec6..163e95a86 100644
--- a/vendor/github.com/daixiang0/gci/pkg/gci/gci.go
+++ b/vendor/github.com/daixiang0/gci/pkg/gci/gci.go
@@ -49,6 +49,16 @@ func WriteFormattedFiles(paths []string, cfg config.Config) error {
 	})
 }
 
+func ListUnFormattedFiles(paths []string, cfg config.Config) error {
+	return processGoFilesInPaths(paths, cfg, func(filePath string, unmodifiedFile, formattedFile []byte) error {
+		if bytes.Equal(unmodifiedFile, formattedFile) {
+			return nil
+		}
+		fmt.Println(filePath)
+		return nil
+	})
+}
+
 func DiffFormattedFiles(paths []string, cfg config.Config) error {
 	return processStdInAndGoFilesInPaths(paths, cfg, func(filePath string, unmodifiedFile, formattedFile []byte) error {
 		fileURI := span.URIFromPath(filePath)
@@ -76,11 +86,11 @@ func DiffFormattedFilesToArray(paths []string, cfg config.Config, diffs *[]strin
 type fileFormattingFunc func(filePath string, unmodifiedFile, formattedFile []byte) error
 
 func processStdInAndGoFilesInPaths(paths []string, cfg config.Config, fileFunc fileFormattingFunc) error {
-	return ProcessFiles(io.StdInGenerator.Combine(io.GoFilesInPathsGenerator(paths)), cfg, fileFunc)
+	return ProcessFiles(io.StdInGenerator.Combine(io.GoFilesInPathsGenerator(paths, cfg.SkipVendor)), cfg, fileFunc)
 }
 
 func processGoFilesInPaths(paths []string, cfg config.Config, fileFunc fileFormattingFunc) error {
-	return ProcessFiles(io.GoFilesInPathsGenerator(paths), cfg, fileFunc)
+	return ProcessFiles(io.GoFilesInPathsGenerator(paths, cfg.SkipVendor), cfg, fileFunc)
 }
 
 func ProcessFiles(fileGenerator io.FileGeneratorFunc, cfg config.Config, fileFunc fileFormattingFunc) error {
@@ -117,11 +127,17 @@ func LoadFormatGoFile(file io.FileObj, cfg config.Config) (src, dist []byte, err
 		return nil, nil, err
 	}
 
+	return LoadFormat(src, file.Path(), cfg)
+}
+
+func LoadFormat(in []byte, path string, cfg config.Config) (src, dist []byte, err error) {
+	src = in
+
 	if cfg.SkipGenerated && parse.IsGeneratedFileByComment(string(src)) {
 		return src, src, nil
 	}
 
-	imports, headEnd, tailStart, cStart, cEnd, err := parse.ParseFile(src, file.Path())
+	imports, headEnd, tailStart, cStart, cEnd, err := parse.ParseFile(src, path)
 	if err != nil {
 		if errors.Is(err, parse.NoImportError{}) {
 			return src, src, nil
@@ -191,6 +207,10 @@ func LoadFormatGoFile(file io.FileObj, cfg config.Config) (src, dist []byte, err
 	for _, s := range slices {
 		i += copy(dist[i:], s)
 	}
+
+	// remove ^M(\r\n) from Win to Unix
+	dist = bytes.ReplaceAll(dist, []byte{utils.WinLinebreak}, []byte{utils.Linebreak})
+
 	log.L().Debug(fmt.Sprintf("raw:\n%s", dist))
 	dist, err = goFormat.Source(dist)
 	if err != nil {
diff --git a/vendor/github.com/daixiang0/gci/pkg/gci/testdata.go b/vendor/github.com/daixiang0/gci/pkg/gci/testdata.go
new file mode 100644
index 000000000..a48ce356c
--- /dev/null
+++ b/vendor/github.com/daixiang0/gci/pkg/gci/testdata.go
@@ -0,0 +1,1245 @@
+package gci
+
+type Cases struct {
+	name, config, in, out string
+}
+
+var commonConfig = `sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`
+
+var testCases = []Cases{
+	{
+		"already-good",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"blank-format",
+
+		commonConfig,
+
+		`package main
+import (
+	"fmt"
+
+  // comment
+	g  "github.com/golang"    // comment
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	// comment
+	g "github.com/golang" // comment
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"cgo-block",
+
+		commonConfig,
+
+		`package main
+
+import (
+	/*
+	#include "types.h"
+	*/
+	"C"
+)
+`,
+		`package main
+
+import (
+	/*
+	#include "types.h"
+	*/
+	"C"
+)
+`,
+	},
+	{
+		"cgo-block-after-import",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+
+	"github.com/daixiang0/gci"
+	g "github.com/golang"
+)
+
+// #cgo CFLAGS: -DPNG_DEBUG=1
+// #cgo amd64 386 CFLAGS: -DX86=1
+// #cgo LDFLAGS: -lpng
+// #include <png.h>
+import "C"
+`,
+		`package main
+
+// #cgo CFLAGS: -DPNG_DEBUG=1
+// #cgo amd64 386 CFLAGS: -DX86=1
+// #cgo LDFLAGS: -lpng
+// #include <png.h>
+import "C"
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"cgo-block-before-import",
+
+		commonConfig,
+
+		`package main
+
+// #cgo CFLAGS: -DPNG_DEBUG=1
+// #cgo amd64 386 CFLAGS: -DX86=1
+// #cgo LDFLAGS: -lpng
+// #include <png.h>
+import "C"
+
+import (
+	"fmt"
+
+	"github.com/daixiang0/gci"
+
+	g "github.com/golang"
+)
+`,
+		`package main
+
+// #cgo CFLAGS: -DPNG_DEBUG=1
+// #cgo amd64 386 CFLAGS: -DX86=1
+// #cgo LDFLAGS: -lpng
+// #include <png.h>
+import "C"
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"cgo-block-mixed",
+
+		commonConfig,
+
+		`package main
+
+import (
+	/* #include "types.h"
+	*/"C"
+)
+`,
+		`package main
+
+import (
+	/* #include "types.h"
+	*/"C"
+)
+`,
+	},
+	{
+		"cgo-block-mixed-with-content",
+
+		commonConfig,
+
+		`package main
+
+import (
+	/* #include "types.h"
+	#include "other.h" */"C"
+)
+`,
+		`package main
+
+import (
+	/* #include "types.h"
+	#include "other.h" */"C"
+)
+`,
+	},
+	{
+		"cgo-block-prefix",
+
+		commonConfig,
+
+		`package main
+
+import (
+	/* #include "types.h" */ "C"
+)
+`,
+		`package main
+
+import (
+	/* #include "types.h" */ "C"
+)
+`,
+	},
+	{
+		"cgo-block-single-line",
+
+		commonConfig,
+
+		`package main
+
+import (
+	/* #include "types.h" */
+	"C"
+)
+`,
+		`package main
+
+import (
+	/* #include "types.h" */
+	"C"
+)
+`,
+	},
+	{
+		"cgo-line",
+
+		commonConfig,
+
+		`package main
+
+import (
+	// #include "types.h"
+	"C"
+)
+`,
+		`package main
+
+import (
+	// #include "types.h"
+	"C"
+)
+`,
+	},
+	{
+		"cgo-multiline",
+
+		commonConfig,
+
+		`package main
+
+import (
+	// #include "types.h"
+	// #include "other.h"
+	"C"
+)
+`,
+		`package main
+
+import (
+	// #include "types.h"
+	// #include "other.h"
+	"C"
+)
+`,
+	},
+	{
+		"cgo-single",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+
+	"github.com/daixiang0/gci"
+)
+
+import "C"
+
+import "github.com/golang"
+
+import (
+  "github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import "C"
+
+import (
+	"fmt"
+
+	"github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"comment",
+
+		commonConfig,
+
+		`package main
+import (
+	//Do not forget to run Gci
+	"fmt"
+)
+`,
+		`package main
+import (
+	//Do not forget to run Gci
+	"fmt"
+)
+`,
+	},
+	{
+		"comment-before-import",
+
+		commonConfig,
+
+		`package main
+
+// comment
+import (
+	"fmt"
+	"os"
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+// comment
+import (
+	"fmt"
+	"os"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"comment-in-the-tail",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+
+type test int
+
+// test
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+
+type test int
+
+// test
+`,
+	},
+	{
+		"comment-top",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"os" // https://pkg.go.dev/os
+	// https://pkg.go.dev/fmt
+	"fmt"
+)
+`,
+		`package main
+
+import (
+	// https://pkg.go.dev/fmt
+	"fmt"
+	"os" // https://pkg.go.dev/os
+)
+`,
+	},
+	{
+		"comment-whithout-whitespace",
+
+		commonConfig,
+
+		`package proc
+
+import (
+	"context"// no separating whitespace here //nolint:confusion
+)
+`,
+		`package proc
+
+import (
+	"context"// no separating whitespace here //nolint:confusion
+)
+`,
+	},
+	{
+		"comment-with-slashslash",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt" // https://pkg.go.dev/fmt
+)
+`,
+		`package main
+
+import (
+	"fmt" // https://pkg.go.dev/fmt
+)
+`,
+	},
+	{
+		"custom-order",
+
+		`customOrder: true
+sections:
+  - Prefix(github.com/daixiang0)
+  - Default
+  - Standard
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+)
+`,
+		`package main
+
+import (
+	"github.com/daixiang0/a"
+
+	g "github.com/golang"
+
+	"fmt"
+)
+`,
+	},
+	{
+		"default-order",
+
+		`sections:
+  - Standard
+  - Prefix(github.com/daixiang0)
+  - Default
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+)
+`,
+	},
+	{
+		"dot-and-blank",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+  - Blank
+  - Dot
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+	. "github.com/golang/dot"
+	_ "github.com/golang/blank"
+
+	"github.com/daixiang0/a"
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+	. "github.com/daixiang0/gci/dot"
+	_ "github.com/daixiang0/gci/blank"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+
+	_ "github.com/daixiang0/gci/blank"
+	_ "github.com/golang/blank"
+
+	. "github.com/daixiang0/gci/dot"
+	. "github.com/golang/dot"
+)
+`,
+	},
+	{
+		"duplicate-imports",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	a "github.com/daixiang0/gci"
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	a "github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"grouped-multiple-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0,gitlab.com/daixiang0,daixiang0)
+`,
+		`package main
+
+import (
+	"daixiang0/lib1"
+	"fmt"
+	"github.com/daixiang0/gci"
+	"gitlab.com/daixiang0/gci"
+	g "github.com/golang"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"daixiang0/lib1"
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+	"gitlab.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"leading-comment",
+
+		commonConfig,
+
+		`package main
+
+import (
+	// foo
+	"fmt"
+)
+`,
+		`package main
+
+import (
+	// foo
+	"fmt"
+)
+`,
+	},
+	{
+		"linebreak",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`,
+		`package main
+
+import (
+	g "github.com/golang"
+
+	"fmt"
+
+	"github.com/daixiang0/gci"
+
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"linebreak-no-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`,
+		`package main
+
+import (
+	g "github.com/golang"
+
+	"fmt"
+
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+)
+`,
+	},
+	{
+		"mismatch-section",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+  - Prefix(github.com/daixiang0/gci)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"multiple-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+  - Prefix(github.com/daixiang0/gci)
+  - Prefix(github.com/daixiang0/gci/subtest)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/a"
+
+	"github.com/daixiang0/gci"
+
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+	},
+	{
+		"multiple-imports",
+
+		commonConfig,
+
+		`package main
+
+import "fmt"
+
+import "context"
+
+import (
+	"os"
+
+	"github.com/daixiang0/test"
+)
+
+import "math"
+
+
+// main
+func main() {
+}
+`,
+		`package main
+
+import (
+	"context"
+	"fmt"
+	"math"
+	"os"
+
+	"github.com/daixiang0/test"
+)
+
+// main
+func main() {
+}
+`,
+	},
+	{
+		"multiple-line-comment",
+
+		commonConfig,
+
+		`package proc
+
+import (
+	"context" // in-line comment
+	"fmt"
+	"os"
+
+	//nolint:depguard // A multi-line comment explaining why in
+	// this one case it's OK to use os/exec even though depguard
+	// is configured to force us to use dlib/exec instead.
+	"os/exec"
+
+	"golang.org/x/sys/unix"
+	"github.com/local/dlib/dexec"
+)
+`,
+		`package proc
+
+import (
+	"context" // in-line comment
+	"fmt"
+	"os"
+	//nolint:depguard // A multi-line comment explaining why in
+	// this one case it's OK to use os/exec even though depguard
+	// is configured to force us to use dlib/exec instead.
+	"os/exec"
+
+	"github.com/local/dlib/dexec"
+	"golang.org/x/sys/unix"
+)
+`,
+	},
+	{
+		"nochar-after-import",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+)
+`,
+	},
+	{
+		"no-format",
+
+		commonConfig,
+
+		`package main
+
+import(
+"fmt"
+
+g "github.com/golang"
+
+"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"nolint",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+
+	"github.com/forbidden/pkg" //nolint:depguard
+
+	_ "github.com/daixiang0/gci" //nolint:depguard
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	"github.com/forbidden/pkg" //nolint:depguard
+
+	_ "github.com/daixiang0/gci" //nolint:depguard
+)
+`,
+	},
+	{
+		"number-in-alias",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+
+	go_V1 "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	go_V1 "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"one-import",
+
+		commonConfig,
+
+		`package main
+import (
+	"fmt"
+)
+
+func main() {
+}
+`,
+		`package main
+import (
+	"fmt"
+)
+
+func main() {
+}
+`,
+	},
+	{
+		"one-import-one-line",
+
+		commonConfig,
+
+		`package main
+
+import "fmt"
+
+func main() {
+}
+`,
+		`package main
+
+import "fmt"
+
+func main() {
+}
+`,
+	},
+	{
+		"one-line-import-after-import",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0)
+`,
+		`package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/daixiang0/test"
+)
+
+import "context"
+`,
+		`package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/daixiang0/test"
+)
+`,
+	},
+	{
+		"same-prefix-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0/gci)
+  - Prefix(github.com/daixiang0/gci/subtest)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+	},
+	{
+		"simple-case",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"golang.org/x/tools"
+
+	"fmt"
+
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	"golang.org/x/tools"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"whitespace-test",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+	"github.com/golang" // golang
+	alias "github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	"github.com/golang" // golang
+
+	alias "github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"with-above-comment-and-alias",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+	// golang
+	_ "github.com/golang"
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	// golang
+	_ "github.com/golang"
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"with-comment-and-alias",
+
+		commonConfig,
+
+		`package main
+
+import (
+	"fmt"
+	_ "github.com/golang" // golang
+	"github.com/daixiang0/gci"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	_ "github.com/golang" // golang
+
+	"github.com/daixiang0/gci"
+)
+`,
+	},
+	{
+		"same-prefix-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0/gci)
+  - Prefix(github.com/daixiang0/gci/subtest)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+	},
+	{
+		"same-prefix-custom",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(github.com/daixiang0/gci)
+  - Prefix(github.com/daixiang0/gci/subtest)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+	},
+	{
+		"blank-in-config",
+
+		`sections:
+  - Standard
+  - Default
+  - Prefix(  github.com/daixiang0/gci,   github.com/daixiang0/gci/subtest  )
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+		`package main
+
+import (
+	"fmt"
+
+	g "github.com/golang"
+
+	"github.com/daixiang0/gci"
+	"github.com/daixiang0/gci/subtest"
+)
+`,
+	},
+}
diff --git a/vendor/github.com/daixiang0/gci/pkg/io/file.go b/vendor/github.com/daixiang0/gci/pkg/io/file.go
index f92d16e14..79950792c 100644
--- a/vendor/github.com/daixiang0/gci/pkg/io/file.go
+++ b/vendor/github.com/daixiang0/gci/pkg/io/file.go
@@ -39,8 +39,13 @@ func (a FileGeneratorFunc) Combine(b FileGeneratorFunc) FileGeneratorFunc {
 	}
 }
 
-func GoFilesInPathsGenerator(paths []string) FileGeneratorFunc {
-	return FilesInPathsGenerator(paths, isGoFile)
+func GoFilesInPathsGenerator(paths []string, skipVendor bool) FileGeneratorFunc {
+	checkFunc := isGoFile
+	if skipVendor {
+		checkFunc = checkChains(isGoFile, isOutsideVendorDir)
+	}
+
+	return FilesInPathsGenerator(paths, checkFunc)
 }
 
 func FilesInPathsGenerator(paths []string, fileCheckFun fileCheckFunction) FileGeneratorFunc {
diff --git a/vendor/github.com/daixiang0/gci/pkg/io/search.go b/vendor/github.com/daixiang0/gci/pkg/io/search.go
index 04f005876..cd821582e 100644
--- a/vendor/github.com/daixiang0/gci/pkg/io/search.go
+++ b/vendor/github.com/daixiang0/gci/pkg/io/search.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 )
 
-type fileCheckFunction func(file os.FileInfo) bool
+type fileCheckFunction func(path string, file os.FileInfo) bool
 
 func FindFilesForPath(path string, fileCheckFun fileCheckFunction) ([]string, error) {
 	switch entry, err := os.Stat(path); {
@@ -14,7 +14,7 @@ func FindFilesForPath(path string, fileCheckFun fileCheckFunction) ([]string, er
 		return nil, err
 	case entry.IsDir():
 		return findFilesForDirectory(path, fileCheckFun)
-	case fileCheckFun(entry):
+	case fileCheckFun(path, entry):
 		return []string{filepath.Clean(path)}, nil
 	default:
 		return []string{}, nil
@@ -31,7 +31,7 @@ func findFilesForDirectory(dirPath string, fileCheckFun fileCheckFunction) ([]st
 		if err != nil {
 			return err
 		}
-		if !entry.IsDir() && fileCheckFun(file) {
+		if !entry.IsDir() && fileCheckFun(path, file) {
 			filePaths = append(filePaths, filepath.Clean(path))
 		}
 		return nil
@@ -42,6 +42,36 @@ func findFilesForDirectory(dirPath string, fileCheckFun fileCheckFunction) ([]st
 	return filePaths, nil
 }
 
-func isGoFile(file os.FileInfo) bool {
+func isGoFile(_ string, file os.FileInfo) bool {
 	return !file.IsDir() && filepath.Ext(file.Name()) == ".go"
 }
+
+func isOutsideVendorDir(path string, _ os.FileInfo) bool {
+	for {
+		base := filepath.Base(path)
+		if base == "vendor" {
+			return false
+		}
+
+		prevPath := path
+		path = filepath.Dir(path)
+
+		if prevPath == path {
+			break
+		}
+	}
+
+	return true
+}
+
+func checkChains(funcs ...fileCheckFunction) fileCheckFunction {
+	return func(path string, file os.FileInfo) bool {
+		for _, checkFunc := range funcs {
+			if !checkFunc(path, file) {
+				return false
+			}
+		}
+
+		return true
+	}
+}
diff --git a/vendor/github.com/daixiang0/gci/pkg/section/prefix.go b/vendor/github.com/daixiang0/gci/pkg/section/prefix.go
index a274347cd..30bdd8f4e 100644
--- a/vendor/github.com/daixiang0/gci/pkg/section/prefix.go
+++ b/vendor/github.com/daixiang0/gci/pkg/section/prefix.go
@@ -20,6 +20,7 @@ const CustomType = "custom"
 
 func (c Custom) MatchSpecificity(spec *parse.GciImports) specificity.MatchSpecificity {
 	for _, prefix := range strings.Split(c.Prefix, CustomSeparator) {
+		prefix = strings.TrimSpace(prefix)
 		if strings.HasPrefix(spec.Path, prefix) {
 			return specificity.Match{Length: len(prefix)}
 		}
diff --git a/vendor/github.com/daixiang0/gci/pkg/section/standard_list.go b/vendor/github.com/daixiang0/gci/pkg/section/standard_list.go
index f0e904d4d..05e799939 100644
--- a/vendor/github.com/daixiang0/gci/pkg/section/standard_list.go
+++ b/vendor/github.com/daixiang0/gci/pkg/section/standard_list.go
@@ -1,12 +1,14 @@
 package section
 
-// Code generated based on go1.20.1. DO NOT EDIT.
+// Code generated based on go1.21.0 X:arenas. DO NOT EDIT.
 
 var standardPackages = map[string]struct{}{
 	"archive/tar":          {},
 	"archive/zip":          {},
+	"arena":                {},
 	"bufio":                {},
 	"bytes":                {},
+	"cmp":                  {},
 	"compress/bzip2":       {},
 	"compress/flate":       {},
 	"compress/gzip":        {},
@@ -96,7 +98,9 @@ var standardPackages = map[string]struct{}{
 	"io/fs":                {},
 	"io/ioutil":            {},
 	"log":                  {},
+	"log/slog":             {},
 	"log/syslog":           {},
+	"maps":                 {},
 	"math":                 {},
 	"math/big":             {},
 	"math/bits":            {},
@@ -139,6 +143,7 @@ var standardPackages = map[string]struct{}{
 	"runtime/pprof":        {},
 	"runtime/race":         {},
 	"runtime/trace":        {},
+	"slices":               {},
 	"sort":                 {},
 	"strconv":              {},
 	"strings":              {},
@@ -149,6 +154,7 @@ var standardPackages = map[string]struct{}{
 	"testing/fstest":       {},
 	"testing/iotest":       {},
 	"testing/quick":        {},
+	"testing/slogtest":     {},
 	"text/scanner":         {},
 	"text/tabwriter":       {},
 	"text/template":        {},
diff --git a/vendor/github.com/daixiang0/gci/pkg/utils/constants.go b/vendor/github.com/daixiang0/gci/pkg/utils/constants.go
index 0e7cce757..2fafbc32c 100644
--- a/vendor/github.com/daixiang0/gci/pkg/utils/constants.go
+++ b/vendor/github.com/daixiang0/gci/pkg/utils/constants.go
@@ -1,8 +1,9 @@
 package utils
 
 const (
-	Indent    = '\t'
-	Linebreak = '\n'
+	Indent       = '\t'
+	Linebreak    = '\n'
+	WinLinebreak = '\r'
 
 	Colon = ":"
 
diff --git a/vendor/github.com/distribution/reference/.gitattributes b/vendor/github.com/distribution/reference/.gitattributes
new file mode 100644
index 000000000..d207b1802
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitattributes
@@ -0,0 +1 @@
+*.go text eol=lf
diff --git a/vendor/github.com/distribution/reference/.gitignore b/vendor/github.com/distribution/reference/.gitignore
new file mode 100644
index 000000000..dc07e6b04
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.gitignore
@@ -0,0 +1,2 @@
+# Cover profiles
+*.out
diff --git a/vendor/github.com/distribution/reference/.golangci.yml b/vendor/github.com/distribution/reference/.golangci.yml
new file mode 100644
index 000000000..793f0bb7e
--- /dev/null
+++ b/vendor/github.com/distribution/reference/.golangci.yml
@@ -0,0 +1,18 @@
+linters:
+  enable:
+    - bodyclose
+    - dupword # Checks for duplicate words in the source code
+    - gofmt
+    - goimports
+    - ineffassign
+    - misspell
+    - revive
+    - staticcheck
+    - unconvert
+    - unused
+    - vet
+  disable:
+    - errcheck
+
+run:
+  deadline: 2m
diff --git a/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
new file mode 100644
index 000000000..48f6704c6
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md
@@ -0,0 +1,5 @@
+# Code of Conduct
+
+We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+Please contact the [CNCF Code of Conduct Committee](mailto:conduct@cncf.io) in order to report violations of the Code of Conduct.
diff --git a/vendor/github.com/distribution/reference/CONTRIBUTING.md b/vendor/github.com/distribution/reference/CONTRIBUTING.md
new file mode 100644
index 000000000..ab2194665
--- /dev/null
+++ b/vendor/github.com/distribution/reference/CONTRIBUTING.md
@@ -0,0 +1,114 @@
+# Contributing to the reference library
+
+## Community help
+
+If you need help, please ask in the [#distribution](https://cloud-native.slack.com/archives/C01GVR8SY4R) channel on CNCF community slack.
+[Click here for an invite to the CNCF community slack](https://slack.cncf.io/)
+
+## Reporting security issues
+
+The maintainers take security seriously. If you discover a security
+issue, please bring it to their attention right away!
+
+Please **DO NOT** file a public issue, instead send your report privately to
+[cncf-distribution-security@lists.cncf.io](mailto:cncf-distribution-security@lists.cncf.io).
+
+## Reporting an issue properly
+
+By following these simple rules you will get better and faster feedback on your issue.
+
+ - search the bugtracker for an already reported issue
+
+### If you found an issue that describes your problem:
+
+ - please read other user comments first, and confirm this is the same issue: a given error condition might be indicative of different problems - you may also find a workaround in the comments
+ - please refrain from adding "same thing here" or "+1" comments
+ - you don't need to comment on an issue to get notified of updates: just hit the "subscribe" button
+ - comment if you have some new, technical and relevant information to add to the case
+ - __DO NOT__ comment on closed issues or merged PRs. If you think you have a related problem, open up a new issue and reference the PR or issue.
+
+### If you have not found an existing issue that describes your problem:
+
+ 1. create a new issue, with a succinct title that describes your issue:
+   - bad title: "It doesn't work with my docker"
+   - good title: "Private registry push fail: 400 error with E_INVALID_DIGEST"
+ 2. copy the output of (or similar for other container tools):
+   - `docker version`
+   - `docker info`
+   - `docker exec <registry-container> registry --version`
+ 3. copy the command line you used to launch your Registry
+ 4. restart your docker daemon in debug mode (add `-D` to the daemon launch arguments)
+ 5. reproduce your problem and get your docker daemon logs showing the error
+ 6. if relevant, copy your registry logs that show the error
+ 7. provide any relevant detail about your specific Registry configuration (e.g., storage backend used)
+ 8. indicate if you are using an enterprise proxy, Nginx, or anything else between you and your Registry
+
+## Contributing Code
+
+Contributions should be made via pull requests. Pull requests will be reviewed
+by one or more maintainers or reviewers and merged when acceptable.
+
+You should follow the basic GitHub workflow:
+
+ 1. Use your own [fork](https://help.github.com/en/articles/about-forks)
+ 2. Create your [change](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+ 3. Test your code
+ 4. [Commit](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages) your work, always [sign your commits](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#commit-messages)
+ 5. Push your change to your fork and create a [Pull Request](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)
+
+Refer to [containerd's contribution guide](https://github.com/containerd/project/blob/master/CONTRIBUTING.md#successful-changes)
+for tips on creating a successful contribution.
+
+## Sign your work
+
+The sign-off is a simple line at the end of the explanation for the patch. Your
+signature certifies that you wrote the patch or otherwise have the right to pass
+it on as an open-source patch. The rules are pretty simple: if you can certify
+the below (from [developercertificate.org](http://developercertificate.org/)):
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+Then you just add a line to every git commit message:
+
+    Signed-off-by: Joe Smith <joe.smith@email.com>
+
+Use your real name (sorry, no pseudonyms or anonymous contributions.)
+
+If you set your `user.name` and `user.email` git configs, you can sign your
+commit automatically with `git commit -s`.
diff --git a/vendor/github.com/distribution/reference/GOVERNANCE.md b/vendor/github.com/distribution/reference/GOVERNANCE.md
new file mode 100644
index 000000000..200045b05
--- /dev/null
+++ b/vendor/github.com/distribution/reference/GOVERNANCE.md
@@ -0,0 +1,144 @@
+# distribution/reference Project Governance
+
+Distribution [Code of Conduct](./CODE-OF-CONDUCT.md) can be found here.
+
+For specific guidance on practical contribution steps please
+see our [CONTRIBUTING.md](./CONTRIBUTING.md) guide.
+
+## Maintainership
+
+There are different types of maintainers, with different responsibilities, but
+all maintainers have 3 things in common:
+
+1) They share responsibility in the project's success.
+2) They have made a long-term, recurring time investment to improve the project.
+3) They spend that time doing whatever needs to be done, not necessarily what
+is the most interesting or fun.
+
+Maintainers are often under-appreciated, because their work is harder to appreciate.
+It's easy to appreciate a really cool and technically advanced feature. It's harder
+to appreciate the absence of bugs, the slow but steady improvement in stability,
+or the reliability of a release process. But those things distinguish a good
+project from a great one.
+
+## Reviewers
+
+A reviewer is a core role within the project.
+They share in reviewing issues and pull requests and their LGTM counts towards the
+required LGTM count to merge a code change into the project.
+
+Reviewers are part of the organization but do not have write access.
+Becoming a reviewer is a core aspect in the journey to becoming a maintainer.
+
+## Adding maintainers
+
+Maintainers are first and foremost contributors that have shown they are
+committed to the long term success of a project. Contributors wanting to become
+maintainers are expected to be deeply involved in contributing code, pull
+request review, and triage of issues in the project for more than three months.
+
+Just contributing does not make you a maintainer, it is about building trust
+with the current maintainers of the project and being a person that they can
+depend on and trust to make decisions in the best interest of the project.
+
+Periodically, the existing maintainers curate a list of contributors that have
+shown regular activity on the project over the prior months. From this list,
+maintainer candidates are selected and proposed in a pull request or a
+maintainers communication channel.
+
+After a candidate has been announced to the maintainers, the existing
+maintainers are given five business days to discuss the candidate, raise
+objections and cast their vote. Votes may take place on the communication
+channel or via pull request comment. Candidates must be approved by at least 66%
+of the current maintainers by adding their vote on the mailing list. The
+reviewer role has the same process but only requires 33% of current maintainers.
+Only maintainers of the repository that the candidate is proposed for are
+allowed to vote.
+
+If a candidate is approved, a maintainer will contact the candidate to invite
+the candidate to open a pull request that adds the contributor to the
+MAINTAINERS file. The voting process may take place inside a pull request if a
+maintainer has already discussed the candidacy with the candidate and a
+maintainer is willing to be a sponsor by opening the pull request. The candidate
+becomes a maintainer once the pull request is merged.
+
+## Stepping down policy
+
+Life priorities, interests, and passions can change. If you're a maintainer but
+feel you must remove yourself from the list, inform other maintainers that you
+intend to step down, and if possible, help find someone to pick up your work.
+At the very least, ensure your work can be continued where you left off.
+
+After you've informed other maintainers, create a pull request to remove
+yourself from the MAINTAINERS file.
+
+## Removal of inactive maintainers
+
+Similar to the procedure for adding new maintainers, existing maintainers can
+be removed from the list if they do not show significant activity on the
+project. Periodically, the maintainers review the list of maintainers and their
+activity over the last three months.
+
+If a maintainer has shown insufficient activity over this period, a neutral
+person will contact the maintainer to ask if they want to continue being
+a maintainer. If the maintainer decides to step down as a maintainer, they
+open a pull request to be removed from the MAINTAINERS file.
+
+If the maintainer wants to remain a maintainer, but is unable to perform the
+required duties they can be removed with a vote of at least 66% of the current
+maintainers. In this case, maintainers should first propose the change to
+maintainers via the maintainers communication channel, then open a pull request
+for voting. The voting period is five business days. The voting pull request
+should not come as a surpise to any maintainer and any discussion related to
+performance must not be discussed on the pull request.
+
+## How are decisions made?
+
+Docker distribution is an open-source project with an open design philosophy.
+This means that the repository is the source of truth for EVERY aspect of the
+project, including its philosophy, design, road map, and APIs. *If it's part of
+the project, it's in the repo. If it's in the repo, it's part of the project.*
+
+As a result, all decisions can be expressed as changes to the repository. An
+implementation change is a change to the source code. An API change is a change
+to the API specification. A philosophy change is a change to the philosophy
+manifesto, and so on.
+
+All decisions affecting distribution, big and small, follow the same 3 steps:
+
+* Step 1: Open a pull request. Anyone can do this.
+
+* Step 2: Discuss the pull request. Anyone can do this.
+
+* Step 3: Merge or refuse the pull request. Who does this depends on the nature
+of the pull request and which areas of the project it affects.
+
+## Helping contributors with the DCO
+
+The [DCO or `Sign your work`](./CONTRIBUTING.md#sign-your-work)
+requirement is not intended as a roadblock or speed bump.
+
+Some contributors are not as familiar with `git`, or have used a web
+based editor, and thus asking them to `git commit --amend -s` is not the best
+way forward.
+
+In this case, maintainers can update the commits based on clause (c) of the DCO.
+The most trivial way for a contributor to allow the maintainer to do this, is to
+add a DCO signature in a pull requests's comment, or a maintainer can simply
+note that the change is sufficiently trivial that it does not substantially
+change the existing contribution - i.e., a spelling change.
+
+When you add someone's DCO, please also add your own to keep a log.
+
+## I'm a maintainer. Should I make pull requests too?
+
+Yes. Nobody should ever push to master directly. All changes should be
+made through a pull request.
+
+## Conflict Resolution
+
+If you have a technical dispute that you feel has reached an impasse with a
+subset of the community, any contributor may open an issue, specifically
+calling for a resolution vote of the current core maintainers to resolve the
+dispute. The same voting quorums required (2/3) for adding and removing
+maintainers will apply to conflict resolution.
diff --git a/vendor/github.com/distribution/reference/LICENSE b/vendor/github.com/distribution/reference/LICENSE
new file mode 100644
index 000000000..e06d20818
--- /dev/null
+++ b/vendor/github.com/distribution/reference/LICENSE
@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
diff --git a/vendor/github.com/distribution/reference/MAINTAINERS b/vendor/github.com/distribution/reference/MAINTAINERS
new file mode 100644
index 000000000..9e0a60c8b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/MAINTAINERS
@@ -0,0 +1,26 @@
+# Distribution project maintainers & reviewers
+#
+# See GOVERNANCE.md for maintainer versus reviewer roles
+#
+# MAINTAINERS (cncf-distribution-maintainers@lists.cncf.io)
+# GitHub ID, Name, Email address
+"chrispat","Chris Patterson","chrispat@github.com"
+"clarkbw","Bryan Clark","clarkbw@github.com"
+"corhere","Cory Snider","csnider@mirantis.com"
+"deleteriousEffect","Hayley Swimelar","hswimelar@gitlab.com"
+"heww","He Weiwei","hweiwei@vmware.com"
+"joaodrp","João Pereira","jpereira@gitlab.com"
+"justincormack","Justin Cormack","justin.cormack@docker.com"
+"squizzi","Kyle Squizzato","ksquizzato@mirantis.com"
+"milosgajdos","Milos Gajdos","milosthegajdos@gmail.com"
+"sargun","Sargun Dhillon","sargun@sargun.me"
+"wy65701436","Wang Yan","wangyan@vmware.com"
+"stevelasker","Steve Lasker","steve.lasker@microsoft.com"
+#
+# REVIEWERS
+# GitHub ID, Name, Email address
+"dmcgowan","Derek McGowan","derek@mcgstyle.net"
+"stevvooe","Stephen Day","stevvooe@gmail.com"
+"thajeztah","Sebastiaan van Stijn","github@gone.nl"
+"DavidSpek", "David van der Spek", "vanderspek.david@gmail.com"
+"Jamstah", "James Hewitt", "james.hewitt@gmail.com"
diff --git a/vendor/github.com/distribution/reference/Makefile b/vendor/github.com/distribution/reference/Makefile
new file mode 100644
index 000000000..c78576b75
--- /dev/null
+++ b/vendor/github.com/distribution/reference/Makefile
@@ -0,0 +1,25 @@
+# Project packages.
+PACKAGES=$(shell go list ./...)
+
+# Flags passed to `go test`
+BUILDFLAGS ?= 
+TESTFLAGS ?= 
+
+.PHONY: all build test coverage
+.DEFAULT: all
+
+all: build
+
+build: ## no binaries to build, so just check compilation suceeds
+	go build ${BUILDFLAGS} ./...
+
+test: ## run tests
+	go test ${TESTFLAGS} ./...
+
+coverage: ## generate coverprofiles from the unit tests
+	rm -f coverage.txt
+	go test ${TESTFLAGS} -cover -coverprofile=cover.out ./...
+
+.PHONY: help
+help:
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m\033[0m\n"} /^[a-zA-Z_\/%-]+:.*?##/ { printf "  \033[36m%-27s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
diff --git a/vendor/github.com/distribution/reference/README.md b/vendor/github.com/distribution/reference/README.md
new file mode 100644
index 000000000..e2531e49c
--- /dev/null
+++ b/vendor/github.com/distribution/reference/README.md
@@ -0,0 +1,30 @@
+# Distribution reference
+
+Go library to handle references to container images.
+
+<img src="/distribution-logo.svg" width="200px" />
+
+[![Build Status](https://github.com/distribution/reference/actions/workflows/test.yml/badge.svg?branch=main&event=push)](https://github.com/distribution/reference/actions?query=workflow%3ACI)
+[![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/distribution/reference)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](LICENSE)
+[![codecov](https://codecov.io/gh/distribution/reference/branch/main/graph/badge.svg)](https://codecov.io/gh/distribution/reference)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Fdistribution%2Freference?ref=badge_shield)
+
+This repository contains a library for handling refrences to container images held in container registries. Please see [godoc](https://pkg.go.dev/github.com/distribution/reference) for details.
+
+## Contribution
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute
+issues, fixes, and patches to this project.
+
+## Communication
+
+For async communication and long running discussions please use issues and pull requests on the github repo.
+This will be the best place to discuss design and implementation.
+
+For sync communication we have a #distribution channel in the [CNCF Slack](https://slack.cncf.io/)
+that everyone is welcome to join and chat about development.
+
+## Licenses
+
+The distribution codebase is released under the [Apache 2.0 license](LICENSE).
diff --git a/vendor/github.com/distribution/reference/SECURITY.md b/vendor/github.com/distribution/reference/SECURITY.md
new file mode 100644
index 000000000..aaf983c0f
--- /dev/null
+++ b/vendor/github.com/distribution/reference/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
+
+Please DO NOT file a public issue, instead send your report privately to cncf-distribution-security@lists.cncf.io.
diff --git a/vendor/github.com/distribution/reference/distribution-logo.svg b/vendor/github.com/distribution/reference/distribution-logo.svg
new file mode 100644
index 000000000..cc9f4073b
--- /dev/null
+++ b/vendor/github.com/distribution/reference/distribution-logo.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 564.27793 654.82002"><defs><style>.cls-1{fill:#416ba9;}.cls-2{fill:#74c3d5;}</style></defs><path class="cls-1" d="M17.48582,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716H36.66877c18.70153,0,28.24476,9.06127,28.24476,33.64387,0,22.26771-7.51889,35.57065-27.95526,35.57065H22.40191c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.33987,49.741c7.61539,0,10.60365-6.94043,10.60365-20.72586,0-15.13429-3.85568-19.376-10.70015-19.376H33.97v40.10182Z"/><path class="cls-1" d="M72.43613,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609H77.35223c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M99.718,613.05875l5.78405-1.06042c4.33764-.77092,4.53063,1.15692,5.78352,3.85674a6.70953,6.70953,0,0,0,6.5555,3.95218c3.56672,0,6.26548-1.83134,6.26548-5.59158,0-12.82046-27.6663-11.08561-27.6663-34.31724,0-10.79718,7.80839-18.1236,20.43637-18.1236,11.08614,0,16.96615,4.8196,20.05091,12.918.96445,2.31277,1.44641,4.7231-2.98826,5.59052l-5.20559,1.06042c-3.95218.77092-4.33764-1.06042-6.073-3.66269a6.39679,6.39679,0,0,0-5.49456-3.08475c-3.18125,0-5.20559,1.83134-5.20559,4.7231,0,12.24252,27.56981,10.60418,27.56981,33.73931,0,12.532-8.77231,19.66545-22.36422,19.66545-11.47159,0-17.93007-4.43467-20.82236-14.07387C95.57286,616.24,95.1874,613.92617,99.718,613.05875Z"/><path class="cls-1" d="M154.86187,576.62068h-8.09735c-3.66321,0-4.91662-2.21734-4.91662-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91662-4.91716H179.058c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716h-8.09788v50.32c0,3.66268-2.21681,4.91609-4.9161,4.91609h-6.266c-2.69876,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M189.76022,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h16.2912c15.13481,0,23.03969,5.68808,23.03969,20.05144,0,8.38684-3.27775,13.68787-8.29034,16.77369l9.35076,27.76173c1.34938,4.04974-.96445,4.62766-3.37425,4.62766h-8.67581c-2.89176,0-4.53063-1.92783-5.30208-4.7231L211.546,605.92532h-5.68755v21.01536c0,3.66268-2.2168,4.91609-4.91609,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Zm20.14688,25.35246c4.14517,0,7.61592-1.6394,7.61592-8.57984,0-7.61486-3.37425-8.19384-7.22993-8.19384h-4.43467v16.77368Z"/><path class="cls-1" d="M241.91422,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h6.36251c2.69876,0,4.9161,1.25341,4.9161,4.91716v59.38127c0,3.66268-2.21734,4.91609-4.9161,4.91609h-6.36251c-2.69929,0-4.91609-1.25341-4.91609-4.91609Z"/><path class="cls-1" d="M267.75024,567.55941c0-3.66375,2.2168-4.91716,4.91609-4.91716h14.94182c16.77316,0,24.09958,5.49508,24.09958,18.31659,0,6.94044-3.08475,11.953-8.96477,14.5553v.193c6.74744,2.31384,10.41065,7.13343,10.41065,15.80977,0,16.58069-11.3751,20.33987-25.449,20.33987H272.66633c-2.69929,0-4.91609-1.25341-4.91609-4.91609Zm20.72533,22.5572c4.33817,0,6.84447-2.12083,6.84447-7.32642,0-4.91716-2.79579-6.36251-6.84447-6.36251h-4.9161v13.68893Zm.386,27.95473c5.88,0,7.90436-2.40926,7.90436-7.80785,0-5.88-3.18126-7.80786-7.80839-7.80786h-5.39806v15.61571Z"/><path class="cls-1" d="M320.09776,567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h6.362c2.69929,0,4.91663,1.25341,4.91663,4.91716v43.282c0,5.78457,2.3133,8.38684,6.748,8.38684,4.43413,0,7.13343-2.60227,7.13343-8.38684v-43.282c0-3.66375,2.21733-4.91716,4.91609-4.91716H361.26c2.6993,0,4.91663,1.25341,4.91663,4.91716v41.06573c0,15.80871-7.13343,24.00256-23.42516,24.00256-16.0982,0-22.6537-8.19385-22.6537-24.00256Z"/><path class="cls-1" d="M384.59236,576.62068H376.495c-3.66322,0-4.91663-2.21734-4.91663-4.91716v-4.14411c0-2.69983,1.25341-4.91716,4.91663-4.91716h32.29343c3.66321,0,4.91609,2.21733,4.91609,4.91716v4.14411c0,2.69982-1.25288,4.91716-4.91609,4.91716H400.6911v50.32c0,3.66268-2.21734,4.91609-4.91663,4.91609h-6.266c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M419.49071,567.55941c0-3.66375,2.21681-4.91716,4.9161-4.91716h6.36251c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-6.36251c-2.69929,0-4.9161-1.25341-4.9161-4.91609Z"/><path class="cls-1" d="M443.20536,597.34654c0-21.30485,5.59106-35.57171,24.48505-35.57171s24.48505,14.26686,24.48505,35.57171c0,22.07472-6.84394,35.37766-24.485,35.37766S443.20536,619.42126,443.20536,597.34654Zm32.48643,0c0-16.29226-2.12083-22.26877-8.00138-22.26877-5.88,0-8.00085,5.97651-8.00085,22.26877,0,17.06212,2.4098,22.17121,8.00085,22.17121C473.378,619.51775,475.69179,614.40866,475.69179,597.34654Z"/><path class="cls-1" d="M499.69859,567.55941c0-3.66375,2.2168-4.91716,4.9161-4.91716h6.941a7.56728,7.56728,0,0,1,6.84394,4.43467l13.207,29.88363h.19247V567.55941c0-3.66375,2.21733-4.91716,4.91662-4.91716h4.62714c2.69876,0,4.91609,1.25341,4.91609,4.91716v59.38127c0,3.66268-2.21733,4.91609-4.91609,4.91609h-5.68756c-2.98878,0-4.72363-1.83134-5.977-4.43466L514.15792,593.5863h-.19247v33.35438c0,3.66268-2.21733,4.91609-4.91663,4.91609h-4.43413c-2.6993,0-4.9161-1.25341-4.9161-4.91609Z"/><g id="F1L4Xu"><path class="cls-2" d="M461.28162,365.26377c14.626-14.99573,31.51073-27.88581,43.901-45.3001,23.6055-33.17709,21.5881-53.98611-9.08528-79.89549-5.54727-4.68571-8.18237-7.96252-5.187-15.251,2.57641-6.26934,3.76528-13.21711,4.83156-19.981,5.90314-37.44659-11.00082-60.70078-48.64828-63.33267-13.137-.91842-16.45015-5.43062-19.21754-16.935-9.30387-38.67663-34.59038-53.67167-74.13662-44.585-10.18443,2.3401-17.05741,2.2529-24.8593-6.77926-30.175-34.93317-59.58084-35.22646-91.95222-.348-9.64337,10.39025-15.6225,11.83918-28.62783,5.4055-32.90341-16.27713-59.8387-3.10046-69.78437,35.47712-4.6848,18.17164-11.36854,26.3489-30.24471,30.1582-31.33028,6.32259-44.78933,33.5759-35.57532,69.531,3.76252,14.68215,4.6826,23.43655-10.28992,33.26423-22.74913,14.93216-25.22052,35.33713-11.0953,59.39875a163.06863,163.06863,0,0,0,18.46085,24.68707c6.40258,7.28037,13.94521,13.55817,19.80434,21.482C65.25053,338.04809,43.116,321.28746,27.8598,297.29993c-17.05057-26.80876-13.40609-48.15088,13.33187-65.26212,13.64688-8.73344,14.87507-15.92347,10.65871-30.93464-12.7269-45.31048,5.12054-71.29348,52.09339-78.34017,9.12234-1.36851,13.24368-4.37134,14.93358-13.09156a120.37358,120.37358,0,0,1,6.91928-23.66458C140.26672,51.59355,166.89048,40.64934,200.93587,56.76c12.995,6.14933,20.16447,5.77862,30.68022-5.2998C268.21035,12.90788,301.23887,13.957,336.089,53.95609c7.03437,8.07364,13.32723,7.58749,21.51782,5.54845,49.26567-12.26462,82.34232,9.66738,86.80352,52.02378.85563,8.12375,4.89151,12.49189,13.59822,11.06745a9.08058,9.08058,0,0,1,2.06083.01162c48.42775,3.32745,67.90447,29.37216,55.65225,76.28488-3.68675,14.11627-5.266,23.35647,9.83168,33.3918,24.025,15.96919,26.43605,40.908,10.89058,67.22194C523.519,321.384,492.3391,349.49056,461.28162,365.26377Z"/><path class="cls-2" d="M222.21166,412.15994c-43.3335,8.71069-88.628,7.98395-130.77907,28.38523,94.59324,34.57588,265.86321,39.32494,381.28659.87883-20.80256-13.03877-43.25235-15.46757-64.96771-19.52875-21.46582-4.01455-43.21049-6.53754-65.22855-9.773,2.32155-9.0906,5.71941-13.26155,14.6818-11.53506,34.9755,6.73747,70.6065,10.43856,104.30053,22.96341,8.18218,3.04152,18.89124,4.40911,19.86455,15.15614,1.09622,12.10448-6.10692,24.09739-16.79915,25.67409-30.25013,4.46064-56.38559,26.36212-84.9133,26.506-28.47048.14371-52.82989-.52977-79.492,14.17476-20.18156,11.13047-46.332,2.83194-64.16335-15.45408-6.83775-7.01216-11.13794-6.37864-19.02114-2.85829-23.91278,10.67842-47.24546,8.5124-67.31614-8.79886-7.10279-6.12627-13.27536-7.629-22.06165-6.68907a44.08867,44.08867,0,0,1-27.74743-5.86122C89.8179,459.38315,82.0507,451.437,82.898,439.18832c.77048-11.13889,11.49627-12.35089,19.55689-15.40536,33.62848-12.74306,69.18754-16.82889,104.26785-23.14551C215.75685,399.01074,219.15407,403.38339,222.21166,412.15994Z"/></g><rect class="cls-1" x="157.9184" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="278.28554" width="63.75238" height="63.75238"/><rect class="cls-1" x="157.9184" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="367.09657" y="153.06724" width="63.75176" height="63.75177" transform="translate(-13.91822 336.28471) rotate(-45)"/><polygon class="cls-1" points="239.799 221.785 239.799 222.389 296.3 250.79 325.004 193.987 268.201 165.284 239.799 221.785"/><rect class="cls-1" x="341.49858" y="264.8759" width="63.75384" height="63.75383" transform="translate(-59.8512 496.2174) rotate(-63.19922)"/><rect class="cls-1" x="157.9184" y="195.19594" width="63.75238" height="63.75238"/><rect class="cls-1" x="241.008" y="361.37514" width="63.75238" height="63.75238"/><rect class="cls-1" x="324.39973" y="361.37514" width="63.75238" height="63.75238"/></svg>
\ No newline at end of file
diff --git a/vendor/github.com/docker/distribution/reference/helpers.go b/vendor/github.com/distribution/reference/helpers.go
similarity index 94%
rename from vendor/github.com/docker/distribution/reference/helpers.go
rename to vendor/github.com/distribution/reference/helpers.go
index 978df7eab..d10c7ef83 100644
--- a/vendor/github.com/docker/distribution/reference/helpers.go
+++ b/vendor/github.com/distribution/reference/helpers.go
@@ -32,7 +32,7 @@ func FamiliarString(ref Reference) string {
 }
 
 // FamiliarMatch reports whether ref matches the specified pattern.
-// See https://godoc.org/path#Match for supported patterns.
+// See [path.Match] for supported patterns.
 func FamiliarMatch(pattern string, ref Reference) (bool, error) {
 	matched, err := path.Match(pattern, FamiliarString(ref))
 	if namedRef, isNamed := ref.(Named); isNamed && !matched {
diff --git a/vendor/github.com/docker/distribution/reference/normalize.go b/vendor/github.com/distribution/reference/normalize.go
similarity index 52%
rename from vendor/github.com/docker/distribution/reference/normalize.go
rename to vendor/github.com/distribution/reference/normalize.go
index b3dfb7a6d..a30229d01 100644
--- a/vendor/github.com/docker/distribution/reference/normalize.go
+++ b/vendor/github.com/distribution/reference/normalize.go
@@ -1,19 +1,42 @@
 package reference
 
 import (
-	"errors"
 	"fmt"
 	"strings"
 
-	"github.com/docker/distribution/digestset"
 	"github.com/opencontainers/go-digest"
 )
 
-var (
+const (
+	// legacyDefaultDomain is the legacy domain for Docker Hub (which was
+	// originally named "the Docker Index"). This domain is still used for
+	// authentication and image search, which were part of the "v1" Docker
+	// registry specification.
+	//
+	// This domain will continue to be supported, but there are plans to consolidate
+	// legacy domains to new "canonical" domains. Once those domains are decided
+	// on, we must update the normalization functions, but preserve compatibility
+	// with existing installs, clients, and user configuration.
 	legacyDefaultDomain = "index.docker.io"
-	defaultDomain       = "docker.io"
-	officialRepoName    = "library"
-	defaultTag          = "latest"
+
+	// defaultDomain is the default domain used for images on Docker Hub.
+	// It is used to normalize "familiar" names to canonical names, for example,
+	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
+	//
+	// Note that actual domain of Docker Hub's registry is registry-1.docker.io.
+	// This domain will continue to be supported, but there are plans to consolidate
+	// legacy domains to new "canonical" domains. Once those domains are decided
+	// on, we must update the normalization functions, but preserve compatibility
+	// with existing installs, clients, and user configuration.
+	defaultDomain = "docker.io"
+
+	// officialRepoPrefix is the namespace used for official images on Docker Hub.
+	// It is used to normalize "familiar" names to canonical names, for example,
+	// to convert "ubuntu" to "docker.io/library/ubuntu:latest".
+	officialRepoPrefix = "library/"
+
+	// defaultTag is the default tag if no tag is provided.
+	defaultTag = "latest"
 )
 
 // normalizedNamed represents a name which has been
@@ -35,14 +58,14 @@ func ParseNormalizedNamed(s string) (Named, error) {
 		return nil, fmt.Errorf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings", s)
 	}
 	domain, remainder := splitDockerDomain(s)
-	var remoteName string
+	var remote string
 	if tagSep := strings.IndexRune(remainder, ':'); tagSep > -1 {
-		remoteName = remainder[:tagSep]
+		remote = remainder[:tagSep]
 	} else {
-		remoteName = remainder
+		remote = remainder
 	}
-	if strings.ToLower(remoteName) != remoteName {
-		return nil, errors.New("invalid reference format: repository name must be lowercase")
+	if strings.ToLower(remote) != remote {
+		return nil, fmt.Errorf("invalid reference format: repository name (%s) must be lowercase", remote)
 	}
 
 	ref, err := Parse(domain + "/" + remainder)
@@ -56,41 +79,53 @@ func ParseNormalizedNamed(s string) (Named, error) {
 	return named, nil
 }
 
-// ParseDockerRef normalizes the image reference following the docker convention. This is added
-// mainly for backward compatibility.
-// The reference returned can only be either tagged or digested. For reference contains both tag
-// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@
-// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as
-// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa.
+// namedTaggedDigested is a reference that has both a tag and a digest.
+type namedTaggedDigested interface {
+	NamedTagged
+	Digested
+}
+
+// ParseDockerRef normalizes the image reference following the docker convention,
+// which allows for references to contain both a tag and a digest. It returns a
+// reference that is either tagged or digested. For references containing both
+// a tag and a digest, it returns a digested reference. For example, the following
+// reference:
+//
+//	docker.io/library/busybox:latest@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+// Is returned as a digested reference (with the ":latest" tag removed):
+//
+//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+// References that are already "tagged" or "digested" are returned unmodified:
+//
+//	// Already a digested reference
+//	docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa
+//
+//	// Already a named reference
+//	docker.io/library/busybox:latest
 func ParseDockerRef(ref string) (Named, error) {
 	named, err := ParseNormalizedNamed(ref)
 	if err != nil {
 		return nil, err
 	}
-	if _, ok := named.(NamedTagged); ok {
-		if canonical, ok := named.(Canonical); ok {
-			// The reference is both tagged and digested, only
-			// return digested.
-			newNamed, err := WithName(canonical.Name())
-			if err != nil {
-				return nil, err
-			}
-			newCanonical, err := WithDigest(newNamed, canonical.Digest())
-			if err != nil {
-				return nil, err
-			}
-			return newCanonical, nil
+	if canonical, ok := named.(namedTaggedDigested); ok {
+		// The reference is both tagged and digested; only return digested.
+		newNamed, err := WithName(canonical.Name())
+		if err != nil {
+			return nil, err
 		}
+		return WithDigest(newNamed, canonical.Digest())
 	}
 	return TagNameOnly(named), nil
 }
 
-// splitDockerDomain splits a repository name to domain and remotename string.
+// splitDockerDomain splits a repository name to domain and remote-name.
 // If no valid domain is found, the default domain is used. Repository name
 // needs to be already validated before.
 func splitDockerDomain(name string) (domain, remainder string) {
 	i := strings.IndexRune(name, '/')
-	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost") {
+	if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != localhost && strings.ToLower(name[:i]) == name[:i]) {
 		domain, remainder = defaultDomain, name
 	} else {
 		domain, remainder = name[:i], name[i+1:]
@@ -99,13 +134,13 @@ func splitDockerDomain(name string) (domain, remainder string) {
 		domain = defaultDomain
 	}
 	if domain == defaultDomain && !strings.ContainsRune(remainder, '/') {
-		remainder = officialRepoName + "/" + remainder
+		remainder = officialRepoPrefix + remainder
 	}
 	return
 }
 
 // familiarizeName returns a shortened version of the name familiar
-// to to the Docker UI. Familiar names have the default domain
+// to the Docker UI. Familiar names have the default domain
 // "docker.io" and "library/" repository prefix removed.
 // For example, "docker.io/library/redis" will have the familiar
 // name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp".
@@ -119,8 +154,15 @@ func familiarizeName(named namedRepository) repository {
 	if repo.domain == defaultDomain {
 		repo.domain = ""
 		// Handle official repositories which have the pattern "library/<official repo name>"
-		if split := strings.Split(repo.path, "/"); len(split) == 2 && split[0] == officialRepoName {
-			repo.path = split[1]
+		if strings.HasPrefix(repo.path, officialRepoPrefix) {
+			// TODO(thaJeztah): this check may be too strict, as it assumes the
+			//  "library/" namespace does not have nested namespaces. While this
+			//  is true (currently), technically it would be possible for Docker
+			//  Hub to use those (e.g. "library/distros/ubuntu:latest").
+			//  See https://github.com/distribution/distribution/pull/3769#issuecomment-1302031785.
+			if remainder := strings.TrimPrefix(repo.path, officialRepoPrefix); !strings.ContainsRune(remainder, '/') {
+				repo.path = remainder
+			}
 		}
 	}
 	return repo
@@ -180,20 +222,3 @@ func ParseAnyReference(ref string) (Reference, error) {
 
 	return ParseNormalizedNamed(ref)
 }
-
-// ParseAnyReferenceWithSet parses a reference string as a possible short
-// identifier to be matched in a digest set, a full digest, or familiar name.
-func ParseAnyReferenceWithSet(ref string, ds *digestset.Set) (Reference, error) {
-	if ok := anchoredShortIdentifierRegexp.MatchString(ref); ok {
-		dgst, err := ds.Lookup(ref)
-		if err == nil {
-			return digestReference(dgst), nil
-		}
-	} else {
-		if dgst, err := digest.Parse(ref); err == nil {
-			return digestReference(dgst), nil
-		}
-	}
-
-	return ParseNormalizedNamed(ref)
-}
diff --git a/vendor/github.com/docker/distribution/reference/reference.go b/vendor/github.com/distribution/reference/reference.go
similarity index 93%
rename from vendor/github.com/docker/distribution/reference/reference.go
rename to vendor/github.com/distribution/reference/reference.go
index b7cd00b0d..e98c44daa 100644
--- a/vendor/github.com/docker/distribution/reference/reference.go
+++ b/vendor/github.com/distribution/reference/reference.go
@@ -4,11 +4,14 @@
 // Grammar
 //
 //	reference                       := name [ ":" tag ] [ "@" digest ]
-//	name                            := [domain '/'] path-component ['/' path-component]*
-//	domain                          := domain-component ['.' domain-component]* [':' port-number]
+//	name                            := [domain '/'] remote-name
+//	domain                          := host [':' port-number]
+//	host                            := domain-name | IPv4address | \[ IPv6address \]	; rfc3986 appendix-A
+//	domain-name                     := domain-component ['.' domain-component]*
 //	domain-component                := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
 //	port-number                     := /[0-9]+/
 //	path-component                  := alpha-numeric [separator alpha-numeric]*
+//	path (or "remote-name")         := path-component ['/' path-component]*
 //	alpha-numeric                   := /[a-z0-9]+/
 //	separator                       := /[_.]|__|[-]*/
 //
@@ -21,7 +24,6 @@
 //	digest-hex                      := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value
 //
 //	identifier                      := /[a-f0-9]{64}/
-//	short-identifier                := /[a-f0-9]{6,64}/
 package reference
 
 import (
@@ -145,7 +147,7 @@ type namedRepository interface {
 	Path() string
 }
 
-// Domain returns the domain part of the Named reference
+// Domain returns the domain part of the [Named] reference.
 func Domain(named Named) string {
 	if r, ok := named.(namedRepository); ok {
 		return r.Domain()
@@ -154,7 +156,7 @@ func Domain(named Named) string {
 	return domain
 }
 
-// Path returns the name without the domain part of the Named reference
+// Path returns the name without the domain part of the [Named] reference.
 func Path(named Named) (name string) {
 	if r, ok := named.(namedRepository); ok {
 		return r.Path()
@@ -175,7 +177,8 @@ func splitDomain(name string) (string, string) {
 // hostname and name string. If no valid hostname is
 // found, the hostname is empty and the full value
 // is returned as name
-// DEPRECATED: Use Domain or Path
+//
+// Deprecated: Use [Domain] or [Path].
 func SplitHostname(named Named) (string, string) {
 	if r, ok := named.(namedRepository); ok {
 		return r.Domain(), r.Path()
@@ -185,7 +188,6 @@ func SplitHostname(named Named) (string, string) {
 
 // Parse parses s and returns a syntactically valid Reference.
 // If an error was encountered it is returned, along with a nil Reference.
-// NOTE: Parse will not handle short digests.
 func Parse(s string) (Reference, error) {
 	matches := ReferenceRegexp.FindStringSubmatch(s)
 	if matches == nil {
@@ -237,7 +239,6 @@ func Parse(s string) (Reference, error) {
 // the Named interface. The reference must have a name and be in the canonical
 // form, otherwise an error is returned.
 // If an error was encountered it is returned, along with a nil Reference.
-// NOTE: ParseNamed will not handle short digests.
 func ParseNamed(s string) (Named, error) {
 	named, err := ParseNormalizedNamed(s)
 	if err != nil {
@@ -320,11 +321,13 @@ func WithDigest(name Named, digest digest.Digest) (Canonical, error) {
 
 // TrimNamed removes any tag or digest from the named reference.
 func TrimNamed(ref Named) Named {
-	domain, path := SplitHostname(ref)
-	return repository{
-		domain: domain,
-		path:   path,
+	repo := repository{}
+	if r, ok := ref.(namedRepository); ok {
+		repo.domain, repo.path = r.Domain(), r.Path()
+	} else {
+		repo.domain, repo.path = splitDomain(ref.Name())
 	}
+	return repo
 }
 
 func getBestReferenceType(ref reference) Reference {
diff --git a/vendor/github.com/distribution/reference/regexp.go b/vendor/github.com/distribution/reference/regexp.go
new file mode 100644
index 000000000..65bc49d79
--- /dev/null
+++ b/vendor/github.com/distribution/reference/regexp.go
@@ -0,0 +1,163 @@
+package reference
+
+import (
+	"regexp"
+	"strings"
+)
+
+// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+var DigestRegexp = regexp.MustCompile(digestPat)
+
+// DomainRegexp matches hostname or IP-addresses, optionally including a port
+// number. It defines the structure of potential domain components that may be
+// part of image names. This is purposely a subset of what is allowed by DNS to
+// ensure backwards compatibility with Docker image names. It may be a subset of
+// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
+// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
+// addresses such as IPv4-Mapped).
+//
+// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
+var DomainRegexp = regexp.MustCompile(domainAndPort)
+
+// IdentifierRegexp is the format for string identifier used as a
+// content addressable identifier using sha256. These identifiers
+// are like digests without the algorithm, since sha256 is used.
+var IdentifierRegexp = regexp.MustCompile(identifier)
+
+// NameRegexp is the format for the name component of references, including
+// an optional domain and port, but without tag or digest suffix.
+var NameRegexp = regexp.MustCompile(namePat)
+
+// ReferenceRegexp is the full supported format of a reference. The regexp
+// is anchored and has capturing groups for name, tag, and digest
+// components.
+var ReferenceRegexp = regexp.MustCompile(referencePat)
+
+// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
+//
+// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
+var TagRegexp = regexp.MustCompile(tag)
+
+const (
+	// alphanumeric defines the alphanumeric atom, typically a
+	// component of names. This only allows lower case characters and digits.
+	alphanumeric = `[a-z0-9]+`
+
+	// separator defines the separators allowed to be embedded in name
+	// components. This allows one period, one or two underscore and multiple
+	// dashes. Repeated dashes and underscores are intentionally treated
+	// differently. In order to support valid hostnames as name components,
+	// supporting repeated dash was added. Additionally double underscore is
+	// now allowed as a separator to loosen the restriction for previously
+	// supported names.
+	separator = `(?:[._]|__|[-]+)`
+
+	// localhost is treated as a special value for domain-name. Any other
+	// domain-name without a "." or a ":port" are considered a path component.
+	localhost = `localhost`
+
+	// domainNameComponent restricts the registry domain component of a
+	// repository name to start with a component as defined by DomainRegexp.
+	domainNameComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`
+
+	// optionalPort matches an optional port-number including the port separator
+	// (e.g. ":80").
+	optionalPort = `(?::[0-9]+)?`
+
+	// tag matches valid tag names. From docker/docker:graph/tags.go.
+	tag = `[\w][\w.-]{0,127}`
+
+	// digestPat matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+	//
+	// TODO(thaJeztah): this should follow the same rules as https://pkg.go.dev/github.com/opencontainers/go-digest@v1.0.0#DigestRegexp
+	// so that go-digest defines the canonical format. Note that the go-digest is
+	// more relaxed:
+	//   - it allows multiple algorithms (e.g. "sha256+b64:<encoded>") to allow
+	//     future expansion of supported algorithms.
+	//   - it allows the "<encoded>" value to use urlsafe base64 encoding as defined
+	//     in [rfc4648, section 5].
+	//
+	// [rfc4648, section 5]: https://www.rfc-editor.org/rfc/rfc4648#section-5.
+	digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`
+
+	// identifier is the format for a content addressable identifier using sha256.
+	// These identifiers are like digests without the algorithm, since sha256 is used.
+	identifier = `([a-f0-9]{64})`
+
+	// ipv6address are enclosed between square brackets and may be represented
+	// in many ways, see rfc5952. Only IPv6 in compressed or uncompressed format
+	// are allowed, IPv6 zone identifiers (rfc6874) or Special addresses such as
+	// IPv4-Mapped are deliberately excluded.
+	ipv6address = `\[(?:[a-fA-F0-9:]+)\]`
+)
+
+var (
+	// domainName defines the structure of potential domain components
+	// that may be part of image names. This is purposely a subset of what is
+	// allowed by DNS to ensure backwards compatibility with Docker image
+	// names. This includes IPv4 addresses on decimal format.
+	domainName = domainNameComponent + anyTimes(`\.`+domainNameComponent)
+
+	// host defines the structure of potential domains based on the URI
+	// Host subcomponent on rfc3986. It may be a subset of DNS domain name,
+	// or an IPv4 address in decimal format, or an IPv6 address between square
+	// brackets (excluding zone identifiers as defined by rfc6874 or special
+	// addresses such as IPv4-Mapped).
+	host = `(?:` + domainName + `|` + ipv6address + `)`
+
+	// allowed by the URI Host subcomponent on rfc3986 to ensure backwards
+	// compatibility with Docker image names.
+	domainAndPort = host + optionalPort
+
+	// anchoredTagRegexp matches valid tag names, anchored at the start and
+	// end of the matched string.
+	anchoredTagRegexp = regexp.MustCompile(anchored(tag))
+
+	// anchoredDigestRegexp matches valid digests, anchored at the start and
+	// end of the matched string.
+	anchoredDigestRegexp = regexp.MustCompile(anchored(digestPat))
+
+	// pathComponent restricts path-components to start with an alphanumeric
+	// character, with following parts able to be separated by a separator
+	// (one period, one or two underscore and multiple dashes).
+	pathComponent = alphanumeric + anyTimes(separator+alphanumeric)
+
+	// remoteName matches the remote-name of a repository. It consists of one
+	// or more forward slash (/) delimited path-components:
+	//
+	//	pathComponent[[/pathComponent] ...] // e.g., "library/ubuntu"
+	remoteName = pathComponent + anyTimes(`/`+pathComponent)
+	namePat    = optional(domainAndPort+`/`) + remoteName
+
+	// anchoredNameRegexp is used to parse a name value, capturing the
+	// domain and trailing components.
+	anchoredNameRegexp = regexp.MustCompile(anchored(optional(capture(domainAndPort), `/`), capture(remoteName)))
+
+	referencePat = anchored(capture(namePat), optional(`:`, capture(tag)), optional(`@`, capture(digestPat)))
+
+	// anchoredIdentifierRegexp is used to check or match an
+	// identifier value, anchored at start and end of string.
+	anchoredIdentifierRegexp = regexp.MustCompile(anchored(identifier))
+)
+
+// optional wraps the expression in a non-capturing group and makes the
+// production optional.
+func optional(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)?`
+}
+
+// anyTimes wraps the expression in a non-capturing group that can occur
+// any number of times.
+func anyTimes(res ...string) string {
+	return `(?:` + strings.Join(res, "") + `)*`
+}
+
+// capture wraps the expression in a capturing group.
+func capture(res ...string) string {
+	return `(` + strings.Join(res, "") + `)`
+}
+
+// anchored anchors the regular expression by adding start and end delimiters.
+func anchored(res ...string) string {
+	return `^` + strings.Join(res, "") + `$`
+}
diff --git a/vendor/github.com/distribution/reference/sort.go b/vendor/github.com/distribution/reference/sort.go
new file mode 100644
index 000000000..416c37b07
--- /dev/null
+++ b/vendor/github.com/distribution/reference/sort.go
@@ -0,0 +1,75 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package reference
+
+import (
+	"sort"
+)
+
+// Sort sorts string references preferring higher information references.
+//
+// The precedence is as follows:
+//
+//  1. [Named] + [Tagged] + [Digested] (e.g., "docker.io/library/busybox:latest@sha256:<digest>")
+//  2. [Named] + [Tagged]              (e.g., "docker.io/library/busybox:latest")
+//  3. [Named] + [Digested]            (e.g., "docker.io/library/busybo@sha256:<digest>")
+//  4. [Named]                         (e.g., "docker.io/library/busybox")
+//  5. [Digested]                      (e.g., "docker.io@sha256:<digest>")
+//  6. Parse error
+func Sort(references []string) []string {
+	var prefs []Reference
+	var bad []string
+
+	for _, ref := range references {
+		pref, err := ParseAnyReference(ref)
+		if err != nil {
+			bad = append(bad, ref)
+		} else {
+			prefs = append(prefs, pref)
+		}
+	}
+	sort.Slice(prefs, func(a, b int) bool {
+		ar := refRank(prefs[a])
+		br := refRank(prefs[b])
+		if ar == br {
+			return prefs[a].String() < prefs[b].String()
+		}
+		return ar < br
+	})
+	sort.Strings(bad)
+	var refs []string
+	for _, pref := range prefs {
+		refs = append(refs, pref.String())
+	}
+	return append(refs, bad...)
+}
+
+func refRank(ref Reference) uint8 {
+	if _, ok := ref.(Named); ok {
+		if _, ok = ref.(Tagged); ok {
+			if _, ok = ref.(Digested); ok {
+				return 1
+			}
+			return 2
+		}
+		if _, ok = ref.(Digested); ok {
+			return 3
+		}
+		return 4
+	}
+	return 5
+}
diff --git a/vendor/github.com/docker/cli/cli/command/events_utils.go b/vendor/github.com/docker/cli/cli/command/events_utils.go
index 16d76892a..6a2907c53 100644
--- a/vendor/github.com/docker/cli/cli/command/events_utils.go
+++ b/vendor/github.com/docker/cli/cli/command/events_utils.go
@@ -3,28 +3,28 @@ package command
 import (
 	"sync"
 
-	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/docker/docker/api/types/events"
 	"github.com/sirupsen/logrus"
 )
 
 // EventHandler is abstract interface for user to customize
 // own handle functions of each type of events
 type EventHandler interface {
-	Handle(action string, h func(eventtypes.Message))
-	Watch(c <-chan eventtypes.Message)
+	Handle(action string, h func(events.Message))
+	Watch(c <-chan events.Message)
 }
 
 // InitEventHandler initializes and returns an EventHandler
 func InitEventHandler() EventHandler {
-	return &eventHandler{handlers: make(map[string]func(eventtypes.Message))}
+	return &eventHandler{handlers: make(map[string]func(events.Message))}
 }
 
 type eventHandler struct {
-	handlers map[string]func(eventtypes.Message)
+	handlers map[string]func(events.Message)
 	mu       sync.Mutex
 }
 
-func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
+func (w *eventHandler) Handle(action string, h func(events.Message)) {
 	w.mu.Lock()
 	w.handlers[action] = h
 	w.mu.Unlock()
@@ -33,7 +33,7 @@ func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
 // Watch ranges over the passed in event chan and processes the events based on the
 // handlers created for a given action.
 // To stop watching, close the event chan.
-func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
+func (w *eventHandler) Watch(c <-chan events.Message) {
 	for e := range c {
 		w.mu.Lock()
 		h, exists := w.handlers[e.Action]
diff --git a/vendor/github.com/docker/cli/cli/command/image/build.go b/vendor/github.com/docker/cli/cli/command/image/build.go
index 27b6cafd8..2c69a23b9 100644
--- a/vendor/github.com/docker/cli/cli/command/image/build.go
+++ b/vendor/github.com/docker/cli/cli/command/image/build.go
@@ -128,7 +128,7 @@ func NewBuildCommand(dockerCli command.Cli) *cobra.Command {
 	flags.Int64Var(&options.cpuQuota, "cpu-quota", 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
 	flags.StringVar(&options.cpuSetCpus, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
 	flags.StringVar(&options.cpuSetMems, "cpuset-mems", "", "MEMs in which to allow execution (0-3, 0,1)")
-	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", "Optional parent cgroup for the container")
+	flags.StringVar(&options.cgroupParent, "cgroup-parent", "", `Set the parent cgroup for the "RUN" instructions during build`)
 	flags.StringVar(&options.isolation, "isolation", "", "Container isolation technology")
 	flags.Var(&options.labels, "label", "Set metadata for an image")
 	flags.BoolVar(&options.noCache, "no-cache", false, "Do not use cache when building the image")
diff --git a/vendor/github.com/docker/cli/cli/command/image/build/dockerignore.go b/vendor/github.com/docker/cli/cli/command/image/build/dockerignore.go
index 73a130604..357210437 100644
--- a/vendor/github.com/docker/cli/cli/command/image/build/dockerignore.go
+++ b/vendor/github.com/docker/cli/cli/command/image/build/dockerignore.go
@@ -1,11 +1,12 @@
 package build
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 
-	"github.com/moby/buildkit/frontend/dockerfile/dockerignore"
 	"github.com/moby/patternmatcher"
+	"github.com/moby/patternmatcher/ignorefile"
 )
 
 // ReadDockerignore reads the .dockerignore file in the context directory and
@@ -22,7 +23,11 @@ func ReadDockerignore(contextDir string) ([]string, error) {
 	}
 	defer f.Close()
 
-	return dockerignore.ReadAll(f)
+	patterns, err := ignorefile.ReadAll(f)
+	if err != nil {
+		return nil, fmt.Errorf("error reading .dockerignore: %w", err)
+	}
+	return patterns, nil
 }
 
 // TrimBuildFilesFromExcludes removes the named Dockerfile and .dockerignore from
diff --git a/vendor/github.com/docker/cli/cli/command/registry.go b/vendor/github.com/docker/cli/cli/command/registry.go
index 909936722..95c16d7dc 100644
--- a/vendor/github.com/docker/cli/cli/command/registry.go
+++ b/vendor/github.com/docker/cli/cli/command/registry.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	configtypes "github.com/docker/cli/cli/config/types"
+	"github.com/docker/cli/cli/hints"
 	"github.com/docker/cli/cli/streams"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
@@ -19,6 +20,10 @@ import (
 	"github.com/pkg/errors"
 )
 
+const patSuggest = "You can log in with your password or a Personal Access " +
+	"Token (PAT). Using a limited-scope PAT grants better security and is required " +
+	"for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/"
+
 // EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload.
 //
 // Deprecated: use [registrytypes.EncodeAuthConfig] instead.
@@ -113,7 +118,11 @@ func ConfigureAuth(cli Cli, flUser, flPassword string, authconfig *registrytypes
 	if flUser = strings.TrimSpace(flUser); flUser == "" {
 		if isDefaultRegistry {
 			// if this is a default registry (docker hub), then display the following message.
-			fmt.Fprintln(cli.Out(), "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
+			fmt.Fprintln(cli.Out(), "Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.")
+			if hints.Enabled() {
+				fmt.Fprintln(cli.Out(), patSuggest)
+				fmt.Fprintln(cli.Out())
+			}
 		}
 		promptWithDefault(cli.Out(), "Username", authconfig.Username)
 		var err error
diff --git a/vendor/github.com/docker/cli/cli/hints/hints.go b/vendor/github.com/docker/cli/cli/hints/hints.go
new file mode 100644
index 000000000..f99df8fda
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/hints/hints.go
@@ -0,0 +1,18 @@
+package hints
+
+import (
+	"os"
+	"strconv"
+)
+
+// Enabled returns whether cli hints are enabled or not
+func Enabled() bool {
+	if v := os.Getenv("DOCKER_CLI_HINTS"); v != "" {
+		enabled, err := strconv.ParseBool(v)
+		if err != nil {
+			return true
+		}
+		return enabled
+	}
+	return true
+}
diff --git a/vendor/github.com/docker/cli/cli/registry/client/client.go b/vendor/github.com/docker/cli/cli/registry/client/client.go
index 86fc77568..1c33a836f 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/client.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/client.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	manifesttypes "github.com/docker/cli/cli/manifest/types"
+	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution"
 	"github.com/docker/distribution/reference"
 	distributionclient "github.com/docker/distribution/registry/client"
@@ -77,6 +78,7 @@ func (c *client) MountBlob(ctx context.Context, sourceRef reference.Canonical, t
 	if err != nil {
 		return err
 	}
+	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, targetRef, repoEndpoint)
 	if err != nil {
 		return err
@@ -102,6 +104,7 @@ func (c *client) PutManifest(ctx context.Context, ref reference.Named, manifest
 		return digest.Digest(""), err
 	}
 
+	repoEndpoint.actions = trust.ActionsPushAndPull
 	repo, err := c.getRepositoryForReference(ctx, ref, repoEndpoint)
 	if err != nil {
 		return digest.Digest(""), err
@@ -151,7 +154,9 @@ func (c *client) getHTTPTransportForRepoEndpoint(ctx context.Context, repoEndpoi
 		c.authConfigResolver(ctx, repoEndpoint.info.Index),
 		repoEndpoint.endpoint,
 		repoEndpoint.Name(),
-		c.userAgent)
+		c.userAgent,
+		repoEndpoint.actions,
+	)
 	return httpTransport, errors.Wrap(err, "failed to configure transport")
 }
 
diff --git a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go b/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
index c6987badb..6d0e920c5 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/endpoint.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/client/auth"
 	"github.com/docker/distribution/registry/client/transport"
@@ -17,6 +18,7 @@ import (
 type repositoryEndpoint struct {
 	info     *registry.RepositoryInfo
 	endpoint registry.APIEndpoint
+	actions  []string
 }
 
 // Name returns the repository name
@@ -74,7 +76,7 @@ func getDefaultEndpointFromRepoInfo(repoInfo *registry.RepositoryInfo) (registry
 }
 
 // getHTTPTransport builds a transport for use in communicating with a registry
-func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName string, userAgent string) (http.RoundTripper, error) {
+func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) {
 	// get the http transport, this will be used in a client to upload manifest
 	base := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
@@ -98,8 +100,11 @@ func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.API
 		passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
 	} else {
+		if len(actions) == 0 {
+			actions = trust.ActionsPullOnly
+		}
 		creds := registry.NewStaticCredentialStore(&authConfig)
-		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, "push", "pull")
+		tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...)
 		basicHandler := auth.NewBasicHandler(creds)
 		modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	}
diff --git a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
index acae274a4..3ce09d137 100644
--- a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
+++ b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go
@@ -202,7 +202,8 @@ func pullManifestList(ctx context.Context, ref reference.Named, repo distributio
 		}
 
 		// Replace platform from config
-		imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform)
+		p := manifestDescriptor.Platform
+		imageManifest.Descriptor.Platform = types.OCIPlatform(&p)
 
 		infos = append(infos, imageManifest)
 	}
@@ -242,11 +243,6 @@ func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named,
 
 	confirmedTLSRegistries := make(map[string]bool)
 	for _, endpoint := range endpoints {
-		if endpoint.Version == registry.APIVersion1 {
-			logrus.Debugf("skipping v1 endpoint %s", endpoint.URL)
-			continue
-		}
-
 		if endpoint.URL.Scheme != "https" {
 			if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS {
 				logrus.Debugf("skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)
diff --git a/vendor/github.com/docker/distribution/.golangci.yml b/vendor/github.com/docker/distribution/.golangci.yml
index 36c083b0f..61dd0e00e 100644
--- a/vendor/github.com/docker/distribution/.golangci.yml
+++ b/vendor/github.com/docker/distribution/.golangci.yml
@@ -1,7 +1,5 @@
 linters:
   enable:
-    - structcheck
-    - varcheck
     - staticcheck
     - unconvert
     - gofmt
@@ -14,6 +12,14 @@ linters:
   disable:
     - errcheck
 
+linters-settings:
+  revive:
+    rules:
+      # TODO(thaJeztah): temporarily disabled the "unused-parameter" check.
+      # It produces many warnings, and some of those may need to be looked at.
+      - name: unused-parameter
+        disabled: true
+
 run:
   deadline: 2m
   skip-dirs:
diff --git a/vendor/github.com/docker/distribution/.mailmap b/vendor/github.com/docker/distribution/.mailmap
index d94c3936e..d7b832d9e 100644
--- a/vendor/github.com/docker/distribution/.mailmap
+++ b/vendor/github.com/docker/distribution/.mailmap
@@ -49,3 +49,6 @@ Hayley Swimelar <hswimelar@gmail.com>
 Jose D. Gomez R <jose.gomez@suse.com>
 Shengjing Zhu <zhsj@debian.org>
 Silvin Lubecki <31478878+silvin-lubecki@users.noreply.github.com>
+James Hewitt <james.hewitt@gmail.com>
+Marcus Pettersen Irgens <m@mrcus.dev>
+Ben Manuel <bmanuel@users.noreply.github.com>
diff --git a/vendor/github.com/docker/distribution/BUILDING.md b/vendor/github.com/docker/distribution/BUILDING.md
index 2981d016b..4c43b03cb 100644
--- a/vendor/github.com/docker/distribution/BUILDING.md
+++ b/vendor/github.com/docker/distribution/BUILDING.md
@@ -114,4 +114,4 @@ the registry binary generated in the "./bin" directory:
 ### Optional build tags
 
 Optional [build tags](http://golang.org/pkg/go/build/) can be provided using
-the environment variable `DOCKER_BUILDTAGS`.
+the environment variable `BUILDTAGS`.
diff --git a/vendor/github.com/docker/distribution/Dockerfile b/vendor/github.com/docker/distribution/Dockerfile
index fb54b6813..ebd42c242 100644
--- a/vendor/github.com/docker/distribution/Dockerfile
+++ b/vendor/github.com/docker/distribution/Dockerfile
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION=1.19.9
-ARG ALPINE_VERSION=3.16
+ARG GO_VERSION=1.20.8
+ARG ALPINE_VERSION=3.18
 ARG XX_VERSION=1.2.1
 
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@@ -22,12 +22,12 @@ RUN --mount=target=. \
 FROM base AS build
 ARG TARGETPLATFORM
 ARG LDFLAGS="-s -w"
-ARG BUILDTAGS="include_oss include_gcs"
+ARG BUILDTAGS="include_oss,include_gcs"
 RUN --mount=type=bind,target=/go/src/github.com/docker/distribution,rw \
     --mount=type=cache,target=/root/.cache/go-build \
     --mount=target=/go/pkg/mod,type=cache \
     --mount=type=bind,source=/tmp/.ldflags,target=/tmp/.ldflags,from=version \
-      set -x ; xx-go build -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
+      set -x ; xx-go build -tags "${BUILDTAGS}" -trimpath -ldflags "$(cat /tmp/.ldflags) ${LDFLAGS}" -o /usr/bin/registry ./cmd/registry \
       && xx-verify --static /usr/bin/registry
 
 FROM scratch AS binary
diff --git a/vendor/github.com/docker/distribution/Makefile b/vendor/github.com/docker/distribution/Makefile
index 75e118201..dcdbcb547 100644
--- a/vendor/github.com/docker/distribution/Makefile
+++ b/vendor/github.com/docker/distribution/Makefile
@@ -50,7 +50,7 @@ version/version.go:
 
 check: ## run all linters (TODO: enable "unused", "varcheck", "ineffassign", "unconvert", "staticheck", "goimports", "structcheck")
 	@echo "$(WHALE) $@"
-	@GO111MODULE=off golangci-lint run
+	@GO111MODULE=off golangci-lint --build-tags "${BUILDTAGS}" run
 
 test: ## run tests, except integration test with test.short
 	@echo "$(WHALE) $@"
diff --git a/vendor/github.com/docker/distribution/blobs.go b/vendor/github.com/docker/distribution/blobs.go
index 2a659eaa3..671372abf 100644
--- a/vendor/github.com/docker/distribution/blobs.go
+++ b/vendor/github.com/docker/distribution/blobs.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/opencontainers/go-digest"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 )
diff --git a/vendor/github.com/docker/distribution/reference/helpers_deprecated.go b/vendor/github.com/docker/distribution/reference/helpers_deprecated.go
new file mode 100644
index 000000000..cbd119250
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/helpers_deprecated.go
@@ -0,0 +1,34 @@
+package reference
+
+import "github.com/distribution/reference"
+
+// IsNameOnly returns true if reference only contains a repo name.
+//
+// Deprecated: use [reference.IsNameOnly].
+func IsNameOnly(ref reference.Named) bool {
+	return reference.IsNameOnly(ref)
+}
+
+// FamiliarName returns the familiar name string
+// for the given named, familiarizing if needed.
+//
+// Deprecated: use [reference.FamiliarName].
+func FamiliarName(ref reference.Named) string {
+	return reference.FamiliarName(ref)
+}
+
+// FamiliarString returns the familiar string representation
+// for the given reference, familiarizing if needed.
+//
+// Deprecated: use [reference.FamiliarString].
+func FamiliarString(ref reference.Reference) string {
+	return reference.FamiliarString(ref)
+}
+
+// FamiliarMatch reports whether ref matches the specified pattern.
+// See [path.Match] for supported patterns.
+//
+// Deprecated: use [reference.FamiliarMatch].
+func FamiliarMatch(pattern string, ref reference.Reference) (bool, error) {
+	return reference.FamiliarMatch(pattern, ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/normalize_deprecated.go b/vendor/github.com/docker/distribution/reference/normalize_deprecated.go
new file mode 100644
index 000000000..1b4a459d7
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/normalize_deprecated.go
@@ -0,0 +1,92 @@
+package reference
+
+import (
+	"regexp"
+
+	"github.com/distribution/reference"
+	"github.com/opencontainers/go-digest"
+	"github.com/opencontainers/go-digest/digestset"
+)
+
+// ParseNormalizedNamed parses a string into a named reference
+// transforming a familiar name from Docker UI to a fully
+// qualified reference. If the value may be an identifier
+// use ParseAnyReference.
+//
+// Deprecated: use [reference.ParseNormalizedNamed].
+func ParseNormalizedNamed(s string) (reference.Named, error) {
+	return reference.ParseNormalizedNamed(s)
+}
+
+// ParseDockerRef normalizes the image reference following the docker convention,
+// which allows for references to contain both a tag and a digest.
+//
+// Deprecated: use [reference.ParseDockerRef].
+func ParseDockerRef(ref string) (reference.Named, error) {
+	return reference.ParseDockerRef(ref)
+}
+
+// TagNameOnly adds the default tag "latest" to a reference if it only has
+// a repo name.
+//
+// Deprecated: use [reference.TagNameOnly].
+func TagNameOnly(ref reference.Named) reference.Named {
+	return reference.TagNameOnly(ref)
+}
+
+// ParseAnyReference parses a reference string as a possible identifier,
+// full digest, or familiar name.
+//
+// Deprecated: use [reference.ParseAnyReference].
+func ParseAnyReference(ref string) (reference.Reference, error) {
+	return reference.ParseAnyReference(ref)
+}
+
+// Functions and types below have been removed in distribution v3 and
+// have not been ported to github.com/distribution/reference. See
+// https://github.com/distribution/distribution/pull/3774
+
+var (
+	// ShortIdentifierRegexp is the format used to represent a prefix
+	// of an identifier. A prefix may be used to match a sha256 identifier
+	// within a list of trusted identifiers.
+	//
+	// Deprecated: support for short-identifiers is deprecated, and will be removed in v3.
+	ShortIdentifierRegexp = regexp.MustCompile(shortIdentifier)
+
+	shortIdentifier = `([a-f0-9]{6,64})`
+
+	// anchoredShortIdentifierRegexp is used to check if a value
+	// is a possible identifier prefix, anchored at start and end
+	// of string.
+	anchoredShortIdentifierRegexp = regexp.MustCompile(`^` + shortIdentifier + `$`)
+)
+
+type digestReference digest.Digest
+
+func (d digestReference) String() string {
+	return digest.Digest(d).String()
+}
+
+func (d digestReference) Digest() digest.Digest {
+	return digest.Digest(d)
+}
+
+// ParseAnyReferenceWithSet parses a reference string as a possible short
+// identifier to be matched in a digest set, a full digest, or familiar name.
+//
+// Deprecated: support for short-identifiers is deprecated, and will be removed in v3.
+func ParseAnyReferenceWithSet(ref string, ds *digestset.Set) (Reference, error) {
+	if ok := anchoredShortIdentifierRegexp.MatchString(ref); ok {
+		dgst, err := ds.Lookup(ref)
+		if err == nil {
+			return digestReference(dgst), nil
+		}
+	} else {
+		if dgst, err := digest.Parse(ref); err == nil {
+			return digestReference(dgst), nil
+		}
+	}
+
+	return reference.ParseNormalizedNamed(ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/reference_deprecated.go b/vendor/github.com/docker/distribution/reference/reference_deprecated.go
new file mode 100644
index 000000000..5b732498e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/reference_deprecated.go
@@ -0,0 +1,172 @@
+// Package reference is deprecated, and has moved to github.com/distribution/reference.
+//
+// Deprecated: use github.com/distribution/reference instead.
+package reference
+
+import (
+	"github.com/distribution/reference"
+	"github.com/opencontainers/go-digest"
+)
+
+const (
+	// NameTotalLengthMax is the maximum total number of characters in a repository name.
+	//
+	// Deprecated: use [reference.NameTotalLengthMax].
+	NameTotalLengthMax = reference.NameTotalLengthMax
+)
+
+var (
+	// ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference.
+	//
+	// Deprecated: use [reference.ErrReferenceInvalidFormat].
+	ErrReferenceInvalidFormat = reference.ErrReferenceInvalidFormat
+
+	// ErrTagInvalidFormat represents an error while trying to parse a string as a tag.
+	//
+	// Deprecated: use [reference.ErrTagInvalidFormat].
+	ErrTagInvalidFormat = reference.ErrTagInvalidFormat
+
+	// ErrDigestInvalidFormat represents an error while trying to parse a string as a tag.
+	//
+	// Deprecated: use [reference.ErrDigestInvalidFormat].
+	ErrDigestInvalidFormat = reference.ErrDigestInvalidFormat
+
+	// ErrNameContainsUppercase is returned for invalid repository names that contain uppercase characters.
+	//
+	// Deprecated: use [reference.ErrNameContainsUppercase].
+	ErrNameContainsUppercase = reference.ErrNameContainsUppercase
+
+	// ErrNameEmpty is returned for empty, invalid repository names.
+	//
+	// Deprecated: use [reference.ErrNameEmpty].
+	ErrNameEmpty = reference.ErrNameEmpty
+
+	// ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax.
+	//
+	// Deprecated: use [reference.ErrNameTooLong].
+	ErrNameTooLong = reference.ErrNameTooLong
+
+	// ErrNameNotCanonical is returned when a name is not canonical.
+	//
+	// Deprecated: use [reference.ErrNameNotCanonical].
+	ErrNameNotCanonical = reference.ErrNameNotCanonical
+)
+
+// Reference is an opaque object reference identifier that may include
+// modifiers such as a hostname, name, tag, and digest.
+//
+// Deprecated: use [reference.Reference].
+type Reference = reference.Reference
+
+// Field provides a wrapper type for resolving correct reference types when
+// working with encoding.
+//
+// Deprecated: use [reference.Field].
+type Field = reference.Field
+
+// AsField wraps a reference in a Field for encoding.
+//
+// Deprecated: use [reference.AsField].
+func AsField(ref reference.Reference) reference.Field {
+	return reference.AsField(ref)
+}
+
+// Named is an object with a full name
+//
+// Deprecated: use [reference.Named].
+type Named = reference.Named
+
+// Tagged is an object which has a tag
+//
+// Deprecated: use [reference.Tagged].
+type Tagged = reference.Tagged
+
+// NamedTagged is an object including a name and tag.
+//
+// Deprecated: use [reference.NamedTagged].
+type NamedTagged reference.NamedTagged
+
+// Digested is an object which has a digest
+// in which it can be referenced by
+//
+// Deprecated: use [reference.Digested].
+type Digested reference.Digested
+
+// Canonical reference is an object with a fully unique
+// name including a name with domain and digest
+//
+// Deprecated: use [reference.Canonical].
+type Canonical reference.Canonical
+
+// Domain returns the domain part of the [Named] reference.
+//
+// Deprecated: use [reference.Domain].
+func Domain(named reference.Named) string {
+	return reference.Domain(named)
+}
+
+// Path returns the name without the domain part of the [Named] reference.
+//
+// Deprecated: use [reference.Path].
+func Path(named reference.Named) (name string) {
+	return reference.Path(named)
+}
+
+// SplitHostname splits a named reference into a
+// hostname and name string. If no valid hostname is
+// found, the hostname is empty and the full value
+// is returned as name
+//
+// Deprecated: Use [reference.Domain] or [reference.Path].
+func SplitHostname(named reference.Named) (string, string) {
+	return reference.SplitHostname(named)
+}
+
+// Parse parses s and returns a syntactically valid Reference.
+// If an error was encountered it is returned, along with a nil Reference.
+//
+// Deprecated: use [reference.Parse].
+func Parse(s string) (reference.Reference, error) {
+	return reference.Parse(s)
+}
+
+// ParseNamed parses s and returns a syntactically valid reference implementing
+// the Named interface. The reference must have a name and be in the canonical
+// form, otherwise an error is returned.
+// If an error was encountered it is returned, along with a nil Reference.
+//
+// Deprecated: use [reference.ParseNamed].
+func ParseNamed(s string) (reference.Named, error) {
+	return reference.ParseNamed(s)
+}
+
+// WithName returns a named object representing the given string. If the input
+// is invalid ErrReferenceInvalidFormat will be returned.
+//
+// Deprecated: use [reference.WithName].
+func WithName(name string) (reference.Named, error) {
+	return reference.WithName(name)
+}
+
+// WithTag combines the name from "name" and the tag from "tag" to form a
+// reference incorporating both the name and the tag.
+//
+// Deprecated: use [reference.WithTag].
+func WithTag(name reference.Named, tag string) (reference.NamedTagged, error) {
+	return reference.WithTag(name, tag)
+}
+
+// WithDigest combines the name from "name" and the digest from "digest" to form
+// a reference incorporating both the name and the digest.
+//
+// Deprecated: use [reference.WithDigest].
+func WithDigest(name reference.Named, digest digest.Digest) (reference.Canonical, error) {
+	return reference.WithDigest(name, digest)
+}
+
+// TrimNamed removes any tag or digest from the named reference.
+//
+// Deprecated: use [reference.TrimNamed].
+func TrimNamed(ref reference.Named) reference.Named {
+	return reference.TrimNamed(ref)
+}
diff --git a/vendor/github.com/docker/distribution/reference/regexp.go b/vendor/github.com/docker/distribution/reference/regexp.go
deleted file mode 100644
index 786034932..000000000
--- a/vendor/github.com/docker/distribution/reference/regexp.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package reference
-
-import "regexp"
-
-var (
-	// alphaNumericRegexp defines the alpha numeric atom, typically a
-	// component of names. This only allows lower case characters and digits.
-	alphaNumericRegexp = match(`[a-z0-9]+`)
-
-	// separatorRegexp defines the separators allowed to be embedded in name
-	// components. This allow one period, one or two underscore and multiple
-	// dashes.
-	separatorRegexp = match(`(?:[._]|__|[-]*)`)
-
-	// nameComponentRegexp restricts registry path component names to start
-	// with at least one letter or number, with following parts able to be
-	// separated by one period, one or two underscore and multiple dashes.
-	nameComponentRegexp = expression(
-		alphaNumericRegexp,
-		optional(repeated(separatorRegexp, alphaNumericRegexp)))
-
-	// domainComponentRegexp restricts the registry domain component of a
-	// repository name to start with a component as defined by DomainRegexp
-	// and followed by an optional port.
-	domainComponentRegexp = match(`(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])`)
-
-	// DomainRegexp defines the structure of potential domain components
-	// that may be part of image names. This is purposely a subset of what is
-	// allowed by DNS to ensure backwards compatibility with Docker image
-	// names.
-	DomainRegexp = expression(
-		domainComponentRegexp,
-		optional(repeated(literal(`.`), domainComponentRegexp)),
-		optional(literal(`:`), match(`[0-9]+`)))
-
-	// TagRegexp matches valid tag names. From docker/docker:graph/tags.go.
-	TagRegexp = match(`[\w][\w.-]{0,127}`)
-
-	// anchoredTagRegexp matches valid tag names, anchored at the start and
-	// end of the matched string.
-	anchoredTagRegexp = anchored(TagRegexp)
-
-	// DigestRegexp matches valid digests.
-	DigestRegexp = match(`[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}`)
-
-	// anchoredDigestRegexp matches valid digests, anchored at the start and
-	// end of the matched string.
-	anchoredDigestRegexp = anchored(DigestRegexp)
-
-	// NameRegexp is the format for the name component of references. The
-	// regexp has capturing groups for the domain and name part omitting
-	// the separating forward slash from either.
-	NameRegexp = expression(
-		optional(DomainRegexp, literal(`/`)),
-		nameComponentRegexp,
-		optional(repeated(literal(`/`), nameComponentRegexp)))
-
-	// anchoredNameRegexp is used to parse a name value, capturing the
-	// domain and trailing components.
-	anchoredNameRegexp = anchored(
-		optional(capture(DomainRegexp), literal(`/`)),
-		capture(nameComponentRegexp,
-			optional(repeated(literal(`/`), nameComponentRegexp))))
-
-	// ReferenceRegexp is the full supported format of a reference. The regexp
-	// is anchored and has capturing groups for name, tag, and digest
-	// components.
-	ReferenceRegexp = anchored(capture(NameRegexp),
-		optional(literal(":"), capture(TagRegexp)),
-		optional(literal("@"), capture(DigestRegexp)))
-
-	// IdentifierRegexp is the format for string identifier used as a
-	// content addressable identifier using sha256. These identifiers
-	// are like digests without the algorithm, since sha256 is used.
-	IdentifierRegexp = match(`([a-f0-9]{64})`)
-
-	// ShortIdentifierRegexp is the format used to represent a prefix
-	// of an identifier. A prefix may be used to match a sha256 identifier
-	// within a list of trusted identifiers.
-	ShortIdentifierRegexp = match(`([a-f0-9]{6,64})`)
-
-	// anchoredIdentifierRegexp is used to check or match an
-	// identifier value, anchored at start and end of string.
-	anchoredIdentifierRegexp = anchored(IdentifierRegexp)
-
-	// anchoredShortIdentifierRegexp is used to check if a value
-	// is a possible identifier prefix, anchored at start and end
-	// of string.
-	anchoredShortIdentifierRegexp = anchored(ShortIdentifierRegexp)
-)
-
-// match compiles the string to a regular expression.
-var match = regexp.MustCompile
-
-// literal compiles s into a literal regular expression, escaping any regexp
-// reserved characters.
-func literal(s string) *regexp.Regexp {
-	re := match(regexp.QuoteMeta(s))
-
-	if _, complete := re.LiteralPrefix(); !complete {
-		panic("must be a literal")
-	}
-
-	return re
-}
-
-// expression defines a full expression, where each regular expression must
-// follow the previous.
-func expression(res ...*regexp.Regexp) *regexp.Regexp {
-	var s string
-	for _, re := range res {
-		s += re.String()
-	}
-
-	return match(s)
-}
-
-// optional wraps the expression in a non-capturing group and makes the
-// production optional.
-func optional(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(group(expression(res...)).String() + `?`)
-}
-
-// repeated wraps the regexp in a non-capturing group to get one or more
-// matches.
-func repeated(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(group(expression(res...)).String() + `+`)
-}
-
-// group wraps the regexp in a non-capturing group.
-func group(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`(?:` + expression(res...).String() + `)`)
-}
-
-// capture wraps the expression in a capturing group.
-func capture(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`(` + expression(res...).String() + `)`)
-}
-
-// anchored anchors the regular expression by adding start and end delimiters.
-func anchored(res ...*regexp.Regexp) *regexp.Regexp {
-	return match(`^` + expression(res...).String() + `$`)
-}
diff --git a/vendor/github.com/docker/distribution/reference/regexp_deprecated.go b/vendor/github.com/docker/distribution/reference/regexp_deprecated.go
new file mode 100644
index 000000000..4b9c1b58e
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/regexp_deprecated.go
@@ -0,0 +1,50 @@
+package reference
+
+import (
+	"github.com/distribution/reference"
+)
+
+// DigestRegexp matches well-formed digests, including algorithm (e.g. "sha256:<encoded>").
+//
+// Deprecated: use [reference.DigestRegexp].
+var DigestRegexp = reference.DigestRegexp
+
+// DomainRegexp matches hostname or IP-addresses, optionally including a port
+// number. It defines the structure of potential domain components that may be
+// part of image names. This is purposely a subset of what is allowed by DNS to
+// ensure backwards compatibility with Docker image names. It may be a subset of
+// DNS domain name, an IPv4 address in decimal format, or an IPv6 address between
+// square brackets (excluding zone identifiers as defined by [RFC 6874] or special
+// addresses such as IPv4-Mapped).
+//
+// Deprecated: use [reference.DomainRegexp].
+//
+// [RFC 6874]: https://www.rfc-editor.org/rfc/rfc6874.
+var DomainRegexp = reference.DigestRegexp
+
+// IdentifierRegexp is the format for string identifier used as a
+// content addressable identifier using sha256. These identifiers
+// are like digests without the algorithm, since sha256 is used.
+//
+// Deprecated: use [reference.IdentifierRegexp].
+var IdentifierRegexp = reference.IdentifierRegexp
+
+// NameRegexp is the format for the name component of references, including
+// an optional domain and port, but without tag or digest suffix.
+//
+// Deprecated: use [reference.NameRegexp].
+var NameRegexp = reference.NameRegexp
+
+// ReferenceRegexp is the full supported format of a reference. The regexp
+// is anchored and has capturing groups for name, tag, and digest
+// components.
+//
+// Deprecated: use [reference.ReferenceRegexp].
+var ReferenceRegexp = reference.ReferenceRegexp
+
+// TagRegexp matches valid tag names. From [docker/docker:graph/tags.go].
+//
+// Deprecated: use [reference.TagRegexp].
+//
+// [docker/docker:graph/tags.go]: https://github.com/moby/moby/blob/v1.6.0/graph/tags.go#L26-L28
+var TagRegexp = reference.TagRegexp
diff --git a/vendor/github.com/docker/distribution/reference/sort_deprecated.go b/vendor/github.com/docker/distribution/reference/sort_deprecated.go
new file mode 100644
index 000000000..a73251b6f
--- /dev/null
+++ b/vendor/github.com/docker/distribution/reference/sort_deprecated.go
@@ -0,0 +1,10 @@
+package reference
+
+import "github.com/distribution/reference"
+
+// Sort sorts string references preferring higher information references.
+//
+// Deprecated: use [reference.Sort].
+func Sort(references []string) []string {
+	return reference.Sort(references)
+}
diff --git a/vendor/github.com/docker/distribution/registry.go b/vendor/github.com/docker/distribution/registry.go
index 6c3210989..d0deee65d 100644
--- a/vendor/github.com/docker/distribution/registry.go
+++ b/vendor/github.com/docker/distribution/registry.go
@@ -3,7 +3,7 @@ package distribution
 import (
 	"context"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 )
 
 // Scope defines the set of items that match a namespace.
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go b/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
index c3bf90f71..7fceefbc6 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/descriptors.go
@@ -4,7 +4,7 @@ import (
 	"net/http"
 	"regexp"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/docker/distribution/registry/api/errcode"
 	"github.com/opencontainers/go-digest"
 )
diff --git a/vendor/github.com/docker/distribution/registry/api/v2/urls.go b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
index 3c3ec9893..ab6406335 100644
--- a/vendor/github.com/docker/distribution/registry/api/v2/urls.go
+++ b/vendor/github.com/docker/distribution/registry/api/v2/urls.go
@@ -6,7 +6,7 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/gorilla/mux"
 )
 
diff --git a/vendor/github.com/docker/distribution/registry/client/blob_writer.go b/vendor/github.com/docker/distribution/registry/client/blob_writer.go
index 695bf852f..dac030c73 100644
--- a/vendor/github.com/docker/distribution/registry/client/blob_writer.go
+++ b/vendor/github.com/docker/distribution/registry/client/blob_writer.go
@@ -42,6 +42,8 @@ func (hbu *httpBlobUpload) ReadFrom(r io.Reader) (n int64, err error) {
 	}
 	defer req.Body.Close()
 
+	req.Header.Set("Content-Type", "application/octet-stream")
+
 	resp, err := hbu.client.Do(req)
 	if err != nil {
 		return 0, err
diff --git a/vendor/github.com/docker/distribution/registry/client/errors.go b/vendor/github.com/docker/distribution/registry/client/errors.go
index 024df43dd..ce9902034 100644
--- a/vendor/github.com/docker/distribution/registry/client/errors.go
+++ b/vendor/github.com/docker/distribution/registry/client/errors.go
@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
 	"io/ioutil"
+	"mime"
 	"net/http"
 
 	"github.com/docker/distribution/registry/api/errcode"
@@ -38,13 +38,29 @@ func (e *UnexpectedHTTPResponseError) Error() string {
 	return fmt.Sprintf("error parsing HTTP %d response body: %s: %q", e.StatusCode, e.ParseErr.Error(), string(e.Response))
 }
 
-func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
+func parseHTTPErrorResponse(resp *http.Response) error {
 	var errors errcode.Errors
-	body, err := ioutil.ReadAll(r)
+	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return err
 	}
 
+	statusCode := resp.StatusCode
+	ctHeader := resp.Header.Get("Content-Type")
+
+	if ctHeader == "" {
+		return makeError(statusCode, string(body))
+	}
+
+	contentType, _, err := mime.ParseMediaType(ctHeader)
+	if err != nil {
+		return fmt.Errorf("failed parsing content-type: %w", err)
+	}
+
+	if contentType != "application/json" && contentType != "application/vnd.api+json" {
+		return makeError(statusCode, string(body))
+	}
+
 	// For backward compatibility, handle irregularly formatted
 	// messages that contain a "details" field.
 	var detailsErr struct {
@@ -52,16 +68,7 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	}
 	err = json.Unmarshal(body, &detailsErr)
 	if err == nil && detailsErr.Details != "" {
-		switch statusCode {
-		case http.StatusUnauthorized:
-			return errcode.ErrorCodeUnauthorized.WithMessage(detailsErr.Details)
-		case http.StatusForbidden:
-			return errcode.ErrorCodeDenied.WithMessage(detailsErr.Details)
-		case http.StatusTooManyRequests:
-			return errcode.ErrorCodeTooManyRequests.WithMessage(detailsErr.Details)
-		default:
-			return errcode.ErrorCodeUnknown.WithMessage(detailsErr.Details)
-		}
+		return makeError(statusCode, detailsErr.Details)
 	}
 
 	if err := json.Unmarshal(body, &errors); err != nil {
@@ -85,6 +92,19 @@ func parseHTTPErrorResponse(statusCode int, r io.Reader) error {
 	return errors
 }
 
+func makeError(statusCode int, details string) error {
+	switch statusCode {
+	case http.StatusUnauthorized:
+		return errcode.ErrorCodeUnauthorized.WithMessage(details)
+	case http.StatusForbidden:
+		return errcode.ErrorCodeDenied.WithMessage(details)
+	case http.StatusTooManyRequests:
+		return errcode.ErrorCodeTooManyRequests.WithMessage(details)
+	default:
+		return errcode.ErrorCodeUnknown.WithMessage(details)
+	}
+}
+
 func makeErrorList(err error) []error {
 	if errL, ok := err.(errcode.Errors); ok {
 		return []error(errL)
@@ -121,11 +141,10 @@ func HandleErrorResponse(resp *http.Response) error {
 				} else {
 					err.Message = err.Code.Message()
 				}
-
-				return mergeErrors(err, parseHTTPErrorResponse(resp.StatusCode, resp.Body))
+				return mergeErrors(err, parseHTTPErrorResponse(resp))
 			}
 		}
-		err := parseHTTPErrorResponse(resp.StatusCode, resp.Body)
+		err := parseHTTPErrorResponse(resp)
 		if uErr, ok := err.(*UnexpectedHTTPResponseError); ok && resp.StatusCode == 401 {
 			return errcode.ErrorCodeUnauthorized.WithDetail(uErr.Response)
 		}
diff --git a/vendor/github.com/docker/distribution/registry/client/repository.go b/vendor/github.com/docker/distribution/registry/client/repository.go
index 04e5a3ba0..fd42a1e66 100644
--- a/vendor/github.com/docker/distribution/registry/client/repository.go
+++ b/vendor/github.com/docker/distribution/registry/client/repository.go
@@ -14,8 +14,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/distribution/reference"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
 	v2 "github.com/docker/distribution/registry/api/v2"
 	"github.com/docker/distribution/registry/client/transport"
 	"github.com/docker/distribution/registry/storage/cache"
diff --git a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go b/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
index 42d94d9bd..f2953b02c 100644
--- a/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
+++ b/vendor/github.com/docker/distribution/registry/storage/cache/memory/memory.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"sync"
 
+	"github.com/distribution/reference"
 	"github.com/docker/distribution"
-	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/storage/cache"
 	"github.com/opencontainers/go-digest"
 )
diff --git a/vendor/github.com/docker/distribution/vendor.conf b/vendor/github.com/docker/distribution/vendor.conf
index bd1b4bff6..20818428f 100644
--- a/vendor/github.com/docker/distribution/vendor.conf
+++ b/vendor/github.com/docker/distribution/vendor.conf
@@ -9,6 +9,7 @@ github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702
 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782
 github.com/denverdino/aliyungo afedced274aa9a7fcdd47ac97018f0f8db4e5de2
 github.com/dgrijalva/jwt-go 4bbdd8ac624fc7a9ef7aec841c43d99b5fe65a29 https://github.com/golang-jwt/jwt.git # v3.2.2
+github.com/distribution/reference 49c28499d219290c3226822e9cfcd4ede6d75379 # v0.5.0
 github.com/docker/go-metrics 399ea8c73916000c64c2c76e8da00ca82f8387ab
 github.com/docker/libtrust fa567046d9b14f6aa788882a950d69651d230b21
 github.com/garyburd/redigo 535138d7bcd717d6531c701ef5933d98b1866257
@@ -47,5 +48,5 @@ gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
 gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
 gopkg.in/yaml.v2 v2.2.1
 rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
-github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
+github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
index a820f996f..7635b9f66 100644
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -5068,7 +5068,7 @@ definitions:
           Go runtime (`GOOS`).
 
           Currently returned values are "linux" and "windows". A full list of
-          possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+          possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
         type: "string"
         example: "linux"
       Architecture:
@@ -5076,7 +5076,7 @@ definitions:
           Hardware architecture of the host, as returned by the Go runtime
           (`GOARCH`).
 
-          A full list of possible values can be found in the [Go documentation](https://golang.org/doc/install/source#environment).
+          A full list of possible values can be found in the [Go documentation](https://go.dev/doc/install/source#environment).
         type: "string"
         example: "x86_64"
       NCPU:
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
index 887648cf3..0c39ab5f1 100644
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@@ -98,7 +98,7 @@ func FromJSON(p string) (Args, error) {
 	// Fallback to parsing arguments in the legacy slice format
 	deprecated := map[string][]string{}
 	if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil {
-		return args, invalidFilter{}
+		return args, &invalidFilter{}
 	}
 
 	args.fields = deprecatedArgs(deprecated)
@@ -206,7 +206,7 @@ func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
 	}
 
 	if len(fieldValues) == 0 {
-		return defaultValue, invalidFilter{key, nil}
+		return defaultValue, &invalidFilter{key, nil}
 	}
 
 	isFalse := fieldValues["0"] || fieldValues["false"]
@@ -216,7 +216,7 @@ func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
 	invalid := !isFalse && !isTrue
 
 	if conflicting || invalid {
-		return defaultValue, invalidFilter{key, args.Get(key)}
+		return defaultValue, &invalidFilter{key, args.Get(key)}
 	} else if isFalse {
 		return false, nil
 	} else if isTrue {
@@ -224,7 +224,7 @@ func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
 	}
 
 	// This code shouldn't be reached.
-	return defaultValue, unreachableCode{Filter: key, Value: args.Get(key)}
+	return defaultValue, &unreachableCode{Filter: key, Value: args.Get(key)}
 }
 
 // ExactMatch returns true if the source matches exactly one of the values.
@@ -282,7 +282,7 @@ func (args Args) Contains(field string) bool {
 func (args Args) Validate(accepted map[string]bool) error {
 	for name := range args.fields {
 		if !accepted[name] {
-			return invalidFilter{name, nil}
+			return &invalidFilter{name, nil}
 		}
 	}
 	return nil
diff --git a/vendor/github.com/docker/docker/api/types/versions/compare.go b/vendor/github.com/docker/docker/api/types/versions/compare.go
index 489e917ee..621725a36 100644
--- a/vendor/github.com/docker/docker/api/types/versions/compare.go
+++ b/vendor/github.com/docker/docker/api/types/versions/compare.go
@@ -16,11 +16,11 @@ func compare(v1, v2 string) int {
 		otherTab = strings.Split(v2, ".")
 	)
 
-	max := len(currTab)
-	if len(otherTab) > max {
-		max = len(otherTab)
+	maxVer := len(currTab)
+	if len(otherTab) > maxVer {
+		maxVer = len(otherTab)
 	}
-	for i := 0; i < max; i++ {
+	for i := 0; i < maxVer; i++ {
 		var currInt, otherInt int
 
 		if len(currTab) > i {
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go
index c8c7be747..1a2fb971f 100644
--- a/vendor/github.com/docker/docker/pkg/archive/diff.go
+++ b/vendor/github.com/docker/docker/pkg/archive/diff.go
@@ -223,6 +223,25 @@ func ApplyUncompressedLayer(dest string, layer io.Reader, options *TarOptions) (
 	return applyLayerHandler(dest, layer, options, false)
 }
 
+// IsEmpty checks if the tar archive is empty (doesn't contain any entries).
+func IsEmpty(rd io.Reader) (bool, error) {
+	decompRd, err := DecompressStream(rd)
+	if err != nil {
+		return true, fmt.Errorf("failed to decompress archive: %v", err)
+	}
+	defer decompRd.Close()
+
+	tarReader := tar.NewReader(decompRd)
+	if _, err := tarReader.Next(); err != nil {
+		if err == io.EOF {
+			return true, nil
+		}
+		return false, fmt.Errorf("failed to read next archive header: %v", err)
+	}
+
+	return false, nil
+}
+
 // do the bulk load of ApplyLayer, but allow for not calling DecompressStream
 func applyLayerHandler(dest string, layer io.Reader, options *TarOptions, decompress bool) (int64, error) {
 	dest = filepath.Clean(dest)
diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
new file mode 100644
index 000000000..ffc7b992b
--- /dev/null
+++ b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
@@ -0,0 +1,13 @@
+freebsd_task:
+  name: 'FreeBSD'
+  freebsd_instance:
+    image_family: freebsd-13-2
+  install_script:
+    - pkg update -f
+    - pkg install -y go
+  test_script:
+      # run tests as user "cirrus" instead of root
+    - pw useradd cirrus -m
+    - chown -R cirrus:cirrus .
+    - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
+    -                      sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
diff --git a/vendor/github.com/fsnotify/fsnotify/.gitignore b/vendor/github.com/fsnotify/fsnotify/.gitignore
index 1d89d85ce..391cc076b 100644
--- a/vendor/github.com/fsnotify/fsnotify/.gitignore
+++ b/vendor/github.com/fsnotify/fsnotify/.gitignore
@@ -4,3 +4,4 @@
 
 # Output of go build ./cmd/fsnotify
 /fsnotify
+/fsnotify.exe
diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
index 77f9593bd..e0e575754 100644
--- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
+++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
@@ -1,16 +1,87 @@
 # Changelog
 
-All notable changes to this project will be documented in this file.
+Unreleased
+----------
+Nothing yet.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+1.7.0 - 2023-10-22
+------------------
+This version of fsnotify needs Go 1.17.
 
-## [Unreleased]
+### Additions
 
-Nothing yet.
+- illumos: add FEN backend to support illumos and Solaris. ([#371])
+
+- all: add `NewBufferedWatcher()` to use a buffered channel, which can be useful
+  in cases where you can't control the kernel buffer and receive a large number
+  of events in bursts. ([#550], [#572])
+
+- all: add `AddWith()`, which is identical to `Add()` but allows passing
+  options. ([#521])
+
+- windows: allow setting the ReadDirectoryChangesW() buffer size with
+  `fsnotify.WithBufferSize()`; the default of 64K is the highest value that
+  works on all platforms and is enough for most purposes, but in some cases a
+  highest buffer is needed. ([#521])
+
+### Changes and fixes
+
+- inotify: remove watcher if a watched path is renamed ([#518])
+
+  After a rename the reported name wasn't updated, or even an empty string.
+  Inotify doesn't provide any good facilities to update it, so just remove the
+  watcher. This is already how it worked on kqueue and FEN.
+
+  On Windows this does work, and remains working.
+
+- windows: don't listen for file attribute changes ([#520])
+
+  File attribute changes are sent as `FILE_ACTION_MODIFIED` by the Windows API,
+  with no way to see if they're a file write or attribute change, so would show
+  up as a fsnotify.Write event. This is never useful, and could result in many
+  spurious Write events.
+
+- windows: return `ErrEventOverflow` if the buffer is full ([#525])
+
+  Before it would merely return "short read", making it hard to detect this
+  error.
+
+- kqueue: make sure events for all files are delivered properly when removing a
+  watched directory ([#526])
+
+  Previously they would get sent with `""` (empty string) or `"."` as the path
+  name.
+
+- kqueue: don't emit spurious Create events for symbolic links ([#524])
+
+  The link would get resolved but kqueue would "forget" it already saw the link
+  itself, resulting on a Create for every Write event for the directory.
+
+- all: return `ErrClosed` on `Add()` when the watcher is closed ([#516])
+
+- other: add `Watcher.Errors` and `Watcher.Events` to the no-op `Watcher` in
+  `backend_other.go`, making it easier to use on unsupported platforms such as
+  WASM, AIX, etc. ([#528])
+
+- other: use the `backend_other.go` no-op if the `appengine` build tag is set;
+  Google AppEngine forbids usage of the unsafe package so the inotify backend
+  won't compile there.
 
-## [1.6.0] - 2022-10-13
+[#371]: https://github.com/fsnotify/fsnotify/pull/371
+[#516]: https://github.com/fsnotify/fsnotify/pull/516
+[#518]: https://github.com/fsnotify/fsnotify/pull/518
+[#520]: https://github.com/fsnotify/fsnotify/pull/520
+[#521]: https://github.com/fsnotify/fsnotify/pull/521
+[#524]: https://github.com/fsnotify/fsnotify/pull/524
+[#525]: https://github.com/fsnotify/fsnotify/pull/525
+[#526]: https://github.com/fsnotify/fsnotify/pull/526
+[#528]: https://github.com/fsnotify/fsnotify/pull/528
+[#537]: https://github.com/fsnotify/fsnotify/pull/537
+[#550]: https://github.com/fsnotify/fsnotify/pull/550
+[#572]: https://github.com/fsnotify/fsnotify/pull/572
 
+1.6.0 - 2022-10-13
+------------------
 This version of fsnotify needs Go 1.16 (this was already the case since 1.5.1,
 but not documented). It also increases the minimum Linux version to 2.6.32.
 
diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md
index d4e6080fe..e480733d1 100644
--- a/vendor/github.com/fsnotify/fsnotify/README.md
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@@ -1,29 +1,31 @@
 fsnotify is a Go library to provide cross-platform filesystem notifications on
-Windows, Linux, macOS, and BSD systems.
+Windows, Linux, macOS, BSD, and illumos.
 
-Go 1.16 or newer is required; the full documentation is at
+Go 1.17 or newer is required; the full documentation is at
 https://pkg.go.dev/github.com/fsnotify/fsnotify
 
-**It's best to read the documentation at pkg.go.dev, as it's pinned to the last
-released version, whereas this README is for the last development version which
-may include additions/changes.**
-
 ---
 
 Platform support:
 
-| Adapter               | OS             | Status                                                       |
-| --------------------- | ---------------| -------------------------------------------------------------|
-| inotify               | Linux 2.6.32+  | Supported                                                    |
-| kqueue                | BSD, macOS     | Supported                                                    |
-| ReadDirectoryChangesW | Windows        | Supported                                                    |
-| FSEvents              | macOS          | [Planned](https://github.com/fsnotify/fsnotify/issues/11)    |
-| FEN                   | Solaris 11     | [In Progress](https://github.com/fsnotify/fsnotify/pull/371) |
-| fanotify              | Linux 5.9+     | [Maybe](https://github.com/fsnotify/fsnotify/issues/114)     |
-| USN Journals          | Windows        | [Maybe](https://github.com/fsnotify/fsnotify/issues/53)      |
-| Polling               | *All*          | [Maybe](https://github.com/fsnotify/fsnotify/issues/9)       |
-
-Linux and macOS should include Android and iOS, but these are currently untested.
+| Backend               | OS         | Status                                                                    |
+| :-------------------- | :--------- | :------------------------------------------------------------------------ |
+| inotify               | Linux      | Supported                                                                 |
+| kqueue                | BSD, macOS | Supported                                                                 |
+| ReadDirectoryChangesW | Windows    | Supported                                                                 |
+| FEN                   | illumos    | Supported                                                                 |
+| fanotify              | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114)                |
+| AHAFS                 | AIX        | [aix branch]; experimental due to lack of maintainer and test environment |
+| FSEvents              | macOS      | [Needs support in x/sys/unix][fsevents]                                   |
+| USN Journals          | Windows    | [Needs support in x/sys/windows][usn]                                     |
+| Polling               | *All*      | [Not yet](https://github.com/fsnotify/fsnotify/issues/9)                  |
+
+Linux and illumos should include Android and Solaris, but these are currently
+untested.
+
+[fsevents]:   https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120
+[usn]:        https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847
+[aix branch]: https://github.com/fsnotify/fsnotify/issues/353#issuecomment-1284590129
 
 Usage
 -----
@@ -83,20 +85,23 @@ run with:
 
     % go run ./cmd/fsnotify
 
+Further detailed documentation can be found in godoc:
+https://pkg.go.dev/github.com/fsnotify/fsnotify
+
 FAQ
 ---
 ### Will a file still be watched when it's moved to another directory?
 No, not unless you are watching the location it was moved to.
 
-### Are subdirectories watched too?
+### Are subdirectories watched?
 No, you must add watches for any directory you want to watch (a recursive
 watcher is on the roadmap: [#18]).
 
 [#18]: https://github.com/fsnotify/fsnotify/issues/18
 
 ### Do I have to watch the Error and Event channels in a goroutine?
-As of now, yes (you can read both channels in the same goroutine using `select`,
-you don't need a separate goroutine for both channels; see the example).
+Yes. You can read both channels in the same goroutine using `select` (you don't
+need a separate goroutine for both channels; see the example).
 
 ### Why don't notifications work with NFS, SMB, FUSE, /proc, or /sys?
 fsnotify requires support from underlying OS to work. The current NFS and SMB
@@ -107,6 +112,32 @@ This could be fixed with a polling watcher ([#9]), but it's not yet implemented.
 
 [#9]: https://github.com/fsnotify/fsnotify/issues/9
 
+### Why do I get many Chmod events?
+Some programs may generate a lot of attribute changes; for example Spotlight on
+macOS, anti-virus programs, backup applications, and some others are known to do
+this. As a rule, it's typically best to ignore Chmod events. They're often not
+useful, and tend to cause problems.
+
+Spotlight indexing on macOS can result in multiple events (see [#15]). A
+temporary workaround is to add your folder(s) to the *Spotlight Privacy
+settings* until we have a native FSEvents implementation (see [#11]).
+
+[#11]: https://github.com/fsnotify/fsnotify/issues/11
+[#15]: https://github.com/fsnotify/fsnotify/issues/15
+
+### Watching a file doesn't work well
+Watching individual files (rather than directories) is generally not recommended
+as many programs (especially editors) update files atomically: it will write to
+a temporary file which is then moved to to destination, overwriting the original
+(or some variant thereof). The watcher on the original file is now lost, as that
+no longer exists.
+
+The upshot of this is that a power failure or crash won't leave a half-written
+file.
+
+Watch the parent directory and use `Event.Name` to filter out files you're not
+interested in. There is an example of this in `cmd/fsnotify/file.go`.
+
 Platform-specific notes
 -----------------------
 ### Linux
@@ -151,11 +182,3 @@ these platforms.
 
 The sysctl variables `kern.maxfiles` and `kern.maxfilesperproc` can be used to
 control the maximum number of open files.
-
-### macOS
-Spotlight indexing on macOS can result in multiple events (see [#15]). A temporary
-workaround is to add your folder(s) to the *Spotlight Privacy settings* until we
-have a native FSEvents implementation (see [#11]).
-
-[#11]: https://github.com/fsnotify/fsnotify/issues/11
-[#15]: https://github.com/fsnotify/fsnotify/issues/15
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
index 1a95ad8e7..28497f1dd 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
@@ -1,10 +1,19 @@
 //go:build solaris
 // +build solaris
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+
+	"golang.org/x/sys/unix"
 )
 
 // Watcher watches a set of paths, delivering events on a channel.
@@ -17,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -33,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -58,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -92,44 +107,129 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
+
+	mu      sync.Mutex
+	port    *unix.EventPort
+	done    chan struct{}       // Channel for sending a "quit message" to the reader goroutine
+	dirs    map[string]struct{} // Explicitly watched directories
+	watches map[string]struct{} // Explicitly watched non-directories
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, errors.New("FEN based watcher not yet supported for fsnotify\n")
+	return NewBufferedWatcher(0)
 }
 
-// Close removes all watches and closes the events channel.
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	w := &Watcher{
+		Events:  make(chan Event, sz),
+		Errors:  make(chan error),
+		dirs:    make(map[string]struct{}),
+		watches: make(map[string]struct{}),
+		done:    make(chan struct{}),
+	}
+
+	var err error
+	w.port, err = unix.NewEventPort()
+	if err != nil {
+		return nil, fmt.Errorf("fsnotify.NewWatcher: %w", err)
+	}
+
+	go w.readEvents()
+	return w, nil
+}
+
+// sendEvent attempts to send an event to the user, returning true if the event
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendEvent(name string, op Op) (sent bool) {
+	select {
+	case w.Events <- Event{Name: name, Op: op}:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+// sendError attempts to send an error to the user, returning true if the error
+// was put in the channel successfully and false if the watcher has been closed.
+func (w *Watcher) sendError(err error) (sent bool) {
+	select {
+	case w.Errors <- err:
+		return true
+	case <-w.done:
+		return false
+	}
+}
+
+func (w *Watcher) isClosed() bool {
+	select {
+	case <-w.done:
+		return true
+	default:
+		return false
+	}
+}
+
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	return nil
+	// Take the lock used by associateFile to prevent lingering events from
+	// being processed after the close
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
+	close(w.done)
+	return w.port.Close()
 }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -139,15 +239,63 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	if w.port.PathIsWatched(name) {
+		return nil
+	}
+
+	_ = getOptions(opts...)
+
+	// Currently we resolve symlinks that were explicitly requested to be
+	// watched. Otherwise we would use LStat here.
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Associate all files in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, true, w.associateFile)
+		if err != nil {
+			return err
+		}
+
+		w.mu.Lock()
+		w.dirs[name] = struct{}{}
+		w.mu.Unlock()
+		return nil
+	}
+
+	err = w.associateFile(name, stat, true)
+	if err != nil {
+		return err
+	}
+
+	w.mu.Lock()
+	w.watches[name] = struct{}{}
+	w.mu.Unlock()
 	return nil
 }
 
@@ -157,6 +305,336 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+	if !w.port.PathIsWatched(name) {
+		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
+	}
+
+	// The user has expressed an intent. Immediately remove this name from
+	// whichever watch list it might be in. If it's not in there the delete
+	// doesn't cause harm.
+	w.mu.Lock()
+	delete(w.watches, name)
+	delete(w.dirs, name)
+	w.mu.Unlock()
+
+	stat, err := os.Stat(name)
+	if err != nil {
+		return err
+	}
+
+	// Remove associations for every file in the directory.
+	if stat.IsDir() {
+		err := w.handleDirectory(name, stat, false, w.dissociateFile)
+		if err != nil {
+			return err
+		}
+		return nil
+	}
+
+	err = w.port.DissociatePath(name)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
+
+// readEvents contains the main loop that runs in a goroutine watching for events.
+func (w *Watcher) readEvents() {
+	// If this function returns, the watcher has been closed and we can close
+	// these channels
+	defer func() {
+		close(w.Errors)
+		close(w.Events)
+	}()
+
+	pevents := make([]unix.PortEvent, 8)
+	for {
+		count, err := w.port.Get(pevents, 1, nil)
+		if err != nil && err != unix.ETIME {
+			// Interrupted system call (count should be 0) ignore and continue
+			if errors.Is(err, unix.EINTR) && count == 0 {
+				continue
+			}
+			// Get failed because we called w.Close()
+			if errors.Is(err, unix.EBADF) && w.isClosed() {
+				return
+			}
+			// There was an error not caused by calling w.Close()
+			if !w.sendError(err) {
+				return
+			}
+		}
+
+		p := pevents[:count]
+		for _, pevent := range p {
+			if pevent.Source != unix.PORT_SOURCE_FILE {
+				// Event from unexpected source received; should never happen.
+				if !w.sendError(errors.New("Event from unexpected source received")) {
+					return
+				}
+				continue
+			}
+
+			err = w.handleEvent(&pevent)
+			if err != nil {
+				if !w.sendError(err) {
+					return
+				}
+			}
+		}
+	}
+}
+
+func (w *Watcher) handleDirectory(path string, stat os.FileInfo, follow bool, handler func(string, os.FileInfo, bool) error) error {
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	// Handle all children of the directory.
+	for _, entry := range files {
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = handler(filepath.Join(path, finfo.Name()), finfo, false)
+		if err != nil {
+			return err
+		}
+	}
+
+	// And finally handle the directory itself.
+	return handler(path, stat, follow)
+}
+
+// handleEvent might need to emit more than one fsnotify event if the events
+// bitmap matches more than one event type (e.g. the file was both modified and
+// had the attributes changed between when the association was created and the
+// when event was returned)
+func (w *Watcher) handleEvent(event *unix.PortEvent) error {
+	var (
+		events     = event.Events
+		path       = event.Path
+		fmode      = event.Cookie.(os.FileMode)
+		reRegister = true
+	)
+
+	w.mu.Lock()
+	_, watchedDir := w.dirs[path]
+	_, watchedPath := w.watches[path]
+	w.mu.Unlock()
+	isWatched := watchedDir || watchedPath
+
+	if events&unix.FILE_DELETE != 0 {
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_FROM != 0 {
+		if !w.sendEvent(path, Rename) {
+			return nil
+		}
+		// Don't keep watching the new file name
+		reRegister = false
+	}
+	if events&unix.FILE_RENAME_TO != 0 {
+		// We don't report a Rename event for this case, because Rename events
+		// are interpreted as referring to the _old_ name of the file, and in
+		// this case the event would refer to the new name of the file. This
+		// type of rename event is not supported by fsnotify.
+
+		// inotify reports a Remove event in this case, so we simulate this
+		// here.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Don't keep watching the file that was removed
+		reRegister = false
+	}
+
+	// The file is gone, nothing left to do.
+	if !reRegister {
+		if watchedDir {
+			w.mu.Lock()
+			delete(w.dirs, path)
+			w.mu.Unlock()
+		}
+		if watchedPath {
+			w.mu.Lock()
+			delete(w.watches, path)
+			w.mu.Unlock()
+		}
+		return nil
+	}
+
+	// If we didn't get a deletion the file still exists and we're going to have
+	// to watch it again. Let's Stat it now so that we can compare permissions
+	// and have what we need to continue watching the file
+
+	stat, err := os.Lstat(path)
+	if err != nil {
+		// This is unexpected, but we should still emit an event. This happens
+		// most often on "rm -r" of a subdirectory inside a watched directory We
+		// get a modify event of something happening inside, but by the time we
+		// get here, the sudirectory is already gone. Clearly we were watching
+		// this path but now it is gone. Let's tell the user that it was
+		// removed.
+		if !w.sendEvent(path, Remove) {
+			return nil
+		}
+		// Suppress extra write events on removed directories; they are not
+		// informative and can be confusing.
+		return nil
+	}
+
+	// resolve symlinks that were explicitly watched as we would have at Add()
+	// time. this helps suppress spurious Chmod events on watched symlinks
+	if isWatched {
+		stat, err = os.Stat(path)
+		if err != nil {
+			// The symlink still exists, but the target is gone. Report the
+			// Remove similar to above.
+			if !w.sendEvent(path, Remove) {
+				return nil
+			}
+			// Don't return the error
+		}
+	}
+
+	if events&unix.FILE_MODIFIED != 0 {
+		if fmode.IsDir() {
+			if watchedDir {
+				if err := w.updateDirectory(path); err != nil {
+					return err
+				}
+			} else {
+				if !w.sendEvent(path, Write) {
+					return nil
+				}
+			}
+		} else {
+			if !w.sendEvent(path, Write) {
+				return nil
+			}
+		}
+	}
+	if events&unix.FILE_ATTRIB != 0 && stat != nil {
+		// Only send Chmod if perms changed
+		if stat.Mode().Perm() != fmode.Perm() {
+			if !w.sendEvent(path, Chmod) {
+				return nil
+			}
+		}
+	}
+
+	if stat != nil {
+		// If we get here, it means we've hit an event above that requires us to
+		// continue watching the file or directory
+		return w.associateFile(path, stat, isWatched)
+	}
+	return nil
+}
+
+func (w *Watcher) updateDirectory(path string) error {
+	// The directory was modified, so we must find unwatched entities and watch
+	// them. If something was removed from the directory, nothing will happen,
+	// as everything else should still be watched.
+	files, err := os.ReadDir(path)
+	if err != nil {
+		return err
+	}
+
+	for _, entry := range files {
+		path := filepath.Join(path, entry.Name())
+		if w.port.PathIsWatched(path) {
+			continue
+		}
+
+		finfo, err := entry.Info()
+		if err != nil {
+			return err
+		}
+		err = w.associateFile(path, finfo, false)
+		if err != nil {
+			if !w.sendError(err) {
+				return nil
+			}
+		}
+		if !w.sendEvent(path, Create) {
+			return nil
+		}
+	}
+	return nil
+}
+
+func (w *Watcher) associateFile(path string, stat os.FileInfo, follow bool) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+	// This is primarily protecting the call to AssociatePath but it is
+	// important and intentional that the call to PathIsWatched is also
+	// protected by this mutex. Without this mutex, AssociatePath has been seen
+	// to error out that the path is already associated.
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	if w.port.PathIsWatched(path) {
+		// Remove the old association in favor of this one If we get ENOENT,
+		// then while the x/sys/unix wrapper still thought that this path was
+		// associated, the underlying event port did not. This call will have
+		// cleared up that discrepancy. The most likely cause is that the event
+		// has fired but we haven't processed it yet.
+		err := w.port.DissociatePath(path)
+		if err != nil && err != unix.ENOENT {
+			return err
+		}
+	}
+	// FILE_NOFOLLOW means we watch symlinks themselves rather than their
+	// targets.
+	events := unix.FILE_MODIFIED | unix.FILE_ATTRIB | unix.FILE_NOFOLLOW
+	if follow {
+		// We *DO* follow symlinks for explicitly watched entries.
+		events = unix.FILE_MODIFIED | unix.FILE_ATTRIB
+	}
+	return w.port.AssociatePath(path, stat,
+		events,
+		stat.Mode())
+}
+
+func (w *Watcher) dissociateFile(path string, stat os.FileInfo, unused bool) error {
+	if !w.port.PathIsWatched(path) {
+		return nil
+	}
+	return w.port.DissociatePath(path)
+}
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	entries := make([]string, 0, len(w.watches)+len(w.dirs))
+	for pathname := range w.dirs {
+		entries = append(entries, pathname)
+	}
+	for pathname := range w.watches {
+		entries = append(entries, pathname)
+	}
+
+	return entries
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
index 54c77fbb0..921c1c1e4 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
@@ -1,5 +1,8 @@
-//go:build linux
-// +build linux
+//go:build linux && !appengine
+// +build linux,!appengine
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
@@ -26,9 +29,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -42,16 +45,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -67,14 +70,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -101,36 +110,148 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	// Store fd here as os.File.Read() will no longer return on close after
 	// calling Fd(). See: https://github.com/golang/go/issues/26439
 	fd          int
-	mu          sync.Mutex // Map access
 	inotifyFile *os.File
-	watches     map[string]*watch // Map of inotify watches (key: path)
-	paths       map[int]string    // Map of watched paths (key: watch descriptor)
-	done        chan struct{}     // Channel for sending a "quit message" to the reader goroutine
-	doneResp    chan struct{}     // Channel to respond to Close
+	watches     *watches
+	done        chan struct{} // Channel for sending a "quit message" to the reader goroutine
+	closeMu     sync.Mutex
+	doneResp    chan struct{} // Channel to respond to Close
+}
+
+type (
+	watches struct {
+		mu   sync.RWMutex
+		wd   map[uint32]*watch // wd → watch
+		path map[string]uint32 // pathname → wd
+	}
+	watch struct {
+		wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
+		flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
+		path  string // Watch path.
+	}
+)
+
+func newWatches() *watches {
+	return &watches{
+		wd:   make(map[uint32]*watch),
+		path: make(map[string]uint32),
+	}
+}
+
+func (w *watches) len() int {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return len(w.wd)
+}
+
+func (w *watches) add(ww *watch) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	w.wd[ww.wd] = ww
+	w.path[ww.path] = ww.wd
+}
+
+func (w *watches) remove(wd uint32) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	delete(w.path, w.wd[wd].path)
+	delete(w.wd, wd)
+}
+
+func (w *watches) removePath(path string) (uint32, bool) {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	wd, ok := w.path[path]
+	if !ok {
+		return 0, false
+	}
+
+	delete(w.path, path)
+	delete(w.wd, wd)
+
+	return wd, true
+}
+
+func (w *watches) byPath(path string) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[w.path[path]]
+}
+
+func (w *watches) byWd(wd uint32) *watch {
+	w.mu.RLock()
+	defer w.mu.RUnlock()
+	return w.wd[wd]
+}
+
+func (w *watches) updatePath(path string, f func(*watch) (*watch, error)) error {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+
+	var existing *watch
+	wd, ok := w.path[path]
+	if ok {
+		existing = w.wd[wd]
+	}
+
+	upd, err := f(existing)
+	if err != nil {
+		return err
+	}
+	if upd != nil {
+		w.wd[upd.wd] = upd
+		w.path[upd.path] = upd.wd
+
+		if upd.wd != wd {
+			delete(w.wd, wd)
+		}
+	}
+
+	return nil
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	// Create inotify fd
-	// Need to set the FD to nonblocking mode in order for SetDeadline methods to work
-	// Otherwise, blocking i/o operations won't terminate on close
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
+	// Need to set nonblocking mode for SetDeadline to work, otherwise blocking
+	// I/O operations won't terminate on close.
 	fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK)
 	if fd == -1 {
 		return nil, errno
@@ -139,9 +260,8 @@ func NewWatcher() (*Watcher, error) {
 	w := &Watcher{
 		fd:          fd,
 		inotifyFile: os.NewFile(uintptr(fd), ""),
-		watches:     make(map[string]*watch),
-		paths:       make(map[int]string),
-		Events:      make(chan Event),
+		watches:     newWatches(),
+		Events:      make(chan Event, sz),
 		Errors:      make(chan error),
 		done:        make(chan struct{}),
 		doneResp:    make(chan struct{}),
@@ -157,8 +277,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -180,17 +300,15 @@ func (w *Watcher) isClosed() bool {
 	}
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
+	w.closeMu.Lock()
 	if w.isClosed() {
-		w.mu.Unlock()
+		w.closeMu.Unlock()
 		return nil
 	}
-
-	// Send 'close' signal to goroutine, and set the Watcher to closed.
 	close(w.done)
-	w.mu.Unlock()
+	w.closeMu.Unlock()
 
 	// Causes any blocking reads to return with an error, provided the file
 	// still supports deadline operations.
@@ -207,17 +325,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -227,44 +349,59 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	name = filepath.Clean(name)
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
 	if w.isClosed() {
-		return errors.New("inotify instance already closed")
+		return ErrClosed
 	}
 
+	name = filepath.Clean(name)
+	_ = getOptions(opts...)
+
 	var flags uint32 = unix.IN_MOVED_TO | unix.IN_MOVED_FROM |
 		unix.IN_CREATE | unix.IN_ATTRIB | unix.IN_MODIFY |
 		unix.IN_MOVE_SELF | unix.IN_DELETE | unix.IN_DELETE_SELF
 
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watchEntry := w.watches[name]
-	if watchEntry != nil {
-		flags |= watchEntry.flags | unix.IN_MASK_ADD
-	}
-	wd, errno := unix.InotifyAddWatch(w.fd, name, flags)
-	if wd == -1 {
-		return errno
-	}
+	return w.watches.updatePath(name, func(existing *watch) (*watch, error) {
+		if existing != nil {
+			flags |= existing.flags | unix.IN_MASK_ADD
+		}
 
-	if watchEntry == nil {
-		w.watches[name] = &watch{wd: uint32(wd), flags: flags}
-		w.paths[wd] = name
-	} else {
-		watchEntry.wd = uint32(wd)
-		watchEntry.flags = flags
-	}
+		wd, err := unix.InotifyAddWatch(w.fd, name, flags)
+		if wd == -1 {
+			return nil, err
+		}
 
-	return nil
+		if existing == nil {
+			return &watch{
+				wd:    uint32(wd),
+				path:  name,
+				flags: flags,
+			}, nil
+		}
+
+		existing.wd = uint32(wd)
+		existing.flags = flags
+		return existing, nil
+	})
 }
 
 // Remove stops monitoring the path for changes.
@@ -273,32 +410,22 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
-	name = filepath.Clean(name)
-
-	// Fetch the watch.
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	watch, ok := w.watches[name]
+	if w.isClosed() {
+		return nil
+	}
+	return w.remove(filepath.Clean(name))
+}
 
-	// Remove it from inotify.
+func (w *Watcher) remove(name string) error {
+	wd, ok := w.watches.removePath(name)
 	if !ok {
 		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
 	}
 
-	// We successfully removed the watch if InotifyRmWatch doesn't return an
-	// error, we need to clean up our internal state to ensure it matches
-	// inotify's kernel state.
-	delete(w.paths, int(watch.wd))
-	delete(w.watches, name)
-
-	// inotify_rm_watch will return EINVAL if the file has been deleted;
-	// the inotify will already have been removed.
-	// watches and pathes are deleted in ignoreLinux() implicitly and asynchronously
-	// by calling inotify_rm_watch() below. e.g. readEvents() goroutine receives IN_IGNORE
-	// so that EINVAL means that the wd is being rm_watch()ed or its file removed
-	// by another thread and we have not received IN_IGNORE event.
-	success, errno := unix.InotifyRmWatch(w.fd, watch.wd)
+	success, errno := unix.InotifyRmWatch(w.fd, wd)
 	if success == -1 {
 		// TODO: Perhaps it's not helpful to return an error here in every case;
 		//       The only two possible errors are:
@@ -312,28 +439,28 @@ func (w *Watcher) Remove(name string) error {
 		//         are watching is deleted.
 		return errno
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
-	w.mu.Lock()
-	defer w.mu.Unlock()
+	if w.isClosed() {
+		return nil
+	}
 
-	entries := make([]string, 0, len(w.watches))
-	for pathname := range w.watches {
+	entries := make([]string, 0, w.watches.len())
+	w.watches.mu.RLock()
+	for pathname := range w.watches.path {
 		entries = append(entries, pathname)
 	}
+	w.watches.mu.RUnlock()
 
 	return entries
 }
 
-type watch struct {
-	wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
-	flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
-}
-
 // readEvents reads from the inotify file descriptor, converts the
 // received events into Event objects and sends them via the Events channel
 func (w *Watcher) readEvents() {
@@ -367,14 +494,11 @@ func (w *Watcher) readEvents() {
 		if n < unix.SizeofInotifyEvent {
 			var err error
 			if n == 0 {
-				// If EOF is received. This should really never happen.
-				err = io.EOF
+				err = io.EOF // If EOF is received. This should really never happen.
 			} else if n < 0 {
-				// If an error occurred while reading.
-				err = errno
+				err = errno // If an error occurred while reading.
 			} else {
-				// Read was too short.
-				err = errors.New("notify: short read in readEvents()")
+				err = errors.New("notify: short read in readEvents()") // Read was too short.
 			}
 			if !w.sendError(err) {
 				return
@@ -403,18 +527,29 @@ func (w *Watcher) readEvents() {
 			// doesn't append the filename to the event, but we would like to always fill the
 			// the "Name" field with a valid filename. We retrieve the path of the watch from
 			// the "paths" map.
-			w.mu.Lock()
-			name, ok := w.paths[int(raw.Wd)]
-			// IN_DELETE_SELF occurs when the file/directory being watched is removed.
-			// This is a sign to clean up the maps, otherwise we are no longer in sync
-			// with the inotify kernel state which has already deleted the watch
-			// automatically.
-			if ok && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
-				delete(w.paths, int(raw.Wd))
-				delete(w.watches, name)
+			watch := w.watches.byWd(uint32(raw.Wd))
+
+			// inotify will automatically remove the watch on deletes; just need
+			// to clean our state here.
+			if watch != nil && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
+				w.watches.remove(watch.wd)
+			}
+			// We can't really update the state when a watched path is moved;
+			// only IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove
+			// the watch.
+			if watch != nil && mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF {
+				err := w.remove(watch.path)
+				if err != nil && !errors.Is(err, ErrNonExistentWatch) {
+					if !w.sendError(err) {
+						return
+					}
+				}
 			}
-			w.mu.Unlock()
 
+			var name string
+			if watch != nil {
+				name = watch.path
+			}
 			if nameLen > 0 {
 				// Point "bytes" at the first byte of the filename
 				bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen]
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
index 29087469b..063a0915a 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
@@ -1,12 +1,14 @@
 //go:build freebsd || openbsd || netbsd || dragonfly || darwin
 // +build freebsd openbsd netbsd dragonfly darwin
 
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
@@ -24,9 +26,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -40,16 +42,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -65,14 +67,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -99,18 +107,27 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	done         chan struct{}
@@ -133,6 +150,18 @@ type pathInfo struct {
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(0)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	kq, closepipe, err := newKqueue()
 	if err != nil {
 		return nil, err
@@ -147,7 +176,7 @@ func NewWatcher() (*Watcher, error) {
 		paths:        make(map[int]pathInfo),
 		fileExists:   make(map[string]struct{}),
 		userWatches:  make(map[string]struct{}),
-		Events:       make(chan Event),
+		Events:       make(chan Event, sz),
 		Errors:       make(chan error),
 		done:         make(chan struct{}),
 	}
@@ -197,8 +226,8 @@ func (w *Watcher) sendEvent(e Event) bool {
 	case w.Events <- e:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
 // Returns true if the error was sent, or false if watcher is closed.
@@ -207,11 +236,11 @@ func (w *Watcher) sendError(err error) bool {
 	case w.Errors <- err:
 		return true
 	case <-w.done:
+		return false
 	}
-	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
 	w.mu.Lock()
 	if w.isClosed {
@@ -239,17 +268,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -259,15 +292,28 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	_ = getOptions(opts...)
+
 	w.mu.Lock()
 	w.userWatches[name] = struct{}{}
 	w.mu.Unlock()
@@ -281,9 +327,19 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	return w.remove(name, true)
+}
+
+func (w *Watcher) remove(name string, unwatchFiles bool) error {
 	name = filepath.Clean(name)
 	w.mu.Lock()
+	if w.isClosed {
+		w.mu.Unlock()
+		return nil
+	}
 	watchfd, ok := w.watches[name]
 	w.mu.Unlock()
 	if !ok {
@@ -315,7 +371,7 @@ func (w *Watcher) Remove(name string) error {
 	w.mu.Unlock()
 
 	// Find all watched paths that are in this directory that are not external.
-	if isDir {
+	if unwatchFiles && isDir {
 		var pathsToRemove []string
 		w.mu.Lock()
 		for fd := range w.watchesByDir[name] {
@@ -326,20 +382,25 @@ func (w *Watcher) Remove(name string) error {
 		}
 		w.mu.Unlock()
 		for _, name := range pathsToRemove {
-			// Since these are internal, not much sense in propagating error
-			// to the user, as that will just confuse them with an error about
-			// a path they did not explicitly watch themselves.
+			// Since these are internal, not much sense in propagating error to
+			// the user, as that will just confuse them with an error about a
+			// path they did not explicitly watch themselves.
 			w.Remove(name)
 		}
 	}
-
 	return nil
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
 	w.mu.Lock()
 	defer w.mu.Unlock()
+	if w.isClosed {
+		return nil
+	}
 
 	entries := make([]string, 0, len(w.userWatches))
 	for pathname := range w.userWatches {
@@ -352,18 +413,18 @@ func (w *Watcher) WatchList() []string {
 // Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE)
 const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME
 
-// addWatch adds name to the watched file set.
-// The flags are interpreted as described in kevent(2).
-// Returns the real path to the file which was added, if any, which may be different from the one passed in the case of symlinks.
+// addWatch adds name to the watched file set; the flags are interpreted as
+// described in kevent(2).
+//
+// Returns the real path to the file which was added, with symlinks resolved.
 func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 	var isDir bool
-	// Make ./name and name equivalent
 	name = filepath.Clean(name)
 
 	w.mu.Lock()
 	if w.isClosed {
 		w.mu.Unlock()
-		return "", errors.New("kevent instance already closed")
+		return "", ErrClosed
 	}
 	watchfd, alreadyWatching := w.watches[name]
 	// We already have a watch, but we can still override flags.
@@ -383,27 +444,30 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			return "", nil
 		}
 
-		// Follow Symlinks
-		//
-		// Linux can add unresolvable symlinks to the watch list without issue,
-		// and Windows can't do symlinks period. To maintain consistency, we
-		// will act like everything is fine if the link can't be resolved.
-		// There will simply be no file events for broken symlinks. Hence the
-		// returns of nil on errors.
+		// Follow Symlinks.
 		if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
-			name, err = filepath.EvalSymlinks(name)
+			link, err := os.Readlink(name)
 			if err != nil {
+				// Return nil because Linux can add unresolvable symlinks to the
+				// watch list without problems, so maintain consistency with
+				// that. There will be no file events for broken symlinks.
+				// TODO: more specific check; returns os.PathError; ENOENT?
 				return "", nil
 			}
 
 			w.mu.Lock()
-			_, alreadyWatching = w.watches[name]
+			_, alreadyWatching = w.watches[link]
 			w.mu.Unlock()
 
 			if alreadyWatching {
-				return name, nil
+				// Add to watches so we don't get spurious Create events later
+				// on when we diff the directories.
+				w.watches[name] = 0
+				w.fileExists[name] = struct{}{}
+				return link, nil
 			}
 
+			name = link
 			fi, err = os.Lstat(name)
 			if err != nil {
 				return "", nil
@@ -411,7 +475,7 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 		}
 
 		// Retry on EINTR; open() can return EINTR in practice on macOS.
-		// See #354, and go issues 11180 and 39237.
+		// See #354, and Go issues 11180 and 39237.
 		for {
 			watchfd, err = unix.Open(name, openMode, 0)
 			if err == nil {
@@ -444,14 +508,13 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 			w.watchesByDir[parentName] = watchesByDir
 		}
 		watchesByDir[watchfd] = struct{}{}
-
 		w.paths[watchfd] = pathInfo{name: name, isDir: isDir}
 		w.mu.Unlock()
 	}
 
 	if isDir {
-		// Watch the directory if it has not been watched before,
-		// or if it was watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
+		// Watch the directory if it has not been watched before, or if it was
+		// watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
 		w.mu.Lock()
 
 		watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE &&
@@ -473,13 +536,10 @@ func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
 // Event values that it sends down the Events channel.
 func (w *Watcher) readEvents() {
 	defer func() {
-		err := unix.Close(w.kq)
-		if err != nil {
-			w.Errors <- err
-		}
-		unix.Close(w.closepipe[0])
 		close(w.Events)
 		close(w.Errors)
+		_ = unix.Close(w.kq)
+		unix.Close(w.closepipe[0])
 	}()
 
 	eventBuffer := make([]unix.Kevent_t, 10)
@@ -513,18 +573,8 @@ func (w *Watcher) readEvents() {
 
 			event := w.newEvent(path.name, mask)
 
-			if path.isDir && !event.Has(Remove) {
-				// Double check to make sure the directory exists. This can
-				// happen when we do a rm -fr on a recursively watched folders
-				// and we receive a modification event first but the folder has
-				// been deleted and later receive the delete event.
-				if _, err := os.Lstat(event.Name); os.IsNotExist(err) {
-					event.Op |= Remove
-				}
-			}
-
 			if event.Has(Rename) || event.Has(Remove) {
-				w.Remove(event.Name)
+				w.remove(event.Name, false)
 				w.mu.Lock()
 				delete(w.fileExists, event.Name)
 				w.mu.Unlock()
@@ -540,26 +590,30 @@ func (w *Watcher) readEvents() {
 			}
 
 			if event.Has(Remove) {
-				// Look for a file that may have overwritten this.
-				// For example, mv f1 f2 will delete f2, then create f2.
+				// Look for a file that may have overwritten this; for example,
+				// mv f1 f2 will delete f2, then create f2.
 				if path.isDir {
 					fileDir := filepath.Clean(event.Name)
 					w.mu.Lock()
 					_, found := w.watches[fileDir]
 					w.mu.Unlock()
 					if found {
-						// make sure the directory exists before we watch for changes. When we
-						// do a recursive watch and perform rm -fr, the parent directory might
-						// have gone missing, ignore the missing directory and let the
-						// upcoming delete event remove the watch from the parent directory.
-						if _, err := os.Lstat(fileDir); err == nil {
-							w.sendDirectoryChangeEvents(fileDir)
+						err := w.sendDirectoryChangeEvents(fileDir)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
 						}
 					}
 				} else {
 					filePath := filepath.Clean(event.Name)
-					if fileInfo, err := os.Lstat(filePath); err == nil {
-						w.sendFileCreatedEventIfNew(filePath, fileInfo)
+					if fi, err := os.Lstat(filePath); err == nil {
+						err := w.sendFileCreatedEventIfNew(filePath, fi)
+						if err != nil {
+							if !w.sendError(err) {
+								closed = true
+							}
+						}
 					}
 				}
 			}
@@ -582,21 +636,31 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB {
 		e.Op |= Chmod
 	}
+	// No point sending a write and delete event at the same time: if it's gone,
+	// then it's gone.
+	if e.Op.Has(Write) && e.Op.Has(Remove) {
+		e.Op &^= Write
+	}
 	return e
 }
 
 // watchDirectoryFiles to mimic inotify when adding a watch on a directory
 func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 	// Get all files
-	files, err := ioutil.ReadDir(dirPath)
+	files, err := os.ReadDir(dirPath)
 	if err != nil {
 		return err
 	}
 
-	for _, fileInfo := range files {
-		path := filepath.Join(dirPath, fileInfo.Name())
+	for _, f := range files {
+		path := filepath.Join(dirPath, f.Name())
+
+		fi, err := f.Info()
+		if err != nil {
+			return fmt.Errorf("%q: %w", path, err)
+		}
 
-		cleanPath, err := w.internalWatch(path, fileInfo)
+		cleanPath, err := w.internalWatch(path, fi)
 		if err != nil {
 			// No permission to read the file; that's not a problem: just skip.
 			// But do add it to w.fileExists to prevent it from being picked up
@@ -606,7 +670,7 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 			case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM):
 				cleanPath = filepath.Clean(path)
 			default:
-				return fmt.Errorf("%q: %w", filepath.Join(dirPath, fileInfo.Name()), err)
+				return fmt.Errorf("%q: %w", path, err)
 			}
 		}
 
@@ -622,26 +686,37 @@ func (w *Watcher) watchDirectoryFiles(dirPath string) error {
 //
 // This functionality is to have the BSD watcher match the inotify, which sends
 // a create event for files created in a watched directory.
-func (w *Watcher) sendDirectoryChangeEvents(dir string) {
-	// Get all files
-	files, err := ioutil.ReadDir(dir)
+func (w *Watcher) sendDirectoryChangeEvents(dir string) error {
+	files, err := os.ReadDir(dir)
 	if err != nil {
-		if !w.sendError(fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)) {
-			return
+		// Directory no longer exists: we can ignore this safely. kqueue will
+		// still give us the correct events.
+		if errors.Is(err, os.ErrNotExist) {
+			return nil
 		}
+		return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 	}
 
-	// Search for new files
-	for _, fi := range files {
-		err := w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+	for _, f := range files {
+		fi, err := f.Info()
 		if err != nil {
-			return
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
+		}
+
+		err = w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
+		if err != nil {
+			// Don't need to send an error if this file isn't readable.
+			if errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) {
+				return nil
+			}
+			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
 		}
 	}
+	return nil
 }
 
 // sendFileCreatedEvent sends a create event if the file isn't already being tracked.
-func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInfo) (err error) {
+func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fi os.FileInfo) (err error) {
 	w.mu.Lock()
 	_, doesExist := w.fileExists[filePath]
 	w.mu.Unlock()
@@ -652,7 +727,7 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	}
 
 	// like watchDirectoryFiles (but without doing another ReadDir)
-	filePath, err = w.internalWatch(filePath, fileInfo)
+	filePath, err = w.internalWatch(filePath, fi)
 	if err != nil {
 		return err
 	}
@@ -664,10 +739,10 @@ func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fileInfo os.FileInf
 	return nil
 }
 
-func (w *Watcher) internalWatch(name string, fileInfo os.FileInfo) (string, error) {
-	if fileInfo.IsDir() {
-		// mimic Linux providing delete events for subdirectories
-		// but preserve the flags used if currently watching subdirectory
+func (w *Watcher) internalWatch(name string, fi os.FileInfo) (string, error) {
+	if fi.IsDir() {
+		// mimic Linux providing delete events for subdirectories, but preserve
+		// the flags used if currently watching subdirectory
 		w.mu.Lock()
 		flags := w.dirFlags[name]
 		w.mu.Unlock()
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_other.go b/vendor/github.com/fsnotify/fsnotify/backend_other.go
index a9bb1c3c4..d34a23c01 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_other.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_other.go
@@ -1,39 +1,169 @@
-//go:build !darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows
-// +build !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+//go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
+// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
+
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
 
 package fsnotify
 
-import (
-	"fmt"
-	"runtime"
-)
+import "errors"
 
-// Watcher watches a set of files, delivering events to a channel.
-type Watcher struct{}
+// Watcher watches a set of paths, delivering events on a channel.
+//
+// A watcher should not be copied (e.g. pass it by pointer, rather than by
+// value).
+//
+// # Linux notes
+//
+// When a file is removed a Remove event won't be emitted until all file
+// descriptors are closed, and deletes will always emit a Chmod. For example:
+//
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
+//
+// This is the event that inotify sends, so not much can be changed about this.
+//
+// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
+// for the number of watches per user, and fs.inotify.max_user_instances
+// specifies the maximum number of inotify instances per user. Every Watcher you
+// create is an "instance", and every path you add is a "watch".
+//
+// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
+// /proc/sys/fs/inotify/max_user_instances
+//
+// To increase them you can use sysctl or write the value to the /proc file:
+//
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
+//
+// To make the changes persist on reboot edit /etc/sysctl.conf or
+// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
+// your distro's documentation):
+//
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
+//
+// Reaching the limit will result in a "no space left on device" or "too many open
+// files" error.
+//
+// # kqueue notes (macOS, BSD)
+//
+// kqueue requires opening a file descriptor for every file that's being watched;
+// so if you're watching a directory with five files then that's six file
+// descriptors. You will run in to your system's "max open files" limit faster on
+// these platforms.
+//
+// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
+// control the maximum number of open files, as well as /etc/login.conf on BSD
+// systems.
+//
+// # Windows notes
+//
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
+//
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
+type Watcher struct {
+	// Events sends the filesystem change events.
+	//
+	// fsnotify can send the following events; a "path" here can refer to a
+	// file, directory, symbolic link, or special file like a FIFO.
+	//
+	//   fsnotify.Create    A new path was created; this may be followed by one
+	//                      or more Write events if data also gets written to a
+	//                      file.
+	//
+	//   fsnotify.Remove    A path was removed.
+	//
+	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
+	//                      old path as Event.Name, and a Create event will be
+	//                      sent with the new name. Renames are only sent for
+	//                      paths that are currently watched; e.g. moving an
+	//                      unmonitored file into a monitored directory will
+	//                      show up as just a Create. Similarly, renaming a file
+	//                      to outside a monitored directory will show up as
+	//                      only a Rename.
+	//
+	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
+	//                      also trigger a Write. A single "write action"
+	//                      initiated by the user may show up as one or multiple
+	//                      writes, depending on when the system syncs things to
+	//                      disk. For example when compiling a large Go program
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
+	//
+	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
+	//                      when a file is removed (or more accurately, when a
+	//                      link to an inode is removed). On kqueue it's sent
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
+	Events chan Event
+
+	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
+	Errors chan error
+}
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
-	return nil, fmt.Errorf("fsnotify not supported on %s", runtime.GOOS)
+	return nil, errors.New("fsnotify not supported on the current platform")
 }
 
-// Close removes all watches and closes the events channel.
-func (w *Watcher) Close() error {
-	return nil
-}
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) { return NewWatcher() }
+
+// Close removes all watches and closes the Events channel.
+func (w *Watcher) Close() error { return nil }
+
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) WatchList() []string { return nil }
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -43,17 +173,26 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	return nil
-}
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return nil }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error { return nil }
 
 // Remove stops monitoring the path for changes.
 //
@@ -61,6 +200,6 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
-func (w *Watcher) Remove(name string) error {
-	return nil
-}
+//
+// Returns nil if [Watcher.Close] was called.
+func (w *Watcher) Remove(name string) error { return nil }
diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
index ae392867c..9bc91e5d6 100644
--- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
@@ -1,6 +1,13 @@
 //go:build windows
 // +build windows
 
+// Windows backend based on ReadDirectoryChangesW()
+//
+// https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+//
+// Note: the documentation on the Watcher type and methods is generated from
+// mkdoc.zsh
+
 package fsnotify
 
 import (
@@ -27,9 +34,9 @@ import (
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -43,16 +50,16 @@ import (
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -68,14 +75,20 @@ import (
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\path\to\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 type Watcher struct {
 	// Events sends the filesystem change events.
 	//
@@ -102,31 +115,52 @@ type Watcher struct {
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 	Events chan Event
 
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 	Errors chan error
 
 	port  windows.Handle // Handle to completion port
 	input chan *input    // Inputs to the reader are sent on this channel
 	quit  chan chan<- error
 
-	mu       sync.Mutex // Protects access to watches, isClosed
-	watches  watchMap   // Map of watches (key: i-number)
-	isClosed bool       // Set to true when Close() is first called
+	mu      sync.Mutex // Protects access to watches, closed
+	watches watchMap   // Map of watches (key: i-number)
+	closed  bool       // Set to true when Close() is first called
 }
 
 // NewWatcher creates a new Watcher.
 func NewWatcher() (*Watcher, error) {
+	return NewBufferedWatcher(50)
+}
+
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+func NewBufferedWatcher(sz uint) (*Watcher, error) {
 	port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0)
 	if err != nil {
 		return nil, os.NewSyscallError("CreateIoCompletionPort", err)
@@ -135,7 +169,7 @@ func NewWatcher() (*Watcher, error) {
 		port:    port,
 		watches: make(watchMap),
 		input:   make(chan *input, 1),
-		Events:  make(chan Event, 50),
+		Events:  make(chan Event, sz),
 		Errors:  make(chan error),
 		quit:    make(chan chan<- error, 1),
 	}
@@ -143,6 +177,12 @@ func NewWatcher() (*Watcher, error) {
 	return w, nil
 }
 
+func (w *Watcher) isClosed() bool {
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.closed
+}
+
 func (w *Watcher) sendEvent(name string, mask uint64) bool {
 	if mask == 0 {
 		return false
@@ -167,14 +207,14 @@ func (w *Watcher) sendError(err error) bool {
 	return false
 }
 
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 func (w *Watcher) Close() error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
+	if w.isClosed() {
 		return nil
 	}
-	w.isClosed = true
+
+	w.mu.Lock()
+	w.closed = true
 	w.mu.Unlock()
 
 	// Send "quit" message to the reader goroutine
@@ -188,17 +228,21 @@ func (w *Watcher) Close() error {
 
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -208,27 +252,41 @@ func (w *Watcher) Close() error {
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
-func (w *Watcher) Add(name string) error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return errors.New("watcher already closed")
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+func (w *Watcher) Add(name string) error { return w.AddWith(name) }
+
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
+func (w *Watcher) AddWith(name string, opts ...addOpt) error {
+	if w.isClosed() {
+		return ErrClosed
+	}
+
+	with := getOptions(opts...)
+	if with.bufsize < 4096 {
+		return fmt.Errorf("fsnotify.WithBufferSize: buffer size cannot be smaller than 4096 bytes")
 	}
-	w.mu.Unlock()
 
 	in := &input{
-		op:    opAddWatch,
-		path:  filepath.Clean(name),
-		flags: sysFSALLEVENTS,
-		reply: make(chan error),
+		op:      opAddWatch,
+		path:    filepath.Clean(name),
+		flags:   sysFSALLEVENTS,
+		reply:   make(chan error),
+		bufsize: with.bufsize,
 	}
 	w.input <- in
 	if err := w.wakeupReader(); err != nil {
@@ -243,7 +301,13 @@ func (w *Watcher) Add(name string) error {
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) Remove(name string) error {
+	if w.isClosed() {
+		return nil
+	}
+
 	in := &input{
 		op:    opRemoveWatch,
 		path:  filepath.Clean(name),
@@ -256,8 +320,15 @@ func (w *Watcher) Remove(name string) error {
 	return <-in.reply
 }
 
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 func (w *Watcher) WatchList() []string {
+	if w.isClosed() {
+		return nil
+	}
+
 	w.mu.Lock()
 	defer w.mu.Unlock()
 
@@ -279,7 +350,6 @@ func (w *Watcher) WatchList() []string {
 // This should all be removed at some point, and just use windows.FILE_NOTIFY_*
 const (
 	sysFSALLEVENTS  = 0xfff
-	sysFSATTRIB     = 0x4
 	sysFSCREATE     = 0x100
 	sysFSDELETE     = 0x200
 	sysFSDELETESELF = 0x400
@@ -305,9 +375,6 @@ func (w *Watcher) newEvent(name string, mask uint32) Event {
 	if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM {
 		e.Op |= Rename
 	}
-	if mask&sysFSATTRIB == sysFSATTRIB {
-		e.Op |= Chmod
-	}
 	return e
 }
 
@@ -321,10 +388,11 @@ const (
 )
 
 type input struct {
-	op    int
-	path  string
-	flags uint32
-	reply chan error
+	op      int
+	path    string
+	flags   uint32
+	bufsize int
+	reply   chan error
 }
 
 type inode struct {
@@ -334,13 +402,14 @@ type inode struct {
 }
 
 type watch struct {
-	ov     windows.Overlapped
-	ino    *inode            // i-number
-	path   string            // Directory path
-	mask   uint64            // Directory itself is being watched with these notify flags
-	names  map[string]uint64 // Map of names being watched and their notify flags
-	rename string            // Remembers the old name while renaming a file
-	buf    [65536]byte       // 64K buffer
+	ov      windows.Overlapped
+	ino     *inode            // i-number
+	recurse bool              // Recursive watch?
+	path    string            // Directory path
+	mask    uint64            // Directory itself is being watched with these notify flags
+	names   map[string]uint64 // Map of names being watched and their notify flags
+	rename  string            // Remembers the old name while renaming a file
+	buf     []byte            // buffer, allocated later
 }
 
 type (
@@ -413,7 +482,10 @@ func (m watchMap) set(ino *inode, watch *watch) {
 }
 
 // Must run within the I/O thread.
-func (w *Watcher) addWatch(pathname string, flags uint64) error {
+func (w *Watcher) addWatch(pathname string, flags uint64, bufsize int) error {
+	//pathname, recurse := recursivePath(pathname)
+	recurse := false
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -433,9 +505,11 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 			return os.NewSyscallError("CreateIoCompletionPort", err)
 		}
 		watchEntry = &watch{
-			ino:   ino,
-			path:  dir,
-			names: make(map[string]uint64),
+			ino:     ino,
+			path:    dir,
+			names:   make(map[string]uint64),
+			recurse: recurse,
+			buf:     make([]byte, bufsize),
 		}
 		w.mu.Lock()
 		w.watches.set(ino, watchEntry)
@@ -465,6 +539,8 @@ func (w *Watcher) addWatch(pathname string, flags uint64) error {
 
 // Must run within the I/O thread.
 func (w *Watcher) remWatch(pathname string) error {
+	pathname, recurse := recursivePath(pathname)
+
 	dir, err := w.getDir(pathname)
 	if err != nil {
 		return err
@@ -478,6 +554,10 @@ func (w *Watcher) remWatch(pathname string) error {
 	watch := w.watches.get(ino)
 	w.mu.Unlock()
 
+	if recurse && !watch.recurse {
+		return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname)
+	}
+
 	err = windows.CloseHandle(ino.handle)
 	if err != nil {
 		w.sendError(os.NewSyscallError("CloseHandle", err))
@@ -535,8 +615,11 @@ func (w *Watcher) startRead(watch *watch) error {
 		return nil
 	}
 
-	rdErr := windows.ReadDirectoryChanges(watch.ino.handle, &watch.buf[0],
-		uint32(unsafe.Sizeof(watch.buf)), false, mask, nil, &watch.ov, 0)
+	// We need to pass the array, rather than the slice.
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf))
+	rdErr := windows.ReadDirectoryChanges(watch.ino.handle,
+		(*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len),
+		watch.recurse, mask, nil, &watch.ov, 0)
 	if rdErr != nil {
 		err := os.NewSyscallError("ReadDirectoryChanges", rdErr)
 		if rdErr == windows.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 {
@@ -563,9 +646,8 @@ func (w *Watcher) readEvents() {
 	runtime.LockOSThread()
 
 	for {
+		// This error is handled after the watch == nil check below.
 		qErr := windows.GetQueuedCompletionStatus(w.port, &n, &key, &ov, windows.INFINITE)
-		// This error is handled after the watch == nil check below. NOTE: this
-		// seems odd, note sure if it's correct.
 
 		watch := (*watch)(unsafe.Pointer(ov))
 		if watch == nil {
@@ -595,7 +677,7 @@ func (w *Watcher) readEvents() {
 			case in := <-w.input:
 				switch in.op {
 				case opAddWatch:
-					in.reply <- w.addWatch(in.path, uint64(in.flags))
+					in.reply <- w.addWatch(in.path, uint64(in.flags), in.bufsize)
 				case opRemoveWatch:
 					in.reply <- w.remWatch(in.path)
 				}
@@ -605,6 +687,8 @@ func (w *Watcher) readEvents() {
 		}
 
 		switch qErr {
+		case nil:
+			// No error
 		case windows.ERROR_MORE_DATA:
 			if watch == nil {
 				w.sendError(errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer"))
@@ -626,13 +710,12 @@ func (w *Watcher) readEvents() {
 		default:
 			w.sendError(os.NewSyscallError("GetQueuedCompletionPort", qErr))
 			continue
-		case nil:
 		}
 
 		var offset uint32
 		for {
 			if n == 0 {
-				w.sendError(errors.New("short read in readEvents()"))
+				w.sendError(ErrEventOverflow)
 				break
 			}
 
@@ -703,8 +786,9 @@ func (w *Watcher) readEvents() {
 
 			// Error!
 			if offset >= n {
+				//lint:ignore ST1005 Windows should be capitalized
 				w.sendError(errors.New(
-					"Windows system assumed buffer larger than it is, events have likely been missed."))
+					"Windows system assumed buffer larger than it is, events have likely been missed"))
 				break
 			}
 		}
@@ -720,9 +804,6 @@ func (w *Watcher) toWindowsFlags(mask uint64) uint32 {
 	if mask&sysFSMODIFY != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_LAST_WRITE
 	}
-	if mask&sysFSATTRIB != 0 {
-		m |= windows.FILE_NOTIFY_CHANGE_ATTRIBUTES
-	}
 	if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 {
 		m |= windows.FILE_NOTIFY_CHANGE_FILE_NAME | windows.FILE_NOTIFY_CHANGE_DIR_NAME
 	}
diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
index 30a5bf0f0..24c99cc49 100644
--- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@@ -1,13 +1,18 @@
-//go:build !plan9
-// +build !plan9
-
 // Package fsnotify provides a cross-platform interface for file system
 // notifications.
+//
+// Currently supported systems:
+//
+//	Linux 2.6.32+    via inotify
+//	BSD, macOS       via kqueue
+//	Windows          via ReadDirectoryChangesW
+//	illumos          via FEN
 package fsnotify
 
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
 	"strings"
 )
 
@@ -33,34 +38,52 @@ type Op uint32
 // The operations fsnotify can trigger; see the documentation on [Watcher] for a
 // full description, and check them with [Event.Has].
 const (
+	// A new pathname was created.
 	Create Op = 1 << iota
+
+	// The pathname was written to; this does *not* mean the write has finished,
+	// and a write can be followed by more writes.
 	Write
+
+	// The path was removed; any watches on it will be removed. Some "remove"
+	// operations may trigger a Rename if the file is actually moved (for
+	// example "remove to trash" is often a rename).
 	Remove
+
+	// The path was renamed to something else; any watched on it will be
+	// removed.
 	Rename
+
+	// File attributes were changed.
+	//
+	// It's generally not recommended to take action on this event, as it may
+	// get triggered very frequently by some software. For example, Spotlight
+	// indexing on macOS, anti-virus software, backup software, etc.
 	Chmod
 )
 
-// Common errors that can be reported by a watcher
+// Common errors that can be reported.
 var (
-	ErrNonExistentWatch = errors.New("can't remove non-existent watcher")
-	ErrEventOverflow    = errors.New("fsnotify queue overflow")
+	ErrNonExistentWatch = errors.New("fsnotify: can't remove non-existent watch")
+	ErrEventOverflow    = errors.New("fsnotify: queue or buffer overflow")
+	ErrClosed           = errors.New("fsnotify: watcher already closed")
 )
 
-func (op Op) String() string {
+func (o Op) String() string {
 	var b strings.Builder
-	if op.Has(Create) {
+	if o.Has(Create) {
 		b.WriteString("|CREATE")
 	}
-	if op.Has(Remove) {
+	if o.Has(Remove) {
 		b.WriteString("|REMOVE")
 	}
-	if op.Has(Write) {
+	if o.Has(Write) {
 		b.WriteString("|WRITE")
 	}
-	if op.Has(Rename) {
+	if o.Has(Rename) {
 		b.WriteString("|RENAME")
 	}
-	if op.Has(Chmod) {
+	if o.Has(Chmod) {
 		b.WriteString("|CHMOD")
 	}
 	if b.Len() == 0 {
@@ -70,7 +93,7 @@ func (op Op) String() string {
 }
 
 // Has reports if this operation has the given operation.
-func (o Op) Has(h Op) bool { return o&h == h }
+func (o Op) Has(h Op) bool { return o&h != 0 }
 
 // Has reports if this event has the given operation.
 func (e Event) Has(op Op) bool { return e.Op.Has(op) }
@@ -79,3 +102,45 @@ func (e Event) Has(op Op) bool { return e.Op.Has(op) }
 func (e Event) String() string {
 	return fmt.Sprintf("%-13s %q", e.Op.String(), e.Name)
 }
+
+type (
+	addOpt   func(opt *withOpts)
+	withOpts struct {
+		bufsize int
+	}
+)
+
+var defaultOpts = withOpts{
+	bufsize: 65536, // 64K
+}
+
+func getOptions(opts ...addOpt) withOpts {
+	with := defaultOpts
+	for _, o := range opts {
+		o(&with)
+	}
+	return with
+}
+
+// WithBufferSize sets the [ReadDirectoryChangesW] buffer size.
+//
+// This only has effect on Windows systems, and is a no-op for other backends.
+//
+// The default value is 64K (65536 bytes) which is the highest value that works
+// on all filesystems and should be enough for most applications, but if you
+// have a large burst of events it may not be enough. You can increase it if
+// you're hitting "queue or buffer overflow" errors ([ErrEventOverflow]).
+//
+// [ReadDirectoryChangesW]: https://learn.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
+func WithBufferSize(bytes int) addOpt {
+	return func(opt *withOpts) { opt.bufsize = bytes }
+}
+
+// Check if this path is recursive (ends with "/..." or "\..."), and return the
+// path with the /... stripped.
+func recursivePath(path string) (string, bool) {
+	if filepath.Base(path) == "..." {
+		return filepath.Dir(path), true
+	}
+	return path, false
+}
diff --git a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
index b09ef7683..99012ae65 100644
--- a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
+++ b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
@@ -2,8 +2,8 @@
 [ "${ZSH_VERSION:-}" = "" ] && echo >&2 "Only works with zsh" && exit 1
 setopt err_exit no_unset pipefail extended_glob
 
-# Simple script to update the godoc comments on all watchers. Probably took me
-# more time to write this than doing it manually, but ah well 🙃
+# Simple script to update the godoc comments on all watchers so you don't need
+# to update the same comment 5 times.
 
 watcher=$(<<EOF
 // Watcher watches a set of paths, delivering events on a channel.
@@ -16,9 +16,9 @@ watcher=$(<<EOF
 // When a file is removed a Remove event won't be emitted until all file
 // descriptors are closed, and deletes will always emit a Chmod. For example:
 //
-//     fp := os.Open("file")
-//     os.Remove("file")        // Triggers Chmod
-//     fp.Close()               // Triggers Remove
+//	fp := os.Open("file")
+//	os.Remove("file")        // Triggers Chmod
+//	fp.Close()               // Triggers Remove
 //
 // This is the event that inotify sends, so not much can be changed about this.
 //
@@ -32,16 +32,16 @@ watcher=$(<<EOF
 //
 // To increase them you can use sysctl or write the value to the /proc file:
 //
-//     # Default values on Linux 5.18
-//     sysctl fs.inotify.max_user_watches=124983
-//     sysctl fs.inotify.max_user_instances=128
+//	# Default values on Linux 5.18
+//	sysctl fs.inotify.max_user_watches=124983
+//	sysctl fs.inotify.max_user_instances=128
 //
 // To make the changes persist on reboot edit /etc/sysctl.conf or
 // /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
 // your distro's documentation):
 //
-//     fs.inotify.max_user_watches=124983
-//     fs.inotify.max_user_instances=128
+//	fs.inotify.max_user_watches=124983
+//	fs.inotify.max_user_instances=128
 //
 // Reaching the limit will result in a "no space left on device" or "too many open
 // files" error.
@@ -57,14 +57,20 @@ watcher=$(<<EOF
 // control the maximum number of open files, as well as /etc/login.conf on BSD
 // systems.
 //
-// # macOS notes
+// # Windows notes
 //
-// Spotlight indexing on macOS can result in multiple events (see [#15]). A
-// temporary workaround is to add your folder(s) to the "Spotlight Privacy
-// Settings" until we have a native FSEvents implementation (see [#11]).
+// Paths can be added as "C:\\path\\to\\dir", but forward slashes
+// ("C:/path/to/dir") will also work.
 //
-// [#11]: https://github.com/fsnotify/fsnotify/issues/11
-// [#15]: https://github.com/fsnotify/fsnotify/issues/15
+// When a watched directory is removed it will always send an event for the
+// directory itself, but may not send events for all files in that directory.
+// Sometimes it will send events for all times, sometimes it will send no
+// events, and often only for some files.
+//
+// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
+// value that is guaranteed to work with SMB filesystems. If you have many
+// events in quick succession this may not be enough, and you will have to use
+// [WithBufferSize] to increase the value.
 EOF
 )
 
@@ -73,20 +79,36 @@ new=$(<<EOF
 EOF
 )
 
+newbuffered=$(<<EOF
+// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
+// channel.
+//
+// The main use case for this is situations with a very large number of events
+// where the kernel buffer size can't be increased (e.g. due to lack of
+// permissions). An unbuffered Watcher will perform better for almost all use
+// cases, and whenever possible you will be better off increasing the kernel
+// buffers instead of adding a large userspace buffer.
+EOF
+)
+
 add=$(<<EOF
 // Add starts monitoring the path for changes.
 //
-// A path can only be watched once; attempting to watch it more than once will
-// return an error. Paths that do not yet exist on the filesystem cannot be
-// added. A watch will be automatically removed if the path is deleted.
+// A path can only be watched once; watching it more than once is a no-op and will
+// not return an error. Paths that do not yet exist on the filesystem cannot be
+// watched.
 //
-// A path will remain watched if it gets renamed to somewhere else on the same
-// filesystem, but the monitor will get removed if the path gets deleted and
-// re-created, or if it's moved to a different filesystem.
+// A watch will be automatically removed if the watched path is deleted or
+// renamed. The exception is the Windows backend, which doesn't remove the
+// watcher on renames.
 //
 // Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
 // filesystems (/proc, /sys, etc.) generally don't work.
 //
+// Returns [ErrClosed] if [Watcher.Close] was called.
+//
+// See [Watcher.AddWith] for a version that allows adding options.
+//
 // # Watching directories
 //
 // All files in a directory are monitored, including new files that are created
@@ -96,14 +118,27 @@ add=$(<<EOF
 // # Watching files
 //
 // Watching individual files (rather than directories) is generally not
-// recommended as many tools update files atomically. Instead of "just" writing
-// to the file a temporary file will be written to first, and if successful the
-// temporary file is moved to to destination removing the original, or some
-// variant thereof. The watcher on the original file is now lost, as it no
-// longer exists.
-//
-// Instead, watch the parent directory and use Event.Name to filter out files
-// you're not interested in. There is an example of this in [cmd/fsnotify/file.go].
+// recommended as many programs (especially editors) update files atomically: it
+// will write to a temporary file which is then moved to to destination,
+// overwriting the original (or some variant thereof). The watcher on the
+// original file is now lost, as that no longer exists.
+//
+// The upshot of this is that a power failure or crash won't leave a
+// half-written file.
+//
+// Watch the parent directory and use Event.Name to filter out files you're not
+// interested in. There is an example of this in cmd/fsnotify/file.go.
+EOF
+)
+
+addwith=$(<<EOF
+// AddWith is like [Watcher.Add], but allows adding options. When using Add()
+// the defaults described below are used.
+//
+// Possible options are:
+//
+//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
+//     other platforms. The default is 64K (65536 bytes).
 EOF
 )
 
@@ -114,16 +149,21 @@ remove=$(<<EOF
 // /tmp/dir and /tmp/dir/subdir then you will need to remove both.
 //
 // Removing a path that has not yet been added returns [ErrNonExistentWatch].
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
 close=$(<<EOF
-// Close removes all watches and closes the events channel.
+// Close removes all watches and closes the Events channel.
 EOF
 )
 
 watchlist=$(<<EOF
-// WatchList returns all paths added with [Add] (and are not yet removed).
+// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
+// yet removed).
+//
+// Returns nil if [Watcher.Close] was called.
 EOF
 )
 
@@ -153,20 +193,29 @@ events=$(<<EOF
 	//                      initiated by the user may show up as one or multiple
 	//                      writes, depending on when the system syncs things to
 	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, so you
-	//                      probably want to wait until you've stopped receiving
-	//                      them (see the dedup example in cmd/fsnotify).
+	//                      you may get hundreds of Write events, and you may
+	//                      want to wait until you've stopped receiving them
+	//                      (see the dedup example in cmd/fsnotify).
+	//
+	//                      Some systems may send Write event for directories
+	//                      when the directory content changes.
 	//
 	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
 	//                      when a file is removed (or more accurately, when a
 	//                      link to an inode is removed). On kqueue it's sent
-	//                      and on kqueue when a file is truncated. On Windows
-	//                      it's never sent.
+	//                      when a file is truncated. On Windows it's never
+	//                      sent.
 EOF
 )
 
 errors=$(<<EOF
 	// Errors sends any errors.
+	//
+	// ErrEventOverflow is used to indicate there are too many events:
+	//
+	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
+	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
+	//  - kqueue, fen:  Not used.
 EOF
 )
 
@@ -200,7 +249,9 @@ set-cmt() {
 
 set-cmt '^type Watcher struct '             $watcher
 set-cmt '^func NewWatcher('                 $new
+set-cmt '^func NewBufferedWatcher('         $newbuffered
 set-cmt '^func (w \*Watcher) Add('          $add
+set-cmt '^func (w \*Watcher) AddWith('      $addwith
 set-cmt '^func (w \*Watcher) Remove('       $remove
 set-cmt '^func (w \*Watcher) Close('        $close
 set-cmt '^func (w \*Watcher) WatchList('    $watchlist
diff --git a/vendor/github.com/ghostiam/protogetter/.goreleaser.yaml b/vendor/github.com/ghostiam/protogetter/.goreleaser.yaml
new file mode 100644
index 000000000..a70d0fb00
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/.goreleaser.yaml
@@ -0,0 +1,24 @@
+before:
+  hooks:
+    - go mod tidy
+builds:
+  - id: protogetter
+    main: ./cmd/protogetter
+    binary: protogetter
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+checksum:
+  name_template: 'checksums.txt'
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+      - '^ci:'
\ No newline at end of file
diff --git a/vendor/github.com/spf13/jwalterweatherman/LICENSE b/vendor/github.com/ghostiam/protogetter/LICENSE
similarity index 94%
rename from vendor/github.com/spf13/jwalterweatherman/LICENSE
rename to vendor/github.com/ghostiam/protogetter/LICENSE
index 4527efb9c..b4449661b 100644
--- a/vendor/github.com/spf13/jwalterweatherman/LICENSE
+++ b/vendor/github.com/ghostiam/protogetter/LICENSE
@@ -1,6 +1,6 @@
-The MIT License (MIT)
+MIT License
 
-Copyright (c) 2014 Steve Francia
+Copyright (c) 2023 Vladislav Fursov (GhostIAm)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/ghostiam/protogetter/Makefile b/vendor/github.com/ghostiam/protogetter/Makefile
new file mode 100644
index 000000000..af4b62bdf
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/Makefile
@@ -0,0 +1,9 @@
+.PHONY: test
+test:
+	cd testdata && make vendor
+	go test -v ./...
+
+.PHONY: install
+install:
+	go install ./cmd/protogetter
+	@echo "Installed in $(shell which protogetter)"
diff --git a/vendor/github.com/ghostiam/protogetter/README.md b/vendor/github.com/ghostiam/protogetter/README.md
new file mode 100644
index 000000000..c033e9597
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/README.md
@@ -0,0 +1,73 @@
+# Protogetter
+Welcome to the Protogetter project!
+
+## Overview
+Protogetter is a linter developed specifically for Go programmers working with nested `protobuf` types.\
+It's designed to aid developers in preventing `invalid memory address or nil pointer dereference` errors arising from direct access of nested `protobuf` fields.
+
+When working with `protobuf`, it's quite common to have complex structures where a message field is contained within another message, which itself can be part of another message, and so on.
+If these fields are accessed directly and some field in the call chain will not be initialized, it can result in application panic.
+
+Protogetter addresses this issue by suggesting use of getter methods for field access.
+
+## How does it work?
+Protogetter analyzes your Go code and helps detect direct `protobuf` field accesses that could give rise to panic.\
+The linter suggests using getters:
+```go
+m.GetFoo().GetBar().GetBaz()
+```
+instead of direct field access:
+```go
+m.Foo.Bar.Baz
+```
+
+And you will then only need to perform a nil check after the final call:
+```go
+if m.GetFoo().GetBar().GetBaz() != nil {
+    // Do something with m.GetFoo().GetBar().GetBaz()
+}
+```
+instead of:
+```go
+if m.Foo != nil {
+    if m.Foo.Bar != nil {
+        if m.Foo.Bar.Baz != nil {
+            // Do something with m.Foo.Bar.Baz
+        }
+    }
+}
+```
+
+or use zero values:
+
+```go
+// If one of the methods returns `nil` we will receive 0 instead of panic.
+v := m.GetFoo().GetBar().GetBaz().GetInt() 
+```
+
+instead of panic:
+
+```go
+// If at least one structure in the chains is not initialized, we will get a panic. 
+v := m.Foo.Bar.Baz.Int
+```
+
+which simplifies the code and makes it more reliable.
+
+## Installation
+
+```bash
+go install github.com/ghostiam/protogetter/cmd/protogetter@latest
+```
+
+## Usage
+
+To run the linter:
+```bash
+protogetter ./...
+```
+
+Or to apply suggested fixes directly:
+```bash
+protogetter --fix ./...
+```
diff --git a/vendor/github.com/ghostiam/protogetter/posfilter.go b/vendor/github.com/ghostiam/protogetter/posfilter.go
new file mode 100644
index 000000000..82075ccb1
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/posfilter.go
@@ -0,0 +1,65 @@
+package protogetter
+
+import (
+	"go/token"
+)
+
+type PosFilter struct {
+	positions       map[token.Pos]struct{}
+	alreadyReplaced map[string]map[int][2]int // map[filename][line][start, end]
+}
+
+func NewPosFilter() *PosFilter {
+	return &PosFilter{
+		positions:       make(map[token.Pos]struct{}),
+		alreadyReplaced: make(map[string]map[int][2]int),
+	}
+}
+
+func (f *PosFilter) IsFiltered(pos token.Pos) bool {
+	_, ok := f.positions[pos]
+	return ok
+}
+
+func (f *PosFilter) AddPos(pos token.Pos) {
+	f.positions[pos] = struct{}{}
+}
+
+func (f *PosFilter) IsAlreadyReplaced(fset *token.FileSet, pos, end token.Pos) bool {
+	filePos := fset.Position(pos)
+	fileEnd := fset.Position(end)
+
+	lines, ok := f.alreadyReplaced[filePos.Filename]
+	if !ok {
+		return false
+	}
+
+	lineRange, ok := lines[filePos.Line]
+	if !ok {
+		return false
+	}
+
+	if lineRange[0] <= filePos.Offset && fileEnd.Offset <= lineRange[1] {
+		return true
+	}
+
+	return false
+}
+
+func (f *PosFilter) AddAlreadyReplaced(fset *token.FileSet, pos, end token.Pos) {
+	filePos := fset.Position(pos)
+	fileEnd := fset.Position(end)
+
+	lines, ok := f.alreadyReplaced[filePos.Filename]
+	if !ok {
+		lines = make(map[int][2]int)
+		f.alreadyReplaced[filePos.Filename] = lines
+	}
+
+	lineRange, ok := lines[filePos.Line]
+	if ok && lineRange[0] <= filePos.Offset && fileEnd.Offset <= lineRange[1] {
+		return
+	}
+
+	lines[filePos.Line] = [2]int{filePos.Offset, fileEnd.Offset}
+}
diff --git a/vendor/github.com/ghostiam/protogetter/processor.go b/vendor/github.com/ghostiam/protogetter/processor.go
new file mode 100644
index 000000000..445f136b8
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/processor.go
@@ -0,0 +1,234 @@
+package protogetter
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"reflect"
+	"strings"
+)
+
+type processor struct {
+	info   *types.Info
+	filter *PosFilter
+
+	to   strings.Builder
+	from strings.Builder
+	err  error
+}
+
+func Process(info *types.Info, filter *PosFilter, n ast.Node) (*Result, error) {
+	p := &processor{
+		info:   info,
+		filter: filter,
+	}
+
+	return p.process(n)
+}
+
+func (c *processor) process(n ast.Node) (*Result, error) {
+	switch x := n.(type) {
+	case *ast.AssignStmt:
+		// Skip any assignment to the field.
+		for _, lhs := range x.Lhs {
+			c.filter.AddPos(lhs.Pos())
+		}
+
+	case *ast.IncDecStmt:
+		// Skip any increment/decrement to the field.
+		c.filter.AddPos(x.X.Pos())
+
+	case *ast.UnaryExpr:
+		if x.Op == token.AND {
+			// Skip all expressions when the field is used as a pointer.
+			// Because this is not direct reading, but most likely writing by pointer (for example like sql.Scan).
+			c.filter.AddPos(x.X.Pos())
+		}
+
+	case *ast.CallExpr:
+		f, ok := x.Fun.(*ast.SelectorExpr)
+		if !ok {
+			return &Result{}, nil
+		}
+
+		if !isProtoMessage(c.info, f.X) {
+			return &Result{}, nil
+		}
+
+		c.processInner(x)
+
+	case *ast.SelectorExpr:
+		if !isProtoMessage(c.info, x.X) {
+			// If the selector is not on a proto message, skip it.
+			return &Result{}, nil
+		}
+
+		c.processInner(x)
+
+	default:
+		return nil, fmt.Errorf("not implemented for type: %s (%s)", reflect.TypeOf(x), formatNode(n))
+	}
+
+	if c.err != nil {
+		return nil, c.err
+	}
+
+	return &Result{
+		From: c.from.String(),
+		To:   c.to.String(),
+	}, nil
+}
+
+func (c *processor) processInner(expr ast.Expr) {
+	switch x := expr.(type) {
+	case *ast.Ident:
+		c.write(x.Name)
+
+	case *ast.BasicLit:
+		c.write(x.Value)
+
+	case *ast.UnaryExpr:
+		if x.Op == token.AND {
+			c.write(formatNode(x))
+			return
+		}
+
+		c.write(x.Op.String())
+		c.processInner(x.X)
+
+	case *ast.SelectorExpr:
+		c.processInner(x.X)
+		c.write(".")
+
+		// If getter exists, use it.
+		if methodIsExists(c.info, x.X, "Get"+x.Sel.Name) {
+			c.writeFrom(x.Sel.Name)
+			c.writeTo("Get" + x.Sel.Name + "()")
+			return
+		}
+
+		// If the selector is not a proto-message or the method has already been called, we leave it unchanged.
+		// This approach is significantly more efficient than verifying the presence of methods in all cases.
+		c.write(x.Sel.Name)
+
+	case *ast.CallExpr:
+		c.processInner(x.Fun)
+		c.write("(")
+		for i, arg := range x.Args {
+			if i > 0 {
+				c.write(",")
+			}
+			c.processInner(arg)
+		}
+		c.write(")")
+
+	case *ast.IndexExpr:
+		c.processInner(x.X)
+		c.write("[")
+		c.processInner(x.Index)
+		c.write("]")
+
+	case *ast.BinaryExpr:
+		c.processInner(x.X)
+		c.write(x.Op.String())
+		c.processInner(x.Y)
+
+	case *ast.ParenExpr:
+		c.write("(")
+		c.processInner(x.X)
+		c.write(")")
+
+	case *ast.StarExpr:
+		c.write("*")
+		c.processInner(x.X)
+
+	case *ast.CompositeLit:
+		c.write(formatNode(x))
+
+	case *ast.TypeAssertExpr:
+		c.write(formatNode(x))
+
+	default:
+		c.err = fmt.Errorf("processInner: not implemented for type: %s", reflect.TypeOf(x))
+	}
+}
+
+func (c *processor) write(s string) {
+	c.writeTo(s)
+	c.writeFrom(s)
+}
+
+func (c *processor) writeTo(s string) {
+	c.to.WriteString(s)
+}
+
+func (c *processor) writeFrom(s string) {
+	c.from.WriteString(s)
+}
+
+// Result contains source code (from) and suggested change (to)
+type Result struct {
+	From string
+	To   string
+}
+
+func (r *Result) Skipped() bool {
+	// If from and to are the same, skip it.
+	return r.From == r.To
+}
+
+func isProtoMessage(info *types.Info, expr ast.Expr) bool {
+	// First, we are checking for the presence of the ProtoReflect method which is currently being generated
+	// and corresponds to v2 version.
+	// https://pkg.go.dev/google.golang.org/protobuf@v1.31.0/proto#Message
+	const protoV2Method = "ProtoReflect"
+	ok := methodIsExists(info, expr, protoV2Method)
+	if ok {
+		return true
+	}
+
+	// Afterwards, we are checking the ProtoMessage method. All the structures that implement the proto.Message interface
+	// have a ProtoMessage method and are proto-structures. This interface has been generated since version 1.0.0 and
+	// continues to exist for compatibility.
+	// https://pkg.go.dev/github.com/golang/protobuf/proto?utm_source=godoc#Message
+	const protoV1Method = "ProtoMessage"
+	ok = methodIsExists(info, expr, protoV1Method)
+	if ok {
+		// Since there is a protoc-gen-gogo generator that implements the proto.Message interface, but may not generate
+		// getters or generate from without checking for nil, so even if getters exist, we skip them.
+		const protocGenGoGoMethod = "MarshalToSizedBuffer"
+		return !methodIsExists(info, expr, protocGenGoGoMethod)
+	}
+
+	return false
+}
+
+func methodIsExists(info *types.Info, x ast.Expr, name string) bool {
+	if info == nil {
+		return false
+	}
+
+	t := info.TypeOf(x)
+	if t == nil {
+		return false
+	}
+
+	ptr, ok := t.Underlying().(*types.Pointer)
+	if ok {
+		t = ptr.Elem()
+	}
+
+	named, ok := t.(*types.Named)
+	if !ok {
+		return false
+	}
+
+	for i := 0; i < named.NumMethods(); i++ {
+		if named.Method(i).Name() == name {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/vendor/github.com/ghostiam/protogetter/protogetter.go b/vendor/github.com/ghostiam/protogetter/protogetter.go
new file mode 100644
index 000000000..80a829672
--- /dev/null
+++ b/vendor/github.com/ghostiam/protogetter/protogetter.go
@@ -0,0 +1,183 @@
+package protogetter
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/format"
+	"go/token"
+	"log"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/ast/inspector"
+)
+
+type Mode int
+
+const (
+	StandaloneMode Mode = iota
+	GolangciLintMode
+)
+
+const msgFormat = "avoid direct access to proto field %s, use %s instead"
+
+func NewAnalyzer() *analysis.Analyzer {
+	return &analysis.Analyzer{
+		Name: "protogetter",
+		Doc:  "Reports direct reads from proto message fields when getters should be used",
+		Run: func(pass *analysis.Pass) (any, error) {
+			Run(pass, StandaloneMode)
+			return nil, nil
+		},
+	}
+}
+
+func Run(pass *analysis.Pass, mode Mode) []Issue {
+	nodeTypes := []ast.Node{
+		(*ast.AssignStmt)(nil),
+		(*ast.CallExpr)(nil),
+		(*ast.SelectorExpr)(nil),
+		(*ast.IncDecStmt)(nil),
+		(*ast.UnaryExpr)(nil),
+	}
+
+	// Skip protoc-generated files.
+	var files []*ast.File
+	for _, f := range pass.Files {
+		if !isProtocGeneratedFile(f) {
+			files = append(files, f)
+
+			// ast.Print(pass.Fset, f)
+		}
+	}
+
+	ins := inspector.New(files)
+
+	var issues []Issue
+
+	filter := NewPosFilter()
+	ins.Preorder(nodeTypes, func(node ast.Node) {
+		report := analyse(pass, filter, node)
+		if report == nil {
+			return
+		}
+
+		switch mode {
+		case StandaloneMode:
+			pass.Report(report.ToDiagReport())
+		case GolangciLintMode:
+			issues = append(issues, report.ToIssue(pass.Fset))
+		}
+	})
+
+	return issues
+}
+
+func analyse(pass *analysis.Pass, filter *PosFilter, n ast.Node) *Report {
+	// fmt.Printf("\n>>> check: %s\n", formatNode(n))
+	// ast.Print(pass.Fset, n)
+	if filter.IsFiltered(n.Pos()) {
+		// fmt.Printf(">>> filtered\n")
+		return nil
+	}
+
+	result, err := Process(pass.TypesInfo, filter, n)
+	if err != nil {
+		pass.Report(analysis.Diagnostic{
+			Pos:     n.Pos(),
+			End:     n.End(),
+			Message: fmt.Sprintf("error: %v", err),
+		})
+
+		return nil
+	}
+
+	// If existing in filter, skip it.
+	if filter.IsFiltered(n.Pos()) {
+		return nil
+	}
+
+	if result.Skipped() {
+		return nil
+	}
+
+	// If the expression has already been replaced, skip it.
+	if filter.IsAlreadyReplaced(pass.Fset, n.Pos(), n.End()) {
+		return nil
+	}
+	// Add the expression to the filter.
+	filter.AddAlreadyReplaced(pass.Fset, n.Pos(), n.End())
+
+	return &Report{
+		node:   n,
+		result: result,
+	}
+}
+
+// Issue is used to integrate with golangci-lint's inline auto fix.
+type Issue struct {
+	Pos       token.Position
+	Message   string
+	InlineFix InlineFix
+}
+
+type InlineFix struct {
+	StartCol  int // zero-based
+	Length    int
+	NewString string
+}
+
+type Report struct {
+	node   ast.Node
+	result *Result
+}
+
+func (r *Report) ToDiagReport() analysis.Diagnostic {
+	msg := fmt.Sprintf(msgFormat, r.result.From, r.result.To)
+
+	return analysis.Diagnostic{
+		Pos:     r.node.Pos(),
+		End:     r.node.End(),
+		Message: msg,
+		SuggestedFixes: []analysis.SuggestedFix{
+			{
+				Message: msg,
+				TextEdits: []analysis.TextEdit{
+					{
+						Pos:     r.node.Pos(),
+						End:     r.node.End(),
+						NewText: []byte(r.result.To),
+					},
+				},
+			},
+		},
+	}
+}
+
+func (r *Report) ToIssue(fset *token.FileSet) Issue {
+	msg := fmt.Sprintf(msgFormat, r.result.From, r.result.To)
+	return Issue{
+		Pos:     fset.Position(r.node.Pos()),
+		Message: msg,
+		InlineFix: InlineFix{
+			StartCol:  fset.Position(r.node.Pos()).Column - 1,
+			Length:    len(r.result.From),
+			NewString: r.result.To,
+		},
+	}
+}
+
+func isProtocGeneratedFile(f *ast.File) bool {
+	return len(f.Comments) > 0 && strings.HasPrefix(f.Comments[0].Text(), "Code generated by protoc-gen-go")
+}
+
+func formatNode(node ast.Node) string {
+	buf := new(bytes.Buffer)
+	if err := format.Node(buf, token.NewFileSet(), node); err != nil {
+		log.Printf("Error formatting expression: %v", err)
+		return ""
+	}
+
+	return buf.String()
+}
diff --git a/vendor/github.com/go-critic/go-critic/linter/linter.go b/vendor/github.com/go-critic/go-critic/linter/linter.go
index 27e9b659f..d4bc17536 100644
--- a/vendor/github.com/go-critic/go-critic/linter/linter.go
+++ b/vendor/github.com/go-critic/go-critic/linter/linter.go
@@ -5,6 +5,7 @@ import (
 	"go/token"
 	"go/types"
 	"strconv"
+	"strings"
 
 	"github.com/go-toolsmith/astfmt"
 )
@@ -350,7 +351,25 @@ func (ctx *CheckerContext) SizeOf(typ types.Type) (int64, bool) {
 	if named, ok := typ.(*types.Named); ok && named.TypeParams() != nil {
 		return 0, false
 	}
-	return ctx.SizesInfo.Sizeof(typ), true
+	return ctx.safeSizesInfoSizeof(typ)
+}
+
+// safeSizesInfoSizeof unlike SizesInfo.Sizeof will not panic on struct with generic fields.
+// it will catch a panic and recover from it, see https://github.com/go-critic/go-critic/issues/1354
+func (ctx *CheckerContext) safeSizesInfoSizeof(typ types.Type) (size int64, ok bool) {
+	ok = true
+	defer func() {
+		if r := recover(); r != nil {
+			if strings.Contains(r.(string), "assertion failed") {
+				size, ok = 0, false
+			} else {
+				panic(r)
+			}
+		}
+	}()
+
+	size = ctx.SizesInfo.Sizeof(typ)
+	return size, ok
 }
 
 func resolvePkgObjects(ctx *Context, f *ast.File) {
diff --git a/vendor/github.com/golangci/gofmt/gofmt/doc.go b/vendor/github.com/golangci/gofmt/gofmt/doc.go
index da0c8581d..d0a458021 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/doc.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/doc.go
@@ -13,9 +13,11 @@ that directory, recursively.  (Files starting with a period are ignored.)
 By default, gofmt prints the reformatted sources to standard output.
 
 Usage:
+
 	gofmt [flags] [path ...]
 
 The flags are:
+
 	-d
 		Do not print reformatted sources to standard output.
 		If a file's formatting is different than gofmt's, print diffs
@@ -37,10 +39,10 @@ The flags are:
 		the original file is restored from an automatic backup.
 
 Debugging support:
+
 	-cpuprofile filename
 		Write cpu profile to the specified file.
 
-
 The rewrite rule specified with the -r flag must be a string of the form:
 
 	pattern -> replacement
@@ -57,7 +59,7 @@ such a fragment, gofmt preserves leading indentation as well as leading
 and trailing spaces, so that individual sections of a Go program can be
 formatted by piping them through gofmt.
 
-Examples
+# Examples
 
 To check files for unnecessary parentheses:
 
@@ -71,7 +73,7 @@ To convert the package tree from explicit slice upper bounds to implicit ones:
 
 	gofmt -r 'α[β:len(α)] -> α[β:]' -w $GOROOT/src
 
-The simplify command
+# The simplify command
 
 When invoked with -s gofmt will make the following source transformations where possible.
 
diff --git a/vendor/github.com/golangci/gofmt/gofmt/gofmt.go b/vendor/github.com/golangci/gofmt/gofmt/gofmt.go
index e7612afae..be046f34c 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/gofmt.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/gofmt.go
@@ -76,6 +76,11 @@ func initParserMode() {
 	if *allErrors {
 		parserMode |= parser.AllErrors
 	}
+	// It's only -r that makes use of go/ast's object resolution,
+	// so avoid the unnecessary work if the flag isn't used.
+	if *rewriteRule == "" {
+		parserMode |= parser.SkipObjectResolution
+	}
 }
 
 func isGoFile(f fs.DirEntry) bool {
@@ -286,12 +291,9 @@ func processFile(filename string, info fs.FileInfo, in io.Reader, r *reporter) e
 			}
 		}
 		if *doDiff {
-			data, err := diffWithReplaceTempFile(src, res, filename)
-			if err != nil {
-				return fmt.Errorf("computing diff: %s", err)
-			}
-			fmt.Fprintf(r, "diff -u %s %s\n", filepath.ToSlash(filename+".orig"), filepath.ToSlash(filename))
-			r.Write(data)
+			newName := filepath.ToSlash(filename)
+			oldName := newName + ".orig"
+			r.Write(diff.Diff(oldName, src, newName, res))
 		}
 	}
 
@@ -350,7 +352,12 @@ func readFile(filename string, info fs.FileInfo, in io.Reader) ([]byte, error) {
 	// stop to avoid corrupting it.)
 	src := make([]byte, size+1)
 	n, err := io.ReadFull(in, src)
-	if err != nil && err != io.ErrUnexpectedEOF {
+	switch err {
+	case nil, io.EOF, io.ErrUnexpectedEOF:
+		// io.ReadFull returns io.EOF (for an empty file) or io.ErrUnexpectedEOF
+		// (for a non-empty file) if the file was changed unexpectedly. Continue
+		// with comparing file sizes in those cases.
+	default:
 		return nil, err
 	}
 	if n < size {
@@ -463,43 +470,6 @@ func fileWeight(path string, info fs.FileInfo) int64 {
 	return info.Size()
 }
 
-func diffWithReplaceTempFile(b1, b2 []byte, filename string) ([]byte, error) {
-	data, err := diff.Diff("gofmt", b1, b2)
-	if len(data) > 0 {
-		return replaceTempFilename(data, filename)
-	}
-	return data, err
-}
-
-// replaceTempFilename replaces temporary filenames in diff with actual one.
-//
-// --- /tmp/gofmt316145376	2017-02-03 19:13:00.280468375 -0500
-// +++ /tmp/gofmt617882815	2017-02-03 19:13:00.280468375 -0500
-// ...
-// ->
-// --- path/to/file.go.orig	2017-02-03 19:13:00.280468375 -0500
-// +++ path/to/file.go	2017-02-03 19:13:00.280468375 -0500
-// ...
-func replaceTempFilename(diff []byte, filename string) ([]byte, error) {
-	bs := bytes.SplitN(diff, []byte{'\n'}, 3)
-	if len(bs) < 3 {
-		return nil, fmt.Errorf("got unexpected diff for %s", filename)
-	}
-	// Preserve timestamps.
-	var t0, t1 []byte
-	if i := bytes.LastIndexByte(bs[0], '\t'); i != -1 {
-		t0 = bs[0][i:]
-	}
-	if i := bytes.LastIndexByte(bs[1], '\t'); i != -1 {
-		t1 = bs[1][i:]
-	}
-	// Always print filepath with slash separator.
-	f := filepath.ToSlash(filename)
-	bs[0] = []byte(fmt.Sprintf("--- %s%s", f+".orig", t0))
-	bs[1] = []byte(fmt.Sprintf("+++ %s%s", f, t1))
-	return bytes.Join(bs, []byte{'\n'}), nil
-}
-
 const chmodSupported = runtime.GOOS != "windows"
 
 // backupFile writes data to a new file named filename<number> with permissions perm,
diff --git a/vendor/github.com/golangci/gofmt/gofmt/golangci.go b/vendor/github.com/golangci/gofmt/gofmt/golangci.go
index c9c3fe2ae..a69611e1d 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/golangci.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/golangci.go
@@ -8,8 +8,14 @@ import (
 	"go/printer"
 	"go/token"
 	"os"
+	"path/filepath"
+	"sync"
+
+	"github.com/golangci/gofmt/gofmt/internal/diff"
 )
 
+var parserModeMu sync.RWMutex
+
 type RewriteRule struct {
 	Pattern     string
 	Replacement string
@@ -31,7 +37,9 @@ func RunRewrite(filename string, needSimplify bool, rewriteRules []RewriteRule)
 
 	fset := token.NewFileSet()
 
+	parserModeMu.Lock()
 	initParserMode()
+	parserModeMu.Unlock()
 
 	file, sourceAdj, indentAdj, err := parse(fset, filename, src, false)
 	if err != nil {
@@ -59,12 +67,10 @@ func RunRewrite(filename string, needSimplify bool, rewriteRules []RewriteRule)
 	}
 
 	// formatting has changed
-	data, err := diffWithReplaceTempFile(src, res, filename)
-	if err != nil {
-		return nil, fmt.Errorf("error computing diff: %s", err)
-	}
+	newName := filepath.ToSlash(filename)
+	oldName := newName + ".orig"
 
-	return data, nil
+	return diff.Diff(oldName, src, newName, res), nil
 }
 
 func rewriteFileContent(fset *token.FileSet, file *ast.File, rewriteRules []RewriteRule) (*ast.File, error) {
diff --git a/vendor/github.com/golangci/gofmt/gofmt/internal.go b/vendor/github.com/golangci/gofmt/gofmt/internal.go
index 1abbdd698..31a825bf8 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/internal.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/internal.go
@@ -26,6 +26,13 @@ func parse(fset *token.FileSet, filename string, src []byte, fragmentOk bool) (
 	indentAdj int,
 	err error,
 ) {
+
+	// START - Change related to usgae inside golangci-lint
+	parserModeMu.Lock()
+	parserMode := parserMode
+	parserModeMu.Unlock()
+	// END - Change related to usgae inside golangci-lint
+
 	// Try as whole source file.
 	file, err = parser.ParseFile(fset, filename, src, parserMode)
 	// If there's no error, return. If the error is that the source file didn't begin with a
diff --git a/vendor/github.com/golangci/gofmt/gofmt/internal/diff/diff.go b/vendor/github.com/golangci/gofmt/gofmt/internal/diff/diff.go
index cbd0529ec..47b285671 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/internal/diff/diff.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/internal/diff/diff.go
@@ -1,79 +1,261 @@
-// Copyright 2019 The Go Authors. All rights reserved.
+// Copyright 2022 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package diff implements a Diff function that compare two inputs
-// using the 'diff' tool.
 package diff
 
 import (
 	"bytes"
-	"io/ioutil"
-	"os"
-	"runtime"
-
-	exec "github.com/golangci/gofmt/gofmt/internal/execabs"
+	"fmt"
+	"sort"
+	"strings"
 )
 
-// Returns diff of two arrays of bytes in diff tool format.
-func Diff(prefix string, b1, b2 []byte) ([]byte, error) {
-	f1, err := writeTempFile(prefix, b1)
-	if err != nil {
-		return nil, err
+// A pair is a pair of values tracked for both the x and y side of a diff.
+// It is typically a pair of line indexes.
+type pair struct{ x, y int }
+
+// Diff returns an anchored diff of the two texts old and new
+// in the “unified diff” format. If old and new are identical,
+// Diff returns a nil slice (no output).
+//
+// Unix diff implementations typically look for a diff with
+// the smallest number of lines inserted and removed,
+// which can in the worst case take time quadratic in the
+// number of lines in the texts. As a result, many implementations
+// either can be made to run for a long time or cut off the search
+// after a predetermined amount of work.
+//
+// In contrast, this implementation looks for a diff with the
+// smallest number of “unique” lines inserted and removed,
+// where unique means a line that appears just once in both old and new.
+// We call this an “anchored diff” because the unique lines anchor
+// the chosen matching regions. An anchored diff is usually clearer
+// than a standard diff, because the algorithm does not try to
+// reuse unrelated blank lines or closing braces.
+// The algorithm also guarantees to run in O(n log n) time
+// instead of the standard O(n²) time.
+//
+// Some systems call this approach a “patience diff,” named for
+// the “patience sorting” algorithm, itself named for a solitaire card game.
+// We avoid that name for two reasons. First, the name has been used
+// for a few different variants of the algorithm, so it is imprecise.
+// Second, the name is frequently interpreted as meaning that you have
+// to wait longer (to be patient) for the diff, meaning that it is a slower algorithm,
+// when in fact the algorithm is faster than the standard one.
+func Diff(oldName string, old []byte, newName string, new []byte) []byte {
+	if bytes.Equal(old, new) {
+		return nil
 	}
-	defer os.Remove(f1)
+	x := lines(old)
+	y := lines(new)
+
+	// Print diff header.
+	var out bytes.Buffer
+	fmt.Fprintf(&out, "diff %s %s\n", oldName, newName)
+	fmt.Fprintf(&out, "--- %s\n", oldName)
+	fmt.Fprintf(&out, "+++ %s\n", newName)
+
+	// Loop over matches to consider,
+	// expanding each match to include surrounding lines,
+	// and then printing diff chunks.
+	// To avoid setup/teardown cases outside the loop,
+	// tgs returns a leading {0,0} and trailing {len(x), len(y)} pair
+	// in the sequence of matches.
+	var (
+		done  pair     // printed up to x[:done.x] and y[:done.y]
+		chunk pair     // start lines of current chunk
+		count pair     // number of lines from each side in current chunk
+		ctext []string // lines for current chunk
+	)
+	for _, m := range tgs(x, y) {
+		if m.x < done.x {
+			// Already handled scanning forward from earlier match.
+			continue
+		}
 
-	f2, err := writeTempFile(prefix, b2)
-	if err != nil {
-		return nil, err
+		// Expand matching lines as far possible,
+		// establishing that x[start.x:end.x] == y[start.y:end.y].
+		// Note that on the first (or last) iteration we may (or definitey do)
+		// have an empty match: start.x==end.x and start.y==end.y.
+		start := m
+		for start.x > done.x && start.y > done.y && x[start.x-1] == y[start.y-1] {
+			start.x--
+			start.y--
+		}
+		end := m
+		for end.x < len(x) && end.y < len(y) && x[end.x] == y[end.y] {
+			end.x++
+			end.y++
+		}
+
+		// Emit the mismatched lines before start into this chunk.
+		// (No effect on first sentinel iteration, when start = {0,0}.)
+		for _, s := range x[done.x:start.x] {
+			ctext = append(ctext, "-"+s)
+			count.x++
+		}
+		for _, s := range y[done.y:start.y] {
+			ctext = append(ctext, "+"+s)
+			count.y++
+		}
+
+		// If we're not at EOF and have too few common lines,
+		// the chunk includes all the common lines and continues.
+		const C = 3 // number of context lines
+		if (end.x < len(x) || end.y < len(y)) &&
+			(end.x-start.x < C || (len(ctext) > 0 && end.x-start.x < 2*C)) {
+			for _, s := range x[start.x:end.x] {
+				ctext = append(ctext, " "+s)
+				count.x++
+				count.y++
+			}
+			done = end
+			continue
+		}
+
+		// End chunk with common lines for context.
+		if len(ctext) > 0 {
+			n := end.x - start.x
+			if n > C {
+				n = C
+			}
+			for _, s := range x[start.x : start.x+n] {
+				ctext = append(ctext, " "+s)
+				count.x++
+				count.y++
+			}
+			done = pair{start.x + n, start.y + n}
+
+			// Format and emit chunk.
+			// Convert line numbers to 1-indexed.
+			// Special case: empty file shows up as 0,0 not 1,0.
+			if count.x > 0 {
+				chunk.x++
+			}
+			if count.y > 0 {
+				chunk.y++
+			}
+			fmt.Fprintf(&out, "@@ -%d,%d +%d,%d @@\n", chunk.x, count.x, chunk.y, count.y)
+			for _, s := range ctext {
+				out.WriteString(s)
+			}
+			count.x = 0
+			count.y = 0
+			ctext = ctext[:0]
+		}
+
+		// If we reached EOF, we're done.
+		if end.x >= len(x) && end.y >= len(y) {
+			break
+		}
+
+		// Otherwise start a new chunk.
+		chunk = pair{end.x - C, end.y - C}
+		for _, s := range x[chunk.x:end.x] {
+			ctext = append(ctext, " "+s)
+			count.x++
+			count.y++
+		}
+		done = end
 	}
-	defer os.Remove(f2)
 
-	cmd := "diff"
-	if runtime.GOOS == "plan9" {
-		cmd = "/bin/ape/diff"
+	return out.Bytes()
+}
+
+// lines returns the lines in the file x, including newlines.
+// If the file does not end in a newline, one is supplied
+// along with a warning about the missing newline.
+func lines(x []byte) []string {
+	l := strings.SplitAfter(string(x), "\n")
+	if l[len(l)-1] == "" {
+		l = l[:len(l)-1]
+	} else {
+		// Treat last line as having a message about the missing newline attached,
+		// using the same text as BSD/GNU diff (including the leading backslash).
+		l[len(l)-1] += "\n\\ No newline at end of file\n"
 	}
+	return l
+}
 
-	data, err := exec.Command(cmd, "-u", f1, f2).CombinedOutput()
-	if len(data) > 0 {
-		// diff exits with a non-zero status when the files don't match.
-		// Ignore that failure as long as we get output.
-		err = nil
+// tgs returns the pairs of indexes of the longest common subsequence
+// of unique lines in x and y, where a unique line is one that appears
+// once in x and once in y.
+//
+// The longest common subsequence algorithm is as described in
+// Thomas G. Szymanski, “A Special Case of the Maximal Common
+// Subsequence Problem,” Princeton TR #170 (January 1975),
+// available at https://research.swtch.com/tgs170.pdf.
+func tgs(x, y []string) []pair {
+	// Count the number of times each string appears in a and b.
+	// We only care about 0, 1, many, counted as 0, -1, -2
+	// for the x side and 0, -4, -8 for the y side.
+	// Using negative numbers now lets us distinguish positive line numbers later.
+	m := make(map[string]int)
+	for _, s := range x {
+		if c := m[s]; c > -2 {
+			m[s] = c - 1
+		}
+	}
+	for _, s := range y {
+		if c := m[s]; c > -8 {
+			m[s] = c - 4
+		}
 	}
 
-	// If we are on Windows and the diff is Cygwin diff,
-	// machines can get into a state where every Cygwin
-	// command works fine but prints a useless message like:
+	// Now unique strings can be identified by m[s] = -1+-4.
 	//
-	//	Cygwin WARNING:
-	//	  Couldn't compute FAST_CWD pointer.  This typically occurs if you're using
-	//	  an older Cygwin version on a newer Windows.  Please update to the latest
-	//	  available Cygwin version from https://cygwin.com/.  If the problem persists,
-	//	  please see https://cygwin.com/problems.html
-	//
-	// Skip over that message and just return the actual diff.
-	if len(data) > 0 && !bytes.HasPrefix(data, []byte("--- ")) {
-		i := bytes.Index(data, []byte("\n--- "))
-		if i >= 0 && i < 80*10 && bytes.Contains(data[:i], []byte("://cygwin.com/")) {
-			data = data[i+1:]
+	// Gather the indexes of those strings in x and y, building:
+	//	xi[i] = increasing indexes of unique strings in x.
+	//	yi[i] = increasing indexes of unique strings in y.
+	//	inv[i] = index j such that x[xi[i]] = y[yi[j]].
+	var xi, yi, inv []int
+	for i, s := range y {
+		if m[s] == -1+-4 {
+			m[s] = len(yi)
+			yi = append(yi, i)
+		}
+	}
+	for i, s := range x {
+		if j, ok := m[s]; ok && j >= 0 {
+			xi = append(xi, i)
+			inv = append(inv, j)
 		}
 	}
 
-	return data, err
-}
-
-func writeTempFile(prefix string, data []byte) (string, error) {
-	file, err := ioutil.TempFile("", prefix)
-	if err != nil {
-		return "", err
+	// Apply Algorithm A from Szymanski's paper.
+	// In those terms, A = J = inv and B = [0, n).
+	// We add sentinel pairs {0,0}, and {len(x),len(y)}
+	// to the returned sequence, to help the processing loop.
+	J := inv
+	n := len(xi)
+	T := make([]int, n)
+	L := make([]int, n)
+	for i := range T {
+		T[i] = n + 1
+	}
+	for i := 0; i < n; i++ {
+		k := sort.Search(n, func(k int) bool {
+			return T[k] >= J[i]
+		})
+		T[k] = J[i]
+		L[i] = k + 1
 	}
-	_, err = file.Write(data)
-	if err1 := file.Close(); err == nil {
-		err = err1
+	k := 0
+	for _, v := range L {
+		if k < v {
+			k = v
+		}
 	}
-	if err != nil {
-		os.Remove(file.Name())
-		return "", err
+	seq := make([]pair, 2+k)
+	seq[1+k] = pair{len(x), len(y)} // sentinel at end
+	lastj := n
+	for i := n - 1; i >= 0; i-- {
+		if L[i] == k && J[i] < lastj {
+			seq[k] = pair{xi[i], yi[J[i]]}
+			k--
+		}
 	}
-	return file.Name(), nil
+	seq[0] = pair{0, 0} // sentinel at start
+	return seq
 }
diff --git a/vendor/github.com/golangci/gofmt/gofmt/internal/execabs/execabs.go b/vendor/github.com/golangci/gofmt/gofmt/internal/execabs/execabs.go
deleted file mode 100644
index 9a05d971d..000000000
--- a/vendor/github.com/golangci/gofmt/gofmt/internal/execabs/execabs.go
+++ /dev/null
@@ -1,70 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package execabs is a drop-in replacement for os/exec
-// that requires PATH lookups to find absolute paths.
-// That is, execabs.Command("cmd") runs the same PATH lookup
-// as exec.Command("cmd"), but if the result is a path
-// which is relative, the Run and Start methods will report
-// an error instead of running the executable.
-package execabs
-
-import (
-	"context"
-	"fmt"
-	"os/exec"
-	"path/filepath"
-	"reflect"
-	"unsafe"
-)
-
-var ErrNotFound = exec.ErrNotFound
-
-type (
-	Cmd       = exec.Cmd
-	Error     = exec.Error
-	ExitError = exec.ExitError
-)
-
-func relError(file, path string) error {
-	return fmt.Errorf("%s resolves to executable relative to current directory (.%c%s)", file, filepath.Separator, path)
-}
-
-func LookPath(file string) (string, error) {
-	path, err := exec.LookPath(file)
-	if err != nil {
-		return "", err
-	}
-	if filepath.Base(file) == file && !filepath.IsAbs(path) {
-		return "", relError(file, path)
-	}
-	return path, nil
-}
-
-func fixCmd(name string, cmd *exec.Cmd) {
-	if filepath.Base(name) == name && !filepath.IsAbs(cmd.Path) {
-		// exec.Command was called with a bare binary name and
-		// exec.LookPath returned a path which is not absolute.
-		// Set cmd.lookPathErr and clear cmd.Path so that it
-		// cannot be run.
-		lookPathErr := (*error)(unsafe.Pointer(reflect.ValueOf(cmd).Elem().FieldByName("lookPathErr").Addr().Pointer()))
-		if *lookPathErr == nil {
-			*lookPathErr = relError(name, cmd.Path)
-		}
-		cmd.Path = ""
-	}
-}
-
-func CommandContext(ctx context.Context, name string, arg ...string) *exec.Cmd {
-	cmd := exec.CommandContext(ctx, name, arg...)
-	fixCmd(name, cmd)
-	return cmd
-
-}
-
-func Command(name string, arg ...string) *exec.Cmd {
-	cmd := exec.Command(name, arg...)
-	fixCmd(name, cmd)
-	return cmd
-}
diff --git a/vendor/github.com/golangci/gofmt/gofmt/readme.md b/vendor/github.com/golangci/gofmt/gofmt/readme.md
index 36a716d81..c2faaab82 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/readme.md
+++ b/vendor/github.com/golangci/gofmt/gofmt/readme.md
@@ -1,3 +1,5 @@
 # Hard Fork of gofmt
 
 2022-08-31: Sync with go1.18.5
+2023-10-04: Sync with go1.19.13
+2023-10-04: Sync with go1.20.8
diff --git a/vendor/github.com/golangci/gofmt/gofmt/simplify.go b/vendor/github.com/golangci/gofmt/gofmt/simplify.go
index 2c75495a6..3b34d562b 100644
--- a/vendor/github.com/golangci/gofmt/gofmt/simplify.go
+++ b/vendor/github.com/golangci/gofmt/gofmt/simplify.go
@@ -53,22 +53,26 @@ func (s simplifier) Visit(node ast.Node) ast.Visitor {
 		// can be simplified to: s[a:]
 		// if s is "simple enough" (for now we only accept identifiers)
 		//
-		// Note: This may not be correct because len may have been redeclared in another
-		//       file belonging to the same package. However, this is extremely unlikely
-		//       and so far (April 2016, after years of supporting this rewrite feature)
+		// Note: This may not be correct because len may have been redeclared in
+		//       the same package. However, this is extremely unlikely and so far
+		//       (April 2022, after years of supporting this rewrite feature)
 		//       has never come up, so let's keep it working as is (see also #15153).
+		//
+		// Also note that this code used to use go/ast's object tracking,
+		// which was removed in exchange for go/parser.Mode.SkipObjectResolution.
+		// False positives are extremely unlikely as described above,
+		// and go/ast's object tracking is incomplete in any case.
 		if n.Max != nil {
 			// - 3-index slices always require the 2nd and 3rd index
 			break
 		}
-		if s, _ := n.X.(*ast.Ident); s != nil && s.Obj != nil {
-			// the array/slice object is a single, resolved identifier
+		if s, _ := n.X.(*ast.Ident); s != nil {
+			// the array/slice object is a single identifier
 			if call, _ := n.High.(*ast.CallExpr); call != nil && len(call.Args) == 1 && !call.Ellipsis.IsValid() {
 				// the high expression is a function call with a single argument
-				if fun, _ := call.Fun.(*ast.Ident); fun != nil && fun.Name == "len" && fun.Obj == nil {
-					// the function called is "len" and it is not locally defined; and
-					// because we don't have dot imports, it must be the predefined len()
-					if arg, _ := call.Args[0].(*ast.Ident); arg != nil && arg.Obj == s.Obj {
+				if fun, _ := call.Fun.(*ast.Ident); fun != nil && fun.Name == "len" {
+					// the function called is "len"
+					if arg, _ := call.Args[0].(*ast.Ident); arg != nil && arg.Name == s.Name {
 						// the len argument is the array/slice object
 						n.High = nil
 					}
diff --git a/vendor/github.com/golangci/gofmt/goimports/goimports.go b/vendor/github.com/golangci/gofmt/goimports/goimports.go
index 1fa3328f8..20d92e119 100644
--- a/vendor/github.com/golangci/gofmt/goimports/goimports.go
+++ b/vendor/github.com/golangci/gofmt/goimports/goimports.go
@@ -14,7 +14,7 @@ import (
 	"runtime"
 )
 
-// Extracted from golang.org/x/tools@v0.1.12/cmd/goimports/goimports.go
+// Extracted from golang.org/x/tools@v0.13.0/cmd/goimports/goimports.go
 
 func writeTempFile(dir, prefix string, data []byte) (string, error) {
 	file, err := ioutil.TempFile(dir, prefix)
diff --git a/vendor/github.com/golangci/gofmt/goimports/golangci.go b/vendor/github.com/golangci/gofmt/goimports/golangci.go
index 7edc37937..6ff286ae0 100644
--- a/vendor/github.com/golangci/gofmt/goimports/golangci.go
+++ b/vendor/github.com/golangci/gofmt/goimports/golangci.go
@@ -3,7 +3,7 @@ package goimports
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"os"
 
 	"golang.org/x/tools/imports"
 )
@@ -11,7 +11,7 @@ import (
 // Run runs goimports.
 // The local prefixes (comma separated) must be defined through the global variable imports.LocalPrefix.
 func Run(filename string) ([]byte, error) {
-	src, err := ioutil.ReadFile(filename)
+	src, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/golangci/gofmt/goimports/readme.md b/vendor/github.com/golangci/gofmt/goimports/readme.md
index 6c793eb7d..e57ed550b 100644
--- a/vendor/github.com/golangci/gofmt/goimports/readme.md
+++ b/vendor/github.com/golangci/gofmt/goimports/readme.md
@@ -1,3 +1,4 @@
 # Hard Fork of goimports
 
 2022-08-31: Sync with golang.org/x/tools v0.1.12
+2023-10-04: Sync with golang.org/x/tools v0.13.0
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/commands/executor.go b/vendor/github.com/golangci/golangci-lint/pkg/commands/executor.go
index 109edcb90..61e221cb8 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/commands/executor.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/commands/executor.go
@@ -120,7 +120,7 @@ func NewExecutor(buildInfo BuildInfo) *Executor {
 	}
 
 	// recreate after getting config
-	e.DBManager = lintersdb.NewManager(e.cfg, e.log).WithCustomLinters()
+	e.DBManager = lintersdb.NewManager(e.cfg, e.log)
 
 	// Slice options must be explicitly set for proper merging of config and command-line options.
 	fixSlicesFlags(e.runCmd.Flags())
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/commands/help.go b/vendor/github.com/golangci/golangci-lint/pkg/commands/help.go
index 61d362e7d..a06d508f2 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/commands/help.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/commands/help.go
@@ -63,6 +63,10 @@ func printLinterConfigs(lcs []*linter.Config) {
 func (e *Executor) executeLintersHelp(_ *cobra.Command, _ []string) {
 	var enabledLCs, disabledLCs []*linter.Config
 	for _, lc := range e.DBManager.GetAllSupportedLinterConfigs() {
+		if lc.Internal {
+			continue
+		}
+
 		if lc.EnabledByDefault {
 			enabledLCs = append(enabledLCs, lc)
 		} else {
@@ -78,8 +82,12 @@ func (e *Executor) executeLintersHelp(_ *cobra.Command, _ []string) {
 	color.Green("\nLinters presets:")
 	for _, p := range e.DBManager.AllPresets() {
 		linters := e.DBManager.GetAllLinterConfigsForPreset(p)
-		linterNames := make([]string, 0, len(linters))
+		var linterNames []string
 		for _, lc := range linters {
+			if lc.Internal {
+				continue
+			}
+
 			linterNames = append(linterNames, lc.Name())
 		}
 		sort.Strings(linterNames)
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/commands/linters.go b/vendor/github.com/golangci/golangci-lint/pkg/commands/linters.go
index 13bb944d8..292713ec9 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/commands/linters.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/commands/linters.go
@@ -29,14 +29,22 @@ func (e *Executor) executeLinters(_ *cobra.Command, _ []string) error {
 	}
 
 	color.Green("Enabled by your configuration linters:\n")
-	enabledLinters := make([]*linter.Config, 0, len(enabledLintersMap))
-	for _, linter := range enabledLintersMap {
-		enabledLinters = append(enabledLinters, linter)
+	var enabledLinters []*linter.Config
+	for _, lc := range enabledLintersMap {
+		if lc.Internal {
+			continue
+		}
+
+		enabledLinters = append(enabledLinters, lc)
 	}
 	printLinterConfigs(enabledLinters)
 
 	var disabledLCs []*linter.Config
 	for _, lc := range e.DBManager.GetAllSupportedLinterConfigs() {
+		if lc.Internal {
+			continue
+		}
+
 		if enabledLintersMap[lc.Name()] == nil {
 			disabledLCs = append(disabledLCs, lc)
 		}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/commands/root.go b/vendor/github.com/golangci/golangci-lint/pkg/commands/root.go
index 5fe4c784d..efe62ced2 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/commands/root.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/commands/root.go
@@ -149,10 +149,10 @@ func (e *Executor) needVersionOption() bool {
 }
 
 func initRootFlagSet(fs *pflag.FlagSet, cfg *config.Config, needVersionOption bool) {
-	fs.BoolVarP(&cfg.Run.IsVerbose, "verbose", "v", false, wh("verbose output"))
+	fs.BoolVarP(&cfg.Run.IsVerbose, "verbose", "v", false, wh("Verbose output"))
 
 	var silent bool
-	fs.BoolVarP(&silent, "silent", "s", false, wh("disables congrats outputs"))
+	fs.BoolVarP(&silent, "silent", "s", false, wh("Disables congrats outputs"))
 	if err := fs.MarkHidden("silent"); err != nil {
 		panic(err)
 	}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/config/config.go b/vendor/github.com/golangci/golangci-lint/pkg/config/config.go
index af40c63bd..7941f428f 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/config/config.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/config/config.go
@@ -41,13 +41,13 @@ type Version struct {
 	Debug  bool   `mapstructure:"debug"`
 }
 
-func IsGreaterThanOrEqualGo118(v string) bool {
+func IsGreaterThanOrEqualGo121(v string) bool {
 	v1, err := hcversion.NewVersion(strings.TrimPrefix(v, "go"))
 	if err != nil {
 		return false
 	}
 
-	limit, err := hcversion.NewVersion("1.18")
+	limit, err := hcversion.NewVersion("1.21")
 	if err != nil {
 		return false
 	}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/config/issues.go b/vendor/github.com/golangci/golangci-lint/pkg/config/issues.go
index 417b28bdb..5968d83d5 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/config/issues.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/config/issues.go
@@ -54,7 +54,7 @@ var DefaultExcludePatterns = []ExcludePattern{
 	},
 	{
 		ID:      "EXC0008",
-		Pattern: "(G104|G307)",
+		Pattern: "(G104)",
 		Linter:  "gosec",
 		Why:     "Duplicated errcheck checks",
 	},
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/config/linters_settings.go b/vendor/github.com/golangci/golangci-lint/pkg/config/linters_settings.go
index b520ea4c6..0fee9f81e 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/config/linters_settings.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/config/linters_settings.go
@@ -113,10 +113,17 @@ var defaultLintersSettings = LintersSettings{
 		Ignore:    "",
 		Qualified: false,
 	},
+	SlogLint: SlogLintSettings{
+		KVOnly:         false,
+		AttrOnly:       false,
+		NoRawKeys:      false,
+		ArgsOnSepLines: false,
+	},
 	TagAlign: TagAlignSettings{
-		Align: true,
-		Sort:  true,
-		Order: nil,
+		Align:  true,
+		Sort:   true,
+		Order:  nil,
+		Strict: false,
 	},
 	Testpackage: TestpackageSettings{
 		SkipRegexp:    `(export|internal)_test\.go`,
@@ -125,6 +132,15 @@ var defaultLintersSettings = LintersSettings{
 	Unparam: UnparamSettings{
 		Algo: "cha",
 	},
+	Unused: UnusedSettings{
+		FieldWritesAreUses:     true,
+		PostStatementsAreReads: false,
+		ExportedIsUsed:         true,
+		ExportedFieldsAreUsed:  true,
+		ParametersAreUsed:      true,
+		LocalVariablesAreUsed:  true,
+		GeneratedIsUsed:        true,
+	},
 	UseStdlibVars: UseStdlibVarsSettings{
 		HTTPMethod:     true,
 		HTTPStatusCode: true,
@@ -212,15 +228,18 @@ type LintersSettings struct {
 	Reassign         ReassignSettings
 	Revive           ReviveSettings
 	RowsErrCheck     RowsErrCheckSettings
+	SlogLint         SlogLintSettings
 	Staticcheck      StaticCheckSettings
 	Structcheck      StructCheckSettings
 	Stylecheck       StaticCheckSettings
 	TagAlign         TagAlignSettings
 	Tagliatelle      TagliatelleSettings
+	Testifylint      TestifylintSettings
 	Tenv             TenvSettings
 	Testpackage      TestpackageSettings
 	Thelper          ThelperSettings
 	Unparam          UnparamSettings
+	Unused           UnusedSettings
 	UseStdlibVars    UseStdlibVarsSettings
 	Varcheck         VarCheckSettings
 	Varnamelen       VarnamelenSettings
@@ -272,7 +291,11 @@ type DepGuardDeny struct {
 
 type DecorderSettings struct {
 	DecOrder                  []string `mapstructure:"dec-order"`
+	IgnoreUnderscoreVars      bool     `mapstructure:"ignore-underscore-vars"`
 	DisableDecNumCheck        bool     `mapstructure:"disable-dec-num-check"`
+	DisableTypeDecNumCheck    bool     `mapstructure:"disable-type-dec-num-check"`
+	DisableConstDecNumCheck   bool     `mapstructure:"disable-const-dec-num-check"`
+	DisableVarDecNumCheck     bool     `mapstructure:"disable-var-dec-num-check"`
 	DisableDecOrderCheck      bool     `mapstructure:"disable-dec-order-check"`
 	DisableInitFuncFirstCheck bool     `mapstructure:"disable-init-func-first-check"`
 }
@@ -287,6 +310,7 @@ type DuplSettings struct {
 
 type DupWordSettings struct {
 	Keywords []string `mapstructure:"keywords"`
+	Ignore   []string `mapstructure:"ignore"`
 }
 
 type ErrcheckSettings struct {
@@ -375,8 +399,9 @@ func (p *ForbidigoPattern) MarshalString() ([]byte, error) {
 }
 
 type FunlenSettings struct {
-	Lines      int
-	Statements int
+	Lines          int
+	Statements     int
+	IgnoreComments bool `mapstructure:"ignore-comments"`
 }
 
 type GciSettings struct {
@@ -387,12 +412,14 @@ type GciSettings struct {
 }
 
 type GinkgoLinterSettings struct {
-	SuppressLenAssertion     bool `mapstructure:"suppress-len-assertion"`
-	SuppressNilAssertion     bool `mapstructure:"suppress-nil-assertion"`
-	SuppressErrAssertion     bool `mapstructure:"suppress-err-assertion"`
-	SuppressCompareAssertion bool `mapstructure:"suppress-compare-assertion"`
-	SuppressAsyncAssertion   bool `mapstructure:"suppress-async-assertion"`
-	AllowHaveLenZero         bool `mapstructure:"allow-havelen-zero"`
+	SuppressLenAssertion       bool `mapstructure:"suppress-len-assertion"`
+	SuppressNilAssertion       bool `mapstructure:"suppress-nil-assertion"`
+	SuppressErrAssertion       bool `mapstructure:"suppress-err-assertion"`
+	SuppressCompareAssertion   bool `mapstructure:"suppress-compare-assertion"`
+	SuppressAsyncAssertion     bool `mapstructure:"suppress-async-assertion"`
+	SuppressTypeCompareWarning bool `mapstructure:"suppress-type-compare-assertion"`
+	ForbidFocusContainer       bool `mapstructure:"forbid-focus-container"`
+	AllowHaveLenZero           bool `mapstructure:"allow-havelen-zero"`
 }
 
 type GocognitSettings struct {
@@ -609,7 +636,8 @@ type MalignedSettings struct {
 }
 
 type MisspellSettings struct {
-	Locale      string
+	Locale string
+	// TODO(ldez): v2 the options must be renamed to `IgnoredRules`.
 	IgnoreWords []string `mapstructure:"ignore-words"`
 }
 
@@ -648,7 +676,8 @@ type NoNamedReturnsSettings struct {
 	ReportErrorInDefer bool `mapstructure:"report-error-in-defer"`
 }
 type ParallelTestSettings struct {
-	IgnoreMissing bool `mapstructure:"ignore-missing"`
+	IgnoreMissing         bool `mapstructure:"ignore-missing"`
+	IgnoreMissingSubtests bool `mapstructure:"ignore-missing-subtests"`
 }
 
 type PreallocSettings struct {
@@ -695,6 +724,13 @@ type RowsErrCheckSettings struct {
 	Packages []string
 }
 
+type SlogLintSettings struct {
+	KVOnly         bool `mapstructure:"kv-only"`
+	AttrOnly       bool `mapstructure:"attr-only"`
+	NoRawKeys      bool `mapstructure:"no-raw-keys"`
+	ArgsOnSepLines bool `mapstructure:"args-on-sep-lines"`
+}
+
 type StaticCheckSettings struct {
 	// Deprecated: use the global `run.go` instead.
 	GoVersion string `mapstructure:"go"`
@@ -714,9 +750,10 @@ type StructCheckSettings struct {
 }
 
 type TagAlignSettings struct {
-	Align bool     `mapstructure:"align"`
-	Sort  bool     `mapstructure:"sort"`
-	Order []string `mapstructure:"order"`
+	Align  bool     `mapstructure:"align"`
+	Sort   bool     `mapstructure:"sort"`
+	Order  []string `mapstructure:"order"`
+	Strict bool     `mapstructure:"strict"`
 }
 
 type TagliatelleSettings struct {
@@ -726,6 +763,19 @@ type TagliatelleSettings struct {
 	}
 }
 
+type TestifylintSettings struct {
+	EnableAll       bool     `mapstructure:"enable-all"`
+	EnabledCheckers []string `mapstructure:"enable"`
+
+	ExpectedActual struct {
+		ExpVarPattern string `mapstructure:"pattern"`
+	} `mapstructure:"expected-actual"`
+
+	SuiteExtraAssertCall struct {
+		Mode string `mapstructure:"mode"`
+	} `mapstructure:"suite-extra-assert-call"`
+}
+
 type TestpackageSettings struct {
 	SkipRegexp    string   `mapstructure:"skip-regexp"`
 	AllowPackages []string `mapstructure:"allow-packages"`
@@ -768,6 +818,16 @@ type UnparamSettings struct {
 	Algo          string
 }
 
+type UnusedSettings struct {
+	FieldWritesAreUses     bool `mapstructure:"field-writes-are-uses"`
+	PostStatementsAreReads bool `mapstructure:"post-statements-are-reads"`
+	ExportedIsUsed         bool `mapstructure:"exported-is-used"`
+	ExportedFieldsAreUsed  bool `mapstructure:"exported-fields-are-used"`
+	ParametersAreUsed      bool `mapstructure:"parameters-are-used"`
+	LocalVariablesAreUsed  bool `mapstructure:"local-variables-are-used"`
+	GeneratedIsUsed        bool `mapstructure:"generated-is-used"`
+}
+
 type VarCheckSettings struct {
 	CheckExportedFields bool `mapstructure:"exported-fields"`
 }
@@ -828,6 +888,9 @@ type CustomLinterSettings struct {
 	Path string
 	// Description describes the purpose of the private linter.
 	Description string
-	// The URL containing the source code for the private linter.
+	// OriginalURL The URL containing the source code for the private linter.
 	OriginalURL string `mapstructure:"original-url"`
+
+	// Settings plugin settings only work with linterdb.PluginConstructor symbol.
+	Settings any
 }
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/decorder.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/decorder.go
index 9d492c4e8..5202a03a4 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/decorder.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/decorder.go
@@ -15,14 +15,22 @@ func NewDecorder(settings *config.DecorderSettings) *goanalysis.Linter {
 
 	// disable all rules/checks by default
 	cfg := map[string]any{
+		"ignore-underscore-vars":        false,
 		"disable-dec-num-check":         true,
+		"disable-type-dec-num-check":    false,
+		"disable-const-dec-num-check":   false,
+		"disable-var-dec-num-check":     false,
 		"disable-dec-order-check":       true,
 		"disable-init-func-first-check": true,
 	}
 
 	if settings != nil {
 		cfg["dec-order"] = strings.Join(settings.DecOrder, ",")
+		cfg["ignore-underscore-vars"] = settings.IgnoreUnderscoreVars
 		cfg["disable-dec-num-check"] = settings.DisableDecNumCheck
+		cfg["disable-type-dec-num-check"] = settings.DisableTypeDecNumCheck
+		cfg["disable-const-dec-num-check"] = settings.DisableConstDecNumCheck
+		cfg["disable-var-dec-num-check"] = settings.DisableVarDecNumCheck
 		cfg["disable-dec-order-check"] = settings.DisableDecOrderCheck
 		cfg["disable-init-func-first-check"] = settings.DisableInitFuncFirstCheck
 	}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/dupword.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/dupword.go
index f5a99bc0d..6f079ffc8 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/dupword.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/dupword.go
@@ -17,6 +17,7 @@ func NewDupWord(setting *config.DupWordSettings) *goanalysis.Linter {
 	if setting != nil {
 		cfgMap[a.Name] = map[string]any{
 			"keyword": strings.Join(setting.Keywords, ","),
+			"ignore":  strings.Join(setting.Ignore, ","),
 		}
 	}
 
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/exhaustruct.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/exhaustruct.go
index 37ea055d3..5272879e1 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/exhaustruct.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/exhaustruct.go
@@ -1,7 +1,7 @@
 package golinters
 
 import (
-	"github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer"
+	"github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer"
 	"golang.org/x/tools/go/analysis"
 
 	"github.com/golangci/golangci-lint/pkg/config"
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/funlen.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/funlen.go
index aae1623c7..8def9c1f6 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/funlen.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/funlen.go
@@ -52,7 +52,7 @@ func NewFunlen(settings *config.FunlenSettings) *goanalysis.Linter {
 func runFunlen(pass *analysis.Pass, settings *config.FunlenSettings) []goanalysis.Issue {
 	var lintIssues []funlen.Message
 	for _, file := range pass.Files {
-		fileIssues := funlen.Run(file, pass.Fset, settings.Lines, settings.Statements)
+		fileIssues := funlen.Run(file, pass.Fset, settings.Lines, settings.Statements, settings.IgnoreComments)
 		lintIssues = append(lintIssues, fileIssues...)
 	}
 
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/gci.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gci.go
index 4eb26dbdf..386226769 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/gci.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gci.go
@@ -118,7 +118,7 @@ func diffFormattedFilesToArray(paths []string, cfg gcicfg.Config, diffs *[]strin
 	log.InitLogger()
 	defer func() { _ = log.L().Sync() }()
 
-	return gci.ProcessFiles(io.GoFilesInPathsGenerator(paths), cfg, func(filePath string, unmodifiedFile, formattedFile []byte) error {
+	return gci.ProcessFiles(io.GoFilesInPathsGenerator(paths, true), cfg, func(filePath string, unmodifiedFile, formattedFile []byte) error {
 		fileURI := span.URIFromPath(filePath)
 		edits := myers.ComputeEdits(fileURI, string(unmodifiedFile), string(formattedFile))
 		unifiedEdits := gotextdiff.ToUnified(filePath, filePath, string(unmodifiedFile), edits)
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/ginkgolinter.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/ginkgolinter.go
index b9e69b265..8919de15b 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/ginkgolinter.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/ginkgolinter.go
@@ -14,12 +14,14 @@ func NewGinkgoLinter(cfg *config.GinkgoLinterSettings) *goanalysis.Linter {
 	cfgMap := make(map[string]map[string]any)
 	if cfg != nil {
 		cfgMap[a.Name] = map[string]any{
-			"suppress-len-assertion":     cfg.SuppressLenAssertion,
-			"suppress-nil-assertion":     cfg.SuppressNilAssertion,
-			"suppress-err-assertion":     cfg.SuppressErrAssertion,
-			"suppress-compare-assertion": cfg.SuppressCompareAssertion,
-			"suppress-async-assertion":   cfg.SuppressAsyncAssertion,
-			"allow-havelen-0":            cfg.AllowHaveLenZero,
+			"suppress-len-assertion":          cfg.SuppressLenAssertion,
+			"suppress-nil-assertion":          cfg.SuppressNilAssertion,
+			"suppress-err-assertion":          cfg.SuppressErrAssertion,
+			"suppress-compare-assertion":      cfg.SuppressCompareAssertion,
+			"suppress-async-assertion":        cfg.SuppressAsyncAssertion,
+			"suppress-type-compare-assertion": cfg.SuppressTypeCompareWarning,
+			"forbid-focus-container":          cfg.ForbidFocusContainer,
+			"allow-havelen-0":                 cfg.AllowHaveLenZero,
 		}
 	}
 
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/gochecksumtype.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gochecksumtype.go
new file mode 100644
index 000000000..fcc0cad58
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gochecksumtype.go
@@ -0,0 +1,80 @@
+package golinters
+
+import (
+	"strings"
+	"sync"
+
+	gochecksumtype "github.com/alecthomas/go-check-sumtype"
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/packages"
+
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+	"github.com/golangci/golangci-lint/pkg/lint/linter"
+	"github.com/golangci/golangci-lint/pkg/result"
+)
+
+const goCheckSumTypeName = "gochecksumtype"
+
+func NewGoCheckSumType() *goanalysis.Linter {
+	var mu sync.Mutex
+	var resIssues []goanalysis.Issue
+
+	analyzer := &analysis.Analyzer{
+		Name: goCheckSumTypeName,
+		Doc:  goanalysis.TheOnlyanalyzerDoc,
+		Run: func(pass *analysis.Pass) (any, error) {
+			issues, err := runGoCheckSumType(pass)
+			if err != nil {
+				return nil, err
+			}
+
+			if len(issues) == 0 {
+				return nil, nil
+			}
+
+			mu.Lock()
+			resIssues = append(resIssues, issues...)
+			mu.Unlock()
+
+			return nil, nil
+		},
+	}
+
+	return goanalysis.NewLinter(
+		goCheckSumTypeName,
+		`Run exhaustiveness checks on Go "sum types"`,
+		[]*analysis.Analyzer{analyzer},
+		nil,
+	).WithIssuesReporter(func(ctx *linter.Context) []goanalysis.Issue {
+		return resIssues
+	}).WithLoadMode(goanalysis.LoadModeTypesInfo)
+}
+
+func runGoCheckSumType(pass *analysis.Pass) ([]goanalysis.Issue, error) {
+	var resIssues []goanalysis.Issue
+
+	pkg := &packages.Package{
+		Fset:      pass.Fset,
+		Syntax:    pass.Files,
+		Types:     pass.Pkg,
+		TypesInfo: pass.TypesInfo,
+	}
+
+	var unknownError error
+	errors := gochecksumtype.Run([]*packages.Package{pkg})
+	for _, err := range errors {
+		err, ok := err.(gochecksumtype.Error)
+		if !ok {
+			unknownError = err
+			continue
+		}
+
+		resIssues = append(resIssues, goanalysis.NewIssue(&result.Issue{
+			FromLinter: goCheckSumTypeName,
+			Text:       strings.TrimPrefix(err.Error(), err.Pos().String()+": "),
+			Pos:        err.Pos(),
+		}, pass))
+	}
+
+	return resIssues, unknownError
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/gofmt_common.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gofmt_common.go
index cbed4e0bc..6b7184d65 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/gofmt_common.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/gofmt_common.go
@@ -80,6 +80,16 @@ func (p *hunkChangesParser) parseDiffLines(h *diffpkg.Hunk) {
 		ret = append(ret, dl)
 	}
 
+	// if > 0, then the original file had a 'No newline at end of file' mark
+	if h.OrigNoNewlineAt > 0 {
+		dl := diffLine{
+			originalNumber: currentOriginalLineNumber + 1,
+			typ:            diffLineAdded,
+			data:           "",
+		}
+		ret = append(ret, dl)
+	}
+
 	p.lines = ret
 }
 
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/govet.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/govet.go
index 704dd6c57..4e16fb142 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/govet.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/govet.go
@@ -2,6 +2,7 @@ package golinters
 
 import (
 	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/appends"
 	"golang.org/x/tools/go/analysis/passes/asmdecl"
 	"golang.org/x/tools/go/analysis/passes/assign"
 	"golang.org/x/tools/go/analysis/passes/atomic"
@@ -14,6 +15,8 @@ import (
 	"golang.org/x/tools/go/analysis/passes/copylock"
 	_ "golang.org/x/tools/go/analysis/passes/ctrlflow" // unused, internal analyzer
 	"golang.org/x/tools/go/analysis/passes/deepequalerrors"
+	"golang.org/x/tools/go/analysis/passes/defers"
+	"golang.org/x/tools/go/analysis/passes/directive"
 	"golang.org/x/tools/go/analysis/passes/errorsas"
 	"golang.org/x/tools/go/analysis/passes/fieldalignment"
 	"golang.org/x/tools/go/analysis/passes/findcall"
@@ -31,6 +34,7 @@ import (
 	"golang.org/x/tools/go/analysis/passes/shadow"
 	"golang.org/x/tools/go/analysis/passes/shift"
 	"golang.org/x/tools/go/analysis/passes/sigchanyzer"
+	"golang.org/x/tools/go/analysis/passes/slog"
 	"golang.org/x/tools/go/analysis/passes/sortslice"
 	"golang.org/x/tools/go/analysis/passes/stdmethods"
 	"golang.org/x/tools/go/analysis/passes/stringintconv"
@@ -50,6 +54,7 @@ import (
 
 var (
 	allAnalyzers = []*analysis.Analyzer{
+		appends.Analyzer,
 		asmdecl.Analyzer,
 		assign.Analyzer,
 		atomic.Analyzer,
@@ -60,6 +65,8 @@ var (
 		composite.Analyzer,
 		copylock.Analyzer,
 		deepequalerrors.Analyzer,
+		defers.Analyzer,
+		directive.Analyzer,
 		errorsas.Analyzer,
 		fieldalignment.Analyzer,
 		findcall.Analyzer,
@@ -75,6 +82,7 @@ var (
 		shadow.Analyzer,
 		shift.Analyzer,
 		sigchanyzer.Analyzer,
+		slog.Analyzer,
 		sortslice.Analyzer,
 		stdmethods.Analyzer,
 		stringintconv.Analyzer,
@@ -89,8 +97,9 @@ var (
 		unusedwrite.Analyzer,
 	}
 
-	// https://github.com/golang/go/blob/9f834a559c9ed6cdf883e29b36e21e5f956df74f/src/cmd/vet/main.go#L46-L76
+	// https://github.com/golang/go/blob/b56645a87b28840a180d64077877cb46570b4176/src/cmd/vet/main.go#L49-L81
 	defaultAnalyzers = []*analysis.Analyzer{
+		appends.Analyzer,
 		asmdecl.Analyzer,
 		assign.Analyzer,
 		atomic.Analyzer,
@@ -99,6 +108,8 @@ var (
 		cgocall.Analyzer,
 		composite.Analyzer,
 		copylock.Analyzer,
+		defers.Analyzer,
+		directive.Analyzer,
 		errorsas.Analyzer,
 		framepointer.Analyzer,
 		httpresponse.Analyzer,
@@ -109,6 +120,7 @@ var (
 		printf.Analyzer,
 		shift.Analyzer,
 		sigchanyzer.Analyzer,
+		slog.Analyzer,
 		stdmethods.Analyzer,
 		stringintconv.Analyzer,
 		structtag.Analyzer,
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/inamedparam.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/inamedparam.go
new file mode 100644
index 000000000..290630755
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/inamedparam.go
@@ -0,0 +1,19 @@
+package golinters
+
+import (
+	"github.com/macabu/inamedparam"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+)
+
+func NewINamedParam() *goanalysis.Linter {
+	a := inamedparam.Analyzer
+
+	return goanalysis.NewLinter(
+		a.Name,
+		a.Doc,
+		[]*analysis.Analyzer{a},
+		nil,
+	).WithLoadMode(goanalysis.LoadModeSyntax)
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/paralleltest.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/paralleltest.go
index 92201e4e2..4c03952c1 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/paralleltest.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/paralleltest.go
@@ -9,13 +9,14 @@ import (
 )
 
 func NewParallelTest(settings *config.ParallelTestSettings) *goanalysis.Linter {
-	a := paralleltest.Analyzer
+	a := paralleltest.NewAnalyzer()
 
 	var cfg map[string]map[string]any
 	if settings != nil {
 		cfg = map[string]map[string]any{
 			a.Name: {
-				"i": settings.IgnoreMissing,
+				"i":                     settings.IgnoreMissing,
+				"ignoremissingsubtests": settings.IgnoreMissingSubtests,
 			},
 		}
 	}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/perfsprint.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/perfsprint.go
new file mode 100644
index 000000000..fb248a85d
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/perfsprint.go
@@ -0,0 +1,19 @@
+package golinters
+
+import (
+	"github.com/catenacyber/perfsprint/analyzer"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+)
+
+func NewPerfSprint() *goanalysis.Linter {
+	a := analyzer.Analyzer
+
+	return goanalysis.NewLinter(
+		a.Name,
+		a.Doc,
+		[]*analysis.Analyzer{a},
+		nil,
+	).WithLoadMode(goanalysis.LoadModeTypesInfo)
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/protogetter.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/protogetter.go
new file mode 100644
index 000000000..23325ad55
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/protogetter.go
@@ -0,0 +1,59 @@
+package golinters
+
+import (
+	"sync"
+
+	"github.com/ghostiam/protogetter"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+	"github.com/golangci/golangci-lint/pkg/lint/linter"
+	"github.com/golangci/golangci-lint/pkg/result"
+)
+
+func NewProtoGetter() *goanalysis.Linter {
+	var mu sync.Mutex
+	var resIssues []goanalysis.Issue
+
+	a := protogetter.NewAnalyzer()
+	a.Run = func(pass *analysis.Pass) (any, error) {
+		pgIssues := protogetter.Run(pass, protogetter.GolangciLintMode)
+
+		issues := make([]goanalysis.Issue, len(pgIssues))
+		for i, issue := range pgIssues {
+			report := &result.Issue{
+				FromLinter: a.Name,
+				Pos:        issue.Pos,
+				Text:       issue.Message,
+				Replacement: &result.Replacement{
+					Inline: &result.InlineFix{
+						StartCol:  issue.InlineFix.StartCol,
+						Length:    issue.InlineFix.Length,
+						NewString: issue.InlineFix.NewString,
+					},
+				},
+			}
+
+			issues[i] = goanalysis.NewIssue(report, pass)
+		}
+
+		if len(issues) == 0 {
+			return nil, nil
+		}
+
+		mu.Lock()
+		resIssues = append(resIssues, issues...)
+		mu.Unlock()
+
+		return nil, nil
+	}
+
+	return goanalysis.NewLinter(
+		a.Name,
+		a.Doc,
+		[]*analysis.Analyzer{a},
+		nil,
+	).WithIssuesReporter(func(*linter.Context) []goanalysis.Issue {
+		return resIssues
+	}).WithLoadMode(goanalysis.LoadModeTypesInfo)
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/revive.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/revive.go
index b57566e7a..28231957c 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/revive.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/revive.go
@@ -247,7 +247,7 @@ func safeTomlSlice(r []any) []any {
 }
 
 // This element is not exported by revive, so we need copy the code.
-// Extracted from https://github.com/mgechev/revive/blob/v1.3.0/config/config.go#L15
+// Extracted from https://github.com/mgechev/revive/blob/v1.3.4/config/config.go#L15
 var defaultRules = []lint.Rule{
 	&rule.VarDeclarationsRule{},
 	&rule.PackageCommentsRule{},
@@ -267,7 +267,6 @@ var defaultRules = []lint.Rule{
 	&rule.TimeNamingRule{},
 	&rule.ContextKeysType{},
 	&rule.ContextAsArgumentRule{},
-	&rule.IfReturnRule{},
 	&rule.EmptyBlockRule{},
 	&rule.SuperfluousElseRule{},
 	&rule.UnusedParamRule{},
@@ -317,12 +316,17 @@ var allRules = append([]lint.Rule{
 	&rule.FunctionLength{},
 	&rule.NestedStructs{},
 	&rule.UselessBreak{},
+	&rule.UncheckedTypeAssertionRule{},
 	&rule.TimeEqualRule{},
 	&rule.BannedCharsRule{},
 	&rule.OptimizeOperandsOrderRule{},
 	&rule.UseAnyRule{},
 	&rule.DataRaceRule{},
 	&rule.CommentSpacingsRule{},
+	&rule.IfReturnRule{},
+	&rule.RedundantImportAlias{},
+	&rule.ImportAliasNamingRule{},
+	&rule.EnforceMapStyleRule{},
 }, defaultRules...)
 
 const defaultConfidence = 0.8
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/sloglint.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/sloglint.go
new file mode 100644
index 000000000..b506d187f
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/sloglint.go
@@ -0,0 +1,27 @@
+package golinters
+
+import (
+	"go-simpler.org/sloglint"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/config"
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+)
+
+func NewSlogLint(settings *config.SlogLintSettings) *goanalysis.Linter {
+	var opts *sloglint.Options
+	if settings != nil {
+		opts = &sloglint.Options{
+			KVOnly:         settings.KVOnly,
+			AttrOnly:       settings.AttrOnly,
+			NoRawKeys:      settings.NoRawKeys,
+			ArgsOnSepLines: settings.ArgsOnSepLines,
+		}
+	}
+
+	a := sloglint.New(opts)
+
+	return goanalysis.
+		NewLinter(a.Name, a.Doc, []*analysis.Analyzer{a}, nil).
+		WithLoadMode(goanalysis.LoadModeTypesInfo)
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/tagalign.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/tagalign.go
index 07b756464..c23838f70 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/tagalign.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/tagalign.go
@@ -24,6 +24,11 @@ func NewTagAlign(settings *config.TagAlignSettings) *goanalysis.Linter {
 		if settings.Sort || len(settings.Order) > 0 {
 			options = append(options, tagalign.WithSort(settings.Order...))
 		}
+
+		// Strict style will be applied only if Align and Sort are enabled together.
+		if settings.Strict && settings.Align && settings.Sort {
+			options = append(options, tagalign.WithStrictStyle())
+		}
 	}
 
 	analyzer := tagalign.NewAnalyzer(options...)
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/testifylint.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/testifylint.go
new file mode 100644
index 000000000..83bae2868
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/testifylint.go
@@ -0,0 +1,36 @@
+package golinters
+
+import (
+	"github.com/Antonboom/testifylint/analyzer"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/config"
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+)
+
+func NewTestifylint(settings *config.TestifylintSettings) *goanalysis.Linter {
+	a := analyzer.New()
+
+	cfg := make(map[string]map[string]any)
+	if settings != nil {
+		cfg[a.Name] = map[string]any{
+			"enable-all": settings.EnableAll,
+		}
+		if len(settings.EnabledCheckers) > 0 {
+			cfg[a.Name]["enable"] = settings.EnabledCheckers
+		}
+		if p := settings.ExpectedActual.ExpVarPattern; p != "" {
+			cfg[a.Name]["expected-actual.pattern"] = p
+		}
+		if m := settings.SuiteExtraAssertCall.Mode; m != "" {
+			cfg[a.Name]["suite-extra-assert-call.mode"] = m
+		}
+	}
+
+	return goanalysis.NewLinter(
+		a.Name,
+		a.Doc,
+		[]*analysis.Analyzer{a},
+		cfg,
+	).WithLoadMode(goanalysis.LoadModeTypesInfo)
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/golinters/unused.go b/vendor/github.com/golangci/golangci-lint/pkg/golinters/unused.go
index aa9374d34..89ae7e98a 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/golinters/unused.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/golinters/unused.go
@@ -5,6 +5,9 @@ import (
 	"sync"
 
 	"golang.org/x/tools/go/analysis"
+	"honnef.co/go/tools/analysis/facts/directives"
+	"honnef.co/go/tools/analysis/facts/generated"
+	"honnef.co/go/tools/analysis/lint"
 	"honnef.co/go/tools/unused"
 
 	"github.com/golangci/golangci-lint/pkg/config"
@@ -15,11 +18,7 @@ import (
 
 const unusedName = "unused"
 
-type UnusedSettings struct {
-	GoVersion string
-}
-
-func NewUnused(settings *config.StaticCheckSettings) *goanalysis.Linter {
+func NewUnused(settings *config.UnusedSettings, scSettings *config.StaticCheckSettings) *goanalysis.Linter {
 	var mu sync.Mutex
 	var resIssues []goanalysis.Issue
 
@@ -28,11 +27,7 @@ func NewUnused(settings *config.StaticCheckSettings) *goanalysis.Linter {
 		Doc:      unused.Analyzer.Analyzer.Doc,
 		Requires: unused.Analyzer.Analyzer.Requires,
 		Run: func(pass *analysis.Pass) (any, error) {
-			issues, err := runUnused(pass)
-			if err != nil {
-				return nil, err
-			}
-
+			issues := runUnused(pass, settings)
 			if len(issues) == 0 {
 				return nil, nil
 			}
@@ -45,7 +40,7 @@ func NewUnused(settings *config.StaticCheckSettings) *goanalysis.Linter {
 		},
 	}
 
-	setAnalyzerGoVersion(analyzer, getGoVersion(settings))
+	setAnalyzerGoVersion(analyzer, getGoVersion(scSettings))
 
 	return goanalysis.NewLinter(
 		unusedName,
@@ -57,21 +52,18 @@ func NewUnused(settings *config.StaticCheckSettings) *goanalysis.Linter {
 	}).WithLoadMode(goanalysis.LoadModeTypesInfo)
 }
 
-func runUnused(pass *analysis.Pass) ([]goanalysis.Issue, error) {
-	res, err := unused.Analyzer.Analyzer.Run(pass)
-	if err != nil {
-		return nil, err
-	}
+func runUnused(pass *analysis.Pass, cfg *config.UnusedSettings) []goanalysis.Issue {
+	res := getUnusedResults(pass, cfg)
 
 	used := make(map[string]bool)
-	for _, obj := range res.(unused.Result).Used {
+	for _, obj := range res.Used {
 		used[fmt.Sprintf("%s %d %s", obj.Position.Filename, obj.Position.Line, obj.Name)] = true
 	}
 
 	var issues []goanalysis.Issue
 
 	// Inspired by https://github.com/dominikh/go-tools/blob/d694aadcb1f50c2d8ac0a1dd06217ebb9f654764/lintcmd/lint.go#L177-L197
-	for _, object := range res.(unused.Result).Unused {
+	for _, object := range res.Unused {
 		if object.Kind == "type param" {
 			continue
 		}
@@ -90,5 +82,31 @@ func runUnused(pass *analysis.Pass) ([]goanalysis.Issue, error) {
 		issues = append(issues, issue)
 	}
 
-	return issues, nil
+	return issues
+}
+
+func getUnusedResults(pass *analysis.Pass, settings *config.UnusedSettings) unused.Result {
+	opts := unused.Options{
+		FieldWritesAreUses:     settings.FieldWritesAreUses,
+		PostStatementsAreReads: settings.PostStatementsAreReads,
+		ExportedIsUsed:         settings.ExportedIsUsed,
+		ExportedFieldsAreUsed:  settings.ExportedFieldsAreUsed,
+		ParametersAreUsed:      settings.ParametersAreUsed,
+		LocalVariablesAreUsed:  settings.LocalVariablesAreUsed,
+		GeneratedIsUsed:        settings.GeneratedIsUsed,
+	}
+
+	// ref: https://github.com/dominikh/go-tools/blob/4ec1f474ca6c0feb8e10a8fcca4ab95f5b5b9881/internal/cmd/unused/unused.go#L68
+	nodes := unused.Graph(pass.Fset,
+		pass.Files,
+		pass.Pkg,
+		pass.TypesInfo,
+		pass.ResultOf[directives.Analyzer].([]lint.Directive),
+		pass.ResultOf[generated.Analyzer].(map[string]generated.Generator),
+		opts,
+	)
+
+	sg := unused.SerializedGraph{}
+	sg.Merge(nodes)
+	return sg.Results()
 }
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/lint/linter/config.go b/vendor/github.com/golangci/golangci-lint/pkg/lint/linter/config.go
index 5891ec277..c911b5613 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/lint/linter/config.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/lint/linter/config.go
@@ -42,6 +42,7 @@ type Config struct {
 	AlternativeNames []string
 
 	OriginalURL     string // URL of original (not forked) repo, needed for autogenerated README
+	Internal        bool   // Internal linters cannot be disabled (ex: typecheck).
 	CanAutoFix      bool
 	IsSlow          bool
 	DoesChangeTypes bool
@@ -55,6 +56,11 @@ func (lc *Config) WithEnabledByDefault() *Config {
 	return lc
 }
 
+func (lc *Config) WithInternal() *Config {
+	lc.Internal = true
+	return lc
+}
+
 func (lc *Config) ConsiderSlow() *Config {
 	lc.IsSlow = true
 	return lc
@@ -128,7 +134,7 @@ func (lc *Config) Name() string {
 }
 
 func (lc *Config) WithNoopFallback(cfg *config.Config) *Config {
-	if cfg != nil && config.IsGreaterThanOrEqualGo118(cfg.Run.Go) {
+	if cfg != nil && config.IsGreaterThanOrEqualGo121(cfg.Run.Go) {
 		lc.Linter = &Noop{
 			name: lc.Linter.Name(),
 			desc: lc.Linter.Desc(),
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/custom_linters.go b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/custom_linters.go
new file mode 100644
index 000000000..d0eaa7905
--- /dev/null
+++ b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/custom_linters.go
@@ -0,0 +1,131 @@
+package lintersdb
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"plugin"
+
+	"github.com/hashicorp/go-multierror"
+	"github.com/spf13/viper"
+	"golang.org/x/tools/go/analysis"
+
+	"github.com/golangci/golangci-lint/pkg/config"
+	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
+	"github.com/golangci/golangci-lint/pkg/lint/linter"
+)
+
+type AnalyzerPlugin interface {
+	GetAnalyzers() []*analysis.Analyzer
+}
+
+// getCustomLinterConfigs loads private linters that are specified in the golangci config file.
+func (m *Manager) getCustomLinterConfigs() []*linter.Config {
+	if m.cfg == nil || m.log == nil {
+		return nil
+	}
+
+	var linters []*linter.Config
+
+	for name, settings := range m.cfg.LintersSettings.Custom {
+		lc, err := m.loadCustomLinterConfig(name, settings)
+		if err != nil {
+			m.log.Errorf("Unable to load custom analyzer %s:%s, %v", name, settings.Path, err)
+		} else {
+			linters = append(linters, lc)
+		}
+	}
+
+	return linters
+}
+
+// loadCustomLinterConfig loads the configuration of private linters.
+// Private linters are dynamically loaded from .so plugin files.
+func (m *Manager) loadCustomLinterConfig(name string, settings config.CustomLinterSettings) (*linter.Config, error) {
+	analyzers, err := m.getAnalyzerPlugin(settings.Path, settings.Settings)
+	if err != nil {
+		return nil, err
+	}
+
+	m.log.Infof("Loaded %s: %s", settings.Path, name)
+
+	customLinter := goanalysis.NewLinter(name, settings.Description, analyzers, nil).
+		WithLoadMode(goanalysis.LoadModeTypesInfo)
+
+	linterConfig := linter.NewConfig(customLinter).
+		WithEnabledByDefault().
+		WithLoadForGoAnalysis().
+		WithURL(settings.OriginalURL)
+
+	return linterConfig, nil
+}
+
+// getAnalyzerPlugin loads a private linter as specified in the config file,
+// loads the plugin from a .so file,
+// and returns the 'AnalyzerPlugin' interface implemented by the private plugin.
+// An error is returned if the private linter cannot be loaded
+// or the linter does not implement the AnalyzerPlugin interface.
+func (m *Manager) getAnalyzerPlugin(path string, settings any) ([]*analysis.Analyzer, error) {
+	if !filepath.IsAbs(path) {
+		// resolve non-absolute paths relative to config file's directory
+		configFilePath := viper.ConfigFileUsed()
+		absConfigFilePath, err := filepath.Abs(configFilePath)
+		if err != nil {
+			return nil, fmt.Errorf("could not get absolute representation of config file path %q: %v", configFilePath, err)
+		}
+		path = filepath.Join(filepath.Dir(absConfigFilePath), path)
+	}
+
+	plug, err := plugin.Open(path)
+	if err != nil {
+		return nil, err
+	}
+
+	analyzers, err := m.lookupPlugin(plug, settings)
+	if err != nil {
+		return nil, fmt.Errorf("lookup plugin %s: %w", path, err)
+	}
+
+	return analyzers, nil
+}
+
+func (m *Manager) lookupPlugin(plug *plugin.Plugin, settings any) ([]*analysis.Analyzer, error) {
+	symbol, err := plug.Lookup("New")
+	if err != nil {
+		analyzers, errP := m.lookupAnalyzerPlugin(plug)
+		if errP != nil {
+			// TODO(ldez): use `errors.Join` when we will upgrade to go1.20.
+			return nil, multierror.Append(err, errP)
+		}
+
+		return analyzers, nil
+	}
+
+	// The type func cannot be used here, must be the explicit signature.
+	constructor, ok := symbol.(func(any) ([]*analysis.Analyzer, error))
+	if !ok {
+		return nil, fmt.Errorf("plugin does not abide by 'New' function: %T", symbol)
+	}
+
+	return constructor(settings)
+}
+
+func (m *Manager) lookupAnalyzerPlugin(plug *plugin.Plugin) ([]*analysis.Analyzer, error) {
+	symbol, err := plug.Lookup("AnalyzerPlugin")
+	if err != nil {
+		return nil, err
+	}
+
+	// TODO(ldez): remove this env var (but keep the log) in the next minor version (v1.55.0)
+	if _, ok := os.LookupEnv("GOLANGCI_LINT_HIDE_WARNING_ABOUT_PLUGIN_API_DEPRECATION"); !ok {
+		m.log.Warnf("plugin: 'AnalyzerPlugin' plugins are deprecated, please use the new plugin signature: " +
+			"https://golangci-lint.run/contributing/new-linters/#create-a-plugin")
+	}
+
+	analyzerPlugin, ok := symbol.(AnalyzerPlugin)
+	if !ok {
+		return nil, fmt.Errorf("plugin does not abide by 'AnalyzerPlugin' interface: %T", symbol)
+	}
+
+	return analyzerPlugin.GetAnalyzers(), nil
+}
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/enabled_set.go b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/enabled_set.go
index 92615b57a..c5c7874e4 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/enabled_set.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/enabled_set.go
@@ -31,8 +31,10 @@ func NewEnabledSet(m *Manager, v *Validator, log logutils.Log, cfg *config.Confi
 	}
 }
 
+//nolint:gocyclo // the complexity cannot be reduced.
 func (es EnabledSet) build(lcfg *config.Linters, enabledByDefaultLinters []*linter.Config) map[string]*linter.Config {
 	es.debugf("Linters config: %#v", lcfg)
+
 	resultLintersSet := map[string]*linter.Config{}
 	switch {
 	case len(lcfg.Presets) != 0:
@@ -78,6 +80,14 @@ func (es EnabledSet) build(lcfg *config.Linters, enabledByDefaultLinters []*lint
 		}
 	}
 
+	// typecheck is not a real linter and cannot be disabled.
+	if _, ok := resultLintersSet["typecheck"]; !ok && (es.cfg == nil || !es.cfg.InternalCmdTest) {
+		for _, lc := range es.m.GetLinterConfigs("typecheck") {
+			// it's important to use lc.Name() nor name because name can be alias
+			resultLintersSet[lc.Name()] = lc
+		}
+	}
+
 	return resultLintersSet
 }
 
@@ -134,8 +144,8 @@ func (es EnabledSet) GetOptimizedLinters() ([]*linter.Config, error) {
 func (es EnabledSet) combineGoAnalysisLinters(linters map[string]*linter.Config) {
 	var goanalysisLinters []*goanalysis.Linter
 	goanalysisPresets := map[string]bool{}
-	for _, linter := range linters {
-		lnt, ok := linter.Linter.(*goanalysis.Linter)
+	for _, lc := range linters {
+		lnt, ok := lc.Linter.(*goanalysis.Linter)
 		if !ok {
 			continue
 		}
@@ -144,7 +154,7 @@ func (es EnabledSet) combineGoAnalysisLinters(linters map[string]*linter.Config)
 			continue
 		}
 		goanalysisLinters = append(goanalysisLinters, lnt)
-		for _, p := range linter.InPresets {
+		for _, p := range lc.InPresets {
 			goanalysisPresets[p] = true
 		}
 	}
@@ -197,6 +207,10 @@ func (es EnabledSet) combineGoAnalysisLinters(linters map[string]*linter.Config)
 func (es EnabledSet) verbosePrintLintersStatus(lcs map[string]*linter.Config) {
 	var linterNames []string
 	for _, lc := range lcs {
+		if lc.Internal {
+			continue
+		}
+
 		linterNames = append(linterNames, lc.Name())
 	}
 	sort.StringSlice(linterNames).Sort()
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/manager.go b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/manager.go
index 5a04fe193..fd329ce57 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/manager.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/lint/lintersdb/manager.go
@@ -1,29 +1,25 @@
 package lintersdb
 
 import (
-	"fmt"
-	"path/filepath"
-	"plugin"
-
-	"github.com/spf13/viper"
-	"golang.org/x/tools/go/analysis"
+	"regexp"
 
 	"github.com/golangci/golangci-lint/pkg/config"
 	"github.com/golangci/golangci-lint/pkg/golinters"
-	"github.com/golangci/golangci-lint/pkg/golinters/goanalysis"
 	"github.com/golangci/golangci-lint/pkg/lint/linter"
 	"github.com/golangci/golangci-lint/pkg/logutils"
-	"github.com/golangci/golangci-lint/pkg/report"
 )
 
 type Manager struct {
-	nameToLCs map[string][]*linter.Config
-	cfg       *config.Config
-	log       logutils.Log
+	cfg *config.Config
+	log logutils.Log
+
+	nameToLCs     map[string][]*linter.Config
+	customLinters []*linter.Config
 }
 
 func NewManager(cfg *config.Config, log logutils.Log) *Manager {
 	m := &Manager{cfg: cfg, log: log}
+	m.customLinters = m.getCustomLinterConfigs()
 
 	nameToLCs := make(map[string][]*linter.Config)
 	for _, lc := range m.GetAllSupportedLinterConfigs() {
@@ -37,28 +33,6 @@ func NewManager(cfg *config.Config, log logutils.Log) *Manager {
 	return m
 }
 
-// WithCustomLinters loads private linters that are specified in the golangci config file.
-func (m *Manager) WithCustomLinters() *Manager {
-	if m.log == nil {
-		m.log = report.NewLogWrapper(logutils.NewStderrLog(logutils.DebugKeyEmpty), &report.Data{})
-	}
-	if m.cfg != nil {
-		for name, settings := range m.cfg.LintersSettings.Custom {
-			lc, err := m.loadCustomLinterConfig(name, settings)
-
-			if err != nil {
-				m.log.Errorf("Unable to load custom analyzer %s:%s, %v",
-					name,
-					settings.Path,
-					err)
-			} else {
-				m.nameToLCs[name] = append(m.nameToLCs[name], lc)
-			}
-		}
-	}
-	return m
-}
-
 func (Manager) AllPresets() []string {
 	return []string{
 		linter.PresetBugs,
@@ -153,16 +127,18 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 		reassignCfg         *config.ReassignSettings
 		reviveCfg           *config.ReviveSettings
 		rowserrcheckCfg     *config.RowsErrCheckSettings
+		sloglintCfg         *config.SlogLintSettings
 		staticcheckCfg      *config.StaticCheckSettings
 		structcheckCfg      *config.StructCheckSettings
 		stylecheckCfg       *config.StaticCheckSettings
 		tagalignCfg         *config.TagAlignSettings
 		tagliatelleCfg      *config.TagliatelleSettings
 		tenvCfg             *config.TenvSettings
+		testifylintCfg      *config.TestifylintSettings
 		testpackageCfg      *config.TestpackageSettings
 		thelperCfg          *config.ThelperSettings
 		unparamCfg          *config.UnparamSettings
-		unusedCfg           *config.StaticCheckSettings
+		unusedCfg           *config.UnusedSettings
 		usestdlibvars       *config.UseStdlibVarsSettings
 		varcheckCfg         *config.VarCheckSettings
 		varnamelenCfg       *config.VarnamelenSettings
@@ -233,16 +209,18 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 		reassignCfg = &m.cfg.LintersSettings.Reassign
 		reviveCfg = &m.cfg.LintersSettings.Revive
 		rowserrcheckCfg = &m.cfg.LintersSettings.RowsErrCheck
+		sloglintCfg = &m.cfg.LintersSettings.SlogLint
 		staticcheckCfg = &m.cfg.LintersSettings.Staticcheck
 		structcheckCfg = &m.cfg.LintersSettings.Structcheck
 		stylecheckCfg = &m.cfg.LintersSettings.Stylecheck
 		tagalignCfg = &m.cfg.LintersSettings.TagAlign
 		tagliatelleCfg = &m.cfg.LintersSettings.Tagliatelle
 		tenvCfg = &m.cfg.LintersSettings.Tenv
+		testifylintCfg = &m.cfg.LintersSettings.Testifylint
 		testpackageCfg = &m.cfg.LintersSettings.Testpackage
 		thelperCfg = &m.cfg.LintersSettings.Thelper
 		unparamCfg = &m.cfg.LintersSettings.Unparam
-		unusedCfg = new(config.StaticCheckSettings)
+		unusedCfg = &m.cfg.LintersSettings.Unused
 		usestdlibvars = &m.cfg.LintersSettings.UseStdlibVars
 		varcheckCfg = &m.cfg.LintersSettings.Varcheck
 		varnamelenCfg = &m.cfg.LintersSettings.Varnamelen
@@ -255,7 +233,7 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 		}
 
 		if gocriticCfg != nil {
-			gocriticCfg.Go = m.cfg.Run.Go
+			gocriticCfg.Go = trimGoVersion(m.cfg.Run.Go)
 		}
 
 		if gofumptCfg != nil && gofumptCfg.LangVersion == "" {
@@ -263,24 +241,24 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 		}
 
 		if staticcheckCfg != nil && staticcheckCfg.GoVersion == "" {
-			staticcheckCfg.GoVersion = m.cfg.Run.Go
+			staticcheckCfg.GoVersion = trimGoVersion(m.cfg.Run.Go)
 		}
 		if gosimpleCfg != nil && gosimpleCfg.GoVersion == "" {
-			gosimpleCfg.GoVersion = m.cfg.Run.Go
+			gosimpleCfg.GoVersion = trimGoVersion(m.cfg.Run.Go)
 		}
 		if stylecheckCfg != nil && stylecheckCfg.GoVersion != "" {
-			stylecheckCfg.GoVersion = m.cfg.Run.Go
-		}
-		if unusedCfg != nil && unusedCfg.GoVersion == "" {
-			unusedCfg.GoVersion = m.cfg.Run.Go
+			stylecheckCfg.GoVersion = trimGoVersion(m.cfg.Run.Go)
 		}
 	}
 
 	const megacheckName = "megacheck"
 
+	var linters []*linter.Config
+	linters = append(linters, m.customLinters...)
+
 	// The linters are sorted in the alphabetical order (case-insensitive).
 	// When a new linter is added the version in `WithSince(...)` must be the next minor version of golangci-lint.
-	return []*linter.Config{
+	linters = append(linters,
 		linter.NewConfig(golinters.NewAsasalint(asasalintCfg)).
 			WithSince("1.47.0").
 			WithPresets(linter.PresetBugs).
@@ -462,6 +440,12 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithSince("v1.12.0").
 			WithPresets(linter.PresetStyle),
 
+		linter.NewConfig(golinters.NewGoCheckSumType()).
+			WithSince("v1.55.0").
+			WithPresets(linter.PresetBugs).
+			WithLoadForGoAnalysis().
+			WithURL("https://github.com/alecthomas/go-check-sumtype"),
+
 		linter.NewConfig(golinters.NewGocognit(gocognitCfg)).
 			WithSince("v1.20.0").
 			WithPresets(linter.PresetComplexity).
@@ -596,6 +580,11 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithLoadForGoAnalysis().
 			WithURL("https://github.com/julz/importas"),
 
+		linter.NewConfig(golinters.NewINamedParam()).
+			WithSince("v1.55.0").
+			WithPresets(linter.PresetStyle).
+			WithURL("https://github.com/macabu/inamedparam"),
+
 		linter.NewConfig(golinters.NewIneffassign()).
 			WithEnabledByDefault().
 			WithSince("v1.0.0").
@@ -723,6 +712,12 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithPresets(linter.PresetStyle, linter.PresetTest).
 			WithURL("https://github.com/kunwardeep/paralleltest"),
 
+		linter.NewConfig(golinters.NewPerfSprint()).
+			WithSince("v1.55.0").
+			WithLoadForGoAnalysis().
+			WithPresets(linter.PresetPerformance).
+			WithURL("https://github.com/catenacyber/perfsprint"),
+
 		linter.NewConfig(golinters.NewPreAlloc(preallocCfg)).
 			WithSince("v1.19.0").
 			WithPresets(linter.PresetPerformance).
@@ -738,6 +733,13 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithPresets(linter.PresetStyle).
 			WithURL("https://github.com/yeya24/promlinter"),
 
+		linter.NewConfig(golinters.NewProtoGetter()).
+			WithSince("v1.55.0").
+			WithPresets(linter.PresetBugs).
+			WithLoadForGoAnalysis().
+			WithAutoFix().
+			WithURL("https://github.com/ghostiam/protogetter"),
+
 		linter.NewConfig(golinters.NewReassign(reassignCfg)).
 			WithSince("1.49.0").
 			WithPresets(linter.PresetBugs).
@@ -756,6 +758,12 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithPresets(linter.PresetBugs, linter.PresetSQL).
 			WithURL("https://github.com/jingyugao/rowserrcheck"),
 
+		linter.NewConfig(golinters.NewSlogLint(sloglintCfg)).
+			WithSince("v1.55.0").
+			WithLoadForGoAnalysis().
+			WithPresets(linter.PresetStyle, linter.PresetFormatting).
+			WithURL("https://github.com/go-simpler/sloglint"),
+
 		linter.NewConfig(golinters.NewScopelint()).
 			WithSince("v1.12.0").
 			WithPresets(linter.PresetBugs).
@@ -811,6 +819,12 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithPresets(linter.PresetTest).
 			WithURL("https://github.com/maratori/testableexamples"),
 
+		linter.NewConfig(golinters.NewTestifylint(testifylintCfg)).
+			WithSince("v1.55.0").
+			WithPresets(linter.PresetTest, linter.PresetBugs).
+			WithLoadForGoAnalysis().
+			WithURL("https://github.com/Antonboom/testifylint"),
+
 		linter.NewConfig(golinters.NewTestpackage(testpackageCfg)).
 			WithSince("v1.25.0").
 			WithPresets(linter.PresetStyle, linter.PresetTest).
@@ -829,6 +843,7 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithURL("https://github.com/moricho/tparallel"),
 
 		linter.NewConfig(golinters.NewTypecheck()).
+			WithInternal().
 			WithEnabledByDefault().
 			WithSince("v1.3.0").
 			WithLoadForGoAnalysis().
@@ -847,7 +862,7 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithLoadForGoAnalysis().
 			WithURL("https://github.com/mvdan/unparam"),
 
-		linter.NewConfig(golinters.NewUnused(unusedCfg)).
+		linter.NewConfig(golinters.NewUnused(unusedCfg, staticcheckCfg)).
 			WithEnabledByDefault().
 			WithSince("v1.20.0").
 			WithLoadForGoAnalysis().
@@ -898,18 +913,20 @@ func (m Manager) GetAllSupportedLinterConfigs() []*linter.Config {
 			WithPresets(linter.PresetStyle).
 			WithURL("https://github.com/bombsimon/wsl"),
 
+		linter.NewConfig(golinters.NewZerologLint()).
+			WithSince("v1.53.0").
+			WithPresets(linter.PresetBugs).
+			WithLoadForGoAnalysis().
+			WithURL("https://github.com/ykadowak/zerologlint"),
+
 		// nolintlint must be last because it looks at the results of all the previous linters for unused nolint directives
 		linter.NewConfig(golinters.NewNoLintLint(noLintLintCfg)).
 			WithSince("v1.26.0").
 			WithPresets(linter.PresetStyle).
 			WithURL("https://github.com/golangci/golangci-lint/blob/master/pkg/golinters/nolintlint/README.md"),
+	)
 
-		linter.NewConfig(golinters.NewZerologLint()).
-			WithSince("v1.53.0").
-			WithPresets(linter.PresetBugs).
-			WithLoadForGoAnalysis().
-			WithURL("https://github.com/ykadowak/zerologlint"),
-	}
+	return linters
 }
 
 func (m Manager) GetAllEnabledByDefaultLinters() []*linter.Config {
@@ -951,62 +968,20 @@ func (m Manager) GetAllLinterConfigsForPreset(p string) []*linter.Config {
 	return ret
 }
 
-// loadCustomLinterConfig loads the configuration of private linters.
-// Private linters are dynamically loaded from .so plugin files.
-func (m Manager) loadCustomLinterConfig(name string, settings config.CustomLinterSettings) (*linter.Config, error) {
-	analyzer, err := m.getAnalyzerPlugin(settings.Path)
-	if err != nil {
-		return nil, err
-	}
-	m.log.Infof("Loaded %s: %s", settings.Path, name)
-	customLinter := goanalysis.NewLinter(
-		name,
-		settings.Description,
-		analyzer.GetAnalyzers(),
-		nil).WithLoadMode(goanalysis.LoadModeTypesInfo)
-
-	linterConfig := linter.NewConfig(customLinter).
-		WithEnabledByDefault().
-		WithLoadForGoAnalysis().
-		WithURL(settings.OriginalURL)
-
-	return linterConfig, nil
-}
-
-type AnalyzerPlugin interface {
-	GetAnalyzers() []*analysis.Analyzer
-}
-
-// getAnalyzerPlugin loads a private linter as specified in the config file,
-// loads the plugin from a .so file, and returns the 'AnalyzerPlugin' interface
-// implemented by the private plugin.
-// An error is returned if the private linter cannot be loaded or the linter
-// does not implement the AnalyzerPlugin interface.
-func (m Manager) getAnalyzerPlugin(path string) (AnalyzerPlugin, error) {
-	if !filepath.IsAbs(path) {
-		// resolve non-absolute paths relative to config file's directory
-		configFilePath := viper.ConfigFileUsed()
-		absConfigFilePath, err := filepath.Abs(configFilePath)
-		if err != nil {
-			return nil, fmt.Errorf("could not get absolute representation of config file path %q: %v", configFilePath, err)
-		}
-		path = filepath.Join(filepath.Dir(absConfigFilePath), path)
+// Trims the Go version to keep only M.m.
+// Since Go 1.21 the version inside the go.mod can be a patched version (ex: 1.21.0).
+// https://go.dev/doc/toolchain#versions
+// This a problem with staticcheck and gocritic.
+func trimGoVersion(v string) string {
+	if v == "" {
+		return ""
 	}
 
-	plug, err := plugin.Open(path)
-	if err != nil {
-		return nil, err
-	}
-
-	symbol, err := plug.Lookup("AnalyzerPlugin")
-	if err != nil {
-		return nil, err
-	}
+	exp := regexp.MustCompile(`(\d\.\d+)\.\d+`)
 
-	analyzerPlugin, ok := symbol.(AnalyzerPlugin)
-	if !ok {
-		return nil, fmt.Errorf("plugin %s does not abide by 'AnalyzerPlugin' interface", path)
+	if exp.MatchString(v) {
+		return exp.FindStringSubmatch(v)[1]
 	}
 
-	return analyzerPlugin, nil
+	return v
 }
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/logutils/logutils.go b/vendor/github.com/golangci/golangci-lint/pkg/logutils/logutils.go
index 80c9fed7a..94479bc7b 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/logutils/logutils.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/logutils/logutils.go
@@ -59,7 +59,7 @@ const (
 	DebugKeyGoCritic  = "gocritic"  // Debugs `go-critic` linter.
 	DebugKeyMegacheck = "megacheck" // Debugs `staticcheck` related linters.
 	DebugKeyNolint    = "nolint"    // Debugs a filter excluding issues by `//nolint` comments.
-	DebugKeyRevive    = "revive"    // Debugs `revice` linter.
+	DebugKeyRevive    = "revive"    // Debugs `revive` linter.
 )
 
 func getEnabledDebugs() map[string]bool {
diff --git a/vendor/github.com/golangci/golangci-lint/pkg/printers/github.go b/vendor/github.com/golangci/golangci-lint/pkg/printers/github.go
index 7f148097a..c1da9df9c 100644
--- a/vendor/github.com/golangci/golangci-lint/pkg/printers/github.go
+++ b/vendor/github.com/golangci/golangci-lint/pkg/printers/github.go
@@ -3,6 +3,7 @@ package printers
 import (
 	"fmt"
 	"io"
+	"path/filepath"
 
 	"github.com/golangci/golangci-lint/pkg/result"
 )
@@ -26,7 +27,12 @@ func formatIssueAsGithub(issue *result.Issue) string {
 		severity = issue.Severity
 	}
 
-	ret := fmt.Sprintf("::%s file=%s,line=%d", severity, issue.FilePath(), issue.Line())
+	// Convert backslashes to forward slashes.
+	// This is needed when running on windows.
+	// Otherwise, GitHub won't be able to show the annotations pointing to the file path with backslashes.
+	file := filepath.ToSlash(issue.FilePath())
+
+	ret := fmt.Sprintf("::%s file=%s,line=%d", severity, file, issue.Line())
 	if issue.Pos.Column != 0 {
 		ret += fmt.Sprintf(",col=%d", issue.Pos.Column)
 	}
diff --git a/vendor/github.com/golangci/misspell/.golangci.yml b/vendor/github.com/golangci/misspell/.golangci.yml
index 1a53216ae..31c566eab 100644
--- a/vendor/github.com/golangci/misspell/.golangci.yml
+++ b/vendor/github.com/golangci/misspell/.golangci.yml
@@ -21,10 +21,13 @@ linters-settings:
   gofumpt:
     extra-rules: true
   depguard:
-    list-type: blacklist
-    include-go-root: false
-    packages:
-      - github.com/pkg/errors
+    rules:
+      main:
+        deny:
+          - pkg: "github.com/instana/testify"
+            desc: not allowed
+          - pkg: "github.com/pkg/errors"
+            desc: Should be replaced by standard lib errors package
   godox:
     keywords:
       - FIXME
diff --git a/vendor/github.com/golangci/misspell/Dockerfile b/vendor/github.com/golangci/misspell/Dockerfile
index ce55fe61b..788ce3a77 100644
--- a/vendor/github.com/golangci/misspell/Dockerfile
+++ b/vendor/github.com/golangci/misspell/Dockerfile
@@ -1,7 +1,7 @@
-FROM golang:1.10.0-alpine
+FROM golang:1.19-alpine
 
 # cache buster
-RUN echo 4 
+RUN echo 4
 
 # git is needed for "go get" below
 RUN apk add --no-cache git make
@@ -32,3 +32,4 @@ RUN /bin/true \
   && wget -O /scowl-wl/words-US-60.txt ${SOURCE_US} \
   && wget -O /scowl-wl/words-GB-ise-60.txt ${SOURCE_GB_ISE} 
 
+RUN git config --global --add safe.directory "/go/src/github.com/golangci/misspell"
diff --git a/vendor/github.com/golangci/misspell/Makefile b/vendor/github.com/golangci/misspell/Makefile
index e64a84b55..783f977cb 100644
--- a/vendor/github.com/golangci/misspell/Makefile
+++ b/vendor/github.com/golangci/misspell/Makefile
@@ -1,11 +1,11 @@
-CONTAINER=nickg/misspell
+CONTAINER=golangci/misspell
 
 default: lint test build
 
 install:  ## install misspell into GOPATH/bin
 	go install ./cmd/misspell
 
-build:  ## build and lint misspell
+build:  ## build misspell
 	go build ./cmd/misspell
 
 test:  ## run all tests
@@ -14,10 +14,6 @@ test:  ## run all tests
 lint:  ## run linter
 	golangci-lint run
 
-# real publishing is done only by travis
-publish:  ## test goreleaser
-	./scripts/goreleaser-dryrun.sh
-
 # the grep in line 2 is to remove misspellings in the spelling dictionary
 # that trigger false positives!!
 falsepositives: /scowl-wl
@@ -42,19 +38,16 @@ clean:  ## clean up time
 	go clean ./...
 	git gc --aggressive
 
-ci:  ## run test like travis-ci does, requires docker
+ci: docker-build ## run test like travis-ci does, requires docker
 	docker run --rm \
 		-v $(PWD):/go/src/github.com/golangci/misspell \
 		-w /go/src/github.com/golangci/misspell \
 		${CONTAINER} \
-		make build falsepositives
+		make install falsepositives
 
 docker-build:  ## build a docker test image
 	docker build -t ${CONTAINER} .
 
-docker-pull:  ## pull latest test image
-	docker pull ${CONTAINER}
-
 docker-console:  ## log into the test image
 	docker run --rm -it \
 		-v $(PWD):/go/src/github.com/golangci/misspell \
diff --git a/vendor/github.com/golangci/misspell/case.go b/vendor/github.com/golangci/misspell/case.go
index 88ad44fa8..0b580bedb 100644
--- a/vendor/github.com/golangci/misspell/case.go
+++ b/vendor/github.com/golangci/misspell/case.go
@@ -43,9 +43,9 @@ func CaseStyle(word string) WordCase {
 }
 
 // CaseVariations returns:
-// If AllUpper or First-Letter-Only is upcased: add the all upper case version.
-// If AllLower, add the original, the title and upcase forms.
-// If Mixed, return the original, and the all upcase form.
+// If AllUpper or First-Letter-Only is upper-cased: add the all upper case version.
+// If AllLower, add the original, the title and  upper-case forms.
+// If Mixed, return the original, and the all  upper-case form.
 func CaseVariations(word string, style WordCase) []string {
 	switch style {
 	case CaseLower:
diff --git a/vendor/github.com/golangci/misspell/goreleaser.yml b/vendor/github.com/golangci/misspell/goreleaser.yml
index b4c8c099c..97aa83e5a 100644
--- a/vendor/github.com/golangci/misspell/goreleaser.yml
+++ b/vendor/github.com/golangci/misspell/goreleaser.yml
@@ -1,8 +1,7 @@
 project_name: misspell
 
 builds:
-  -
-    main: cmd/misspell/main.go
+  - main: cmd/misspell/main.go
     binary: misspell
     ldflags: -s -w -X main.version={{.Version}}
     goos:
diff --git a/vendor/github.com/golangci/misspell/install-misspell.sh b/vendor/github.com/golangci/misspell/install-misspell.sh
index e24a84a20..51e9b3372 100644
--- a/vendor/github.com/golangci/misspell/install-misspell.sh
+++ b/vendor/github.com/golangci/misspell/install-misspell.sh
@@ -6,12 +6,12 @@ set -e
 usage() {
   this=$1
   cat <<EOF
-$this: download go binaries for client9/misspell
+$this: download go binaries for golangci/misspell
 
 Usage: $this [-b] bindir [tag]
   -b sets bindir or installation directory, Defaults to ./bin
    [tag] is a tag from
-   https://github.com/client9/misspell/releases
+   https://github.com/golangci/misspell/releases
    If tag is missing, then an attempt to find the latest will be found.
 
    Consider setting GITHUB_TOKEN to avoid triggering GitHub rate limits.
@@ -63,6 +63,8 @@ is_supported_platform() {
     darwin/amd64) found=0 ;;
     linux/amd64) found=0 ;;
     windows/amd64) found=0 ;;
+    darwin/arm64) found=0 ;;
+    linux/arm64) found=0 ;;
   esac
   case "$platform" in
     darwin/386) found=1 ;;
@@ -95,7 +97,8 @@ adjust_os() {
   # adjust archive name based on OS
   case ${OS} in
     386) OS=32bit ;;
-    amd64) OS=64bit ;;
+    amd64) OS=amd64 ;;
+    arm64) OS=64bit ;;
     darwin) OS=mac ;;
   esac
   true
@@ -316,7 +319,7 @@ End of functions from https://github.com/client9/shlib
 ------------------------------------------------------------------------
 EOF
 
-OWNER=client9
+OWNER=golangci
 REPO="misspell"
 BINARY=misspell
 FORMAT=tar.gz
diff --git a/vendor/github.com/golangci/misspell/replace.go b/vendor/github.com/golangci/misspell/replace.go
index 68d904b0d..bcfcf8deb 100644
--- a/vendor/github.com/golangci/misspell/replace.go
+++ b/vendor/github.com/golangci/misspell/replace.go
@@ -18,7 +18,7 @@ func max(x, y int) int {
 
 func inArray(haystack []string, needle string) bool {
 	for _, word := range haystack {
-		if needle == word {
+		if strings.EqualFold(needle, word) {
 			return true
 		}
 	}
@@ -55,6 +55,7 @@ func New() *Replacer {
 }
 
 // RemoveRule deletes existing rules.
+// The content of `ignore` is case-insensitive.
 // TODO: make in place to save memory.
 func (r *Replacer) RemoveRule(ignore []string) {
 	newWords := make([]string, 0, len(r.Replacements))
diff --git a/vendor/github.com/golangci/revgrep/.golangci.yml b/vendor/github.com/golangci/revgrep/.golangci.yml
index b8ed6204f..02ed5ec84 100644
--- a/vendor/github.com/golangci/revgrep/.golangci.yml
+++ b/vendor/github.com/golangci/revgrep/.golangci.yml
@@ -28,12 +28,20 @@ linters-settings:
 linters:
   enable-all: true
   disable:
-    - maligned # Deprecated
-    - scopelint # Deprecated
-    - golint # Deprecated
-    - interfacer # Deprecated
-    - exhaustivestruct # Deprecated
+    - deadcode # deprecated
+    - exhaustivestruct # deprecated
+    - golint # deprecated
+    - ifshort # deprecated
+    - interfacer # deprecated
+    - maligned # deprecated
+    - nosnakecase # deprecated
+    - scopelint # deprecated
+    - structcheck # deprecated
+    - varcheck # deprecated
     - cyclop # duplicate of gocyclo
+    - sqlclosecheck # not relevant (SQL)
+    - rowserrcheck # not relevant (SQL)
+    - execinquery # not relevant (SQL)
     - dupl
     - lll
     - nestif
@@ -54,6 +62,7 @@ linters:
     - nosnakecase
     - nonamedreturns
     - nilerr
+    - depguard
 
 issues:
   exclude-use-default: false
diff --git a/vendor/github.com/golangci/revgrep/revgrep.go b/vendor/github.com/golangci/revgrep/revgrep.go
index 4b990fa04..7796b1c01 100644
--- a/vendor/github.com/golangci/revgrep/revgrep.go
+++ b/vendor/github.com/golangci/revgrep/revgrep.go
@@ -1,3 +1,4 @@
+// Package revgrep filter static analysis tools to only lines changed based on a commit reference.
 package revgrep
 
 import (
@@ -17,31 +18,26 @@ import (
 // Checker provides APIs to filter static analysis tools to specific commits,
 // such as showing only issues since last commit.
 type Checker struct {
-	// Patch file (unified) to read to detect lines being changed, if nil revgrep
-	// will attempt to detect the VCS and generate an appropriate patch. Auto
-	// detection will search for uncommitted changes first, if none found, will
-	// generate a patch from last committed change. File paths within patches
-	// must be relative to current working directory.
+	// Patch file (unified) to read to detect lines being changed,
+	// if nil revgrep will attempt to detect the VCS and generate an appropriate patch.
+	// Auto-detection will search for uncommitted changes first,
+	// if none found, will generate a patch from last committed change.
+	// File paths within patches must be relative to current working directory.
 	Patch io.Reader
-	// NewFiles is a list of file names (with absolute paths) where the entire
-	// contents of the file is new.
+	// NewFiles is a list of file names (with absolute paths) where the entire contents of the file is new.
 	NewFiles []string
 	// Debug sets the debug writer for additional output.
 	Debug io.Writer
-	// RevisionFrom check revision starting at, leave blank for auto detection
-	// ignored if patch is set.
+	// RevisionFrom check revision starting at, leave blank for auto-detection ignored if patch is set.
 	RevisionFrom string
-	// WholeFiles indicates that the user wishes to see all issues that comes up
-	// anywhere in any file that has been changed in this revision or patch.
+	// WholeFiles indicates that the user wishes to see all issues that comes up anywhere in any file that has been changed in this revision or patch.
 	WholeFiles bool
-	// RevisionTo checks revision finishing at, leave blank for auto detection
-	// ignored if patch is set.
+	// RevisionTo checks revision finishing at, leave blank for auto-detection ignored if patch is set.
 	RevisionTo string
 	// Regexp to match path, line number, optional column number, and message.
 	Regexp string
-	// AbsPath is used to make an absolute path of an issue's filename to be
-	// relative in order to match patch file. If not set, current working
-	// directory is used.
+	// AbsPath is used to make an absolute path of an issue's filename to be relative in order to match patch file.
+	// If not set, current working directory is used.
 	AbsPath string
 
 	// Calculated changes for next calls to IsNewIssue
@@ -56,9 +52,7 @@ type Issue struct {
 	LineNo int
 	// ColNo is the column number or 0 if none could be parsed.
 	ColNo int
-	// HunkPos is position from file's first @@, for new files this will be the
-	// line number.
-	//
+	// HunkPos is position from file's first @@, for new files this will be the line number.
 	// See also: https://developer.github.com/v3/pulls/comments/#create-a-comment
 	HunkPos int
 	// Issue text as it appeared from the tool.
@@ -135,16 +129,14 @@ func (c *Checker) IsNewIssue(i InputIssue) (hunkPos int, isNew bool) {
 	return 0, false
 }
 
-// Check scans reader and writes any lines to writer that have been added in
-// Checker.Patch.
+// Check scans reader and writes any lines to writer that have been added in Checker.Patch.
 //
 // Returns the issues written to writer when no error occurs.
 //
-// If no VCS could be found or other VCS errors occur, all issues are written
-// to writer and an error is returned.
+// If no VCS could be found or other VCS errors occur,
+// all issues are written to writer and an error is returned.
 //
-// File paths in reader must be relative to current working directory or
-// absolute.
+// File paths in reader must be relative to current working directory or absolute.
 func (c *Checker) Check(reader io.Reader, writer io.Writer) (issues []Issue, err error) {
 	returnErr := c.Prepare()
 	writeAll := returnErr != nil
@@ -265,8 +257,7 @@ func (c *Checker) preparePatch() error {
 }
 
 // linesChanges returns a map of file names to line numbers being changed.
-// If key is nil, the file has been recently added, else it contains a slice
-// of positions that have been added.
+// If key is nil, the file has been recently added, else it contains a slice of positions that have been added.
 func (c *Checker) linesChanged() map[string][]pos {
 	type state struct {
 		file    string
@@ -343,17 +334,12 @@ func (c *Checker) linesChanged() map[string][]pos {
 	return changes
 }
 
-// GitPatch returns a patch from a git repository, if no git repository was
-// was found and no errors occurred, nil is returned, else an error is returned
-// revisionFrom and revisionTo defines the git diff parameters, if left blank
-// and there are unstaged changes or untracked files, only those will be returned
-// else only check changes since HEAD~. If revisionFrom is set but revisionTo
-// is not, untracked files will be included, to exclude untracked files set
-// revisionTo to HEAD~. It's incorrect to specify revisionTo without a
-// revisionFrom.
+// GitPatch returns a patch from a git repository,
+// if no git repository was found and no errors occurred, nil is returned, else an error is returned revisionFrom and revisionTo defines the git diff parameters,
+// if left blank and there are unstaged changes or untracked files, only those will be returned else only check changes since HEAD~.
+// If revisionFrom is set but revisionTo is not, untracked files will be included, to exclude untracked files set revisionTo to HEAD~.
+// It's incorrect to specify revisionTo without a revisionFrom.
 func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
-	var patch bytes.Buffer
-
 	// check if git repo exists
 	if err := exec.Command("git", "status", "--porcelain").Run(); err != nil {
 		// don't return an error, we assume the error is not repo exists
@@ -377,8 +363,9 @@ func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
 		newFiles = append(newFiles, string(file))
 	}
 
+	var patch bytes.Buffer
 	if revisionFrom != "" {
-		cmd := exec.Command("git", "diff", "--color=never", "--relative", revisionFrom)
+		cmd := gitDiff(revisionFrom)
 		if revisionTo != "" {
 			cmd.Args = append(cmd.Args, revisionTo)
 		}
@@ -392,12 +379,12 @@ func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
 		if revisionTo == "" {
 			return &patch, newFiles, nil
 		}
+
 		return &patch, nil, nil
 	}
 
 	// make a patch for unstaged changes
-	// use --no-prefix to remove b/ given: +++ b/main.go
-	cmd := exec.Command("git", "diff", "--color=never", "--relative", "--")
+	cmd := gitDiff("--")
 	cmd.Stdout = &patch
 	if err := cmd.Run(); err != nil {
 		return nil, nil, fmt.Errorf("error executing git diff: %w", err)
@@ -412,7 +399,7 @@ func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
 
 	// check for changes in recent commit
 
-	cmd = exec.Command("git", "diff", "--color=never", "--relative", "HEAD~", "--")
+	cmd = gitDiff("HEAD~", "--")
 	cmd.Stdout = &patch
 	if err := cmd.Run(); err != nil {
 		return nil, nil, fmt.Errorf("error executing git diff HEAD~: %w", err)
@@ -420,3 +407,55 @@ func GitPatch(revisionFrom, revisionTo string) (io.Reader, []string, error) {
 
 	return &patch, nil, nil
 }
+
+func gitDiff(extraArgs ...string) *exec.Cmd {
+	cmd := exec.Command("git", "diff", "--color=never", "--no-ext-diff")
+
+	if isSupportedByGit(2, 41, 0) {
+		cmd.Args = append(cmd.Args, "--default-prefix")
+	}
+
+	cmd.Args = append(cmd.Args, "--relative")
+	cmd.Args = append(cmd.Args, extraArgs...)
+
+	return cmd
+}
+
+func isSupportedByGit(major, minor, patch int) bool {
+	output, err := exec.Command("git", "version").CombinedOutput()
+	if err != nil {
+		return false
+	}
+
+	parts := bytes.Split(bytes.TrimSpace(output), []byte(" "))
+	if len(parts) < 3 {
+		return false
+	}
+
+	v := string(parts[2])
+	if v == "" {
+		return false
+	}
+
+	vp := regexp.MustCompile(`^(\d+)\.(\d+)(?:\.(\d+))?.*$`).FindStringSubmatch(v)
+	if len(vp) < 4 {
+		return false
+	}
+
+	currentMajor, err := strconv.Atoi(vp[1])
+	if err != nil {
+		return false
+	}
+
+	currentMinor, err := strconv.Atoi(vp[2])
+	if err != nil {
+		return false
+	}
+
+	currentPatch, err := strconv.Atoi(vp[3])
+	if err != nil {
+		return false
+	}
+
+	return currentMajor*1_000_000_000+currentMinor*1_000_000+currentPatch*1_000 >= major*1_000_000_000+minor*1_000_000+patch*1_000
+}
diff --git a/vendor/github.com/google/go-cmp/cmp/compare.go b/vendor/github.com/google/go-cmp/cmp/compare.go
index 087320da7..0f5b8a48c 100644
--- a/vendor/github.com/google/go-cmp/cmp/compare.go
+++ b/vendor/github.com/google/go-cmp/cmp/compare.go
@@ -5,7 +5,7 @@
 // Package cmp determines equality of values.
 //
 // This package is intended to be a more powerful and safer alternative to
-// reflect.DeepEqual for comparing whether two values are semantically equal.
+// [reflect.DeepEqual] for comparing whether two values are semantically equal.
 // It is intended to only be used in tests, as performance is not a goal and
 // it may panic if it cannot compare the values. Its propensity towards
 // panicking means that its unsuitable for production environments where a
@@ -18,16 +18,17 @@
 //     For example, an equality function may report floats as equal so long as
 //     they are within some tolerance of each other.
 //
-//   - Types with an Equal method may use that method to determine equality.
-//     This allows package authors to determine the equality operation
-//     for the types that they define.
+//   - Types with an Equal method (e.g., [time.Time.Equal]) may use that method
+//     to determine equality. This allows package authors to determine
+//     the equality operation for the types that they define.
 //
 //   - If no custom equality functions are used and no Equal method is defined,
 //     equality is determined by recursively comparing the primitive kinds on
-//     both values, much like reflect.DeepEqual. Unlike reflect.DeepEqual,
+//     both values, much like [reflect.DeepEqual]. Unlike [reflect.DeepEqual],
 //     unexported fields are not compared by default; they result in panics
-//     unless suppressed by using an Ignore option (see cmpopts.IgnoreUnexported)
-//     or explicitly compared using the Exporter option.
+//     unless suppressed by using an [Ignore] option
+//     (see [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported])
+//     or explicitly compared using the [Exporter] option.
 package cmp
 
 import (
@@ -45,14 +46,14 @@ import (
 // Equal reports whether x and y are equal by recursively applying the
 // following rules in the given order to x and y and all of their sub-values:
 //
-//   - Let S be the set of all Ignore, Transformer, and Comparer options that
+//   - Let S be the set of all [Ignore], [Transformer], and [Comparer] options that
 //     remain after applying all path filters, value filters, and type filters.
-//     If at least one Ignore exists in S, then the comparison is ignored.
-//     If the number of Transformer and Comparer options in S is non-zero,
+//     If at least one [Ignore] exists in S, then the comparison is ignored.
+//     If the number of [Transformer] and [Comparer] options in S is non-zero,
 //     then Equal panics because it is ambiguous which option to use.
-//     If S contains a single Transformer, then use that to transform
+//     If S contains a single [Transformer], then use that to transform
 //     the current values and recursively call Equal on the output values.
-//     If S contains a single Comparer, then use that to compare the current values.
+//     If S contains a single [Comparer], then use that to compare the current values.
 //     Otherwise, evaluation proceeds to the next rule.
 //
 //   - If the values have an Equal method of the form "(T) Equal(T) bool" or
@@ -66,21 +67,22 @@ import (
 //     Functions are only equal if they are both nil, otherwise they are unequal.
 //
 // Structs are equal if recursively calling Equal on all fields report equal.
-// If a struct contains unexported fields, Equal panics unless an Ignore option
-// (e.g., cmpopts.IgnoreUnexported) ignores that field or the Exporter option
-// explicitly permits comparing the unexported field.
+// If a struct contains unexported fields, Equal panics unless an [Ignore] option
+// (e.g., [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]) ignores that field
+// or the [Exporter] option explicitly permits comparing the unexported field.
 //
 // Slices are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored slice or array elements report equal.
 // Empty non-nil slices and nil slices are not equal; to equate empty slices,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Maps are equal if they are both nil or both non-nil, where recursively
 // calling Equal on all non-ignored map entries report equal.
 // Map keys are equal according to the == operator.
-// To use custom comparisons for map keys, consider using cmpopts.SortMaps.
+// To use custom comparisons for map keys, consider using
+// [github.com/google/go-cmp/cmp/cmpopts.SortMaps].
 // Empty non-nil maps and nil maps are not equal; to equate empty maps,
-// consider using cmpopts.EquateEmpty.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.EquateEmpty].
 //
 // Pointers and interfaces are equal if they are both nil or both non-nil,
 // where they have the same underlying concrete type and recursively
diff --git a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go b/vendor/github.com/google/go-cmp/cmp/export.go
similarity index 94%
rename from vendor/github.com/google/go-cmp/cmp/export_unsafe.go
rename to vendor/github.com/google/go-cmp/cmp/export.go
index e2c0f74e8..29f82fe6b 100644
--- a/vendor/github.com/google/go-cmp/cmp/export_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/export.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package cmp
 
 import (
@@ -12,8 +9,6 @@ import (
 	"unsafe"
 )
 
-const supportExporters = true
-
 // retrieveUnexportedField uses unsafe to forcibly retrieve any field from
 // a struct such that the value has read-write permissions.
 //
diff --git a/vendor/github.com/google/go-cmp/cmp/export_panic.go b/vendor/github.com/google/go-cmp/cmp/export_panic.go
deleted file mode 100644
index ae851fe53..000000000
--- a/vendor/github.com/google/go-cmp/cmp/export_panic.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package cmp
-
-import "reflect"
-
-const supportExporters = false
-
-func retrieveUnexportedField(reflect.Value, reflect.StructField, bool) reflect.Value {
-	panic("no support for forcibly accessing unexported fields")
-}
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
similarity index 95%
rename from vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
rename to vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
index 16e6860af..e5dfff69a 100644
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go
@@ -2,9 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build !purego
-// +build !purego
-
 package value
 
 import (
diff --git a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go b/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
deleted file mode 100644
index 1a71bfcbd..000000000
--- a/vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2018, The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build purego
-// +build purego
-
-package value
-
-import "reflect"
-
-// Pointer is an opaque typed pointer and is guaranteed to be comparable.
-type Pointer struct {
-	p uintptr
-	t reflect.Type
-}
-
-// PointerOf returns a Pointer from v, which must be a
-// reflect.Ptr, reflect.Slice, or reflect.Map.
-func PointerOf(v reflect.Value) Pointer {
-	// NOTE: Storing a pointer as an uintptr is technically incorrect as it
-	// assumes that the GC implementation does not use a moving collector.
-	return Pointer{v.Pointer(), v.Type()}
-}
-
-// IsNil reports whether the pointer is nil.
-func (p Pointer) IsNil() bool {
-	return p.p == 0
-}
-
-// Uintptr returns the pointer as a uintptr.
-func (p Pointer) Uintptr() uintptr {
-	return p.p
-}
diff --git a/vendor/github.com/google/go-cmp/cmp/options.go b/vendor/github.com/google/go-cmp/cmp/options.go
index 1f9ca9c48..754496f3b 100644
--- a/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/vendor/github.com/google/go-cmp/cmp/options.go
@@ -13,15 +13,15 @@ import (
 	"github.com/google/go-cmp/cmp/internal/function"
 )
 
-// Option configures for specific behavior of Equal and Diff. In particular,
-// the fundamental Option functions (Ignore, Transformer, and Comparer),
+// Option configures for specific behavior of [Equal] and [Diff]. In particular,
+// the fundamental Option functions ([Ignore], [Transformer], and [Comparer]),
 // configure how equality is determined.
 //
-// The fundamental options may be composed with filters (FilterPath and
-// FilterValues) to control the scope over which they are applied.
+// The fundamental options may be composed with filters ([FilterPath] and
+// [FilterValues]) to control the scope over which they are applied.
 //
-// The cmp/cmpopts package provides helper functions for creating options that
-// may be used with Equal and Diff.
+// The [github.com/google/go-cmp/cmp/cmpopts] package provides helper functions
+// for creating options that may be used with [Equal] and [Diff].
 type Option interface {
 	// filter applies all filters and returns the option that remains.
 	// Each option may only read s.curPath and call s.callTTBFunc.
@@ -56,9 +56,9 @@ type core struct{}
 
 func (core) isCore() {}
 
-// Options is a list of Option values that also satisfies the Option interface.
+// Options is a list of [Option] values that also satisfies the [Option] interface.
 // Helper comparison packages may return an Options value when packing multiple
-// Option values into a single Option. When this package processes an Options,
+// [Option] values into a single [Option]. When this package processes an Options,
 // it will be implicitly expanded into a flat list.
 //
 // Applying a filter on an Options is equivalent to applying that same filter
@@ -105,16 +105,16 @@ func (opts Options) String() string {
 	return fmt.Sprintf("Options{%s}", strings.Join(ss, ", "))
 }
 
-// FilterPath returns a new Option where opt is only evaluated if filter f
-// returns true for the current Path in the value tree.
+// FilterPath returns a new [Option] where opt is only evaluated if filter f
+// returns true for the current [Path] in the value tree.
 //
 // This filter is called even if a slice element or map entry is missing and
 // provides an opportunity to ignore such cases. The filter function must be
 // symmetric such that the filter result is identical regardless of whether the
 // missing value is from x or y.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterPath(f func(Path) bool, opt Option) Option {
 	if f == nil {
 		panic("invalid path filter function")
@@ -142,7 +142,7 @@ func (f pathFilter) String() string {
 	return fmt.Sprintf("FilterPath(%s, %v)", function.NameOf(reflect.ValueOf(f.fnc)), f.opt)
 }
 
-// FilterValues returns a new Option where opt is only evaluated if filter f,
+// FilterValues returns a new [Option] where opt is only evaluated if filter f,
 // which is a function of the form "func(T, T) bool", returns true for the
 // current pair of values being compared. If either value is invalid or
 // the type of the values is not assignable to T, then this filter implicitly
@@ -154,8 +154,8 @@ func (f pathFilter) String() string {
 // If T is an interface, it is possible that f is called with two values with
 // different concrete types that both implement T.
 //
-// The option passed in may be an Ignore, Transformer, Comparer, Options, or
-// a previously filtered Option.
+// The option passed in may be an [Ignore], [Transformer], [Comparer], [Options], or
+// a previously filtered [Option].
 func FilterValues(f interface{}, opt Option) Option {
 	v := reflect.ValueOf(f)
 	if !function.IsType(v.Type(), function.ValueFilter) || v.IsNil() {
@@ -192,9 +192,9 @@ func (f valuesFilter) String() string {
 	return fmt.Sprintf("FilterValues(%s, %v)", function.NameOf(f.fnc), f.opt)
 }
 
-// Ignore is an Option that causes all comparisons to be ignored.
-// This value is intended to be combined with FilterPath or FilterValues.
-// It is an error to pass an unfiltered Ignore option to Equal.
+// Ignore is an [Option] that causes all comparisons to be ignored.
+// This value is intended to be combined with [FilterPath] or [FilterValues].
+// It is an error to pass an unfiltered Ignore option to [Equal].
 func Ignore() Option { return ignore{} }
 
 type ignore struct{ core }
@@ -234,6 +234,8 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
 			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
 			if _, ok := reflect.New(t).Interface().(error); ok {
 				help = "consider using cmpopts.EquateErrors to compare error values"
+			} else if t.Comparable() {
+				help = "consider using cmpopts.EquateComparable to compare comparable Go types"
 			}
 		} else {
 			// Unnamed type with unexported fields. Derive PkgPath from field.
@@ -254,7 +256,7 @@ const identRx = `[_\p{L}][_\p{L}\p{N}]*`
 
 var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 
-// Transformer returns an Option that applies a transformation function that
+// Transformer returns an [Option] that applies a transformation function that
 // converts values of a certain type into that of another.
 //
 // The transformer f must be a function "func(T) R" that converts values of
@@ -265,13 +267,14 @@ var identsRx = regexp.MustCompile(`^` + identRx + `(\.` + identRx + `)*$`)
 // same transform to the output of itself (e.g., in the case where the
 // input and output types are the same), an implicit filter is added such that
 // a transformer is applicable only if that exact transformer is not already
-// in the tail of the Path since the last non-Transform step.
+// in the tail of the [Path] since the last non-[Transform] step.
 // For situations where the implicit filter is still insufficient,
-// consider using cmpopts.AcyclicTransformer, which adds a filter
-// to prevent the transformer from being recursively applied upon itself.
+// consider using [github.com/google/go-cmp/cmp/cmpopts.AcyclicTransformer],
+// which adds a filter to prevent the transformer from
+// being recursively applied upon itself.
 //
-// The name is a user provided label that is used as the Transform.Name in the
-// transformation PathStep (and eventually shown in the Diff output).
+// The name is a user provided label that is used as the [Transform.Name] in the
+// transformation [PathStep] (and eventually shown in the [Diff] output).
 // The name must be a valid identifier or qualified identifier in Go syntax.
 // If empty, an arbitrary name is used.
 func Transformer(name string, f interface{}) Option {
@@ -329,7 +332,7 @@ func (tr transformer) String() string {
 	return fmt.Sprintf("Transformer(%s, %s)", tr.name, function.NameOf(tr.fnc))
 }
 
-// Comparer returns an Option that determines whether two values are equal
+// Comparer returns an [Option] that determines whether two values are equal
 // to each other.
 //
 // The comparer f must be a function "func(T, T) bool" and is implicitly
@@ -377,35 +380,32 @@ func (cm comparer) String() string {
 	return fmt.Sprintf("Comparer(%s)", function.NameOf(cm.fnc))
 }
 
-// Exporter returns an Option that specifies whether Equal is allowed to
+// Exporter returns an [Option] that specifies whether [Equal] is allowed to
 // introspect into the unexported fields of certain struct types.
 //
 // Users of this option must understand that comparing on unexported fields
 // from external packages is not safe since changes in the internal
-// implementation of some external package may cause the result of Equal
+// implementation of some external package may cause the result of [Equal]
 // to unexpectedly change. However, it may be valid to use this option on types
 // defined in an internal package where the semantic meaning of an unexported
 // field is in the control of the user.
 //
-// In many cases, a custom Comparer should be used instead that defines
+// In many cases, a custom [Comparer] should be used instead that defines
 // equality as a function of the public API of a type rather than the underlying
 // unexported implementation.
 //
-// For example, the reflect.Type documentation defines equality to be determined
+// For example, the [reflect.Type] documentation defines equality to be determined
 // by the == operator on the interface (essentially performing a shallow pointer
-// comparison) and most attempts to compare *regexp.Regexp types are interested
+// comparison) and most attempts to compare *[regexp.Regexp] types are interested
 // in only checking that the regular expression strings are equal.
-// Both of these are accomplished using Comparers:
+// Both of these are accomplished using [Comparer] options:
 //
 //	Comparer(func(x, y reflect.Type) bool { return x == y })
 //	Comparer(func(x, y *regexp.Regexp) bool { return x.String() == y.String() })
 //
-// In other cases, the cmpopts.IgnoreUnexported option can be used to ignore
-// all unexported fields on specified struct types.
+// In other cases, the [github.com/google/go-cmp/cmp/cmpopts.IgnoreUnexported]
+// option can be used to ignore all unexported fields on specified struct types.
 func Exporter(f func(reflect.Type) bool) Option {
-	if !supportExporters {
-		panic("Exporter is not supported on purego builds")
-	}
 	return exporter(f)
 }
 
@@ -415,10 +415,10 @@ func (exporter) filter(_ *state, _ reflect.Type, _, _ reflect.Value) applicableO
 	panic("not implemented")
 }
 
-// AllowUnexported returns an Options that allows Equal to forcibly introspect
+// AllowUnexported returns an [Option] that allows [Equal] to forcibly introspect
 // unexported fields of the specified struct types.
 //
-// See Exporter for the proper use of this option.
+// See [Exporter] for the proper use of this option.
 func AllowUnexported(types ...interface{}) Option {
 	m := make(map[reflect.Type]bool)
 	for _, typ := range types {
@@ -432,7 +432,7 @@ func AllowUnexported(types ...interface{}) Option {
 }
 
 // Result represents the comparison result for a single node and
-// is provided by cmp when calling Report (see Reporter).
+// is provided by cmp when calling Report (see [Reporter]).
 type Result struct {
 	_     [0]func() // Make Result incomparable
 	flags resultFlags
@@ -445,7 +445,7 @@ func (r Result) Equal() bool {
 }
 
 // ByIgnore reports whether the node is equal because it was ignored.
-// This never reports true if Equal reports false.
+// This never reports true if [Result.Equal] reports false.
 func (r Result) ByIgnore() bool {
 	return r.flags&reportByIgnore != 0
 }
@@ -455,7 +455,7 @@ func (r Result) ByMethod() bool {
 	return r.flags&reportByMethod != 0
 }
 
-// ByFunc reports whether a Comparer function determined equality.
+// ByFunc reports whether a [Comparer] function determined equality.
 func (r Result) ByFunc() bool {
 	return r.flags&reportByFunc != 0
 }
@@ -478,7 +478,7 @@ const (
 	reportByCycle
 )
 
-// Reporter is an Option that can be passed to Equal. When Equal traverses
+// Reporter is an [Option] that can be passed to [Equal]. When [Equal] traverses
 // the value trees, it calls PushStep as it descends into each node in the
 // tree and PopStep as it ascend out of the node. The leaves of the tree are
 // either compared (determined to be equal or not equal) or ignored and reported
diff --git a/vendor/github.com/google/go-cmp/cmp/path.go b/vendor/github.com/google/go-cmp/cmp/path.go
index a0a588502..c3c145642 100644
--- a/vendor/github.com/google/go-cmp/cmp/path.go
+++ b/vendor/github.com/google/go-cmp/cmp/path.go
@@ -14,9 +14,9 @@ import (
 	"github.com/google/go-cmp/cmp/internal/value"
 )
 
-// Path is a list of PathSteps describing the sequence of operations to get
+// Path is a list of [PathStep] describing the sequence of operations to get
 // from some root type to the current position in the value tree.
-// The first Path element is always an operation-less PathStep that exists
+// The first Path element is always an operation-less [PathStep] that exists
 // simply to identify the initial type.
 //
 // When traversing structs with embedded structs, the embedded struct will
@@ -29,8 +29,13 @@ type Path []PathStep
 // a value's tree structure. Users of this package never need to implement
 // these types as values of this type will be returned by this package.
 //
-// Implementations of this interface are
-// StructField, SliceIndex, MapIndex, Indirect, TypeAssertion, and Transform.
+// Implementations of this interface:
+//   - [StructField]
+//   - [SliceIndex]
+//   - [MapIndex]
+//   - [Indirect]
+//   - [TypeAssertion]
+//   - [Transform]
 type PathStep interface {
 	String() string
 
@@ -70,8 +75,9 @@ func (pa *Path) pop() {
 	*pa = (*pa)[:len(*pa)-1]
 }
 
-// Last returns the last PathStep in the Path.
-// If the path is empty, this returns a non-nil PathStep that reports a nil Type.
+// Last returns the last [PathStep] in the Path.
+// If the path is empty, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Last() PathStep {
 	return pa.Index(-1)
 }
@@ -79,7 +85,8 @@ func (pa Path) Last() PathStep {
 // Index returns the ith step in the Path and supports negative indexing.
 // A negative index starts counting from the tail of the Path such that -1
 // refers to the last step, -2 refers to the second-to-last step, and so on.
-// If index is invalid, this returns a non-nil PathStep that reports a nil Type.
+// If index is invalid, this returns a non-nil [PathStep]
+// that reports a nil [PathStep.Type].
 func (pa Path) Index(i int) PathStep {
 	if i < 0 {
 		i = len(pa) + i
@@ -168,7 +175,8 @@ func (ps pathStep) String() string {
 	return fmt.Sprintf("{%s}", s)
 }
 
-// StructField represents a struct field access on a field called Name.
+// StructField is a [PathStep] that represents a struct field access
+// on a field called [StructField.Name].
 type StructField struct{ *structField }
 type structField struct {
 	pathStep
@@ -204,10 +212,11 @@ func (sf StructField) String() string { return fmt.Sprintf(".%s", sf.name) }
 func (sf StructField) Name() string { return sf.name }
 
 // Index is the index of the field in the parent struct type.
-// See reflect.Type.Field.
+// See [reflect.Type.Field].
 func (sf StructField) Index() int { return sf.idx }
 
-// SliceIndex is an index operation on a slice or array at some index Key.
+// SliceIndex is a [PathStep] that represents an index operation on
+// a slice or array at some index [SliceIndex.Key].
 type SliceIndex struct{ *sliceIndex }
 type sliceIndex struct {
 	pathStep
@@ -247,12 +256,12 @@ func (si SliceIndex) Key() int {
 // all of the indexes to be shifted. If an index is -1, then that
 // indicates that the element does not exist in the associated slice.
 //
-// Key is guaranteed to return -1 if and only if the indexes returned
-// by SplitKeys are not the same. SplitKeys will never return -1 for
+// [SliceIndex.Key] is guaranteed to return -1 if and only if the indexes
+// returned by SplitKeys are not the same. SplitKeys will never return -1 for
 // both indexes.
 func (si SliceIndex) SplitKeys() (ix, iy int) { return si.xkey, si.ykey }
 
-// MapIndex is an index operation on a map at some index Key.
+// MapIndex is a [PathStep] that represents an index operation on a map at some index Key.
 type MapIndex struct{ *mapIndex }
 type mapIndex struct {
 	pathStep
@@ -266,7 +275,7 @@ func (mi MapIndex) String() string                 { return fmt.Sprintf("[%#v]",
 // Key is the value of the map key.
 func (mi MapIndex) Key() reflect.Value { return mi.key }
 
-// Indirect represents pointer indirection on the parent type.
+// Indirect is a [PathStep] that represents pointer indirection on the parent type.
 type Indirect struct{ *indirect }
 type indirect struct {
 	pathStep
@@ -276,7 +285,7 @@ func (in Indirect) Type() reflect.Type             { return in.typ }
 func (in Indirect) Values() (vx, vy reflect.Value) { return in.vx, in.vy }
 func (in Indirect) String() string                 { return "*" }
 
-// TypeAssertion represents a type assertion on an interface.
+// TypeAssertion is a [PathStep] that represents a type assertion on an interface.
 type TypeAssertion struct{ *typeAssertion }
 type typeAssertion struct {
 	pathStep
@@ -286,7 +295,8 @@ func (ta TypeAssertion) Type() reflect.Type             { return ta.typ }
 func (ta TypeAssertion) Values() (vx, vy reflect.Value) { return ta.vx, ta.vy }
 func (ta TypeAssertion) String() string                 { return fmt.Sprintf(".(%v)", value.TypeString(ta.typ, false)) }
 
-// Transform is a transformation from the parent type to the current type.
+// Transform is a [PathStep] that represents a transformation
+// from the parent type to the current type.
 type Transform struct{ *transform }
 type transform struct {
 	pathStep
@@ -297,13 +307,13 @@ func (tf Transform) Type() reflect.Type             { return tf.typ }
 func (tf Transform) Values() (vx, vy reflect.Value) { return tf.vx, tf.vy }
 func (tf Transform) String() string                 { return fmt.Sprintf("%s()", tf.trans.name) }
 
-// Name is the name of the Transformer.
+// Name is the name of the [Transformer].
 func (tf Transform) Name() string { return tf.trans.name }
 
 // Func is the function pointer to the transformer function.
 func (tf Transform) Func() reflect.Value { return tf.trans.fnc }
 
-// Option returns the originally constructed Transformer option.
+// Option returns the originally constructed [Transformer] option.
 // The == operator can be used to detect the exact option used.
 func (tf Transform) Option() Option { return tf.trans }
 
diff --git a/vendor/github.com/google/go-cmp/cmp/report_reflect.go b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
index 2ab41fad3..e39f42284 100644
--- a/vendor/github.com/google/go-cmp/cmp/report_reflect.go
+++ b/vendor/github.com/google/go-cmp/cmp/report_reflect.go
@@ -199,7 +199,7 @@ func (opts formatOptions) FormatValue(v reflect.Value, parentKind reflect.Kind,
 				break
 			}
 			sf := t.Field(i)
-			if supportExporters && !isExported(sf.Name) {
+			if !isExported(sf.Name) {
 				vv = retrieveUnexportedField(v, sf, true)
 			}
 			s := opts.WithTypeMode(autoType).FormatValue(vv, t.Kind(), ptrs)
diff --git a/vendor/github.com/google/uuid/.travis.yml b/vendor/github.com/google/uuid/.travis.yml
deleted file mode 100644
index d8156a60b..000000000
--- a/vendor/github.com/google/uuid/.travis.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-language: go
-
-go:
-  - 1.4.3
-  - 1.5.3
-  - tip
-
-script:
-  - go test -v ./...
diff --git a/vendor/github.com/google/uuid/CHANGELOG.md b/vendor/github.com/google/uuid/CHANGELOG.md
new file mode 100644
index 000000000..7ed347d3a
--- /dev/null
+++ b/vendor/github.com/google/uuid/CHANGELOG.md
@@ -0,0 +1,21 @@
+# Changelog
+
+## [1.4.0](https://github.com/google/uuid/compare/v1.3.1...v1.4.0) (2023-10-26)
+
+
+### Features
+
+* UUIDs slice type with Strings() convenience method ([#133](https://github.com/google/uuid/issues/133)) ([cd5fbbd](https://github.com/google/uuid/commit/cd5fbbdd02f3e3467ac18940e07e062be1f864b4))
+
+### Fixes
+
+* Clarify that Parse's job is to parse but not necessarily validate strings. (Documents current behavior)
+
+## [1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) (2023-08-18)
+
+
+### Bug Fixes
+
+* Use .EqualFold() to parse urn prefixed UUIDs ([#118](https://github.com/google/uuid/issues/118)) ([574e687](https://github.com/google/uuid/commit/574e6874943741fb99d41764c705173ada5293f0))
+
+## Changelog
diff --git a/vendor/github.com/google/uuid/CONTRIBUTING.md b/vendor/github.com/google/uuid/CONTRIBUTING.md
index 04fdf09f1..a502fdc51 100644
--- a/vendor/github.com/google/uuid/CONTRIBUTING.md
+++ b/vendor/github.com/google/uuid/CONTRIBUTING.md
@@ -2,6 +2,22 @@
 
 We definitely welcome patches and contribution to this project!
 
+### Tips
+
+Commits must be formatted according to the [Conventional Commits Specification](https://www.conventionalcommits.org).
+
+Always try to include a test case! If it is not possible or not necessary,
+please explain why in the pull request description.
+
+### Releasing
+
+Commits that would precipitate a SemVer change, as described in the Conventional
+Commits Specification, will trigger [`release-please`](https://github.com/google-github-actions/release-please-action)
+to create a release candidate pull request. Once submitted, `release-please`
+will create a release.
+
+For tips on how to work with `release-please`, see its documentation.
+
 ### Legal requirements
 
 In order to protect both you and ourselves, you will need to sign the
diff --git a/vendor/github.com/google/uuid/README.md b/vendor/github.com/google/uuid/README.md
index f765a46f9..3e9a61889 100644
--- a/vendor/github.com/google/uuid/README.md
+++ b/vendor/github.com/google/uuid/README.md
@@ -1,6 +1,6 @@
-# uuid ![build status](https://travis-ci.org/google/uuid.svg?branch=master)
+# uuid
 The uuid package generates and inspects UUIDs based on
-[RFC 4122](http://tools.ietf.org/html/rfc4122)
+[RFC 4122](https://datatracker.ietf.org/doc/html/rfc4122)
 and DCE 1.1: Authentication and Security Services. 
 
 This package is based on the github.com/pborman/uuid package (previously named
@@ -9,10 +9,12 @@ a UUID is a 16 byte array rather than a byte slice.  One loss due to this
 change is the ability to represent an invalid UUID (vs a NIL UUID).
 
 ###### Install
-`go get github.com/google/uuid`
+```sh
+go get github.com/google/uuid
+```
 
 ###### Documentation 
-[![GoDoc](https://godoc.org/github.com/google/uuid?status.svg)](http://godoc.org/github.com/google/uuid)
+[![Go Reference](https://pkg.go.dev/badge/github.com/google/uuid.svg)](https://pkg.go.dev/github.com/google/uuid)
 
 Full `go doc` style documentation for the package can be viewed online without
 installing this package by using the GoDoc site here: 
diff --git a/vendor/github.com/google/uuid/node_js.go b/vendor/github.com/google/uuid/node_js.go
index 24b78edc9..b2a0bc871 100644
--- a/vendor/github.com/google/uuid/node_js.go
+++ b/vendor/github.com/google/uuid/node_js.go
@@ -7,6 +7,6 @@
 package uuid
 
 // getHardwareInterface returns nil values for the JS version of the code.
-// This remvoves the "net" dependency, because it is not used in the browser.
+// This removes the "net" dependency, because it is not used in the browser.
 // Using the "net" library inflates the size of the transpiled JS code by 673k bytes.
 func getHardwareInterface(name string) (string, []byte) { return "", nil }
diff --git a/vendor/github.com/google/uuid/uuid.go b/vendor/github.com/google/uuid/uuid.go
index a57207aeb..dc75f7d99 100644
--- a/vendor/github.com/google/uuid/uuid.go
+++ b/vendor/github.com/google/uuid/uuid.go
@@ -56,11 +56,15 @@ func IsInvalidLengthError(err error) bool {
 	return ok
 }
 
-// Parse decodes s into a UUID or returns an error.  Both the standard UUID
-// forms of xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
-// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are decoded as well as the
-// Microsoft encoding {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} and the raw hex
-// encoding: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
+// Parse decodes s into a UUID or returns an error if it cannot be parsed.  Both
+// the standard UUID forms defined in RFC 4122
+// (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx and
+// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) are decoded.  In addition,
+// Parse accepts non-standard strings such as the raw hex encoding
+// xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and 38 byte "Microsoft style" encodings,
+// e.g.  {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}.  Only the middle 36 bytes are
+// examined in the latter case.  Parse should not be used to validate strings as
+// it parses non-standard encodings as indicated above.
 func Parse(s string) (UUID, error) {
 	var uuid UUID
 	switch len(s) {
@@ -69,7 +73,7 @@ func Parse(s string) (UUID, error) {
 
 	// urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9:
-		if strings.ToLower(s[:9]) != "urn:uuid:" {
+		if !strings.EqualFold(s[:9], "urn:uuid:") {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", s[:9])
 		}
 		s = s[9:]
@@ -101,7 +105,8 @@ func Parse(s string) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(s[x], s[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -117,7 +122,7 @@ func ParseBytes(b []byte) (UUID, error) {
 	switch len(b) {
 	case 36: // xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
 	case 36 + 9: // urn:uuid:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-		if !bytes.Equal(bytes.ToLower(b[:9]), []byte("urn:uuid:")) {
+		if !bytes.EqualFold(b[:9], []byte("urn:uuid:")) {
 			return uuid, fmt.Errorf("invalid urn prefix: %q", b[:9])
 		}
 		b = b[9:]
@@ -145,7 +150,8 @@ func ParseBytes(b []byte) (UUID, error) {
 		9, 11,
 		14, 16,
 		19, 21,
-		24, 26, 28, 30, 32, 34} {
+		24, 26, 28, 30, 32, 34,
+	} {
 		v, ok := xtob(b[x], b[x+1])
 		if !ok {
 			return uuid, errors.New("invalid UUID format")
@@ -292,3 +298,15 @@ func DisableRandPool() {
 	poolMu.Lock()
 	poolPos = randPoolSize
 }
+
+// UUIDs is a slice of UUID types.
+type UUIDs []UUID
+
+// Strings returns a string slice containing the string form of each UUID in uuids.
+func (uuids UUIDs) Strings() []string {
+	var uuidStrs = make([]string, len(uuids))
+	for i, uuid := range uuids {
+		uuidStrs[i] = uuid.String()
+	}
+	return uuidStrs
+}
diff --git a/vendor/github.com/hashicorp/hcl/decoder.go b/vendor/github.com/hashicorp/hcl/decoder.go
index bed9ebbe1..d9a00f21d 100644
--- a/vendor/github.com/hashicorp/hcl/decoder.go
+++ b/vendor/github.com/hashicorp/hcl/decoder.go
@@ -505,7 +505,7 @@ func expandObject(node ast.Node, result reflect.Value) ast.Node {
 	// we need to un-flatten the ast enough to decode
 	newNode := &ast.ObjectItem{
 		Keys: []*ast.ObjectKey{
-			&ast.ObjectKey{
+			{
 				Token: keyToken,
 			},
 		},
@@ -628,6 +628,24 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 	decodedFields := make([]string, 0, len(fields))
 	decodedFieldsVal := make([]reflect.Value, 0)
 	unusedKeysVal := make([]reflect.Value, 0)
+
+	// fill unusedNodeKeys with keys from the AST
+	// a slice because we have to do equals case fold to match Filter
+	unusedNodeKeys := make(map[string][]token.Pos, 0)
+	for i, item := range list.Items {
+		for _, k := range item.Keys {
+			// isNestedJSON returns true for e.g. bar in
+			// { "foo": { "bar": {...} } }
+			// This isn't an unused node key, so we want to skip it
+			isNestedJSON := i > 0 && len(item.Keys) > 1
+			if !isNestedJSON && (k.Token.JSON || k.Token.Type == token.IDENT) {
+				fn := k.Token.Value().(string)
+				sl := unusedNodeKeys[fn]
+				unusedNodeKeys[fn] = append(sl, k.Token.Pos)
+			}
+		}
+	}
+
 	for _, f := range fields {
 		field, fieldValue := f.field, f.val
 		if !fieldValue.IsValid() {
@@ -661,7 +679,7 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 
 				fieldValue.SetString(item.Keys[0].Token.Value().(string))
 				continue
-			case "unusedKeys":
+			case "unusedKeyPositions":
 				unusedKeysVal = append(unusedKeysVal, fieldValue)
 				continue
 			}
@@ -682,8 +700,9 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 			continue
 		}
 
-		// Track the used key
+		// Track the used keys
 		usedKeys[fieldName] = struct{}{}
+		unusedNodeKeys = removeCaseFold(unusedNodeKeys, fieldName)
 
 		// Create the field name and decode. We range over the elements
 		// because we actually want the value.
@@ -716,6 +735,13 @@ func (d *decoder) decodeStruct(name string, node ast.Node, result reflect.Value)
 		}
 	}
 
+	if len(unusedNodeKeys) > 0 {
+		// like decodedFields, populated the unusedKeys field(s)
+		for _, v := range unusedKeysVal {
+			v.Set(reflect.ValueOf(unusedNodeKeys))
+		}
+	}
+
 	return nil
 }
 
@@ -727,3 +753,17 @@ func findNodeType() reflect.Type {
 	value := reflect.ValueOf(nodeContainer).FieldByName("Node")
 	return value.Type()
 }
+
+func removeCaseFold(xs map[string][]token.Pos, y string) map[string][]token.Pos {
+	var toDel []string
+
+	for i := range xs {
+		if strings.EqualFold(i, y) {
+			toDel = append(toDel, i)
+		}
+	}
+	for _, i := range toDel {
+		delete(xs, i)
+	}
+	return xs
+}
diff --git a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
index 6e5ef654b..f5b6b93b9 100644
--- a/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
+++ b/vendor/github.com/hashicorp/hcl/hcl/ast/ast.go
@@ -25,6 +25,8 @@ func (ObjectType) node()   {}
 func (LiteralType) node()  {}
 func (ListType) node()     {}
 
+var unknownPos token.Pos
+
 // File represents a single HCL file
 type File struct {
 	Node     Node            // usually a *ObjectList
@@ -108,7 +110,12 @@ func (o *ObjectList) Elem() *ObjectList {
 }
 
 func (o *ObjectList) Pos() token.Pos {
-	// always returns the uninitiliazed position
+	// If an Object has no members, it won't have a first item
+	// to use as position
+	if len(o.Items) == 0 {
+		return unknownPos
+	}
+	// Return the uninitialized position
 	return o.Items[0].Pos()
 }
 
@@ -133,10 +140,10 @@ type ObjectItem struct {
 }
 
 func (o *ObjectItem) Pos() token.Pos {
-	// I'm not entirely sure what causes this, but removing this causes
-	// a test failure. We should investigate at some point.
+	// If a parsed object has no keys, there is no position
+	// for its first element.
 	if len(o.Keys) == 0 {
-		return token.Pos{}
+		return unknownPos
 	}
 
 	return o.Keys[0].Pos()
diff --git a/vendor/github.com/huandu/xstrings/.travis.yml b/vendor/github.com/huandu/xstrings/.travis.yml
deleted file mode 100644
index d6460be41..000000000
--- a/vendor/github.com/huandu/xstrings/.travis.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-language: go
-install:
-  - go get golang.org/x/tools/cmd/cover
-  - go get github.com/mattn/goveralls
-script:
-  - go test -v -covermode=count -coverprofile=coverage.out
-  - 'if [ "$TRAVIS_PULL_REQUEST" = "false" ] && [ ! -z "$COVERALLS_TOKEN" ]; then $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci -repotoken $COVERALLS_TOKEN; fi'
diff --git a/vendor/github.com/huandu/xstrings/README.md b/vendor/github.com/huandu/xstrings/README.md
index 292bf2f39..750c3c7eb 100644
--- a/vendor/github.com/huandu/xstrings/README.md
+++ b/vendor/github.com/huandu/xstrings/README.md
@@ -1,7 +1,7 @@
-# xstrings #
+# xstrings
 
-[![Build Status](https://travis-ci.org/huandu/xstrings.svg?branch=master)](https://travis-ci.org/huandu/xstrings)
-[![GoDoc](https://godoc.org/github.com/huandu/xstrings?status.svg)](https://godoc.org/github.com/huandu/xstrings)
+[![Build Status](https://github.com/huandu/xstrings/workflows/Go/badge.svg)](https://github.com/huandu/xstrings/actions)
+[![Go Doc](https://godoc.org/github.com/huandu/xstrings?status.svg)](https://pkg.go.dev/github.com/huandu/xstrings)
 [![Go Report](https://goreportcard.com/badge/github.com/huandu/xstrings)](https://goreportcard.com/report/github.com/huandu/xstrings)
 [![Coverage Status](https://coveralls.io/repos/github/huandu/xstrings/badge.svg?branch=master)](https://coveralls.io/github/huandu/xstrings?branch=master)
 
@@ -9,109 +9,109 @@ Go package [xstrings](https://godoc.org/github.com/huandu/xstrings) is a collect
 
 All functions are well tested and carefully tuned for performance.
 
-## Propose a new function ##
+## Propose a new function
 
 Please review [contributing guideline](CONTRIBUTING.md) and [create new issue](https://github.com/huandu/xstrings/issues) to state why it should be included.
 
-## Install ##
+## Install
 
 Use `go get` to install this library.
 
     go get github.com/huandu/xstrings
 
-## API document ##
+## API document
 
 See [GoDoc](https://godoc.org/github.com/huandu/xstrings) for full document.
 
-## Function list ##
+## Function list
 
 Go functions have a unique naming style. One, who has experience in other language but new in Go, may have difficulties to find out right string function to use.
 
 Here is a list of functions in [strings](http://golang.org/pkg/strings) and [xstrings](https://godoc.org/github.com/huandu/xstrings) with enough extra information about how to map these functions to their friends in other languages. Hope this list could be helpful for fresh gophers.
 
-### Package `xstrings` functions ###
-
-*Keep this table sorted by Function in ascending order.*
-
-| Function | Friends | # |
-| -------- | ------- | --- |
-| [Center](https://godoc.org/github.com/huandu/xstrings#Center) | `str.center` in Python; `String#center` in Ruby | [#30](https://github.com/huandu/xstrings/issues/30) |
-| [Count](https://godoc.org/github.com/huandu/xstrings#Count) | `String#count` in Ruby | [#16](https://github.com/huandu/xstrings/issues/16) |
-| [Delete](https://godoc.org/github.com/huandu/xstrings#Delete) | `String#delete` in Ruby | [#17](https://github.com/huandu/xstrings/issues/17) |
-| [ExpandTabs](https://godoc.org/github.com/huandu/xstrings#ExpandTabs) | `str.expandtabs` in Python | [#27](https://github.com/huandu/xstrings/issues/27) |
-| [FirstRuneToLower](https://godoc.org/github.com/huandu/xstrings#FirstRuneToLower) | `lcfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) |
-| [FirstRuneToUpper](https://godoc.org/github.com/huandu/xstrings#FirstRuneToUpper) | `String#capitalize` in Ruby; `ucfirst` in PHP or Perl | [#15](https://github.com/huandu/xstrings/issues/15) |
-| [Insert](https://godoc.org/github.com/huandu/xstrings#Insert) | `String#insert` in Ruby | [#18](https://github.com/huandu/xstrings/issues/18) |
-| [LastPartition](https://godoc.org/github.com/huandu/xstrings#LastPartition) | `str.rpartition` in Python; `String#rpartition` in Ruby | [#19](https://github.com/huandu/xstrings/issues/19) |
-| [LeftJustify](https://godoc.org/github.com/huandu/xstrings#LeftJustify) | `str.ljust` in Python; `String#ljust` in Ruby | [#28](https://github.com/huandu/xstrings/issues/28) |
-| [Len](https://godoc.org/github.com/huandu/xstrings#Len) | `mb_strlen` in PHP | [#23](https://github.com/huandu/xstrings/issues/23) |
-| [Partition](https://godoc.org/github.com/huandu/xstrings#Partition) | `str.partition` in Python; `String#partition` in Ruby | [#10](https://github.com/huandu/xstrings/issues/10) |
-| [Reverse](https://godoc.org/github.com/huandu/xstrings#Reverse) | `String#reverse` in Ruby; `strrev` in PHP; `reverse` in Perl | [#7](https://github.com/huandu/xstrings/issues/7) |
-| [RightJustify](https://godoc.org/github.com/huandu/xstrings#RightJustify) | `str.rjust` in Python; `String#rjust` in Ruby | [#29](https://github.com/huandu/xstrings/issues/29) |
-| [RuneWidth](https://godoc.org/github.com/huandu/xstrings#RuneWidth) | - | [#27](https://github.com/huandu/xstrings/issues/27) |
-| [Scrub](https://godoc.org/github.com/huandu/xstrings#Scrub) | `String#scrub` in Ruby | [#20](https://github.com/huandu/xstrings/issues/20) |
-| [Shuffle](https://godoc.org/github.com/huandu/xstrings#Shuffle) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) |
-| [ShuffleSource](https://godoc.org/github.com/huandu/xstrings#ShuffleSource) | `str_shuffle` in PHP | [#13](https://github.com/huandu/xstrings/issues/13) |
-| [Slice](https://godoc.org/github.com/huandu/xstrings#Slice) | `mb_substr` in PHP | [#9](https://github.com/huandu/xstrings/issues/9) |
-| [Squeeze](https://godoc.org/github.com/huandu/xstrings#Squeeze) | `String#squeeze` in Ruby | [#11](https://github.com/huandu/xstrings/issues/11) |
-| [Successor](https://godoc.org/github.com/huandu/xstrings#Successor) | `String#succ` or `String#next` in Ruby | [#22](https://github.com/huandu/xstrings/issues/22) |
-| [SwapCase](https://godoc.org/github.com/huandu/xstrings#SwapCase) | `str.swapcase` in Python; `String#swapcase` in Ruby | [#12](https://github.com/huandu/xstrings/issues/12) |
-| [ToCamelCase](https://godoc.org/github.com/huandu/xstrings#ToCamelCase) | `String#camelize` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) |
-| [ToKebab](https://godoc.org/github.com/huandu/xstrings#ToKebabCase) | - | [#41](https://github.com/huandu/xstrings/issues/41) |
-| [ToSnakeCase](https://godoc.org/github.com/huandu/xstrings#ToSnakeCase) | `String#underscore` in RoR | [#1](https://github.com/huandu/xstrings/issues/1) |
-| [Translate](https://godoc.org/github.com/huandu/xstrings#Translate) | `str.translate` in Python; `String#tr` in Ruby; `strtr` in PHP; `tr///` in Perl | [#21](https://github.com/huandu/xstrings/issues/21) |
-| [Width](https://godoc.org/github.com/huandu/xstrings#Width) | `mb_strwidth` in PHP | [#26](https://github.com/huandu/xstrings/issues/26) |
-| [WordCount](https://godoc.org/github.com/huandu/xstrings#WordCount) | `str_word_count` in PHP | [#14](https://github.com/huandu/xstrings/issues/14) |
-| [WordSplit](https://godoc.org/github.com/huandu/xstrings#WordSplit) | - | [#14](https://github.com/huandu/xstrings/issues/14) |
-
-### Package `strings` functions ###
-
-*Keep this table sorted by Function in ascending order.*
-
-| Function | Friends |
-| -------- | ------- |
-| [Contains](http://golang.org/pkg/strings/#Contains) | `String#include?` in Ruby |
-| [ContainsAny](http://golang.org/pkg/strings/#ContainsAny) | - |
-| [ContainsRune](http://golang.org/pkg/strings/#ContainsRune) | - |
-| [Count](http://golang.org/pkg/strings/#Count) | `str.count` in Python; `substr_count` in PHP |
-| [EqualFold](http://golang.org/pkg/strings/#EqualFold) | `stricmp` in PHP; `String#casecmp` in Ruby |
-| [Fields](http://golang.org/pkg/strings/#Fields) | `str.split` in Python; `split` in Perl; `String#split` in Ruby |
-| [FieldsFunc](http://golang.org/pkg/strings/#FieldsFunc) | - |
-| [HasPrefix](http://golang.org/pkg/strings/#HasPrefix) | `str.startswith` in Python; `String#start_with?` in Ruby |
-| [HasSuffix](http://golang.org/pkg/strings/#HasSuffix) | `str.endswith` in Python; `String#end_with?` in Ruby |
-| [Index](http://golang.org/pkg/strings/#Index) | `str.index` in Python; `String#index` in Ruby; `strpos` in PHP; `index` in Perl |
-| [IndexAny](http://golang.org/pkg/strings/#IndexAny) | - |
-| [IndexByte](http://golang.org/pkg/strings/#IndexByte) | - |
-| [IndexFunc](http://golang.org/pkg/strings/#IndexFunc) | - |
-| [IndexRune](http://golang.org/pkg/strings/#IndexRune) | - |
-| [Join](http://golang.org/pkg/strings/#Join) | `str.join` in Python; `Array#join` in Ruby; `implode` in PHP; `join` in Perl |
-| [LastIndex](http://golang.org/pkg/strings/#LastIndex) | `str.rindex` in Python; `String#rindex`; `strrpos` in PHP; `rindex` in Perl |
-| [LastIndexAny](http://golang.org/pkg/strings/#LastIndexAny) | - |
-| [LastIndexFunc](http://golang.org/pkg/strings/#LastIndexFunc) | - |
-| [Map](http://golang.org/pkg/strings/#Map) | `String#each_codepoint` in Ruby |
-| [Repeat](http://golang.org/pkg/strings/#Repeat) | operator `*` in Python and Ruby; `str_repeat` in PHP |
-| [Replace](http://golang.org/pkg/strings/#Replace) | `str.replace` in Python; `String#sub` in Ruby; `str_replace` in PHP |
-| [Split](http://golang.org/pkg/strings/#Split) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl |
-| [SplitAfter](http://golang.org/pkg/strings/#SplitAfter) | - |
-| [SplitAfterN](http://golang.org/pkg/strings/#SplitAfterN) | - |
-| [SplitN](http://golang.org/pkg/strings/#SplitN) | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl |
-| [Title](http://golang.org/pkg/strings/#Title) | `str.title` in Python |
-| [ToLower](http://golang.org/pkg/strings/#ToLower) | `str.lower` in Python; `String#downcase` in Ruby; `strtolower` in PHP; `lc` in Perl |
-| [ToLowerSpecial](http://golang.org/pkg/strings/#ToLowerSpecial) | - |
-| [ToTitle](http://golang.org/pkg/strings/#ToTitle) | - |
-| [ToTitleSpecial](http://golang.org/pkg/strings/#ToTitleSpecial) | - |
-| [ToUpper](http://golang.org/pkg/strings/#ToUpper) | `str.upper` in Python; `String#upcase` in Ruby; `strtoupper` in PHP; `uc` in Perl |
-| [ToUpperSpecial](http://golang.org/pkg/strings/#ToUpperSpecial) | - |
-| [Trim](http://golang.org/pkg/strings/#Trim) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP |
-| [TrimFunc](http://golang.org/pkg/strings/#TrimFunc) | - |
-| [TrimLeft](http://golang.org/pkg/strings/#TrimLeft) | `str.lstrip` in Python; `String#lstrip` in Ruby; `ltrim` in PHP |
-| [TrimLeftFunc](http://golang.org/pkg/strings/#TrimLeftFunc) | - |
-| [TrimPrefix](http://golang.org/pkg/strings/#TrimPrefix) | - |
-| [TrimRight](http://golang.org/pkg/strings/#TrimRight) | `str.rstrip` in Python; `String#rstrip` in Ruby; `rtrim` in PHP |
-| [TrimRightFunc](http://golang.org/pkg/strings/#TrimRightFunc) | - |
-| [TrimSpace](http://golang.org/pkg/strings/#TrimSpace) | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP |
-| [TrimSuffix](http://golang.org/pkg/strings/#TrimSuffix) | `String#chomp` in Ruby; `chomp` in Perl |
-
-## License ##
+### Package `xstrings` functions
+
+_Keep this table sorted by Function in ascending order._
+
+| Function                                                                          | Friends                                                                         | #                                                   |
+| --------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | --------------------------------------------------- |
+| [Center](https://godoc.org/github.com/huandu/xstrings#Center)                     | `str.center` in Python; `String#center` in Ruby                                 | [#30](https://github.com/huandu/xstrings/issues/30) |
+| [Count](https://godoc.org/github.com/huandu/xstrings#Count)                       | `String#count` in Ruby                                                          | [#16](https://github.com/huandu/xstrings/issues/16) |
+| [Delete](https://godoc.org/github.com/huandu/xstrings#Delete)                     | `String#delete` in Ruby                                                         | [#17](https://github.com/huandu/xstrings/issues/17) |
+| [ExpandTabs](https://godoc.org/github.com/huandu/xstrings#ExpandTabs)             | `str.expandtabs` in Python                                                      | [#27](https://github.com/huandu/xstrings/issues/27) |
+| [FirstRuneToLower](https://godoc.org/github.com/huandu/xstrings#FirstRuneToLower) | `lcfirst` in PHP or Perl                                                        | [#15](https://github.com/huandu/xstrings/issues/15) |
+| [FirstRuneToUpper](https://godoc.org/github.com/huandu/xstrings#FirstRuneToUpper) | `String#capitalize` in Ruby; `ucfirst` in PHP or Perl                           | [#15](https://github.com/huandu/xstrings/issues/15) |
+| [Insert](https://godoc.org/github.com/huandu/xstrings#Insert)                     | `String#insert` in Ruby                                                         | [#18](https://github.com/huandu/xstrings/issues/18) |
+| [LastPartition](https://godoc.org/github.com/huandu/xstrings#LastPartition)       | `str.rpartition` in Python; `String#rpartition` in Ruby                         | [#19](https://github.com/huandu/xstrings/issues/19) |
+| [LeftJustify](https://godoc.org/github.com/huandu/xstrings#LeftJustify)           | `str.ljust` in Python; `String#ljust` in Ruby                                   | [#28](https://github.com/huandu/xstrings/issues/28) |
+| [Len](https://godoc.org/github.com/huandu/xstrings#Len)                           | `mb_strlen` in PHP                                                              | [#23](https://github.com/huandu/xstrings/issues/23) |
+| [Partition](https://godoc.org/github.com/huandu/xstrings#Partition)               | `str.partition` in Python; `String#partition` in Ruby                           | [#10](https://github.com/huandu/xstrings/issues/10) |
+| [Reverse](https://godoc.org/github.com/huandu/xstrings#Reverse)                   | `String#reverse` in Ruby; `strrev` in PHP; `reverse` in Perl                    | [#7](https://github.com/huandu/xstrings/issues/7)   |
+| [RightJustify](https://godoc.org/github.com/huandu/xstrings#RightJustify)         | `str.rjust` in Python; `String#rjust` in Ruby                                   | [#29](https://github.com/huandu/xstrings/issues/29) |
+| [RuneWidth](https://godoc.org/github.com/huandu/xstrings#RuneWidth)               | -                                                                               | [#27](https://github.com/huandu/xstrings/issues/27) |
+| [Scrub](https://godoc.org/github.com/huandu/xstrings#Scrub)                       | `String#scrub` in Ruby                                                          | [#20](https://github.com/huandu/xstrings/issues/20) |
+| [Shuffle](https://godoc.org/github.com/huandu/xstrings#Shuffle)                   | `str_shuffle` in PHP                                                            | [#13](https://github.com/huandu/xstrings/issues/13) |
+| [ShuffleSource](https://godoc.org/github.com/huandu/xstrings#ShuffleSource)       | `str_shuffle` in PHP                                                            | [#13](https://github.com/huandu/xstrings/issues/13) |
+| [Slice](https://godoc.org/github.com/huandu/xstrings#Slice)                       | `mb_substr` in PHP                                                              | [#9](https://github.com/huandu/xstrings/issues/9)   |
+| [Squeeze](https://godoc.org/github.com/huandu/xstrings#Squeeze)                   | `String#squeeze` in Ruby                                                        | [#11](https://github.com/huandu/xstrings/issues/11) |
+| [Successor](https://godoc.org/github.com/huandu/xstrings#Successor)               | `String#succ` or `String#next` in Ruby                                          | [#22](https://github.com/huandu/xstrings/issues/22) |
+| [SwapCase](https://godoc.org/github.com/huandu/xstrings#SwapCase)                 | `str.swapcase` in Python; `String#swapcase` in Ruby                             | [#12](https://github.com/huandu/xstrings/issues/12) |
+| [ToCamelCase](https://godoc.org/github.com/huandu/xstrings#ToCamelCase)           | `String#camelize` in RoR                                                        | [#1](https://github.com/huandu/xstrings/issues/1)   |
+| [ToKebab](https://godoc.org/github.com/huandu/xstrings#ToKebabCase)               | -                                                                               | [#41](https://github.com/huandu/xstrings/issues/41) |
+| [ToSnakeCase](https://godoc.org/github.com/huandu/xstrings#ToSnakeCase)           | `String#underscore` in RoR                                                      | [#1](https://github.com/huandu/xstrings/issues/1)   |
+| [Translate](https://godoc.org/github.com/huandu/xstrings#Translate)               | `str.translate` in Python; `String#tr` in Ruby; `strtr` in PHP; `tr///` in Perl | [#21](https://github.com/huandu/xstrings/issues/21) |
+| [Width](https://godoc.org/github.com/huandu/xstrings#Width)                       | `mb_strwidth` in PHP                                                            | [#26](https://github.com/huandu/xstrings/issues/26) |
+| [WordCount](https://godoc.org/github.com/huandu/xstrings#WordCount)               | `str_word_count` in PHP                                                         | [#14](https://github.com/huandu/xstrings/issues/14) |
+| [WordSplit](https://godoc.org/github.com/huandu/xstrings#WordSplit)               | -                                                                               | [#14](https://github.com/huandu/xstrings/issues/14) |
+
+### Package `strings` functions
+
+_Keep this table sorted by Function in ascending order._
+
+| Function                                                        | Friends                                                                             |
+| --------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
+| [Contains](http://golang.org/pkg/strings/#Contains)             | `String#include?` in Ruby                                                           |
+| [ContainsAny](http://golang.org/pkg/strings/#ContainsAny)       | -                                                                                   |
+| [ContainsRune](http://golang.org/pkg/strings/#ContainsRune)     | -                                                                                   |
+| [Count](http://golang.org/pkg/strings/#Count)                   | `str.count` in Python; `substr_count` in PHP                                        |
+| [EqualFold](http://golang.org/pkg/strings/#EqualFold)           | `stricmp` in PHP; `String#casecmp` in Ruby                                          |
+| [Fields](http://golang.org/pkg/strings/#Fields)                 | `str.split` in Python; `split` in Perl; `String#split` in Ruby                      |
+| [FieldsFunc](http://golang.org/pkg/strings/#FieldsFunc)         | -                                                                                   |
+| [HasPrefix](http://golang.org/pkg/strings/#HasPrefix)           | `str.startswith` in Python; `String#start_with?` in Ruby                            |
+| [HasSuffix](http://golang.org/pkg/strings/#HasSuffix)           | `str.endswith` in Python; `String#end_with?` in Ruby                                |
+| [Index](http://golang.org/pkg/strings/#Index)                   | `str.index` in Python; `String#index` in Ruby; `strpos` in PHP; `index` in Perl     |
+| [IndexAny](http://golang.org/pkg/strings/#IndexAny)             | -                                                                                   |
+| [IndexByte](http://golang.org/pkg/strings/#IndexByte)           | -                                                                                   |
+| [IndexFunc](http://golang.org/pkg/strings/#IndexFunc)           | -                                                                                   |
+| [IndexRune](http://golang.org/pkg/strings/#IndexRune)           | -                                                                                   |
+| [Join](http://golang.org/pkg/strings/#Join)                     | `str.join` in Python; `Array#join` in Ruby; `implode` in PHP; `join` in Perl        |
+| [LastIndex](http://golang.org/pkg/strings/#LastIndex)           | `str.rindex` in Python; `String#rindex`; `strrpos` in PHP; `rindex` in Perl         |
+| [LastIndexAny](http://golang.org/pkg/strings/#LastIndexAny)     | -                                                                                   |
+| [LastIndexFunc](http://golang.org/pkg/strings/#LastIndexFunc)   | -                                                                                   |
+| [Map](http://golang.org/pkg/strings/#Map)                       | `String#each_codepoint` in Ruby                                                     |
+| [Repeat](http://golang.org/pkg/strings/#Repeat)                 | operator `*` in Python and Ruby; `str_repeat` in PHP                                |
+| [Replace](http://golang.org/pkg/strings/#Replace)               | `str.replace` in Python; `String#sub` in Ruby; `str_replace` in PHP                 |
+| [Split](http://golang.org/pkg/strings/#Split)                   | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl    |
+| [SplitAfter](http://golang.org/pkg/strings/#SplitAfter)         | -                                                                                   |
+| [SplitAfterN](http://golang.org/pkg/strings/#SplitAfterN)       | -                                                                                   |
+| [SplitN](http://golang.org/pkg/strings/#SplitN)                 | `str.split` in Python; `String#split` in Ruby; `explode` in PHP; `split` in Perl    |
+| [Title](http://golang.org/pkg/strings/#Title)                   | `str.title` in Python                                                               |
+| [ToLower](http://golang.org/pkg/strings/#ToLower)               | `str.lower` in Python; `String#downcase` in Ruby; `strtolower` in PHP; `lc` in Perl |
+| [ToLowerSpecial](http://golang.org/pkg/strings/#ToLowerSpecial) | -                                                                                   |
+| [ToTitle](http://golang.org/pkg/strings/#ToTitle)               | -                                                                                   |
+| [ToTitleSpecial](http://golang.org/pkg/strings/#ToTitleSpecial) | -                                                                                   |
+| [ToUpper](http://golang.org/pkg/strings/#ToUpper)               | `str.upper` in Python; `String#upcase` in Ruby; `strtoupper` in PHP; `uc` in Perl   |
+| [ToUpperSpecial](http://golang.org/pkg/strings/#ToUpperSpecial) | -                                                                                   |
+| [Trim](http://golang.org/pkg/strings/#Trim)                     | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP                        |
+| [TrimFunc](http://golang.org/pkg/strings/#TrimFunc)             | -                                                                                   |
+| [TrimLeft](http://golang.org/pkg/strings/#TrimLeft)             | `str.lstrip` in Python; `String#lstrip` in Ruby; `ltrim` in PHP                     |
+| [TrimLeftFunc](http://golang.org/pkg/strings/#TrimLeftFunc)     | -                                                                                   |
+| [TrimPrefix](http://golang.org/pkg/strings/#TrimPrefix)         | -                                                                                   |
+| [TrimRight](http://golang.org/pkg/strings/#TrimRight)           | `str.rstrip` in Python; `String#rstrip` in Ruby; `rtrim` in PHP                     |
+| [TrimRightFunc](http://golang.org/pkg/strings/#TrimRightFunc)   | -                                                                                   |
+| [TrimSpace](http://golang.org/pkg/strings/#TrimSpace)           | `str.strip` in Python; `String#strip` in Ruby; `trim` in PHP                        |
+| [TrimSuffix](http://golang.org/pkg/strings/#TrimSuffix)         | `String#chomp` in Ruby; `chomp` in Perl                                             |
+
+## License
 
 This library is licensed under MIT license. See LICENSE for details.
diff --git a/vendor/github.com/huandu/xstrings/convert.go b/vendor/github.com/huandu/xstrings/convert.go
index 3d5a34950..151c3151d 100644
--- a/vendor/github.com/huandu/xstrings/convert.go
+++ b/vendor/github.com/huandu/xstrings/convert.go
@@ -130,7 +130,7 @@ func camelCaseToLowerCase(str string, connector rune) string {
 				wt, word, remaining = nextWord(remaining)
 			}
 
-			if wt != invalidWord && wt != punctWord {
+			if wt != invalidWord && wt != punctWord && wt != connectorWord {
 				buf.WriteRune(connector)
 			}
 
diff --git a/vendor/github.com/jgautheron/goconst/.gitignore b/vendor/github.com/jgautheron/goconst/.gitignore
new file mode 100644
index 000000000..a9d34d9c4
--- /dev/null
+++ b/vendor/github.com/jgautheron/goconst/.gitignore
@@ -0,0 +1,2 @@
+.idea
+goconst
\ No newline at end of file
diff --git a/vendor/github.com/jgautheron/goconst/parser.go b/vendor/github.com/jgautheron/goconst/parser.go
index 2ed7a9a90..c1edd4c78 100644
--- a/vendor/github.com/jgautheron/goconst/parser.go
+++ b/vendor/github.com/jgautheron/goconst/parser.go
@@ -99,11 +99,11 @@ func (p *Parser) ProcessResults() {
 		}
 
 		// If the value is a number
-		if i, err := strconv.Atoi(str); err == nil {
-			if p.numberMin != 0 && i < p.numberMin {
+		if i, err := strconv.ParseInt(str, 0, 0); err == nil {
+			if p.numberMin != 0 && i < int64(p.numberMin) {
 				delete(p.strs, str)
 			}
-			if p.numberMax != 0 && i > p.numberMax {
+			if p.numberMax != 0 && i > int64(p.numberMax) {
 				delete(p.strs, str)
 			}
 		}
diff --git a/vendor/github.com/jgautheron/goconst/visitor.go b/vendor/github.com/jgautheron/goconst/visitor.go
index c0974da8f..a553814f5 100644
--- a/vendor/github.com/jgautheron/goconst/visitor.go
+++ b/vendor/github.com/jgautheron/goconst/visitor.go
@@ -62,10 +62,6 @@ func (v *treeVisitor) Visit(node ast.Node) ast.Visitor {
 
 	// if foo == "moo"
 	case *ast.BinaryExpr:
-		if t.Op != token.EQL && t.Op != token.NEQ {
-			return v
-		}
-
 		var lit *ast.BasicLit
 		var ok bool
 
diff --git a/vendor/github.com/klauspost/compress/.goreleaser.yml b/vendor/github.com/klauspost/compress/.goreleaser.yml
index 7a008a4d2..4c28dff46 100644
--- a/vendor/github.com/klauspost/compress/.goreleaser.yml
+++ b/vendor/github.com/klauspost/compress/.goreleaser.yml
@@ -3,7 +3,7 @@
 before:
   hooks:
     - ./gen.sh
-    - go install mvdan.cc/garble@v0.9.3
+    - go install mvdan.cc/garble@v0.10.1
 
 builds:
   -
@@ -92,16 +92,7 @@ builds:
 archives:
   -
     id: s2-binaries
-    name_template: "s2-{{ .Os }}_{{ .Arch }}_{{ .Version }}"
-    replacements:
-      aix: AIX
-      darwin: OSX
-      linux: Linux
-      windows: Windows
-      386: i386
-      amd64: x86_64
-      freebsd: FreeBSD
-      netbsd: NetBSD
+    name_template: "s2-{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     format_overrides:
       - goos: windows
         format: zip
@@ -125,7 +116,7 @@ changelog:
 
 nfpms:
   -
-    file_name_template: "s2_package_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    file_name_template: "s2_package__{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}"
     vendor: Klaus Post
     homepage: https://github.com/klauspost/compress
     maintainer: Klaus Post <klauspost@gmail.com>
@@ -134,8 +125,3 @@ nfpms:
     formats:
       - deb
       - rpm
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      freebsd: FreeBSD
-      amd64: x86_64
diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md
index 4002a16a6..43de48677 100644
--- a/vendor/github.com/klauspost/compress/README.md
+++ b/vendor/github.com/klauspost/compress/README.md
@@ -16,6 +16,18 @@ This package provides various compression algorithms.
 
 # changelog
 
+* Sept 19th, 2023 - [v1.17.0](https://github.com/klauspost/compress/releases/tag/v1.17.0)
+	* Add experimental dictionary builder  https://github.com/klauspost/compress/pull/853
+	* Add xerial snappy read/writer https://github.com/klauspost/compress/pull/838
+	* flate: Add limited window compression https://github.com/klauspost/compress/pull/843
+	* s2: Do 2 overlapping match checks https://github.com/klauspost/compress/pull/839
+	* flate: Add amd64 assembly matchlen https://github.com/klauspost/compress/pull/837
+	* gzip: Copy bufio.Reader on Reset by @thatguystone in https://github.com/klauspost/compress/pull/860
+   
+* July 1st, 2023 - [v1.16.7](https://github.com/klauspost/compress/releases/tag/v1.16.7)
+	* zstd: Fix default level first dictionary encode https://github.com/klauspost/compress/pull/829
+	* s2: add GetBufferCapacity() method by @GiedriusS in https://github.com/klauspost/compress/pull/832
+
 * June 13, 2023 - [v1.16.6](https://github.com/klauspost/compress/releases/tag/v1.16.6)
 	* zstd: correctly ignore WithEncoderPadding(1) by @ianlancetaylor in https://github.com/klauspost/compress/pull/806
 	* zstd: Add amd64 match length assembly https://github.com/klauspost/compress/pull/824
@@ -50,6 +62,9 @@ This package provides various compression algorithms.
 	* s2: Support io.ReaderAt in ReadSeeker. https://github.com/klauspost/compress/pull/747
 	* s2c/s2sx: Use concurrent decoding. https://github.com/klauspost/compress/pull/746
 
+<details>
+	<summary>See changes to v1.15.x</summary>
+	
 * Jan 21st, 2023 (v1.15.15)
 	* deflate: Improve level 7-9 by @klauspost in https://github.com/klauspost/compress/pull/739
 	* zstd: Add delta encoding support by @greatroar in https://github.com/klauspost/compress/pull/728
@@ -176,6 +191,8 @@ Stream decompression is now faster on asynchronous, since the goroutine allocati
 
 While the release has been extensively tested, it is recommended to testing when upgrading.
 
+</details>
+
 <details>
 	<summary>See changes to v1.14.x</summary>
 	
@@ -636,6 +653,8 @@ Here are other packages of good quality and pure Go (no cgo wrappers or autoconv
 * [github.com/dsnet/compress](https://github.com/dsnet/compress) - brotli decompression, bzip2 writer.
 * [github.com/ronanh/intcomp](https://github.com/ronanh/intcomp) - Integer compression.
 * [github.com/spenczar/fpc](https://github.com/spenczar/fpc) - Float compression.
+* [github.com/minio/zipindex](https://github.com/minio/zipindex) - External ZIP directory index.
+* [github.com/ybirader/pzip](https://github.com/ybirader/pzip) - Fast concurrent zip archiver and extractor.
 
 # license
 
diff --git a/vendor/github.com/klauspost/compress/fse/bitwriter.go b/vendor/github.com/klauspost/compress/fse/bitwriter.go
index 43e463611..e82fa3bb7 100644
--- a/vendor/github.com/klauspost/compress/fse/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/fse/bitwriter.go
@@ -152,12 +152,11 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
 
 // reset and continue writing by appending to out.
diff --git a/vendor/github.com/klauspost/compress/fse/compress.go b/vendor/github.com/klauspost/compress/fse/compress.go
index dac97e58a..65d777357 100644
--- a/vendor/github.com/klauspost/compress/fse/compress.go
+++ b/vendor/github.com/klauspost/compress/fse/compress.go
@@ -199,7 +199,8 @@ func (s *Scratch) compress(src []byte) error {
 	c2.flush(s.actualTableLog)
 	c1.flush(s.actualTableLog)
 
-	return s.bw.close()
+	s.bw.close()
+	return nil
 }
 
 // writeCount will write the normalized histogram count to header.
diff --git a/vendor/github.com/klauspost/compress/huff0/bitwriter.go b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
index b4d7164e3..0ebc9aaac 100644
--- a/vendor/github.com/klauspost/compress/huff0/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/huff0/bitwriter.go
@@ -94,10 +94,9 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
diff --git a/vendor/github.com/klauspost/compress/huff0/compress.go b/vendor/github.com/klauspost/compress/huff0/compress.go
index 4ee4fa18d..518436cf3 100644
--- a/vendor/github.com/klauspost/compress/huff0/compress.go
+++ b/vendor/github.com/klauspost/compress/huff0/compress.go
@@ -227,10 +227,10 @@ func EstimateSizes(in []byte, s *Scratch) (tableSz, dataSz, reuseSz int, err err
 }
 
 func (s *Scratch) compress1X(src []byte) ([]byte, error) {
-	return s.compress1xDo(s.Out, src)
+	return s.compress1xDo(s.Out, src), nil
 }
 
-func (s *Scratch) compress1xDo(dst, src []byte) ([]byte, error) {
+func (s *Scratch) compress1xDo(dst, src []byte) []byte {
 	var bw = bitWriter{out: dst}
 
 	// N is length divisible by 4.
@@ -260,8 +260,8 @@ func (s *Scratch) compress1xDo(dst, src []byte) ([]byte, error) {
 			bw.encTwoSymbols(cTable, tmp[1], tmp[0])
 		}
 	}
-	err := bw.close()
-	return bw.out, err
+	bw.close()
+	return bw.out
 }
 
 var sixZeros [6]byte
@@ -283,12 +283,8 @@ func (s *Scratch) compress4X(src []byte) ([]byte, error) {
 		}
 		src = src[len(toDo):]
 
-		var err error
 		idx := len(s.Out)
-		s.Out, err = s.compress1xDo(s.Out, toDo)
-		if err != nil {
-			return nil, err
-		}
+		s.Out = s.compress1xDo(s.Out, toDo)
 		if len(s.Out)-idx > math.MaxUint16 {
 			// We cannot store the size in the jump table
 			return nil, ErrIncompressible
@@ -315,7 +311,6 @@ func (s *Scratch) compress4Xp(src []byte) ([]byte, error) {
 
 	segmentSize := (len(src) + 3) / 4
 	var wg sync.WaitGroup
-	var errs [4]error
 	wg.Add(4)
 	for i := 0; i < 4; i++ {
 		toDo := src
@@ -326,15 +321,12 @@ func (s *Scratch) compress4Xp(src []byte) ([]byte, error) {
 
 		// Separate goroutine for each block.
 		go func(i int) {
-			s.tmpOut[i], errs[i] = s.compress1xDo(s.tmpOut[i][:0], toDo)
+			s.tmpOut[i] = s.compress1xDo(s.tmpOut[i][:0], toDo)
 			wg.Done()
 		}(i)
 	}
 	wg.Wait()
 	for i := 0; i < 4; i++ {
-		if errs[i] != nil {
-			return nil, errs[i]
-		}
 		o := s.tmpOut[i]
 		if len(o) > math.MaxUint16 {
 			// We cannot store the size in the jump table
diff --git a/vendor/github.com/klauspost/compress/zstd/bitreader.go b/vendor/github.com/klauspost/compress/zstd/bitreader.go
index 97299d499..25ca98394 100644
--- a/vendor/github.com/klauspost/compress/zstd/bitreader.go
+++ b/vendor/github.com/klauspost/compress/zstd/bitreader.go
@@ -17,7 +17,6 @@ import (
 // for aligning the input.
 type bitReader struct {
 	in       []byte
-	off      uint   // next byte to read is at in[off - 1]
 	value    uint64 // Maybe use [16]byte, but shifting is awkward.
 	bitsRead uint8
 }
@@ -28,7 +27,6 @@ func (b *bitReader) init(in []byte) error {
 		return errors.New("corrupt stream: too short")
 	}
 	b.in = in
-	b.off = uint(len(in))
 	// The highest bit of the last byte indicates where to start
 	v := in[len(in)-1]
 	if v == 0 {
@@ -69,21 +67,19 @@ func (b *bitReader) fillFast() {
 	if b.bitsRead < 32 {
 		return
 	}
-	// 2 bounds checks.
-	v := b.in[b.off-4:]
-	v = v[:4]
+	v := b.in[len(b.in)-4:]
+	b.in = b.in[:len(b.in)-4]
 	low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
 	b.value = (b.value << 32) | uint64(low)
 	b.bitsRead -= 32
-	b.off -= 4
 }
 
 // fillFastStart() assumes the bitreader is empty and there is at least 8 bytes to read.
 func (b *bitReader) fillFastStart() {
-	// Do single re-slice to avoid bounds checks.
-	b.value = binary.LittleEndian.Uint64(b.in[b.off-8:])
+	v := b.in[len(b.in)-8:]
+	b.in = b.in[:len(b.in)-8]
+	b.value = binary.LittleEndian.Uint64(v)
 	b.bitsRead = 0
-	b.off -= 8
 }
 
 // fill() will make sure at least 32 bits are available.
@@ -91,25 +87,25 @@ func (b *bitReader) fill() {
 	if b.bitsRead < 32 {
 		return
 	}
-	if b.off >= 4 {
-		v := b.in[b.off-4:]
-		v = v[:4]
+	if len(b.in) >= 4 {
+		v := b.in[len(b.in)-4:]
+		b.in = b.in[:len(b.in)-4]
 		low := (uint32(v[0])) | (uint32(v[1]) << 8) | (uint32(v[2]) << 16) | (uint32(v[3]) << 24)
 		b.value = (b.value << 32) | uint64(low)
 		b.bitsRead -= 32
-		b.off -= 4
 		return
 	}
-	for b.off > 0 {
-		b.value = (b.value << 8) | uint64(b.in[b.off-1])
-		b.bitsRead -= 8
-		b.off--
+
+	b.bitsRead -= uint8(8 * len(b.in))
+	for len(b.in) > 0 {
+		b.value = (b.value << 8) | uint64(b.in[len(b.in)-1])
+		b.in = b.in[:len(b.in)-1]
 	}
 }
 
 // finished returns true if all bits have been read from the bit stream.
 func (b *bitReader) finished() bool {
-	return b.off == 0 && b.bitsRead >= 64
+	return len(b.in) == 0 && b.bitsRead >= 64
 }
 
 // overread returns true if more bits have been requested than is on the stream.
@@ -119,7 +115,7 @@ func (b *bitReader) overread() bool {
 
 // remain returns the number of bits remaining.
 func (b *bitReader) remain() uint {
-	return b.off*8 + 64 - uint(b.bitsRead)
+	return 8*uint(len(b.in)) + 64 - uint(b.bitsRead)
 }
 
 // close the bitstream and returns an error if out-of-buffer reads occurred.
diff --git a/vendor/github.com/klauspost/compress/zstd/bitwriter.go b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
index 78b3c61be..1952f175b 100644
--- a/vendor/github.com/klauspost/compress/zstd/bitwriter.go
+++ b/vendor/github.com/klauspost/compress/zstd/bitwriter.go
@@ -97,12 +97,11 @@ func (b *bitWriter) flushAlign() {
 
 // close will write the alignment bit and write the final byte(s)
 // to the output.
-func (b *bitWriter) close() error {
+func (b *bitWriter) close() {
 	// End mark
 	b.addBits16Clean(1, 1)
 	// flush until next byte.
 	b.flushAlign()
-	return nil
 }
 
 // reset and continue writing by appending to out.
diff --git a/vendor/github.com/klauspost/compress/zstd/blockenc.go b/vendor/github.com/klauspost/compress/zstd/blockenc.go
index fd4a36f73..2cfe925ad 100644
--- a/vendor/github.com/klauspost/compress/zstd/blockenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/blockenc.go
@@ -361,14 +361,21 @@ func (b *blockEnc) encodeLits(lits []byte, raw bool) error {
 	if len(lits) >= 1024 {
 		// Use 4 Streams.
 		out, reUsed, err = huff0.Compress4X(lits, b.litEnc)
-	} else if len(lits) > 32 {
+	} else if len(lits) > 16 {
 		// Use 1 stream
 		single = true
 		out, reUsed, err = huff0.Compress1X(lits, b.litEnc)
 	} else {
 		err = huff0.ErrIncompressible
 	}
-
+	if err == nil && len(out)+5 > len(lits) {
+		// If we are close, we may still be worse or equal to raw.
+		var lh literalsHeader
+		lh.setSizes(len(out), len(lits), single)
+		if len(out)+lh.size() >= len(lits) {
+			err = huff0.ErrIncompressible
+		}
+	}
 	switch err {
 	case huff0.ErrIncompressible:
 		if debugEncoder {
@@ -503,7 +510,7 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 	if len(b.literals) >= 1024 && !raw {
 		// Use 4 Streams.
 		out, reUsed, err = huff0.Compress4X(b.literals, b.litEnc)
-	} else if len(b.literals) > 32 && !raw {
+	} else if len(b.literals) > 16 && !raw {
 		// Use 1 stream
 		single = true
 		out, reUsed, err = huff0.Compress1X(b.literals, b.litEnc)
@@ -511,6 +518,17 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 		err = huff0.ErrIncompressible
 	}
 
+	if err == nil && len(out)+5 > len(b.literals) {
+		// If we are close, we may still be worse or equal to raw.
+		var lh literalsHeader
+		lh.setSize(len(b.literals))
+		szRaw := lh.size()
+		lh.setSizes(len(out), len(b.literals), single)
+		szComp := lh.size()
+		if len(out)+szComp >= len(b.literals)+szRaw {
+			err = huff0.ErrIncompressible
+		}
+	}
 	switch err {
 	case huff0.ErrIncompressible:
 		lh.setType(literalsBlockRaw)
@@ -773,10 +791,7 @@ func (b *blockEnc) encode(org []byte, raw, rawAllLits bool) error {
 	ml.flush(mlEnc.actualTableLog)
 	of.flush(ofEnc.actualTableLog)
 	ll.flush(llEnc.actualTableLog)
-	err = wr.close()
-	if err != nil {
-		return err
-	}
+	wr.close()
 	b.output = wr.out
 
 	// Maybe even add a bigger margin.
diff --git a/vendor/github.com/klauspost/compress/zstd/dict.go b/vendor/github.com/klauspost/compress/zstd/dict.go
index ca0951452..8d5567fe6 100644
--- a/vendor/github.com/klauspost/compress/zstd/dict.go
+++ b/vendor/github.com/klauspost/compress/zstd/dict.go
@@ -1,10 +1,13 @@
 package zstd
 
 import (
+	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
+	"math"
+	"sort"
 
 	"github.com/klauspost/compress/huff0"
 )
@@ -14,9 +17,8 @@ type dict struct {
 
 	litEnc              *huff0.Scratch
 	llDec, ofDec, mlDec sequenceDec
-	//llEnc, ofEnc, mlEnc []*fseEncoder
-	offsets [3]int
-	content []byte
+	offsets             [3]int
+	content             []byte
 }
 
 const dictMagic = "\x37\xa4\x30\xec"
@@ -159,3 +161,374 @@ func InspectDictionary(b []byte) (interface {
 	d, err := loadDict(b)
 	return d, err
 }
+
+type BuildDictOptions struct {
+	// Dictionary ID.
+	ID uint32
+
+	// Content to use to create dictionary tables.
+	Contents [][]byte
+
+	// History to use for all blocks.
+	History []byte
+
+	// Offsets to use.
+	Offsets [3]int
+
+	// CompatV155 will make the dictionary compatible with Zstd v1.5.5 and earlier.
+	// See https://github.com/facebook/zstd/issues/3724
+	CompatV155 bool
+
+	// Use the specified encoder level.
+	// The dictionary will be built using the specified encoder level,
+	// which will reflect speed and make the dictionary tailored for that level.
+	// If not set SpeedBestCompression will be used.
+	Level EncoderLevel
+
+	// DebugOut will write stats and other details here if set.
+	DebugOut io.Writer
+}
+
+func BuildDict(o BuildDictOptions) ([]byte, error) {
+	initPredefined()
+	hist := o.History
+	contents := o.Contents
+	debug := o.DebugOut != nil
+	println := func(args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprintln(o.DebugOut, args...)
+		}
+	}
+	printf := func(s string, args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprintf(o.DebugOut, s, args...)
+		}
+	}
+	print := func(args ...interface{}) {
+		if o.DebugOut != nil {
+			fmt.Fprint(o.DebugOut, args...)
+		}
+	}
+
+	if int64(len(hist)) > dictMaxLength {
+		return nil, fmt.Errorf("dictionary of size %d > %d", len(hist), int64(dictMaxLength))
+	}
+	if len(hist) < 8 {
+		return nil, fmt.Errorf("dictionary of size %d < %d", len(hist), 8)
+	}
+	if len(contents) == 0 {
+		return nil, errors.New("no content provided")
+	}
+	d := dict{
+		id:      o.ID,
+		litEnc:  nil,
+		llDec:   sequenceDec{},
+		ofDec:   sequenceDec{},
+		mlDec:   sequenceDec{},
+		offsets: o.Offsets,
+		content: hist,
+	}
+	block := blockEnc{lowMem: false}
+	block.init()
+	enc := encoder(&bestFastEncoder{fastBase: fastBase{maxMatchOff: int32(maxMatchLen), bufferReset: math.MaxInt32 - int32(maxMatchLen*2), lowMem: false}})
+	if o.Level != 0 {
+		eOpts := encoderOptions{
+			level:      o.Level,
+			blockSize:  maxMatchLen,
+			windowSize: maxMatchLen,
+			dict:       &d,
+			lowMem:     false,
+		}
+		enc = eOpts.encoder()
+	} else {
+		o.Level = SpeedBestCompression
+	}
+	var (
+		remain [256]int
+		ll     [256]int
+		ml     [256]int
+		of     [256]int
+	)
+	addValues := func(dst *[256]int, src []byte) {
+		for _, v := range src {
+			dst[v]++
+		}
+	}
+	addHist := func(dst *[256]int, src *[256]uint32) {
+		for i, v := range src {
+			dst[i] += int(v)
+		}
+	}
+	seqs := 0
+	nUsed := 0
+	litTotal := 0
+	newOffsets := make(map[uint32]int, 1000)
+	for _, b := range contents {
+		block.reset(nil)
+		if len(b) < 8 {
+			continue
+		}
+		nUsed++
+		enc.Reset(&d, true)
+		enc.Encode(&block, b)
+		addValues(&remain, block.literals)
+		litTotal += len(block.literals)
+		seqs += len(block.sequences)
+		block.genCodes()
+		addHist(&ll, block.coders.llEnc.Histogram())
+		addHist(&ml, block.coders.mlEnc.Histogram())
+		addHist(&of, block.coders.ofEnc.Histogram())
+		for i, seq := range block.sequences {
+			if i > 3 {
+				break
+			}
+			offset := seq.offset
+			if offset == 0 {
+				continue
+			}
+			if offset > 3 {
+				newOffsets[offset-3]++
+			} else {
+				newOffsets[uint32(o.Offsets[offset-1])]++
+			}
+		}
+	}
+	// Find most used offsets.
+	var sortedOffsets []uint32
+	for k := range newOffsets {
+		sortedOffsets = append(sortedOffsets, k)
+	}
+	sort.Slice(sortedOffsets, func(i, j int) bool {
+		a, b := sortedOffsets[i], sortedOffsets[j]
+		if a == b {
+			// Prefer the longer offset
+			return sortedOffsets[i] > sortedOffsets[j]
+		}
+		return newOffsets[sortedOffsets[i]] > newOffsets[sortedOffsets[j]]
+	})
+	if len(sortedOffsets) > 3 {
+		if debug {
+			print("Offsets:")
+			for i, v := range sortedOffsets {
+				if i > 20 {
+					break
+				}
+				printf("[%d: %d],", v, newOffsets[v])
+			}
+			println("")
+		}
+
+		sortedOffsets = sortedOffsets[:3]
+	}
+	for i, v := range sortedOffsets {
+		o.Offsets[i] = int(v)
+	}
+	if debug {
+		println("New repeat offsets", o.Offsets)
+	}
+
+	if nUsed == 0 || seqs == 0 {
+		return nil, fmt.Errorf("%d blocks, %d sequences found", nUsed, seqs)
+	}
+	if debug {
+		println("Sequences:", seqs, "Blocks:", nUsed, "Literals:", litTotal)
+	}
+	if seqs/nUsed < 512 {
+		// Use 512 as minimum.
+		nUsed = seqs / 512
+	}
+	copyHist := func(dst *fseEncoder, src *[256]int) ([]byte, error) {
+		hist := dst.Histogram()
+		var maxSym uint8
+		var maxCount int
+		var fakeLength int
+		for i, v := range src {
+			if v > 0 {
+				v = v / nUsed
+				if v == 0 {
+					v = 1
+				}
+			}
+			if v > maxCount {
+				maxCount = v
+			}
+			if v != 0 {
+				maxSym = uint8(i)
+			}
+			fakeLength += v
+			hist[i] = uint32(v)
+		}
+		dst.HistogramFinished(maxSym, maxCount)
+		dst.reUsed = false
+		dst.useRLE = false
+		err := dst.normalizeCount(fakeLength)
+		if err != nil {
+			return nil, err
+		}
+		if debug {
+			println("RAW:", dst.count[:maxSym+1], "NORM:", dst.norm[:maxSym+1], "LEN:", fakeLength)
+		}
+		return dst.writeCount(nil)
+	}
+	if debug {
+		print("Literal lengths: ")
+	}
+	llTable, err := copyHist(block.coders.llEnc, &ll)
+	if err != nil {
+		return nil, err
+	}
+	if debug {
+		print("Match lengths: ")
+	}
+	mlTable, err := copyHist(block.coders.mlEnc, &ml)
+	if err != nil {
+		return nil, err
+	}
+	if debug {
+		print("Offsets: ")
+	}
+	ofTable, err := copyHist(block.coders.ofEnc, &of)
+	if err != nil {
+		return nil, err
+	}
+
+	// Literal table
+	avgSize := litTotal
+	if avgSize > huff0.BlockSizeMax/2 {
+		avgSize = huff0.BlockSizeMax / 2
+	}
+	huffBuff := make([]byte, 0, avgSize)
+	// Target size
+	div := litTotal / avgSize
+	if div < 1 {
+		div = 1
+	}
+	if debug {
+		println("Huffman weights:")
+	}
+	for i, n := range remain[:] {
+		if n > 0 {
+			n = n / div
+			// Allow all entries to be represented.
+			if n == 0 {
+				n = 1
+			}
+			huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+			if debug {
+				printf("[%d: %d], ", i, n)
+			}
+		}
+	}
+	if o.CompatV155 && remain[255]/div == 0 {
+		huffBuff = append(huffBuff, 255)
+	}
+	scratch := &huff0.Scratch{TableLog: 11}
+	for tries := 0; tries < 255; tries++ {
+		scratch = &huff0.Scratch{TableLog: 11}
+		_, _, err = huff0.Compress1X(huffBuff, scratch)
+		if err == nil {
+			break
+		}
+		if debug {
+			printf("Try %d: Huffman error: %v\n", tries+1, err)
+		}
+		huffBuff = huffBuff[:0]
+		if tries == 250 {
+			if debug {
+				println("Huffman: Bailing out with predefined table")
+			}
+
+			// Bail out.... Just generate something
+			huffBuff = append(huffBuff, bytes.Repeat([]byte{255}, 10000)...)
+			for i := 0; i < 128; i++ {
+				huffBuff = append(huffBuff, byte(i))
+			}
+			continue
+		}
+		if errors.Is(err, huff0.ErrIncompressible) {
+			// Try truncating least common.
+			for i, n := range remain[:] {
+				if n > 0 {
+					n = n / (div * (i + 1))
+					if n > 0 {
+						huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+					}
+				}
+			}
+			if o.CompatV155 && len(huffBuff) > 0 && huffBuff[len(huffBuff)-1] != 255 {
+				huffBuff = append(huffBuff, 255)
+			}
+			if len(huffBuff) == 0 {
+				huffBuff = append(huffBuff, 0, 255)
+			}
+		}
+		if errors.Is(err, huff0.ErrUseRLE) {
+			for i, n := range remain[:] {
+				n = n / (div * (i + 1))
+				// Allow all entries to be represented.
+				if n == 0 {
+					n = 1
+				}
+				huffBuff = append(huffBuff, bytes.Repeat([]byte{byte(i)}, n)...)
+			}
+		}
+	}
+
+	var out bytes.Buffer
+	out.Write([]byte(dictMagic))
+	out.Write(binary.LittleEndian.AppendUint32(nil, o.ID))
+	out.Write(scratch.OutTable)
+	if debug {
+		println("huff table:", len(scratch.OutTable), "bytes")
+		println("of table:", len(ofTable), "bytes")
+		println("ml table:", len(mlTable), "bytes")
+		println("ll table:", len(llTable), "bytes")
+	}
+	out.Write(ofTable)
+	out.Write(mlTable)
+	out.Write(llTable)
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[0])))
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[1])))
+	out.Write(binary.LittleEndian.AppendUint32(nil, uint32(o.Offsets[2])))
+	out.Write(hist)
+	if debug {
+		_, err := loadDict(out.Bytes())
+		if err != nil {
+			panic(err)
+		}
+		i, err := InspectDictionary(out.Bytes())
+		if err != nil {
+			panic(err)
+		}
+		println("ID:", i.ID())
+		println("Content size:", i.ContentSize())
+		println("Encoder:", i.LitEncoder() != nil)
+		println("Offsets:", i.Offsets())
+		var totalSize int
+		for _, b := range contents {
+			totalSize += len(b)
+		}
+
+		encWith := func(opts ...EOption) int {
+			enc, err := NewWriter(nil, opts...)
+			if err != nil {
+				panic(err)
+			}
+			defer enc.Close()
+			var dst []byte
+			var totalSize int
+			for _, b := range contents {
+				dst = enc.EncodeAll(b, dst[:0])
+				totalSize += len(dst)
+			}
+			return totalSize
+		}
+		plain := encWith(WithEncoderLevel(o.Level))
+		withDict := encWith(WithEncoderLevel(o.Level), WithEncoderDict(out.Bytes()))
+		println("Input size:", totalSize)
+		println("Plain Compressed:", plain)
+		println("Dict Compressed:", withDict)
+		println("Saved:", plain-withDict, (plain-withDict)/len(contents), "bytes per input (rounded down)")
+	}
+	return out.Bytes(), nil
+}
diff --git a/vendor/github.com/klauspost/compress/zstd/enc_best.go b/vendor/github.com/klauspost/compress/zstd/enc_best.go
index 9819d4145..858f8f43a 100644
--- a/vendor/github.com/klauspost/compress/zstd/enc_best.go
+++ b/vendor/github.com/klauspost/compress/zstd/enc_best.go
@@ -197,12 +197,13 @@ encodeLoop:
 
 		// Set m to a match at offset if it looks like that will improve compression.
 		improve := func(m *match, offset int32, s int32, first uint32, rep int32) {
-			if s-offset >= e.maxMatchOff || load3232(src, offset) != first {
+			delta := s - offset
+			if delta >= e.maxMatchOff || delta <= 0 || load3232(src, offset) != first {
 				return
 			}
 			if debugAsserts {
-				if offset <= 0 {
-					panic(offset)
+				if offset >= s {
+					panic(fmt.Sprintf("offset: %d - s:%d - rep: %d - cur :%d - max: %d", offset, s, rep, e.cur, e.maxMatchOff))
 				}
 				if !bytes.Equal(src[s:s+4], src[offset:offset+4]) {
 					panic(fmt.Sprintf("first match mismatch: %v != %v, first: %08x", src[s:s+4], src[offset:offset+4], first))
@@ -343,8 +344,8 @@ encodeLoop:
 		if best.rep > 0 {
 			var seq seq
 			seq.matchLen = uint32(best.length - zstdMinMatch)
-			if debugAsserts && s <= nextEmit {
-				panic("s <= nextEmit")
+			if debugAsserts && s < nextEmit {
+				panic("s < nextEmit")
 			}
 			addLiterals(&seq, best.s)
 
diff --git a/vendor/github.com/klauspost/compress/zstd/encoder.go b/vendor/github.com/klauspost/compress/zstd/encoder.go
index 4de0aed0d..72af7ef0f 100644
--- a/vendor/github.com/klauspost/compress/zstd/encoder.go
+++ b/vendor/github.com/klauspost/compress/zstd/encoder.go
@@ -227,10 +227,7 @@ func (e *Encoder) nextBlock(final bool) error {
 			DictID:        e.o.dict.ID(),
 		}
 
-		dst, err := fh.appendTo(tmp[:0])
-		if err != nil {
-			return err
-		}
+		dst := fh.appendTo(tmp[:0])
 		s.headerWritten = true
 		s.wWg.Wait()
 		var n2 int
@@ -483,7 +480,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 				Checksum: false,
 				DictID:   0,
 			}
-			dst, _ = fh.appendTo(dst)
+			dst = fh.appendTo(dst)
 
 			// Write raw block as last one only.
 			var blk blockHeader
@@ -518,10 +515,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 	if len(dst) == 0 && cap(dst) == 0 && len(src) < 1<<20 && !e.o.lowMem {
 		dst = make([]byte, 0, len(src))
 	}
-	dst, err := fh.appendTo(dst)
-	if err != nil {
-		panic(err)
-	}
+	dst = fh.appendTo(dst)
 
 	// If we can do everything in one block, prefer that.
 	if len(src) <= e.o.blockSize {
@@ -581,6 +575,7 @@ func (e *Encoder) EncodeAll(src, dst []byte) []byte {
 	// Add padding with content from crypto/rand.Reader
 	if e.o.pad > 0 {
 		add := calcSkippableFrame(int64(len(dst)), int64(e.o.pad))
+		var err error
 		dst, err = skippableFrame(dst, add, rand.Reader)
 		if err != nil {
 			panic(err)
diff --git a/vendor/github.com/klauspost/compress/zstd/frameenc.go b/vendor/github.com/klauspost/compress/zstd/frameenc.go
index 4ef7f5a3e..2f5d5ed45 100644
--- a/vendor/github.com/klauspost/compress/zstd/frameenc.go
+++ b/vendor/github.com/klauspost/compress/zstd/frameenc.go
@@ -22,7 +22,7 @@ type frameHeader struct {
 
 const maxHeaderSize = 14
 
-func (f frameHeader) appendTo(dst []byte) ([]byte, error) {
+func (f frameHeader) appendTo(dst []byte) []byte {
 	dst = append(dst, frameMagic...)
 	var fhd uint8
 	if f.Checksum {
@@ -88,7 +88,7 @@ func (f frameHeader) appendTo(dst []byte) ([]byte, error) {
 	default:
 		panic("invalid fcs")
 	}
-	return dst, nil
+	return dst
 }
 
 const skippableFrameHeader = 4 + 4
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec.go b/vendor/github.com/klauspost/compress/zstd/seqdec.go
index 9405fcf10..d7fe6d82d 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec.go
@@ -245,7 +245,7 @@ func (s *sequenceDecs) decodeSync(hist []byte) error {
 			return io.ErrUnexpectedEOF
 		}
 		var ll, mo, ml int
-		if br.off > 4+((maxOffsetBits+16+16)>>3) {
+		if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
 			// inlined function:
 			// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
 
@@ -452,18 +452,13 @@ func (s *sequenceDecs) next(br *bitReader, llState, mlState, ofState decSymbol)
 
 	// extra bits are stored in reverse order.
 	br.fill()
-	if s.maxBits <= 32 {
-		mo += br.getBits(moB)
-		ml += br.getBits(mlB)
-		ll += br.getBits(llB)
-	} else {
-		mo += br.getBits(moB)
+	mo += br.getBits(moB)
+	if s.maxBits > 32 {
 		br.fill()
-		// matchlength+literal length, max 32 bits
-		ml += br.getBits(mlB)
-		ll += br.getBits(llB)
-
 	}
+	// matchlength+literal length, max 32 bits
+	ml += br.getBits(mlB)
+	ll += br.getBits(llB)
 	mo = s.adjustOffset(mo, ll, moB)
 	return
 }
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
index b6f4ba6fc..974b99725 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s
@@ -5,11 +5,11 @@
 // func sequenceDecs_decode_amd64(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: CMOV
 TEXT ·sequenceDecs_decode_amd64(SB), $8-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -301,9 +301,9 @@ sequenceDecs_decode_amd64_match_len_ofs_ok:
 	MOVQ R12, 152(AX)
 	MOVQ R13, 160(AX)
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -336,11 +336,11 @@ error_overread:
 // func sequenceDecs_decode_56_amd64(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: CMOV
 TEXT ·sequenceDecs_decode_56_amd64(SB), $8-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -603,9 +603,9 @@ sequenceDecs_decode_56_amd64_match_len_ofs_ok:
 	MOVQ R12, 152(AX)
 	MOVQ R13, 160(AX)
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -638,11 +638,11 @@ error_overread:
 // func sequenceDecs_decode_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: BMI, BMI2, CMOV
 TEXT ·sequenceDecs_decode_bmi2(SB), $8-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -892,9 +892,9 @@ sequenceDecs_decode_bmi2_match_len_ofs_ok:
 	MOVQ R11, 152(CX)
 	MOVQ R12, 160(CX)
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -927,11 +927,11 @@ error_overread:
 // func sequenceDecs_decode_56_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeAsmContext) int
 // Requires: BMI, BMI2, CMOV
 TEXT ·sequenceDecs_decode_56_bmi2(SB), $8-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -1152,9 +1152,9 @@ sequenceDecs_decode_56_bmi2_match_len_ofs_ok:
 	MOVQ R11, 152(CX)
 	MOVQ R12, 160(CX)
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Return success
 	MOVQ $0x00000000, ret+24(FP)
@@ -1797,11 +1797,11 @@ empty_seqs:
 // func sequenceDecs_decodeSync_amd64(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_amd64(SB), $64-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -2295,9 +2295,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -2362,11 +2362,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: BMI, BMI2, CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_bmi2(SB), $64-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -2818,9 +2818,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -2885,11 +2885,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_safe_amd64(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_safe_amd64(SB), $64-32
-	MOVQ    br+8(FP), AX
-	MOVQ    32(AX), DX
-	MOVBQZX 40(AX), BX
-	MOVQ    24(AX), SI
-	MOVQ    (AX), AX
+	MOVQ    br+8(FP), CX
+	MOVQ    24(CX), DX
+	MOVBQZX 32(CX), BX
+	MOVQ    (CX), AX
+	MOVQ    8(CX), SI
 	ADDQ    SI, AX
 	MOVQ    AX, (SP)
 	MOVQ    ctx+16(FP), AX
@@ -3485,9 +3485,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), AX
-	MOVQ DX, 32(AX)
-	MOVB BL, 40(AX)
-	MOVQ SI, 24(AX)
+	MOVQ DX, 24(AX)
+	MOVB BL, 32(AX)
+	MOVQ SI, 8(AX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
@@ -3552,11 +3552,11 @@ error_not_enough_space:
 // func sequenceDecs_decodeSync_safe_bmi2(s *sequenceDecs, br *bitReader, ctx *decodeSyncAsmContext) int
 // Requires: BMI, BMI2, CMOV, SSE
 TEXT ·sequenceDecs_decodeSync_safe_bmi2(SB), $64-32
-	MOVQ    br+8(FP), CX
-	MOVQ    32(CX), AX
-	MOVBQZX 40(CX), DX
-	MOVQ    24(CX), BX
-	MOVQ    (CX), CX
+	MOVQ    br+8(FP), BX
+	MOVQ    24(BX), AX
+	MOVBQZX 32(BX), DX
+	MOVQ    (BX), CX
+	MOVQ    8(BX), BX
 	ADDQ    BX, CX
 	MOVQ    CX, (SP)
 	MOVQ    ctx+16(FP), CX
@@ -4110,9 +4110,9 @@ handle_loop:
 
 loop_finished:
 	MOVQ br+8(FP), CX
-	MOVQ AX, 32(CX)
-	MOVB DL, 40(CX)
-	MOVQ BX, 24(CX)
+	MOVQ AX, 24(CX)
+	MOVB DL, 32(CX)
+	MOVQ BX, 8(CX)
 
 	// Update the context
 	MOVQ ctx+16(FP), AX
diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
index ac2a80d29..2fb35b788 100644
--- a/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
+++ b/vendor/github.com/klauspost/compress/zstd/seqdec_generic.go
@@ -29,7 +29,7 @@ func (s *sequenceDecs) decode(seqs []seqVals) error {
 	}
 	for i := range seqs {
 		var ll, mo, ml int
-		if br.off > 4+((maxOffsetBits+16+16)>>3) {
+		if len(br.in) > 4+((maxOffsetBits+16+16)>>3) {
 			// inlined function:
 			// ll, mo, ml = s.nextFast(br, llState, mlState, ofState)
 
diff --git a/vendor/github.com/klauspost/compress/zstd/snappy.go b/vendor/github.com/klauspost/compress/zstd/snappy.go
index 9e1baad73..ec13594e8 100644
--- a/vendor/github.com/klauspost/compress/zstd/snappy.go
+++ b/vendor/github.com/klauspost/compress/zstd/snappy.go
@@ -95,10 +95,9 @@ func (r *SnappyConverter) Convert(in io.Reader, w io.Writer) (int64, error) {
 	var written int64
 	var readHeader bool
 	{
-		var header []byte
-		var n int
-		header, r.err = frameHeader{WindowSize: snappyMaxBlockSize}.appendTo(r.buf[:0])
+		header := frameHeader{WindowSize: snappyMaxBlockSize}.appendTo(r.buf[:0])
 
+		var n int
 		n, r.err = w.Write(header)
 		if r.err != nil {
 			return written, r.err
diff --git a/vendor/github.com/kunwardeep/paralleltest/pkg/paralleltest/paralleltest.go b/vendor/github.com/kunwardeep/paralleltest/pkg/paralleltest/paralleltest.go
index 9c2fbb986..e21f278cf 100644
--- a/vendor/github.com/kunwardeep/paralleltest/pkg/paralleltest/paralleltest.go
+++ b/vendor/github.com/kunwardeep/paralleltest/pkg/paralleltest/paralleltest.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 
 	"golang.org/x/tools/go/analysis"
-	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/ast/inspector"
 )
 
@@ -16,28 +15,36 @@ It also checks that the t.Parallel is used if multiple tests cases are run as pa
 As part of ensuring parallel tests works as expected it checks for reinitialising of the range value
 over the test cases.(https://tinyurl.com/y6555cy6)`
 
-var Analyzer = &analysis.Analyzer{
-	Name:     "paralleltest",
-	Doc:      Doc,
-	Run:      run,
-	Flags:    flags(),
-	Requires: []*analysis.Analyzer{inspect.Analyzer},
+func NewAnalyzer() *analysis.Analyzer {
+	return newParallelAnalyzer().analyzer
 }
 
-const ignoreMissingFlag = "i"
-
-func flags() flag.FlagSet {
-	options := flag.NewFlagSet("", flag.ExitOnError)
-	options.Bool(ignoreMissingFlag, false, "ignore missing calls to t.Parallel")
-	return *options
+// parallelAnalyzer is an internal analyzer that makes options available to a
+// run pass. It wraps an `analysis.Analyzer` that should be returned for
+// linters.
+type parallelAnalyzer struct {
+	analyzer              *analysis.Analyzer
+	ignoreMissing         bool
+	ignoreMissingSubtests bool
 }
 
-type boolValue bool
+func newParallelAnalyzer() *parallelAnalyzer {
+	a := &parallelAnalyzer{}
 
-func run(pass *analysis.Pass) (interface{}, error) {
+	var flags flag.FlagSet
+	flags.BoolVar(&a.ignoreMissing, "i", false, "ignore missing calls to t.Parallel")
+	flags.BoolVar(&a.ignoreMissingSubtests, "ignoremissingsubtests", false, "ignore missing calls to t.Parallel in subtests")
 
-	ignoreMissing := pass.Analyzer.Flags.Lookup(ignoreMissingFlag).Value.(flag.Getter).Get().(bool)
+	a.analyzer = &analysis.Analyzer{
+		Name:  "paralleltest",
+		Doc:   Doc,
+		Run:   a.run,
+		Flags: flags,
+	}
+	return a
+}
 
+func (a *parallelAnalyzer) run(pass *analysis.Pass) (interface{}, error) {
 	inspector := inspector.New(pass.Files)
 
 	nodeFilter := []ast.Node{
@@ -127,13 +134,13 @@ func run(pass *analysis.Pass) (interface{}, error) {
 			}
 		}
 
-		if !ignoreMissing && !funcHasParallelMethod {
+		if !a.ignoreMissing && !funcHasParallelMethod {
 			pass.Reportf(node.Pos(), "Function %s missing the call to method parallel\n", funcDecl.Name.Name)
 		}
 
 		if rangeStatementOverTestCasesExists && rangeNode != nil {
 			if !rangeStatementHasParallelMethod {
-				if !ignoreMissing {
+				if !a.ignoreMissing && !a.ignoreMissingSubtests {
 					pass.Reportf(rangeNode.Pos(), "Range statement for test %s missing the call to method parallel in test Run\n", funcDecl.Name.Name)
 				}
 			} else if loopVariableUsedInRun != nil {
@@ -142,10 +149,10 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		}
 
 		// Check if the t.Run is more than one as there is no point making one test parallel
-		if !ignoreMissing {
+		if !a.ignoreMissing && !a.ignoreMissingSubtests {
 			if numberOfTestRun > 1 && len(positionOfTestRunNode) > 0 {
 				for _, n := range positionOfTestRunNode {
-					pass.Reportf(n.Pos(), "Function %s has missing the call to method parallel in the test run\n", funcDecl.Name.Name)
+					pass.Reportf(n.Pos(), "Function %s missing the call to method parallel in the test run\n", funcDecl.Name.Name)
 				}
 			}
 		}
diff --git a/vendor/github.com/macabu/inamedparam/.gitignore b/vendor/github.com/macabu/inamedparam/.gitignore
new file mode 100644
index 000000000..3b735ec4a
--- /dev/null
+++ b/vendor/github.com/macabu/inamedparam/.gitignore
@@ -0,0 +1,21 @@
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
diff --git a/vendor/github.com/macabu/inamedparam/LICENSE-MIT b/vendor/github.com/macabu/inamedparam/LICENSE-MIT
new file mode 100644
index 000000000..b95f480ee
--- /dev/null
+++ b/vendor/github.com/macabu/inamedparam/LICENSE-MIT
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Matheus Macabu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/macabu/inamedparam/README.md b/vendor/github.com/macabu/inamedparam/README.md
new file mode 100644
index 000000000..80911c9d7
--- /dev/null
+++ b/vendor/github.com/macabu/inamedparam/README.md
@@ -0,0 +1,18 @@
+# inamedparam
+
+A linter that reports interfaces with unnamed method parameters.
+
+## Usage 
+
+### Standalone
+You can also run it standalone through `go vet`.  
+
+You must install the binary to your `$GOBIN` folder like so:
+```sh
+$ go install github.com/macabu/inamedparam/cmd/inamedparam
+```
+
+And then navigate to your Go project's root folder, where can run `go vet` in the following way:
+```sh
+$ go vet -vettool=$(which inamedparam) ./...
+```
diff --git a/vendor/github.com/macabu/inamedparam/inamedparam.go b/vendor/github.com/macabu/inamedparam/inamedparam.go
new file mode 100644
index 000000000..433e04e5b
--- /dev/null
+++ b/vendor/github.com/macabu/inamedparam/inamedparam.go
@@ -0,0 +1,67 @@
+package inamedparam
+
+import (
+	"go/ast"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/ast/inspector"
+)
+
+var Analyzer = &analysis.Analyzer{
+	Name: "inamedparam",
+	Doc:  "reports interfaces with unnamed method parameters",
+	Run:  run,
+	Requires: []*analysis.Analyzer{
+		inspect.Analyzer,
+	},
+}
+
+func run(pass *analysis.Pass) (interface{}, error) {
+	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+
+	types := []ast.Node{
+		&ast.InterfaceType{},
+	}
+
+	inspect.Preorder(types, func(n ast.Node) {
+		interfaceType, ok := n.(*ast.InterfaceType)
+		if !ok || interfaceType == nil || interfaceType.Methods == nil {
+			return
+		}
+
+		for _, method := range interfaceType.Methods.List {
+			interfaceFunc, ok := method.Type.(*ast.FuncType)
+			if !ok || interfaceFunc == nil || interfaceFunc.Params == nil {
+				continue
+			}
+
+			methodName := method.Names[0].Name
+
+			for _, param := range interfaceFunc.Params.List {
+				if param.Names == nil {
+					var builtParamType string
+
+					switch paramType := param.Type.(type) {
+					case *ast.SelectorExpr:
+						if ident := paramType.X.(*ast.Ident); ident != nil {
+							builtParamType += ident.Name + "."
+						}
+
+						builtParamType += paramType.Sel.Name
+					case *ast.Ident:
+						builtParamType = paramType.Name
+					}
+
+					if builtParamType != "" {
+						pass.Reportf(param.Pos(), "interface method %v must have named param for type %v", methodName, builtParamType)
+					} else {
+						pass.Reportf(param.Pos(), "interface method %v must have all named params", methodName)
+					}
+				}
+			}
+		}
+	})
+
+	return nil, nil
+}
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/LICENSE
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/LICENSE
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/NOTICE
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/.gitignore
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/Makefile
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
similarity index 83%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
index 258c0636a..7c08e564f 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
+++ b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/decode.go
@@ -19,9 +19,10 @@ import (
 	"errors"
 	"io"
 
-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )
 
+// TODO: Give error package name prefix in next minor release.
 var errInvalidVarint = errors.New("invalid varint32 encountered")
 
 // ReadDelimited decodes a message from the provided length-delimited stream,
@@ -36,6 +37,12 @@ var errInvalidVarint = errors.New("invalid varint32 encountered")
 // of the stream has been reached in doing so.  In that case, any subsequent
 // calls return (0, io.EOF).
 func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
+	// TODO: Consider allowing the caller to specify a decode buffer in the
+	// next major version.
+
+	// TODO: Consider using error wrapping to annotate error state in pass-
+	// through cases in the next minor version.
+
 	// Per AbstractParser#parsePartialDelimitedFrom with
 	// CodedInputStream#readRawVarint32.
 	var headerBuf [binary.MaxVarintLen32]byte
@@ -53,15 +60,14 @@ func ReadDelimited(r io.Reader, m proto.Message) (n int, err error) {
 			if err != nil {
 				return bytesRead, err
 			}
-			// A Reader should not return (0, nil), but if it does,
-			// it should be treated as no-op (according to the
-			// Reader contract). So let's go on...
+			// A Reader should not return (0, nil); but if it does, it should
+			// be treated as no-op according to the Reader contract.
 			continue
 		}
 		bytesRead += newBytesRead
 		// Now present everything read so far to the varint decoder and
 		// see if a varint can be decoded already.
-		messageLength, varIntBytes = proto.DecodeVarint(headerBuf[:bytesRead])
+		messageLength, varIntBytes = binary.Uvarint(headerBuf[:bytesRead])
 	}
 
 	messageBuf := make([]byte, messageLength)
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
similarity index 100%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/doc.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/doc.go
diff --git a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
similarity index 91%
rename from vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
rename to vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
index 8fb59ad22..e58dd9d29 100644
--- a/vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
+++ b/vendor/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/encode.go
@@ -18,7 +18,7 @@ import (
 	"encoding/binary"
 	"io"
 
-	"github.com/golang/protobuf/proto"
+	"google.golang.org/protobuf/proto"
 )
 
 // WriteDelimited encodes and dumps a message to the provided writer prefixed
@@ -28,6 +28,9 @@ import (
 // number of bytes written and any applicable error.  This is roughly
 // equivalent to the companion Java API's MessageLite#writeDelimitedTo.
 func WriteDelimited(w io.Writer, m proto.Message) (n int, err error) {
+	// TODO: Consider allowing the caller to specify an encode buffer in the
+	// next major version.
+
 	buffer, err := proto.Marshal(m)
 	if err != nil {
 		return 0, err
diff --git a/vendor/github.com/mgechev/revive/config/config.go b/vendor/github.com/mgechev/revive/config/config.go
index 04cd21404..abd554a9f 100644
--- a/vendor/github.com/mgechev/revive/config/config.go
+++ b/vendor/github.com/mgechev/revive/config/config.go
@@ -31,7 +31,6 @@ var defaultRules = []lint.Rule{
 	&rule.TimeNamingRule{},
 	&rule.ContextKeysType{},
 	&rule.ContextAsArgumentRule{},
-	&rule.IfReturnRule{},
 	&rule.EmptyBlockRule{},
 	&rule.SuperfluousElseRule{},
 	&rule.UnusedParamRule{},
@@ -81,12 +80,17 @@ var allRules = append([]lint.Rule{
 	&rule.FunctionLength{},
 	&rule.NestedStructs{},
 	&rule.UselessBreak{},
+	&rule.UncheckedTypeAssertionRule{},
 	&rule.TimeEqualRule{},
 	&rule.BannedCharsRule{},
 	&rule.OptimizeOperandsOrderRule{},
 	&rule.UseAnyRule{},
 	&rule.DataRaceRule{},
 	&rule.CommentSpacingsRule{},
+	&rule.IfReturnRule{},
+	&rule.RedundantImportAlias{},
+	&rule.ImportAliasNamingRule{},
+	&rule.EnforceMapStyleRule{},
 }, defaultRules...)
 
 var allFormatters = []lint.Formatter{
@@ -148,6 +152,14 @@ func parseConfig(path string, config *lint.Config) error {
 	if err != nil {
 		return fmt.Errorf("cannot parse the config file: %v", err)
 	}
+	for k, r := range config.Rules {
+		err := r.Initialize()
+		if err != nil {
+			return fmt.Errorf("error in config of rule [%s] : [%v]", k, err)
+		}
+		config.Rules[k] = r
+	}
+
 	return nil
 }
 
diff --git a/vendor/github.com/mgechev/revive/formatter/sarif.go b/vendor/github.com/mgechev/revive/formatter/sarif.go
index c6288db76..c42da73eb 100644
--- a/vendor/github.com/mgechev/revive/formatter/sarif.go
+++ b/vendor/github.com/mgechev/revive/formatter/sarif.go
@@ -88,7 +88,7 @@ func (l *reviveRunLog) AddResult(failure lint.Failure) {
 	location := garif.NewLocation().WithURI(filename).WithLineColumn(line, column)
 	result.Locations = append(result.Locations, location)
 	result.RuleId = failure.RuleName
-	result.Level = l.rules[failure.RuleName].Severity
+	result.Level = garif.ResultLevel(l.rules[failure.RuleName].Severity)
 
 	l.run.Results = append(l.run.Results, result)
 }
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/args.go b/vendor/github.com/mgechev/revive/internal/ifelse/args.go
new file mode 100644
index 000000000..c6e647e69
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/args.go
@@ -0,0 +1,11 @@
+package ifelse
+
+// PreserveScope is a configuration argument that prevents suggestions
+// that would enlarge variable scope
+const PreserveScope = "preserveScope"
+
+// Args contains arguments common to the early-return, indent-error-flow
+// and superfluous-else rules (currently just preserveScope)
+type Args struct {
+	PreserveScope bool
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/branch.go b/vendor/github.com/mgechev/revive/internal/ifelse/branch.go
new file mode 100644
index 000000000..6e6036b89
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/branch.go
@@ -0,0 +1,93 @@
+package ifelse
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+)
+
+// Branch contains information about a branch within an if-else chain.
+type Branch struct {
+	BranchKind
+	Call          // The function called at the end for kind Panic or Exit.
+	HasDecls bool // The branch has one or more declarations (at the top level block)
+}
+
+// BlockBranch gets the Branch of an ast.BlockStmt.
+func BlockBranch(block *ast.BlockStmt) Branch {
+	blockLen := len(block.List)
+	if blockLen == 0 {
+		return Empty.Branch()
+	}
+
+	branch := StmtBranch(block.List[blockLen-1])
+	branch.HasDecls = hasDecls(block)
+	return branch
+}
+
+// StmtBranch gets the Branch of an ast.Stmt.
+func StmtBranch(stmt ast.Stmt) Branch {
+	switch stmt := stmt.(type) {
+	case *ast.ReturnStmt:
+		return Return.Branch()
+	case *ast.BlockStmt:
+		return BlockBranch(stmt)
+	case *ast.BranchStmt:
+		switch stmt.Tok {
+		case token.BREAK:
+			return Break.Branch()
+		case token.CONTINUE:
+			return Continue.Branch()
+		case token.GOTO:
+			return Goto.Branch()
+		}
+	case *ast.ExprStmt:
+		fn, ok := ExprCall(stmt)
+		if !ok {
+			break
+		}
+		kind, ok := DeviatingFuncs[fn]
+		if ok {
+			return Branch{BranchKind: kind, Call: fn}
+		}
+	case *ast.EmptyStmt:
+		return Empty.Branch()
+	case *ast.LabeledStmt:
+		return StmtBranch(stmt.Stmt)
+	}
+	return Regular.Branch()
+}
+
+// String returns a brief string representation
+func (b Branch) String() string {
+	switch b.BranchKind {
+	case Panic, Exit:
+		return fmt.Sprintf("... %v()", b.Call)
+	default:
+		return b.BranchKind.String()
+	}
+}
+
+// LongString returns a longer form string representation
+func (b Branch) LongString() string {
+	switch b.BranchKind {
+	case Panic, Exit:
+		return fmt.Sprintf("call to %v function", b.Call)
+	default:
+		return b.BranchKind.LongString()
+	}
+}
+
+func hasDecls(block *ast.BlockStmt) bool {
+	for _, stmt := range block.List {
+		switch stmt := stmt.(type) {
+		case *ast.DeclStmt:
+			return true
+		case *ast.AssignStmt:
+			if stmt.Tok == token.DEFINE {
+				return true
+			}
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/branch_kind.go b/vendor/github.com/mgechev/revive/internal/ifelse/branch_kind.go
new file mode 100644
index 000000000..41601d1e1
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/branch_kind.go
@@ -0,0 +1,101 @@
+package ifelse
+
+// BranchKind is a classifier for if-else branches. It says whether the branch is empty,
+// and whether the branch ends with a statement that deviates control flow.
+type BranchKind int
+
+const (
+	// Empty branches do nothing
+	Empty BranchKind = iota
+
+	// Return branches return from the current function
+	Return
+
+	// Continue branches continue a surrounding "for" loop
+	Continue
+
+	// Break branches break a surrounding "for" loop
+	Break
+
+	// Goto branches conclude with a "goto" statement
+	Goto
+
+	// Panic branches panic the current function
+	Panic
+
+	// Exit branches end the program
+	Exit
+
+	// Regular branches do not fit any category above
+	Regular
+)
+
+// IsEmpty tests if the branch is empty
+func (k BranchKind) IsEmpty() bool { return k == Empty }
+
+// Returns tests if the branch returns from the current function
+func (k BranchKind) Returns() bool { return k == Return }
+
+// Deviates tests if the control does not flow to the first
+// statement following the if-else chain.
+func (k BranchKind) Deviates() bool {
+	switch k {
+	case Empty, Regular:
+		return false
+	case Return, Continue, Break, Goto, Panic, Exit:
+		return true
+	default:
+		panic("invalid kind")
+	}
+}
+
+// Branch returns a Branch with the given kind
+func (k BranchKind) Branch() Branch { return Branch{BranchKind: k} }
+
+// String returns a brief string representation
+func (k BranchKind) String() string {
+	switch k {
+	case Empty:
+		return ""
+	case Regular:
+		return "..."
+	case Return:
+		return "... return"
+	case Continue:
+		return "... continue"
+	case Break:
+		return "... break"
+	case Goto:
+		return "... goto"
+	case Panic:
+		return "... panic()"
+	case Exit:
+		return "... os.Exit()"
+	default:
+		panic("invalid kind")
+	}
+}
+
+// LongString returns a longer form string representation
+func (k BranchKind) LongString() string {
+	switch k {
+	case Empty:
+		return "an empty block"
+	case Regular:
+		return "a regular statement"
+	case Return:
+		return "a return statement"
+	case Continue:
+		return "a continue statement"
+	case Break:
+		return "a break statement"
+	case Goto:
+		return "a goto statement"
+	case Panic:
+		return "a function call that panics"
+	case Exit:
+		return "a function call that exits the program"
+	default:
+		panic("invalid kind")
+	}
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/chain.go b/vendor/github.com/mgechev/revive/internal/ifelse/chain.go
new file mode 100644
index 000000000..9891635ee
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/chain.go
@@ -0,0 +1,10 @@
+package ifelse
+
+// Chain contains information about an if-else chain.
+type Chain struct {
+	If                   Branch // what happens at the end of the "if" block
+	Else                 Branch // what happens at the end of the "else" block
+	HasInitializer       bool   // is there an "if"-initializer somewhere in the chain?
+	HasPriorNonDeviating bool   // is there a prior "if" block that does NOT deviate control flow?
+	AtBlockEnd           bool   // whether the chain is placed at the end of the surrounding block
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/doc.go b/vendor/github.com/mgechev/revive/internal/ifelse/doc.go
new file mode 100644
index 000000000..0aa2c9817
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/doc.go
@@ -0,0 +1,6 @@
+// Package ifelse provides helpers for analysing the control flow in if-else chains,
+// presently used by the following rules:
+// - early-return
+// - indent-error-flow
+// - superfluous-else
+package ifelse
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/func.go b/vendor/github.com/mgechev/revive/internal/ifelse/func.go
new file mode 100644
index 000000000..7ba351918
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/func.go
@@ -0,0 +1,51 @@
+package ifelse
+
+import (
+	"fmt"
+	"go/ast"
+)
+
+// Call contains the name of a function that deviates control flow.
+type Call struct {
+	Pkg  string // The package qualifier of the function, if not built-in.
+	Name string // The function name.
+}
+
+// DeviatingFuncs lists known control flow deviating function calls.
+var DeviatingFuncs = map[Call]BranchKind{
+	{"os", "Exit"}:     Exit,
+	{"log", "Fatal"}:   Exit,
+	{"log", "Fatalf"}:  Exit,
+	{"log", "Fatalln"}: Exit,
+	{"", "panic"}:      Panic,
+	{"log", "Panic"}:   Panic,
+	{"log", "Panicf"}:  Panic,
+	{"log", "Panicln"}: Panic,
+}
+
+// ExprCall gets the Call of an ExprStmt, if any.
+func ExprCall(expr *ast.ExprStmt) (Call, bool) {
+	call, ok := expr.X.(*ast.CallExpr)
+	if !ok {
+		return Call{}, false
+	}
+	switch v := call.Fun.(type) {
+	case *ast.Ident:
+		return Call{Name: v.Name}, true
+	case *ast.SelectorExpr:
+		if ident, ok := v.X.(*ast.Ident); ok {
+			return Call{Name: v.Sel.Name, Pkg: ident.Name}, true
+		}
+	}
+	return Call{}, false
+}
+
+// String returns the function name with package qualifier (if any)
+func (f Call) String() string {
+	switch {
+	case f.Pkg != "":
+		return fmt.Sprintf("%s.%s", f.Pkg, f.Name)
+	default:
+		return f.Name
+	}
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/rule.go b/vendor/github.com/mgechev/revive/internal/ifelse/rule.go
new file mode 100644
index 000000000..07ad456b6
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/rule.go
@@ -0,0 +1,105 @@
+package ifelse
+
+import (
+	"go/ast"
+	"go/token"
+
+	"github.com/mgechev/revive/lint"
+)
+
+// Rule is an interface for linters operating on if-else chains
+type Rule interface {
+	CheckIfElse(chain Chain, args Args) (failMsg string)
+}
+
+// Apply evaluates the given Rule on if-else chains found within the given AST,
+// and returns the failures.
+//
+// Note that in if-else chain with multiple "if" blocks, only the *last* one is checked,
+// that is to say, given:
+//
+//	if foo {
+//	    ...
+//	} else if bar {
+//		...
+//	} else {
+//		...
+//	}
+//
+// Only the block following "bar" is linted. This is because the rules that use this function
+// do not presently have anything to say about earlier blocks in the chain.
+func Apply(rule Rule, node ast.Node, target Target, args lint.Arguments) []lint.Failure {
+	v := &visitor{rule: rule, target: target}
+	for _, arg := range args {
+		if arg == PreserveScope {
+			v.args.PreserveScope = true
+		}
+	}
+	ast.Walk(v, node)
+	return v.failures
+}
+
+type visitor struct {
+	failures []lint.Failure
+	target   Target
+	rule     Rule
+	args     Args
+}
+
+func (v *visitor) Visit(node ast.Node) ast.Visitor {
+	block, ok := node.(*ast.BlockStmt)
+	if !ok {
+		return v
+	}
+
+	for i, stmt := range block.List {
+		if ifStmt, ok := stmt.(*ast.IfStmt); ok {
+			v.visitChain(ifStmt, Chain{AtBlockEnd: i == len(block.List)-1})
+			continue
+		}
+		ast.Walk(v, stmt)
+	}
+	return nil
+}
+
+func (v *visitor) visitChain(ifStmt *ast.IfStmt, chain Chain) {
+	// look for other if-else chains nested inside this if { } block
+	ast.Walk(v, ifStmt.Body)
+
+	if ifStmt.Else == nil {
+		// no else branch
+		return
+	}
+
+	if as, ok := ifStmt.Init.(*ast.AssignStmt); ok && as.Tok == token.DEFINE {
+		chain.HasInitializer = true
+	}
+	chain.If = BlockBranch(ifStmt.Body)
+
+	switch elseBlock := ifStmt.Else.(type) {
+	case *ast.IfStmt:
+		if !chain.If.Deviates() {
+			chain.HasPriorNonDeviating = true
+		}
+		v.visitChain(elseBlock, chain)
+	case *ast.BlockStmt:
+		// look for other if-else chains nested inside this else { } block
+		ast.Walk(v, elseBlock)
+
+		chain.Else = BlockBranch(elseBlock)
+		if failMsg := v.rule.CheckIfElse(chain, v.args); failMsg != "" {
+			if chain.HasInitializer {
+				// if statement has a := initializer, so we might need to move the assignment
+				// onto its own line in case the body references it
+				failMsg += " (move short variable declaration to its own line if necessary)"
+			}
+			v.failures = append(v.failures, lint.Failure{
+				Confidence: 1,
+				Node:       v.target.node(ifStmt),
+				Failure:    failMsg,
+			})
+		}
+	default:
+		panic("invalid node type for else")
+	}
+}
diff --git a/vendor/github.com/mgechev/revive/internal/ifelse/target.go b/vendor/github.com/mgechev/revive/internal/ifelse/target.go
new file mode 100644
index 000000000..81ff1c303
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/internal/ifelse/target.go
@@ -0,0 +1,25 @@
+package ifelse
+
+import "go/ast"
+
+// Target decides what line/column should be indicated by the rule in question.
+type Target int
+
+const (
+	// TargetIf means the text refers to the "if"
+	TargetIf Target = iota
+
+	// TargetElse means the text refers to the "else"
+	TargetElse
+)
+
+func (t Target) node(ifStmt *ast.IfStmt) ast.Node {
+	switch t {
+	case TargetIf:
+		return ifStmt
+	case TargetElse:
+		return ifStmt.Else
+	default:
+		panic("bad target")
+	}
+}
diff --git a/vendor/github.com/mgechev/revive/lint/config.go b/vendor/github.com/mgechev/revive/lint/config.go
index 276305804..9b26d5841 100644
--- a/vendor/github.com/mgechev/revive/lint/config.go
+++ b/vendor/github.com/mgechev/revive/lint/config.go
@@ -3,16 +3,44 @@ package lint
 // Arguments is type used for the arguments of a rule.
 type Arguments = []interface{}
 
+type FileFilters = []*FileFilter
+
 // RuleConfig is type used for the rule configuration.
 type RuleConfig struct {
 	Arguments Arguments
 	Severity  Severity
 	Disabled  bool
+	// Exclude - rule-level file excludes, TOML related (strings)
+	Exclude []string
+	// excludeFilters - regex-based file filters, initialized from Exclude
+	excludeFilters []*FileFilter
+}
+
+// Initialize - should be called after reading from TOML file
+func (rc *RuleConfig) Initialize() error {
+	for _, f := range rc.Exclude {
+		ff, err := ParseFileFilter(f)
+		if err != nil {
+			return err
+		}
+		rc.excludeFilters = append(rc.excludeFilters, ff)
+	}
+	return nil
 }
 
 // RulesConfig defines the config for all rules.
 type RulesConfig = map[string]RuleConfig
 
+// MustExclude - checks if given filename `name` must be excluded
+func (rcfg *RuleConfig) MustExclude(name string) bool {
+	for _, exclude := range rcfg.excludeFilters {
+		if exclude.MatchFileName(name) {
+			return true
+		}
+	}
+	return false
+}
+
 // DirectiveConfig is type used for the linter directive configuration.
 type DirectiveConfig struct {
 	Severity Severity
diff --git a/vendor/github.com/mgechev/revive/lint/file.go b/vendor/github.com/mgechev/revive/lint/file.go
index dcf0e608f..23255304c 100644
--- a/vendor/github.com/mgechev/revive/lint/file.go
+++ b/vendor/github.com/mgechev/revive/lint/file.go
@@ -102,6 +102,9 @@ func (f *File) lint(rules []Rule, config Config, failures chan Failure) {
 	disabledIntervals := f.disabledIntervals(rules, mustSpecifyDisableReason, failures)
 	for _, currentRule := range rules {
 		ruleConfig := rulesConfig[currentRule.Name()]
+		if ruleConfig.MustExclude(f.Name) {
+			continue
+		}
 		currentFailures := currentRule.Apply(f, ruleConfig.Arguments)
 		for idx, failure := range currentFailures {
 			if failure.RuleName == "" {
diff --git a/vendor/github.com/mgechev/revive/lint/filefilter.go b/vendor/github.com/mgechev/revive/lint/filefilter.go
new file mode 100644
index 000000000..8da090b9c
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/lint/filefilter.go
@@ -0,0 +1,128 @@
+package lint
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+)
+
+// FileFilter - file filter to exclude some files for rule
+// supports whole
+// 1. file/dir names : pkg/mypkg/my.go,
+// 2. globs: **/*.pb.go,
+// 3. regexes (~ prefix) ~-tmp\.\d+\.go
+// 4. special test marker `TEST` - treats as `~_test\.go`
+type FileFilter struct {
+	// raw definition of filter inside config
+	raw string
+	// don't care what was at start, will use regexes inside
+	rx *regexp.Regexp
+	// marks filter as matching everything
+	matchesAll bool
+	// marks filter as matching nothing
+	matchesNothing bool
+}
+
+// ParseFileFilter - creates [FileFilter] for given raw filter
+// if empty string, it matches nothing
+// if `*`, or `~`, it matches everything
+// while regexp could be invalid, it could return it's compilation error
+func ParseFileFilter(rawFilter string) (*FileFilter, error) {
+	rawFilter = strings.TrimSpace(rawFilter)
+	result := new(FileFilter)
+	result.raw = rawFilter
+	result.matchesNothing = len(result.raw) == 0
+	result.matchesAll = result.raw == "*" || result.raw == "~"
+	if !result.matchesAll && !result.matchesNothing {
+		if err := result.prepareRegexp(); err != nil {
+			return nil, err
+		}
+	}
+	return result, nil
+}
+
+func (ff *FileFilter) String() string { return ff.raw }
+
+// MatchFileName - checks if file name matches filter
+func (ff *FileFilter) MatchFileName(name string) bool {
+	if ff.matchesAll {
+		return true
+	}
+	if ff.matchesNothing {
+		return false
+	}
+	name = strings.ReplaceAll(name, "\\", "/")
+	return ff.rx.MatchString(name)
+}
+
+var fileFilterInvalidGlobRegexp = regexp.MustCompile(`[^/]\*\*[^/]`)
+var escapeRegexSymbols = ".+{}()[]^$"
+
+func (ff *FileFilter) prepareRegexp() error {
+	var err error
+	var src = ff.raw
+	if src == "TEST" {
+		src = "~_test\\.go"
+	}
+	if strings.HasPrefix(src, "~") {
+		ff.rx, err = regexp.Compile(src[1:])
+		if err != nil {
+			return fmt.Errorf("invalid file filter [%s], regexp compile error: [%v]", ff.raw, err)
+		}
+		return nil
+	}
+	/* globs */
+	if strings.Contains(src, "*") {
+		if fileFilterInvalidGlobRegexp.MatchString(src) {
+			return fmt.Errorf("invalid file filter [%s], invalid glob pattern", ff.raw)
+		}
+		var rxBuild strings.Builder
+		rxBuild.WriteByte('^')
+		wasStar := false
+		justDirGlob := false
+		for _, c := range src {
+			if c == '*' {
+				if wasStar {
+					rxBuild.WriteString(`[\s\S]*`)
+					wasStar = false
+					justDirGlob = true
+					continue
+				}
+				wasStar = true
+				continue
+			}
+			if wasStar {
+				rxBuild.WriteString("[^/]*")
+				wasStar = false
+			}
+			if strings.ContainsRune(escapeRegexSymbols, c) {
+				rxBuild.WriteByte('\\')
+			}
+			rxBuild.WriteRune(c)
+			if c == '/' && justDirGlob {
+				rxBuild.WriteRune('?')
+			}
+			justDirGlob = false
+		}
+		if wasStar {
+			rxBuild.WriteString("[^/]*")
+		}
+		rxBuild.WriteByte('$')
+		ff.rx, err = regexp.Compile(rxBuild.String())
+		if err != nil {
+			return fmt.Errorf("invalid file filter [%s], regexp compile error after glob expand: [%v]", ff.raw, err)
+		}
+		return nil
+	}
+
+	// it's whole file mask, just escape dots and normilze separators
+	fillRx := src
+	fillRx = strings.ReplaceAll(fillRx, "\\", "/")
+	fillRx = strings.ReplaceAll(fillRx, ".", `\.`)
+	fillRx = "^" + fillRx + "$"
+	ff.rx, err = regexp.Compile(fillRx)
+	if err != nil {
+		return fmt.Errorf("invalid file filter [%s], regexp compile full path: [%v]", ff.raw, err)
+	}
+	return nil
+}
diff --git a/vendor/github.com/mgechev/revive/rule/argument-limit.go b/vendor/github.com/mgechev/revive/rule/argument-limit.go
index 8042da15e..8120288fd 100644
--- a/vendor/github.com/mgechev/revive/rule/argument-limit.go
+++ b/vendor/github.com/mgechev/revive/rule/argument-limit.go
@@ -14,10 +14,16 @@ type ArgumentsLimitRule struct {
 	sync.Mutex
 }
 
+const defaultArgumentsLimit = 8
+
 func (r *ArgumentsLimitRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.total == 0 {
-		checkNumberOfArguments(1, arguments, r.Name())
+		if len(arguments) < 1 {
+			r.total = defaultArgumentsLimit
+			return
+		}
 
 		total, ok := arguments[0].(int64) // Alt. non panicking version
 		if !ok {
@@ -25,7 +31,6 @@ func (r *ArgumentsLimitRule) configure(arguments lint.Arguments) {
 		}
 		r.total = int(total)
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/banned-characters.go b/vendor/github.com/mgechev/revive/rule/banned-characters.go
index 76fa2235a..12997bae1 100644
--- a/vendor/github.com/mgechev/revive/rule/banned-characters.go
+++ b/vendor/github.com/mgechev/revive/rule/banned-characters.go
@@ -19,11 +19,11 @@ const bannedCharsRuleName = "banned-characters"
 
 func (r *BannedCharsRule) configure(arguments lint.Arguments) {
 	r.Lock()
-	if r.bannedCharList == nil {
+	defer r.Unlock()
+	if r.bannedCharList == nil && len(arguments) > 0 {
 		checkNumberOfArguments(1, arguments, bannedCharsRuleName)
 		r.bannedCharList = r.getBannedCharsList(arguments)
 	}
-	r.Unlock()
 }
 
 // Apply applied the rule to the given file.
diff --git a/vendor/github.com/mgechev/revive/rule/cognitive-complexity.go b/vendor/github.com/mgechev/revive/rule/cognitive-complexity.go
index a9c11a7d0..1973faef8 100644
--- a/vendor/github.com/mgechev/revive/rule/cognitive-complexity.go
+++ b/vendor/github.com/mgechev/revive/rule/cognitive-complexity.go
@@ -16,10 +16,17 @@ type CognitiveComplexityRule struct {
 	sync.Mutex
 }
 
+const defaultMaxCognitiveComplexity = 7
+
 func (r *CognitiveComplexityRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.maxComplexity == 0 {
-		checkNumberOfArguments(1, arguments, r.Name())
+
+		if len(arguments) < 1 {
+			r.maxComplexity = defaultMaxCognitiveComplexity
+			return
+		}
 
 		complexity, ok := arguments[0].(int64)
 		if !ok {
@@ -27,7 +34,6 @@ func (r *CognitiveComplexityRule) configure(arguments lint.Arguments) {
 		}
 		r.maxComplexity = int(complexity)
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/confusing-naming.go b/vendor/github.com/mgechev/revive/rule/confusing-naming.go
index 34cdb907a..8b1c3eac4 100644
--- a/vendor/github.com/mgechev/revive/rule/confusing-naming.go
+++ b/vendor/github.com/mgechev/revive/rule/confusing-naming.go
@@ -27,10 +27,10 @@ type packages struct {
 
 func (ps *packages) methodNames(lp *lint.Package) pkgMethods {
 	ps.mu.Lock()
+	defer ps.mu.Unlock()
 
 	for _, pkg := range ps.pkgs {
 		if pkg.pkg == lp {
-			ps.mu.Unlock()
 			return pkg
 		}
 	}
@@ -38,7 +38,6 @@ func (ps *packages) methodNames(lp *lint.Package) pkgMethods {
 	pkgm := pkgMethods{pkg: lp, methods: make(map[string]map[string]*referenceMethod), mu: &sync.Mutex{}}
 	ps.pkgs = append(ps.pkgs, pkgm)
 
-	ps.mu.Unlock()
 	return pkgm
 }
 
@@ -72,6 +71,7 @@ func (*ConfusingNamingRule) Name() string {
 
 // checkMethodName checks if a given method/function name is similar (just case differences) to other method/function of the same struct/file.
 func checkMethodName(holder string, id *ast.Ident, w *lintConfusingNames) {
+
 	if id.Name == "init" && holder == defaultStructName {
 		// ignore init functions
 		return
@@ -137,8 +137,11 @@ func getStructName(r *ast.FieldList) string {
 
 	t := r.List[0].Type
 
-	if p, _ := t.(*ast.StarExpr); p != nil { // if a pointer receiver => dereference pointer receiver types
-		t = p.X
+	switch v := t.(type) {
+	case *ast.StarExpr:
+		t = v.X
+	case *ast.IndexExpr:
+		t = v.X
 	}
 
 	if p, _ := t.(*ast.Ident); p != nil {
diff --git a/vendor/github.com/mgechev/revive/rule/cyclomatic.go b/vendor/github.com/mgechev/revive/rule/cyclomatic.go
index afd41818b..9f6d50043 100644
--- a/vendor/github.com/mgechev/revive/rule/cyclomatic.go
+++ b/vendor/github.com/mgechev/revive/rule/cyclomatic.go
@@ -17,10 +17,16 @@ type CyclomaticRule struct {
 	sync.Mutex
 }
 
+const defaultMaxCyclomaticComplexity = 10
+
 func (r *CyclomaticRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.maxComplexity == 0 {
-		checkNumberOfArguments(1, arguments, r.Name())
+		if len(arguments) < 1 {
+			r.maxComplexity = defaultMaxCyclomaticComplexity
+			return
+		}
 
 		complexity, ok := arguments[0].(int64) // Alt. non panicking version
 		if !ok {
@@ -28,7 +34,6 @@ func (r *CyclomaticRule) configure(arguments lint.Arguments) {
 		}
 		r.maxComplexity = int(complexity)
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/defer.go b/vendor/github.com/mgechev/revive/rule/defer.go
index f8224fd4d..f3ea17920 100644
--- a/vendor/github.com/mgechev/revive/rule/defer.go
+++ b/vendor/github.com/mgechev/revive/rule/defer.go
@@ -97,18 +97,21 @@ func (w lintDeferRule) Visit(node ast.Node) ast.Visitor {
 			w.newFailure("return in a defer function has no effect", n, 1.0, "logic", "return")
 		}
 	case *ast.CallExpr:
-		if !w.inADefer && isIdent(n.Fun, "recover") {
+		isCallToRecover := isIdent(n.Fun, "recover")
+		switch {
+		case !w.inADefer && isCallToRecover:
 			// func fn() { recover() }
 			//
 			// confidence is not 1 because recover can be in a function that is deferred elsewhere
 			w.newFailure("recover must be called inside a deferred function", n, 0.8, "logic", "recover")
-		} else if w.inADefer && !w.inAFuncLit && isIdent(n.Fun, "recover") {
+		case w.inADefer && !w.inAFuncLit && isCallToRecover:
 			// defer helper(recover())
 			//
 			// confidence is not truly 1 because this could be in a correctly-deferred func,
 			// but it is very likely to be a misunderstanding of defer's behavior around arguments.
 			w.newFailure("recover must be called inside a deferred function, this is executing recover immediately", n, 1, "logic", "immediate-recover")
 		}
+
 	case *ast.DeferStmt:
 		if isIdent(n.Call.Fun, "recover") {
 			// defer recover()
@@ -119,7 +122,12 @@ func (w lintDeferRule) Visit(node ast.Node) ast.Visitor {
 		}
 		w.visitSubtree(n.Call.Fun, true, false, false)
 		for _, a := range n.Call.Args {
-			w.visitSubtree(a, true, false, false) // check arguments, they should not contain recover()
+			switch a.(type) {
+			case *ast.FuncLit:
+				continue // too hard to analyze deferred calls with func literals args
+			default:
+				w.visitSubtree(a, true, false, false) // check arguments, they should not contain recover()
+			}
 		}
 
 		if w.inALoop {
@@ -136,6 +144,7 @@ func (w lintDeferRule) Visit(node ast.Node) ast.Visitor {
 					w.newFailure("be careful when deferring calls to methods without pointer receiver", fn, 0.8, "bad practice", "method-call")
 				}
 			}
+
 		}
 		return nil
 	}
diff --git a/vendor/github.com/mgechev/revive/rule/dot-imports.go b/vendor/github.com/mgechev/revive/rule/dot-imports.go
index 25ff526cb..db78f1957 100644
--- a/vendor/github.com/mgechev/revive/rule/dot-imports.go
+++ b/vendor/github.com/mgechev/revive/rule/dot-imports.go
@@ -39,9 +39,8 @@ type lintImports struct {
 }
 
 func (w lintImports) Visit(_ ast.Node) ast.Visitor {
-	for i, is := range w.fileAst.Imports {
-		_ = i
-		if is.Name != nil && is.Name.Name == "." && !w.file.IsTest() {
+	for _, is := range w.fileAst.Imports {
+		if is.Name != nil && is.Name.Name == "." {
 			w.onFailure(lint.Failure{
 				Confidence: 1,
 				Failure:    "should not use dot imports",
diff --git a/vendor/github.com/mgechev/revive/rule/early-return.go b/vendor/github.com/mgechev/revive/rule/early-return.go
index ed0fcfae4..90a0acc55 100644
--- a/vendor/github.com/mgechev/revive/rule/early-return.go
+++ b/vendor/github.com/mgechev/revive/rule/early-return.go
@@ -2,9 +2,8 @@ package rule
 
 import (
 	"fmt"
-	"go/ast"
-	"go/token"
 
+	"github.com/mgechev/revive/internal/ifelse"
 	"github.com/mgechev/revive/lint"
 )
 
@@ -13,16 +12,8 @@ import (
 type EarlyReturnRule struct{}
 
 // Apply applies the rule to given file.
-func (*EarlyReturnRule) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
-	var failures []lint.Failure
-
-	onFailure := func(failure lint.Failure) {
-		failures = append(failures, failure)
-	}
-
-	w := lintEarlyReturnRule{onFailure: onFailure}
-	ast.Walk(w, file.AST)
-	return failures
+func (e *EarlyReturnRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	return ifelse.Apply(e, file.AST, ifelse.TargetIf, args)
 }
 
 // Name returns the rule name.
@@ -30,147 +21,31 @@ func (*EarlyReturnRule) Name() string {
 	return "early-return"
 }
 
-type lintEarlyReturnRule struct {
-	onFailure func(lint.Failure)
-}
-
-func (w lintEarlyReturnRule) Visit(node ast.Node) ast.Visitor {
-	ifStmt, ok := node.(*ast.IfStmt)
-	if !ok {
-		return w
-	}
-
-	w.visitIf(ifStmt, false, false)
-	return nil
-}
-
-func (w lintEarlyReturnRule) visitIf(ifStmt *ast.IfStmt, hasNonReturnBranch, hasIfInitializer bool) {
-	// look for other if-else chains nested inside this if { } block
-	ast.Walk(w, ifStmt.Body)
-
-	if ifStmt.Else == nil {
-		// no else branch
+// CheckIfElse evaluates the rule against an ifelse.Chain.
+func (e *EarlyReturnRule) CheckIfElse(chain ifelse.Chain, args ifelse.Args) (failMsg string) {
+	if !chain.Else.Deviates() {
+		// this rule only applies if the else-block deviates control flow
 		return
 	}
 
-	if as, ok := ifStmt.Init.(*ast.AssignStmt); ok && as.Tok == token.DEFINE {
-		hasIfInitializer = true
-	}
-	bodyFlow := w.branchFlow(ifStmt.Body)
-
-	switch elseBlock := ifStmt.Else.(type) {
-	case *ast.IfStmt:
-		if bodyFlow.canFlowIntoNext() {
-			hasNonReturnBranch = true
-		}
-		w.visitIf(elseBlock, hasNonReturnBranch, hasIfInitializer)
-
-	case *ast.BlockStmt:
-		// look for other if-else chains nested inside this else { } block
-		ast.Walk(w, elseBlock)
-
-		if hasNonReturnBranch && bodyFlow != branchFlowEmpty {
-			// if we de-indent this block then a previous branch
-			// might flow into it, affecting program behaviour
-			return
-		}
-
-		if !bodyFlow.canFlowIntoNext() {
-			// avoid overlapping with superfluous-else
-			return
-		}
-
-		elseFlow := w.branchFlow(elseBlock)
-		if !elseFlow.canFlowIntoNext() {
-			failMsg := fmt.Sprintf("if c {%[1]s } else {%[2]s } can be simplified to if !c {%[2]s }%[1]s",
-				bodyFlow, elseFlow)
-
-			if hasIfInitializer {
-				// if statement has a := initializer, so we might need to move the assignment
-				// onto its own line in case the body references it
-				failMsg += " (move short variable declaration to its own line if necessary)"
-			}
-
-			w.onFailure(lint.Failure{
-				Confidence: 1,
-				Node:       ifStmt,
-				Failure:    failMsg,
-			})
-		}
-
-	default:
-		panic("invalid node type for else")
-	}
-}
-
-type branchFlowKind int
-
-const (
-	branchFlowEmpty branchFlowKind = iota
-	branchFlowReturn
-	branchFlowPanic
-	branchFlowContinue
-	branchFlowBreak
-	branchFlowGoto
-	branchFlowRegular
-)
-
-func (w lintEarlyReturnRule) branchFlow(block *ast.BlockStmt) branchFlowKind {
-	blockLen := len(block.List)
-	if blockLen == 0 {
-		return branchFlowEmpty
+	if chain.HasPriorNonDeviating && !chain.If.IsEmpty() {
+		// if we de-indent this block then a previous branch
+		// might flow into it, affecting program behaviour
+		return
 	}
 
-	switch stmt := block.List[blockLen-1].(type) {
-	case *ast.ReturnStmt:
-		return branchFlowReturn
-	case *ast.BlockStmt:
-		return w.branchFlow(stmt)
-	case *ast.BranchStmt:
-		switch stmt.Tok {
-		case token.BREAK:
-			return branchFlowBreak
-		case token.CONTINUE:
-			return branchFlowContinue
-		case token.GOTO:
-			return branchFlowGoto
-		}
-	case *ast.ExprStmt:
-		if call, ok := stmt.X.(*ast.CallExpr); ok && isIdent(call.Fun, "panic") {
-			return branchFlowPanic
-		}
+	if chain.If.Deviates() {
+		// avoid overlapping with superfluous-else
+		return
 	}
 
-	return branchFlowRegular
-}
-
-// Whether this branch's control can flow into the next statement following the if-else chain
-func (k branchFlowKind) canFlowIntoNext() bool {
-	switch k {
-	case branchFlowReturn, branchFlowPanic, branchFlowContinue, branchFlowBreak, branchFlowGoto:
-		return false
-	default:
-		return true
+	if args.PreserveScope && !chain.AtBlockEnd && (chain.HasInitializer || chain.If.HasDecls) {
+		// avoid increasing variable scope
+		return
 	}
-}
 
-func (k branchFlowKind) String() string {
-	switch k {
-	case branchFlowEmpty:
-		return ""
-	case branchFlowReturn:
-		return " ... return"
-	case branchFlowPanic:
-		return " ... panic()"
-	case branchFlowContinue:
-		return " ... continue"
-	case branchFlowBreak:
-		return " ... break"
-	case branchFlowGoto:
-		return " ... goto"
-	case branchFlowRegular:
-		return " ..."
-	default:
-		panic("invalid kind")
+	if chain.If.IsEmpty() {
+		return fmt.Sprintf("if c { } else { %[1]v } can be simplified to if !c { %[1]v }", chain.Else)
 	}
+	return fmt.Sprintf("if c { ... } else { %[1]v } can be simplified to if !c { %[1]v } ...", chain.Else)
 }
diff --git a/vendor/github.com/mgechev/revive/rule/enforce-map-style.go b/vendor/github.com/mgechev/revive/rule/enforce-map-style.go
new file mode 100644
index 000000000..ae27b654f
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/rule/enforce-map-style.go
@@ -0,0 +1,164 @@
+package rule
+
+import (
+	"fmt"
+	"go/ast"
+	"sync"
+
+	"github.com/mgechev/revive/lint"
+)
+
+type enforceMapStyleType string
+
+const (
+	enforceMapStyleTypeAny     enforceMapStyleType = "any"
+	enforceMapStyleTypeMake    enforceMapStyleType = "make"
+	enforceMapStyleTypeLiteral enforceMapStyleType = "literal"
+)
+
+func mapStyleFromString(s string) (enforceMapStyleType, error) {
+	switch s {
+	case string(enforceMapStyleTypeAny), "":
+		return enforceMapStyleTypeAny, nil
+	case string(enforceMapStyleTypeMake):
+		return enforceMapStyleTypeMake, nil
+	case string(enforceMapStyleTypeLiteral):
+		return enforceMapStyleTypeLiteral, nil
+	default:
+		return enforceMapStyleTypeAny, fmt.Errorf(
+			"invalid map style: %s (expecting one of %v)",
+			s,
+			[]enforceMapStyleType{
+				enforceMapStyleTypeAny,
+				enforceMapStyleTypeMake,
+				enforceMapStyleTypeLiteral,
+			},
+		)
+	}
+}
+
+// EnforceMapStyleRule implements a rule to enforce `make(map[type]type)` over `map[type]type{}`.
+type EnforceMapStyleRule struct {
+	configured      bool
+	enforceMapStyle enforceMapStyleType
+	sync.Mutex
+}
+
+func (r *EnforceMapStyleRule) configure(arguments lint.Arguments) {
+	r.Lock()
+	defer r.Unlock()
+	
+	if r.configured {
+		return
+	}
+	r.configured = true
+
+	if len(arguments) < 1 {
+		r.enforceMapStyle = enforceMapStyleTypeAny
+		return
+	}
+
+	enforceMapStyle, ok := arguments[0].(string) 
+	if !ok {
+		panic(fmt.Sprintf("Invalid argument '%v' for 'enforce-map-style' rule. Expecting string, got %T", arguments[0], arguments[0]))
+	}
+
+	var err error
+	r.enforceMapStyle, err = mapStyleFromString(enforceMapStyle)
+
+	if err != nil {
+		panic(fmt.Sprintf("Invalid argument to the enforce-map-style rule: %v", err))
+	}
+}
+
+// Apply applies the rule to given file.
+func (r *EnforceMapStyleRule) Apply(file *lint.File, arguments lint.Arguments) []lint.Failure {
+	r.configure(arguments)
+
+	if r.enforceMapStyle == enforceMapStyleTypeAny {
+		// this linter is not configured
+		return nil
+	}
+
+	var failures []lint.Failure
+
+	astFile := file.AST
+	ast.Inspect(astFile, func(n ast.Node) bool {
+		switch v := n.(type) {
+		case *ast.CompositeLit:
+			if r.enforceMapStyle != enforceMapStyleTypeMake {
+				return true
+			}
+
+			if !r.isMapType(v.Type) {
+				return true
+			}
+
+			if len(v.Elts) > 0 {
+				// not an empty map
+				return true
+			}
+
+			failures = append(failures, lint.Failure{
+				Confidence: 1,
+				Node:       v,
+				Category:   "style",
+				Failure:    "use make(map[type]type) instead of map[type]type{}",
+			})
+		case *ast.CallExpr:
+			if r.enforceMapStyle != enforceMapStyleTypeLiteral {
+				// skip any function calls, even if it's make(map[type]type)
+				// we don't want to report it if literals are not enforced
+				return true
+			}
+
+			ident, ok := v.Fun.(*ast.Ident)
+			if !ok || ident.Name != "make" {
+				return true
+			}
+
+			if len(v.Args) != 1 {
+				// skip make(map[type]type, size) and invalid empty declarations
+				return true
+			}
+
+			if !r.isMapType(v.Args[0]) {
+				// not a map type
+				return true
+			}
+
+			failures = append(failures, lint.Failure{
+				Confidence: 1,
+				Node:       v.Args[0],
+				Category:   "style",
+				Failure:    "use map[type]type{} instead of make(map[type]type)",
+			})
+		}
+		return true
+	})
+
+	return failures
+}
+
+// Name returns the rule name.
+func (r *EnforceMapStyleRule) Name() string {
+	return "enforce-map-style"
+}
+
+func (r *EnforceMapStyleRule) isMapType(v ast.Expr) bool {
+	switch t := v.(type) {
+	case *ast.MapType:
+		return true
+	case *ast.Ident:
+		if t.Obj == nil {
+			return false
+		}
+		typeSpec, ok := t.Obj.Decl.(*ast.TypeSpec)
+		if !ok {
+			return false
+		}
+		return r.isMapType(typeSpec.Type)
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/mgechev/revive/rule/file-header.go b/vendor/github.com/mgechev/revive/rule/file-header.go
index 76f548f51..a7d69ff2b 100644
--- a/vendor/github.com/mgechev/revive/rule/file-header.go
+++ b/vendor/github.com/mgechev/revive/rule/file-header.go
@@ -21,21 +21,28 @@ var (
 
 func (r *FileHeaderRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.header == "" {
-		checkNumberOfArguments(1, arguments, r.Name())
+		if len(arguments) < 1 {
+			return
+		}
+
 		var ok bool
 		r.header, ok = arguments[0].(string)
 		if !ok {
-			panic(fmt.Sprintf("invalid argument for \"file-header\" rule: first argument should be a string, got %T", arguments[0]))
+			panic(fmt.Sprintf("invalid argument for \"file-header\" rule: argument should be a string, got %T", arguments[0]))
 		}
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
 func (r *FileHeaderRule) Apply(file *lint.File, arguments lint.Arguments) []lint.Failure {
 	r.configure(arguments)
 
+	if r.header == "" {
+		return nil
+	}
+
 	failure := []lint.Failure{
 		{
 			Node:       file.AST,
diff --git a/vendor/github.com/mgechev/revive/rule/function-length.go b/vendor/github.com/mgechev/revive/rule/function-length.go
index d600d7a2a..f7ab8b98e 100644
--- a/vendor/github.com/mgechev/revive/rule/function-length.go
+++ b/vendor/github.com/mgechev/revive/rule/function-length.go
@@ -19,13 +19,13 @@ type FunctionLength struct {
 
 func (r *FunctionLength) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if !r.configured {
 		maxStmt, maxLines := r.parseArguments(arguments)
 		r.maxStmt = int(maxStmt)
 		r.maxLines = int(maxLines)
 		r.configured = true
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
@@ -53,7 +53,14 @@ func (*FunctionLength) Name() string {
 	return "function-length"
 }
 
+const defaultFuncStmtsLimit = 50
+const defaultFuncLinesLimit = 75
+
 func (*FunctionLength) parseArguments(arguments lint.Arguments) (maxStmt, maxLines int64) {
+	if len(arguments) == 0 {
+		return defaultFuncStmtsLimit, defaultFuncLinesLimit
+	}
+
 	if len(arguments) != 2 {
 		panic(fmt.Sprintf(`invalid configuration for "function-length" rule, expected 2 arguments but got %d`, len(arguments)))
 	}
diff --git a/vendor/github.com/mgechev/revive/rule/function-result-limit.go b/vendor/github.com/mgechev/revive/rule/function-result-limit.go
index 5d2b87316..6a0748011 100644
--- a/vendor/github.com/mgechev/revive/rule/function-result-limit.go
+++ b/vendor/github.com/mgechev/revive/rule/function-result-limit.go
@@ -14,11 +14,16 @@ type FunctionResultsLimitRule struct {
 	sync.Mutex
 }
 
+const defaultResultsLimit = 3
+
 func (r *FunctionResultsLimitRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.max == 0 {
-		checkNumberOfArguments(1, arguments, r.Name())
-
+		if len(arguments) < 1 {
+			r.max = defaultResultsLimit
+			return
+		}
 		max, ok := arguments[0].(int64) // Alt. non panicking version
 		if !ok {
 			panic(fmt.Sprintf(`invalid value passed as return results number to the "function-result-limit" rule; need int64 but got %T`, arguments[0]))
@@ -28,7 +33,6 @@ func (r *FunctionResultsLimitRule) configure(arguments lint.Arguments) {
 		}
 		r.max = int(max)
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/import-alias-naming.go b/vendor/github.com/mgechev/revive/rule/import-alias-naming.go
new file mode 100644
index 000000000..292392b5d
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/rule/import-alias-naming.go
@@ -0,0 +1,79 @@
+package rule
+
+import (
+	"fmt"
+	"regexp"
+	"sync"
+
+	"github.com/mgechev/revive/lint"
+)
+
+// ImportAliasNamingRule lints import alias naming.
+type ImportAliasNamingRule struct {
+	configured       bool
+	namingRuleRegexp *regexp.Regexp
+	sync.Mutex
+}
+
+const defaultNamingRule = "^[a-z][a-z0-9]{0,}$"
+
+var defaultNamingRuleRegexp = regexp.MustCompile(defaultNamingRule)
+
+func (r *ImportAliasNamingRule) configure(arguments lint.Arguments) {
+	r.Lock()
+	defer r.Unlock()
+	if r.configured {
+		return
+	}
+
+	if len(arguments) < 1 {
+		r.namingRuleRegexp = defaultNamingRuleRegexp
+		return
+	}
+
+	namingRule, ok := arguments[0].(string) // Alt. non panicking version
+	if !ok {
+		panic(fmt.Sprintf("Invalid argument '%v' for 'import-alias-naming' rule. Expecting string, got %T", arguments[0], arguments[0]))
+	}
+
+	var err error
+	r.namingRuleRegexp, err = regexp.Compile(namingRule)
+	if err != nil {
+		panic(fmt.Sprintf("Invalid argument to the import-alias-naming rule. Expecting %q to be a valid regular expression, got: %v", namingRule, err))
+	}
+}
+
+// Apply applies the rule to given file.
+func (r *ImportAliasNamingRule) Apply(file *lint.File, arguments lint.Arguments) []lint.Failure {
+	r.configure(arguments)
+
+	var failures []lint.Failure
+
+	for _, is := range file.AST.Imports {
+		path := is.Path
+		if path == nil {
+			continue
+		}
+
+		alias := is.Name
+		if alias == nil || alias.Name == "_" {
+			continue
+		}
+
+		if !r.namingRuleRegexp.MatchString(alias.Name) {
+			failures = append(failures, lint.Failure{
+				Confidence: 1,
+				Failure:    fmt.Sprintf("import name (%s) must match the regular expression: %s", alias.Name, r.namingRuleRegexp.String()),
+				Node:       alias,
+				Category:   "imports",
+			})
+		}
+	}
+
+	return failures
+}
+
+// Name returns the rule name.
+func (*ImportAliasNamingRule) Name() string {
+	return "import-alias-naming"
+}
diff --git a/vendor/github.com/mgechev/revive/rule/import-shadowing.go b/vendor/github.com/mgechev/revive/rule/import-shadowing.go
index 2bab704d0..046aeb688 100644
--- a/vendor/github.com/mgechev/revive/rule/import-shadowing.go
+++ b/vendor/github.com/mgechev/revive/rule/import-shadowing.go
@@ -29,6 +29,7 @@ func (*ImportShadowingRule) Apply(file *lint.File, _ lint.Arguments) []lint.Fail
 			failures = append(failures, failure)
 		},
 		alreadySeen: map[*ast.Object]struct{}{},
+		skipIdents:  map[*ast.Ident]struct{}{},
 	}
 
 	ast.Walk(walker, fileAst)
@@ -62,6 +63,7 @@ type importShadowing struct {
 	importNames      map[string]struct{}
 	onFailure        func(lint.Failure)
 	alreadySeen      map[*ast.Object]struct{}
+	skipIdents       map[*ast.Ident]struct{}
 }
 
 // Visit visits AST nodes and checks if id nodes (ast.Ident) shadow an import name
@@ -80,6 +82,10 @@ func (w importShadowing) Visit(n ast.Node) ast.Visitor {
 		*ast.SelectorExpr, // skip analysis of selector expressions (anId.otherId): because if anId shadows an import name, it was already detected, and otherId does not shadows the import name
 		*ast.StructType:   // skip analysis of struct type because struct fields can not shadow an import name
 		return nil
+	case *ast.FuncDecl:
+		if n.Recv != nil {
+			w.skipIdents[n.Name] = struct{}{}
+		}
 	case *ast.Ident:
 		if n == w.packageNameIdent {
 			return nil // skip the ident corresponding to the package name of this file
@@ -92,11 +98,12 @@ func (w importShadowing) Visit(n ast.Node) ast.Visitor {
 
 		_, isImportName := w.importNames[id]
 		_, alreadySeen := w.alreadySeen[n.Obj]
-		if isImportName && !alreadySeen {
+		_, skipIdent := w.skipIdents[n]
+		if isImportName && !alreadySeen && !skipIdent {
 			w.onFailure(lint.Failure{
 				Confidence: 1,
 				Node:       n,
-				Category:   "namming",
+				Category:   "naming",
 				Failure:    fmt.Sprintf("The name '%s' shadows an import name", id),
 			})
 
diff --git a/vendor/github.com/mgechev/revive/rule/imports-blacklist.go b/vendor/github.com/mgechev/revive/rule/imports-blacklist.go
index 710662815..bb8262cae 100644
--- a/vendor/github.com/mgechev/revive/rule/imports-blacklist.go
+++ b/vendor/github.com/mgechev/revive/rule/imports-blacklist.go
@@ -52,10 +52,6 @@ func (r *ImportsBlacklistRule) Apply(file *lint.File, arguments lint.Arguments)
 
 	var failures []lint.Failure
 
-	if file.IsTest() {
-		return failures // skip, test file
-	}
-
 	for _, is := range file.AST.Imports {
 		path := is.Path
 		if path != nil && r.isBlacklisted(path.Value) {
diff --git a/vendor/github.com/mgechev/revive/rule/indent-error-flow.go b/vendor/github.com/mgechev/revive/rule/indent-error-flow.go
index e455801c4..b80e6486c 100644
--- a/vendor/github.com/mgechev/revive/rule/indent-error-flow.go
+++ b/vendor/github.com/mgechev/revive/rule/indent-error-flow.go
@@ -1,9 +1,7 @@
 package rule
 
 import (
-	"go/ast"
-	"go/token"
-
+	"github.com/mgechev/revive/internal/ifelse"
 	"github.com/mgechev/revive/lint"
 )
 
@@ -11,16 +9,8 @@ import (
 type IndentErrorFlowRule struct{}
 
 // Apply applies the rule to given file.
-func (*IndentErrorFlowRule) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
-	var failures []lint.Failure
-
-	onFailure := func(failure lint.Failure) {
-		failures = append(failures, failure)
-	}
-
-	w := lintElse{make(map[*ast.IfStmt]bool), onFailure}
-	ast.Walk(w, file.AST)
-	return failures
+func (e *IndentErrorFlowRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	return ifelse.Apply(e, file.AST, ifelse.TargetElse, args)
 }
 
 // Name returns the rule name.
@@ -28,51 +18,28 @@ func (*IndentErrorFlowRule) Name() string {
 	return "indent-error-flow"
 }
 
-type lintElse struct {
-	ignore    map[*ast.IfStmt]bool
-	onFailure func(lint.Failure)
-}
-
-func (w lintElse) Visit(node ast.Node) ast.Visitor {
-	ifStmt, ok := node.(*ast.IfStmt)
-	if !ok || ifStmt.Else == nil {
-		return w
-	}
-	if w.ignore[ifStmt] {
-		if elseif, ok := ifStmt.Else.(*ast.IfStmt); ok {
-			w.ignore[elseif] = true
-		}
-		return w
+// CheckIfElse evaluates the rule against an ifelse.Chain.
+func (e *IndentErrorFlowRule) CheckIfElse(chain ifelse.Chain, args ifelse.Args) (failMsg string) {
+	if !chain.If.Deviates() {
+		// this rule only applies if the if-block deviates control flow
+		return
 	}
-	if elseif, ok := ifStmt.Else.(*ast.IfStmt); ok {
-		w.ignore[elseif] = true
-		return w
-	}
-	if _, ok := ifStmt.Else.(*ast.BlockStmt); !ok {
-		// only care about elses without conditions
-		return w
-	}
-	if len(ifStmt.Body.List) == 0 {
-		return w
+
+	if chain.HasPriorNonDeviating {
+		// if we de-indent the "else" block then a previous branch
+		// might flow into it, affecting program behaviour
+		return
 	}
-	shortDecl := false // does the if statement have a ":=" initialization statement?
-	if ifStmt.Init != nil {
-		if as, ok := ifStmt.Init.(*ast.AssignStmt); ok && as.Tok == token.DEFINE {
-			shortDecl = true
-		}
+
+	if !chain.If.Returns() {
+		// avoid overlapping with superfluous-else
+		return
 	}
-	lastStmt := ifStmt.Body.List[len(ifStmt.Body.List)-1]
-	if _, ok := lastStmt.(*ast.ReturnStmt); ok {
-		extra := ""
-		if shortDecl {
-			extra = " (move short variable declaration to its own line if necessary)"
-		}
-		w.onFailure(lint.Failure{
-			Confidence: 1,
-			Node:       ifStmt.Else,
-			Category:   "indent",
-			Failure:    "if block ends with a return statement, so drop this else and outdent its block" + extra,
-		})
+
+	if args.PreserveScope && !chain.AtBlockEnd && (chain.HasInitializer || chain.Else.HasDecls) {
+		// avoid increasing variable scope
+		return
 	}
-	return w
+
+	return "if block ends with a return statement, so drop this else and outdent its block"
 }
diff --git a/vendor/github.com/mgechev/revive/rule/line-length-limit.go b/vendor/github.com/mgechev/revive/rule/line-length-limit.go
index 9e512c1c2..1a414f691 100644
--- a/vendor/github.com/mgechev/revive/rule/line-length-limit.go
+++ b/vendor/github.com/mgechev/revive/rule/line-length-limit.go
@@ -18,10 +18,16 @@ type LineLengthLimitRule struct {
 	sync.Mutex
 }
 
+const defaultLineLengthLimit = 80
+
 func (r *LineLengthLimitRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.max == 0 {
-		checkNumberOfArguments(1, arguments, r.Name())
+		if len(arguments) < 1 {
+			r.max = defaultLineLengthLimit
+			return
+		}
 
 		max, ok := arguments[0].(int64) // Alt. non panicking version
 		if !ok || max < 0 {
@@ -30,7 +36,6 @@ func (r *LineLengthLimitRule) configure(arguments lint.Arguments) {
 
 		r.max = int(max)
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/max-public-structs.go b/vendor/github.com/mgechev/revive/rule/max-public-structs.go
index e39f49c69..25be3e676 100644
--- a/vendor/github.com/mgechev/revive/rule/max-public-structs.go
+++ b/vendor/github.com/mgechev/revive/rule/max-public-structs.go
@@ -14,9 +14,17 @@ type MaxPublicStructsRule struct {
 	sync.Mutex
 }
 
+const defaultMaxPublicStructs = 5
+
 func (r *MaxPublicStructsRule) configure(arguments lint.Arguments) {
 	r.Lock()
+	defer r.Unlock()
 	if r.max < 1 {
+		if len(arguments) < 1 {
+			r.max = defaultMaxPublicStructs
+			return
+		}
+
 		checkNumberOfArguments(1, arguments, r.Name())
 
 		max, ok := arguments[0].(int64) // Alt. non panicking version
@@ -25,7 +33,6 @@ func (r *MaxPublicStructsRule) configure(arguments lint.Arguments) {
 		}
 		r.max = max
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
diff --git a/vendor/github.com/mgechev/revive/rule/redundant-import-alias.go b/vendor/github.com/mgechev/revive/rule/redundant-import-alias.go
new file mode 100644
index 000000000..fa5281f24
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/rule/redundant-import-alias.go
@@ -0,0 +1,52 @@
+package rule
+
+import (
+	"fmt"
+	"go/ast"
+	"strings"
+
+	"github.com/mgechev/revive/lint"
+)
+
+// RedundantImportAlias lints given else constructs.
+type RedundantImportAlias struct{}
+
+// Apply applies the rule to given file.
+func (*RedundantImportAlias) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
+	var failures []lint.Failure
+
+	for _, imp := range file.AST.Imports {
+		if imp.Name == nil {
+			continue
+		}
+
+		if getImportPackageName(imp) == imp.Name.Name {
+			failures = append(failures, lint.Failure{
+				Confidence: 1,
+				Failure:    fmt.Sprintf("Import alias \"%s\" is redundant", imp.Name.Name),
+				Node:       imp,
+				Category:   "imports",
+			})
+		}
+	}
+
+	return failures
+}
+
+// Name returns the rule name.
+func (*RedundantImportAlias) Name() string {
+	return "redundant-import-alias"
+}
+
+func getImportPackageName(imp *ast.ImportSpec) string {
+	const pathSep = "/"
+	const strDelim = `"`
+
+	path := imp.Path.Value
+	i := strings.LastIndex(path, pathSep)
+	if i == -1 {
+		return strings.Trim(path, strDelim)
+	}
+
+	return strings.Trim(path[i+1:], strDelim)
+}
diff --git a/vendor/github.com/mgechev/revive/rule/string-format.go b/vendor/github.com/mgechev/revive/rule/string-format.go
index 0e30ebf8b..3edd62477 100644
--- a/vendor/github.com/mgechev/revive/rule/string-format.go
+++ b/vendor/github.com/mgechev/revive/rule/string-format.go
@@ -211,10 +211,14 @@ func (lintStringFormatRule) getCallName(call *ast.CallExpr) (callName string, ok
 	if selector, ok := call.Fun.(*ast.SelectorExpr); ok {
 		// Scoped function call
 		scope, ok := selector.X.(*ast.Ident)
-		if !ok {
-			return "", false
+		if ok {
+			return scope.Name + "." + selector.Sel.Name, true
+		}
+		// Scoped function call inside structure
+		recv, ok := selector.X.(*ast.SelectorExpr)
+		if ok {
+			return recv.Sel.Name + "." + selector.Sel.Name, true
 		}
-		return scope.Name + "." + selector.Sel.Name, true
 	}
 
 	return "", false
diff --git a/vendor/github.com/mgechev/revive/rule/superfluous-else.go b/vendor/github.com/mgechev/revive/rule/superfluous-else.go
index a9e4380c9..1ef67bf1a 100644
--- a/vendor/github.com/mgechev/revive/rule/superfluous-else.go
+++ b/vendor/github.com/mgechev/revive/rule/superfluous-else.go
@@ -2,9 +2,7 @@ package rule
 
 import (
 	"fmt"
-	"go/ast"
-	"go/token"
-
+	"github.com/mgechev/revive/internal/ifelse"
 	"github.com/mgechev/revive/lint"
 )
 
@@ -12,27 +10,8 @@ import (
 type SuperfluousElseRule struct{}
 
 // Apply applies the rule to given file.
-func (*SuperfluousElseRule) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
-	var failures []lint.Failure
-	onFailure := func(failure lint.Failure) {
-		failures = append(failures, failure)
-	}
-
-	branchingFunctions := map[string]map[string]bool{
-		"os": {"Exit": true},
-		"log": {
-			"Fatal":   true,
-			"Fatalf":  true,
-			"Fatalln": true,
-			"Panic":   true,
-			"Panicf":  true,
-			"Panicln": true,
-		},
-	}
-
-	w := lintSuperfluousElse{make(map[*ast.IfStmt]bool), onFailure, branchingFunctions}
-	ast.Walk(w, file.AST)
-	return failures
+func (e *SuperfluousElseRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	return ifelse.Apply(e, file.AST, ifelse.TargetElse, args)
 }
 
 // Name returns the rule name.
@@ -40,75 +19,28 @@ func (*SuperfluousElseRule) Name() string {
 	return "superfluous-else"
 }
 
-type lintSuperfluousElse struct {
-	ignore             map[*ast.IfStmt]bool
-	onFailure          func(lint.Failure)
-	branchingFunctions map[string]map[string]bool
-}
-
-func (w lintSuperfluousElse) Visit(node ast.Node) ast.Visitor {
-	ifStmt, ok := node.(*ast.IfStmt)
-	if !ok || ifStmt.Else == nil {
-		return w
-	}
-	if w.ignore[ifStmt] {
-		if elseif, ok := ifStmt.Else.(*ast.IfStmt); ok {
-			w.ignore[elseif] = true
-		}
-		return w
-	}
-	if elseif, ok := ifStmt.Else.(*ast.IfStmt); ok {
-		w.ignore[elseif] = true
-		return w
-	}
-	if _, ok := ifStmt.Else.(*ast.BlockStmt); !ok {
-		// only care about elses without conditions
-		return w
-	}
-	if len(ifStmt.Body.List) == 0 {
-		return w
-	}
-	shortDecl := false // does the if statement have a ":=" initialization statement?
-	if ifStmt.Init != nil {
-		if as, ok := ifStmt.Init.(*ast.AssignStmt); ok && as.Tok == token.DEFINE {
-			shortDecl = true
-		}
-	}
-	extra := ""
-	if shortDecl {
-		extra = " (move short variable declaration to its own line if necessary)"
+// CheckIfElse evaluates the rule against an ifelse.Chain.
+func (e *SuperfluousElseRule) CheckIfElse(chain ifelse.Chain, args ifelse.Args) (failMsg string) {
+	if !chain.If.Deviates() {
+		// this rule only applies if the if-block deviates control flow
+		return
 	}
 
-	lastStmt := ifStmt.Body.List[len(ifStmt.Body.List)-1]
-	switch stmt := lastStmt.(type) {
-	case *ast.BranchStmt:
-		tok := stmt.Tok.String()
-		if tok != "fallthrough" {
-			w.onFailure(newFailure(ifStmt.Else, "if block ends with a "+tok+" statement, so drop this else and outdent its block"+extra))
-		}
-	case *ast.ExprStmt:
-		if ce, ok := stmt.X.(*ast.CallExpr); ok { // it's a function call
-			if fc, ok := ce.Fun.(*ast.SelectorExpr); ok {
-				if id, ok := fc.X.(*ast.Ident); ok {
-					fn := fc.Sel.Name
-					pkg := id.Name
-					if w.branchingFunctions[pkg][fn] { // it's a call to a branching function
-						w.onFailure(
-							newFailure(ifStmt.Else, fmt.Sprintf("if block ends with call to %s.%s function, so drop this else and outdent its block%s", pkg, fn, extra)))
-					}
-				}
-			}
-		}
+	if chain.HasPriorNonDeviating {
+		// if we de-indent the "else" block then a previous branch
+		// might flow into it, affecting program behaviour
+		return
 	}
 
-	return w
-}
+	if chain.If.Returns() {
+		// avoid overlapping with indent-error-flow
+		return
+	}
 
-func newFailure(node ast.Node, msg string) lint.Failure {
-	return lint.Failure{
-		Confidence: 1,
-		Node:       node,
-		Category:   "indent",
-		Failure:    msg,
+	if args.PreserveScope && !chain.AtBlockEnd && (chain.HasInitializer || chain.Else.HasDecls) {
+		// avoid increasing variable scope
+		return
 	}
+
+	return fmt.Sprintf("if block ends with %v, so drop this else and outdent its block", chain.If.LongString())
 }
diff --git a/vendor/github.com/mgechev/revive/rule/time-equal.go b/vendor/github.com/mgechev/revive/rule/time-equal.go
index 72ecf26fe..3b85e18a8 100644
--- a/vendor/github.com/mgechev/revive/rule/time-equal.go
+++ b/vendor/github.com/mgechev/revive/rule/time-equal.go
@@ -60,9 +60,9 @@ func (l *lintTimeEqual) Visit(node ast.Node) ast.Visitor {
 	var failure string
 	switch expr.Op {
 	case token.EQL:
-		failure = fmt.Sprintf("use %s.Equal(%s) instead of %q operator", expr.X, expr.Y, expr.Op)
+		failure = fmt.Sprintf("use %s.Equal(%s) instead of %q operator", gofmt(expr.X), gofmt(expr.Y), expr.Op)
 	case token.NEQ:
-		failure = fmt.Sprintf("use !%s.Equal(%s) instead of %q operator", expr.X, expr.Y, expr.Op)
+		failure = fmt.Sprintf("use !%s.Equal(%s) instead of %q operator", gofmt(expr.X), gofmt(expr.Y), expr.Op)
 	}
 
 	l.onFailure(lint.Failure{
diff --git a/vendor/github.com/mgechev/revive/rule/unchecked-type-assertion.go b/vendor/github.com/mgechev/revive/rule/unchecked-type-assertion.go
new file mode 100644
index 000000000..df27743cb
--- /dev/null
+++ b/vendor/github.com/mgechev/revive/rule/unchecked-type-assertion.go
@@ -0,0 +1,194 @@
+package rule
+
+import (
+	"fmt"
+	"go/ast"
+	"sync"
+
+	"github.com/mgechev/revive/lint"
+)
+
+const (
+	ruleUTAMessagePanic   = "type assertion will panic if not matched"
+	ruleUTAMessageIgnored = "type assertion result ignored"
+)
+
+// UncheckedTypeAssertionRule lints missing or ignored `ok`-value in danymic type casts.
+type UncheckedTypeAssertionRule struct {
+	sync.Mutex
+	acceptIgnoredAssertionResult bool
+	configured                   bool
+}
+
+func (u *UncheckedTypeAssertionRule) configure(arguments lint.Arguments) {
+	u.Lock()
+	defer u.Unlock()
+
+	if len(arguments) == 0 || u.configured {
+		return
+	}
+
+	u.configured = true
+
+	args, ok := arguments[0].(map[string]any)
+	if !ok {
+		panic("Unable to get arguments. Expected object of key-value-pairs.")
+	}
+
+	for k, v := range args {
+		switch k {
+		case "acceptIgnoredAssertionResult":
+			u.acceptIgnoredAssertionResult, ok = v.(bool)
+			if !ok {
+				panic(fmt.Sprintf("Unable to parse argument '%s'. Expected boolean.", k))
+			}
+		default:
+			panic(fmt.Sprintf("Unknown argument: %s", k))
+		}
+	}
+}
+
+// Apply applies the rule to given file.
+func (u *UncheckedTypeAssertionRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	u.configure(args)
+
+	var failures []lint.Failure
+
+	walker := &lintUnchekedTypeAssertion{
+		onFailure: func(failure lint.Failure) {
+			failures = append(failures, failure)
+		},
+		acceptIgnoredTypeAssertionResult: u.acceptIgnoredAssertionResult,
+	}
+
+	ast.Walk(walker, file.AST)
+
+	return failures
+}
+
+// Name returns the rule name.
+func (*UncheckedTypeAssertionRule) Name() string {
+	return "unchecked-type-assertion"
+}
+
+type lintUnchekedTypeAssertion struct {
+	onFailure                        func(lint.Failure)
+	acceptIgnoredTypeAssertionResult bool
+}
+
+func isIgnored(e ast.Expr) bool {
+	ident, ok := e.(*ast.Ident)
+	if !ok {
+		return false
+	}
+
+	return ident.Name == "_"
+}
+
+func isTypeSwitch(e *ast.TypeAssertExpr) bool {
+	return e.Type == nil
+}
+
+func (w *lintUnchekedTypeAssertion) requireNoTypeAssert(expr ast.Expr) {
+	e, ok := expr.(*ast.TypeAssertExpr)
+	if ok && !isTypeSwitch(e) {
+		w.addFailure(e, ruleUTAMessagePanic)
+	}
+}
+
+func (w *lintUnchekedTypeAssertion) handleIfStmt(n *ast.IfStmt) {
+	ifCondition, ok := n.Cond.(*ast.BinaryExpr)
+	if ok {
+		w.requireNoTypeAssert(ifCondition.X)
+		w.requireNoTypeAssert(ifCondition.Y)
+	}
+}
+
+func (w *lintUnchekedTypeAssertion) requireBinaryExpressionWithoutTypeAssertion(expr ast.Expr) {
+	binaryExpr, ok := expr.(*ast.BinaryExpr)
+	if ok {
+		w.requireNoTypeAssert(binaryExpr.X)
+		w.requireNoTypeAssert(binaryExpr.Y)
+	}
+}
+
+func (w *lintUnchekedTypeAssertion) handleCaseClause(n *ast.CaseClause) {
+	for _, expr := range n.List {
+		w.requireNoTypeAssert(expr)
+		w.requireBinaryExpressionWithoutTypeAssertion(expr)
+	}
+}
+
+func (w *lintUnchekedTypeAssertion) handleSwitch(n *ast.SwitchStmt) {
+	w.requireNoTypeAssert(n.Tag)
+	w.requireBinaryExpressionWithoutTypeAssertion(n.Tag)
+}
+
+func (w *lintUnchekedTypeAssertion) handleAssignment(n *ast.AssignStmt) {
+	if len(n.Rhs) == 0 {
+		return
+	}
+
+	e, ok := n.Rhs[0].(*ast.TypeAssertExpr)
+	if !ok || e == nil {
+		return
+	}
+
+	if isTypeSwitch(e) {
+		return
+	}
+
+	if len(n.Lhs) == 1 {
+		w.addFailure(e, ruleUTAMessagePanic)
+	}
+
+	if !w.acceptIgnoredTypeAssertionResult && len(n.Lhs) == 2 && isIgnored(n.Lhs[1]) {
+		w.addFailure(e, ruleUTAMessageIgnored)
+	}
+}
+
+// handles "return foo(.*bar)" - one of them is enough to fail as golang does not forward the type cast tuples in return statements
+func (w *lintUnchekedTypeAssertion) handleReturn(n *ast.ReturnStmt) {
+	for _, r := range n.Results {
+		w.requireNoTypeAssert(r)
+	}
+}
+
+func (w *lintUnchekedTypeAssertion) handleRange(n *ast.RangeStmt) {
+	w.requireNoTypeAssert(n.X)
+}
+
+func (w *lintUnchekedTypeAssertion) handleChannelSend(n *ast.SendStmt) {
+	w.requireNoTypeAssert(n.Value)
+}
+
+func (w *lintUnchekedTypeAssertion) Visit(node ast.Node) ast.Visitor {
+	switch n := node.(type) {
+	case *ast.RangeStmt:
+		w.handleRange(n)
+	case *ast.SwitchStmt:
+		w.handleSwitch(n)
+	case *ast.ReturnStmt:
+		w.handleReturn(n)
+	case *ast.AssignStmt:
+		w.handleAssignment(n)
+	case *ast.IfStmt:
+		w.handleIfStmt(n)
+	case *ast.CaseClause:
+		w.handleCaseClause(n)
+	case *ast.SendStmt:
+		w.handleChannelSend(n)
+	}
+
+	return w
+}
+
+func (w *lintUnchekedTypeAssertion) addFailure(n *ast.TypeAssertExpr, why string) {
+	s := fmt.Sprintf("type cast result is unchecked in %v - %s", gofmt(n), why)
+	w.onFailure(lint.Failure{
+		Category:   "bad practice",
+		Confidence: 1,
+		Node:       n,
+		Failure:    s,
+	})
+}
diff --git a/vendor/github.com/mgechev/revive/rule/unused-param.go b/vendor/github.com/mgechev/revive/rule/unused-param.go
index ab3da453e..df6cd9af0 100644
--- a/vendor/github.com/mgechev/revive/rule/unused-param.go
+++ b/vendor/github.com/mgechev/revive/rule/unused-param.go
@@ -3,22 +3,72 @@ package rule
 import (
 	"fmt"
 	"go/ast"
+	"regexp"
+	"sync"
 
 	"github.com/mgechev/revive/lint"
 )
 
 // UnusedParamRule lints unused params in functions.
-type UnusedParamRule struct{}
+type UnusedParamRule struct {
+	configured bool
+	// regex to check if some name is valid for unused parameter, "^_$" by default
+	allowRegex *regexp.Regexp
+	failureMsg string
+	sync.Mutex
+}
+
+func (r *UnusedParamRule) configure(args lint.Arguments) {
+	r.Lock()
+	defer r.Unlock()
+
+	if r.configured {
+		return
+	}
+	r.configured = true
+
+	// while by default args is an array, i think it's good to provide structures inside it by default, not arrays or primitives
+	// it's more compatible to JSON nature of configurations
+	var allowedRegexStr string
+	if len(args) == 0 {
+		allowedRegexStr = "^_$"
+		r.failureMsg = "parameter '%s' seems to be unused, consider removing or renaming it as _"
+	} else {
+		// Arguments = [{}]
+		options := args[0].(map[string]interface{})
+		// Arguments = [{allowedRegex="^_"}]
+
+		if allowedRegexParam, ok := options["allowRegex"]; ok {
+			allowedRegexStr, ok = allowedRegexParam.(string)
+			if !ok {
+				panic(fmt.Errorf("error configuring %s rule: allowedRegex is not string but [%T]", r.Name(), allowedRegexParam))
+			}
+		}
+	}
+	var err error
+	r.allowRegex, err = regexp.Compile(allowedRegexStr)
+	if err != nil {
+		panic(fmt.Errorf("error configuring %s rule: allowedRegex is not valid regex [%s]: %v", r.Name(), allowedRegexStr, err))
+	}
+
+	if r.failureMsg == "" {
+		r.failureMsg = "parameter '%s' seems to be unused, consider removing or renaming it to match " + r.allowRegex.String()
+	}
+}
 
 // Apply applies the rule to given file.
-func (*UnusedParamRule) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
+func (r *UnusedParamRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	r.configure(args)
 	var failures []lint.Failure
 
 	onFailure := func(failure lint.Failure) {
 		failures = append(failures, failure)
 	}
-
-	w := lintUnusedParamRule{onFailure: onFailure}
+	w := lintUnusedParamRule{
+		onFailure:  onFailure,
+		allowRegex: r.allowRegex,
+		failureMsg: r.failureMsg,
+	}
 
 	ast.Walk(w, file.AST)
 
@@ -31,7 +81,9 @@ func (*UnusedParamRule) Name() string {
 }
 
 type lintUnusedParamRule struct {
-	onFailure func(lint.Failure)
+	onFailure  func(lint.Failure)
+	allowRegex *regexp.Regexp
+	failureMsg string
 }
 
 func (w lintUnusedParamRule) Visit(node ast.Node) ast.Visitor {
@@ -65,12 +117,15 @@ func (w lintUnusedParamRule) Visit(node ast.Node) ast.Visitor {
 
 		for _, p := range n.Type.Params.List {
 			for _, n := range p.Names {
+				if w.allowRegex.FindStringIndex(n.Name) != nil {
+					continue
+				}
 				if params[n.Obj] {
 					w.onFailure(lint.Failure{
 						Confidence: 1,
 						Node:       n,
 						Category:   "bad practice",
-						Failure:    fmt.Sprintf("parameter '%s' seems to be unused, consider removing or renaming it as _", n.Name),
+						Failure:    fmt.Sprintf(w.failureMsg, n.Name),
 					})
 				}
 			}
diff --git a/vendor/github.com/mgechev/revive/rule/unused-receiver.go b/vendor/github.com/mgechev/revive/rule/unused-receiver.go
index 2289a517e..488572b7b 100644
--- a/vendor/github.com/mgechev/revive/rule/unused-receiver.go
+++ b/vendor/github.com/mgechev/revive/rule/unused-receiver.go
@@ -3,22 +3,72 @@ package rule
 import (
 	"fmt"
 	"go/ast"
+	"regexp"
+	"sync"
 
 	"github.com/mgechev/revive/lint"
 )
 
 // UnusedReceiverRule lints unused params in functions.
-type UnusedReceiverRule struct{}
+type UnusedReceiverRule struct {
+	configured bool
+	// regex to check if some name is valid for unused parameter, "^_$" by default
+	allowRegex *regexp.Regexp
+	failureMsg string
+	sync.Mutex
+}
+
+func (r *UnusedReceiverRule) configure(args lint.Arguments) {
+	r.Lock()
+	defer r.Unlock()
+
+	if r.configured {
+		return
+	}
+	r.configured = true
+
+	// while by default args is an array, i think it's good to provide structures inside it by default, not arrays or primitives
+	// it's more compatible to JSON nature of configurations
+	var allowedRegexStr string
+	if len(args) == 0 {
+		allowedRegexStr = "^_$"
+		r.failureMsg = "method receiver '%s' is not referenced in method's body, consider removing or renaming it as _"
+	} else {
+		// Arguments = [{}]
+		options := args[0].(map[string]interface{})
+		// Arguments = [{allowedRegex="^_"}]
+
+		if allowedRegexParam, ok := options["allowRegex"]; ok {
+			allowedRegexStr, ok = allowedRegexParam.(string)
+			if !ok {
+				panic(fmt.Errorf("error configuring [unused-receiver] rule: allowedRegex is not string but [%T]", allowedRegexParam))
+			}
+		}
+	}
+	var err error
+	r.allowRegex, err = regexp.Compile(allowedRegexStr)
+	if err != nil {
+		panic(fmt.Errorf("error configuring [unused-receiver] rule: allowedRegex is not valid regex [%s]: %v", allowedRegexStr, err))
+	}
+	if r.failureMsg == "" {
+		r.failureMsg = "method receiver '%s' is not referenced in method's body, consider removing or renaming it to match " + r.allowRegex.String()
+	}
+}
 
 // Apply applies the rule to given file.
-func (*UnusedReceiverRule) Apply(file *lint.File, _ lint.Arguments) []lint.Failure {
+func (r *UnusedReceiverRule) Apply(file *lint.File, args lint.Arguments) []lint.Failure {
+	r.configure(args)
 	var failures []lint.Failure
 
 	onFailure := func(failure lint.Failure) {
 		failures = append(failures, failure)
 	}
 
-	w := lintUnusedReceiverRule{onFailure: onFailure}
+	w := lintUnusedReceiverRule{
+		onFailure:  onFailure,
+		allowRegex: r.allowRegex,
+		failureMsg: r.failureMsg,
+	}
 
 	ast.Walk(w, file.AST)
 
@@ -31,7 +81,9 @@ func (*UnusedReceiverRule) Name() string {
 }
 
 type lintUnusedReceiverRule struct {
-	onFailure func(lint.Failure)
+	onFailure  func(lint.Failure)
+	allowRegex *regexp.Regexp
+	failureMsg string
 }
 
 func (w lintUnusedReceiverRule) Visit(node ast.Node) ast.Visitor {
@@ -51,6 +103,10 @@ func (w lintUnusedReceiverRule) Visit(node ast.Node) ast.Visitor {
 			return nil // the receiver is already named _
 		}
 
+		if w.allowRegex != nil && w.allowRegex.FindStringIndex(recID.Name) != nil {
+			return nil
+		}
+
 		// inspect the func body looking for references to the receiver id
 		fselect := func(n ast.Node) bool {
 			ident, isAnID := n.(*ast.Ident)
@@ -67,7 +123,7 @@ func (w lintUnusedReceiverRule) Visit(node ast.Node) ast.Visitor {
 			Confidence: 1,
 			Node:       recID,
 			Category:   "bad practice",
-			Failure:    fmt.Sprintf("method receiver '%s' is not referenced in method's body, consider removing or renaming it as _", recID.Name),
+			Failure:    fmt.Sprintf(w.failureMsg, recID.Name),
 		})
 
 		return nil // full method body already inspected
diff --git a/vendor/github.com/mgechev/revive/rule/var-naming.go b/vendor/github.com/mgechev/revive/rule/var-naming.go
index fa4a18864..286ff9d75 100644
--- a/vendor/github.com/mgechev/revive/rule/var-naming.go
+++ b/vendor/github.com/mgechev/revive/rule/var-naming.go
@@ -13,27 +13,50 @@ import (
 
 var anyCapsRE = regexp.MustCompile(`[A-Z]`)
 
+// regexp for constant names like `SOME_CONST`, `SOME_CONST_2`, `X123_3`, `_SOME_PRIVATE_CONST` (#851, #865)
+var upperCaseConstRE = regexp.MustCompile(`^_?[A-Z][A-Z\d]*(_[A-Z\d]+)*$`)
+
 // VarNamingRule lints given else constructs.
 type VarNamingRule struct {
-	configured bool
-	whitelist  []string
-	blacklist  []string
+	configured     bool
+	whitelist      []string
+	blacklist      []string
+	upperCaseConst bool // if true - allows to use UPPER_SOME_NAMES for constants
 	sync.Mutex
 }
 
 func (r *VarNamingRule) configure(arguments lint.Arguments) {
 	r.Lock()
-	if !r.configured {
-		if len(arguments) >= 1 {
-			r.whitelist = getList(arguments[0], "whitelist")
-		}
+	defer r.Unlock()
+	if r.configured {
+		return
+	}
+
+	r.configured = true
+	if len(arguments) >= 1 {
+		r.whitelist = getList(arguments[0], "whitelist")
+	}
 
-		if len(arguments) >= 2 {
-			r.blacklist = getList(arguments[1], "blacklist")
+	if len(arguments) >= 2 {
+		r.blacklist = getList(arguments[1], "blacklist")
+	}
+
+	if len(arguments) >= 3 {
+		// not pretty code because should keep compatibility with TOML (no mixed array types) and new map parameters
+		thirdArgument := arguments[2]
+		asSlice, ok := thirdArgument.([]interface{})
+		if !ok {
+			panic(fmt.Sprintf("Invalid third argument to the var-naming rule. Expecting a %s of type slice, got %T", "options", arguments[2]))
+		}
+		if len(asSlice) != 1 {
+			panic(fmt.Sprintf("Invalid third argument to the var-naming rule. Expecting a %s of type slice, of len==1, but %d", "options", len(asSlice)))
 		}
-		r.configured = true
+		args, ok := asSlice[0].(map[string]interface{})
+		if !ok {
+			panic(fmt.Sprintf("Invalid third argument to the var-naming rule. Expecting a %s of type slice, of len==1, with map, but %T", "options", asSlice[0]))
+		}
+		r.upperCaseConst = fmt.Sprint(args["upperCaseConst"]) == "true"
 	}
-	r.Unlock()
 }
 
 // Apply applies the rule to given file.
@@ -52,6 +75,7 @@ func (r *VarNamingRule) Apply(file *lint.File, arguments lint.Arguments) []lint.
 		onFailure: func(failure lint.Failure) {
 			failures = append(failures, failure)
 		},
+		upperCaseConst: r.upperCaseConst,
 	}
 
 	// Package names need slightly different handling than other names.
@@ -82,18 +106,18 @@ func (*VarNamingRule) Name() string {
 	return "var-naming"
 }
 
-func checkList(fl *ast.FieldList, thing string, w *lintNames) {
+func (w *lintNames) checkList(fl *ast.FieldList, thing string) {
 	if fl == nil {
 		return
 	}
 	for _, f := range fl.List {
 		for _, id := range f.Names {
-			check(id, thing, w)
+			w.check(id, thing)
 		}
 	}
 }
 
-func check(id *ast.Ident, thing string, w *lintNames) {
+func (w *lintNames) check(id *ast.Ident, thing string) {
 	if id.Name == "_" {
 		return
 	}
@@ -101,6 +125,12 @@ func check(id *ast.Ident, thing string, w *lintNames) {
 		return
 	}
 
+	// #851 upperCaseConst support
+	// if it's const
+	if thing == token.CONST.String() && w.upperCaseConst && upperCaseConstRE.Match([]byte(id.Name)) {
+		return
+	}
+
 	// Handle two common styles from other languages that don't belong in Go.
 	if len(id.Name) >= 5 && allCapsRE.MatchString(id.Name) && strings.Contains(id.Name, "_") {
 		w.onFailure(lint.Failure{
@@ -111,15 +141,6 @@ func check(id *ast.Ident, thing string, w *lintNames) {
 		})
 		return
 	}
-	if len(id.Name) > 2 && id.Name[0] == 'k' && id.Name[1] >= 'A' && id.Name[1] <= 'Z' {
-		should := string(id.Name[1]+'a'-'A') + id.Name[2:]
-		w.onFailure(lint.Failure{
-			Failure:    fmt.Sprintf("don't use leading k in Go names; %s %s should be %s", thing, id.Name, should),
-			Confidence: 0.8,
-			Node:       id,
-			Category:   "naming",
-		})
-	}
 
 	should := lint.Name(id.Name, w.whitelist, w.blacklist)
 	if id.Name == should {
@@ -144,11 +165,12 @@ func check(id *ast.Ident, thing string, w *lintNames) {
 }
 
 type lintNames struct {
-	file      *lint.File
-	fileAst   *ast.File
-	onFailure func(lint.Failure)
-	whitelist []string
-	blacklist []string
+	file           *lint.File
+	fileAst        *ast.File
+	onFailure      func(lint.Failure)
+	whitelist      []string
+	blacklist      []string
+	upperCaseConst bool
 }
 
 func (w *lintNames) Visit(n ast.Node) ast.Visitor {
@@ -159,7 +181,7 @@ func (w *lintNames) Visit(n ast.Node) ast.Visitor {
 		}
 		for _, exp := range v.Lhs {
 			if id, ok := exp.(*ast.Ident); ok {
-				check(id, "var", w)
+				w.check(id, "var")
 			}
 		}
 	case *ast.FuncDecl:
@@ -181,31 +203,24 @@ func (w *lintNames) Visit(n ast.Node) ast.Visitor {
 		// not exported in the Go API.
 		// See https://github.com/golang/lint/issues/144.
 		if ast.IsExported(v.Name.Name) || !isCgoExported(v) {
-			check(v.Name, thing, w)
+			w.check(v.Name, thing)
 		}
 
-		checkList(v.Type.Params, thing+" parameter", w)
-		checkList(v.Type.Results, thing+" result", w)
+		w.checkList(v.Type.Params, thing+" parameter")
+		w.checkList(v.Type.Results, thing+" result")
 	case *ast.GenDecl:
 		if v.Tok == token.IMPORT {
 			return w
 		}
-		var thing string
-		switch v.Tok {
-		case token.CONST:
-			thing = "const"
-		case token.TYPE:
-			thing = "type"
-		case token.VAR:
-			thing = "var"
-		}
+
+		thing := v.Tok.String()
 		for _, spec := range v.Specs {
 			switch s := spec.(type) {
 			case *ast.TypeSpec:
-				check(s.Name, thing, w)
+				w.check(s.Name, thing)
 			case *ast.ValueSpec:
 				for _, id := range s.Names {
-					check(id, thing, w)
+					w.check(id, thing)
 				}
 			}
 		}
@@ -217,23 +232,23 @@ func (w *lintNames) Visit(n ast.Node) ast.Visitor {
 			if !ok { // might be an embedded interface name
 				continue
 			}
-			checkList(ft.Params, "interface method parameter", w)
-			checkList(ft.Results, "interface method result", w)
+			w.checkList(ft.Params, "interface method parameter")
+			w.checkList(ft.Results, "interface method result")
 		}
 	case *ast.RangeStmt:
 		if v.Tok == token.ASSIGN {
 			return w
 		}
 		if id, ok := v.Key.(*ast.Ident); ok {
-			check(id, "range var", w)
+			w.check(id, "range var")
 		}
 		if id, ok := v.Value.(*ast.Ident); ok {
-			check(id, "range var", w)
+			w.check(id, "range var")
 		}
 	case *ast.StructType:
 		for _, f := range v.Fields.List {
 			for _, id := range f.Names {
-				check(id, "struct field", w)
+				w.check(id, "struct field")
 			}
 		}
 	}
diff --git a/vendor/github.com/moby/patternmatcher/ignorefile/ignorefile.go b/vendor/github.com/moby/patternmatcher/ignorefile/ignorefile.go
new file mode 100644
index 000000000..94ea5a0ef
--- /dev/null
+++ b/vendor/github.com/moby/patternmatcher/ignorefile/ignorefile.go
@@ -0,0 +1,73 @@
+package ignorefile
+
+import (
+	"bufio"
+	"bytes"
+	"io"
+	"path/filepath"
+	"strings"
+)
+
+// ReadAll reads an ignore file from a reader and returns the list of file
+// patterns to ignore, applying the following rules:
+//
+//   - An UTF8 BOM header (if present) is stripped.
+//   - Lines starting with "#" are considered comments and are skipped.
+//
+// For remaining lines:
+//
+//   - Leading and trailing whitespace is removed from each ignore pattern.
+//   - It uses [filepath.Clean] to get the shortest/cleanest path for
+//     ignore patterns.
+//   - Leading forward-slashes ("/") are removed from ignore patterns,
+//     so "/some/path" and "some/path" are considered equivalent.
+func ReadAll(reader io.Reader) ([]string, error) {
+	if reader == nil {
+		return nil, nil
+	}
+
+	var excludes []string
+	currentLine := 0
+	utf8bom := []byte{0xEF, 0xBB, 0xBF}
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		scannedBytes := scanner.Bytes()
+		// We trim UTF8 BOM
+		if currentLine == 0 {
+			scannedBytes = bytes.TrimPrefix(scannedBytes, utf8bom)
+		}
+		pattern := string(scannedBytes)
+		currentLine++
+		// Lines starting with # (comments) are ignored before processing
+		if strings.HasPrefix(pattern, "#") {
+			continue
+		}
+		pattern = strings.TrimSpace(pattern)
+		if pattern == "" {
+			continue
+		}
+		// normalize absolute paths to paths relative to the context
+		// (taking care of '!' prefix)
+		invert := pattern[0] == '!'
+		if invert {
+			pattern = strings.TrimSpace(pattern[1:])
+		}
+		if len(pattern) > 0 {
+			pattern = filepath.Clean(pattern)
+			pattern = filepath.ToSlash(pattern)
+			if len(pattern) > 1 && pattern[0] == '/' {
+				pattern = pattern[1:]
+			}
+		}
+		if invert {
+			pattern = "!" + pattern
+		}
+
+		excludes = append(excludes, pattern)
+	}
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+	return excludes, nil
+}
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/.gitignore b/vendor/github.com/nbutton23/zxcvbn-go/.gitignore
deleted file mode 100644
index 4bff1a28e..000000000
--- a/vendor/github.com/nbutton23/zxcvbn-go/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-zxcvbn
-debug.test
diff --git a/vendor/github.com/nbutton23/zxcvbn-go/Makefile b/vendor/github.com/nbutton23/zxcvbn-go/Makefile
deleted file mode 100644
index 6aa13e006..000000000
--- a/vendor/github.com/nbutton23/zxcvbn-go/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-PKG_LIST =  $$( go list ./...  | grep -v /vendor/ | grep -v "zxcvbn-go/data" )
-
-.DEFAULT_GOAL := help
-
-.PHONY: help
-help:
-	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
-
-.PHONY: test
-test: ## Run `go test {Package list}` on the packages
-	go test $(PKG_LIST)
-
-.PHONY: lint
-lint: ## Run `golint {Package list}`
-	golint $(PKG_LIST)
\ No newline at end of file
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/.golangci.yml b/vendor/github.com/nunnatsa/ginkgolinter/.golangci.yml
new file mode 100644
index 000000000..71ff0d034
--- /dev/null
+++ b/vendor/github.com/nunnatsa/ginkgolinter/.golangci.yml
@@ -0,0 +1,3 @@
+linters:
+  enable:
+  - revive
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/README.md b/vendor/github.com/nunnatsa/ginkgolinter/README.md
index e0a4b0739..6c95917d2 100644
--- a/vendor/github.com/nunnatsa/ginkgolinter/README.md
+++ b/vendor/github.com/nunnatsa/ginkgolinter/README.md
@@ -27,7 +27,7 @@ ginkgolinter [-fix] ./...
 Use the `-fix` flag to apply the fix suggestions to the source code.
 
 ### Use ginkgolinter with golangci-lint
-The ginkgolinter is now part of the popular [golangci-lint](https://golangci-lint.run/), starting from version `v0.51.1`.
+The ginkgolinter is now part of the popular [golangci-lint](https://golangci-lint.run/), starting from version `v1.51.1`.
 
 It is not enabled by default, though. There are two ways to run ginkgolinter with golangci-lint:
 
@@ -45,7 +45,8 @@ It is not enabled by default, though. There are two ways to run ginkgolinter wit
        - ginkgolinter
    ```
 ## Linter Checks
-The linter checks the gomega assertions in golang test code. Gomega may be used together with ginkgo tests, For example:
+The linter checks the ginkgo and gomega assertions in golang test code. Gomega may be used together with ginkgo tests, 
+For example:
 ```go
 It("should test something", func() { // It is ginkgo test case function
 	Expect("abcd").To(HaveLen(4), "the string should have a length of 4") // Expect is the gomega assertion
@@ -71,7 +72,140 @@ The linter checks the `Expect`, `ExpectWithOffset` and the `Ω` "actual" functio
 
 It also supports the embedded `Not()` matcher
 
-### Wrong Length Assertion
+Some checks find actual bugs, and some are more for style.
+
+### Using a function call in async assertion [BUG]
+This rule finds an actual bug in tests, where asserting a function call in an async function; e.g. `Eventually`. For
+example:
+```go
+func slowInt(int val) int {
+	time.Sleep(time.Second)
+	return val
+}
+
+...
+
+It("should test that slowInt returns 42, eventually", func() {
+	Eventually(slowInt(42)).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
+})
+```
+The problem with the above code is that it **should** poll - call the function - until it returns 42, but what actually
+happens is that first the function is called, and we pass `42` to `Eventually` - not the function. This is not what we
+tried to do here.
+
+The linter will suggest replacing this code by:
+```go
+It("should test that slowInt returns 42, eventually", func() {
+	Eventually(slowInt).WithArguments(42).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
+})
+```
+
+The linter suggested replacing the function call by the function name.
+
+If function arguments are used, the linter will add the `WithArguments()` method to pass them.
+
+Please notice that `WithArguments()` is only supported from gomenga v1.22.0.
+
+When using an older version of gomega, change the code manually. For example:
+
+```go
+It("should test that slowInt returns 42, eventually", func() {
+	Eventually(func() int {
+		slowint(42)		
+	}).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
+})
+```
+
+### Comparing a pointer with a value [BUG]
+The linter warns when comparing a pointer with a value.
+These comparisons are always wrong and will always fail.
+
+In case of a positive assertion (`To()` or `Should()`), the test will just fail.
+
+But the main concern is for false positive tests, when using a negative assertion (`NotTo()`, `ToNot()`, `ShouldNot()`,
+`Should(Not())` etc.); e.g.
+```go
+num := 5
+...
+pNum := &num
+...
+Expect(pNum).ShouldNot(Equal(6))
+```
+This assertion will pass, but for the wrong reasons: pNum is not equal 6, not because num == 5, but because pNum is
+a pointer, while `6` is an `int`.
+
+In the case above, the linter will suggest `Expect(pNum).ShouldNot(HaveValue(Equal(6)))`
+
+This is also right for additional matchers: `BeTrue()` and `BeFalse()`, `BeIdenticalTo()`, `BeEquivalentTo()`
+and `BeNumerically`.
+
+### Missing Assertion Method [BUG]
+The linter warns when calling an "actual" method (e.g. `Expect()`, `Eventually()` etc.), without an assertion method (e.g
+`Should()`, `NotTo()` etc.)
+
+For example:
+```go
+// no assertion for the result
+Eventually(doSomething).WithTimeout(time.Seconds * 5).WithPolling(time.Milliseconds * 100)
+```
+
+The linter will not suggest a fix for this warning.
+
+This rule cannot be suppressed.
+
+### Focus Container / Focus individual spec found [BUG]
+This rule finds ginkgo focus containers, or the `Focus` individual spec in the code.
+
+ginkgo supports the `FDescribe`, `FContext`, `FWhen`, `FIt`, `FDescribeTable` and `FEntry`
+containers to allow the developer to focus
+on a specific test or set of tests during test development or debug.
+
+For example:
+```go
+var _ = Describe("checking something", func() {
+    FIt("this test is the only one that will run", func(){
+        ...
+    })
+})
+```
+Alternatively, the `Focus` individual spec may be used for the same purpose, e.g.
+```go
+var _ = Describe("checking something", Focus, func() {
+    It("this test is the only one that will run", func(){
+        ...
+    })
+})
+```
+
+These container, or the `Focus` spec, must not be part of the final source code, and should only be used locally by the developer.
+
+***This rule is disabled by default***. Use the `--forbid-focus-container=true` command line flag to enable it.  
+
+### Comparing values from different types [BUG]
+
+The `Equal` and the `BeIdentical` matchers also check the type, not only the value.
+    
+The following code will fail in runtime:    
+```go
+x := 5 // x is int
+Expect(x).Should(Eqaul(uint(5)) // x and uint(5) are with different
+```
+When using negative checks, it's even worse, because we get a false positive:
+```
+x := 5
+Expect(x).ShouldNot(Equal(uint(5))
+```
+
+The linter suggests two options to solve this warning: either compare with the same type, e.g. 
+using casting, or use the `BeEquivalentTo` matcher.
+
+The linter can't guess what is the best solution in each case, and so it won't auto-fix this warning.
+
+To suppress this warning entirely, use the `--suppress-type-compare-assertion=true` command line parameter. 
+
+To suppress a specific file or line, use the `// ginkgo-linter:ignore-type-compare-warning` comment (see [below](#suppress-warning-from-the-code))
+
+### Wrong Length Assertion [STYLE]
 The linter finds assertion of the golang built-in `len` function, with all kind of matchers, while there are already gomega matchers for these usecases; We want to assert the item, rather than its length.
 
 There are several wrong patterns:
@@ -102,10 +236,10 @@ The output of the linter,when finding issues, looks like this:
 ./testdata/src/a/a.go:18:5: ginkgo-linter: wrong length assertion; consider using `Expect("").Should(BeEmpty())` instead
 ./testdata/src/a/a.go:22:5: ginkgo-linter: wrong length assertion; consider using `Expect("").Should(BeEmpty())` instead
 ```
-#### use the `HaveLen(0)` matcher. 
+#### use the `HaveLen(0)` matcher.  [STYLE]
 The linter will also warn about the `HaveLen(0)` matcher, and will suggest to replace it with `BeEmpty()`
 
-### Wrong `nil` Assertion
+### Wrong `nil` Assertion [STYLE]
 The linter finds assertion of the comparison to nil, with all kind of matchers, instead of using the existing `BeNil()` matcher; We want to assert the item, rather than a comparison result.
 
 There are several wrong patterns:
@@ -127,7 +261,7 @@ Or even (double negative):
 
 `Ω(x != nil).Should(Not(BeTrue()))` => `Ω(x).Should(BeNil())`
 
-### Wrong boolean Assertion
+### Wrong boolean Assertion [STYLE]
 The linter finds assertion using the `Equal` method, with the values of to `true` or `false`, instead
 of using the existing `BeTrue()` or `BeFalse()` matcher.
 
@@ -141,7 +275,7 @@ It also supports the embedded `Not()` matcher; e.g.
 
 `Ω(x).Should(Not(Equal(True)))` => `Ω(x).ShouldNot(BeTrue())`
 
-### Wrong Error Assertion
+### Wrong Error Assertion [STYLE]
 The linter finds assertion of errors compared with nil, or to be equal nil, or to be nil. The linter suggests to use `Succeed` for functions or `HaveOccurred` for error values..
 
 There are several wrong patterns:
@@ -159,7 +293,7 @@ It also supports the embedded `Not()` matcher; e.g.
 
 `Ω(err == nil).Should(Not(BeTrue()))` => `Ω(x).Should(HaveOccurred())`
 
-### Wrong Comparison Assertion
+### Wrong Comparison Assertion [STYLE]
 The linter finds assertion of boolean comparisons, which are already supported by existing gomega matchers. 
 
 The linter assumes that when compared something to literals or constants, these values should be used for the assertion,
@@ -198,85 +332,6 @@ Expect(x1 == c1).Should(BeTrue()) // ==> Expect(x1).Should(Equal(c1))
 Expect(c1 == x1).Should(BeTrue()) // ==> Expect(x1).Should(Equal(c1))
 ```
 
-### Using a function call in async assertion
-This rule finds an actual bug in tests, where asserting a function call in an async function; e.g. `Eventually`. For
-example:
-```go
-func slowInt(int val) int {
-	time.Sleep(time.Second)
-	return val
-}
-
-...
-
-It("should test that slowInt returns 42, eventually", func() {
-	Eventually(slowInt(42)).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
-})
-```
-The problem with the above code is that it **should** poll - call the function - until it returns 42, but what actually 
-happens is that first the function is called, and we pass `42` to `Eventually` - not the function. This is not what we 
-tried to do here.
-
-The linter will suggest replacing this code by:
-```go
-It("should test that slowInt returns 42, eventually", func() {
-	Eventually(slowInt).WithArguments(42).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
-})
-```
-
-The linter suggested replacing the function call by the function name. 
-
-If function arguments are used, the linter will add the `WithArguments()` method to pass them.
-
-Please notice that `WithArguments()` is only supported from gomenga v1.22.0.
-
-When using an older version of gomega, change the code manually. For example:
-
-```go
-It("should test that slowInt returns 42, eventually", func() {
-	Eventually(func() int {
-		slowint(42)		
-	}).WithPolling(time.Millisecond * 100).WithTimeout(time.Second * 2).Equal(42)
-})
-```
-
-### Comparing a pointer with a value
-The linter warns when comparing a pointer with a value.
-These comparisons are always wrong and will always fail.
-
-In case of a positive assertion (`To()` or `Should()`), the test will just fail.
-
-But the main concern is for false positive tests, when using a negative assertion (`NotTo()`, `ToNot()`, `ShouldNot()`,
-`Should(Not())` etc.); e.g.
-```go
-num := 5
-...
-pNum := &num
-...
-Expect(pNum).ShouldNot(Equal(6))
-```
-This assertion will pass, but for the wrong reasons: pNum is not equal 6, not because num == 5, but because pNum is
-a pointer, while `6` is an `int`.
-
-In the case above, the linter will suggest `Expect(pNum).ShouldNot(HaveValue(Equal(6)))`
-
-This is also right for additional matchers: `BeTrue()` and `BeFalse()`, `BeIdenticalTo()`, `BeEquivalentTo()` 
-and `BeNumerically`.
-
-### Missing Assertion Method
-The linter warns when calling an "actual" method (e.g. `Expect()`, `Eventually()` etc.), without an assertion method (e.g 
-`Should()`, `NotTo()` etc.)
-
-For example:
-```go
-// no assertion for the result
-Eventually(doSomething).WithTimeout(time.Seconds * 5).WithPolling(time.Milliseconds * 100)
-```
-
-The linter will not suggest a fix for this warning.
-
-This rule cannot be suppressed.
-
 ## Suppress the linter
 ### Suppress warning from command line
 * Use the `--suppress-len-assertion=true` flag to suppress the wrong length assertion warning
@@ -284,6 +339,8 @@ This rule cannot be suppressed.
 * Use the `--suppress-err-assertion=true` flag to suppress the wrong error assertion warning
 * Use the `--suppress-compare-assertion=true` flag to suppress the wrong comparison assertion warning
 * Use the `--suppress-async-assertion=true` flag to suppress the function call in async assertion warning
+* Use the `--forbid-focus-container=true` flag to activate the focused container assertion (deactivated by default)
+* Use the `--suppress-type-compare-assertion=true` to suppress the type compare assertion warning
 * Use the `--allow-havelen-0=true` flag to avoid warnings about `HaveLen(0)`; Note: this parameter is only supported from
   command line, and not from a comment.
 
@@ -308,6 +365,21 @@ To suppress the wrong async assertion warning, add a comment with (only)
 
 `ginkgo-linter:ignore-async-assert-warning`. 
 
+To supress the focus container warning, add a comment with (only)
+
+`ginkgo-linter:ignore-focus-container-warning`
+
+To suppress the different type comparison, add a comment with (only)
+
+`ginkgo-linter:ignore-type-compare-warning`
+
+Notice that this comment will not work for an anonymous variable container like
+```go
+// ginkgo-linter:ignore-focus-container-warning (not working!!)
+var _ = FDescribe(...)
+```
+In this case, use the file comment (see bellow).
+
 There are two options to use these comments:
 1. If the comment is at the top of the file, supress the warning for the whole file; e.g.:
    ```go
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/ginkgo_linter.go b/vendor/github.com/nunnatsa/ginkgolinter/ginkgo_linter.go
index 2ae6b7751..d1e5164fa 100644
--- a/vendor/github.com/nunnatsa/ginkgolinter/ginkgo_linter.go
+++ b/vendor/github.com/nunnatsa/ginkgolinter/ginkgo_linter.go
@@ -4,19 +4,21 @@ import (
 	"bytes"
 	"flag"
 	"fmt"
-	"github.com/nunnatsa/ginkgolinter/version"
 	"go/ast"
 	"go/constant"
 	"go/printer"
 	"go/token"
 	gotypes "go/types"
+	"reflect"
 
 	"github.com/go-toolsmith/astcopy"
 	"golang.org/x/tools/go/analysis"
 
+	"github.com/nunnatsa/ginkgolinter/ginkgohandler"
 	"github.com/nunnatsa/ginkgolinter/gomegahandler"
 	"github.com/nunnatsa/ginkgolinter/reverseassertion"
 	"github.com/nunnatsa/ginkgolinter/types"
+	"github.com/nunnatsa/ginkgolinter/version"
 )
 
 // The ginkgolinter enforces standards of using ginkgo and gomega.
@@ -35,6 +37,10 @@ const (
 	comparePointerToValue         = linterName + ": comparing a pointer to a value will always fail. consider using `%s` instead"
 	missingAssertionMessage       = linterName + `: %q: missing assertion method. Expected "Should()", "To()", "ShouldNot()", "ToNot()" or "NotTo()"`
 	missingAsyncAssertionMessage  = linterName + `: %q: missing assertion method. Expected "Should()" or "ShouldNot()"`
+	focusContainerFound           = linterName + ": Focus container found. This is used only for local debug and should not be part of the actual source code, consider to replace with %q"
+	focusSpecFound                = linterName + ": Focus spec found. This is used only for local debug and should not be part of the actual source code, consider to remove it"
+	compareDifferentTypes         = linterName + ": use %[1]s with different types: Comparing %[2]s with %[3]s; either change the expected value type if possible, or use the BeEquivalentTo() matcher, instead of %[1]s()"
+	compareInterfaces             = linterName + ": be careful comparing interfaces. This can fail in runtime, if the actual implementing types are different"
 )
 const ( // gomega matchers
 	beEmpty        = "BeEmpty"
@@ -52,6 +58,9 @@ const ( // gomega matchers
 	not            = "Not"
 	omega          = "Ω"
 	succeed        = "Succeed"
+	and            = "And"
+	or             = "Or"
+	withTransform  = "WithTransform"
 )
 
 const ( // gomega actuals
@@ -78,6 +87,7 @@ func NewAnalyzer() *analysis.Analyzer {
 			SuppressNil:     false,
 			SuppressErr:     false,
 			SuppressCompare: false,
+			ForbidFocus:     false,
 			AllowHaveLen0:   false,
 		},
 	}
@@ -88,14 +98,19 @@ func NewAnalyzer() *analysis.Analyzer {
 		Run:  linter.run,
 	}
 
+	var ignored bool
 	a.Flags.Init("ginkgolinter", flag.ExitOnError)
 	a.Flags.Var(&linter.config.SuppressLen, "suppress-len-assertion", "Suppress warning for wrong length assertions")
 	a.Flags.Var(&linter.config.SuppressNil, "suppress-nil-assertion", "Suppress warning for wrong nil assertions")
 	a.Flags.Var(&linter.config.SuppressErr, "suppress-err-assertion", "Suppress warning for wrong error assertions")
 	a.Flags.Var(&linter.config.SuppressCompare, "suppress-compare-assertion", "Suppress warning for wrong comparison assertions")
 	a.Flags.Var(&linter.config.SuppressAsync, "suppress-async-assertion", "Suppress warning for function call in async assertion, like Eventually")
+	a.Flags.Var(&linter.config.SuppressTypeCompare, "suppress-type-compare-assertion", "Suppress warning for comparing values from different types, like int32 and uint32")
 	a.Flags.Var(&linter.config.AllowHaveLen0, "allow-havelen-0", "Do not warn for HaveLen(0); default = false")
 
+	a.Flags.BoolVar(&ignored, "suppress-focus-container", true, "Suppress warning for ginkgo focus containers like FDescribe, FContext, FWhen or FIt. Deprecated and ignored: use --forbid-focus-container instead")
+	a.Flags.Var(&linter.config.ForbidFocus, "forbid-focus-container", "trigger a warning for ginkgo focus containers like FDescribe, FContext, FWhen or FIt; default = false.")
+
 	return a
 }
 
@@ -116,6 +131,11 @@ currently, the linter searches for following:
 * trigger a warning for missing assertion method: [Bug]
 	Eventually(checkSomething)
 
+* trigger a warning when a ginkgo focus container (FDescribe, FContext, FWhen or FIt) is found. [Bug]
+
+* trigger a warning when using the Equal or the BeIdentical matcher with two different types, as these matchers will
+  fail in runtime.
+
 * wrong length assertions. We want to assert the item rather than its length. [Style]
 For example:
 	Expect(len(x)).Should(Equal(1))
@@ -152,12 +172,27 @@ func (l *ginkgoLinter) run(pass *analysis.Pass) (interface{}, error) {
 
 		fileConfig.UpdateFromFile(cm)
 
-		handler := gomegahandler.GetGomegaHandler(file)
-		if handler == nil { // no gomega import => no use in gomega in this file; nothing to do here
+		gomegaHndlr := gomegahandler.GetGomegaHandler(file)
+		ginkgoHndlr := ginkgohandler.GetGinkgoHandler(file)
+
+		if gomegaHndlr == nil && ginkgoHndlr == nil { // no gomega or ginkgo imports => no use in gomega in this file; nothing to do here
 			continue
 		}
 
 		ast.Inspect(file, func(n ast.Node) bool {
+			if ginkgoHndlr != nil && fileConfig.ForbidFocus {
+				spec, ok := n.(*ast.ValueSpec)
+				if ok {
+					for _, val := range spec.Values {
+						if exp, ok := val.(*ast.CallExpr); ok {
+							if checkFocusContainer(pass, ginkgoHndlr, exp) {
+								return true
+							}
+						}
+					}
+				}
+			}
+
 			stmt, ok := n.(*ast.ExprStmt)
 			if !ok {
 				return true
@@ -175,28 +210,62 @@ func (l *ginkgoLinter) run(pass *analysis.Pass) (interface{}, error) {
 				return true
 			}
 
+			if ginkgoHndlr != nil && bool(config.ForbidFocus) && checkFocusContainer(pass, ginkgoHndlr, assertionExp) {
+				return true
+			}
+
+			// no more ginkgo checks. From here it's only gomega. So if there is no gomega handler, exit here. This is
+			// mostly to prevent nil pointer error.
+			if gomegaHndlr == nil {
+				return true
+			}
+
 			assertionFunc, ok := assertionExp.Fun.(*ast.SelectorExpr)
 			if !ok {
-				checkNoAssertion(pass, assertionExp, handler)
+				checkNoAssertion(pass, assertionExp, gomegaHndlr)
 				return true
 			}
 
 			if !isAssertionFunc(assertionFunc.Sel.Name) {
-				checkNoAssertion(pass, assertionExp, handler)
+				checkNoAssertion(pass, assertionExp, gomegaHndlr)
 				return true
 			}
 
-			actualExpr := handler.GetActualExpr(assertionFunc)
+			actualExpr := gomegaHndlr.GetActualExpr(assertionFunc)
 			if actualExpr == nil {
 				return true
 			}
 
-			return checkExpression(pass, config, assertionExp, actualExpr, handler)
+			return checkExpression(pass, config, assertionExp, actualExpr, gomegaHndlr)
 		})
 	}
 	return nil, nil
 }
 
+func checkFocusContainer(pass *analysis.Pass, ginkgoHndlr ginkgohandler.Handler, exp *ast.CallExpr) bool {
+	foundFocus := false
+	isFocus, id := ginkgoHndlr.GetFocusContainerName(exp)
+	if isFocus {
+		reportNewName(pass, id, id.Name[1:], focusContainerFound, id.Name)
+		foundFocus = true
+	}
+
+	if id != nil && ginkgohandler.IsContainer(id) {
+		for _, arg := range exp.Args {
+			if ginkgoHndlr.IsFocusSpec(arg) {
+				reportNoFix(pass, arg.Pos(), focusSpecFound)
+				foundFocus = true
+			} else if callExp, ok := arg.(*ast.CallExpr); ok {
+				if checkFocusContainer(pass, ginkgoHndlr, callExp) { // handle table entries
+					foundFocus = true
+				}
+			}
+		}
+	}
+
+	return foundFocus
+}
+
 func checkExpression(pass *analysis.Pass, config types.Config, assertionExp *ast.CallExpr, actualExpr *ast.CallExpr, handler gomegahandler.Handler) bool {
 	expr := astcopy.CallExpr(assertionExp)
 	oldExpr := goFmt(pass.Fset, expr)
@@ -240,9 +309,153 @@ func checkExpression(pass *analysis.Pass, config types.Config, assertionExp *ast
 
 	} else if checkPointerComparison(pass, config, assertionExp, expr, actualArg, handler, oldExpr) {
 		return false
-	} else {
-		return handleAssertionOnly(pass, config, expr, handler, actualArg, oldExpr, true)
+	} else if !handleAssertionOnly(pass, config, expr, handler, actualArg, oldExpr, true) {
+		return false
+	} else if !config.SuppressTypeCompare {
+		return !checkEqualWrongType(pass, assertionExp, actualArg, handler, oldExpr)
+	}
+
+	return true
+}
+
+func checkEqualWrongType(pass *analysis.Pass, origExp *ast.CallExpr, actualArg ast.Expr, handler gomegahandler.Handler, old string) bool {
+	matcher, ok := origExp.Args[0].(*ast.CallExpr)
+	if !ok {
+		return false
+	}
+
+	return checkEqualDifferentTypes(pass, matcher, actualArg, handler, old, false)
+}
+
+func checkEqualDifferentTypes(pass *analysis.Pass, matcher *ast.CallExpr, actualArg ast.Expr, handler gomegahandler.Handler, old string, parentPointer bool) bool {
+	matcherFuncName, ok := handler.GetActualFuncName(matcher)
+	if !ok {
+		return false
+	}
+
+	actualType := pass.TypesInfo.TypeOf(actualArg)
+
+	switch matcherFuncName {
+	case equal, beIdenticalTo: // continue
+	case and, or:
+		foundIssue := false
+		for _, nestedExp := range matcher.Args {
+			nested, ok := nestedExp.(*ast.CallExpr)
+			if !ok {
+				continue
+			}
+			if checkEqualDifferentTypes(pass, nested, actualArg, handler, old, parentPointer) {
+				foundIssue = true
+			}
+		}
+
+		return foundIssue
+	case withTransform:
+		nested, ok := matcher.Args[1].(*ast.CallExpr)
+		if !ok {
+			return false
+		}
+
+		matcherFuncName, ok = handler.GetActualFuncName(nested)
+		switch matcherFuncName {
+		case equal, beIdenticalTo:
+		case not:
+			return checkEqualDifferentTypes(pass, nested, actualArg, handler, old, parentPointer)
+		default:
+			return false
+		}
+
+		if t := getFuncType(pass, matcher.Args[0]); t != nil {
+			actualType = t
+			matcher = nested
+
+			if !ok {
+				return false
+			}
+		} else {
+			return checkEqualDifferentTypes(pass, nested, actualArg, handler, old, parentPointer)
+		}
+
+	case not:
+		nested, ok := matcher.Args[0].(*ast.CallExpr)
+		if !ok {
+			return false
+		}
+
+		return checkEqualDifferentTypes(pass, nested, actualArg, handler, old, parentPointer)
+
+	case haveValue:
+		nested, ok := matcher.Args[0].(*ast.CallExpr)
+		if !ok {
+			return false
+		}
+
+		return checkEqualDifferentTypes(pass, nested, actualArg, handler, old, true)
+	default:
+		return false
+	}
+
+	matcherValue := matcher.Args[0]
+
+	switch act := actualType.(type) {
+	case *gotypes.Tuple:
+		actualType = act.At(0).Type()
+	case *gotypes.Pointer:
+		if parentPointer {
+			actualType = act.Elem()
+		}
+	}
+
+	matcherType := pass.TypesInfo.TypeOf(matcherValue)
+
+	if !reflect.DeepEqual(matcherType, actualType) {
+		// Equal can handle comparison of interface and a value that implements it
+		if isImplementing(matcherType, actualType) || isImplementing(actualType, matcherType) {
+			return false
+		}
+
+		reportNoFix(pass, matcher.Pos(), compareDifferentTypes, matcherFuncName, actualType, matcherType)
+		return true
 	}
+
+	return false
+}
+
+func getFuncType(pass *analysis.Pass, expr ast.Expr) gotypes.Type {
+	switch f := expr.(type) {
+	case *ast.FuncLit:
+		if f.Type != nil && f.Type.Results != nil && len(f.Type.Results.List) > 0 {
+			return pass.TypesInfo.TypeOf(f.Type.Results.List[0].Type)
+		}
+	case *ast.Ident:
+		a := pass.TypesInfo.TypeOf(f)
+		if sig, ok := a.(*gotypes.Signature); ok && sig.Results().Len() > 0 {
+			return sig.Results().At(0).Type()
+		}
+	}
+
+	return nil
+}
+
+func isImplementing(ifs, impl gotypes.Type) bool {
+	if gotypes.IsInterface(ifs) {
+
+		var (
+			theIfs *gotypes.Interface
+			ok     bool
+		)
+
+		for {
+			theIfs, ok = ifs.(*gotypes.Interface)
+			if ok {
+				break
+			}
+			ifs = ifs.Underlying()
+		}
+
+		return gotypes.Implements(impl, theIfs)
+	}
+	return false
 }
 
 // be careful - never change origExp!!! only modify its clone, expr!!!
@@ -333,10 +546,7 @@ func checkAsyncAssertion(pass *analysis.Pass, config types.Config, expr *ast.Cal
 		if len(actualExpr.Args) > funcIndex {
 			if fun, funcCall := actualExpr.Args[funcIndex].(*ast.CallExpr); funcCall {
 				t = pass.TypesInfo.TypeOf(fun)
-				switch t.(type) {
-				// allow functions that return function or channel.
-				case *gotypes.Signature, *gotypes.Chan, *gotypes.Pointer:
-				default:
+				if !isValidAsyncValueType(t) {
 					actualExpr = handler.GetActualExpr(expr.Fun.(*ast.SelectorExpr))
 
 					if len(fun.Args) > 0 {
@@ -371,6 +581,18 @@ func checkAsyncAssertion(pass *analysis.Pass, config types.Config, expr *ast.Cal
 	return true
 }
 
+func isValidAsyncValueType(t gotypes.Type) bool {
+	switch t.(type) {
+	// allow functions that return function or channel.
+	case *gotypes.Signature, *gotypes.Chan, *gotypes.Pointer:
+		return true
+	case *gotypes.Named:
+		return isValidAsyncValueType(t.Underlying())
+	}
+
+	return false
+}
+
 func startCheckComparison(exp *ast.CallExpr, handler gomegahandler.Handler) (*ast.CallExpr, bool) {
 	matcher, ok := exp.Args[0].(*ast.CallExpr)
 	if !ok {
@@ -959,7 +1181,7 @@ func reportNilAssertion(pass *analysis.Pass, expr *ast.CallExpr, handler gomegah
 	report(pass, expr, template, oldExpr)
 }
 
-func report(pass *analysis.Pass, expr *ast.CallExpr, messageTemplate, oldExpr string) {
+func report(pass *analysis.Pass, expr ast.Expr, messageTemplate, oldExpr string) {
 	newExp := goFmt(pass.Fset, expr)
 	pass.Report(analysis.Diagnostic{
 		Pos:     expr.Pos(),
@@ -979,6 +1201,25 @@ func report(pass *analysis.Pass, expr *ast.CallExpr, messageTemplate, oldExpr st
 	})
 }
 
+func reportNewName(pass *analysis.Pass, id *ast.Ident, newName string, messageTemplate, oldExpr string) {
+	pass.Report(analysis.Diagnostic{
+		Pos:     id.Pos(),
+		Message: fmt.Sprintf(messageTemplate, newName),
+		SuggestedFixes: []analysis.SuggestedFix{
+			{
+				Message: fmt.Sprintf("should replace %s with %s", oldExpr, newName),
+				TextEdits: []analysis.TextEdit{
+					{
+						Pos:     id.Pos(),
+						End:     id.End(),
+						NewText: []byte(newName),
+					},
+				},
+			},
+		},
+	})
+}
+
 func reportNoFix(pass *analysis.Pass, pos token.Pos, message string, args ...any) {
 	if len(args) > 0 {
 		message = fmt.Sprintf(message, args...)
@@ -1094,8 +1335,7 @@ func isPointer(pass *analysis.Pass, expr ast.Expr) bool {
 
 func isInterface(pass *analysis.Pass, expr ast.Expr) bool {
 	t := pass.TypesInfo.TypeOf(expr)
-	_, ok := t.(*gotypes.Named)
-	return ok
+	return gotypes.IsInterface(t)
 }
 
 func isNumeric(pass *analysis.Pass, node ast.Expr) bool {
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/ginkgohandler/handler.go b/vendor/github.com/nunnatsa/ginkgolinter/ginkgohandler/handler.go
new file mode 100644
index 000000000..c0829c469
--- /dev/null
+++ b/vendor/github.com/nunnatsa/ginkgolinter/ginkgohandler/handler.go
@@ -0,0 +1,97 @@
+package ginkgohandler
+
+import (
+	"go/ast"
+)
+
+const (
+	importPath   = `"github.com/onsi/ginkgo"`
+	importPathV2 = `"github.com/onsi/ginkgo/v2"`
+
+	focusSpec = "Focus"
+)
+
+// Handler provide different handling, depend on the way ginkgo was imported, whether
+// in imported with "." name, custom name or without any name.
+type Handler interface {
+	GetFocusContainerName(*ast.CallExpr) (bool, *ast.Ident)
+	IsFocusSpec(ident ast.Expr) bool
+}
+
+// GetGinkgoHandler returns a ginkgor handler according to the way ginkgo was imported in the specific file
+func GetGinkgoHandler(file *ast.File) Handler {
+	for _, imp := range file.Imports {
+		if imp.Path.Value != importPath && imp.Path.Value != importPathV2 {
+			continue
+		}
+
+		switch name := imp.Name.String(); {
+		case name == ".":
+			return dotHandler{}
+		case name == "<nil>": // import with no local name
+			return nameHandler("ginkgo")
+		default:
+			return nameHandler(name)
+		}
+	}
+
+	return nil // no ginkgo import; this file does not use ginkgo
+}
+
+// dotHandler is used when importing ginkgo with dot; i.e.
+// import . "github.com/onsi/ginkgo"
+type dotHandler struct{}
+
+func (h dotHandler) GetFocusContainerName(exp *ast.CallExpr) (bool, *ast.Ident) {
+	if fun, ok := exp.Fun.(*ast.Ident); ok {
+		return isFocusContainer(fun.Name), fun
+	}
+	return false, nil
+}
+
+func (h dotHandler) IsFocusSpec(exp ast.Expr) bool {
+	id, ok := exp.(*ast.Ident)
+	return ok && id.Name == focusSpec
+}
+
+// nameHandler is used when importing ginkgo without name; i.e.
+// import "github.com/onsi/ginkgo"
+//
+// or with a custom name; e.g.
+// import customname "github.com/onsi/ginkgo"
+type nameHandler string
+
+func (h nameHandler) GetFocusContainerName(exp *ast.CallExpr) (bool, *ast.Ident) {
+	if sel, ok := exp.Fun.(*ast.SelectorExpr); ok {
+		if id, ok := sel.X.(*ast.Ident); ok && id.Name == string(h) {
+			return isFocusContainer(sel.Sel.Name), sel.Sel
+		}
+	}
+	return false, nil
+}
+
+func (h nameHandler) IsFocusSpec(exp ast.Expr) bool {
+	if selExp, ok := exp.(*ast.SelectorExpr); ok {
+		if x, ok := selExp.X.(*ast.Ident); ok && x.Name == string(h) {
+			return selExp.Sel.Name == focusSpec
+		}
+	}
+
+	return false
+}
+
+func isFocusContainer(name string) bool {
+	switch name {
+	case "FDescribe", "FContext", "FWhen", "FIt", "FDescribeTable", "FEntry":
+		return true
+	}
+	return false
+}
+
+func IsContainer(id *ast.Ident) bool {
+	switch id.Name {
+	case "It", "When", "Context", "Describe", "DescribeTable", "Entry":
+		return true
+	}
+	return isFocusContainer(id.Name)
+}
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/gomegahandler/handler.go b/vendor/github.com/nunnatsa/ginkgolinter/gomegahandler/handler.go
index 1e8765148..0c34cb7c1 100644
--- a/vendor/github.com/nunnatsa/ginkgolinter/gomegahandler/handler.go
+++ b/vendor/github.com/nunnatsa/ginkgolinter/gomegahandler/handler.go
@@ -52,11 +52,12 @@ func (h dotHandler) GetActualFuncName(expr *ast.CallExpr) (string, bool) {
 	case *ast.SelectorExpr:
 		if isGomegaVar(actualFunc.X, h) {
 			return actualFunc.Sel.Name, true
-		} else {
-			if x, ok := actualFunc.X.(*ast.CallExpr); ok {
-				return h.GetActualFuncName(x)
-			}
 		}
+
+		if x, ok := actualFunc.X.(*ast.CallExpr); ok {
+			return h.GetActualFuncName(x)
+		}
+
 	case *ast.CallExpr:
 		return h.GetActualFuncName(actualFunc)
 	}
diff --git a/vendor/github.com/nunnatsa/ginkgolinter/types/config.go b/vendor/github.com/nunnatsa/ginkgolinter/types/config.go
index 43145d847..6de22738d 100644
--- a/vendor/github.com/nunnatsa/ginkgolinter/types/config.go
+++ b/vendor/github.com/nunnatsa/ginkgolinter/types/config.go
@@ -13,29 +13,35 @@ const (
 	suppressErrAssertionWarning     = suppressPrefix + "ignore-err-assert-warning"
 	suppressCompareAssertionWarning = suppressPrefix + "ignore-compare-assert-warning"
 	suppressAsyncAsertWarning       = suppressPrefix + "ignore-async-assert-warning"
+	suppressFocusContainerWarning   = suppressPrefix + "ignore-focus-container-warning"
+	suppressTypeCompareWarning      = suppressPrefix + "ignore-type-compare-warning"
 )
 
 type Config struct {
-	SuppressLen     Boolean
-	SuppressNil     Boolean
-	SuppressErr     Boolean
-	SuppressCompare Boolean
-	SuppressAsync   Boolean
-	AllowHaveLen0   Boolean
+	SuppressLen         Boolean
+	SuppressNil         Boolean
+	SuppressErr         Boolean
+	SuppressCompare     Boolean
+	SuppressAsync       Boolean
+	ForbidFocus         Boolean
+	SuppressTypeCompare Boolean
+	AllowHaveLen0       Boolean
 }
 
 func (s *Config) AllTrue() bool {
-	return bool(s.SuppressLen && s.SuppressNil && s.SuppressErr && s.SuppressCompare && s.SuppressAsync)
+	return bool(s.SuppressLen && s.SuppressNil && s.SuppressErr && s.SuppressCompare && s.SuppressAsync && !s.ForbidFocus)
 }
 
 func (s *Config) Clone() Config {
 	return Config{
-		SuppressLen:     s.SuppressLen,
-		SuppressNil:     s.SuppressNil,
-		SuppressErr:     s.SuppressErr,
-		SuppressCompare: s.SuppressCompare,
-		SuppressAsync:   s.SuppressAsync,
-		AllowHaveLen0:   s.AllowHaveLen0,
+		SuppressLen:         s.SuppressLen,
+		SuppressNil:         s.SuppressNil,
+		SuppressErr:         s.SuppressErr,
+		SuppressCompare:     s.SuppressCompare,
+		SuppressAsync:       s.SuppressAsync,
+		ForbidFocus:         s.ForbidFocus,
+		SuppressTypeCompare: s.SuppressTypeCompare,
+		AllowHaveLen0:       s.AllowHaveLen0,
 	}
 }
 
@@ -53,11 +59,22 @@ func (s *Config) UpdateFromComment(commentGroup []*ast.CommentGroup) {
 				comment = strings.TrimSuffix(comment, "*/")
 				comment = strings.TrimSpace(comment)
 
-				s.SuppressLen = s.SuppressLen || (comment == suppressLengthAssertionWarning)
-				s.SuppressNil = s.SuppressNil || (comment == suppressNilAssertionWarning)
-				s.SuppressErr = s.SuppressErr || (comment == suppressErrAssertionWarning)
-				s.SuppressCompare = s.SuppressCompare || (comment == suppressCompareAssertionWarning)
-				s.SuppressAsync = s.SuppressAsync || (comment == suppressAsyncAsertWarning)
+				switch comment {
+				case suppressLengthAssertionWarning:
+					s.SuppressLen = true
+				case suppressNilAssertionWarning:
+					s.SuppressNil = true
+				case suppressErrAssertionWarning:
+					s.SuppressErr = true
+				case suppressCompareAssertionWarning:
+					s.SuppressCompare = true
+				case suppressAsyncAsertWarning:
+					s.SuppressAsync = true
+				case suppressFocusContainerWarning:
+					s.ForbidFocus = false
+				case suppressTypeCompareWarning:
+					s.SuppressTypeCompare = true
+				}
 			}
 		}
 	}
diff --git a/vendor/github.com/docker/distribution/digestset/set.go b/vendor/github.com/opencontainers/go-digest/digestset/set.go
similarity index 91%
rename from vendor/github.com/docker/distribution/digestset/set.go
rename to vendor/github.com/opencontainers/go-digest/digestset/set.go
index 71327dca7..71f24184c 100644
--- a/vendor/github.com/docker/distribution/digestset/set.go
+++ b/vendor/github.com/opencontainers/go-digest/digestset/set.go
@@ -1,3 +1,18 @@
+// Copyright 2020, 2020 OCI Contributors
+// Copyright 2017 Docker, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package digestset
 
 import (
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
index 3004e9a40..1881b1181 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
@@ -21,7 +21,7 @@ import digest "github.com/opencontainers/go-digest"
 // when marshalled to JSON.
 type Descriptor struct {
 	// MediaType is the media type of the object this schema refers to.
-	MediaType string `json:"mediaType,omitempty"`
+	MediaType string `json:"mediaType"`
 
 	// Digest is the digest of the targeted content.
 	Digest digest.Digest `json:"digest"`
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
index fc79e9e0d..c5503cb30 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
@@ -15,10 +15,14 @@
 package v1
 
 const (
-	// ImageLayoutFile is the file name of oci image layout file
+	// ImageLayoutFile is the file name containing ImageLayout in an OCI Image Layout
 	ImageLayoutFile = "oci-layout"
 	// ImageLayoutVersion is the version of ImageLayout
 	ImageLayoutVersion = "1.0.0"
+	// ImageIndexFile is the file name of the entry point for references and descriptors in an OCI Image Layout
+	ImageIndexFile = "index.json"
+	// ImageBlobsDir is the directory name containing content addressable blobs in an OCI Image Layout
+	ImageBlobsDir = "blobs"
 )
 
 // ImageLayout is the structure in the "oci-layout" file, found in the root
diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
index e3b7ac03a..11e09b584 100644
--- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go
+++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go
@@ -25,7 +25,7 @@ const (
 	VersionPatch = 0
 
 	// VersionDev indicates development branch. Releases will be empty string.
-	VersionDev = "-rc.4"
+	VersionDev = "-rc.5"
 )
 
 // Version is the specification version that the package types support.
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/ap_group.go b/vendor/github.com/paultyng/go-unifi/unifi/ap_group.go
index 34e3f8da3..5e02d34c6 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/ap_group.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/ap_group.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 )
 
-// just to fix compile issues with the import
+// just to fix compile issues with the import.
 var (
 	_ fmt.Formatter
 	_ context.Context
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
index 4ffd88c5b..ef141eded 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/device.generated.go
@@ -82,7 +82,8 @@ type Device struct {
 	OutletOverrides             []DeviceOutletOverrides           `json:"outlet_overrides,omitempty"`
 	OutletPowerCycleEnabled     bool                              `json:"outlet_power_cycle_enabled,omitempty"`
 	PortOverrides               []DevicePortOverrides             `json:"port_overrides"`
-	PowerSourceCtrl             string                            `json:"power_source_ctrl,omitempty"` // auto|8023af|8023at|8023bt-type3|8023bt-type4|pasv24|poe-injector|ac|adapter|dc|rps
+	PowerSourceCtrl             string                            `json:"power_source_ctrl,omitempty"`        // auto|8023af|8023at|8023bt-type3|8023bt-type4|pasv24|poe-injector|ac|adapter|dc|rps
+	PowerSourceCtrlBudget       int                               `json:"power_source_ctrl_budget,omitempty"` // [0-9]|[1-9][0-9]|[1-9][0-9][0-9]
 	PowerSourceCtrlEnabled      bool                              `json:"power_source_ctrl_enabled,omitempty"`
 	RADIUSProfileID             string                            `json:"radiusprofile_id,omitempty"`
 	RadioTable                  []DeviceRadioTable                `json:"radio_table,omitempty"`
@@ -97,7 +98,6 @@ type Device struct {
 	Type                        string                            `json:"type,omitempty"`
 	UbbPairName                 string                            `json:"ubb_pair_name,omitempty"` // .{1,128}
 	Volume                      int                               `json:"volume,omitempty"`        // [0-9]|[1-9][0-9]|100
-	WLANOverrides               []DeviceWLANOverrides             `json:"wlan_overrides,omitempty"`
 	X                           float64                           `json:"x,omitempty"`
 	XBaresipPassword            string                            `json:"x_baresip_password,omitempty"` // ^[a-zA-Z0-9_.\-!~*'()]*
 	Y                           float64                           `json:"y,omitempty"`
@@ -115,6 +115,7 @@ func (dst *Device) UnmarshalJSON(b []byte) error {
 		LtePoe                     booleanishString `json:"lte_poe"`
 		LteSimPin                  emptyStringInt   `json:"lte_sim_pin"`
 		LteSoftLimit               emptyStringInt   `json:"lte_soft_limit"`
+		PowerSourceCtrlBudget      emptyStringInt   `json:"power_source_ctrl_budget"`
 		StpPriority                numberOrString   `json:"stp_priority"`
 		Volume                     emptyStringInt   `json:"volume"`
 
@@ -136,6 +137,7 @@ func (dst *Device) UnmarshalJSON(b []byte) error {
 	dst.LtePoe = bool(aux.LtePoe)
 	dst.LteSimPin = int(aux.LteSimPin)
 	dst.LteSoftLimit = int(aux.LteSoftLimit)
+	dst.PowerSourceCtrlBudget = int(aux.PowerSourceCtrlBudget)
 	dst.StpPriority = string(aux.StpPriority)
 	dst.Volume = int(aux.Volume)
 
@@ -237,46 +239,47 @@ func (dst *DeviceOutletOverrides) UnmarshalJSON(b []byte) error {
 }
 
 type DevicePortOverrides struct {
-	AggregateNumPorts                 int      `json:"aggregate_num_ports,omitempty"` // [2-8]
-	Autoneg                           bool     `json:"autoneg,omitempty"`
-	Dot1XCtrl                         string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
-	Dot1XIDleTimeout                  int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
-	EgressRateLimitKbps               int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
-	EgressRateLimitKbpsEnabled        bool     `json:"egress_rate_limit_kbps_enabled,omitempty"`
-	ExcludedNetworkIDs                []string `json:"excluded_networkconf_ids,omitempty"`
-	Forward                           string   `json:"forward,omitempty"` // all|native|customize|disabled
-	FullDuplex                        bool     `json:"full_duplex,omitempty"`
-	Isolation                         bool     `json:"isolation,omitempty"`
-	LldpmedEnabled                    bool     `json:"lldpmed_enabled,omitempty"`
-	LldpmedNotifyEnabled              bool     `json:"lldpmed_notify_enabled,omitempty"`
-	MirrorPortIDX                     int      `json:"mirror_port_idx,omitempty"` // [1-9]|[1-4][0-9]|5[0-2]
-	NATiveNetworkID                   string   `json:"native_networkconf_id,omitempty"`
-	Name                              string   `json:"name,omitempty"`        // .{0,128}
-	OpMode                            string   `json:"op_mode,omitempty"`     // switch|mirror|aggregate
-	PoeMode                           string   `json:"poe_mode,omitempty"`    // auto|pasv24|passthrough|off
-	PortIDX                           int      `json:"port_idx,omitempty"`    // [1-9]|[1-4][0-9]|5[0-2]
-	PortProfileID                     string   `json:"portconf_id,omitempty"` // [\d\w]+
-	PortSecurityEnabled               bool     `json:"port_security_enabled,omitempty"`
-	PortSecurityMACAddress            []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
-	PriorityQueue1Level               int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue2Level               int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue3Level               int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue4Level               int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	SettingPreference                 string   `json:"setting_preference,omitempty"`        // auto|manual
-	ShowTrafficRestrictionAsAllowlist bool     `json:"show_traffic_restriction_as_allowlist,omitempty"`
-	Speed                             int      `json:"speed,omitempty"` // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
-	StormctrlBroadcastastEnabled      bool     `json:"stormctrl_bcast_enabled,omitempty"`
-	StormctrlBroadcastastLevel        int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlBroadcastastRate         int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlMcastEnabled             bool     `json:"stormctrl_mcast_enabled,omitempty"`
-	StormctrlMcastLevel               int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlMcastRate                int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlType                     string   `json:"stormctrl_type,omitempty"`        // level|rate
-	StormctrlUcastEnabled             bool     `json:"stormctrl_ucast_enabled,omitempty"`
-	StormctrlUcastLevel               int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlUcastRate                int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StpPortMode                       bool     `json:"stp_port_mode,omitempty"`
-	VoiceNetworkID                    string   `json:"voice_networkconf_id,omitempty"`
+	AggregateNumPorts            int      `json:"aggregate_num_ports,omitempty"` // [2-8]
+	Autoneg                      bool     `json:"autoneg,omitempty"`
+	Dot1XCtrl                    string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
+	Dot1XIDleTimeout             int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
+	EgressRateLimitKbps          int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
+	EgressRateLimitKbpsEnabled   bool     `json:"egress_rate_limit_kbps_enabled,omitempty"`
+	ExcludedNetworkIDs           []string `json:"excluded_networkconf_ids,omitempty"`
+	Forward                      string   `json:"forward,omitempty"` // all|native|customize|disabled
+	FullDuplex                   bool     `json:"full_duplex,omitempty"`
+	Isolation                    bool     `json:"isolation,omitempty"`
+	LldpmedEnabled               bool     `json:"lldpmed_enabled,omitempty"`
+	LldpmedNotifyEnabled         bool     `json:"lldpmed_notify_enabled,omitempty"`
+	MirrorPortIDX                int      `json:"mirror_port_idx,omitempty"` // [1-9]|[1-4][0-9]|5[0-2]
+	NATiveNetworkID              string   `json:"native_networkconf_id,omitempty"`
+	Name                         string   `json:"name,omitempty"`     // .{0,128}
+	OpMode                       string   `json:"op_mode,omitempty"`  // switch|mirror|aggregate
+	PoeMode                      string   `json:"poe_mode,omitempty"` // auto|pasv24|passthrough|off
+	PortIDX                      int      `json:"port_idx,omitempty"` // [1-9]|[1-4][0-9]|5[0-2]
+	PortKeepaliveEnabled         bool     `json:"port_keepalive_enabled,omitempty"`
+	PortProfileID                string   `json:"portconf_id,omitempty"` // [\d\w]+
+	PortSecurityEnabled          bool     `json:"port_security_enabled,omitempty"`
+	PortSecurityMACAddress       []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
+	PriorityQueue1Level          int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue2Level          int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue3Level          int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue4Level          int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	SettingPreference            string   `json:"setting_preference,omitempty"`        // auto|manual
+	Speed                        int      `json:"speed,omitempty"`                     // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
+	StormctrlBroadcastastEnabled bool     `json:"stormctrl_bcast_enabled,omitempty"`
+	StormctrlBroadcastastLevel   int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlBroadcastastRate    int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlMcastEnabled        bool     `json:"stormctrl_mcast_enabled,omitempty"`
+	StormctrlMcastLevel          int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlMcastRate           int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlType                string   `json:"stormctrl_type,omitempty"`        // level|rate
+	StormctrlUcastEnabled        bool     `json:"stormctrl_ucast_enabled,omitempty"`
+	StormctrlUcastLevel          int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlUcastRate           int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StpPortMode                  bool     `json:"stp_port_mode,omitempty"`
+	TaggedVLANMgmt               string   `json:"tagged_vlan_mgmt,omitempty"` // auto|block_all|custom
+	VoiceNetworkID               string   `json:"voice_networkconf_id,omitempty"`
 }
 
 func (dst *DevicePortOverrides) UnmarshalJSON(b []byte) error {
@@ -328,24 +331,47 @@ func (dst *DevicePortOverrides) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
+type DeviceRadioIDentifiers struct {
+	DeviceID  string `json:"device_id,omitempty"`
+	RadioName string `json:"radio_name,omitempty"`
+}
+
+func (dst *DeviceRadioIDentifiers) UnmarshalJSON(b []byte) error {
+	type Alias DeviceRadioIDentifiers
+	aux := &struct {
+		*Alias
+	}{
+		Alias: (*Alias)(dst),
+	}
+
+	err := json.Unmarshal(b, &aux)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal alias: %w", err)
+	}
+
+	return nil
+}
+
 type DeviceRadioTable struct {
-	AntennaGain           int    `json:"antenna_gain,omitempty"`   // ^-?([0-9]|[1-9][0-9])
-	AntennaID             int    `json:"antenna_id,omitempty"`     // -1|[0-9]
-	BackupChannel         string `json:"backup_channel,omitempty"` // [0-9]|[1][0-4]|4.5|5|16|21|33|34|36|37|38|40|41|42|44|45|46|48|49|52|53|56|57|60|61|64|65|69|73|77|81|85|89|93|97|100|101|104|105|108|109|112|113|117|116|120|121|124|125|128|129|132|133|136|137|140|141|144|145|149|153|157|161|165|169|173|177|181|183|184|185|187|188|189|192|193|196|197|201|205|209|213|217|221|225|229|233|auto
-	Channel               string `json:"channel,omitempty"`        // [0-9]|[1][0-4]|4.5|5|16|21|33|34|36|37|38|40|41|42|44|45|46|48|49|52|53|56|57|60|61|64|65|69|73|77|81|85|89|93|97|100|101|104|105|108|109|112|113|117|116|120|121|124|125|128|129|132|133|136|137|140|141|144|145|149|153|157|161|165|169|173|177|181|183|184|185|187|188|189|192|193|196|197|201|205|209|213|217|221|225|229|233|auto
-	HardNoiseFloorEnabled bool   `json:"hard_noise_floor_enabled,omitempty"`
-	Ht                    int    `json:"ht,omitempty"` // 20|40|80|160|1080|2160|4320
-	LoadbalanceEnabled    bool   `json:"loadbalance_enabled,omitempty"`
-	Maxsta                int    `json:"maxsta,omitempty"`   // [1-9]|[1-9][0-9]|1[0-9]{2}|200|^$
-	MinRssi               int    `json:"min_rssi,omitempty"` // ^-(6[7-9]|[7-8][0-9]|90)$
-	MinRssiEnabled        bool   `json:"min_rssi_enabled,omitempty"`
-	Name                  string `json:"name,omitempty"`
-	Radio                 string `json:"radio,omitempty"`      // ng|na|ad|6e
-	SensLevel             int    `json:"sens_level,omitempty"` // ^-([5-8][0-9]|90)$
-	SensLevelEnabled      bool   `json:"sens_level_enabled,omitempty"`
-	TxPower               string `json:"tx_power,omitempty"`      // [\d]+|auto
-	TxPowerMode           string `json:"tx_power_mode,omitempty"` // auto|medium|high|low|custom
-	VwireEnabled          bool   `json:"vwire_enabled,omitempty"`
+	AntennaGain                int                      `json:"antenna_gain,omitempty"`   // ^-?([0-9]|[1-9][0-9])
+	AntennaID                  int                      `json:"antenna_id,omitempty"`     // -1|[0-9]
+	BackupChannel              string                   `json:"backup_channel,omitempty"` // [0-9]|[1][0-4]|4.5|5|16|21|33|34|36|37|38|40|41|42|44|45|46|48|49|52|53|56|57|60|61|64|65|69|73|77|81|85|89|93|97|100|101|104|105|108|109|112|113|117|116|120|121|124|125|128|129|132|133|136|137|140|141|144|145|149|153|157|161|165|169|173|177|181|183|184|185|187|188|189|192|193|196|197|201|205|209|213|217|221|225|229|233|auto
+	Channel                    string                   `json:"channel,omitempty"`        // [0-9]|[1][0-4]|4.5|5|16|21|33|34|36|37|38|40|41|42|44|45|46|48|49|52|53|56|57|60|61|64|65|69|73|77|81|85|89|93|97|100|101|104|105|108|109|112|113|117|116|120|121|124|125|128|129|132|133|136|137|140|141|144|145|149|153|157|161|165|169|173|177|181|183|184|185|187|188|189|192|193|196|197|201|205|209|213|217|221|225|229|233|auto
+	ChannelOptimizationEnabled bool                     `json:"channel_optimization_enabled,omitempty"`
+	HardNoiseFloorEnabled      bool                     `json:"hard_noise_floor_enabled,omitempty"`
+	Ht                         int                      `json:"ht,omitempty"` // 20|40|80|160|240|320|1080|2160|4320
+	LoadbalanceEnabled         bool                     `json:"loadbalance_enabled,omitempty"`
+	Maxsta                     int                      `json:"maxsta,omitempty"`   // [1-9]|[1-9][0-9]|1[0-9]{2}|200|^$
+	MinRssi                    int                      `json:"min_rssi,omitempty"` // ^-(6[7-9]|[7-8][0-9]|90)$
+	MinRssiEnabled             bool                     `json:"min_rssi_enabled,omitempty"`
+	Name                       string                   `json:"name,omitempty"`
+	Radio                      string                   `json:"radio,omitempty"` // ng|na|ad|6e
+	RadioIDentifiers           []DeviceRadioIDentifiers `json:"radio_identifiers,omitempty"`
+	SensLevel                  int                      `json:"sens_level,omitempty"` // ^-([5-8][0-9]|90)$
+	SensLevelEnabled           bool                     `json:"sens_level_enabled,omitempty"`
+	TxPower                    string                   `json:"tx_power,omitempty"`      // [\d]+|auto
+	TxPowerMode                string                   `json:"tx_power_mode,omitempty"` // auto|medium|high|low|custom
+	VwireEnabled               bool                     `json:"vwire_enabled,omitempty"`
 }
 
 func (dst *DeviceRadioTable) UnmarshalJSON(b []byte) error {
@@ -429,38 +455,6 @@ func (dst *DeviceRpsPortTable) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-type DeviceWLANOverrides struct {
-	Enabled            bool   `json:"enabled,omitempty"`
-	Name               string `json:"name,omitempty"` // .{1,32}
-	NameCombineEnabled bool   `json:"name_combine_enabled,omitempty"`
-	NameCombineSuffix  string `json:"name_combine_suffix,omitempty"` // .{0,8}
-	Radio              string `json:"radio,omitempty"`               // ng|na
-	RadioName          string `json:"radio_name,omitempty"`
-	VLAN               int    `json:"vlan,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-5]|^$
-	VLANEnabled        bool   `json:"vlan_enabled,omitempty"`
-	WLANID             string `json:"wlan_id,omitempty"`      // [\d\w]+
-	XPassphrase        string `json:"x_passphrase,omitempty"` // [\x20-\x7E]{8,255}|[0-9a-fA-F]{64}
-}
-
-func (dst *DeviceWLANOverrides) UnmarshalJSON(b []byte) error {
-	type Alias DeviceWLANOverrides
-	aux := &struct {
-		VLAN emptyStringInt `json:"vlan"`
-
-		*Alias
-	}{
-		Alias: (*Alias)(dst),
-	}
-
-	err := json.Unmarshal(b, &aux)
-	if err != nil {
-		return fmt.Errorf("unable to unmarshal alias: %w", err)
-	}
-	dst.VLAN = int(aux.VLAN)
-
-	return nil
-}
-
 func (c *Client) listDevice(ctx context.Context, site string) ([]Device, error) {
 	var respBody struct {
 		Meta meta     `json:"meta"`
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/device.go b/vendor/github.com/paultyng/go-unifi/unifi/device.go
index 3e78dbfbb..d3ecfa638 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/device.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/device.go
@@ -45,7 +45,6 @@ func (c *Client) UpdateDevice(ctx context.Context, site string, d *Device) (*Dev
 
 func (c *Client) GetDevice(ctx context.Context, site, id string) (*Device, error) {
 	devices, err := c.ListDevice(ctx, site)
-
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/firewall_rule.go b/vendor/github.com/paultyng/go-unifi/unifi/firewall_rule.go
index 361ed886d..8a1c929f6 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/firewall_rule.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/firewall_rule.go
@@ -2,8 +2,14 @@ package unifi
 
 import (
 	"context"
+	"fmt"
 )
 
+type FirewallRuleIndexUpdate struct {
+	ID        string `json:"_id"`
+	RuleIndex int    `json:"rule_index,string"`
+}
+
 func (c *Client) ListFirewallRule(ctx context.Context, site string) ([]FirewallRule, error) {
 	return c.listFirewallRule(ctx, site)
 }
@@ -23,3 +29,21 @@ func (c *Client) CreateFirewallRule(ctx context.Context, site string, d *Firewal
 func (c *Client) UpdateFirewallRule(ctx context.Context, site string, d *FirewallRule) (*FirewallRule, error) {
 	return c.updateFirewallRule(ctx, site, d)
 }
+
+func (c *Client) ReorderFirewallRules(ctx context.Context, site, ruleset string, reorder []FirewallRuleIndexUpdate) error {
+	reqBody := struct {
+		Cmd     string                    `json:"cmd"`
+		Ruleset string                    `json:"ruleset"`
+		Rules   []FirewallRuleIndexUpdate `json:"rules"`
+	}{
+		Cmd:     "reorder",
+		Ruleset: ruleset,
+		Rules:   reorder,
+	}
+	err := c.do(ctx, "POST", fmt.Sprintf("s/%s/cmd/firewall", site), reqBody, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
index 3774c62ac..8a807977a 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/network.generated.go
@@ -25,216 +25,266 @@ type Network struct {
 	NoDelete bool   `json:"attr_no_delete,omitempty"`
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
-	AutoScaleEnabled             bool                            `json:"auto_scale_enabled"`
-	DHCPDBootEnabled             bool                            `json:"dhcpd_boot_enabled"`
-	DHCPDBootFilename            string                          `json:"dhcpd_boot_filename,omitempty"` // .{1,256}
-	DHCPDBootServer              string                          `json:"dhcpd_boot_server"`             // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$|(?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|[a-zA-Z0-9-]{1,63}|^$
-	DHCPDDNS1                    string                          `json:"dhcpd_dns_1"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDDNS2                    string                          `json:"dhcpd_dns_2"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDDNS3                    string                          `json:"dhcpd_dns_3"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDDNS4                    string                          `json:"dhcpd_dns_4"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDDNSEnabled              bool                            `json:"dhcpd_dns_enabled"`
-	DHCPDEnabled                 bool                            `json:"dhcpd_enabled"`
-	DHCPDGateway                 string                          `json:"dhcpd_gateway"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDGatewayEnabled          bool                            `json:"dhcpd_gateway_enabled"`
-	DHCPDIP1                     string                          `json:"dhcpd_ip_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDIP2                     string                          `json:"dhcpd_ip_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDIP3                     string                          `json:"dhcpd_ip_3"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDLeaseTime               int                             `json:"dhcpd_leasetime,omitempty"`
-	DHCPDMAC1                    string                          `json:"dhcpd_mac_1"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
-	DHCPDMAC2                    string                          `json:"dhcpd_mac_2"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
-	DHCPDMAC3                    string                          `json:"dhcpd_mac_3"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
-	DHCPDNtp1                    string                          `json:"dhcpd_ntp_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDNtp2                    string                          `json:"dhcpd_ntp_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDNtpEnabled              bool                            `json:"dhcpd_ntp_enabled"`
-	DHCPDStart                   string                          `json:"dhcpd_start"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDStop                    string                          `json:"dhcpd_stop"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDTFTPServer              string                          `json:"dhcpd_tftp_server,omitempty"`
-	DHCPDTimeOffset              int                             `json:"dhcpd_time_offset,omitempty"` // ^0$|^-?([1-9]([0-9]{1,3})?|[1-7][0-9]{4}|[8][0-5][0-9]{3}|86[0-3][0-9]{2}|86400)$
-	DHCPDTimeOffsetEnabled       bool                            `json:"dhcpd_time_offset_enabled"`
-	DHCPDUnifiController         string                          `json:"dhcpd_unifi_controller"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDV6DNS1                  string                          `json:"dhcpdv6_dns_1,omitempty"`
-	DHCPDV6DNS2                  string                          `json:"dhcpdv6_dns_2,omitempty"`
-	DHCPDV6DNS3                  string                          `json:"dhcpdv6_dns_3,omitempty"`
-	DHCPDV6DNS4                  string                          `json:"dhcpdv6_dns_4,omitempty"`
-	DHCPDV6DNSAuto               bool                            `json:"dhcpdv6_dns_auto"`
-	DHCPDV6Enabled               bool                            `json:"dhcpdv6_enabled"`
-	DHCPDV6LeaseTime             int                             `json:"dhcpdv6_leasetime,omitempty"`
-	DHCPDV6Start                 string                          `json:"dhcpdv6_start,omitempty"`
-	DHCPDV6Stop                  string                          `json:"dhcpdv6_stop,omitempty"`
-	DHCPDWPAdUrl                 string                          `json:"dhcpd_wpad_url,omitempty"`
-	DHCPDWins1                   string                          `json:"dhcpd_wins_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDWins2                   string                          `json:"dhcpd_wins_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	DHCPDWinsEnabled             bool                            `json:"dhcpd_wins_enabled"`
-	DHCPRelayEnabled             bool                            `json:"dhcp_relay_enabled"`
-	DHCPguardEnabled             bool                            `json:"dhcpguard_enabled"`
-	DPIEnabled                   bool                            `json:"dpi_enabled"`
-	DPIgroupID                   string                          `json:"dpigroup_id"` // [\d\w]+|^$
-	DomainName                   string                          `json:"domain_name"` // (?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|^$|[a-zA-Z0-9-]{1,63}
-	Enabled                      bool                            `json:"enabled"`
-	ExposedToSiteVPN             bool                            `json:"exposed_to_site_vpn"`
-	GatewayDevice                string                          `json:"gateway_device"`         // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
-	GatewayType                  string                          `json:"gateway_type,omitempty"` // default|switch
-	IGMPFastleave                bool                            `json:"igmp_fastleave"`
-	IGMPGroupmembership          int                             `json:"igmp_groupmembership,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
-	IGMPMaxresponse              int                             `json:"igmp_maxresponse,omitempty"`     // [1-9]|1[0-9]|2[0-5]|^$
-	IGMPMcrtrexpiretime          int                             `json:"igmp_mcrtrexpiretime,omitempty"` // [0-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
-	IGMPProxyDownstream          bool                            `json:"igmp_proxy_downstream"`
-	IGMPProxyUpstream            bool                            `json:"igmp_proxy_upstream"`
-	IGMPQuerier                  string                          `json:"igmp_querier"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	IGMPSnooping                 bool                            `json:"igmp_snooping"`
-	IGMPSupression               bool                            `json:"igmp_supression"`
-	IPSecDhGroup                 int                             `json:"ipsec_dh_group,omitempty"` // 2|5|14|15|16|19|20|21|25|26
-	IPSecDynamicRouting          bool                            `json:"ipsec_dynamic_routing"`
-	IPSecEncryption              string                          `json:"ipsec_encryption,omitempty"`   // aes128|aes192|aes256|3des
-	IPSecEspDhGroup              int                             `json:"ipsec_esp_dh_group,omitempty"` // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
-	IPSecHash                    string                          `json:"ipsec_hash,omitempty"`         // sha1|md5|sha256|sha384|sha512
-	IPSecIkeDhGroup              int                             `json:"ipsec_ike_dh_group,omitempty"` // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
-	IPSecInterface               string                          `json:"ipsec_interface,omitempty"`    // wan|wan2
-	IPSecKeyExchange             string                          `json:"ipsec_key_exchange,omitempty"` // ikev1|ikev2
-	IPSecLocalIP                 string                          `json:"ipsec_local_ip,omitempty"`     // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	IPSecPeerIP                  string                          `json:"ipsec_peer_ip,omitempty"`      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	IPSecPfs                     bool                            `json:"ipsec_pfs"`
-	IPSecProfile                 string                          `json:"ipsec_profile,omitempty"`       // customized|azure_dynamic|azure_static
-	IPSubnet                     string                          `json:"ip_subnet,omitempty"`           // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
-	IPV6InterfaceType            string                          `json:"ipv6_interface_type,omitempty"` // static|pd|none
-	IPV6PDInterface              string                          `json:"ipv6_pd_interface,omitempty"`   // wan|wan2
-	IPV6PDPrefixid               string                          `json:"ipv6_pd_prefixid"`              // ^$|[a-fA-F0-9]{1,4}
-	IPV6PDStart                  string                          `json:"ipv6_pd_start,omitempty"`
-	IPV6PDStop                   string                          `json:"ipv6_pd_stop,omitempty"`
-	IPV6RaEnabled                bool                            `json:"ipv6_ra_enabled"`
-	IPV6RaPreferredLifetime      int                             `json:"ipv6_ra_preferred_lifetime,omitempty"` // ^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[12][0-9]{7}|30[0-9]{6}|31[0-4][0-9]{5}|315[0-2][0-9]{4}|3153[0-5][0-9]{3}|31536000)$|^$
-	IPV6RaPriority               string                          `json:"ipv6_ra_priority,omitempty"`           // high|medium|low
-	IPV6RaValidLifetime          int                             `json:"ipv6_ra_valid_lifetime,omitempty"`     // ^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[12][0-9]{7}|30[0-9]{6}|31[0-4][0-9]{5}|315[0-2][0-9]{4}|3153[0-5][0-9]{3}|31536000)$|^$
-	IPV6Subnet                   string                          `json:"ipv6_subnet,omitempty"`
-	InternetAccessEnabled        bool                            `json:"internet_access_enabled"`
-	IsNAT                        bool                            `json:"is_nat"`
-	L2TpAllowWeakCiphers         bool                            `json:"l2tp_allow_weak_ciphers"`
-	L2TpInterface                string                          `json:"l2tp_interface,omitempty"`    // wan|wan2
-	L2TpLocalWANIP               string                          `json:"l2tp_local_wan_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	LocalPort                    int                             `json:"local_port,omitempty"`        // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
-	LteLanEnabled                bool                            `json:"lte_lan_enabled"`
-	MACOverride                  string                          `json:"mac_override"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
-	MACOverrideEnabled           bool                            `json:"mac_override_enabled"`
-	MdnsEnabled                  bool                            `json:"mdns_enabled"`
-	NATOutboundIPAddresses       []NetworkNATOutboundIPAddresses `json:"nat_outbound_ip_addresses,omitempty"`
-	Name                         string                          `json:"name,omitempty"`         // .{1,128}
-	NetworkGroup                 string                          `json:"networkgroup,omitempty"` // LAN[2-8]?
-	NetworkIsolationEnabled      bool                            `json:"network_isolation_enabled"`
-	OpenVPNConfiguration         string                          `json:"openvpn_configuration,omitempty"`
-	OpenVPNConfigurationFilename string                          `json:"openvpn_configuration_filename,omitempty"`
-	OpenVPNInterface             string                          `json:"openvpn_interface,omitempty"`      // wan|wan2
-	OpenVPNLocalAddress          string                          `json:"openvpn_local_address,omitempty"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	OpenVPNLocalPort             int                             `json:"openvpn_local_port,omitempty"`     // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
-	OpenVPNLocalWANIP            string                          `json:"openvpn_local_wan_ip,omitempty"`   // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	OpenVPNMode                  string                          `json:"openvpn_mode,omitempty"`           // site-to-site|client|server
-	OpenVPNRemoteAddress         string                          `json:"openvpn_remote_address,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	OpenVPNRemoteHost            string                          `json:"openvpn_remote_host,omitempty"`    // [^\"\' ]+|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	OpenVPNRemotePort            int                             `json:"openvpn_remote_port,omitempty"`    // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
-	OpenVPNUsername              string                          `json:"openvpn_username,omitempty"`
-	PptpcRequireMppe             bool                            `json:"pptpc_require_mppe"`
-	PptpcRouteDistance           int                             `json:"pptpc_route_distance,omitempty"` // ^[1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]$|^$
-	PptpcServerIP                string                          `json:"pptpc_server_ip,omitempty"`      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|(?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|^[a-zA-Z0-9-]{1,63}$
-	PptpcUsername                string                          `json:"pptpc_username,omitempty"`       // [^\"\' ]+
-	Priority                     int                             `json:"priority,omitempty"`             // [1-4]
-	Purpose                      string                          `json:"purpose,omitempty"`              // corporate|guest|remote-user-vpn|site-vpn|vlan-only|vpn-client|wan
-	RADIUSProfileID              string                          `json:"radiusprofile_id"`
-	RemoteSiteID                 string                          `json:"remote_site_id"`
-	RemoteSiteSubnets            []string                        `json:"remote_site_subnets,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$|^$
-	RemoteVPNSubnets             []string                        `json:"remote_vpn_subnets,omitempty"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$|^$
-	ReportWANEvent               bool                            `json:"report_wan_event"`
-	RequireMschapv2              bool                            `json:"require_mschapv2"`
-	RouteDistance                int                             `json:"route_distance,omitempty"`     // ^[1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]$|^$
-	SettingPreference            string                          `json:"setting_preference,omitempty"` // auto|manual
-	UpnpLanEnabled               bool                            `json:"upnp_lan_enabled"`
-	UserGroupID                  string                          `json:"usergroup_id"`
-	VLAN                         int                             `json:"vlan,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|400[0-9]|^$
-	VLANEnabled                  bool                            `json:"vlan_enabled"`
-	VPNClientDefaultRoute        bool                            `json:"vpn_client_default_route"`
-	VPNClientPullDNS             bool                            `json:"vpn_client_pull_dns"`
-	VPNProtocol                  string                          `json:"vpn_protocol,omitempty"`       // tcp|udp
-	VPNType                      string                          `json:"vpn_type,omitempty"`           // auto|ipsec-vpn|openvpn-client|openvpn-server|openvpn-vpn|pptp-client|l2tp-server|pptp-server|uid-server|wireguard-server
-	VrrpIPSubnetGw1              string                          `json:"vrrp_ip_subnet_gw1,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
-	VrrpIPSubnetGw2              string                          `json:"vrrp_ip_subnet_gw2,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
-	VrrpVrid                     int                             `json:"vrrp_vrid,omitempty"`          // [1-9]|[1-9][0-9]
-	WANDHCPCos                   int                             `json:"wan_dhcp_cos,omitempty"`       // [0-7]|^$
-	WANDHCPOptions               []NetworkWANDHCPOptions         `json:"wan_dhcp_options,omitempty"`
-	WANDHCPv6PDSize              int                             `json:"wan_dhcpv6_pd_size,omitempty"`      // ^(4[89]|5[0-9]|6[0-4])$|^$
-	WANDNS1                      string                          `json:"wan_dns1"`                          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	WANDNS2                      string                          `json:"wan_dns2"`                          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	WANDNS3                      string                          `json:"wan_dns3"`                          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	WANDNS4                      string                          `json:"wan_dns4"`                          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
-	WANDNSPreference             string                          `json:"wan_dns_preference,omitempty"`      // auto|manual
-	WANEgressQOS                 int                             `json:"wan_egress_qos,omitempty"`          // [1-7]|^$
-	WANGateway                   string                          `json:"wan_gateway,omitempty"`             // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	WANGatewayV6                 string                          `json:"wan_gateway_v6"`                    // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
-	WANIP                        string                          `json:"wan_ip,omitempty"`                  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	WANIPAliases                 []string                        `json:"wan_ip_aliases,omitempty"`          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([8-9]|[1-2][0-9]|3[0-2])$|^$
-	WANIPV6                      string                          `json:"wan_ipv6"`                          // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
-	WANLoadBalanceType           string                          `json:"wan_load_balance_type,omitempty"`   // failover-only|weighted
-	WANLoadBalanceWeight         int                             `json:"wan_load_balance_weight,omitempty"` // [1-9]|[1-9][0-9]
-	WANNetmask                   string                          `json:"wan_netmask,omitempty"`             // ^((128|192|224|240|248|252|254)\.0\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0)|255\.(0|128|192|224|240|248|252|254)))))$
-	WANNetworkGroup              string                          `json:"wan_networkgroup,omitempty"`        // WAN[2]?|WAN_LTE_FAILOVER
-	WANPrefixlen                 int                             `json:"wan_prefixlen,omitempty"`           // ^([1-9]|[1-8][0-9]|9[0-9]|1[01][0-9]|12[0-8])$|^$
-	WANProviderCapabilities      NetworkWANProviderCapabilities  `json:"wan_provider_capabilities,omitempty"`
-	WANSmartqDownRate            int                             `json:"wan_smartq_down_rate,omitempty"` // [0-9]{1,6}|1000000
-	WANSmartqEnabled             bool                            `json:"wan_smartq_enabled"`
-	WANSmartqUpRate              int                             `json:"wan_smartq_up_rate,omitempty"` // [0-9]{1,6}|1000000
-	WANType                      string                          `json:"wan_type,omitempty"`           // disabled|dhcp|static|pppoe
-	WANTypeV6                    string                          `json:"wan_type_v6,omitempty"`        // disabled|dhcpv6|static
-	WANUsername                  string                          `json:"wan_username,omitempty"`       // [^"' ]+
-	WANVLAN                      int                             `json:"wan_vlan,omitempty"`           // [0-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-4]|^$
-	WANVLANEnabled               bool                            `json:"wan_vlan_enabled"`
-	WireguardInterface           string                          `json:"wireguard_interface,omitempty"`    // wan|wan2
-	WireguardLocalWANIP          string                          `json:"wireguard_local_wan_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
-	WireguardPublicKey           string                          `json:"wireguard_public_key,omitempty"`
-	XAuthKey                     string                          `json:"x_auth_key,omitempty"`
-	XCaCrt                       string                          `json:"x_ca_crt,omitempty"`
-	XCaKey                       string                          `json:"x_ca_key,omitempty"`
-	XDhKey                       string                          `json:"x_dh_key,omitempty"`
-	XIPSecPreSharedKey           string                          `json:"x_ipsec_pre_shared_key,omitempty"` // [^\"\' ]+
-	XOpenVPNPassword             string                          `json:"x_openvpn_password,omitempty"`
-	XOpenVPNSharedSecretKey      string                          `json:"x_openvpn_shared_secret_key,omitempty"` // [0-9A-Fa-f]{512}
-	XPptpcPassword               string                          `json:"x_pptpc_password,omitempty"`            // [^\"\' ]+
-	XServerCrt                   string                          `json:"x_server_crt,omitempty"`
-	XServerKey                   string                          `json:"x_server_key,omitempty"`
-	XSharedClientCrt             string                          `json:"x_shared_client_crt,omitempty"`
-	XSharedClientKey             string                          `json:"x_shared_client_key,omitempty"`
-	XWANPassword                 string                          `json:"x_wan_password,omitempty"` // [^"' ]+
-	XWireguardPrivateKey         string                          `json:"x_wireguard_private_key,omitempty"`
+	AutoScaleEnabled                              bool                            `json:"auto_scale_enabled"`
+	DHCPDBootEnabled                              bool                            `json:"dhcpd_boot_enabled"`
+	DHCPDBootFilename                             string                          `json:"dhcpd_boot_filename,omitempty"` // .{1,256}
+	DHCPDBootServer                               string                          `json:"dhcpd_boot_server"`             // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$|(?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|[a-zA-Z0-9-]{1,63}|^$
+	DHCPDDNS1                                     string                          `json:"dhcpd_dns_1"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDDNS2                                     string                          `json:"dhcpd_dns_2"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDDNS3                                     string                          `json:"dhcpd_dns_3"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDDNS4                                     string                          `json:"dhcpd_dns_4"`                   // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDDNSEnabled                               bool                            `json:"dhcpd_dns_enabled"`
+	DHCPDEnabled                                  bool                            `json:"dhcpd_enabled"`
+	DHCPDGateway                                  string                          `json:"dhcpd_gateway"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDGatewayEnabled                           bool                            `json:"dhcpd_gateway_enabled"`
+	DHCPDIP1                                      string                          `json:"dhcpd_ip_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDIP2                                      string                          `json:"dhcpd_ip_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDIP3                                      string                          `json:"dhcpd_ip_3"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDLeaseTime                                int                             `json:"dhcpd_leasetime,omitempty"`
+	DHCPDMAC1                                     string                          `json:"dhcpd_mac_1"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
+	DHCPDMAC2                                     string                          `json:"dhcpd_mac_2"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
+	DHCPDMAC3                                     string                          `json:"dhcpd_mac_3"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
+	DHCPDNtp1                                     string                          `json:"dhcpd_ntp_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDNtp2                                     string                          `json:"dhcpd_ntp_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDNtpEnabled                               bool                            `json:"dhcpd_ntp_enabled"`
+	DHCPDStart                                    string                          `json:"dhcpd_start"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDStop                                     string                          `json:"dhcpd_stop"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDTFTPServer                               string                          `json:"dhcpd_tftp_server,omitempty"`
+	DHCPDTimeOffset                               int                             `json:"dhcpd_time_offset,omitempty"` // ^0$|^-?([1-9]([0-9]{1,3})?|[1-7][0-9]{4}|[8][0-5][0-9]{3}|86[0-3][0-9]{2}|86400)$
+	DHCPDTimeOffsetEnabled                        bool                            `json:"dhcpd_time_offset_enabled"`
+	DHCPDUnifiController                          string                          `json:"dhcpd_unifi_controller"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDV6AllowSlaac                             bool                            `json:"dhcpdv6_allow_slaac"`
+	DHCPDV6DNS1                                   string                          `json:"dhcpdv6_dns_1,omitempty"`
+	DHCPDV6DNS2                                   string                          `json:"dhcpdv6_dns_2,omitempty"`
+	DHCPDV6DNS3                                   string                          `json:"dhcpdv6_dns_3,omitempty"`
+	DHCPDV6DNS4                                   string                          `json:"dhcpdv6_dns_4,omitempty"`
+	DHCPDV6DNSAuto                                bool                            `json:"dhcpdv6_dns_auto"`
+	DHCPDV6Enabled                                bool                            `json:"dhcpdv6_enabled"`
+	DHCPDV6LeaseTime                              int                             `json:"dhcpdv6_leasetime,omitempty"`
+	DHCPDV6Start                                  string                          `json:"dhcpdv6_start,omitempty"`
+	DHCPDV6Stop                                   string                          `json:"dhcpdv6_stop,omitempty"`
+	DHCPDWPAdUrl                                  string                          `json:"dhcpd_wpad_url,omitempty"`
+	DHCPDWins1                                    string                          `json:"dhcpd_wins_1"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDWins2                                    string                          `json:"dhcpd_wins_2"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	DHCPDWinsEnabled                              bool                            `json:"dhcpd_wins_enabled"`
+	DHCPRelayEnabled                              bool                            `json:"dhcp_relay_enabled"`
+	DHCPguardEnabled                              bool                            `json:"dhcpguard_enabled"`
+	DPIEnabled                                    bool                            `json:"dpi_enabled"`
+	DPIgroupID                                    string                          `json:"dpigroup_id"` // [\d\w]+|^$
+	DomainName                                    string                          `json:"domain_name"` // (?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|^$|[a-zA-Z0-9-]{1,63}
+	Enabled                                       bool                            `json:"enabled"`
+	ExposedToSiteVPN                              bool                            `json:"exposed_to_site_vpn"`
+	GatewayDevice                                 string                          `json:"gateway_device"`         // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
+	GatewayType                                   string                          `json:"gateway_type,omitempty"` // default|switch
+	IGMPFastleave                                 bool                            `json:"igmp_fastleave"`
+	IGMPGroupmembership                           int                             `json:"igmp_groupmembership,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
+	IGMPMaxresponse                               int                             `json:"igmp_maxresponse,omitempty"`     // [1-9]|1[0-9]|2[0-5]|^$
+	IGMPMcrtrexpiretime                           int                             `json:"igmp_mcrtrexpiretime,omitempty"` // [0-9]|[1-9][0-9]{1,2}|[1-2][0-9]{3}|3[0-5][0-9]{2}|3600|^$
+	IGMPProxyDownstream                           bool                            `json:"igmp_proxy_downstream"`
+	IGMPProxyUpstream                             bool                            `json:"igmp_proxy_upstream"`
+	IGMPQuerier                                   string                          `json:"igmp_querier"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	IGMPSnooping                                  bool                            `json:"igmp_snooping"`
+	IGMPSupression                                bool                            `json:"igmp_supression"`
+	IPSecDhGroup                                  int                             `json:"ipsec_dh_group,omitempty"` // 2|5|14|15|16|19|20|21|25|26
+	IPSecDynamicRouting                           bool                            `json:"ipsec_dynamic_routing"`
+	IPSecEncryption                               string                          `json:"ipsec_encryption,omitempty"`     // aes128|aes192|aes256|3des
+	IPSecEspDhGroup                               int                             `json:"ipsec_esp_dh_group,omitempty"`   // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
+	IPSecEspEncryption                            string                          `json:"ipsec_esp_encryption,omitempty"` // aes128|aes192|aes256|3des
+	IPSecEspHash                                  string                          `json:"ipsec_esp_hash,omitempty"`       // sha1|md5|sha256|sha384|sha512
+	IPSecEspLifetime                              string                          `json:"ipsec_esp_lifetime,omitempty"`   // ^(?:3[0-9]|[4-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)$
+	IPSecHash                                     string                          `json:"ipsec_hash,omitempty"`           // sha1|md5|sha256|sha384|sha512
+	IPSecIkeDhGroup                               int                             `json:"ipsec_ike_dh_group,omitempty"`   // 1|2|5|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32
+	IPSecIkeEncryption                            string                          `json:"ipsec_ike_encryption,omitempty"` // aes128|aes192|aes256|3des
+	IPSecIkeHash                                  string                          `json:"ipsec_ike_hash,omitempty"`       // sha1|md5|sha256|sha384|sha512
+	IPSecIkeLifetime                              string                          `json:"ipsec_ike_lifetime,omitempty"`   // ^(?:3[0-9]|[4-9][0-9]|[1-9][0-9]{2,3}|[1-7][0-9]{4}|8[0-5][0-9]{3}|86[0-3][0-9]{2}|86400)$
+	IPSecInterface                                string                          `json:"ipsec_interface,omitempty"`      // wan|wan2
+	IPSecKeyExchange                              string                          `json:"ipsec_key_exchange,omitempty"`   // ikev1|ikev2
+	IPSecLocalIDentifier                          string                          `json:"ipsec_local_identifier,omitempty"`
+	IPSecLocalIDentifierEnabled                   bool                            `json:"ipsec_local_identifier_enabled"`
+	IPSecLocalIP                                  string                          `json:"ipsec_local_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	IPSecPeerIP                                   string                          `json:"ipsec_peer_ip,omitempty"`
+	IPSecPfs                                      bool                            `json:"ipsec_pfs"`
+	IPSecProfile                                  string                          `json:"ipsec_profile,omitempty"` // customized|azure_dynamic|azure_static
+	IPSecRemoteIDentifier                         string                          `json:"ipsec_remote_identifier,omitempty"`
+	IPSecRemoteIDentifierEnabled                  bool                            `json:"ipsec_remote_identifier_enabled"`
+	IPSecSeparateIkev2Networks                    bool                            `json:"ipsec_separate_ikev2_networks"`
+	IPSubnet                                      string                          `json:"ip_subnet,omitempty"`                      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|3[0-2])$
+	IPV6ClientAddressAssignment                   string                          `json:"ipv6_client_address_assignment,omitempty"` // slaac|dhcpv6
+	IPV6InterfaceType                             string                          `json:"ipv6_interface_type,omitempty"`            // static|pd|single_network|none
+	IPV6PDAutoPrefixidEnabled                     bool                            `json:"ipv6_pd_auto_prefixid_enabled"`
+	IPV6PDInterface                               string                          `json:"ipv6_pd_interface,omitempty"` // wan|wan2
+	IPV6PDPrefixid                                string                          `json:"ipv6_pd_prefixid"`            // ^$|[a-fA-F0-9]{1,4}
+	IPV6PDStart                                   string                          `json:"ipv6_pd_start,omitempty"`
+	IPV6PDStop                                    string                          `json:"ipv6_pd_stop,omitempty"`
+	IPV6RaEnabled                                 bool                            `json:"ipv6_ra_enabled"`
+	IPV6RaPreferredLifetime                       int                             `json:"ipv6_ra_preferred_lifetime,omitempty"` // ^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[12][0-9]{7}|30[0-9]{6}|31[0-4][0-9]{5}|315[0-2][0-9]{4}|3153[0-5][0-9]{3}|31536000)$|^$
+	IPV6RaPriority                                string                          `json:"ipv6_ra_priority,omitempty"`           // high|medium|low
+	IPV6RaValidLifetime                           int                             `json:"ipv6_ra_valid_lifetime,omitempty"`     // ^([0-9]|[1-8][0-9]|9[0-9]|[1-8][0-9]{2}|9[0-8][0-9]|99[0-9]|[1-8][0-9]{3}|9[0-8][0-9]{2}|99[0-8][0-9]|999[0-9]|[1-8][0-9]{4}|9[0-8][0-9]{3}|99[0-8][0-9]{2}|999[0-8][0-9]|9999[0-9]|[1-8][0-9]{5}|9[0-8][0-9]{4}|99[0-8][0-9]{3}|999[0-8][0-9]{2}|9999[0-8][0-9]|99999[0-9]|[1-8][0-9]{6}|9[0-8][0-9]{5}|99[0-8][0-9]{4}|999[0-8][0-9]{3}|9999[0-8][0-9]{2}|99999[0-8][0-9]|999999[0-9]|[12][0-9]{7}|30[0-9]{6}|31[0-4][0-9]{5}|315[0-2][0-9]{4}|3153[0-5][0-9]{3}|31536000)$|^$
+	IPV6SettingPreference                         string                          `json:"ipv6_setting_preference,omitempty"`    // auto|manual
+	IPV6SingleNetworkInterface                    string                          `json:"ipv6_single_network_interface,omitempty"`
+	IPV6Subnet                                    string                          `json:"ipv6_subnet,omitempty"`
+	IPV6WANDelegationType                         string                          `json:"ipv6_wan_delegation_type,omitempty"` // pd|single_network|none
+	InterfaceMtu                                  int                             `json:"interface_mtu,omitempty"`            // ^(6[89]|[7-9][0-9]|[1-9][0-9]{2,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|65500)$
+	InterfaceMtuEnabled                           bool                            `json:"interface_mtu_enabled"`
+	InternetAccessEnabled                         bool                            `json:"internet_access_enabled"`
+	IsNAT                                         bool                            `json:"is_nat"`
+	L2TpAllowWeakCiphers                          bool                            `json:"l2tp_allow_weak_ciphers"`
+	L2TpInterface                                 string                          `json:"l2tp_interface,omitempty"`    // wan|wan2
+	L2TpLocalWANIP                                string                          `json:"l2tp_local_wan_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	LocalPort                                     int                             `json:"local_port,omitempty"`        // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	LteLanEnabled                                 bool                            `json:"lte_lan_enabled"`
+	MACOverride                                   string                          `json:"mac_override"` // (^$|^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$)
+	MACOverrideEnabled                            bool                            `json:"mac_override_enabled"`
+	MdnsEnabled                                   bool                            `json:"mdns_enabled"`
+	NATOutboundIPAddresses                        []NetworkNATOutboundIPAddresses `json:"nat_outbound_ip_addresses,omitempty"`
+	Name                                          string                          `json:"name,omitempty"`         // .{1,128}
+	NetworkGroup                                  string                          `json:"networkgroup,omitempty"` // LAN[2-8]?
+	NetworkIsolationEnabled                       bool                            `json:"network_isolation_enabled"`
+	OpenVPNConfiguration                          string                          `json:"openvpn_configuration,omitempty"`
+	OpenVPNConfigurationFilename                  string                          `json:"openvpn_configuration_filename,omitempty"`
+	OpenVPNInterface                              string                          `json:"openvpn_interface,omitempty"`      // wan|wan2
+	OpenVPNLocalAddress                           string                          `json:"openvpn_local_address,omitempty"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	OpenVPNLocalPort                              int                             `json:"openvpn_local_port,omitempty"`     // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	OpenVPNLocalWANIP                             string                          `json:"openvpn_local_wan_ip,omitempty"`   // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	OpenVPNMode                                   string                          `json:"openvpn_mode,omitempty"`           // site-to-site|client|server
+	OpenVPNRemoteAddress                          string                          `json:"openvpn_remote_address,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	OpenVPNRemoteHost                             string                          `json:"openvpn_remote_host,omitempty"`    // [^\"\' ]+|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	OpenVPNRemotePort                             int                             `json:"openvpn_remote_port,omitempty"`    // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	OpenVPNUsername                               string                          `json:"openvpn_username,omitempty"`
+	PptpcRequireMppe                              bool                            `json:"pptpc_require_mppe"`
+	PptpcRouteDistance                            int                             `json:"pptpc_route_distance,omitempty"` // ^[1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]$|^$
+	PptpcServerIP                                 string                          `json:"pptpc_server_ip,omitempty"`      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|(?=^.{3,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)|^[a-zA-Z0-9-]{1,63}$
+	PptpcUsername                                 string                          `json:"pptpc_username,omitempty"`       // [^\"\' ]+
+	Priority                                      int                             `json:"priority,omitempty"`             // [1-4]
+	Purpose                                       string                          `json:"purpose,omitempty"`              // corporate|guest|remote-user-vpn|site-vpn|vlan-only|vpn-client|wan
+	RADIUSProfileID                               string                          `json:"radiusprofile_id"`
+	RemoteSiteID                                  string                          `json:"remote_site_id"`
+	RemoteSiteSubnets                             []string                        `json:"remote_site_subnets,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$|^$
+	RemoteVPNSubnets                              []string                        `json:"remote_vpn_subnets,omitempty"`  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|3[0-2])$|^$
+	ReportWANEvent                                bool                            `json:"report_wan_event"`
+	RequireMschapv2                               bool                            `json:"require_mschapv2"`
+	RouteDistance                                 int                             `json:"route_distance,omitempty"`     // ^[1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]$|^$
+	SettingPreference                             string                          `json:"setting_preference,omitempty"` // auto|manual
+	SingleNetworkLan                              string                          `json:"single_network_lan,omitempty"`
+	UidPolicyEnabled                              bool                            `json:"uid_policy_enabled"`
+	UidPolicyName                                 string                          `json:"uid_policy_name,omitempty"`
+	UidPublicGatewayPort                          int                             `json:"uid_public_gateway_port,omitempty"` // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	UidTrafficRulesAllowedIPsAndHostnames         []string                        `json:"uid_traffic_rules_allowed_ips_and_hostnames,omitempty"`
+	UidTrafficRulesEnabled                        bool                            `json:"uid_traffic_rules_enabled"`
+	UidVPNCustomRouting                           []string                        `json:"uid_vpn_custom_routing,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|3[0-2])$
+	UidVPNDefaultDNSSuffix                        string                          `json:"uid_vpn_default_dns_suffix,omitempty"`
+	UidVPNMasqueradeEnabled                       bool                            `json:"uid_vpn_masquerade_enabled"`
+	UidVPNMaxConnectionTimeSeconds                int                             `json:"uid_vpn_max_connection_time_seconds,omitempty"` // ^[1-9][0-9]*$
+	UidVPNSyncPublicIP                            bool                            `json:"uid_vpn_sync_public_ip"`
+	UidVPNType                                    string                          `json:"uid_vpn_type,omitempty"` // openvpn|wireguard
+	UidWorkspaceUrl                               string                          `json:"uid_workspace_url,omitempty"`
+	UpnpLanEnabled                                bool                            `json:"upnp_lan_enabled"`
+	UserGroupID                                   string                          `json:"usergroup_id"`
+	VLAN                                          int                             `json:"vlan,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|400[0-9]|^$
+	VLANEnabled                                   bool                            `json:"vlan_enabled"`
+	VPNClientConfigurationRemoteIPOverride        string                          `json:"vpn_client_configuration_remote_ip_override,omitempty"`
+	VPNClientConfigurationRemoteIPOverrideEnabled bool                            `json:"vpn_client_configuration_remote_ip_override_enabled"`
+	VPNClientDefaultRoute                         bool                            `json:"vpn_client_default_route"`
+	VPNClientPullDNS                              bool                            `json:"vpn_client_pull_dns"`
+	VPNProtocol                                   string                          `json:"vpn_protocol,omitempty"`       // TCP|UDP
+	VPNType                                       string                          `json:"vpn_type,omitempty"`           // auto|ipsec-vpn|openvpn-client|openvpn-server|openvpn-vpn|pptp-client|l2tp-server|pptp-server|uid-server|wireguard-server|wireguard-client
+	VrrpIPSubnetGw1                               string                          `json:"vrrp_ip_subnet_gw1,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
+	VrrpIPSubnetGw2                               string                          `json:"vrrp_ip_subnet_gw2,omitempty"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([1-9]|[1-2][0-9]|30)$
+	VrrpVrid                                      int                             `json:"vrrp_vrid,omitempty"`          // [1-9]|[1-9][0-9]
+	WANDHCPCos                                    int                             `json:"wan_dhcp_cos,omitempty"`       // [0-7]|^$
+	WANDHCPOptions                                []NetworkWANDHCPOptions         `json:"wan_dhcp_options,omitempty"`
+	WANDHCPv6PDSize                               int                             `json:"wan_dhcpv6_pd_size,omitempty"` // ^(4[89]|5[0-9]|6[0-4])$|^$
+	WANDNS1                                       string                          `json:"wan_dns1"`                     // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	WANDNS2                                       string                          `json:"wan_dns2"`                     // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	WANDNS3                                       string                          `json:"wan_dns3"`                     // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	WANDNS4                                       string                          `json:"wan_dns4"`                     // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	WANDNSPreference                              string                          `json:"wan_dns_preference,omitempty"` // auto|manual
+	WANDsliteRemoteHost                           string                          `json:"wan_dslite_remote_host,omitempty"`
+	WANEgressQOS                                  int                             `json:"wan_egress_qos,omitempty"`          // [1-7]|^$
+	WANGateway                                    string                          `json:"wan_gateway,omitempty"`             // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	WANGatewayV6                                  string                          `json:"wan_gateway_v6"`                    // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
+	WANIP                                         string                          `json:"wan_ip,omitempty"`                  // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	WANIPAliases                                  []string                        `json:"wan_ip_aliases,omitempty"`          // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\/([8-9]|[1-2][0-9]|3[0-2])$|^$
+	WANIPV6                                       string                          `json:"wan_ipv6"`                          // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
+	WANIPV6DNS1                                   string                          `json:"wan_ipv6_dns1"`                     // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
+	WANIPV6DNS2                                   string                          `json:"wan_ipv6_dns2"`                     // ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$|^$
+	WANIPV6DNSPreference                          string                          `json:"wan_ipv6_dns_preference,omitempty"` // auto|manual
+	WANLoadBalanceType                            string                          `json:"wan_load_balance_type,omitempty"`   // failover-only|weighted
+	WANLoadBalanceWeight                          int                             `json:"wan_load_balance_weight,omitempty"` // ^$|[1-9]|[1-9][0-9]
+	WANNetmask                                    string                          `json:"wan_netmask,omitempty"`             // ^((128|192|224|240|248|252|254)\.0\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0\.0)|(255\.(((0|128|192|224|240|248|252|254)\.0)|255\.(0|128|192|224|240|248|252|254)))))$
+	WANNetworkGroup                               string                          `json:"wan_networkgroup,omitempty"`        // WAN[2]?|WAN_LTE_FAILOVER
+	WANPrefixlen                                  int                             `json:"wan_prefixlen,omitempty"`           // ^([1-9]|[1-8][0-9]|9[0-9]|1[01][0-9]|12[0-8])$|^$
+	WANProviderCapabilities                       NetworkWANProviderCapabilities  `json:"wan_provider_capabilities,omitempty"`
+	WANSmartqDownRate                             int                             `json:"wan_smartq_down_rate,omitempty"` // [0-9]{1,6}|1000000
+	WANSmartqEnabled                              bool                            `json:"wan_smartq_enabled"`
+	WANSmartqUpRate                               int                             `json:"wan_smartq_up_rate,omitempty"` // [0-9]{1,6}|1000000
+	WANType                                       string                          `json:"wan_type,omitempty"`           // disabled|dhcp|static|pppoe|dslite
+	WANTypeV6                                     string                          `json:"wan_type_v6,omitempty"`        // disabled|slaac|dhcpv6|static
+	WANUsername                                   string                          `json:"wan_username,omitempty"`       // [^"' ]+
+	WANVLAN                                       int                             `json:"wan_vlan,omitempty"`           // [0-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-4]|^$
+	WANVLANEnabled                                bool                            `json:"wan_vlan_enabled"`
+	WireguardClientConfigurationFile              string                          `json:"wireguard_client_configuration_file,omitempty"`
+	WireguardClientConfigurationFilename          string                          `json:"wireguard_client_configuration_filename,omitempty"`
+	WireguardClientMode                           string                          `json:"wireguard_client_mode,omitempty"` // file|manual
+	WireguardClientPeerIP                         string                          `json:"wireguard_client_peer_ip,omitempty"`
+	WireguardClientPeerPort                       int                             `json:"wireguard_client_peer_port,omitempty"` // ^([1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5])$
+	WireguardClientPeerPublicKey                  string                          `json:"wireguard_client_peer_public_key,omitempty"`
+	WireguardClientPresharedKey                   string                          `json:"wireguard_client_preshared_key,omitempty"`
+	WireguardClientPresharedKeyEnabled            bool                            `json:"wireguard_client_preshared_key_enabled"`
+	WireguardInterface                            string                          `json:"wireguard_interface,omitempty"`    // wan|wan2
+	WireguardLocalWANIP                           string                          `json:"wireguard_local_wan_ip,omitempty"` // ^any$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
+	WireguardPublicKey                            string                          `json:"wireguard_public_key,omitempty"`
+	XAuthKey                                      string                          `json:"x_auth_key,omitempty"`
+	XCaCrt                                        string                          `json:"x_ca_crt,omitempty"`
+	XCaKey                                        string                          `json:"x_ca_key,omitempty"`
+	XDhKey                                        string                          `json:"x_dh_key,omitempty"`
+	XIPSecPreSharedKey                            string                          `json:"x_ipsec_pre_shared_key,omitempty"` // [^\"\' ]+
+	XOpenVPNPassword                              string                          `json:"x_openvpn_password,omitempty"`
+	XOpenVPNSharedSecretKey                       string                          `json:"x_openvpn_shared_secret_key,omitempty"` // [0-9A-Fa-f]{512}
+	XPptpcPassword                                string                          `json:"x_pptpc_password,omitempty"`            // [^\"\' ]+
+	XServerCrt                                    string                          `json:"x_server_crt,omitempty"`
+	XServerKey                                    string                          `json:"x_server_key,omitempty"`
+	XSharedClientCrt                              string                          `json:"x_shared_client_crt,omitempty"`
+	XSharedClientKey                              string                          `json:"x_shared_client_key,omitempty"`
+	XWANPassword                                  string                          `json:"x_wan_password,omitempty"` // [^"' ]+
+	XWireguardPrivateKey                          string                          `json:"x_wireguard_private_key,omitempty"`
 }
 
 func (dst *Network) UnmarshalJSON(b []byte) error {
 	type Alias Network
 	aux := &struct {
-		DHCPDLeaseTime          emptyStringInt `json:"dhcpd_leasetime"`
-		DHCPDTimeOffset         emptyStringInt `json:"dhcpd_time_offset"`
-		DHCPDV6LeaseTime        emptyStringInt `json:"dhcpdv6_leasetime"`
-		IGMPGroupmembership     emptyStringInt `json:"igmp_groupmembership"`
-		IGMPMaxresponse         emptyStringInt `json:"igmp_maxresponse"`
-		IGMPMcrtrexpiretime     emptyStringInt `json:"igmp_mcrtrexpiretime"`
-		IPSecDhGroup            emptyStringInt `json:"ipsec_dh_group"`
-		IPSecEspDhGroup         emptyStringInt `json:"ipsec_esp_dh_group"`
-		IPSecIkeDhGroup         emptyStringInt `json:"ipsec_ike_dh_group"`
-		IPV6RaPreferredLifetime emptyStringInt `json:"ipv6_ra_preferred_lifetime"`
-		IPV6RaValidLifetime     emptyStringInt `json:"ipv6_ra_valid_lifetime"`
-		InternetAccessEnabled   *bool          `json:"internet_access_enabled"`
-		LocalPort               emptyStringInt `json:"local_port"`
-		OpenVPNLocalPort        emptyStringInt `json:"openvpn_local_port"`
-		OpenVPNRemotePort       emptyStringInt `json:"openvpn_remote_port"`
-		PptpcRouteDistance      emptyStringInt `json:"pptpc_route_distance"`
-		Priority                emptyStringInt `json:"priority"`
-		RouteDistance           emptyStringInt `json:"route_distance"`
-		VLAN                    emptyStringInt `json:"vlan"`
-		VrrpVrid                emptyStringInt `json:"vrrp_vrid"`
-		WANDHCPCos              emptyStringInt `json:"wan_dhcp_cos"`
-		WANDHCPv6PDSize         emptyStringInt `json:"wan_dhcpv6_pd_size"`
-		WANEgressQOS            emptyStringInt `json:"wan_egress_qos"`
-		WANLoadBalanceWeight    emptyStringInt `json:"wan_load_balance_weight"`
-		WANPrefixlen            emptyStringInt `json:"wan_prefixlen"`
-		WANSmartqDownRate       emptyStringInt `json:"wan_smartq_down_rate"`
-		WANSmartqUpRate         emptyStringInt `json:"wan_smartq_up_rate"`
-		WANVLAN                 emptyStringInt `json:"wan_vlan"`
+		DHCPDLeaseTime                 emptyStringInt `json:"dhcpd_leasetime"`
+		DHCPDTimeOffset                emptyStringInt `json:"dhcpd_time_offset"`
+		DHCPDV6LeaseTime               emptyStringInt `json:"dhcpdv6_leasetime"`
+		IGMPGroupmembership            emptyStringInt `json:"igmp_groupmembership"`
+		IGMPMaxresponse                emptyStringInt `json:"igmp_maxresponse"`
+		IGMPMcrtrexpiretime            emptyStringInt `json:"igmp_mcrtrexpiretime"`
+		IPSecDhGroup                   emptyStringInt `json:"ipsec_dh_group"`
+		IPSecEspDhGroup                emptyStringInt `json:"ipsec_esp_dh_group"`
+		IPSecIkeDhGroup                emptyStringInt `json:"ipsec_ike_dh_group"`
+		IPV6RaPreferredLifetime        emptyStringInt `json:"ipv6_ra_preferred_lifetime"`
+		IPV6RaValidLifetime            emptyStringInt `json:"ipv6_ra_valid_lifetime"`
+		InterfaceMtu                   emptyStringInt `json:"interface_mtu"`
+		InternetAccessEnabled          *bool          `json:"internet_access_enabled"`
+		LocalPort                      emptyStringInt `json:"local_port"`
+		OpenVPNLocalPort               emptyStringInt `json:"openvpn_local_port"`
+		OpenVPNRemotePort              emptyStringInt `json:"openvpn_remote_port"`
+		PptpcRouteDistance             emptyStringInt `json:"pptpc_route_distance"`
+		Priority                       emptyStringInt `json:"priority"`
+		RouteDistance                  emptyStringInt `json:"route_distance"`
+		UidPublicGatewayPort           emptyStringInt `json:"uid_public_gateway_port"`
+		UidVPNMaxConnectionTimeSeconds emptyStringInt `json:"uid_vpn_max_connection_time_seconds"`
+		VLAN                           emptyStringInt `json:"vlan"`
+		VrrpVrid                       emptyStringInt `json:"vrrp_vrid"`
+		WANDHCPCos                     emptyStringInt `json:"wan_dhcp_cos"`
+		WANDHCPv6PDSize                emptyStringInt `json:"wan_dhcpv6_pd_size"`
+		WANEgressQOS                   emptyStringInt `json:"wan_egress_qos"`
+		WANLoadBalanceWeight           emptyStringInt `json:"wan_load_balance_weight"`
+		WANPrefixlen                   emptyStringInt `json:"wan_prefixlen"`
+		WANSmartqDownRate              emptyStringInt `json:"wan_smartq_down_rate"`
+		WANSmartqUpRate                emptyStringInt `json:"wan_smartq_up_rate"`
+		WANVLAN                        emptyStringInt `json:"wan_vlan"`
+		WireguardClientPeerPort        emptyStringInt `json:"wireguard_client_peer_port"`
 
 		*Alias
 	}{
@@ -256,6 +306,7 @@ func (dst *Network) UnmarshalJSON(b []byte) error {
 	dst.IPSecIkeDhGroup = int(aux.IPSecIkeDhGroup)
 	dst.IPV6RaPreferredLifetime = int(aux.IPV6RaPreferredLifetime)
 	dst.IPV6RaValidLifetime = int(aux.IPV6RaValidLifetime)
+	dst.InterfaceMtu = int(aux.InterfaceMtu)
 	dst.InternetAccessEnabled = emptyBoolToTrue(aux.InternetAccessEnabled)
 	dst.LocalPort = int(aux.LocalPort)
 	dst.OpenVPNLocalPort = int(aux.OpenVPNLocalPort)
@@ -263,6 +314,8 @@ func (dst *Network) UnmarshalJSON(b []byte) error {
 	dst.PptpcRouteDistance = int(aux.PptpcRouteDistance)
 	dst.Priority = int(aux.Priority)
 	dst.RouteDistance = int(aux.RouteDistance)
+	dst.UidPublicGatewayPort = int(aux.UidPublicGatewayPort)
+	dst.UidVPNMaxConnectionTimeSeconds = int(aux.UidVPNMaxConnectionTimeSeconds)
 	dst.VLAN = int(aux.VLAN)
 	dst.VrrpVrid = int(aux.VrrpVrid)
 	dst.WANDHCPCos = int(aux.WANDHCPCos)
@@ -273,6 +326,7 @@ func (dst *Network) UnmarshalJSON(b []byte) error {
 	dst.WANSmartqDownRate = int(aux.WANSmartqDownRate)
 	dst.WANSmartqUpRate = int(aux.WANSmartqUpRate)
 	dst.WANVLAN = int(aux.WANVLAN)
+	dst.WireguardClientPeerPort = int(aux.WireguardClientPeerPort)
 
 	return nil
 }
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
index e2c07d5d2..c5e485246 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/port_profile.generated.go
@@ -25,42 +25,43 @@ type PortProfile struct {
 	NoDelete bool   `json:"attr_no_delete,omitempty"`
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
-	Autoneg                           bool     `json:"autoneg"`
-	Dot1XCtrl                         string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
-	Dot1XIDleTimeout                  int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
-	EgressRateLimitKbps               int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
-	EgressRateLimitKbpsEnabled        bool     `json:"egress_rate_limit_kbps_enabled"`
-	ExcludedNetworkIDs                []string `json:"excluded_networkconf_ids,omitempty"`
-	Forward                           string   `json:"forward,omitempty"` // all|native|customize|disabled
-	FullDuplex                        bool     `json:"full_duplex"`
-	Isolation                         bool     `json:"isolation"`
-	LldpmedEnabled                    bool     `json:"lldpmed_enabled"`
-	LldpmedNotifyEnabled              bool     `json:"lldpmed_notify_enabled"`
-	NATiveNetworkID                   string   `json:"native_networkconf_id"`
-	Name                              string   `json:"name,omitempty"`
-	OpMode                            string   `json:"op_mode,omitempty"`  // switch
-	PoeMode                           string   `json:"poe_mode,omitempty"` // auto|off
-	PortSecurityEnabled               bool     `json:"port_security_enabled"`
-	PortSecurityMACAddress            []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
-	PriorityQueue1Level               int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue2Level               int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue3Level               int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	PriorityQueue4Level               int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
-	SettingPreference                 string   `json:"setting_preference,omitempty"`        // auto|manual
-	ShowTrafficRestrictionAsAllowlist bool     `json:"show_traffic_restriction_as_allowlist"`
-	Speed                             int      `json:"speed,omitempty"` // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
-	StormctrlBroadcastastEnabled      bool     `json:"stormctrl_bcast_enabled"`
-	StormctrlBroadcastastLevel        int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlBroadcastastRate         int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlMcastEnabled             bool     `json:"stormctrl_mcast_enabled"`
-	StormctrlMcastLevel               int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlMcastRate                int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StormctrlType                     string   `json:"stormctrl_type,omitempty"`        // level|rate
-	StormctrlUcastEnabled             bool     `json:"stormctrl_ucast_enabled"`
-	StormctrlUcastLevel               int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
-	StormctrlUcastRate                int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
-	StpPortMode                       bool     `json:"stp_port_mode"`
-	VoiceNetworkID                    string   `json:"voice_networkconf_id"`
+	Autoneg                      bool     `json:"autoneg"`
+	Dot1XCtrl                    string   `json:"dot1x_ctrl,omitempty"`             // auto|force_authorized|force_unauthorized|mac_based|multi_host
+	Dot1XIDleTimeout             int      `json:"dot1x_idle_timeout,omitempty"`     // [0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]
+	EgressRateLimitKbps          int      `json:"egress_rate_limit_kbps,omitempty"` // 6[4-9]|[7-9][0-9]|[1-9][0-9]{2,6}
+	EgressRateLimitKbpsEnabled   bool     `json:"egress_rate_limit_kbps_enabled"`
+	ExcludedNetworkIDs           []string `json:"excluded_networkconf_ids,omitempty"`
+	Forward                      string   `json:"forward,omitempty"` // all|native|customize|disabled
+	FullDuplex                   bool     `json:"full_duplex"`
+	Isolation                    bool     `json:"isolation"`
+	LldpmedEnabled               bool     `json:"lldpmed_enabled"`
+	LldpmedNotifyEnabled         bool     `json:"lldpmed_notify_enabled"`
+	NATiveNetworkID              string   `json:"native_networkconf_id"`
+	Name                         string   `json:"name,omitempty"`
+	OpMode                       string   `json:"op_mode,omitempty"`  // switch
+	PoeMode                      string   `json:"poe_mode,omitempty"` // auto|off
+	PortKeepaliveEnabled         bool     `json:"port_keepalive_enabled"`
+	PortSecurityEnabled          bool     `json:"port_security_enabled"`
+	PortSecurityMACAddress       []string `json:"port_security_mac_address,omitempty"` // ^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$
+	PriorityQueue1Level          int      `json:"priority_queue1_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue2Level          int      `json:"priority_queue2_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue3Level          int      `json:"priority_queue3_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	PriorityQueue4Level          int      `json:"priority_queue4_level,omitempty"`     // [0-9]|[1-9][0-9]|100
+	SettingPreference            string   `json:"setting_preference,omitempty"`        // auto|manual
+	Speed                        int      `json:"speed,omitempty"`                     // 10|100|1000|2500|5000|10000|20000|25000|40000|50000|100000
+	StormctrlBroadcastastEnabled bool     `json:"stormctrl_bcast_enabled"`
+	StormctrlBroadcastastLevel   int      `json:"stormctrl_bcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlBroadcastastRate    int      `json:"stormctrl_bcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlMcastEnabled        bool     `json:"stormctrl_mcast_enabled"`
+	StormctrlMcastLevel          int      `json:"stormctrl_mcast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlMcastRate           int      `json:"stormctrl_mcast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StormctrlType                string   `json:"stormctrl_type,omitempty"`        // level|rate
+	StormctrlUcastEnabled        bool     `json:"stormctrl_ucast_enabled"`
+	StormctrlUcastLevel          int      `json:"stormctrl_ucast_level,omitempty"` // [0-9]|[1-9][0-9]|100
+	StormctrlUcastRate           int      `json:"stormctrl_ucast_rate,omitempty"`  // [0-9]|[1-9][0-9]{1,6}|1[0-3][0-9]{6}|14[0-7][0-9]{5}|148[0-7][0-9]{4}|14880000
+	StpPortMode                  bool     `json:"stp_port_mode"`
+	TaggedVLANMgmt               string   `json:"tagged_vlan_mgmt,omitempty"` // auto|block_all|custom
+	VoiceNetworkID               string   `json:"voice_networkconf_id"`
 }
 
 func (dst *PortProfile) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_doh.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_doh.generated.go
new file mode 100644
index 000000000..adcc717ce
--- /dev/null
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_doh.generated.go
@@ -0,0 +1,88 @@
+// Code generated from ace.jar fields *.json files
+// DO NOT EDIT.
+
+package unifi
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+)
+
+// just to fix compile issues with the import
+var (
+	_ context.Context
+	_ fmt.Formatter
+	_ json.Marshaler
+)
+
+type SettingDoh struct {
+	ID     string `json:"_id,omitempty"`
+	SiteID string `json:"site_id,omitempty"`
+
+	Hidden   bool   `json:"attr_hidden,omitempty"`
+	HiddenID string `json:"attr_hidden_id,omitempty"`
+	NoDelete bool   `json:"attr_no_delete,omitempty"`
+	NoEdit   bool   `json:"attr_no_edit,omitempty"`
+
+	Key string `json:"key"`
+
+	ServerNames []string `json:"server_names,omitempty"`
+	State       string   `json:"state,omitempty"` // off|auto|manual
+}
+
+func (dst *SettingDoh) UnmarshalJSON(b []byte) error {
+	type Alias SettingDoh
+	aux := &struct {
+		*Alias
+	}{
+		Alias: (*Alias)(dst),
+	}
+
+	err := json.Unmarshal(b, &aux)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal alias: %w", err)
+	}
+
+	return nil
+}
+
+func (c *Client) getSettingDoh(ctx context.Context, site string) (*SettingDoh, error) {
+	var respBody struct {
+		Meta meta         `json:"meta"`
+		Data []SettingDoh `json:"data"`
+	}
+
+	err := c.do(ctx, "GET", fmt.Sprintf("s/%s/get/setting/doh", site), nil, &respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respBody.Data) != 1 {
+		return nil, &NotFoundError{}
+	}
+
+	d := respBody.Data[0]
+	return &d, nil
+}
+
+func (c *Client) updateSettingDoh(ctx context.Context, site string, d *SettingDoh) (*SettingDoh, error) {
+	var respBody struct {
+		Meta meta         `json:"meta"`
+		Data []SettingDoh `json:"data"`
+	}
+
+	d.Key = "doh"
+	err := c.do(ctx, "PUT", fmt.Sprintf("s/%s/set/setting/doh", site), d, &respBody)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(respBody.Data) != 1 {
+		return nil, &NotFoundError{}
+	}
+
+	new := respBody.Data[0]
+
+	return &new, nil
+}
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
index a6a6bcfbb..3198ce3fc 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_guest_access.generated.go
@@ -29,7 +29,9 @@ type SettingGuestAccess struct {
 
 	AllowedSubnet                          string   `json:"allowed_subnet_,omitempty"`
 	Auth                                   string   `json:"auth,omitempty"` // none|hotspot|facebook_wifi|custom
-	CustomIP                               string   `json:"custom_ip"`      // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
+	AuthUrl                                string   `json:"auth_url,omitempty"`
+	AuthorizeUseSandbox                    bool     `json:"authorize_use_sandbox"`
+	CustomIP                               string   `json:"custom_ip"` // ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^$
 	EcEnabled                              bool     `json:"ec_enabled"`
 	Expire                                 string   `json:"expire,omitempty"`        // [\d]+|custom
 	ExpireNumber                           int      `json:"expire_number,omitempty"` // ^[1-9][0-9]{0,5}|1000000$
@@ -40,13 +42,16 @@ type SettingGuestAccess struct {
 	FacebookWifiBlockHttps                 bool     `json:"facebook_wifi_block_https"`
 	FacebookWifiGwID                       string   `json:"facebook_wifi_gw_id"`
 	FacebookWifiGwName                     string   `json:"facebook_wifi_gw_name,omitempty"`
-	Gateway                                string   `json:"gateway,omitempty"` // stripe
+	Gateway                                string   `json:"gateway,omitempty"` // paypal|stripe|authorize|quickpay|merchantwarrior|ippay
 	GoogleClientID                         string   `json:"google_client_id"`
 	GoogleDomain                           string   `json:"google_domain,omitempty"`
 	GoogleEnabled                          bool     `json:"google_enabled"`
 	GoogleScopeEmail                       bool     `json:"google_scope_email"`
+	IPpayUseSandbox                        bool     `json:"ippay_use_sandbox"`
+	MerchantwarriorUseSandbox              bool     `json:"merchantwarrior_use_sandbox"`
 	PasswordEnabled                        bool     `json:"password_enabled"`
 	PaymentEnabled                         bool     `json:"payment_enabled"`
+	PaypalUseSandbox                       bool     `json:"paypal_use_sandbox"`
 	PortalCustomized                       bool     `json:"portal_customized"`
 	PortalCustomizedAuthenticationText     string   `json:"portal_customized_authentication_text,omitempty"`
 	PortalCustomizedBgColor                string   `json:"portal_customized_bg_color"` // ^#[a-zA-Z0-9]{6}$|^#[a-zA-Z0-9]{3}$|^$
@@ -81,6 +86,7 @@ type SettingGuestAccess struct {
 	PortalEnabled                          bool     `json:"portal_enabled"`
 	PortalHostname                         string   `json:"portal_hostname"` // ^[a-zA-Z0-9.-]+$|^$
 	PortalUseHostname                      bool     `json:"portal_use_hostname"`
+	QuickpayTestmode                       bool     `json:"quickpay_testmode"`
 	RADIUSAuthType                         string   `json:"radius_auth_type,omitempty"` // chap|mschapv2
 	RADIUSDisconnectEnabled                bool     `json:"radius_disconnect_enabled"`
 	RADIUSDisconnectPort                   int      `json:"radius_disconnect_port,omitempty"` // [1-9][0-9]{0,3}|[1-5][0-9]{4}|[6][0-4][0-9]{3}|[6][5][0-4][0-9]{2}|[6][5][5][0-2][0-9]|[6][5][5][3][0-5]
@@ -99,10 +105,22 @@ type SettingGuestAccess struct {
 	WechatAppID                            string   `json:"wechat_app_id"`
 	WechatEnabled                          bool     `json:"wechat_enabled"`
 	WechatShopID                           string   `json:"wechat_shop_id"`
+	XAuthorizeLoginid                      string   `json:"x_authorize_loginid,omitempty"`
+	XAuthorizeTransactionkey               string   `json:"x_authorize_transactionkey,omitempty"`
 	XFacebookAppSecret                     string   `json:"x_facebook_app_secret,omitempty"`
 	XFacebookWifiGwSecret                  string   `json:"x_facebook_wifi_gw_secret,omitempty"`
 	XGoogleClientSecret                    string   `json:"x_google_client_secret,omitempty"`
+	XIPpayTerminalid                       string   `json:"x_ippay_terminalid,omitempty"`
+	XMerchantwarriorApikey                 string   `json:"x_merchantwarrior_apikey,omitempty"`
+	XMerchantwarriorApipassphrase          string   `json:"x_merchantwarrior_apipassphrase,omitempty"`
+	XMerchantwarriorMerchantuuid           string   `json:"x_merchantwarrior_merchantuuid,omitempty"`
 	XPassword                              string   `json:"x_password,omitempty"`
+	XPaypalPassword                        string   `json:"x_paypal_password,omitempty"`
+	XPaypalSignature                       string   `json:"x_paypal_signature,omitempty"`
+	XPaypalUsername                        string   `json:"x_paypal_username,omitempty"`
+	XQuickpayAgreementid                   string   `json:"x_quickpay_agreementid,omitempty"`
+	XQuickpayApikey                        string   `json:"x_quickpay_apikey,omitempty"`
+	XQuickpayMerchantid                    string   `json:"x_quickpay_merchantid,omitempty"`
 	XStripeApiKey                          string   `json:"x_stripe_api_key,omitempty"`
 	XWechatAppSecret                       string   `json:"x_wechat_app_secret,omitempty"`
 	XWechatSecretKey                       string   `json:"x_wechat_secret_key,omitempty"`
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_ips.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_ips.generated.go
index a8dd34f3c..6bac5143e 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/setting_ips.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_ips.generated.go
@@ -27,18 +27,20 @@ type SettingIps struct {
 
 	Key string `json:"key"`
 
-	AdBlockingConfigurations []SettingIpsAdBlockingConfigurations `json:"ad_blocking_configurations,omitempty"`
-	AdBlockingEnabled        bool                                 `json:"ad_blocking_enabled"`
-	DNSFiltering             bool                                 `json:"dns_filtering"`
-	DNSFilters               []SettingIpsDNSFilters               `json:"dns_filters,omitempty"`
-	EnabledCategories        []string                             `json:"enabled_categories,omitempty"` // emerging-activex|emerging-attackresponse|botcc|emerging-chat|ciarmy|compromised|emerging-dns|emerging-dos|dshield|emerging-exploit|emerging-ftp|emerging-games|emerging-icmp|emerging-icmpinfo|emerging-imap|emerging-inappropriate|emerging-info|emerging-malware|emerging-misc|emerging-mobile|emerging-netbios|emerging-p2p|emerging-policy|emerging-pop3|emerging-rpc|emerging-scada|emerging-scan|emerging-shellcode|emerging-smtp|emerging-snmp|emerging-sql|emerging-telnet|emerging-tftp|tor|emerging-trojan|emerging-useragent|emerging-voip|emerging-webapps|emerging-webclient|emerging-webserver|emerging-worm
-	Honeypot                 []SettingIpsHoneypot                 `json:"honeypot,omitempty"`
-	HoneypotEnabled          bool                                 `json:"honeypot_enabled"`
-	IPsMode                  string                               `json:"ips_mode,omitempty"` // ids|ips|ipsInline|disabled
-	RestrictIPAddresses      bool                                 `json:"restrict_ip_addresses"`
-	RestrictTor              bool                                 `json:"restrict_tor"`
-	RestrictTorrents         bool                                 `json:"restrict_torrents"`
-	Suppression              SettingIpsSuppression                `json:"suppression,omitempty"`
+	AdBlockingConfigurations    []SettingIpsAdBlockingConfigurations `json:"ad_blocking_configurations,omitempty"`
+	AdBlockingEnabled           bool                                 `json:"ad_blocking_enabled"`
+	AdvancedFilteringPreference string                               `json:"advanced_filtering_preference,omitempty"` // |auto|manual|disabled
+	DNSFiltering                bool                                 `json:"dns_filtering"`
+	DNSFilters                  []SettingIpsDNSFilters               `json:"dns_filters,omitempty"`
+	EnabledCategories           []string                             `json:"enabled_categories,omitempty"` // emerging-activex|emerging-attackresponse|botcc|emerging-chat|ciarmy|compromised|emerging-dns|emerging-dos|dshield|emerging-exploit|emerging-ftp|emerging-games|emerging-icmp|emerging-icmpinfo|emerging-imap|emerging-inappropriate|emerging-info|emerging-malware|emerging-misc|emerging-mobile|emerging-netbios|emerging-p2p|emerging-policy|emerging-pop3|emerging-rpc|emerging-scada|emerging-scan|emerging-shellcode|emerging-smtp|emerging-snmp|emerging-sql|emerging-telnet|emerging-tftp|tor|emerging-trojan|emerging-useragent|emerging-voip|emerging-webapps|emerging-webclient|emerging-webserver|emerging-worm
+	EnabledNetworks             []string                             `json:"enabled_networks,omitempty"`
+	Honeypot                    []SettingIpsHoneypot                 `json:"honeypot,omitempty"`
+	HoneypotEnabled             bool                                 `json:"honeypot_enabled"`
+	IPsMode                     string                               `json:"ips_mode,omitempty"` // ids|ips|ipsInline|disabled
+	RestrictIPAddresses         bool                                 `json:"restrict_ip_addresses"`
+	RestrictTor                 bool                                 `json:"restrict_tor"`
+	RestrictTorrents            bool                                 `json:"restrict_torrents"`
+	Suppression                 SettingIpsSuppression                `json:"suppression,omitempty"`
 }
 
 func (dst *SettingIps) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_radio_ai.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_radio_ai.generated.go
index b9e963e45..1565d63bc 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/setting_radio_ai.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_radio_ai.generated.go
@@ -39,7 +39,7 @@ type SettingRadioAi struct {
 	Optimize                    []string `json:"optimize,omitempty"`           // channel|power
 	Radios                      []string `json:"radios,omitempty"`             // na|ng
 	SettingPreference           string   `json:"setting_preference,omitempty"` // auto|manual
-	UseXY                       bool     `json:"useXY"`
+	UseXy                       bool     `json:"useXY"`
 }
 
 func (dst *SettingRadioAi) UnmarshalJSON(b []byte) error {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/setting_super_mgmt.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/setting_super_mgmt.generated.go
index 61f5629a5..63e08473c 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/setting_super_mgmt.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/setting_super_mgmt.generated.go
@@ -52,7 +52,6 @@ type SettingSuperMgmt struct {
 	ContactInfoState                         string   `json:"contact_info_state,omitempty"`
 	ContactInfoZip                           string   `json:"contact_info_zip,omitempty"`
 	DataRetentionSettingPreference           string   `json:"data_retention_setting_preference,omitempty"` // auto|manual
-	DataRetentionTimeEnabled                 bool     `json:"data_retention_time_enabled"`
 	DataRetentionTimeInHoursFor5MinutesScale int      `json:"data_retention_time_in_hours_for_5minutes_scale,omitempty"`
 	DataRetentionTimeInHoursForDailyScale    int      `json:"data_retention_time_in_hours_for_daily_scale,omitempty"`
 	DataRetentionTimeInHoursForHourlyScale   int      `json:"data_retention_time_in_hours_for_hourly_scale,omitempty"`
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/sites.go b/vendor/github.com/paultyng/go-unifi/unifi/sites.go
index eec4b08fe..2ac5d82a9 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/sites.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/sites.go
@@ -16,7 +16,7 @@ type Site struct {
 	Name        string `json:"name"`
 	Description string `json:"desc"`
 
-	//Role string `json:"role"`
+	// Role string `json:"role"`
 }
 
 func (c *Client) ListSites(ctx context.Context) ([]Site, error) {
@@ -35,7 +35,6 @@ func (c *Client) ListSites(ctx context.Context) ([]Site, error) {
 
 func (c *Client) GetSite(ctx context.Context, id string) (*Site, error) {
 	sites, err := c.ListSites(ctx)
-
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/unifi.go b/vendor/github.com/paultyng/go-unifi/unifi/unifi.go
index ef2a881ba..8688c4053 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/unifi.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/unifi.go
@@ -95,7 +95,7 @@ func (c *Client) setAPIUrlStyle(ctx context.Context) error {
 	// see https://github.com/unifi-poller/unifi/blob/4dc44f11f61a2e08bf7ec5b20c71d5bced837b5d/unifi.go#L101-L104
 	// and https://github.com/unifi-poller/unifi/commit/43a6b225031a28f2b358f52d03a7217c7b524143
 
-	req, err := http.NewRequestWithContext(ctx, "GET", c.baseURL.String(), nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, c.baseURL.String(), nil)
 	if err != nil {
 		return err
 	}
@@ -243,7 +243,7 @@ func (c *Client) do(ctx context.Context, method, relativeURL string, reqBody int
 		c.csrf = resp.Header.Get("x-csrf-token")
 	}
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		errBody := struct {
 			Meta meta `json:"meta"`
 			Data []struct {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/user.go b/vendor/github.com/paultyng/go-unifi/unifi/user.go
index e42cfa479..06106c5fc 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/user.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/user.go
@@ -65,9 +65,9 @@ func (c *Client) CreateUser(ctx context.Context, site string, d *User) (*User, e
 		return nil, &NotFoundError{}
 	}
 
-	new := respBody.Data[0].Data[0]
+	user := respBody.Data[0].Data[0]
 
-	return &new, nil
+	return &user, nil
 }
 
 func (c *Client) stamgr(ctx context.Context, site, cmd string, data map[string]interface{}) ([]User, error) {
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
index 788d2e20c..055bf06a7 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/version.generated.go
@@ -2,4 +2,4 @@
 
 package unifi
 
-const UnifiVersion = "7.4.156"
+const UnifiVersion = "8.0.7"
diff --git a/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go b/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
index 44ce28601..6ffbdf285 100644
--- a/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
+++ b/vendor/github.com/paultyng/go-unifi/unifi/wlan.generated.go
@@ -26,6 +26,7 @@ type WLAN struct {
 	NoEdit   bool   `json:"attr_no_edit,omitempty"`
 
 	ApGroupIDs                  []string                   `json:"ap_group_ids,omitempty"`
+	ApGroupMode                 string                     `json:"ap_group_mode,omitempty"` // all|groups|devices
 	AuthCache                   bool                       `json:"auth_cache"`
 	BSupported                  bool                       `json:"b_supported"`
 	BroadcastFilterEnabled      bool                       `json:"bc_filter_enabled"`
@@ -71,6 +72,8 @@ type WLAN struct {
 	PMFCipher                   string                     `json:"pmf_cipher,omitempty"` // auto|aes-128-cmac|bip-gmac-256
 	PMFMode                     string                     `json:"pmf_mode,omitempty"`   // disabled|optional|required
 	Priority                    string                     `json:"priority,omitempty"`   // medium|high|low
+	PrivatePresharedKeys        []WLANPrivatePresharedKeys `json:"private_preshared_keys,omitempty"`
+	PrivatePresharedKeysEnabled bool                       `json:"private_preshared_keys_enabled"`
 	ProxyArp                    bool                       `json:"proxy_arp"`
 	RADIUSDasEnabled            bool                       `json:"radius_das_enabled"`
 	RADIUSMACAuthEnabled        bool                       `json:"radius_mac_auth_enabled"`
@@ -92,6 +95,7 @@ type WLAN struct {
 	SettingPreference           string                     `json:"setting_preference,omitempty"` // auto|manual
 	TdlsProhibit                bool                       `json:"tdls_prohibit"`
 	UapsdEnabled                bool                       `json:"uapsd_enabled"`
+	UidWorkspaceUrl             string                     `json:"uid_workspace_url,omitempty"`
 	UserGroupID                 string                     `json:"usergroup_id"`
 	VLAN                        int                        `json:"vlan,omitempty"` // [2-9]|[1-9][0-9]{1,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-5]|^$
 	VLANEnabled                 bool                       `json:"vlan_enabled"`
@@ -155,6 +159,27 @@ func (dst *WLAN) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
+type WLANPrivatePresharedKeys struct {
+	NetworkID string `json:"networkconf_id"`
+	Password  string `json:"password,omitempty"` // [\x20-\x7E]{8,255}
+}
+
+func (dst *WLANPrivatePresharedKeys) UnmarshalJSON(b []byte) error {
+	type Alias WLANPrivatePresharedKeys
+	aux := &struct {
+		*Alias
+	}{
+		Alias: (*Alias)(dst),
+	}
+
+	err := json.Unmarshal(b, &aux)
+	if err != nil {
+		return fmt.Errorf("unable to unmarshal alias: %w", err)
+	}
+
+	return nil
+}
+
 type WLANSaePsk struct {
 	ID   string `json:"id"`             // .{0,128}
 	MAC  string `json:"mac,omitempty"`  // ^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$
diff --git a/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml b/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
index 3aa1840ec..1d8b69e65 100644
--- a/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
+++ b/vendor/github.com/pelletier/go-toml/v2/.goreleaser.yaml
@@ -18,6 +18,7 @@ builds:
       - linux_amd64
       - linux_arm64
       - linux_arm
+      - linux_riscv64
       - windows_amd64
       - windows_arm64
       - windows_arm
@@ -37,6 +38,7 @@ builds:
       - linux_amd64
       - linux_arm64
       - linux_arm
+      - linux_riscv64
       - windows_amd64
       - windows_arm64
       - windows_arm
@@ -55,6 +57,7 @@ builds:
     targets:
       - linux_amd64
       - linux_arm64
+      - linux_riscv64
       - linux_arm
       - windows_amd64
       - windows_arm64
diff --git a/vendor/github.com/pelletier/go-toml/v2/LICENSE b/vendor/github.com/pelletier/go-toml/v2/LICENSE
index 6839d51cd..991e2ae96 100644
--- a/vendor/github.com/pelletier/go-toml/v2/LICENSE
+++ b/vendor/github.com/pelletier/go-toml/v2/LICENSE
@@ -1,6 +1,7 @@
 The MIT License (MIT)
 
-Copyright (c) 2013 - 2022 Thomas Pelletier, Eric Anderton
+go-toml v2
+Copyright (c) 2021 - 2023 Thomas Pelletier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/vendor/github.com/pelletier/go-toml/v2/README.md b/vendor/github.com/pelletier/go-toml/v2/README.md
index 9f8439cc7..63b92f3b0 100644
--- a/vendor/github.com/pelletier/go-toml/v2/README.md
+++ b/vendor/github.com/pelletier/go-toml/v2/README.md
@@ -45,16 +45,15 @@ to check for typos. [See example in the documentation][strict].
 
 ### Contextualized errors
 
-When most decoding errors occur, go-toml returns [`DecodeError`][decode-err]),
+When most decoding errors occur, go-toml returns [`DecodeError`][decode-err],
 which contains a human readable contextualized version of the error. For
 example:
 
 ```
-2| key1 = "value1"
-3| key2 = "missing2"
- | ~~~~ missing field
-4| key3 = "missing3"
-5| key4 = "value4"
+1| [server]
+2| path = 100
+ |        ~~~ cannot decode TOML integer into struct field toml_test.Server.Path of type string
+3| port = 50
 ```
 
 [decode-err]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#DecodeError
@@ -73,6 +72,26 @@ representation.
 [tlt]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#LocalTime
 [tldt]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#LocalDateTime
 
+### Commented config
+
+Since TOML is often used for configuration files, go-toml can emit documents
+annotated with [comments and commented-out values][comments-example]. For
+example, it can generate the following file:
+
+```toml
+# Host IP to connect to.
+host = '127.0.0.1'
+# Port of the remote server.
+port = 4242
+
+# Encryption parameters (optional)
+# [TLS]
+# cipher = 'AEAD-AES128-GCM-SHA256'
+# version = 'TLS 1.3'
+```
+
+[comments-example]: https://pkg.go.dev/github.com/pelletier/go-toml/v2#example-Marshal-Commented
+
 ## Getting started
 
 Given the following struct, let's see how to read it and write it as TOML:
@@ -497,27 +516,20 @@ is not necessary anymore.
 
 V1 used to provide multiple struct tags: `comment`, `commented`, `multiline`,
 `toml`, and `omitempty`. To behave more like the standard library, v2 has merged
-`toml`, `multiline`, and `omitempty`. For example:
+`toml`, `multiline`, `commented`, and `omitempty`. For example:
 
 ```go
 type doc struct {
 	// v1
-	F string `toml:"field" multiline:"true" omitempty:"true"`
+	F string `toml:"field" multiline:"true" omitempty:"true" commented:"true"`
 	// v2
-	F string `toml:"field,multiline,omitempty"`
+	F string `toml:"field,multiline,omitempty,commented"`
 }
 ```
 
 Has a result, the `Encoder.SetTag*` methods have been removed, as there is just
 one tag now.
 
-
-#### `commented` tag has been removed
-
-There is no replacement for the `commented` tag. This feature would be better
-suited in a proper document model for go-toml v2, which has been [cut from
-scope][nodoc] at the moment.
-
 #### `Encoder.ArraysWithOneElementPerLine` has been renamed
 
 The new name is `Encoder.SetArraysMultiline`. The behavior should be the same.
@@ -553,7 +565,7 @@ complete solutions exist out there.
 
 ## Versioning
 
-Go-toml follows [Semantic Versioning](http://semver.org/). The supported version
+Go-toml follows [Semantic Versioning](https://semver.org). The supported version
 of [TOML](https://github.com/toml-lang/toml) is indicated at the beginning of
 this document. The last two major versions of Go are supported
 (see [Go Release Policy](https://golang.org/doc/devel/release.html#policy)).
diff --git a/vendor/github.com/pelletier/go-toml/v2/ci.sh b/vendor/github.com/pelletier/go-toml/v2/ci.sh
index d916c5f23..9ae8b7537 100644
--- a/vendor/github.com/pelletier/go-toml/v2/ci.sh
+++ b/vendor/github.com/pelletier/go-toml/v2/ci.sh
@@ -77,8 +77,9 @@ cover() {
 
     pushd "$dir"
     go test -covermode=atomic  -coverpkg=./... -coverprofile=coverage.out.tmp ./...
-    cat coverage.out.tmp | grep -v testsuite | grep -v tomltestgen | grep -v gotoml-test-decoder > coverage.out
+    cat coverage.out.tmp | grep -v fuzz | grep -v testsuite | grep -v tomltestgen | grep -v gotoml-test-decoder > coverage.out
     go tool cover -func=coverage.out
+    echo "Coverage profile for ${branch}: ${dir}/coverage.out" >&2
     popd
 
     if [ "${branch}" != "HEAD" ]; then
diff --git a/vendor/github.com/pelletier/go-toml/v2/decode.go b/vendor/github.com/pelletier/go-toml/v2/decode.go
index 3a860d0f6..f0ec3b170 100644
--- a/vendor/github.com/pelletier/go-toml/v2/decode.go
+++ b/vendor/github.com/pelletier/go-toml/v2/decode.go
@@ -318,7 +318,7 @@ func parseFloat(b []byte) (float64, error) {
 	if cleaned[0] == '+' || cleaned[0] == '-' {
 		start = 1
 	}
-	if cleaned[start] == '0' && isDigit(cleaned[start+1]) {
+	if cleaned[start] == '0' && len(cleaned) > start+1 && isDigit(cleaned[start+1]) {
 		return 0, unstable.NewParserError(b, "float integer part cannot have leading zeroes")
 	}
 
diff --git a/vendor/github.com/pelletier/go-toml/v2/marshaler.go b/vendor/github.com/pelletier/go-toml/v2/marshaler.go
index 07aceb902..6fe78533c 100644
--- a/vendor/github.com/pelletier/go-toml/v2/marshaler.go
+++ b/vendor/github.com/pelletier/go-toml/v2/marshaler.go
@@ -148,6 +148,9 @@ func (enc *Encoder) SetIndentTables(indent bool) *Encoder {
 //
 // The "omitempty" option prevents empty values or groups from being emitted.
 //
+// The "commented" option prefixes the value and all its children with a comment
+// symbol.
+//
 // In addition to the "toml" tag struct tag, a "comment" tag can be used to emit
 // a TOML comment before the value being annotated. Comments are ignored inside
 // inline tables. For array tables, the comment is only present before the first
@@ -180,6 +183,7 @@ func (enc *Encoder) Encode(v interface{}) error {
 type valueOptions struct {
 	multiline bool
 	omitempty bool
+	commented bool
 	comment   string
 }
 
@@ -205,6 +209,9 @@ type encoderCtx struct {
 	// Indentation level
 	indent int
 
+	// Prefix the current value with a comment.
+	commented bool
+
 	// Options coming from struct tags
 	options valueOptions
 }
@@ -273,7 +280,7 @@ func (enc *Encoder) encode(b []byte, ctx encoderCtx, v reflect.Value) ([]byte, e
 		return enc.encodeMap(b, ctx, v)
 	case reflect.Struct:
 		return enc.encodeStruct(b, ctx, v)
-	case reflect.Slice:
+	case reflect.Slice, reflect.Array:
 		return enc.encodeSlice(b, ctx, v)
 	case reflect.Interface:
 		if v.IsNil() {
@@ -357,9 +364,10 @@ func (enc *Encoder) encodeKv(b []byte, ctx encoderCtx, options valueOptions, v r
 
 	if !ctx.inline {
 		b = enc.encodeComment(ctx.indent, options.comment, b)
+		b = enc.commented(ctx.commented, b)
+		b = enc.indent(ctx.indent, b)
 	}
 
-	b = enc.indent(ctx.indent, b)
 	b = enc.encodeKey(b, ctx.key)
 	b = append(b, " = "...)
 
@@ -378,6 +386,13 @@ func (enc *Encoder) encodeKv(b []byte, ctx encoderCtx, options valueOptions, v r
 	return b, nil
 }
 
+func (enc *Encoder) commented(commented bool, b []byte) []byte {
+	if commented {
+		return append(b, "# "...)
+	}
+	return b
+}
+
 func isEmptyValue(v reflect.Value) bool {
 	switch v.Kind() {
 	case reflect.Struct:
@@ -526,6 +541,8 @@ func (enc *Encoder) encodeTableHeader(ctx encoderCtx, b []byte) ([]byte, error)
 
 	b = enc.encodeComment(ctx.indent, ctx.options.comment, b)
 
+	b = enc.commented(ctx.commented, b)
+
 	b = enc.indent(ctx.indent, b)
 
 	b = append(b, '[')
@@ -577,11 +594,23 @@ func (enc *Encoder) encodeKey(b []byte, k string) []byte {
 	}
 }
 
-func (enc *Encoder) encodeMap(b []byte, ctx encoderCtx, v reflect.Value) ([]byte, error) {
-	if v.Type().Key().Kind() != reflect.String {
-		return nil, fmt.Errorf("toml: type %s is not supported as a map key", v.Type().Key().Kind())
+func (enc *Encoder) keyToString(k reflect.Value) (string, error) {
+	keyType := k.Type()
+	switch {
+	case keyType.Kind() == reflect.String:
+		return k.String(), nil
+
+	case keyType.Implements(textMarshalerType):
+		keyB, err := k.Interface().(encoding.TextMarshaler).MarshalText()
+		if err != nil {
+			return "", fmt.Errorf("toml: error marshalling key %v from text: %w", k, err)
+		}
+		return string(keyB), nil
 	}
+	return "", fmt.Errorf("toml: type %s is not supported as a map key", keyType.Kind())
+}
 
+func (enc *Encoder) encodeMap(b []byte, ctx encoderCtx, v reflect.Value) ([]byte, error) {
 	var (
 		t                 table
 		emptyValueOptions valueOptions
@@ -589,13 +618,17 @@ func (enc *Encoder) encodeMap(b []byte, ctx encoderCtx, v reflect.Value) ([]byte
 
 	iter := v.MapRange()
 	for iter.Next() {
-		k := iter.Key().String()
 		v := iter.Value()
 
 		if isNil(v) {
 			continue
 		}
 
+		k, err := enc.keyToString(iter.Key())
+		if err != nil {
+			return nil, err
+		}
+
 		if willConvertToTableOrArrayTable(ctx, v) {
 			t.pushTable(k, v, emptyValueOptions)
 		} else {
@@ -688,6 +721,7 @@ func walkStruct(ctx encoderCtx, t *table, v reflect.Value) {
 		options := valueOptions{
 			multiline: opts.multiline,
 			omitempty: opts.omitempty,
+			commented: opts.commented,
 			comment:   fieldType.Tag.Get("comment"),
 		}
 
@@ -747,6 +781,7 @@ type tagOptions struct {
 	multiline bool
 	inline    bool
 	omitempty bool
+	commented bool
 }
 
 func parseTag(tag string) (string, tagOptions) {
@@ -774,6 +809,8 @@ func parseTag(tag string) (string, tagOptions) {
 			opts.inline = true
 		case "omitempty":
 			opts.omitempty = true
+		case "commented":
+			opts.commented = true
 		}
 	}
 
@@ -809,8 +846,10 @@ func (enc *Encoder) encodeTable(b []byte, ctx encoderCtx, t table) ([]byte, erro
 		hasNonEmptyKV = true
 
 		ctx.setKey(kv.Key)
+		ctx2 := ctx
+		ctx2.commented = kv.Options.commented || ctx2.commented
 
-		b, err = enc.encodeKv(b, ctx, kv.Options, kv.Value)
+		b, err = enc.encodeKv(b, ctx2, kv.Options, kv.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -835,8 +874,10 @@ func (enc *Encoder) encodeTable(b []byte, ctx encoderCtx, t table) ([]byte, erro
 		ctx.setKey(table.Key)
 
 		ctx.options = table.Options
+		ctx2 := ctx
+		ctx2.commented = ctx2.commented || ctx.options.commented
 
-		b, err = enc.encode(b, ctx, table.Value)
+		b, err = enc.encode(b, ctx2, table.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -914,7 +955,7 @@ func willConvertToTableOrArrayTable(ctx encoderCtx, v reflect.Value) bool {
 		return willConvertToTableOrArrayTable(ctx, v.Elem())
 	}
 
-	if t.Kind() == reflect.Slice {
+	if t.Kind() == reflect.Slice || t.Kind() == reflect.Array {
 		if v.Len() == 0 {
 			// An empty slice should be a kv = [].
 			return false
@@ -954,6 +995,9 @@ func (enc *Encoder) encodeSliceAsArrayTable(b []byte, ctx encoderCtx, v reflect.
 	ctx.shiftKey()
 
 	scratch := make([]byte, 0, 64)
+
+	scratch = enc.commented(ctx.commented, scratch)
+
 	scratch = append(scratch, "[["...)
 
 	for i, k := range ctx.parentKey {
@@ -969,6 +1013,10 @@ func (enc *Encoder) encodeSliceAsArrayTable(b []byte, ctx encoderCtx, v reflect.
 
 	b = enc.encodeComment(ctx.indent, ctx.options.comment, b)
 
+	if enc.indentTables {
+		ctx.indent++
+	}
+
 	for i := 0; i < v.Len(); i++ {
 		if i != 0 {
 			b = append(b, "\n"...)
diff --git a/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go b/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
index 70f6ec572..868c74c15 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unmarshaler.go
@@ -60,7 +60,7 @@ func (d *Decoder) DisallowUnknownFields() *Decoder {
 // are ignored. See Decoder.DisallowUnknownFields() to change this behavior.
 //
 // When a TOML local date, time, or date-time is decoded into a time.Time, its
-// value is represented in time.Local timezone. Otherwise the approriate Local*
+// value is represented in time.Local timezone. Otherwise the appropriate Local*
 // structure is used. For time values, precision up to the nanosecond is
 // supported by truncating extra digits.
 //
@@ -149,12 +149,16 @@ type errorContext struct {
 }
 
 func (d *decoder) typeMismatchError(toml string, target reflect.Type) error {
+	return fmt.Errorf("toml: %s", d.typeMismatchString(toml, target))
+}
+
+func (d *decoder) typeMismatchString(toml string, target reflect.Type) string {
 	if d.errorContext != nil && d.errorContext.Struct != nil {
 		ctx := d.errorContext
 		f := ctx.Struct.FieldByIndex(ctx.Field)
-		return fmt.Errorf("toml: cannot decode TOML %s into struct field %s.%s of type %s", toml, ctx.Struct, f.Name, f.Type)
+		return fmt.Sprintf("cannot decode TOML %s into struct field %s.%s of type %s", toml, ctx.Struct, f.Name, f.Type)
 	}
-	return fmt.Errorf("toml: cannot decode TOML %s into a Go value of type %s", toml, target)
+	return fmt.Sprintf("cannot decode TOML %s into a Go value of type %s", toml, target)
 }
 
 func (d *decoder) expr() *unstable.Node {
@@ -417,7 +421,10 @@ func (d *decoder) handleKeyPart(key unstable.Iterator, v reflect.Value, nextFn h
 		vt := v.Type()
 
 		// Create the key for the map element. Convert to key type.
-		mk := reflect.ValueOf(string(key.Node().Data)).Convert(vt.Key())
+		mk, err := d.keyFromData(vt.Key(), key.Node().Data)
+		if err != nil {
+			return reflect.Value{}, err
+		}
 
 		// If the map does not exist, create it.
 		if v.IsNil() {
@@ -746,7 +753,7 @@ func (d *decoder) unmarshalInlineTable(itable *unstable.Node, v reflect.Value) e
 		}
 		return d.unmarshalInlineTable(itable, elem)
 	default:
-		return unstable.NewParserError(itable.Data, "cannot store inline table in Go type %s", v.Kind())
+		return unstable.NewParserError(d.p.Raw(itable.Raw), "cannot store inline table in Go type %s", v.Kind())
 	}
 
 	it := itable.Children()
@@ -887,6 +894,11 @@ func init() {
 }
 
 func (d *decoder) unmarshalInteger(value *unstable.Node, v reflect.Value) error {
+	kind := v.Kind()
+	if kind == reflect.Float32 || kind == reflect.Float64 {
+		return d.unmarshalFloat(value, v)
+	}
+
 	i, err := parseInteger(value.Data)
 	if err != nil {
 		return err
@@ -894,7 +906,7 @@ func (d *decoder) unmarshalInteger(value *unstable.Node, v reflect.Value) error
 
 	var r reflect.Value
 
-	switch v.Kind() {
+	switch kind {
 	case reflect.Int64:
 		v.SetInt(i)
 		return nil
@@ -955,7 +967,7 @@ func (d *decoder) unmarshalInteger(value *unstable.Node, v reflect.Value) error
 	case reflect.Interface:
 		r = reflect.ValueOf(i)
 	default:
-		return d.typeMismatchError("integer", v.Type())
+		return unstable.NewParserError(d.p.Raw(value.Raw), d.typeMismatchString("integer", v.Type()))
 	}
 
 	if !r.Type().AssignableTo(v.Type()) {
@@ -974,7 +986,7 @@ func (d *decoder) unmarshalString(value *unstable.Node, v reflect.Value) error {
 	case reflect.Interface:
 		v.Set(reflect.ValueOf(string(value.Data)))
 	default:
-		return unstable.NewParserError(d.p.Raw(value.Raw), "cannot store TOML string into a Go %s", v.Kind())
+		return unstable.NewParserError(d.p.Raw(value.Raw), d.typeMismatchString("string", v.Type()))
 	}
 
 	return nil
@@ -1004,6 +1016,31 @@ func (d *decoder) handleKeyValueInner(key unstable.Iterator, value *unstable.Nod
 	return reflect.Value{}, d.handleValue(value, v)
 }
 
+func (d *decoder) keyFromData(keyType reflect.Type, data []byte) (reflect.Value, error) {
+	switch {
+	case stringType.AssignableTo(keyType):
+		return reflect.ValueOf(string(data)), nil
+
+	case stringType.ConvertibleTo(keyType):
+		return reflect.ValueOf(string(data)).Convert(keyType), nil
+
+	case keyType.Implements(textUnmarshalerType):
+		mk := reflect.New(keyType.Elem())
+		if err := mk.Interface().(encoding.TextUnmarshaler).UnmarshalText(data); err != nil {
+			return reflect.Value{}, fmt.Errorf("toml: error unmarshalling key type %s from text: %w", stringType, err)
+		}
+		return mk, nil
+
+	case reflect.PtrTo(keyType).Implements(textUnmarshalerType):
+		mk := reflect.New(keyType)
+		if err := mk.Interface().(encoding.TextUnmarshaler).UnmarshalText(data); err != nil {
+			return reflect.Value{}, fmt.Errorf("toml: error unmarshalling key type %s from text: %w", stringType, err)
+		}
+		return mk.Elem(), nil
+	}
+	return reflect.Value{}, fmt.Errorf("toml: cannot convert map key of type %s to expected type %s", stringType, keyType)
+}
+
 func (d *decoder) handleKeyValuePart(key unstable.Iterator, value *unstable.Node, v reflect.Value) (reflect.Value, error) {
 	// contains the replacement for v
 	var rv reflect.Value
@@ -1014,16 +1051,9 @@ func (d *decoder) handleKeyValuePart(key unstable.Iterator, value *unstable.Node
 	case reflect.Map:
 		vt := v.Type()
 
-		mk := reflect.ValueOf(string(key.Node().Data))
-		mkt := stringType
-
-		keyType := vt.Key()
-		if !mkt.AssignableTo(keyType) {
-			if !mkt.ConvertibleTo(keyType) {
-				return reflect.Value{}, fmt.Errorf("toml: cannot convert map key of type %s to expected type %s", mkt, keyType)
-			}
-
-			mk = mk.Convert(keyType)
+		mk, err := d.keyFromData(vt.Key(), key.Node().Data)
+		if err != nil {
+			return reflect.Value{}, err
 		}
 
 		// If the map does not exist, create it.
@@ -1034,15 +1064,9 @@ func (d *decoder) handleKeyValuePart(key unstable.Iterator, value *unstable.Node
 
 		mv := v.MapIndex(mk)
 		set := false
-		if !mv.IsValid() {
+		if !mv.IsValid() || key.IsLast() {
 			set = true
 			mv = reflect.New(v.Type().Elem()).Elem()
-		} else {
-			if key.IsLast() {
-				var x interface{}
-				mv = reflect.ValueOf(&x).Elem()
-				set = true
-			}
 		}
 
 		nv, err := d.handleKeyValueInner(key, value, mv)
@@ -1072,6 +1096,19 @@ func (d *decoder) handleKeyValuePart(key unstable.Iterator, value *unstable.Node
 		d.errorContext.Field = path
 
 		f := fieldByIndex(v, path)
+
+		if !f.CanSet() {
+			// If the field is not settable, need to take a slower path and make a copy of
+			// the struct itself to a new location.
+			nvp := reflect.New(v.Type())
+			nvp.Elem().Set(v)
+			v = nvp.Elem()
+			_, err := d.handleKeyValuePart(key, value, v)
+			if err != nil {
+				return reflect.Value{}, err
+			}
+			return nvp.Elem(), nil
+		}
 		x, err := d.handleKeyValueInner(key, value, f)
 		if err != nil {
 			return reflect.Value{}, err
@@ -1137,10 +1174,10 @@ func initAndDereferencePointer(v reflect.Value) reflect.Value {
 
 // Same as reflect.Value.FieldByIndex, but creates pointers if needed.
 func fieldByIndex(v reflect.Value, path []int) reflect.Value {
-	for i, x := range path {
+	for _, x := range path {
 		v = v.Field(x)
 
-		if i < len(path)-1 && v.Kind() == reflect.Ptr {
+		if v.Kind() == reflect.Ptr {
 			if v.IsNil() {
 				v.Set(reflect.New(v.Type().Elem()))
 			}
diff --git a/vendor/github.com/pelletier/go-toml/v2/unstable/ast.go b/vendor/github.com/pelletier/go-toml/v2/unstable/ast.go
index b60d9bfd6..f526bf2c0 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unstable/ast.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unstable/ast.go
@@ -58,7 +58,7 @@ func (c *Iterator) Node() *Node {
 //   - Table and ArrayTable's children represent a dotted key (same as
 //     KeyValue, but without the first node being the value).
 //
-// When relevant, Raw describes the range of bytes this node is refering to in
+// When relevant, Raw describes the range of bytes this node is referring to in
 // the input document. Use Parser.Raw() to retrieve the actual bytes.
 type Node struct {
 	Kind Kind
diff --git a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
index 52db88e7a..50358a44f 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unstable/parser.go
@@ -49,8 +49,6 @@ func NewParserError(highlight []byte, format string, args ...interface{}) error
 // For performance reasons, go-toml doesn't make a copy of the input bytes to
 // the parser. Make sure to copy all the bytes you need to outlive the slice
 // given to the parser.
-//
-// The parser doesn't provide nodes for comments yet, nor for whitespace.
 type Parser struct {
 	data    []byte
 	builder builder
@@ -58,6 +56,8 @@ type Parser struct {
 	left    []byte
 	err     error
 	first   bool
+
+	KeepComments bool
 }
 
 // Data returns the slice provided to the last call to Reset.
@@ -132,16 +132,54 @@ func (p *Parser) NextExpression() bool {
 }
 
 // Expression returns a pointer to the node representing the last successfully
-// parsed expresion.
+// parsed expression.
 func (p *Parser) Expression() *Node {
 	return p.builder.NodeAt(p.ref)
 }
 
-// Error returns any error that has occured during parsing.
+// Error returns any error that has occurred during parsing.
 func (p *Parser) Error() error {
 	return p.err
 }
 
+// Position describes a position in the input.
+type Position struct {
+	// Number of bytes from the beginning of the input.
+	Offset int
+	// Line number, starting at 1.
+	Line int
+	// Column number, starting at 1.
+	Column int
+}
+
+// Shape describes the position of a range in the input.
+type Shape struct {
+	Start Position
+	End   Position
+}
+
+func (p *Parser) position(b []byte) Position {
+	offset := danger.SubsliceOffset(p.data, b)
+
+	lead := p.data[:offset]
+
+	return Position{
+		Offset: offset,
+		Line:   bytes.Count(lead, []byte{'\n'}) + 1,
+		Column: len(lead) - bytes.LastIndex(lead, []byte{'\n'}),
+	}
+}
+
+// Shape returns the shape of the given range in the input.  Will
+// panic if the range is not a subslice of the input.
+func (p *Parser) Shape(r Range) Shape {
+	raw := p.Raw(r)
+	return Shape{
+		Start: p.position(raw),
+		End:   p.position(raw[r.Length:]),
+	}
+}
+
 func (p *Parser) parseNewline(b []byte) ([]byte, error) {
 	if b[0] == '\n' {
 		return b[1:], nil
@@ -155,6 +193,19 @@ func (p *Parser) parseNewline(b []byte) ([]byte, error) {
 	return nil, NewParserError(b[0:1], "expected newline but got %#U", b[0])
 }
 
+func (p *Parser) parseComment(b []byte) (reference, []byte, error) {
+	ref := invalidReference
+	data, rest, err := scanComment(b)
+	if p.KeepComments && err == nil {
+		ref = p.builder.Push(Node{
+			Kind: Comment,
+			Raw:  p.Range(data),
+			Data: data,
+		})
+	}
+	return ref, rest, err
+}
+
 func (p *Parser) parseExpression(b []byte) (reference, []byte, error) {
 	// expression =  ws [ comment ]
 	// expression =/ ws keyval ws [ comment ]
@@ -168,7 +219,7 @@ func (p *Parser) parseExpression(b []byte) (reference, []byte, error) {
 	}
 
 	if b[0] == '#' {
-		_, rest, err := scanComment(b)
+		ref, rest, err := p.parseComment(b)
 		return ref, rest, err
 	}
 
@@ -190,7 +241,10 @@ func (p *Parser) parseExpression(b []byte) (reference, []byte, error) {
 	b = p.parseWhitespace(b)
 
 	if len(b) > 0 && b[0] == '#' {
-		_, rest, err := scanComment(b)
+		cref, rest, err := p.parseComment(b)
+		if cref != invalidReference {
+			p.builder.Chain(ref, cref)
+		}
 		return ref, rest, err
 	}
 
@@ -402,6 +456,7 @@ func (p *Parser) parseInlineTable(b []byte) (reference, []byte, error) {
 	// inline-table-keyvals = keyval [ inline-table-sep inline-table-keyvals ]
 	parent := p.builder.Push(Node{
 		Kind: InlineTable,
+		Raw:  p.Range(b[:1]),
 	})
 
 	first := true
@@ -470,17 +525,33 @@ func (p *Parser) parseValArray(b []byte) (reference, []byte, error) {
 		Kind: Array,
 	})
 
+	// First indicates whether the parser is looking for the first element
+	// (non-comment) of the array.
 	first := true
 
-	var lastChild reference
+	lastChild := invalidReference
+
+	addChild := func(valueRef reference) {
+		if lastChild == invalidReference {
+			p.builder.AttachChild(parent, valueRef)
+		} else {
+			p.builder.Chain(lastChild, valueRef)
+		}
+		lastChild = valueRef
+	}
 
 	var err error
 	for len(b) > 0 {
-		b, err = p.parseOptionalWhitespaceCommentNewline(b)
+		cref := invalidReference
+		cref, b, err = p.parseOptionalWhitespaceCommentNewline(b)
 		if err != nil {
 			return parent, nil, err
 		}
 
+		if cref != invalidReference {
+			addChild(cref)
+		}
+
 		if len(b) == 0 {
 			return parent, nil, NewParserError(arrayStart[:1], "array is incomplete")
 		}
@@ -495,10 +566,13 @@ func (p *Parser) parseValArray(b []byte) (reference, []byte, error) {
 			}
 			b = b[1:]
 
-			b, err = p.parseOptionalWhitespaceCommentNewline(b)
+			cref, b, err = p.parseOptionalWhitespaceCommentNewline(b)
 			if err != nil {
 				return parent, nil, err
 			}
+			if cref != invalidReference {
+				addChild(cref)
+			}
 		} else if !first {
 			return parent, nil, NewParserError(b[0:1], "array elements must be separated by commas")
 		}
@@ -514,17 +588,16 @@ func (p *Parser) parseValArray(b []byte) (reference, []byte, error) {
 			return parent, nil, err
 		}
 
-		if first {
-			p.builder.AttachChild(parent, valueRef)
-		} else {
-			p.builder.Chain(lastChild, valueRef)
-		}
-		lastChild = valueRef
+		addChild(valueRef)
 
-		b, err = p.parseOptionalWhitespaceCommentNewline(b)
+		cref, b, err = p.parseOptionalWhitespaceCommentNewline(b)
 		if err != nil {
 			return parent, nil, err
 		}
+		if cref != invalidReference {
+			addChild(cref)
+		}
+
 		first = false
 	}
 
@@ -533,15 +606,34 @@ func (p *Parser) parseValArray(b []byte) (reference, []byte, error) {
 	return parent, rest, err
 }
 
-func (p *Parser) parseOptionalWhitespaceCommentNewline(b []byte) ([]byte, error) {
+func (p *Parser) parseOptionalWhitespaceCommentNewline(b []byte) (reference, []byte, error) {
+	rootCommentRef := invalidReference
+	latestCommentRef := invalidReference
+
+	addComment := func(ref reference) {
+		if rootCommentRef == invalidReference {
+			rootCommentRef = ref
+		} else if latestCommentRef == invalidReference {
+			p.builder.AttachChild(rootCommentRef, ref)
+			latestCommentRef = ref
+		} else {
+			p.builder.Chain(latestCommentRef, ref)
+			latestCommentRef = ref
+		}
+	}
+
 	for len(b) > 0 {
 		var err error
 		b = p.parseWhitespace(b)
 
 		if len(b) > 0 && b[0] == '#' {
-			_, b, err = scanComment(b)
+			var ref reference
+			ref, b, err = p.parseComment(b)
 			if err != nil {
-				return nil, err
+				return invalidReference, nil, err
+			}
+			if ref != invalidReference {
+				addComment(ref)
 			}
 		}
 
@@ -552,14 +644,14 @@ func (p *Parser) parseOptionalWhitespaceCommentNewline(b []byte) ([]byte, error)
 		if b[0] == '\n' || b[0] == '\r' {
 			b, err = p.parseNewline(b)
 			if err != nil {
-				return nil, err
+				return invalidReference, nil, err
 			}
 		} else {
 			break
 		}
 	}
 
-	return b, nil
+	return rootCommentRef, b, nil
 }
 
 func (p *Parser) parseMultilineLiteralString(b []byte) ([]byte, []byte, []byte, error) {
@@ -921,6 +1013,7 @@ func (p *Parser) parseIntOrFloatOrDateTime(b []byte) (reference, []byte, error)
 		return p.builder.Push(Node{
 			Kind: Float,
 			Data: b[:3],
+			Raw:  p.Range(b[:3]),
 		}), b[3:], nil
 	case 'n':
 		if !scanFollowsNan(b) {
@@ -930,6 +1023,7 @@ func (p *Parser) parseIntOrFloatOrDateTime(b []byte) (reference, []byte, error)
 		return p.builder.Push(Node{
 			Kind: Float,
 			Data: b[:3],
+			Raw:  p.Range(b[:3]),
 		}), b[3:], nil
 	case '+', '-':
 		return p.scanIntOrFloat(b)
@@ -1054,6 +1148,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 		return p.builder.Push(Node{
 			Kind: Integer,
 			Data: b[:i],
+			Raw:  p.Range(b[:i]),
 		}), b[i:], nil
 	}
 
@@ -1077,6 +1172,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 				return p.builder.Push(Node{
 					Kind: Float,
 					Data: b[:i+3],
+					Raw:  p.Range(b[:i+3]),
 				}), b[i+3:], nil
 			}
 
@@ -1088,6 +1184,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 				return p.builder.Push(Node{
 					Kind: Float,
 					Data: b[:i+3],
+					Raw:  p.Range(b[:i+3]),
 				}), b[i+3:], nil
 			}
 
@@ -1110,6 +1207,7 @@ func (p *Parser) scanIntOrFloat(b []byte) (reference, []byte, error) {
 	return p.builder.Push(Node{
 		Kind: kind,
 		Data: b[:i],
+		Raw:  p.Range(b[:i]),
 	}), b[i:], nil
 }
 
diff --git a/vendor/github.com/pelletier/go-toml/v2/unstable/scanner.go b/vendor/github.com/pelletier/go-toml/v2/unstable/scanner.go
index af22ebbe9..0512181d2 100644
--- a/vendor/github.com/pelletier/go-toml/v2/unstable/scanner.go
+++ b/vendor/github.com/pelletier/go-toml/v2/unstable/scanner.go
@@ -151,7 +151,6 @@ func scanWhitespace(b []byte) ([]byte, []byte) {
 	return b, b[len(b):]
 }
 
-//nolint:unparam
 func scanComment(b []byte) ([]byte, []byte, error) {
 	// comment-start-symbol = %x23 ; #
 	// non-ascii = %x80-D7FF / %xE000-10FFFF
diff --git a/vendor/github.com/polyfloyd/go-errorlint/errorlint/allowed.go b/vendor/github.com/polyfloyd/go-errorlint/errorlint/allowed.go
index 366b5c6b0..df8d5f713 100644
--- a/vendor/github.com/polyfloyd/go-errorlint/errorlint/allowed.go
+++ b/vendor/github.com/polyfloyd/go-errorlint/errorlint/allowed.go
@@ -3,6 +3,8 @@ package errorlint
 import (
 	"fmt"
 	"go/ast"
+	"go/types"
+	"strings"
 )
 
 var allowedErrors = []struct {
@@ -34,23 +36,30 @@ var allowedErrors = []struct {
 	{err: "io.EOF", fun: "(*bytes.Reader).ReadRune"},
 	{err: "io.EOF", fun: "(*bytes.Reader).ReadString"},
 	// pkg/database/sql
-	{err: "sql.ErrNoRows", fun: "(*database/sql.Row).Scan"},
+	{err: "database/sql.ErrNoRows", fun: "(*database/sql.Row).Scan"},
+	// pkg/debug/elf
+	{err: "io.EOF", fun: "debug/elf.Open"},
+	{err: "io.EOF", fun: "debug/elf.NewFile"},
 	// pkg/io
 	{err: "io.EOF", fun: "(io.Reader).Read"},
+	{err: "io.EOF", fun: "(io.ReaderAt).ReadAt"},
+	{err: "io.EOF", fun: "(*io.LimitedReader).Read"},
+	{err: "io.EOF", fun: "(*io.SectionReader).Read"},
+	{err: "io.EOF", fun: "(*io.SectionReader).ReadAt"},
 	{err: "io.ErrClosedPipe", fun: "(*io.PipeWriter).Write"},
 	{err: "io.ErrShortBuffer", fun: "io.ReadAtLeast"},
 	{err: "io.ErrUnexpectedEOF", fun: "io.ReadAtLeast"},
 	{err: "io.EOF", fun: "io.ReadFull"},
 	{err: "io.ErrUnexpectedEOF", fun: "io.ReadFull"},
 	// pkg/net/http
-	{err: "http.ErrServerClosed", fun: "(*net/http.Server).ListenAndServe"},
-	{err: "http.ErrServerClosed", fun: "(*net/http.Server).ListenAndServeTLS"},
-	{err: "http.ErrServerClosed", fun: "(*net/http.Server).Serve"},
-	{err: "http.ErrServerClosed", fun: "(*net/http.Server).ServeTLS"},
-	{err: "http.ErrServerClosed", fun: "http.ListenAndServe"},
-	{err: "http.ErrServerClosed", fun: "http.ListenAndServeTLS"},
-	{err: "http.ErrServerClosed", fun: "http.Serve"},
-	{err: "http.ErrServerClosed", fun: "http.ServeTLS"},
+	{err: "net/http.ErrServerClosed", fun: "(*net/http.Server).ListenAndServe"},
+	{err: "net/http.ErrServerClosed", fun: "(*net/http.Server).ListenAndServeTLS"},
+	{err: "net/http.ErrServerClosed", fun: "(*net/http.Server).Serve"},
+	{err: "net/http.ErrServerClosed", fun: "(*net/http.Server).ServeTLS"},
+	{err: "net/http.ErrServerClosed", fun: "net/http.ListenAndServe"},
+	{err: "net/http.ErrServerClosed", fun: "net/http.ListenAndServeTLS"},
+	{err: "net/http.ErrServerClosed", fun: "net/http.Serve"},
+	{err: "net/http.ErrServerClosed", fun: "net/http.ServeTLS"},
 	// pkg/os
 	{err: "io.EOF", fun: "(*os.File).Read"},
 	{err: "io.EOF", fun: "(*os.File).ReadAt"},
@@ -64,7 +73,21 @@ var allowedErrors = []struct {
 	{err: "io.EOF", fun: "(*strings.Reader).ReadRune"},
 }
 
+var allowedErrorWildcards = []struct {
+	err string
+	fun string
+}{
+	// golang.org/x/sys/unix
+	{err: "golang.org/x/sys/unix.E", fun: "golang.org/x/sys/unix."},
+}
+
 func isAllowedErrAndFunc(err, fun string) bool {
+	for _, allow := range allowedErrorWildcards {
+		if strings.HasPrefix(fun, allow.fun) && strings.HasPrefix(err, allow.err) {
+			return true
+		}
+	}
+
 	for _, allow := range allowedErrors {
 		if allow.fun == fun && allow.err == err {
 			return true
@@ -73,7 +96,7 @@ func isAllowedErrAndFunc(err, fun string) bool {
 	return false
 }
 
-func isAllowedErrorComparison(info *TypesInfoExt, binExpr *ast.BinaryExpr) bool {
+func isAllowedErrorComparison(pass *TypesInfoExt, binExpr *ast.BinaryExpr) bool {
 	var errName string // `<package>.<name>`, e.g. `io.EOF`
 	var callExprs []*ast.CallExpr
 
@@ -84,11 +107,11 @@ func isAllowedErrorComparison(info *TypesInfoExt, binExpr *ast.BinaryExpr) bool
 		case *ast.SelectorExpr:
 			// A selector which we assume refers to a staticaly declared error
 			// in a package.
-			errName = selectorToString(t)
+			errName = selectorToString(pass, t)
 		case *ast.Ident:
 			// Identifier, most likely to be the `err` variable or whatever
 			// produces it.
-			callExprs = assigningCallExprs(info, t)
+			callExprs = assigningCallExprs(pass, t, map[types.Object]bool{})
 		case *ast.CallExpr:
 			callExprs = append(callExprs, t)
 		}
@@ -108,11 +131,11 @@ func isAllowedErrorComparison(info *TypesInfoExt, binExpr *ast.BinaryExpr) bool
 			// allowed.
 			return false
 		}
-		if sel, ok := info.Selections[functionSelector]; ok {
+		if sel, ok := pass.TypesInfo.Selections[functionSelector]; ok {
 			functionNames[i] = fmt.Sprintf("(%s).%s", sel.Recv(), sel.Obj().Name())
 		} else {
 			// If there is no selection, assume it is a package.
-			functionNames[i] = selectorToString(callExpr.Fun.(*ast.SelectorExpr))
+			functionNames[i] = selectorToString(pass, callExpr.Fun.(*ast.SelectorExpr))
 		}
 	}
 
@@ -127,17 +150,23 @@ func isAllowedErrorComparison(info *TypesInfoExt, binExpr *ast.BinaryExpr) bool
 
 // assigningCallExprs finds all *ast.CallExpr nodes that are part of an
 // *ast.AssignStmt that assign to the subject identifier.
-func assigningCallExprs(info *TypesInfoExt, subject *ast.Ident) []*ast.CallExpr {
+func assigningCallExprs(pass *TypesInfoExt, subject *ast.Ident, visitedObjects map[types.Object]bool) []*ast.CallExpr {
 	if subject.Obj == nil {
 		return nil
 	}
 
-	// Find other identifiers that reference this same object. Make sure to
-	// exclude the subject identifier as it will cause an infinite recursion
-	// and is being used in a read operation anyway.
-	sobj := info.ObjectOf(subject)
+	// Find other identifiers that reference this same object.
+	sobj := pass.TypesInfo.ObjectOf(subject)
+
+	if visitedObjects[sobj] {
+		return nil
+	}
+	visitedObjects[sobj] = true
+
+	// Make sure to exclude the subject identifier as it will cause an infinite recursion and is
+	// being used in a read operation anyway.
 	identifiers := []*ast.Ident{}
-	for _, ident := range info.IdentifiersForObject[sobj] {
+	for _, ident := range pass.IdentifiersForObject[sobj] {
 		if subject.Pos() != ident.Pos() {
 			identifiers = append(identifiers, ident)
 		}
@@ -146,7 +175,7 @@ func assigningCallExprs(info *TypesInfoExt, subject *ast.Ident) []*ast.CallExpr
 	// Find out whether the identifiers are part of an assignment statement.
 	var callExprs []*ast.CallExpr
 	for _, ident := range identifiers {
-		parent := info.NodeParent[ident]
+		parent := pass.NodeParent[ident]
 		switch declT := parent.(type) {
 		case *ast.AssignStmt:
 			// The identifier is LHS of an assignment.
@@ -174,7 +203,7 @@ func assigningCallExprs(info *TypesInfoExt, subject *ast.Ident) []*ast.CallExpr
 					continue
 				}
 				// The subject was the result of assigning from another identifier.
-				callExprs = append(callExprs, assigningCallExprs(info, assignT)...)
+				callExprs = append(callExprs, assigningCallExprs(pass, assignT, visitedObjects)...)
 			default:
 				// TODO: inconclusive?
 			}
@@ -183,9 +212,7 @@ func assigningCallExprs(info *TypesInfoExt, subject *ast.Ident) []*ast.CallExpr
 	return callExprs
 }
 
-func selectorToString(selExpr *ast.SelectorExpr) string {
-	if ident, ok := selExpr.X.(*ast.Ident); ok {
-		return ident.Name + "." + selExpr.Sel.Name
-	}
-	return ""
+func selectorToString(pass *TypesInfoExt, selExpr *ast.SelectorExpr) string {
+	o := pass.TypesInfo.Uses[selExpr.Sel]
+	return fmt.Sprintf("%s.%s", o.Pkg().Path(), o.Name())
 }
diff --git a/vendor/github.com/polyfloyd/go-errorlint/errorlint/analysis.go b/vendor/github.com/polyfloyd/go-errorlint/errorlint/analysis.go
index c65c4ee62..f034913ea 100644
--- a/vendor/github.com/polyfloyd/go-errorlint/errorlint/analysis.go
+++ b/vendor/github.com/polyfloyd/go-errorlint/errorlint/analysis.go
@@ -35,13 +35,13 @@ func init() {
 
 func run(pass *analysis.Pass) (interface{}, error) {
 	lints := []analysis.Diagnostic{}
-	extInfo := newTypesInfoExt(pass.TypesInfo)
+	extInfo := newTypesInfoExt(pass)
 	if checkComparison {
-		l := LintErrorComparisons(pass.Fset, extInfo)
+		l := LintErrorComparisons(extInfo)
 		lints = append(lints, l...)
 	}
 	if checkAsserts {
-		l := LintErrorTypeAssertions(pass.Fset, *pass.TypesInfo)
+		l := LintErrorTypeAssertions(pass.Fset, extInfo)
 		lints = append(lints, l...)
 	}
 	if checkErrorf {
@@ -57,7 +57,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 }
 
 type TypesInfoExt struct {
-	types.Info
+	*analysis.Pass
 
 	// Maps AST nodes back to the node they are contained within.
 	NodeParent map[ast.Node]ast.Node
@@ -66,9 +66,9 @@ type TypesInfoExt struct {
 	IdentifiersForObject map[types.Object][]*ast.Ident
 }
 
-func newTypesInfoExt(info *types.Info) *TypesInfoExt {
+func newTypesInfoExt(pass *analysis.Pass) *TypesInfoExt {
 	nodeParent := map[ast.Node]ast.Node{}
-	for node := range info.Scopes {
+	for node := range pass.TypesInfo.Scopes {
 		file, ok := node.(*ast.File)
 		if !ok {
 			continue
@@ -86,15 +86,15 @@ func newTypesInfoExt(info *types.Info) *TypesInfoExt {
 	}
 
 	identifiersForObject := map[types.Object][]*ast.Ident{}
-	for node, obj := range info.Defs {
+	for node, obj := range pass.TypesInfo.Defs {
 		identifiersForObject[obj] = append(identifiersForObject[obj], node)
 	}
-	for node, obj := range info.Uses {
+	for node, obj := range pass.TypesInfo.Uses {
 		identifiersForObject[obj] = append(identifiersForObject[obj], node)
 	}
 
 	return &TypesInfoExt{
-		Info:                 *info,
+		Pass:                 pass,
 		NodeParent:           nodeParent,
 		IdentifiersForObject: identifiersForObject,
 	}
diff --git a/vendor/github.com/polyfloyd/go-errorlint/errorlint/lint.go b/vendor/github.com/polyfloyd/go-errorlint/errorlint/lint.go
index 920dc56e7..817cd6904 100644
--- a/vendor/github.com/polyfloyd/go-errorlint/errorlint/lint.go
+++ b/vendor/github.com/polyfloyd/go-errorlint/errorlint/lint.go
@@ -158,10 +158,10 @@ func isFmtErrorfCallExpr(info types.Info, expr ast.Expr) (*ast.CallExpr, bool) {
 	return nil, false
 }
 
-func LintErrorComparisons(fset *token.FileSet, info *TypesInfoExt) []analysis.Diagnostic {
+func LintErrorComparisons(info *TypesInfoExt) []analysis.Diagnostic {
 	lints := []analysis.Diagnostic{}
 
-	for expr := range info.Types {
+	for expr := range info.TypesInfo.Types {
 		// Find == and != operations.
 		binExpr, ok := expr.(*ast.BinaryExpr)
 		if !ok {
@@ -175,7 +175,7 @@ func LintErrorComparisons(fset *token.FileSet, info *TypesInfoExt) []analysis.Di
 			continue
 		}
 		// Find comparisons of which one side is a of type error.
-		if !isErrorComparison(info.Info, binExpr) {
+		if !isErrorComparison(info.TypesInfo, binExpr) {
 			continue
 		}
 		// Some errors that are returned from some functions are exempt.
@@ -193,7 +193,7 @@ func LintErrorComparisons(fset *token.FileSet, info *TypesInfoExt) []analysis.Di
 		})
 	}
 
-	for scope := range info.Scopes {
+	for scope := range info.TypesInfo.Scopes {
 		// Find value switch blocks.
 		switchStmt, ok := scope.(*ast.SwitchStmt)
 		if !ok {
@@ -203,7 +203,7 @@ func LintErrorComparisons(fset *token.FileSet, info *TypesInfoExt) []analysis.Di
 		if switchStmt.Tag == nil {
 			continue
 		}
-		tagType := info.Types[switchStmt.Tag]
+		tagType := info.TypesInfo.Types[switchStmt.Tag]
 		if tagType.Type.String() != "error" {
 			continue
 		}
@@ -233,7 +233,7 @@ func isNilComparison(binExpr *ast.BinaryExpr) bool {
 	return false
 }
 
-func isErrorComparison(info types.Info, binExpr *ast.BinaryExpr) bool {
+func isErrorComparison(info *types.Info, binExpr *ast.BinaryExpr) bool {
 	tx := info.Types[binExpr.X]
 	ty := info.Types[binExpr.Y]
 	return tx.Type.String() == "error" || ty.Type.String() == "error"
@@ -252,11 +252,11 @@ func isNodeInErrorIsFunc(info *TypesInfoExt, node ast.Node) bool {
 		return false
 	}
 	// There should be 1 argument of type error.
-	if ii := funcDecl.Type.Params.List; len(ii) != 1 || info.Types[ii[0].Type].Type.String() != "error" {
+	if ii := funcDecl.Type.Params.List; len(ii) != 1 || info.TypesInfo.Types[ii[0].Type].Type.String() != "error" {
 		return false
 	}
 	// The return type should be bool.
-	if ii := funcDecl.Type.Results.List; len(ii) != 1 || info.Types[ii[0].Type].Type.String() != "bool" {
+	if ii := funcDecl.Type.Results.List; len(ii) != 1 || info.TypesInfo.Types[ii[0].Type].Type.String() != "bool" {
 		return false
 	}
 
@@ -288,10 +288,10 @@ func switchComparesNonNil(switchStmt *ast.SwitchStmt) bool {
 	return false
 }
 
-func LintErrorTypeAssertions(fset *token.FileSet, info types.Info) []analysis.Diagnostic {
+func LintErrorTypeAssertions(fset *token.FileSet, info *TypesInfoExt) []analysis.Diagnostic {
 	lints := []analysis.Diagnostic{}
 
-	for expr := range info.Types {
+	for expr := range info.TypesInfo.Types {
 		// Find type assertions.
 		typeAssert, ok := expr.(*ast.TypeAssertExpr)
 		if !ok {
@@ -299,7 +299,11 @@ func LintErrorTypeAssertions(fset *token.FileSet, info types.Info) []analysis.Di
 		}
 
 		// Find type assertions that operate on values of type error.
-		if !isErrorTypeAssertion(info, typeAssert) {
+		if !isErrorTypeAssertion(*info.TypesInfo, typeAssert) {
+			continue
+		}
+
+		if isNodeInErrorIsFunc(info, typeAssert) {
 			continue
 		}
 
@@ -309,7 +313,7 @@ func LintErrorTypeAssertions(fset *token.FileSet, info types.Info) []analysis.Di
 		})
 	}
 
-	for scope := range info.Scopes {
+	for scope := range info.TypesInfo.Scopes {
 		// Find type switches.
 		typeSwitch, ok := scope.(*ast.TypeSwitchStmt)
 		if !ok {
@@ -326,7 +330,11 @@ func LintErrorTypeAssertions(fset *token.FileSet, info types.Info) []analysis.Di
 		}
 
 		// Check whether the type switch is on a value of type error.
-		if !isErrorTypeAssertion(info, typeAssert) {
+		if !isErrorTypeAssertion(*info.TypesInfo, typeAssert) {
+			continue
+		}
+
+		if isNodeInErrorIsFunc(info, typeSwitch) {
 			continue
 		}
 
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/counter.go b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
index 62de4dc59..4ce84e7a8 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/counter.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/counter.go
@@ -20,6 +20,7 @@ import (
 	"time"
 
 	dto "github.com/prometheus/client_model/go"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // Counter is a Metric that represents a single numerical value that only ever
@@ -66,7 +67,7 @@ type CounterVecOpts struct {
 	CounterOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -90,8 +91,12 @@ func NewCounter(opts CounterOpts) Counter {
 		nil,
 		opts.ConstLabels,
 	)
-	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: time.Now}
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+	result := &counter{desc: desc, labelPairs: desc.constLabelPairs, now: opts.now}
 	result.init(result) // Init self-collection.
+	result.createdTs = timestamppb.New(opts.now())
 	return result
 }
 
@@ -106,10 +111,12 @@ type counter struct {
 	selfCollector
 	desc *Desc
 
+	createdTs  *timestamppb.Timestamp
 	labelPairs []*dto.LabelPair
 	exemplar   atomic.Value // Containing nil or a *dto.Exemplar.
 
-	now func() time.Time // To mock out time.Now() for testing.
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 func (c *counter) Desc() *Desc {
@@ -159,8 +166,7 @@ func (c *counter) Write(out *dto.Metric) error {
 		exemplar = e.(*dto.Exemplar)
 	}
 	val := c.get()
-
-	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out)
+	return populateMetric(CounterValue, val, c.labelPairs, exemplar, out, c.createdTs)
 }
 
 func (c *counter) updateExemplar(v float64, l Labels) {
@@ -200,13 +206,17 @@ func (v2) NewCounterVec(opts CounterVecOpts) *CounterVec {
 		opts.VariableLabels,
 		opts.ConstLabels,
 	)
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	return &CounterVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
-			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: time.Now}
+			result := &counter{desc: desc, labelPairs: MakeLabelPairs(desc, lvs), now: opts.now}
 			result.init(result) // Init self-collection.
+			result.createdTs = timestamppb.New(opts.now())
 			return result
 		}),
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/desc.go b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
index deedc2dfb..68ffe3c24 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/desc.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/desc.go
@@ -52,7 +52,7 @@ type Desc struct {
 	constLabelPairs []*dto.LabelPair
 	// variableLabels contains names of labels and normalization function for
 	// which the metric maintains variable values.
-	variableLabels ConstrainedLabels
+	variableLabels *compiledLabels
 	// id is a hash of the values of the ConstLabels and fqName. This
 	// must be unique among all registered descriptors and can therefore be
 	// used as an identifier of the descriptor.
@@ -93,7 +93,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	d := &Desc{
 		fqName:         fqName,
 		help:           help,
-		variableLabels: variableLabels.constrainedLabels(),
+		variableLabels: variableLabels.compile(),
 	}
 	if !model.IsValidMetricName(model.LabelValue(fqName)) {
 		d.err = fmt.Errorf("%q is not a valid metric name", fqName)
@@ -103,7 +103,7 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// their sorted label names) plus the fqName (at position 0).
 	labelValues := make([]string, 1, len(constLabels)+1)
 	labelValues[0] = fqName
-	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels))
+	labelNames := make([]string, 0, len(constLabels)+len(d.variableLabels.names))
 	labelNameSet := map[string]struct{}{}
 	// First add only the const label names and sort them...
 	for labelName := range constLabels {
@@ -128,13 +128,13 @@ func (v2) NewDesc(fqName, help string, variableLabels ConstrainableLabels, const
 	// Now add the variable label names, but prefix them with something that
 	// cannot be in a regular label name. That prevents matching the label
 	// dimension with a different mix between preset and variable labels.
-	for _, label := range d.variableLabels {
-		if !checkLabelName(label.Name) {
-			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label.Name, fqName)
+	for _, label := range d.variableLabels.names {
+		if !checkLabelName(label) {
+			d.err = fmt.Errorf("%q is not a valid label name for metric %q", label, fqName)
 			return d
 		}
-		labelNames = append(labelNames, "$"+label.Name)
-		labelNameSet[label.Name] = struct{}{}
+		labelNames = append(labelNames, "$"+label)
+		labelNameSet[label] = struct{}{}
 	}
 	if len(labelNames) != len(labelNameSet) {
 		d.err = fmt.Errorf("duplicate label names in constant and variable labels for metric %q", fqName)
@@ -189,11 +189,19 @@ func (d *Desc) String() string {
 			fmt.Sprintf("%s=%q", lp.GetName(), lp.GetValue()),
 		)
 	}
+	vlStrings := make([]string, 0, len(d.variableLabels.names))
+	for _, vl := range d.variableLabels.names {
+		if fn, ok := d.variableLabels.labelConstraints[vl]; ok && fn != nil {
+			vlStrings = append(vlStrings, fmt.Sprintf("c(%s)", vl))
+		} else {
+			vlStrings = append(vlStrings, vl)
+		}
+	}
 	return fmt.Sprintf(
-		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: %v}",
+		"Desc{fqName: %q, help: %q, constLabels: {%s}, variableLabels: {%s}}",
 		d.fqName,
 		d.help,
 		strings.Join(lpStrings, ","),
-		d.variableLabels,
+		strings.Join(vlStrings, ","),
 	)
 }
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
index c41ab37f3..de5a85629 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
@@ -48,7 +48,7 @@ func (e *expvarCollector) Collect(ch chan<- Metric) {
 			continue
 		}
 		var v interface{}
-		labels := make([]string, len(desc.variableLabels))
+		labels := make([]string, len(desc.variableLabels.names))
 		if err := json.Unmarshal([]byte(expVar.String()), &v); err != nil {
 			ch <- NewInvalidMetric(desc, err)
 			continue
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
index f1ea6c76f..dd2eac940 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/gauge.go
@@ -62,7 +62,7 @@ type GaugeVecOpts struct {
 	GaugeOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -135,7 +135,7 @@ func (g *gauge) Sub(val float64) {
 
 func (g *gauge) Write(out *dto.Metric) error {
 	val := math.Float64frombits(atomic.LoadUint64(&g.valBits))
-	return populateMetric(GaugeValue, val, g.labelPairs, nil, out)
+	return populateMetric(GaugeValue, val, g.labelPairs, nil, out, nil)
 }
 
 // GaugeVec is a Collector that bundles a set of Gauges that all share the same
@@ -166,8 +166,8 @@ func (v2) NewGaugeVec(opts GaugeVecOpts) *GaugeVec {
 	)
 	return &GaugeVec{
 		MetricVec: NewMetricVec(desc, func(lvs ...string) Metric {
-			if len(lvs) != len(desc.variableLabels) {
-				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), lvs))
+			if len(lvs) != len(desc.variableLabels.names) {
+				panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, lvs))
 			}
 			result := &gauge{desc: desc, labelPairs: MakeLabelPairs(desc, lvs)}
 			result.init(result) // Init self-collection.
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
index 8d818afe9..1feba62c6 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/histogram.go
@@ -25,6 +25,7 @@ import (
 	dto "github.com/prometheus/client_model/go"
 
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // nativeHistogramBounds for the frac of observed values. Only relevant for
@@ -391,7 +392,7 @@ type HistogramOpts struct {
 	// zero, it is replaced by default buckets. The default buckets are
 	// DefBuckets if no buckets for a native histogram (see below) are used,
 	// otherwise the default is no buckets. (In other words, if you want to
-	// use both reguler buckets and buckets for a native histogram, you have
+	// use both regular buckets and buckets for a native histogram, you have
 	// to define the regular buckets here explicitly.)
 	Buckets []float64
 
@@ -413,8 +414,8 @@ type HistogramOpts struct {
 	// and 2, same as between 2 and 4, and 4 and 8, etc.).
 	//
 	// Details about the actually used factor: The factor is calculated as
-	// 2^(2^n), where n is an integer number between (and including) -8 and
-	// 4. n is chosen so that the resulting factor is the largest that is
+	// 2^(2^-n), where n is an integer number between (and including) -4 and
+	// 8. n is chosen so that the resulting factor is the largest that is
 	// still smaller or equal to NativeHistogramBucketFactor. Note that the
 	// smallest possible factor is therefore approx. 1.00271 (i.e. 2^(2^-8)
 	// ). If NativeHistogramBucketFactor is greater than 1 but smaller than
@@ -428,12 +429,12 @@ type HistogramOpts struct {
 	// a major version bump.
 	NativeHistogramBucketFactor float64
 	// All observations with an absolute value of less or equal
-	// NativeHistogramZeroThreshold are accumulated into a “zero”
-	// bucket. For best results, this should be close to a bucket
-	// boundary. This is usually the case if picking a power of two. If
+	// NativeHistogramZeroThreshold are accumulated into a “zero” bucket.
+	// For best results, this should be close to a bucket boundary. This is
+	// usually the case if picking a power of two. If
 	// NativeHistogramZeroThreshold is left at zero,
-	// DefNativeHistogramZeroThreshold is used as the threshold. To configure
-	// a zero bucket with an actual threshold of zero (i.e. only
+	// DefNativeHistogramZeroThreshold is used as the threshold. To
+	// configure a zero bucket with an actual threshold of zero (i.e. only
 	// observations of precisely zero will go into the zero bucket), set
 	// NativeHistogramZeroThreshold to the NativeHistogramZeroThresholdZero
 	// constant (or any negative float value).
@@ -446,26 +447,34 @@ type HistogramOpts struct {
 	// Histogram are sufficiently wide-spread. In particular, this could be
 	// used as a DoS attack vector. Where the observed values depend on
 	// external inputs, it is highly recommended to set a
-	// NativeHistogramMaxBucketNumber.)  Once the set
+	// NativeHistogramMaxBucketNumber.) Once the set
 	// NativeHistogramMaxBucketNumber is exceeded, the following strategy is
-	// enacted: First, if the last reset (or the creation) of the histogram
-	// is at least NativeHistogramMinResetDuration ago, then the whole
-	// histogram is reset to its initial state (including regular
-	// buckets). If less time has passed, or if
-	// NativeHistogramMinResetDuration is zero, no reset is
-	// performed. Instead, the zero threshold is increased sufficiently to
-	// reduce the number of buckets to or below
-	// NativeHistogramMaxBucketNumber, but not to more than
-	// NativeHistogramMaxZeroThreshold. Thus, if
-	// NativeHistogramMaxZeroThreshold is already at or below the current
-	// zero threshold, nothing happens at this step. After that, if the
-	// number of buckets still exceeds NativeHistogramMaxBucketNumber, the
-	// resolution of the histogram is reduced by doubling the width of the
-	// sparse buckets (up to a growth factor between one bucket to the next
-	// of 2^(2^4) = 65536, see above).
+	// enacted:
+	//  - First, if the last reset (or the creation) of the histogram is at
+	//    least NativeHistogramMinResetDuration ago, then the whole
+	//    histogram is reset to its initial state (including regular
+	//    buckets).
+	//  - If less time has passed, or if NativeHistogramMinResetDuration is
+	//    zero, no reset is performed. Instead, the zero threshold is
+	//    increased sufficiently to reduce the number of buckets to or below
+	//    NativeHistogramMaxBucketNumber, but not to more than
+	//    NativeHistogramMaxZeroThreshold. Thus, if
+	//    NativeHistogramMaxZeroThreshold is already at or below the current
+	//    zero threshold, nothing happens at this step.
+	//  - After that, if the number of buckets still exceeds
+	//    NativeHistogramMaxBucketNumber, the resolution of the histogram is
+	//    reduced by doubling the width of the sparse buckets (up to a
+	//    growth factor between one bucket to the next of 2^(2^4) = 65536,
+	//    see above).
+	//  - Any increased zero threshold or reduced resolution is reset back
+	//    to their original values once NativeHistogramMinResetDuration has
+	//    passed (since the last reset or the creation of the histogram).
 	NativeHistogramMaxBucketNumber  uint32
 	NativeHistogramMinResetDuration time.Duration
 	NativeHistogramMaxZeroThreshold float64
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // HistogramVecOpts bundles the options to create a HistogramVec metric.
@@ -475,7 +484,7 @@ type HistogramVecOpts struct {
 	HistogramOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -499,12 +508,12 @@ func NewHistogram(opts HistogramOpts) Histogram {
 }
 
 func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogram {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == bucketLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == bucketLabel {
 			panic(errBucketLabelNotAllowed)
 		}
 	}
@@ -514,6 +523,10 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		}
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
+
 	h := &histogram{
 		desc:                            desc,
 		upperBounds:                     opts.Buckets,
@@ -521,8 +534,8 @@ func newHistogram(desc *Desc, opts HistogramOpts, labelValues ...string) Histogr
 		nativeHistogramMaxBuckets:       opts.NativeHistogramMaxBucketNumber,
 		nativeHistogramMaxZeroThreshold: opts.NativeHistogramMaxZeroThreshold,
 		nativeHistogramMinResetDuration: opts.NativeHistogramMinResetDuration,
-		lastResetTime:                   time.Now(),
-		now:                             time.Now,
+		lastResetTime:                   opts.now(),
+		now:                             opts.now,
 	}
 	if len(h.upperBounds) == 0 && opts.NativeHistogramBucketFactor <= 1 {
 		h.upperBounds = DefBuckets
@@ -701,9 +714,11 @@ type histogram struct {
 	nativeHistogramMaxZeroThreshold float64
 	nativeHistogramMaxBuckets       uint32
 	nativeHistogramMinResetDuration time.Duration
-	lastResetTime                   time.Time // Protected by mtx.
+	// lastResetTime is protected by mtx. It is also used as created timestamp.
+	lastResetTime time.Time
 
-	now func() time.Time // To mock out time.Now() for testing.
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 func (h *histogram) Desc() *Desc {
@@ -742,9 +757,10 @@ func (h *histogram) Write(out *dto.Metric) error {
 	waitForCooldown(count, coldCounts)
 
 	his := &dto.Histogram{
-		Bucket:      make([]*dto.Bucket, len(h.upperBounds)),
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		Bucket:           make([]*dto.Bucket, len(h.upperBounds)),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: timestamppb.New(h.lastResetTime),
 	}
 	out.Histogram = his
 	out.Label = h.labelPairs
@@ -782,6 +798,16 @@ func (h *histogram) Write(out *dto.Metric) error {
 		his.ZeroCount = proto.Uint64(zeroBucket)
 		his.NegativeSpan, his.NegativeDelta = makeBuckets(&coldCounts.nativeHistogramBucketsNegative)
 		his.PositiveSpan, his.PositiveDelta = makeBuckets(&coldCounts.nativeHistogramBucketsPositive)
+
+		// Add a no-op span to a histogram without observations and with
+		// a zero threshold of zero. Otherwise, a native histogram would
+		// look like a classic histogram to scrapers.
+		if *his.ZeroThreshold == 0 && *his.ZeroCount == 0 && len(his.PositiveSpan) == 0 && len(his.NegativeSpan) == 0 {
+			his.PositiveSpan = []*dto.BucketSpan{{
+				Offset: proto.Int32(0),
+				Length: proto.Uint32(0),
+			}}
+		}
 	}
 	addAndResetCounts(hotCounts, coldCounts)
 	return nil
@@ -854,20 +880,23 @@ func (h *histogram) limitBuckets(counts *histogramCounts, value float64, bucket
 	h.doubleBucketWidth(hotCounts, coldCounts)
 }
 
-// maybeReset resests the whole histogram if at least h.nativeHistogramMinResetDuration
+// maybeReset resets the whole histogram if at least h.nativeHistogramMinResetDuration
 // has been passed. It returns true if the histogram has been reset. The caller
 // must have locked h.mtx.
-func (h *histogram) maybeReset(hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int) bool {
+func (h *histogram) maybeReset(
+	hot, cold *histogramCounts, coldIdx uint64, value float64, bucket int,
+) bool {
 	// We are using the possibly mocked h.now() rather than
 	// time.Since(h.lastResetTime) to enable testing.
-	if h.nativeHistogramMinResetDuration == 0 || h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
+	if h.nativeHistogramMinResetDuration == 0 ||
+		h.now().Sub(h.lastResetTime) < h.nativeHistogramMinResetDuration {
 		return false
 	}
 	// Completely reset coldCounts.
 	h.resetCounts(cold)
 	// Repeat the latest observation to not lose it completely.
 	cold.observe(value, bucket, true)
-	// Make coldCounts the new hot counts while ressetting countAndHotIdx.
+	// Make coldCounts the new hot counts while resetting countAndHotIdx.
 	n := atomic.SwapUint64(&h.countAndHotIdx, (coldIdx<<63)+1)
 	count := n & ((1 << 63) - 1)
 	waitForCooldown(count, hot)
@@ -1176,6 +1205,7 @@ type constHistogram struct {
 	sum        float64
 	buckets    map[float64]uint64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (h *constHistogram) Desc() *Desc {
@@ -1183,7 +1213,9 @@ func (h *constHistogram) Desc() *Desc {
 }
 
 func (h *constHistogram) Write(out *dto.Metric) error {
-	his := &dto.Histogram{}
+	his := &dto.Histogram{
+		CreatedTimestamp: h.createdTs,
+	}
 
 	buckets := make([]*dto.Bucket, 0, len(h.buckets))
 
@@ -1230,7 +1262,7 @@ func NewConstHistogram(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constHistogram{
@@ -1324,7 +1356,7 @@ func makeBuckets(buckets *sync.Map) ([]*dto.BucketSpan, []int64) {
 		// Multiple spans with only small gaps in between are probably
 		// encoded more efficiently as one larger span with a few empty
 		// buckets. Needs some research to find the sweet spot. For now,
-		// we assume that gaps of one ore two buckets should not create
+		// we assume that gaps of one or two buckets should not create
 		// a new span.
 		iDelta := int32(i - nextI)
 		if n == 0 || iDelta > 2 {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
index fd0750f2c..a595a2036 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go
@@ -14,7 +14,7 @@
 // It provides tools to compare sequences of strings and generate textual diffs.
 //
 // Maintaining `GetUnifiedDiffString` here because original repository
-// (https://github.com/pmezard/go-difflib) is no loger maintained.
+// (https://github.com/pmezard/go-difflib) is no longer maintained.
 package internal
 
 import (
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/labels.go b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
index 63ff8683c..b3c4eca2b 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/labels.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/labels.go
@@ -32,19 +32,15 @@ import (
 // create a Desc.
 type Labels map[string]string
 
+// LabelConstraint normalizes label values.
+type LabelConstraint func(string) string
+
 // ConstrainedLabels represents a label name and its constrain function
 // to normalize label values. This type is commonly used when constructing
 // metric vector Collectors.
 type ConstrainedLabel struct {
 	Name       string
-	Constraint func(string) string
-}
-
-func (cl ConstrainedLabel) Constrain(v string) string {
-	if cl.Constraint == nil {
-		return v
-	}
-	return cl.Constraint(v)
+	Constraint LabelConstraint
 }
 
 // ConstrainableLabels is an interface that allows creating of labels that can
@@ -58,7 +54,7 @@ func (cl ConstrainedLabel) Constrain(v string) string {
 //	  },
 //	})
 type ConstrainableLabels interface {
-	constrainedLabels() ConstrainedLabels
+	compile() *compiledLabels
 	labelNames() []string
 }
 
@@ -67,8 +63,20 @@ type ConstrainableLabels interface {
 // metric vector Collectors.
 type ConstrainedLabels []ConstrainedLabel
 
-func (cls ConstrainedLabels) constrainedLabels() ConstrainedLabels {
-	return cls
+func (cls ConstrainedLabels) compile() *compiledLabels {
+	compiled := &compiledLabels{
+		names:            make([]string, len(cls)),
+		labelConstraints: map[string]LabelConstraint{},
+	}
+
+	for i, label := range cls {
+		compiled.names[i] = label.Name
+		if label.Constraint != nil {
+			compiled.labelConstraints[label.Name] = label.Constraint
+		}
+	}
+
+	return compiled
 }
 
 func (cls ConstrainedLabels) labelNames() []string {
@@ -92,18 +100,36 @@ func (cls ConstrainedLabels) labelNames() []string {
 //	}
 type UnconstrainedLabels []string
 
-func (uls UnconstrainedLabels) constrainedLabels() ConstrainedLabels {
-	constrainedLabels := make([]ConstrainedLabel, len(uls))
-	for i, l := range uls {
-		constrainedLabels[i] = ConstrainedLabel{Name: l}
+func (uls UnconstrainedLabels) compile() *compiledLabels {
+	return &compiledLabels{
+		names: uls,
 	}
-	return constrainedLabels
 }
 
 func (uls UnconstrainedLabels) labelNames() []string {
 	return uls
 }
 
+type compiledLabels struct {
+	names            []string
+	labelConstraints map[string]LabelConstraint
+}
+
+func (cls *compiledLabels) compile() *compiledLabels {
+	return cls
+}
+
+func (cls *compiledLabels) labelNames() []string {
+	return cls.names
+}
+
+func (cls *compiledLabels) constrain(labelName, value string) string {
+	if fn, ok := cls.labelConstraints[labelName]; ok && fn != nil {
+		return fn(value)
+	}
+	return value
+}
+
 // reservedLabelPrefix is a prefix which is not legal in user-supplied
 // label names.
 const reservedLabelPrefix = "__"
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/metric.go b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
index 07bbc9d76..f018e5723 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/metric.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/metric.go
@@ -92,6 +92,9 @@ type Opts struct {
 	// machine_role metric). See also
 	// https://prometheus.io/docs/instrumenting/writing_exporters/#target-labels-not-static-scraped-labels
 	ConstLabels Labels
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // BuildFQName joins the given three name components by "_". Empty name
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
index 3793036ad..356edb786 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
@@ -389,15 +389,12 @@ func isLabelCurried(c prometheus.Collector, label string) bool {
 	return true
 }
 
-// emptyLabels is a one-time allocation for non-partitioned metrics to avoid
-// unnecessary allocations on each request.
-var emptyLabels = prometheus.Labels{}
-
 func labels(code, method bool, reqMethod string, status int, extraMethods ...string) prometheus.Labels {
+	labels := prometheus.Labels{}
+
 	if !(code || method) {
-		return emptyLabels
+		return labels
 	}
-	labels := prometheus.Labels{}
 
 	if code {
 		labels["code"] = sanitizeCode(status)
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/registry.go b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
index 44da9433b..5e2ced25a 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/registry.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/registry.go
@@ -548,7 +548,7 @@ func (r *Registry) Gather() ([]*dto.MetricFamily, error) {
 			goroutineBudget--
 			runtime.Gosched()
 		}
-		// Once both checkedMetricChan and uncheckdMetricChan are closed
+		// Once both checkedMetricChan and uncheckedMetricChan are closed
 		// and drained, the contraption above will nil out cmc and umc,
 		// and then we can leave the collect loop here.
 		if cmc == nil && umc == nil {
@@ -963,9 +963,9 @@ func checkDescConsistency(
 	// Is the desc consistent with the content of the metric?
 	lpsFromDesc := make([]*dto.LabelPair, len(desc.constLabelPairs), len(dtoMetric.Label))
 	copy(lpsFromDesc, desc.constLabelPairs)
-	for _, l := range desc.variableLabels {
+	for _, l := range desc.variableLabels.names {
 		lpsFromDesc = append(lpsFromDesc, &dto.LabelPair{
-			Name: proto.String(l.Name),
+			Name: proto.String(l),
 		})
 	}
 	if len(lpsFromDesc) != len(dtoMetric.Label) {
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/summary.go b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
index dd359264e..146270444 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/summary.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/summary.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/beorn7/perks/quantile"
 	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
 // quantileLabel is used for the label that defines the quantile in a
@@ -145,6 +146,9 @@ type SummaryOpts struct {
 	// is the internal buffer size of the underlying package
 	// "github.com/bmizerany/perks/quantile").
 	BufCap uint32
+
+	// now is for testing purposes, by default it's time.Now.
+	now func() time.Time
 }
 
 // SummaryVecOpts bundles the options to create a SummaryVec metric.
@@ -154,7 +158,7 @@ type SummaryVecOpts struct {
 	SummaryOpts
 
 	// VariableLabels are used to partition the metric vector by the given set
-	// of labels. Each label value will be constrained with the optional Contraint
+	// of labels. Each label value will be constrained with the optional Constraint
 	// function, if provided.
 	VariableLabels ConstrainableLabels
 }
@@ -188,12 +192,12 @@ func NewSummary(opts SummaryOpts) Summary {
 }
 
 func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
-	if len(desc.variableLabels) != len(labelValues) {
-		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.labelNames(), labelValues))
+	if len(desc.variableLabels.names) != len(labelValues) {
+		panic(makeInconsistentCardinalityError(desc.fqName, desc.variableLabels.names, labelValues))
 	}
 
-	for _, n := range desc.variableLabels {
-		if n.Name == quantileLabel {
+	for _, n := range desc.variableLabels.names {
+		if n == quantileLabel {
 			panic(errQuantileLabelNotAllowed)
 		}
 	}
@@ -222,6 +226,9 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		opts.BufCap = DefBufCap
 	}
 
+	if opts.now == nil {
+		opts.now = time.Now
+	}
 	if len(opts.Objectives) == 0 {
 		// Use the lock-free implementation of a Summary without objectives.
 		s := &noObjectivesSummary{
@@ -230,6 +237,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 			counts:     [2]*summaryCounts{{}, {}},
 		}
 		s.init(s) // Init self-collection.
+		s.createdTs = timestamppb.New(opts.now())
 		return s
 	}
 
@@ -245,7 +253,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 		coldBuf:        make([]float64, 0, opts.BufCap),
 		streamDuration: opts.MaxAge / time.Duration(opts.AgeBuckets),
 	}
-	s.headStreamExpTime = time.Now().Add(s.streamDuration)
+	s.headStreamExpTime = opts.now().Add(s.streamDuration)
 	s.hotBufExpTime = s.headStreamExpTime
 
 	for i := uint32(0); i < opts.AgeBuckets; i++ {
@@ -259,6 +267,7 @@ func newSummary(desc *Desc, opts SummaryOpts, labelValues ...string) Summary {
 	sort.Float64s(s.sortedObjectives)
 
 	s.init(s) // Init self-collection.
+	s.createdTs = timestamppb.New(opts.now())
 	return s
 }
 
@@ -286,6 +295,8 @@ type summary struct {
 	headStream                       *quantile.Stream
 	headStreamIdx                    int
 	headStreamExpTime, hotBufExpTime time.Time
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *summary) Desc() *Desc {
@@ -307,7 +318,9 @@ func (s *summary) Observe(v float64) {
 }
 
 func (s *summary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.objectives))
 
 	s.bufMtx.Lock()
@@ -440,6 +453,8 @@ type noObjectivesSummary struct {
 	counts [2]*summaryCounts
 
 	labelPairs []*dto.LabelPair
+
+	createdTs *timestamppb.Timestamp
 }
 
 func (s *noObjectivesSummary) Desc() *Desc {
@@ -490,8 +505,9 @@ func (s *noObjectivesSummary) Write(out *dto.Metric) error {
 	}
 
 	sum := &dto.Summary{
-		SampleCount: proto.Uint64(count),
-		SampleSum:   proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		SampleCount:      proto.Uint64(count),
+		SampleSum:        proto.Float64(math.Float64frombits(atomic.LoadUint64(&coldCounts.sumBits))),
+		CreatedTimestamp: s.createdTs,
 	}
 
 	out.Summary = sum
@@ -681,6 +697,7 @@ type constSummary struct {
 	sum        float64
 	quantiles  map[float64]float64
 	labelPairs []*dto.LabelPair
+	createdTs  *timestamppb.Timestamp
 }
 
 func (s *constSummary) Desc() *Desc {
@@ -688,7 +705,9 @@ func (s *constSummary) Desc() *Desc {
 }
 
 func (s *constSummary) Write(out *dto.Metric) error {
-	sum := &dto.Summary{}
+	sum := &dto.Summary{
+		CreatedTimestamp: s.createdTs,
+	}
 	qs := make([]*dto.Quantile, 0, len(s.quantiles))
 
 	sum.SampleCount = proto.Uint64(s.count)
@@ -737,7 +756,7 @@ func NewConstSummary(
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 	return &constSummary{
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/value.go b/vendor/github.com/prometheus/client_golang/prometheus/value.go
index 5f6bb8001..cc23011fa 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/value.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/value.go
@@ -14,6 +14,7 @@
 package prometheus
 
 import (
+	"errors"
 	"fmt"
 	"sort"
 	"time"
@@ -91,7 +92,7 @@ func (v *valueFunc) Desc() *Desc {
 }
 
 func (v *valueFunc) Write(out *dto.Metric) error {
-	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out)
+	return populateMetric(v.valType, v.function(), v.labelPairs, nil, out, nil)
 }
 
 // NewConstMetric returns a metric with one fixed value that cannot be
@@ -105,12 +106,12 @@ func NewConstMetric(desc *Desc, valueType ValueType, value float64, labelValues
 	if desc.err != nil {
 		return nil, desc.err
 	}
-	if err := validateLabelValues(labelValues, len(desc.variableLabels)); err != nil {
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
 		return nil, err
 	}
 
 	metric := &dto.Metric{}
-	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric); err != nil {
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, nil); err != nil {
 		return nil, err
 	}
 
@@ -130,6 +131,43 @@ func MustNewConstMetric(desc *Desc, valueType ValueType, value float64, labelVal
 	return m
 }
 
+// NewConstMetricWithCreatedTimestamp does the same thing as NewConstMetric, but generates Counters
+// with created timestamp set and returns an error for other metric types.
+func NewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) (Metric, error) {
+	if desc.err != nil {
+		return nil, desc.err
+	}
+	if err := validateLabelValues(labelValues, len(desc.variableLabels.names)); err != nil {
+		return nil, err
+	}
+	switch valueType {
+	case CounterValue:
+		break
+	default:
+		return nil, errors.New("created timestamps are only supported for counters")
+	}
+
+	metric := &dto.Metric{}
+	if err := populateMetric(valueType, value, MakeLabelPairs(desc, labelValues), nil, metric, timestamppb.New(ct)); err != nil {
+		return nil, err
+	}
+
+	return &constMetric{
+		desc:   desc,
+		metric: metric,
+	}, nil
+}
+
+// MustNewConstMetricWithCreatedTimestamp is a version of NewConstMetricWithCreatedTimestamp that panics where
+// NewConstMetricWithCreatedTimestamp would have returned an error.
+func MustNewConstMetricWithCreatedTimestamp(desc *Desc, valueType ValueType, value float64, ct time.Time, labelValues ...string) Metric {
+	m, err := NewConstMetricWithCreatedTimestamp(desc, valueType, value, ct, labelValues...)
+	if err != nil {
+		panic(err)
+	}
+	return m
+}
+
 type constMetric struct {
 	desc   *Desc
 	metric *dto.Metric
@@ -153,11 +191,12 @@ func populateMetric(
 	labelPairs []*dto.LabelPair,
 	e *dto.Exemplar,
 	m *dto.Metric,
+	ct *timestamppb.Timestamp,
 ) error {
 	m.Label = labelPairs
 	switch t {
 	case CounterValue:
-		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e}
+		m.Counter = &dto.Counter{Value: proto.Float64(v), Exemplar: e, CreatedTimestamp: ct}
 	case GaugeValue:
 		m.Gauge = &dto.Gauge{Value: proto.Float64(v)}
 	case UntypedValue:
@@ -176,19 +215,19 @@ func populateMetric(
 // This function is only needed for custom Metric implementations. See MetricVec
 // example.
 func MakeLabelPairs(desc *Desc, labelValues []string) []*dto.LabelPair {
-	totalLen := len(desc.variableLabels) + len(desc.constLabelPairs)
+	totalLen := len(desc.variableLabels.names) + len(desc.constLabelPairs)
 	if totalLen == 0 {
 		// Super fast path.
 		return nil
 	}
-	if len(desc.variableLabels) == 0 {
+	if len(desc.variableLabels.names) == 0 {
 		// Moderately fast path.
 		return desc.constLabelPairs
 	}
 	labelPairs := make([]*dto.LabelPair, 0, totalLen)
-	for i, l := range desc.variableLabels {
+	for i, l := range desc.variableLabels.names {
 		labelPairs = append(labelPairs, &dto.LabelPair{
-			Name:  proto.String(l.Name),
+			Name:  proto.String(l),
 			Value: proto.String(labelValues[i]),
 		})
 	}
diff --git a/vendor/github.com/prometheus/client_golang/prometheus/vec.go b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
index f0d0015a0..955cfd59f 100644
--- a/vendor/github.com/prometheus/client_golang/prometheus/vec.go
+++ b/vendor/github.com/prometheus/client_golang/prometheus/vec.go
@@ -20,24 +20,6 @@ import (
 	"github.com/prometheus/common/model"
 )
 
-var labelsPool = &sync.Pool{
-	New: func() interface{} {
-		return make(Labels)
-	},
-}
-
-func getLabelsFromPool() Labels {
-	return labelsPool.Get().(Labels)
-}
-
-func putLabelsToPool(labels Labels) {
-	for k := range labels {
-		delete(labels, k)
-	}
-
-	labelsPool.Put(labels)
-}
-
 // MetricVec is a Collector to bundle metrics of the same name that differ in
 // their label values. MetricVec is not used directly but as a building block
 // for implementations of vectors of a given metric type, like GaugeVec,
@@ -91,6 +73,7 @@ func NewMetricVec(desc *Desc, newMetric func(lvs ...string) Metric) *MetricVec {
 // See also the CounterVec example.
 func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 	lvs = constrainLabelValues(m.desc, lvs, m.curry)
+
 	h, err := m.hashLabelValues(lvs)
 	if err != nil {
 		return false
@@ -110,8 +93,8 @@ func (m *MetricVec) DeleteLabelValues(lvs ...string) bool {
 // This method is used for the same purpose as DeleteLabelValues(...string). See
 // there for pros and cons of the two methods.
 func (m *MetricVec) Delete(labels Labels) bool {
-	labels = constrainLabels(m.desc, labels)
-	defer putLabelsToPool(labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
 
 	h, err := m.hashLabels(labels)
 	if err != nil {
@@ -128,8 +111,8 @@ func (m *MetricVec) Delete(labels Labels) bool {
 // Note that curried labels will never be matched if deleting from the curried vector.
 // To match curried labels with DeletePartialMatch, it must be called on the base vector.
 func (m *MetricVec) DeletePartialMatch(labels Labels) int {
-	labels = constrainLabels(m.desc, labels)
-	defer putLabelsToPool(labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
 
 	return m.metricMap.deleteByLabels(labels, m.curry)
 }
@@ -169,11 +152,11 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 		oldCurry = m.curry
 		iCurry   int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(oldCurry) && oldCurry[iCurry].index == i {
 			if ok {
-				return nil, fmt.Errorf("label name %q is already curried", label.Name)
+				return nil, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			newCurry = append(newCurry, oldCurry[iCurry])
 			iCurry++
@@ -181,7 +164,10 @@ func (m *MetricVec) CurryWith(labels Labels) (*MetricVec, error) {
 			if !ok {
 				continue // Label stays uncurried.
 			}
-			newCurry = append(newCurry, curriedLabelValue{i, label.Constrain(val)})
+			newCurry = append(newCurry, curriedLabelValue{
+				i,
+				m.desc.variableLabels.constrain(labelName, val),
+			})
 		}
 	}
 	if l := len(oldCurry) + len(labels) - len(newCurry); l > 0 {
@@ -250,8 +236,8 @@ func (m *MetricVec) GetMetricWithLabelValues(lvs ...string) (Metric, error) {
 // around MetricVec, implementing a vector for a specific Metric implementation,
 // for example GaugeVec.
 func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
-	labels = constrainLabels(m.desc, labels)
-	defer putLabelsToPool(labels)
+	labels, closer := constrainLabels(m.desc, labels)
+	defer closer()
 
 	h, err := m.hashLabels(labels)
 	if err != nil {
@@ -262,7 +248,7 @@ func (m *MetricVec) GetMetricWith(labels Labels) (Metric, error) {
 }
 
 func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
-	if err := validateLabelValues(vals, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateLabelValues(vals, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -271,7 +257,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 		curry         = m.curry
 		iVals, iCurry int
 	)
-	for i := 0; i < len(m.desc.variableLabels); i++ {
+	for i := 0; i < len(m.desc.variableLabels.names); i++ {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
@@ -285,7 +271,7 @@ func (m *MetricVec) hashLabelValues(vals []string) (uint64, error) {
 }
 
 func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
-	if err := validateValuesInLabels(labels, len(m.desc.variableLabels)-len(m.curry)); err != nil {
+	if err := validateValuesInLabels(labels, len(m.desc.variableLabels.names)-len(m.curry)); err != nil {
 		return 0, err
 	}
 
@@ -294,17 +280,17 @@ func (m *MetricVec) hashLabels(labels Labels) (uint64, error) {
 		curry  = m.curry
 		iCurry int
 	)
-	for i, label := range m.desc.variableLabels {
-		val, ok := labels[label.Name]
+	for i, labelName := range m.desc.variableLabels.names {
+		val, ok := labels[labelName]
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if ok {
-				return 0, fmt.Errorf("label name %q is already curried", label.Name)
+				return 0, fmt.Errorf("label name %q is already curried", labelName)
 			}
 			h = m.hashAdd(h, curry[iCurry].value)
 			iCurry++
 		} else {
 			if !ok {
-				return 0, fmt.Errorf("label name %q missing in label map", label.Name)
+				return 0, fmt.Errorf("label name %q missing in label map", labelName)
 			}
 			h = m.hashAdd(h, val)
 		}
@@ -482,7 +468,7 @@ func valueMatchesVariableOrCurriedValue(targetValue string, index int, values []
 func matchPartialLabels(desc *Desc, values []string, labels Labels, curry []curriedLabelValue) bool {
 	for l, v := range labels {
 		// Check if the target label exists in our metrics and get the index.
-		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.labelNames())
+		varLabelIndex, validLabel := indexOf(l, desc.variableLabels.names)
 		if validLabel {
 			// Check the value of that label against the target value.
 			// We don't consider curried values in partial matches.
@@ -626,7 +612,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 		return false
 	}
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			if values[i] != curry[iCurry].value {
 				return false
@@ -634,7 +620,7 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 			iCurry++
 			continue
 		}
-		if values[i] != labels[k.Name] {
+		if values[i] != labels[k] {
 			return false
 		}
 	}
@@ -644,13 +630,13 @@ func matchLabels(desc *Desc, values []string, labels Labels, curry []curriedLabe
 func extractLabelValues(desc *Desc, labels Labels, curry []curriedLabelValue) []string {
 	labelValues := make([]string, len(labels)+len(curry))
 	iCurry := 0
-	for i, k := range desc.variableLabels {
+	for i, k := range desc.variableLabels.names {
 		if iCurry < len(curry) && curry[iCurry].index == i {
 			labelValues[i] = curry[iCurry].value
 			iCurry++
 			continue
 		}
-		labelValues[i] = labels[k.Name]
+		labelValues[i] = labels[k]
 	}
 	return labelValues
 }
@@ -670,20 +656,37 @@ func inlineLabelValues(lvs []string, curry []curriedLabelValue) []string {
 	return labelValues
 }
 
-func constrainLabels(desc *Desc, labels Labels) Labels {
-	constrainedLabels := getLabelsFromPool()
-	for l, v := range labels {
-		if i, ok := indexOf(l, desc.variableLabels.labelNames()); ok {
-			v = desc.variableLabels[i].Constrain(v)
-		}
+var labelsPool = &sync.Pool{
+	New: func() interface{} {
+		return make(Labels)
+	},
+}
 
-		constrainedLabels[l] = v
+func constrainLabels(desc *Desc, labels Labels) (Labels, func()) {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return labels, func() {}
 	}
 
-	return constrainedLabels
+	constrainedLabels := labelsPool.Get().(Labels)
+	for l, v := range labels {
+		constrainedLabels[l] = desc.variableLabels.constrain(l, v)
+	}
+
+	return constrainedLabels, func() {
+		for k := range constrainedLabels {
+			delete(constrainedLabels, k)
+		}
+		labelsPool.Put(constrainedLabels)
+	}
 }
 
 func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) []string {
+	if len(desc.variableLabels.labelConstraints) == 0 {
+		// Fast path when there's no constraints
+		return lvs
+	}
+
 	constrainedValues := make([]string, len(lvs))
 	var iCurry, iLVs int
 	for i := 0; i < len(lvs)+len(curry); i++ {
@@ -692,8 +695,11 @@ func constrainLabelValues(desc *Desc, lvs []string, curry []curriedLabelValue) [
 			continue
 		}
 
-		if i < len(desc.variableLabels) {
-			constrainedValues[iLVs] = desc.variableLabels[i].Constrain(lvs[iLVs])
+		if i < len(desc.variableLabels.names) {
+			constrainedValues[iLVs] = desc.variableLabels.constrain(
+				desc.variableLabels.names[i],
+				lvs[iLVs],
+			)
 		} else {
 			constrainedValues[iLVs] = lvs[iLVs]
 		}
diff --git a/vendor/github.com/prometheus/client_model/go/metrics.pb.go b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
index 2b5bca4b9..cee360db7 100644
--- a/vendor/github.com/prometheus/client_model/go/metrics.pb.go
+++ b/vendor/github.com/prometheus/client_model/go/metrics.pb.go
@@ -215,8 +215,9 @@ type Counter struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Value    *float64  `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
-	Exemplar *Exemplar `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	Value            *float64               `protobuf:"fixed64,1,opt,name=value" json:"value,omitempty"`
+	Exemplar         *Exemplar              `protobuf:"bytes,2,opt,name=exemplar" json:"exemplar,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Counter) Reset() {
@@ -265,6 +266,13 @@ func (x *Counter) GetExemplar() *Exemplar {
 	return nil
 }
 
+func (x *Counter) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Quantile struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -325,9 +333,10 @@ type Summary struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	SampleCount *uint64     `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
-	SampleSum   *float64    `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
-	Quantile    []*Quantile `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	SampleCount      *uint64                `protobuf:"varint,1,opt,name=sample_count,json=sampleCount" json:"sample_count,omitempty"`
+	SampleSum        *float64               `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
+	Quantile         []*Quantile            `protobuf:"bytes,3,rep,name=quantile" json:"quantile,omitempty"`
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 }
 
 func (x *Summary) Reset() {
@@ -383,6 +392,13 @@ func (x *Summary) GetQuantile() []*Quantile {
 	return nil
 }
 
+func (x *Summary) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 type Untyped struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -439,7 +455,8 @@ type Histogram struct {
 	SampleCountFloat *float64 `protobuf:"fixed64,4,opt,name=sample_count_float,json=sampleCountFloat" json:"sample_count_float,omitempty"` // Overrides sample_count if > 0.
 	SampleSum        *float64 `protobuf:"fixed64,2,opt,name=sample_sum,json=sampleSum" json:"sample_sum,omitempty"`
 	// Buckets for the conventional histogram.
-	Bucket []*Bucket `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	Bucket           []*Bucket              `protobuf:"bytes,3,rep,name=bucket" json:"bucket,omitempty"` // Ordered in increasing order of upper_bound, +Inf bucket is optional.
+	CreatedTimestamp *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=created_timestamp,json=createdTimestamp" json:"created_timestamp,omitempty"`
 	// schema defines the bucket schema. Currently, valid numbers are -4 <= n <= 8.
 	// They are all for base-2 bucket schemas, where 1 is a bucket boundary in each case, and
 	// then each power of two is divided into 2^n logarithmic buckets.
@@ -457,6 +474,9 @@ type Histogram struct {
 	NegativeDelta []int64   `protobuf:"zigzag64,10,rep,name=negative_delta,json=negativeDelta" json:"negative_delta,omitempty"` // Count delta of each bucket compared to previous one (or to zero for 1st bucket).
 	NegativeCount []float64 `protobuf:"fixed64,11,rep,name=negative_count,json=negativeCount" json:"negative_count,omitempty"`  // Absolute count of each bucket.
 	// Positive buckets for the native histogram.
+	// Use a no-op span (offset 0, length 0) for a native histogram without any
+	// observations yet and with a zero_threshold of 0. Otherwise, it would be
+	// indistinguishable from a classic histogram.
 	PositiveSpan []*BucketSpan `protobuf:"bytes,12,rep,name=positive_span,json=positiveSpan" json:"positive_span,omitempty"`
 	// Use either "positive_delta" or "positive_count", the former for
 	// regular histograms with integer counts, the latter for float
@@ -525,6 +545,13 @@ func (x *Histogram) GetBucket() []*Bucket {
 	return nil
 }
 
+func (x *Histogram) GetCreatedTimestamp() *timestamppb.Timestamp {
+	if x != nil {
+		return x.CreatedTimestamp
+	}
+	return nil
+}
+
 func (x *Histogram) GetSchema() int32 {
 	if x != nil && x.Schema != nil {
 		return *x.Schema
@@ -972,137 +999,151 @@ var file_io_prometheus_client_metrics_proto_rawDesc = []byte{
 	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c,
 	0x75, 0x65, 0x22, 0x1d, 0x0a, 0x05, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76,
 	0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x22, 0x5b, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05,
-	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c,
-	0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x02,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d,
-	0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c,
-	0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x87, 0x01, 0x0a,
-	0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
+	0x65, 0x22, 0xa4, 0x01, 0x0a, 0x07, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65,
+	0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12,
+	0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
+	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x3c, 0x0a, 0x08, 0x51, 0x75, 0x61, 0x6e,
+	0x74, 0x69, 0x6c, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xd0, 0x01, 0x0a, 0x07, 0x53, 0x75, 0x6d, 0x6d, 0x61,
+	0x72, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
+	0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c,
+	0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75,
+	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65,
+	0x12, 0x47, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xac, 0x05, 0x0a, 0x09, 0x48,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70,
 	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b,
-	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73,
-	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52,
-	0x09, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x3a, 0x0a, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61,
+	0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d,
+	0x70, 0x6c, 0x65, 0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73,
+	0x61, 0x6d, 0x70, 0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b,
+	0x65, 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x47,
+	0x0a, 0x11, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
+	0x61, 0x6d, 0x70, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
+	0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x54, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12,
+	0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c,
+	0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72, 0x6f, 0x54, 0x68, 0x72,
+	0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x7a, 0x65, 0x72, 0x6f,
+	0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12,
+	0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e,
+	0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d,
+	0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75,
+	0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d,
+	0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a,
+	0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18,
+	0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
+	0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65,
+	0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f,
+	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x70,
+	0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0d, 0x20,
+	0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c,
+	0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63,
+	0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69,
+	0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01, 0x0a, 0x06, 0x42, 0x75,
+	0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69,
+	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f,
+	0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12,
+	0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x01, 0x52,
+	0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74,
+	0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70, 0x65, 0x72, 0x5f, 0x62,
+	0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a, 0x75, 0x70, 0x70, 0x65,
+	0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
+	0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72,
+	0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e,
+	0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78, 0x65, 0x6d, 0x70, 0x6c,
+	0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e,
+	0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x11,
+	0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x65, 0x6e, 0x67,
+	0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68,
+	0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x12, 0x35, 0x0a,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x51, 0x75, 0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x52, 0x08, 0x71, 0x75,
-	0x61, 0x6e, 0x74, 0x69, 0x6c, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65,
-	0x64, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01,
-	0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xe3, 0x04, 0x0a, 0x09, 0x48, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0b, 0x73, 0x61, 0x6d,
-	0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04,
-	0x20, 0x01, 0x28, 0x01, 0x52, 0x10, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x43, 0x6f, 0x75, 0x6e,
-	0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65,
-	0x5f, 0x73, 0x75, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x09, 0x73, 0x61, 0x6d, 0x70,
-	0x6c, 0x65, 0x53, 0x75, 0x6d, 0x12, 0x34, 0x0a, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x18,
-	0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
-	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63,
-	0x6b, 0x65, 0x74, 0x52, 0x06, 0x62, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73,
-	0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x05, 0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x73, 0x63, 0x68,
-	0x65, 0x6d, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x5f, 0x74, 0x68, 0x72, 0x65,
-	0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0d, 0x7a, 0x65, 0x72,
-	0x6f, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x7a, 0x65,
-	0x72, 0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09,
-	0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x28, 0x0a, 0x10, 0x7a, 0x65, 0x72,
-	0x6f, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x08, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x0e, 0x7a, 0x65, 0x72, 0x6f, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c,
-	0x6f, 0x61, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f,
-	0x73, 0x70, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e,
+	0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52, 0x05, 0x6c,
+	0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69,
+	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12,
+	0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f,
+	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69, 0x72, 0x52,
+	0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x47, 0x61, 0x75,
+	0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e,
 	0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e,
-	0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x52, 0x0c, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65,
-	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74, 0x61, 0x18, 0x0a, 0x20, 0x03,
-	0x28, 0x12, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x44, 0x65, 0x6c, 0x74,
-	0x61, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f,
-	0x75, 0x6e, 0x74, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d, 0x6e, 0x65, 0x67, 0x61, 0x74,
-	0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x45, 0x0a, 0x0d, 0x70, 0x6f, 0x73, 0x69,
-	0x74, 0x69, 0x76, 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e,
-	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x53, 0x70, 0x61,
-	0x6e, 0x52, 0x0c, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x12,
-	0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x64, 0x65, 0x6c, 0x74,
-	0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x12, 0x52, 0x0d, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76,
-	0x65, 0x44, 0x65, 0x6c, 0x74, 0x61, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
-	0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x01, 0x52, 0x0d,
-	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xc6, 0x01,
-	0x0a, 0x06, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x75, 0x6d, 0x75,
-	0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x04, 0x52, 0x0f, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43, 0x6f,
-	0x75, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x16, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76,
-	0x65, 0x5f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x66, 0x6c, 0x6f, 0x61, 0x74, 0x18, 0x04, 0x20,
-	0x01, 0x28, 0x01, 0x52, 0x14, 0x63, 0x75, 0x6d, 0x75, 0x6c, 0x61, 0x74, 0x69, 0x76, 0x65, 0x43,
-	0x6f, 0x75, 0x6e, 0x74, 0x46, 0x6c, 0x6f, 0x61, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x70,
-	0x65, 0x72, 0x5f, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0a,
-	0x75, 0x70, 0x70, 0x65, 0x72, 0x42, 0x6f, 0x75, 0x6e, 0x64, 0x12, 0x3a, 0x0a, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69,
+	0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x04, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68,
+	0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53, 0x75, 0x6d, 0x6d, 0x61,
+	0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x37, 0x0a, 0x07, 0x75,
+	0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69,
 	0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69,
-	0x65, 0x6e, 0x74, 0x2e, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x52, 0x08, 0x65, 0x78,
-	0x65, 0x6d, 0x70, 0x6c, 0x61, 0x72, 0x22, 0x3c, 0x0a, 0x0a, 0x42, 0x75, 0x63, 0x6b, 0x65, 0x74,
-	0x53, 0x70, 0x61, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x11, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06,
-	0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65,
-	0x6e, 0x67, 0x74, 0x68, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x65, 0x6d, 0x70, 0x6c, 0x61,
-	0x72, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50, 0x61, 0x69,
-	0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
-	0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38,
-	0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x22, 0xff, 0x02, 0x0a, 0x06, 0x4d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x12, 0x35, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x03,
-	0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x50,
-	0x61, 0x69, 0x72, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x31, 0x0a, 0x05, 0x67, 0x61,
-	0x75, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x05, 0x67, 0x61, 0x75, 0x67, 0x65, 0x12, 0x37, 0x0a,
-	0x07, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d,
-	0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63,
-	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x07, 0x63,
-	0x6f, 0x75, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72,
-	0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
-	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x53,
-	0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x52, 0x07, 0x73, 0x75, 0x6d, 0x6d, 0x61, 0x72, 0x79, 0x12,
-	0x37, 0x0a, 0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1d, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52,
-	0x07, 0x75, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74,
-	0x6f, 0x67, 0x72, 0x61, 0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f,
-	0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x2e, 0x48, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69,
-	0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d,
-	0x65, 0x74, 0x72, 0x69, 0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e,
-	0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
-	0x12, 0x0a, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68,
-	0x65, 0x6c, 0x70, 0x12, 0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28,
-	0x0e, 0x32, 0x20, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75,
-	0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74,
-	0x72, 0x69, 0x63, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70,
-	0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-	0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a,
-	0x62, 0x0a, 0x0a, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a,
-	0x07, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41,
-	0x55, 0x47, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59,
-	0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12,
-	0x0d, 0x0a, 0x09, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13,
-	0x0a, 0x0f, 0x47, 0x41, 0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41,
-	0x4d, 0x10, 0x05, 0x42, 0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74,
-	0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65,
-	0x75, 0x73, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f,
-	0x67, 0x6f, 0x3b, 0x69, 0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
-	0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x65, 0x6e, 0x74, 0x2e, 0x55, 0x6e, 0x74, 0x79, 0x70, 0x65, 0x64, 0x52, 0x07, 0x75, 0x6e, 0x74,
+	0x79, 0x70, 0x65, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61,
+	0x6d, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f,
+	0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x48,
+	0x69, 0x73, 0x74, 0x6f, 0x67, 0x72, 0x61, 0x6d, 0x52, 0x09, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x67,
+	0x72, 0x61, 0x6d, 0x12, 0x21, 0x0a, 0x0c, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
+	0x5f, 0x6d, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65, 0x73,
+	0x74, 0x61, 0x6d, 0x70, 0x4d, 0x73, 0x22, 0xa2, 0x01, 0x0a, 0x0c, 0x4d, 0x65, 0x74, 0x72, 0x69,
+	0x63, 0x46, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68,
+	0x65, 0x6c, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x65, 0x6c, 0x70, 0x12,
+	0x34, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e,
+	0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x52,
+	0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x34, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65,
+	0x74, 0x68, 0x65, 0x75, 0x73, 0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74,
+	0x72, 0x69, 0x63, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x2a, 0x62, 0x0a, 0x0a, 0x4d,
+	0x65, 0x74, 0x72, 0x69, 0x63, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4f, 0x55,
+	0x4e, 0x54, 0x45, 0x52, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x47, 0x41, 0x55, 0x47, 0x45, 0x10,
+	0x01, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x55, 0x4d, 0x4d, 0x41, 0x52, 0x59, 0x10, 0x02, 0x12, 0x0b,
+	0x0a, 0x07, 0x55, 0x4e, 0x54, 0x59, 0x50, 0x45, 0x44, 0x10, 0x03, 0x12, 0x0d, 0x0a, 0x09, 0x48,
+	0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x47, 0x41,
+	0x55, 0x47, 0x45, 0x5f, 0x48, 0x49, 0x53, 0x54, 0x4f, 0x47, 0x52, 0x41, 0x4d, 0x10, 0x05, 0x42,
+	0x52, 0x0a, 0x14, 0x69, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73,
+	0x2e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+	0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x2f, 0x63,
+	0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x2f, 0x67, 0x6f, 0x3b, 0x69,
+	0x6f, 0x5f, 0x70, 0x72, 0x6f, 0x6d, 0x65, 0x74, 0x68, 0x65, 0x75, 0x73, 0x5f, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74,
 }
 
 var (
@@ -1137,26 +1178,29 @@ var file_io_prometheus_client_metrics_proto_goTypes = []interface{}{
 }
 var file_io_prometheus_client_metrics_proto_depIdxs = []int32{
 	10, // 0: io.prometheus.client.Counter.exemplar:type_name -> io.prometheus.client.Exemplar
-	4,  // 1: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
-	8,  // 2: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
-	9,  // 3: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
-	9,  // 4: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
-	10, // 5: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
-	1,  // 6: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
-	13, // 7: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
-	1,  // 8: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
-	2,  // 9: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
-	3,  // 10: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
-	5,  // 11: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
-	6,  // 12: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
-	7,  // 13: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
-	0,  // 14: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
-	11, // 15: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
-	16, // [16:16] is the sub-list for method output_type
-	16, // [16:16] is the sub-list for method input_type
-	16, // [16:16] is the sub-list for extension type_name
-	16, // [16:16] is the sub-list for extension extendee
-	0,  // [0:16] is the sub-list for field type_name
+	13, // 1: io.prometheus.client.Counter.created_timestamp:type_name -> google.protobuf.Timestamp
+	4,  // 2: io.prometheus.client.Summary.quantile:type_name -> io.prometheus.client.Quantile
+	13, // 3: io.prometheus.client.Summary.created_timestamp:type_name -> google.protobuf.Timestamp
+	8,  // 4: io.prometheus.client.Histogram.bucket:type_name -> io.prometheus.client.Bucket
+	13, // 5: io.prometheus.client.Histogram.created_timestamp:type_name -> google.protobuf.Timestamp
+	9,  // 6: io.prometheus.client.Histogram.negative_span:type_name -> io.prometheus.client.BucketSpan
+	9,  // 7: io.prometheus.client.Histogram.positive_span:type_name -> io.prometheus.client.BucketSpan
+	10, // 8: io.prometheus.client.Bucket.exemplar:type_name -> io.prometheus.client.Exemplar
+	1,  // 9: io.prometheus.client.Exemplar.label:type_name -> io.prometheus.client.LabelPair
+	13, // 10: io.prometheus.client.Exemplar.timestamp:type_name -> google.protobuf.Timestamp
+	1,  // 11: io.prometheus.client.Metric.label:type_name -> io.prometheus.client.LabelPair
+	2,  // 12: io.prometheus.client.Metric.gauge:type_name -> io.prometheus.client.Gauge
+	3,  // 13: io.prometheus.client.Metric.counter:type_name -> io.prometheus.client.Counter
+	5,  // 14: io.prometheus.client.Metric.summary:type_name -> io.prometheus.client.Summary
+	6,  // 15: io.prometheus.client.Metric.untyped:type_name -> io.prometheus.client.Untyped
+	7,  // 16: io.prometheus.client.Metric.histogram:type_name -> io.prometheus.client.Histogram
+	0,  // 17: io.prometheus.client.MetricFamily.type:type_name -> io.prometheus.client.MetricType
+	11, // 18: io.prometheus.client.MetricFamily.metric:type_name -> io.prometheus.client.Metric
+	19, // [19:19] is the sub-list for method output_type
+	19, // [19:19] is the sub-list for method input_type
+	19, // [19:19] is the sub-list for extension type_name
+	19, // [19:19] is the sub-list for extension extendee
+	0,  // [0:19] is the sub-list for field type_name
 }
 
 func init() { file_io_prometheus_client_metrics_proto_init() }
diff --git a/vendor/github.com/prometheus/common/expfmt/decode.go b/vendor/github.com/prometheus/common/expfmt/decode.go
index 906397815..0ca86a3dc 100644
--- a/vendor/github.com/prometheus/common/expfmt/decode.go
+++ b/vendor/github.com/prometheus/common/expfmt/decode.go
@@ -22,7 +22,7 @@ import (
 
 	dto "github.com/prometheus/client_model/go"
 
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
+	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
 	"github.com/prometheus/common/model"
 )
 
diff --git a/vendor/github.com/prometheus/common/expfmt/encode.go b/vendor/github.com/prometheus/common/expfmt/encode.go
index 7f611ffaa..ca2140600 100644
--- a/vendor/github.com/prometheus/common/expfmt/encode.go
+++ b/vendor/github.com/prometheus/common/expfmt/encode.go
@@ -18,7 +18,7 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/matttproud/golang_protobuf_extensions/pbutil"
+	"github.com/matttproud/golang_protobuf_extensions/v2/pbutil"
 	"github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg"
 	"google.golang.org/protobuf/encoding/prototext"
 
diff --git a/vendor/github.com/prometheus/procfs/Makefile.common b/vendor/github.com/prometheus/procfs/Makefile.common
index 0ce7ea461..062a28185 100644
--- a/vendor/github.com/prometheus/procfs/Makefile.common
+++ b/vendor/github.com/prometheus/procfs/Makefile.common
@@ -61,7 +61,7 @@ PROMU_URL     := https://github.com/prometheus/promu/releases/download/v$(PROMU_
 SKIP_GOLANGCI_LINT :=
 GOLANGCI_LINT :=
 GOLANGCI_LINT_OPTS ?=
-GOLANGCI_LINT_VERSION ?= v1.53.3
+GOLANGCI_LINT_VERSION ?= v1.54.2
 # golangci-lint only supports linux, darwin and windows platforms on i386/amd64.
 # windows isn't included here because of the path separator being different.
 ifeq ($(GOHOSTOS),$(filter $(GOHOSTOS),linux darwin))
diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_notype.go b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
index 13d74e395..134767d69 100644
--- a/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_notype.go
@@ -11,8 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build netbsd || openbsd || solaris || windows || nostatfs
-// +build netbsd openbsd solaris windows nostatfs
+//go:build !freebsd && !linux
+// +build !freebsd,!linux
 
 package procfs
 
diff --git a/vendor/github.com/prometheus/procfs/fs_statfs_type.go b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
index bee151445..80df79c31 100644
--- a/vendor/github.com/prometheus/procfs/fs_statfs_type.go
+++ b/vendor/github.com/prometheus/procfs/fs_statfs_type.go
@@ -11,8 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build !netbsd && !openbsd && !solaris && !windows && !nostatfs
-// +build !netbsd,!openbsd,!solaris,!windows,!nostatfs
+//go:build freebsd || linux
+// +build freebsd linux
 
 package procfs
 
diff --git a/vendor/github.com/prometheus/procfs/mountstats.go b/vendor/github.com/prometheus/procfs/mountstats.go
index 852c8c4a0..9d8af6db7 100644
--- a/vendor/github.com/prometheus/procfs/mountstats.go
+++ b/vendor/github.com/prometheus/procfs/mountstats.go
@@ -44,6 +44,14 @@ const (
 
 	fieldTransport11TCPLen = 13
 	fieldTransport11UDPLen = 10
+
+	// kernel version >= 4.14 MaxLen
+	// See: https://elixir.bootlin.com/linux/v6.4.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L393
+	fieldTransport11RDMAMaxLen = 28
+
+	// kernel version <= 4.2 MinLen
+	// See: https://elixir.bootlin.com/linux/v4.2.8/source/net/sunrpc/xprtrdma/xprt_rdma.h#L331
+	fieldTransport11RDMAMinLen = 20
 )
 
 // A Mount is a device mount parsed from /proc/[pid]/mountstats.
@@ -233,6 +241,33 @@ type NFSTransportStats struct {
 	// A running counter, incremented on each request as the current size of the
 	// pending queue.
 	CumulativePendingQueue uint64
+
+	// Stats below only available with stat version 1.1.
+	// Transport over RDMA
+
+	// accessed when sending a call
+	ReadChunkCount   uint64
+	WriteChunkCount  uint64
+	ReplyChunkCount  uint64
+	TotalRdmaRequest uint64
+
+	// rarely accessed error counters
+	PullupCopyCount      uint64
+	HardwayRegisterCount uint64
+	FailedMarshalCount   uint64
+	BadReplyCount        uint64
+	MrsRecovered         uint64
+	MrsOrphaned          uint64
+	MrsAllocated         uint64
+	EmptySendctxQ        uint64
+
+	// accessed when receiving a reply
+	TotalRdmaReply    uint64
+	FixupCopyCount    uint64
+	ReplyWaitsForSend uint64
+	LocalInvNeeded    uint64
+	NomsgCallCount    uint64
+	BcallCount        uint64
 }
 
 // parseMountStats parses a /proc/[pid]/mountstats file and returns a slice
@@ -587,14 +622,17 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 			expectedLength = fieldTransport11TCPLen
 		} else if protocol == "udp" {
 			expectedLength = fieldTransport11UDPLen
+		} else if protocol == "rdma" {
+			expectedLength = fieldTransport11RDMAMinLen
 		} else {
 			return nil, fmt.Errorf("%w: invalid NFS protocol \"%s\" in stats 1.1 statement: %v", ErrFileParse, protocol, ss)
 		}
-		if len(ss) != expectedLength {
-			return nil, fmt.Errorf("%w: invalid NFS transport stats 1.1 statement: %v", ErrFileParse, ss)
+		if (len(ss) != expectedLength && (protocol == "tcp" || protocol == "udp")) ||
+			(protocol == "rdma" && len(ss) < expectedLength) {
+			return nil, fmt.Errorf("%w: invalid NFS transport stats 1.1 statement: %v, protocol: %v", ErrFileParse, ss, protocol)
 		}
 	default:
-		return nil, fmt.Errorf("%s: Unrecognized NFS transport stats version: %q", ErrFileParse, statVersion)
+		return nil, fmt.Errorf("%s: Unrecognized NFS transport stats version: %q, protocol: %v", ErrFileParse, statVersion, protocol)
 	}
 
 	// Allocate enough for v1.1 stats since zero value for v1.1 stats will be okay
@@ -604,7 +642,9 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// Note: slice length must be set to length of v1.1 stats to avoid a panic when
 	// only v1.0 stats are present.
 	// See: https://github.com/prometheus/node_exporter/issues/571.
-	ns := make([]uint64, fieldTransport11TCPLen)
+	//
+	// Note: NFS Over RDMA slice length is fieldTransport11RDMAMaxLen
+	ns := make([]uint64, fieldTransport11RDMAMaxLen+3)
 	for i, s := range ss {
 		n, err := strconv.ParseUint(s, 10, 64)
 		if err != nil {
@@ -622,9 +662,14 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 	// we set them to 0 here.
 	if protocol == "udp" {
 		ns = append(ns[:2], append(make([]uint64, 3), ns[2:]...)...)
+	} else if protocol == "tcp" {
+		ns = append(ns[:fieldTransport11TCPLen], make([]uint64, fieldTransport11RDMAMaxLen-fieldTransport11TCPLen+3)...)
+	} else if protocol == "rdma" {
+		ns = append(ns[:fieldTransport10TCPLen], append(make([]uint64, 3), ns[fieldTransport10TCPLen:]...)...)
 	}
 
 	return &NFSTransportStats{
+		// NFS xprt over tcp or udp
 		Protocol:                 protocol,
 		Port:                     ns[0],
 		Bind:                     ns[1],
@@ -636,8 +681,32 @@ func parseNFSTransportStats(ss []string, statVersion string) (*NFSTransportStats
 		BadTransactionIDs:        ns[7],
 		CumulativeActiveRequests: ns[8],
 		CumulativeBacklog:        ns[9],
-		MaximumRPCSlotsUsed:      ns[10],
-		CumulativeSendingQueue:   ns[11],
-		CumulativePendingQueue:   ns[12],
+
+		// NFS xprt over tcp or udp
+		// And statVersion 1.1
+		MaximumRPCSlotsUsed:    ns[10],
+		CumulativeSendingQueue: ns[11],
+		CumulativePendingQueue: ns[12],
+
+		// NFS xprt over rdma
+		// And stat Version 1.1
+		ReadChunkCount:       ns[13],
+		WriteChunkCount:      ns[14],
+		ReplyChunkCount:      ns[15],
+		TotalRdmaRequest:     ns[16],
+		PullupCopyCount:      ns[17],
+		HardwayRegisterCount: ns[18],
+		FailedMarshalCount:   ns[19],
+		BadReplyCount:        ns[20],
+		MrsRecovered:         ns[21],
+		MrsOrphaned:          ns[22],
+		MrsAllocated:         ns[23],
+		EmptySendctxQ:        ns[24],
+		TotalRdmaReply:       ns[25],
+		FixupCopyCount:       ns[26],
+		ReplyWaitsForSend:    ns[27],
+		LocalInvNeeded:       ns[28],
+		NomsgCallCount:       ns[29],
+		BcallCount:           ns[30],
 	}, nil
 }
diff --git a/vendor/github.com/prometheus/procfs/proc_fdinfo.go b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
index 4b7933e4f..fa761b352 100644
--- a/vendor/github.com/prometheus/procfs/proc_fdinfo.go
+++ b/vendor/github.com/prometheus/procfs/proc_fdinfo.go
@@ -26,6 +26,7 @@ var (
 	rPos          = regexp.MustCompile(`^pos:\s+(\d+)$`)
 	rFlags        = regexp.MustCompile(`^flags:\s+(\d+)$`)
 	rMntID        = regexp.MustCompile(`^mnt_id:\s+(\d+)$`)
+	rIno          = regexp.MustCompile(`^ino:\s+(\d+)$`)
 	rInotify      = regexp.MustCompile(`^inotify`)
 	rInotifyParts = regexp.MustCompile(`^inotify\s+wd:([0-9a-f]+)\s+ino:([0-9a-f]+)\s+sdev:([0-9a-f]+)(?:\s+mask:([0-9a-f]+))?`)
 )
@@ -40,6 +41,8 @@ type ProcFDInfo struct {
 	Flags string
 	// Mount point ID
 	MntID string
+	// Inode number
+	Ino string
 	// List of inotify lines (structured) in the fdinfo file (kernel 3.8+ only)
 	InotifyInfos []InotifyInfo
 }
@@ -51,7 +54,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		return nil, err
 	}
 
-	var text, pos, flags, mntid string
+	var text, pos, flags, mntid, ino string
 	var inotify []InotifyInfo
 
 	scanner := bufio.NewScanner(bytes.NewReader(data))
@@ -63,6 +66,8 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 			flags = rFlags.FindStringSubmatch(text)[1]
 		} else if rMntID.MatchString(text) {
 			mntid = rMntID.FindStringSubmatch(text)[1]
+		} else if rIno.MatchString(text) {
+			ino = rIno.FindStringSubmatch(text)[1]
 		} else if rInotify.MatchString(text) {
 			newInotify, err := parseInotifyInfo(text)
 			if err != nil {
@@ -77,6 +82,7 @@ func (p Proc) FDInfo(fd string) (*ProcFDInfo, error) {
 		Pos:          pos,
 		Flags:        flags,
 		MntID:        mntid,
+		Ino:          ino,
 		InotifyInfos: inotify,
 	}
 
diff --git a/vendor/github.com/prometheus/procfs/proc_maps.go b/vendor/github.com/prometheus/procfs/proc_maps.go
index 727549a13..7e75c286b 100644
--- a/vendor/github.com/prometheus/procfs/proc_maps.go
+++ b/vendor/github.com/prometheus/procfs/proc_maps.go
@@ -63,17 +63,17 @@ type ProcMap struct {
 // parseDevice parses the device token of a line and converts it to a dev_t
 // (mkdev) like structure.
 func parseDevice(s string) (uint64, error) {
-	toks := strings.Split(s, ":")
-	if len(toks) < 2 {
-		return 0, fmt.Errorf("%w: unexpected number of fields, expected: 2, got: %q", ErrFileParse, len(toks))
+	i := strings.Index(s, ":")
+	if i == -1 {
+		return 0, fmt.Errorf("%w: expected separator `:` in %s", ErrFileParse, s)
 	}
 
-	major, err := strconv.ParseUint(toks[0], 16, 0)
+	major, err := strconv.ParseUint(s[0:i], 16, 0)
 	if err != nil {
 		return 0, err
 	}
 
-	minor, err := strconv.ParseUint(toks[1], 16, 0)
+	minor, err := strconv.ParseUint(s[i+1:], 16, 0)
 	if err != nil {
 		return 0, err
 	}
@@ -93,17 +93,17 @@ func parseAddress(s string) (uintptr, error) {
 
 // parseAddresses parses the start-end address.
 func parseAddresses(s string) (uintptr, uintptr, error) {
-	toks := strings.Split(s, "-")
-	if len(toks) < 2 {
-		return 0, 0, fmt.Errorf("%w: invalid address", ErrFileParse)
+	idx := strings.Index(s, "-")
+	if idx == -1 {
+		return 0, 0, fmt.Errorf("%w: expected separator `-` in %s", ErrFileParse, s)
 	}
 
-	saddr, err := parseAddress(toks[0])
+	saddr, err := parseAddress(s[0:idx])
 	if err != nil {
 		return 0, 0, err
 	}
 
-	eaddr, err := parseAddress(toks[1])
+	eaddr, err := parseAddress(s[idx+1:])
 	if err != nil {
 		return 0, 0, err
 	}
diff --git a/vendor/github.com/prometheus/procfs/proc_status.go b/vendor/github.com/prometheus/procfs/proc_status.go
index c055d075d..46307f572 100644
--- a/vendor/github.com/prometheus/procfs/proc_status.go
+++ b/vendor/github.com/prometheus/procfs/proc_status.go
@@ -23,7 +23,7 @@ import (
 )
 
 // ProcStatus provides status information about the process,
-// read from /proc/[pid]/stat.
+// read from /proc/[pid]/status.
 type ProcStatus struct {
 	// The process ID.
 	PID int
@@ -32,6 +32,8 @@ type ProcStatus struct {
 
 	// Thread group ID.
 	TGID int
+	// List of Pid namespace.
+	NSpids []uint64
 
 	// Peak virtual memory size.
 	VmPeak uint64 // nolint:revive
@@ -127,6 +129,8 @@ func (s *ProcStatus) fillStatus(k string, vString string, vUint uint64, vUintByt
 		copy(s.UIDs[:], strings.Split(vString, "\t"))
 	case "Gid":
 		copy(s.GIDs[:], strings.Split(vString, "\t"))
+	case "NSpid":
+		s.NSpids = calcNSPidsList(vString)
 	case "VmPeak":
 		s.VmPeak = vUintBytes
 	case "VmSize":
@@ -200,3 +204,18 @@ func calcCpusAllowedList(cpuString string) []uint64 {
 	sort.Slice(g, func(i, j int) bool { return g[i] < g[j] })
 	return g
 }
+
+func calcNSPidsList(nspidsString string) []uint64 {
+	s := strings.Split(nspidsString, " ")
+	var nspids []uint64
+
+	for _, nspid := range s {
+		nspid, _ := strconv.ParseUint(nspid, 10, 64)
+		if nspid == 0 {
+			continue
+		}
+		nspids = append(nspids, nspid)
+	}
+
+	return nspids
+}
diff --git a/vendor/github.com/quasilyte/go-ruleguard/internal/goenv/goenv.go b/vendor/github.com/quasilyte/go-ruleguard/internal/goenv/goenv.go
index 2f207aa07..52d0f5204 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/internal/goenv/goenv.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/internal/goenv/goenv.go
@@ -3,46 +3,26 @@ package goenv
 import (
 	"errors"
 	"os/exec"
-	"runtime"
-	"strconv"
 	"strings"
 )
 
 func Read() (map[string]string, error) {
-	out, err := exec.Command("go", "env").CombinedOutput()
+	// pass in a fixed set of var names to avoid needing to unescape output
+	// pass in literals here instead of a variable list to avoid security linter warnings about command injection
+	out, err := exec.Command("go", "env", "GOROOT", "GOPATH", "GOARCH", "GOOS", "CGO_ENABLED").CombinedOutput()
 	if err != nil {
 		return nil, err
 	}
-	return parseGoEnv(out, runtime.GOOS)
+	return parseGoEnv([]string{"GOROOT", "GOPATH", "GOARCH", "GOOS", "CGO_ENABLED"}, out)
 }
 
-func parseGoEnv(data []byte, goos string) (map[string]string, error) {
+func parseGoEnv(varNames []string, data []byte) (map[string]string, error) {
 	vars := make(map[string]string)
 
 	lines := strings.Split(strings.ReplaceAll(string(data), "\r\n", "\n"), "\n")
-
-	if goos == "windows" {
-		// Line format is: `set $name=$value`
-		for _, l := range lines {
-			l = strings.TrimPrefix(l, "set ")
-			parts := strings.Split(l, "=")
-			if len(parts) != 2 {
-				continue
-			}
-			vars[parts[0]] = parts[1]
-		}
-	} else {
-		// Line format is: `$name="$value"`
-		for _, l := range lines {
-			parts := strings.Split(strings.TrimSpace(l), "=")
-			if len(parts) != 2 {
-				continue
-			}
-			val, err := strconv.Unquote(parts[1])
-			if err != nil {
-				continue
-			}
-			vars[parts[0]] = val
+	for i, varName := range varNames {
+		if i < len(lines) && len(lines[i]) > 0 {
+			vars[varName] = lines[i]
 		}
 	}
 
diff --git a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/engine.go b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/engine.go
index 88feef92d..e4cf954ff 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/engine.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/engine.go
@@ -8,7 +8,6 @@ import (
 	"go/token"
 	"go/types"
 	"io"
-	"io/ioutil"
 	"os"
 	"sort"
 	"strings"
@@ -48,7 +47,7 @@ func (e *engine) LoadedGroups() []GoRuleGroup {
 }
 
 func (e *engine) Load(ctx *LoadContext, buildContext *build.Context, filename string, r io.Reader) error {
-	data, err := ioutil.ReadAll(r)
+	data, err := io.ReadAll(r)
 	if err != nil {
 		return err
 	}
diff --git a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir/gen_filter_op.go b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir/gen_filter_op.go
index aecb975d8..b1c819492 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir/gen_filter_op.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir/gen_filter_op.go
@@ -7,7 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"go/format"
-	"io/ioutil"
+	"os"
 	"strings"
 )
 
@@ -142,7 +142,7 @@ func main() {
 		panic(err)
 	}
 
-	if err := ioutil.WriteFile("filter_op.gen.go", pretty, 0644); err != nil {
+	if err := os.WriteFile("filter_op.gen.go", pretty, 0644); err != nil {
 		panic(err)
 	}
 }
diff --git a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir_loader.go b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir_loader.go
index d71668914..dcb2fd2af 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir_loader.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/ir_loader.go
@@ -8,7 +8,7 @@ import (
 	"go/parser"
 	"go/token"
 	"go/types"
-	"io/ioutil"
+	"os"
 	"regexp"
 
 	"github.com/quasilyte/gogrep"
@@ -144,7 +144,7 @@ func (l *irLoader) loadBundle(bundle ir.BundleImport) error {
 }
 
 func (l *irLoader) loadExternFile(prefix, pkgPath, filename string) (*goRuleSet, error) {
-	src, err := ioutil.ReadFile(filename)
+	src, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/quasigo/gen_opcodes.go b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/quasigo/gen_opcodes.go
index c8d512038..80386df28 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/quasigo/gen_opcodes.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/quasigo/gen_opcodes.go
@@ -7,8 +7,8 @@ import (
 	"bytes"
 	"fmt"
 	"go/format"
-	"io/ioutil"
 	"log"
+	"os"
 	"strings"
 	"text/template"
 )
@@ -186,7 +186,7 @@ func writeFile(filename string, data []byte) {
 	if err != nil {
 		log.Panicf("gofmt: %v", err)
 	}
-	if err := ioutil.WriteFile(filename, pretty, 0666); err != nil {
+	if err := os.WriteFile(filename, pretty, 0666); err != nil {
 		log.Panicf("write %s: %v", filename, err)
 	}
 }
diff --git a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/runner.go b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/runner.go
index c76b6db33..fdc95ab5e 100644
--- a/vendor/github.com/quasilyte/go-ruleguard/ruleguard/runner.go
+++ b/vendor/github.com/quasilyte/go-ruleguard/ruleguard/runner.go
@@ -8,7 +8,7 @@ import (
 	"go/build"
 	"go/printer"
 	"go/token"
-	"io/ioutil"
+	"os"
 	"path/filepath"
 	"reflect"
 	"sort"
@@ -166,7 +166,7 @@ func (rr *rulesRunner) fileBytes() []byte {
 	}
 
 	// TODO(quasilyte): re-use src slice?
-	src, err := ioutil.ReadFile(rr.filename)
+	src, err := os.ReadFile(rr.filename)
 	if err != nil || src == nil {
 		// Assign a zero-length slice so rr.src
 		// is never nil during the second fileBytes call.
diff --git a/vendor/github.com/ryanrolds/sqlclosecheck/pkg/analyzer/analyzer.go b/vendor/github.com/ryanrolds/sqlclosecheck/pkg/analyzer/analyzer.go
index c22817caf..55e931a89 100644
--- a/vendor/github.com/ryanrolds/sqlclosecheck/pkg/analyzer/analyzer.go
+++ b/vendor/github.com/ryanrolds/sqlclosecheck/pkg/analyzer/analyzer.go
@@ -9,9 +9,10 @@ import (
 )
 
 const (
-	rowsName    = "Rows"
-	stmtName    = "Stmt"
-	closeMethod = "Close"
+	rowsName      = "Rows"
+	stmtName      = "Stmt"
+	namedStmtName = "NamedStmt"
+	closeMethod   = "Close"
 )
 
 type action uint8
@@ -31,13 +32,15 @@ var (
 	sqlPackages = []string{
 		"database/sql",
 		"github.com/jmoiron/sqlx",
+		"github.com/jackc/pgx/v5",
+		"github.com/jackc/pgx/v5/pgxpool",
 	}
 )
 
 func NewAnalyzer() *analysis.Analyzer {
 	return &analysis.Analyzer{
 		Name: "sqlclosecheck",
-		Doc:  "Checks that sql.Rows and sql.Stmt are closed.",
+		Doc:  "Checks that sql.Rows, sql.Stmt, sqlx.NamedStmt, pgx.Query are closed.",
 		Run:  run,
 		Requires: []*analysis.Analyzer{
 			buildssa.Analyzer,
@@ -63,20 +66,18 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	for _, f := range funcs {
 		for _, b := range f.Blocks {
 			for i := range b.Instrs {
-				// Check if instruction is call that returns a target type
+				// Check if instruction is call that returns a target pointer type
 				targetValues := getTargetTypesValues(b, i, targetTypes)
 				if len(targetValues) == 0 {
 					continue
 				}
 
-				// log.Printf("%s", f.Name())
-
 				// For each found target check if they are closed and deferred
 				for _, targetValue := range targetValues {
 					refs := (*targetValue.value).Referrers()
 					isClosed := checkClosed(refs, targetTypes)
 					if !isClosed {
-						pass.Reportf((targetValue.instr).Pos(), "Rows/Stmt was not closed")
+						pass.Reportf((targetValue.instr).Pos(), "Rows/Stmt/NamedStmt was not closed")
 					}
 
 					checkDeferred(pass, refs, targetTypes, false)
@@ -88,17 +89,22 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	return nil, nil
 }
 
-func getTargetTypes(pssa *buildssa.SSA, targetPackages []string) []*types.Pointer {
-	targets := []*types.Pointer{}
+func getTargetTypes(pssa *buildssa.SSA, targetPackages []string) []any {
+	targets := []any{}
 
 	for _, sqlPkg := range targetPackages {
 		pkg := pssa.Pkg.Prog.ImportedPackage(sqlPkg)
 		if pkg == nil {
 			// the SQL package being checked isn't imported
-			return targets
+			continue
+		}
+
+		rowsPtrType := getTypePointerFromName(pkg, rowsName)
+		if rowsPtrType != nil {
+			targets = append(targets, rowsPtrType)
 		}
 
-		rowsType := getTypePointerFromName(pkg, rowsName)
+		rowsType := getTypeFromName(pkg, rowsName)
 		if rowsType != nil {
 			targets = append(targets, rowsType)
 		}
@@ -107,6 +113,11 @@ func getTargetTypes(pssa *buildssa.SSA, targetPackages []string) []*types.Pointe
 		if stmtType != nil {
 			targets = append(targets, stmtType)
 		}
+
+		namedStmtType := getTypePointerFromName(pkg, namedStmtName)
+		if namedStmtType != nil {
+			targets = append(targets, namedStmtType)
+		}
 	}
 
 	return targets
@@ -115,7 +126,7 @@ func getTargetTypes(pssa *buildssa.SSA, targetPackages []string) []*types.Pointe
 func getTypePointerFromName(pkg *ssa.Package, name string) *types.Pointer {
 	pkgType := pkg.Type(name)
 	if pkgType == nil {
-		// this package does not use Rows/Stmt
+		// this package does not use Rows/Stmt/NamedStmt
 		return nil
 	}
 
@@ -128,12 +139,28 @@ func getTypePointerFromName(pkg *ssa.Package, name string) *types.Pointer {
 	return types.NewPointer(named)
 }
 
+func getTypeFromName(pkg *ssa.Package, name string) *types.Named {
+	pkgType := pkg.Type(name)
+	if pkgType == nil {
+		// this package does not use Rows/Stmt
+		return nil
+	}
+
+	obj := pkgType.Object()
+	named, ok := obj.Type().(*types.Named)
+	if !ok {
+		return nil
+	}
+
+	return named
+}
+
 type targetValue struct {
 	value *ssa.Value
 	instr ssa.Instruction
 }
 
-func getTargetTypesValues(b *ssa.BasicBlock, i int, targetTypes []*types.Pointer) []targetValue {
+func getTargetTypesValues(b *ssa.BasicBlock, i int, targetTypes []any) []targetValue {
 	targetValues := []targetValue{}
 
 	instr := b.Instrs[i]
@@ -149,21 +176,32 @@ func getTargetTypesValues(b *ssa.BasicBlock, i int, targetTypes []*types.Pointer
 		varType := v.Type()
 
 		for _, targetType := range targetTypes {
-			if !types.Identical(varType, targetType) {
+			var tt types.Type
+
+			switch t := targetType.(type) {
+			case *types.Pointer:
+				tt = t
+			case *types.Named:
+				tt = t
+			default:
+				continue
+			}
+
+			if !types.Identical(varType, tt) {
 				continue
 			}
 
 			for _, cRef := range *call.Referrers() {
 				switch instr := cRef.(type) {
 				case *ssa.Call:
-					if len(instr.Call.Args) >= 1 && types.Identical(instr.Call.Args[0].Type(), targetType) {
+					if len(instr.Call.Args) >= 1 && types.Identical(instr.Call.Args[0].Type(), tt) {
 						targetValues = append(targetValues, targetValue{
 							value: &instr.Call.Args[0],
 							instr: call,
 						})
 					}
 				case ssa.Value:
-					if types.Identical(instr.Type(), targetType) {
+					if types.Identical(instr.Type(), tt) {
 						targetValues = append(targetValues, targetValue{
 							value: &instr,
 							instr: call,
@@ -177,43 +215,42 @@ func getTargetTypesValues(b *ssa.BasicBlock, i int, targetTypes []*types.Pointer
 	return targetValues
 }
 
-func checkClosed(refs *[]ssa.Instruction, targetTypes []*types.Pointer) bool {
+func checkClosed(refs *[]ssa.Instruction, targetTypes []any) bool {
 	numInstrs := len(*refs)
 	for idx, ref := range *refs {
-		// log.Printf("%T - %s", ref, ref)
-
 		action := getAction(ref, targetTypes)
 		switch action {
-		case actionClosed:
+		case actionClosed, actionReturned, actionHandled:
 			return true
 		case actionPassed:
 			// Passed and not used after
 			if numInstrs == idx+1 {
 				return true
 			}
-		case actionReturned:
-			return true
-		case actionHandled:
-			return true
-		default:
-			// log.Printf(action)
 		}
 	}
 
 	return false
 }
 
-func getAction(instr ssa.Instruction, targetTypes []*types.Pointer) action {
+func getAction(instr ssa.Instruction, targetTypes []any) action {
 	switch instr := instr.(type) {
 	case *ssa.Defer:
-		if instr.Call.Value == nil {
-			return actionUnvaluedDefer
+		if instr.Call.Value != nil {
+			name := instr.Call.Value.Name()
+			if name == closeMethod {
+				return actionClosed
+			}
 		}
 
-		name := instr.Call.Value.Name()
-		if name == closeMethod {
-			return actionClosed
+		if instr.Call.Method != nil {
+			name := instr.Call.Method.Name()
+			if name == closeMethod {
+				return actionClosed
+			}
 		}
+
+		return actionUnvaluedDefer
 	case *ssa.Call:
 		if instr.Call.Value == nil {
 			return actionUnvaluedCall
@@ -265,7 +302,18 @@ func getAction(instr ssa.Instruction, targetTypes []*types.Pointer) action {
 	case *ssa.UnOp:
 		instrType := instr.Type()
 		for _, targetType := range targetTypes {
-			if types.Identical(instrType, targetType) {
+			var tt types.Type
+
+			switch t := targetType.(type) {
+			case *types.Pointer:
+				tt = t
+			case *types.Named:
+				tt = t
+			default:
+				continue
+			}
+
+			if types.Identical(instrType, tt) {
 				if checkClosed(instr.Referrers(), targetTypes) {
 					return actionHandled
 				}
@@ -277,20 +325,22 @@ func getAction(instr ssa.Instruction, targetTypes []*types.Pointer) action {
 		}
 	case *ssa.Return:
 		return actionReturned
-	default:
-		// log.Printf("%s", instr)
 	}
 
 	return actionUnhandled
 }
 
-func checkDeferred(pass *analysis.Pass, instrs *[]ssa.Instruction, targetTypes []*types.Pointer, inDefer bool) {
+func checkDeferred(pass *analysis.Pass, instrs *[]ssa.Instruction, targetTypes []any, inDefer bool) {
 	for _, instr := range *instrs {
 		switch instr := instr.(type) {
 		case *ssa.Defer:
 			if instr.Call.Value != nil && instr.Call.Value.Name() == closeMethod {
 				return
 			}
+
+			if instr.Call.Method != nil && instr.Call.Method.Name() == closeMethod {
+				return
+			}
 		case *ssa.Call:
 			if instr.Call.Value != nil && instr.Call.Value.Name() == closeMethod {
 				if !inDefer {
@@ -316,7 +366,18 @@ func checkDeferred(pass *analysis.Pass, instrs *[]ssa.Instruction, targetTypes [
 		case *ssa.UnOp:
 			instrType := instr.Type()
 			for _, targetType := range targetTypes {
-				if types.Identical(instrType, targetType) {
+				var tt types.Type
+
+				switch t := targetType.(type) {
+				case *types.Pointer:
+					tt = t
+				case *types.Named:
+					tt = t
+				default:
+					continue
+				}
+
+				if types.Identical(instrType, tt) {
 					checkDeferred(pass, instr.Referrers(), targetTypes, inDefer)
 				}
 			}
@@ -326,10 +387,17 @@ func checkDeferred(pass *analysis.Pass, instrs *[]ssa.Instruction, targetTypes [
 	}
 }
 
-func isTargetType(t types.Type, targetTypes []*types.Pointer) bool {
+func isTargetType(t types.Type, targetTypes []any) bool {
 	for _, targetType := range targetTypes {
-		if types.Identical(t, targetType) {
-			return true
+		switch tt := targetType.(type) {
+		case *types.Pointer:
+			if types.Identical(t, tt) {
+				return true
+			}
+		case *types.Named:
+			if types.Identical(t, tt) {
+				return true
+			}
 		}
 	}
 
diff --git a/vendor/github.com/sagikazarmark/locafero/.editorconfig b/vendor/github.com/sagikazarmark/locafero/.editorconfig
new file mode 100644
index 000000000..6f944f540
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.editorconfig
@@ -0,0 +1,21 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{Makefile,*.mk}]
+indent_style = tab
+
+[*.nix]
+indent_size = 2
+
+[*.go]
+indent_style = tab
+
+[{*.yml,*.yaml}]
+indent_size = 2
diff --git a/vendor/github.com/sagikazarmark/locafero/.envrc b/vendor/github.com/sagikazarmark/locafero/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/sagikazarmark/locafero/.gitignore b/vendor/github.com/sagikazarmark/locafero/.gitignore
new file mode 100644
index 000000000..8f07e6016
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.gitignore
@@ -0,0 +1,8 @@
+/.devenv/
+/.direnv/
+/.task/
+/bin/
+/build/
+/tmp/
+/var/
+/vendor/
diff --git a/vendor/github.com/sagikazarmark/locafero/.golangci.yaml b/vendor/github.com/sagikazarmark/locafero/.golangci.yaml
new file mode 100644
index 000000000..829de2a4a
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/.golangci.yaml
@@ -0,0 +1,27 @@
+run:
+  timeout: 10m
+
+linters-settings:
+  gci:
+    sections:
+      - standard
+      - default
+      - prefix(github.com/sagikazarmark/locafero)
+  goimports:
+    local-prefixes: github.com/sagikazarmark/locafero
+  misspell:
+    locale: US
+  nolintlint:
+    allow-leading-space: false # require machine-readable nolint directives (with no leading space)
+    allow-unused: false # report any unused nolint directives
+    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+  revive:
+    confidence: 0
+
+linters:
+  enable:
+    - gci
+    - goimports
+    - misspell
+    - nolintlint
+    - revive
diff --git a/vendor/github.com/sagikazarmark/locafero/LICENSE b/vendor/github.com/sagikazarmark/locafero/LICENSE
new file mode 100644
index 000000000..a70b0f296
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2023 Márk Sági-Kazár <mark.sagikazar@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/vendor/github.com/sagikazarmark/locafero/README.md b/vendor/github.com/sagikazarmark/locafero/README.md
new file mode 100644
index 000000000..a48e8e978
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/README.md
@@ -0,0 +1,37 @@
+# Finder library for [Afero](https://github.com/spf13/afero)
+
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/sagikazarmark/locafero/ci.yaml?style=flat-square)](https://github.com/sagikazarmark/locafero/actions/workflows/ci.yaml)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/sagikazarmark/locafero)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.20-61CFDD.svg?style=flat-square)
+[![built with nix](https://img.shields.io/badge/builtwith-nix-7d81f7?style=flat-square)](https://builtwithnix.org)
+
+**Finder library for [Afero](https://github.com/spf13/afero) ported from [go-finder](https://github.com/sagikazarmark/go-finder).**
+
+> [!WARNING]
+> This is an experimental library under development.
+>
+> **Backwards compatibility is not guaranteed, expect breaking changes.**
+
+## Installation
+
+```shell
+go get github.com/sagikazarmark/locafero
+```
+
+## Usage
+
+Check out the [package example](https://pkg.go.dev/github.com/sagikazarmark/locafero#example-package) on go.dev.
+
+## Development
+
+**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).**
+
+Run the test suite:
+
+```shell
+just test
+```
+
+## License
+
+The project is licensed under the [MIT License](LICENSE).
diff --git a/vendor/github.com/sagikazarmark/locafero/file_type.go b/vendor/github.com/sagikazarmark/locafero/file_type.go
new file mode 100644
index 000000000..9a9b14023
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/file_type.go
@@ -0,0 +1,28 @@
+package locafero
+
+import "io/fs"
+
+// FileType represents the kind of entries [Finder] can return.
+type FileType int
+
+const (
+	FileTypeAll FileType = iota
+	FileTypeFile
+	FileTypeDir
+)
+
+func (ft FileType) matchFileInfo(info fs.FileInfo) bool {
+	switch ft {
+	case FileTypeAll:
+		return true
+
+	case FileTypeFile:
+		return !info.IsDir()
+
+	case FileTypeDir:
+		return info.IsDir()
+
+	default:
+		return false
+	}
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/finder.go b/vendor/github.com/sagikazarmark/locafero/finder.go
new file mode 100644
index 000000000..754c8b260
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/finder.go
@@ -0,0 +1,165 @@
+// Package finder looks for files and directories in an {fs.Fs} filesystem.
+package locafero
+
+import (
+	"errors"
+	"io/fs"
+	"path/filepath"
+	"strings"
+
+	"github.com/sourcegraph/conc/iter"
+	"github.com/spf13/afero"
+)
+
+// Finder looks for files and directories in an [afero.Fs] filesystem.
+type Finder struct {
+	// Paths represents a list of locations that the [Finder] will search in.
+	//
+	// They are essentially the root directories or starting points for the search.
+	//
+	// Examples:
+	//   - home/user
+	//   - etc
+	Paths []string
+
+	// Names are specific entries that the [Finder] will look for within the given Paths.
+	//
+	// It provides the capability to search for entries with depth,
+	// meaning it can target deeper locations within the directory structure.
+	//
+	// It also supports glob syntax (as defined by [filepat.Match]), offering greater flexibility in search patterns.
+	//
+	// Examples:
+	//   - config.yaml
+	//   - home/*/config.yaml
+	//   - home/*/config.*
+	Names []string
+
+	// Type restricts the kind of entries returned by the [Finder].
+	//
+	// This parameter helps in differentiating and filtering out files from directories or vice versa.
+	Type FileType
+}
+
+// Find looks for files and directories in an [afero.Fs] filesystem.
+func (f Finder) Find(fsys afero.Fs) ([]string, error) {
+	// Arbitrary go routine limit (TODO: make this a parameter)
+	// pool := pool.NewWithResults[[]string]().WithMaxGoroutines(5).WithErrors().WithFirstError()
+
+	type searchItem struct {
+		path string
+		name string
+	}
+
+	var searchItems []searchItem
+
+	for _, searchPath := range f.Paths {
+		searchPath := searchPath
+
+		for _, searchName := range f.Names {
+			searchName := searchName
+
+			searchItems = append(searchItems, searchItem{searchPath, searchName})
+
+			// pool.Go(func() ([]string, error) {
+			// 	// If the name contains any glob character, perform a glob match
+			// 	if strings.ContainsAny(searchName, "*?[]\\^") {
+			// 		return globWalkSearch(fsys, searchPath, searchName, f.Type)
+			// 	}
+			//
+			// 	return statSearch(fsys, searchPath, searchName, f.Type)
+			// })
+		}
+	}
+
+	// allResults, err := pool.Wait()
+	// if err != nil {
+	// 	return nil, err
+	// }
+
+	allResults, err := iter.MapErr(searchItems, func(item *searchItem) ([]string, error) {
+		// If the name contains any glob character, perform a glob match
+		if strings.ContainsAny(item.name, "*?[]\\^") {
+			return globWalkSearch(fsys, item.path, item.name, f.Type)
+		}
+
+		return statSearch(fsys, item.path, item.name, f.Type)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var results []string
+
+	for _, r := range allResults {
+		results = append(results, r...)
+	}
+
+	// Sort results in alphabetical order for now
+	// sort.Strings(results)
+
+	return results, nil
+}
+
+func globWalkSearch(fsys afero.Fs, searchPath string, searchName string, searchType FileType) ([]string, error) {
+	var results []string
+
+	err := afero.Walk(fsys, searchPath, func(p string, fileInfo fs.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Skip the root path
+		if p == searchPath {
+			return nil
+		}
+
+		var result error
+
+		// Stop reading subdirectories
+		// TODO: add depth detection here
+		if fileInfo.IsDir() && filepath.Dir(p) == searchPath {
+			result = fs.SkipDir
+		}
+
+		// Skip unmatching type
+		if !searchType.matchFileInfo(fileInfo) {
+			return result
+		}
+
+		match, err := filepath.Match(searchName, fileInfo.Name())
+		if err != nil {
+			return err
+		}
+
+		if match {
+			results = append(results, p)
+		}
+
+		return result
+	})
+	if err != nil {
+		return results, err
+	}
+
+	return results, nil
+}
+
+func statSearch(fsys afero.Fs, searchPath string, searchName string, searchType FileType) ([]string, error) {
+	filePath := filepath.Join(searchPath, searchName)
+
+	fileInfo, err := fsys.Stat(filePath)
+	if errors.Is(err, fs.ErrNotExist) {
+		return nil, nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	// Skip unmatching type
+	if !searchType.matchFileInfo(fileInfo) {
+		return nil, nil
+	}
+
+	return []string{filePath}, nil
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/flake.lock b/vendor/github.com/sagikazarmark/locafero/flake.lock
new file mode 100644
index 000000000..46d28f805
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/flake.lock
@@ -0,0 +1,273 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1694097209,
+        "narHash": "sha256-gQmBjjxeSyySjbh0yQVBKApo2KWIFqqbRUvG+Fa+QpM=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7a8e6a91510efe89d8dcb8e43233f93e86f6b189",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1693611461,
+        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1693471703,
+        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1694343207,
+        "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1688056373,
+        "narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/flake.nix b/vendor/github.com/sagikazarmark/locafero/flake.nix
new file mode 100644
index 000000000..209ecf286
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/flake.nix
@@ -0,0 +1,47 @@
+{
+  description = "Finder library for Afero";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+            };
+
+            packages = with pkgs; [
+              just
+
+              golangci-lint
+            ];
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+
+          ci_1_20 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_20;
+            };
+          };
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/helpers.go b/vendor/github.com/sagikazarmark/locafero/helpers.go
new file mode 100644
index 000000000..05b434481
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/helpers.go
@@ -0,0 +1,41 @@
+package locafero
+
+import "fmt"
+
+// NameWithExtensions creates a list of names from a base name and a list of extensions.
+//
+// TODO: find a better name for this function.
+func NameWithExtensions(baseName string, extensions ...string) []string {
+	var names []string
+
+	if baseName == "" {
+		return names
+	}
+
+	for _, ext := range extensions {
+		if ext == "" {
+			continue
+		}
+
+		names = append(names, fmt.Sprintf("%s.%s", baseName, ext))
+	}
+
+	return names
+}
+
+// NameWithOptionalExtensions creates a list of names from a base name and a list of extensions,
+// plus it adds the base name (without any extensions) to the end of the list.
+//
+// TODO: find a better name for this function.
+func NameWithOptionalExtensions(baseName string, extensions ...string) []string {
+	var names []string
+
+	if baseName == "" {
+		return names
+	}
+
+	names = NameWithExtensions(baseName, extensions...)
+	names = append(names, baseName)
+
+	return names
+}
diff --git a/vendor/github.com/sagikazarmark/locafero/justfile b/vendor/github.com/sagikazarmark/locafero/justfile
new file mode 100644
index 000000000..00a88850c
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/locafero/justfile
@@ -0,0 +1,11 @@
+default:
+    just --list
+
+test:
+    go test -race -v ./...
+
+lint:
+    golangci-lint run
+
+fmt:
+    golangci-lint run --fix
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.editorconfig b/vendor/github.com/sagikazarmark/slog-shim/.editorconfig
new file mode 100644
index 000000000..1fb0e1bec
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.editorconfig
@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_size = 2
+
+[{Makefile,*.mk}]
+indent_style = tab
+
+[Taskfile.yaml]
+indent_size = 2
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.envrc b/vendor/github.com/sagikazarmark/slog-shim/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/sagikazarmark/slog-shim/.gitignore b/vendor/github.com/sagikazarmark/slog-shim/.gitignore
new file mode 100644
index 000000000..dc6d8b587
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/.gitignore
@@ -0,0 +1,4 @@
+/.devenv/
+/.direnv/
+/.task/
+/build/
diff --git a/vendor/github.com/sagikazarmark/slog-shim/LICENSE b/vendor/github.com/sagikazarmark/slog-shim/LICENSE
new file mode 100644
index 000000000..6a66aea5e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/sagikazarmark/slog-shim/README.md b/vendor/github.com/sagikazarmark/slog-shim/README.md
new file mode 100644
index 000000000..1f5be85e1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/README.md
@@ -0,0 +1,81 @@
+# [slog](https://pkg.go.dev/log/slog) shim
+
+[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/sagikazarmark/slog-shim/ci.yaml?style=flat-square)](https://github.com/sagikazarmark/slog-shim/actions/workflows/ci.yaml)
+[![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/sagikazarmark/slog-shim)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.20-61CFDD.svg?style=flat-square)
+[![built with nix](https://img.shields.io/badge/builtwith-nix-7d81f7?style=flat-square)](https://builtwithnix.org)
+
+Go 1.21 introduced a [new structured logging package](https://golang.org/doc/go1.21#slog), `log/slog`, to the standard library.
+Although it's been eagerly anticipated by many, widespread adoption isn't expected to occur immediately,
+especially since updating to Go 1.21 is a decision that most libraries won't make overnight.
+
+Before this package was added to the standard library, there was an _experimental_ version available at [golang.org/x/exp/slog](https://pkg.go.dev/golang.org/x/exp/slog).
+While it's generally advised against using experimental packages in production,
+this one served as a sort of backport package for the last few years,
+incorporating new features before they were added to the standard library (like `slices`, `maps` or `errors`).
+
+This package serves as a bridge, helping libraries integrate slog in a backward-compatible way without having to immediately update their Go version requirement to 1.21. On Go 1.21 (and above), it acts as a drop-in replacement for `log/slog`, while below 1.21 it falls back to `golang.org/x/exp/slog`.
+
+**How does it achieve backwards compatibility?**
+
+Although there's no consensus on whether dropping support for older Go versions is considered backward compatible, a majority seems to believe it is.
+(I don't have scientific proof for this, but it's based on conversations with various individuals across different channels.)
+
+This package adheres to that interpretation of backward compatibility. On Go 1.21, the shim uses type aliases to offer the same API as `slog/log`.
+Once a library upgrades its version requirement to Go 1.21, it should be able to discard this shim and use `log/slog` directly.
+
+For older Go versions, the library might become unstable after removing the shim.
+However, since those older versions are no longer supported, the promise of backward compatibility remains intact.
+
+## Installation
+
+```shell
+go get github.com/sagikazarmark/slog-shim
+```
+
+## Usage
+
+Import this package into your library and use it in your public API:
+
+```go
+package mylib
+
+import slog "github.com/sagikazarmark/slog-shim"
+
+func New(logger *slog.Logger) MyLib {
+    // ...
+}
+```
+
+When using the library, clients can either use `log/slog` (when on Go 1.21) or `golang.org/x/exp/slog` (below Go 1.21):
+
+```go
+package main
+
+import "log/slog"
+
+// OR
+
+import "golang.org/x/exp/slog"
+
+mylib.New(slog.Default())
+```
+
+**Make sure consumers are aware that your API behaves differently on different Go versions.**
+
+Once you bump your Go version requirement to Go 1.21, you can drop the shim entirely from your code:
+
+```diff
+package mylib
+
+- import slog "github.com/sagikazarmark/slog-shim"
++ import "log/slog"
+
+func New(logger *slog.Logger) MyLib {
+    // ...
+}
+```
+
+## License
+
+The project is licensed under a [BSD-style license](LICENSE).
diff --git a/vendor/github.com/sagikazarmark/slog-shim/attr.go b/vendor/github.com/sagikazarmark/slog-shim/attr.go
new file mode 100644
index 000000000..89608bf3a
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/attr.go
@@ -0,0 +1,74 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// An Attr is a key-value pair.
+type Attr = slog.Attr
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return slog.String(key, value)
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return slog.Int64(key, value)
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return slog.Int(key, value)
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return slog.Uint64(key, v)
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return slog.Float64(key, v)
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return slog.Bool(key, v)
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return slog.Time(key, v)
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return slog.Duration(key, v)
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return slog.Group(key, args...)
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return slog.Any(key, value)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/attr_120.go b/vendor/github.com/sagikazarmark/slog-shim/attr_120.go
new file mode 100644
index 000000000..b66481333
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/attr_120.go
@@ -0,0 +1,75 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// An Attr is a key-value pair.
+type Attr = slog.Attr
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return slog.String(key, value)
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return slog.Int64(key, value)
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return slog.Int(key, value)
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return slog.Uint64(key, v)
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return slog.Float64(key, v)
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return slog.Bool(key, v)
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return slog.Time(key, v)
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return slog.Duration(key, v)
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return slog.Group(key, args...)
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return slog.Any(key, value)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/flake.lock b/vendor/github.com/sagikazarmark/slog-shim/flake.lock
new file mode 100644
index 000000000..7e8898e9e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/flake.lock
@@ -0,0 +1,273 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1694097209,
+        "narHash": "sha256-gQmBjjxeSyySjbh0yQVBKApo2KWIFqqbRUvG+Fa+QpM=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7a8e6a91510efe89d8dcb8e43233f93e86f6b189",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1693611461,
+        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1693471703,
+        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1694345580,
+        "narHash": "sha256-BbG0NUxQTz1dN/Y87yPWZc/0Kp/coJ0vM3+7sNa5kUM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f002de6834fdde9c864f33c1ec51da7df19cd832",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1688056373,
+        "narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/flake.nix b/vendor/github.com/sagikazarmark/slog-shim/flake.nix
new file mode 100644
index 000000000..7239bbc2e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/flake.nix
@@ -0,0 +1,57 @@
+{
+  inputs = {
+    # nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs.url = "github:NixOS/nixpkgs/master";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+              go.package = pkgs.lib.mkDefault pkgs.go_1_21;
+            };
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+
+          ci_1_19 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_19;
+            };
+          };
+
+          ci_1_20 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_20;
+            };
+          };
+
+          ci_1_21 = {
+            imports = [ devenv.shells.ci ];
+
+            languages = {
+              go.package = pkgs.go_1_21;
+            };
+          };
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/handler.go b/vendor/github.com/sagikazarmark/slog-shim/handler.go
new file mode 100644
index 000000000..f55556ae1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/handler.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler = slog.Handler
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions = slog.HandlerOptions
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = slog.TimeKey
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = slog.LevelKey
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = slog.MessageKey
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = slog.SourceKey
+)
diff --git a/vendor/github.com/sagikazarmark/slog-shim/handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/handler_120.go
new file mode 100644
index 000000000..670057573
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/handler_120.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"golang.org/x/exp/slog"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler = slog.Handler
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions = slog.HandlerOptions
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = slog.TimeKey
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = slog.LevelKey
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = slog.MessageKey
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = slog.SourceKey
+)
diff --git a/vendor/github.com/sagikazarmark/slog-shim/json_handler.go b/vendor/github.com/sagikazarmark/slog-shim/json_handler.go
new file mode 100644
index 000000000..7c22bd81e
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/json_handler.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"io"
+	"log/slog"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler = slog.JSONHandler
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	return slog.NewJSONHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
new file mode 100644
index 000000000..7b14f10ba
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/json_handler_120.go
@@ -0,0 +1,24 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"io"
+
+	"golang.org/x/exp/slog"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler = slog.JSONHandler
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	return slog.NewJSONHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/level.go b/vendor/github.com/sagikazarmark/slog-shim/level.go
new file mode 100644
index 000000000..07288cf89
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/level.go
@@ -0,0 +1,61 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level = slog.Level
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = slog.LevelDebug
+	LevelInfo  Level = slog.LevelInfo
+	LevelWarn  Level = slog.LevelWarn
+	LevelError Level = slog.LevelError
+)
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar = slog.LevelVar
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler = slog.Leveler
diff --git a/vendor/github.com/sagikazarmark/slog-shim/level_120.go b/vendor/github.com/sagikazarmark/slog-shim/level_120.go
new file mode 100644
index 000000000..d3feb9420
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/level_120.go
@@ -0,0 +1,61 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"golang.org/x/exp/slog"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level = slog.Level
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = slog.LevelDebug
+	LevelInfo  Level = slog.LevelInfo
+	LevelWarn  Level = slog.LevelWarn
+	LevelError Level = slog.LevelError
+)
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar = slog.LevelVar
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler = slog.Leveler
diff --git a/vendor/github.com/sagikazarmark/slog-shim/logger.go b/vendor/github.com/sagikazarmark/slog-shim/logger.go
new file mode 100644
index 000000000..e80036bec
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/logger.go
@@ -0,0 +1,98 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"context"
+	"log"
+	"log/slog"
+)
+
+// Default returns the default Logger.
+func Default() *Logger { return slog.Default() }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	slog.SetDefault(l)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger = slog.Logger
+
+// New creates a new Logger with the given non-nil Handler.
+func New(h Handler) *Logger {
+	return slog.New(h)
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return slog.With(args...)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return slog.NewLogLogger(h, level)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	slog.Debug(msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	slog.DebugContext(ctx, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	slog.Info(msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	slog.InfoContext(ctx, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	slog.Warn(msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	slog.WarnContext(ctx, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	slog.Error(msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	slog.ErrorContext(ctx, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	slog.Log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	slog.LogAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/logger_120.go b/vendor/github.com/sagikazarmark/slog-shim/logger_120.go
new file mode 100644
index 000000000..97ebdd5e1
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/logger_120.go
@@ -0,0 +1,99 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"context"
+	"log"
+
+	"golang.org/x/exp/slog"
+)
+
+// Default returns the default Logger.
+func Default() *Logger { return slog.Default() }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	slog.SetDefault(l)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger = slog.Logger
+
+// New creates a new Logger with the given non-nil Handler.
+func New(h Handler) *Logger {
+	return slog.New(h)
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return slog.With(args...)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return slog.NewLogLogger(h, level)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	slog.Debug(msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	slog.DebugContext(ctx, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	slog.Info(msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	slog.InfoContext(ctx, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	slog.Warn(msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	slog.WarnContext(ctx, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	slog.Error(msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	slog.ErrorContext(ctx, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	slog.Log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	slog.LogAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/record.go b/vendor/github.com/sagikazarmark/slog-shim/record.go
new file mode 100644
index 000000000..85ad1f784
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/record.go
@@ -0,0 +1,31 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Call [NewRecord] to create a new Record.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record = slog.Record
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return slog.NewRecord(t, level, msg, pc)
+}
+
+// Source describes the location of a line of source code.
+type Source = slog.Source
diff --git a/vendor/github.com/sagikazarmark/slog-shim/record_120.go b/vendor/github.com/sagikazarmark/slog-shim/record_120.go
new file mode 100644
index 000000000..c2eaf4e79
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/record_120.go
@@ -0,0 +1,32 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Call [NewRecord] to create a new Record.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record = slog.Record
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return slog.NewRecord(t, level, msg, pc)
+}
+
+// Source describes the location of a line of source code.
+type Source = slog.Source
diff --git a/vendor/github.com/sagikazarmark/slog-shim/text_handler.go b/vendor/github.com/sagikazarmark/slog-shim/text_handler.go
new file mode 100644
index 000000000..45f6cfcba
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/text_handler.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"io"
+	"log/slog"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler = slog.TextHandler
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	return slog.NewTextHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go b/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
new file mode 100644
index 000000000..a69d63cce
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/text_handler_120.go
@@ -0,0 +1,24 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"io"
+
+	"golang.org/x/exp/slog"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler = slog.TextHandler
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	return slog.NewTextHandler(w, opts)
+}
diff --git a/vendor/github.com/sagikazarmark/slog-shim/value.go b/vendor/github.com/sagikazarmark/slog-shim/value.go
new file mode 100644
index 000000000..61173eb94
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/value.go
@@ -0,0 +1,109 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package slog
+
+import (
+	"log/slog"
+	"time"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value = slog.Value
+
+// Kind is the kind of a Value.
+type Kind = slog.Kind
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+const (
+	KindAny       = slog.KindAny
+	KindBool      = slog.KindBool
+	KindDuration  = slog.KindDuration
+	KindFloat64   = slog.KindFloat64
+	KindInt64     = slog.KindInt64
+	KindString    = slog.KindString
+	KindTime      = slog.KindTime
+	KindUint64    = slog.KindUint64
+	KindGroup     = slog.KindGroup
+	KindLogValuer = slog.KindLogValuer
+)
+
+//////////////// Constructors
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return slog.StringValue(value)
+}
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return slog.IntValue(v)
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return slog.Int64Value(v)
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return slog.Uint64Value(v)
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return slog.Float64Value(v)
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	return slog.BoolValue(v)
+}
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	return slog.TimeValue(v)
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return slog.DurationValue(v)
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return slog.GroupValue(as...)
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	return slog.AnyValue(v)
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer = slog.LogValuer
diff --git a/vendor/github.com/sagikazarmark/slog-shim/value_120.go b/vendor/github.com/sagikazarmark/slog-shim/value_120.go
new file mode 100644
index 000000000..0f9f871ee
--- /dev/null
+++ b/vendor/github.com/sagikazarmark/slog-shim/value_120.go
@@ -0,0 +1,110 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21
+
+package slog
+
+import (
+	"time"
+
+	"golang.org/x/exp/slog"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value = slog.Value
+
+// Kind is the kind of a Value.
+type Kind = slog.Kind
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+const (
+	KindAny       = slog.KindAny
+	KindBool      = slog.KindBool
+	KindDuration  = slog.KindDuration
+	KindFloat64   = slog.KindFloat64
+	KindInt64     = slog.KindInt64
+	KindString    = slog.KindString
+	KindTime      = slog.KindTime
+	KindUint64    = slog.KindUint64
+	KindGroup     = slog.KindGroup
+	KindLogValuer = slog.KindLogValuer
+)
+
+//////////////// Constructors
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return slog.StringValue(value)
+}
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return slog.IntValue(v)
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return slog.Int64Value(v)
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return slog.Uint64Value(v)
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return slog.Float64Value(v)
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	return slog.BoolValue(v)
+}
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	return slog.TimeValue(v)
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return slog.DurationValue(v)
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return slog.GroupValue(as...)
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	return slog.AnyValue(v)
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer = slog.LogValuer
diff --git a/vendor/github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping/mapping.go b/vendor/github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping/mapping.go
index b081edea3..5bad23d28 100644
--- a/vendor/github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping/mapping.go
+++ b/vendor/github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping/mapping.go
@@ -161,6 +161,9 @@ var TimeLayout = map[string]string{
 	time.StampMilli:  "time.StampMilli",
 	time.StampMicro:  "time.StampMicro",
 	time.StampNano:   "time.StampNano",
+	time.DateTime:    "time.DateTime",
+	time.DateOnly:    "time.DateOnly",
+	time.TimeOnly:    "time.TimeOnly",
 }
 
 var SQLIsolationLevel = map[string]string{
diff --git a/vendor/github.com/securego/gosec/v2/.golangci.yml b/vendor/github.com/securego/gosec/v2/.golangci.yml
index b12140a25..d591dc249 100644
--- a/vendor/github.com/securego/gosec/v2/.golangci.yml
+++ b/vendor/github.com/securego/gosec/v2/.golangci.yml
@@ -2,7 +2,6 @@ linters:
   enable:
     - asciicheck
     - bodyclose
-    - depguard
     - dogsled
     - durationcheck
     - errcheck
@@ -10,6 +9,7 @@ linters:
     - exportloopref
     - gci
     - ginkgolinter
+    - gochecknoinits
     - gofmt
     - gofumpt
     - goimports
@@ -36,6 +36,10 @@ linters-settings:
       - standard
       - default
       - prefix(github.com/securego)
+  revive:
+    rules:
+      - name: dot-imports
+        disabled: true
 
 run:
   timeout: 5m
diff --git a/vendor/github.com/securego/gosec/v2/Makefile b/vendor/github.com/securego/gosec/v2/Makefile
index 09303d11a..dcfb4b2ed 100644
--- a/vendor/github.com/securego/gosec/v2/Makefile
+++ b/vendor/github.com/securego/gosec/v2/Makefile
@@ -11,7 +11,6 @@ endif
 BUILDFLAGS := "-w -s -X 'main.Version=$(GIT_TAG)' -X 'main.GitTag=$(GIT_TAG)' -X 'main.BuildDate=$(BUILD_DATE)'"
 CGO_ENABLED = 0
 GO := GO111MODULE=on go
-GO_NOMOD :=GO111MODULE=off go
 GOPATH ?= $(shell $(GO) env GOPATH)
 GOBIN ?= $(GOPATH)/bin
 GOSEC ?= $(GOBIN)/gosec
@@ -25,15 +24,15 @@ default:
 
 install-test-deps:
 	go install github.com/onsi/ginkgo/v2/ginkgo@latest
-	$(GO_NOMOD) get -u golang.org/x/crypto/ssh
-	$(GO_NOMOD) get -u github.com/lib/pq
+	go install golang.org/x/crypto/...@latest
+	go install github.com/lib/pq/...@latest
 
 install-govulncheck:
 	@if [ $(GO_MINOR_VERSION) -gt $(GOVULN_MIN_VERSION) ]; then \
 		go install golang.org/x/vuln/cmd/govulncheck@latest; \
 	fi
 
-test: install-test-deps build fmt vet sec govulncheck
+test: install-test-deps build-race fmt vet sec govulncheck
 	$(GINKGO) -v --fail-fast
 
 fmt:
@@ -65,6 +64,9 @@ test-coverage: install-test-deps
 build:
 	go build -o $(BIN) ./cmd/gosec/
 
+build-race:
+	go build -race -o $(BIN) ./cmd/gosec/
+
 clean:
 	rm -rf build vendor dist coverage.txt
 	rm -f release image $(BIN)
@@ -89,5 +91,5 @@ image-push: image
 
 tlsconfig:
 	go generate ./...
-	
+
 .PHONY: test build clean release image image-push tlsconfig
diff --git a/vendor/github.com/securego/gosec/v2/README.md b/vendor/github.com/securego/gosec/v2/README.md
index 71e032d80..d9a33f12a 100644
--- a/vendor/github.com/securego/gosec/v2/README.md
+++ b/vendor/github.com/securego/gosec/v2/README.md
@@ -1,7 +1,7 @@
 
 # gosec - Golang Security Checker
 
-Inspects source code for security problems by scanning the Go AST.
+Inspects source code for security problems by scanning the Go AST and SSA code representation.
 
 <img src="https://securego.io/img/gosec.png" width="320">
 
@@ -157,6 +157,7 @@ directory you can supply `./...` as the input argument.
 - G304: File path provided as taint input
 - G305: File traversal when extracting zip/tar archive
 - G306: Poor file permissions used when writing to a new file
+- G307: Poor file permissions used when creating a file with os.Create
 - G401: Detect the usage of DES, RC4, MD5 or SHA1
 - G402: Look for bad TLS connection settings
 - G403: Ensure minimum RSA key length of 2048 bits
@@ -167,6 +168,7 @@ directory you can supply `./...` as the input argument.
 - G504: Import blocklist: net/http/cgi
 - G505: Import blocklist: crypto/sha1
 - G601: Implicit memory aliasing of items from a range statement
+- G602: Slice access out of bounds
 
 ### Retired rules
 
@@ -272,31 +274,33 @@ gosec -exclude-generated ./...
 
 ### Annotating code
 
-As with all automated detection tools, there will be cases of false positives. In cases where gosec reports a failure that has been manually verified as being safe,
+As with all automated detection tools, there will be cases of false positives.
+In cases where gosec reports a failure that has been manually verified as being safe,
 it is possible to annotate the code with a comment that starts with `#nosec`.
+
 The `#nosec` comment should have the format `#nosec [RuleList] [-- Justification]`.
 
-The annotation causes gosec to stop processing any further nodes within the
-AST so can apply to a whole block or more granularly to a single expression.
+The `#nosec` comment needs to be placed on the line where the warning is reported.
 
 ```go
-
-import "md5" //#nosec
-
-
-func main(){
-
-    /* #nosec */
-    if x > y {
-        h := md5.New() // this will also be ignored
-    }
-
+func main() {
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true, // #nosec G402
+		},
+	}
+
+	client := &http.Client{Transport: tr}
+	_, err := client.Get("https://golang.org/")
+	if err != nil {
+		fmt.Println(err)
+	}
 }
-
 ```
 
-When a specific false positive has been identified and verified as safe, you may wish to suppress only that single rule (or a specific set of rules)
-within a section of code, while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within
+When a specific false positive has been identified and verified as safe, you may
+wish to suppress only that single rule (or a specific set of rules) within a section of code,
+while continuing to scan for other problems. To do this, you can list the rule(s) to be suppressed within
 the `#nosec` annotation, e.g: `/* #nosec G401 */` or `//#nosec G201 G202 G203`
 
 You could put the description or justification text for the annotation. The
diff --git a/vendor/github.com/securego/gosec/v2/USERS.md b/vendor/github.com/securego/gosec/v2/USERS.md
index ffc056081..9b6e4eeee 100644
--- a/vendor/github.com/securego/gosec/v2/USERS.md
+++ b/vendor/github.com/securego/gosec/v2/USERS.md
@@ -15,6 +15,7 @@ This is a list of gosec's users. Please send a pull request with your organisati
 9. [PingCAP/tidb](https://github.com/pingcap/tidb)
 10. [Checkmarx](https://www.checkmarx.com/)
 11. [SeatGeek](https://www.seatgeek.com/)
+12. [reMarkable](https://remarkable.com)
 
 ## Projects
 
diff --git a/vendor/github.com/securego/gosec/v2/action.yml b/vendor/github.com/securego/gosec/v2/action.yml
index 0320f0c21..aba47b60c 100644
--- a/vendor/github.com/securego/gosec/v2/action.yml
+++ b/vendor/github.com/securego/gosec/v2/action.yml
@@ -10,7 +10,7 @@ inputs:
 
 runs:
     using: 'docker'
-    image: 'docker://securego/gosec:2.15.0'
+    image: 'docker://securego/gosec:2.18.1'
     args:
       - ${{ inputs.args }}
 
diff --git a/vendor/github.com/securego/gosec/v2/analyzer.go b/vendor/github.com/securego/gosec/v2/analyzer.go
index 830d338e4..1fd1f5649 100644
--- a/vendor/github.com/securego/gosec/v2/analyzer.go
+++ b/vendor/github.com/securego/gosec/v2/analyzer.go
@@ -57,9 +57,83 @@ const aliasOfAllRules = "*"
 
 var generatedCodePattern = regexp.MustCompile(`^// Code generated .* DO NOT EDIT\.$`)
 
+type ignore struct {
+	start        int
+	end          int
+	suppressions map[string][]issue.SuppressionInfo
+}
+
+type ignores map[string][]ignore
+
+func newIgnores() ignores {
+	return make(map[string][]ignore)
+}
+
+func (i ignores) parseLine(line string) (int, int) {
+	parts := strings.Split(line, "-")
+	start, err := strconv.Atoi(parts[0])
+	if err != nil {
+		start = 0
+	}
+	end := start
+	if len(parts) > 1 {
+		if e, err := strconv.Atoi(parts[1]); err == nil {
+			end = e
+		}
+	}
+	return start, end
+}
+
+func (i ignores) add(file string, line string, suppressions map[string]issue.SuppressionInfo) {
+	is := []ignore{}
+	if _, ok := i[file]; ok {
+		is = i[file]
+	}
+	found := false
+	start, end := i.parseLine(line)
+	for _, ig := range is {
+		if ig.start <= start && ig.end >= end {
+			found = true
+			for r, s := range suppressions {
+				ss, ok := ig.suppressions[r]
+				if !ok {
+					ss = []issue.SuppressionInfo{}
+				}
+				ss = append(ss, s)
+				ig.suppressions[r] = ss
+			}
+			break
+		}
+	}
+	if !found {
+		ig := ignore{
+			start:        start,
+			end:          end,
+			suppressions: map[string][]issue.SuppressionInfo{},
+		}
+		for r, s := range suppressions {
+			ig.suppressions[r] = []issue.SuppressionInfo{s}
+		}
+		is = append(is, ig)
+	}
+	i[file] = is
+}
+
+func (i ignores) get(file string, line string) map[string][]issue.SuppressionInfo {
+	start, end := i.parseLine(line)
+	if is, ok := i[file]; ok {
+		for _, i := range is {
+			if i.start <= start && i.end >= end {
+				return i.suppressions
+			}
+		}
+	}
+	return map[string][]issue.SuppressionInfo{}
+}
+
 // The Context is populated with data parsed from the source code as it is scanned.
 // It is passed through to all rule functions as they are called. Rules may use
-// this data in conjunction withe the encountered AST node.
+// this data in conjunction with the encountered AST node.
 type Context struct {
 	FileSet      *token.FileSet
 	Comments     ast.CommentMap
@@ -69,7 +143,7 @@ type Context struct {
 	Root         *ast.File
 	Imports      *ImportTracker
 	Config       Config
-	Ignores      []map[string][]issue.SuppressionInfo
+	Ignores      ignores
 	PassedValues map[string]interface{}
 }
 
@@ -110,6 +184,7 @@ type Analyzer struct {
 	trackSuppressions bool
 	concurrency       int
 	analyzerList      []*analysis.Analyzer
+	mu                sync.Mutex
 }
 
 // NewAnalyzer builds a new analyzer.
@@ -231,9 +306,7 @@ func (gosec *Analyzer) Process(buildTags []string, packagePaths ...string) error
 					return fmt.Errorf("parsing errors in pkg %q: %w", pkg.Name, err)
 				}
 				gosec.CheckRules(pkg)
-				if on, err := gosec.config.IsGlobalEnabled(SSA); err == nil && on {
-					gosec.CheckAnalyzers(pkg)
-				}
+				gosec.CheckAnalyzers(pkg)
 			}
 		}
 	}
@@ -252,7 +325,9 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
 	// step 1/3 create build context.
 	buildD := build.Default
 	// step 2/3: add build tags to get env dependent files into basePackage.
+	gosec.mu.Lock()
 	buildD.BuildTags = conf.BuildFlags
+	gosec.mu.Unlock()
 	basePackage, err := buildD.ImportDir(pkgPath, build.ImportComment)
 	if err != nil {
 		return []*packages.Package{}, fmt.Errorf("importing dir %q: %w", pkgPath, err)
@@ -276,7 +351,9 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
 	}
 
 	// step 3/3 remove build tags from conf to proceed build correctly.
+	gosec.mu.Lock()
 	conf.BuildFlags = nil
+	defer gosec.mu.Unlock()
 	pkgs, err := packages.Load(conf, packageFiles...)
 	if err != nil {
 		return []*packages.Package{}, fmt.Errorf("loading files from package %q: %w", pkgPath, err)
@@ -284,7 +361,7 @@ func (gosec *Analyzer) load(pkgPath string, conf *packages.Config) ([]*packages.
 	return pkgs, nil
 }
 
-// CheckRules runs analysis on the given package
+// CheckRules runs analysis on the given package.
 func (gosec *Analyzer) CheckRules(pkg *packages.Package) {
 	gosec.logger.Println("Checking package:", pkg.Name)
 	for _, file := range pkg.Syntax {
@@ -314,37 +391,22 @@ func (gosec *Analyzer) CheckRules(pkg *packages.Package) {
 		gosec.context.PkgFiles = pkg.Syntax
 		gosec.context.Imports = NewImportTracker()
 		gosec.context.PassedValues = make(map[string]interface{})
+		gosec.context.Ignores = newIgnores()
+		gosec.updateIgnores()
 		ast.Walk(gosec, file)
 		gosec.stats.NumFiles++
 		gosec.stats.NumLines += pkg.Fset.File(file.Pos()).LineCount()
 	}
 }
 
-// CheckAnalyzers runs analyzers on a given package
+// CheckAnalyzers runs analyzers on a given package.
 func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
-	ssaPass := &analysis.Pass{
-		Analyzer:          buildssa.Analyzer,
-		Fset:              pkg.Fset,
-		Files:             pkg.Syntax,
-		OtherFiles:        pkg.OtherFiles,
-		IgnoredFiles:      pkg.IgnoredFiles,
-		Pkg:               pkg.Types,
-		TypesInfo:         pkg.TypesInfo,
-		TypesSizes:        pkg.TypesSizes,
-		ResultOf:          nil,
-		Report:            nil,
-		ImportObjectFact:  nil,
-		ExportObjectFact:  nil,
-		ImportPackageFact: nil,
-		ExportPackageFact: nil,
-		AllObjectFacts:    nil,
-		AllPackageFacts:   nil,
-	}
-	ssaResult, err := ssaPass.Analyzer.Run(ssaPass)
-	if err != nil {
-		gosec.logger.Printf("Error running SSA analyser on package %q: %s", pkg.Name, err)
+	ssaResult, err := gosec.buildSSA(pkg)
+	if err != nil || ssaResult == nil {
+		gosec.logger.Printf("Error building the SSA representation of the package %q: %s", pkg.Name, err)
 		return
 	}
+
 	resultMap := map[*analysis.Analyzer]interface{}{
 		buildssa.Analyzer: &analyzers.SSAAnalyzerResult{
 			Config: gosec.Config(),
@@ -377,13 +439,44 @@ func (gosec *Analyzer) CheckAnalyzers(pkg *packages.Package) {
 			continue
 		}
 		if result != nil {
-			if aissue, ok := result.(*issue.Issue); ok {
-				gosec.updateIssues(aissue, false, []issue.SuppressionInfo{})
+			if passIssues, ok := result.([]*issue.Issue); ok {
+				for _, iss := range passIssues {
+					gosec.updateIssues(iss)
+				}
 			}
 		}
 	}
 }
 
+// buildSSA runs the SSA pass which builds the SSA representation of the package. It handles gracefully any panic.
+func (gosec *Analyzer) buildSSA(pkg *packages.Package) (interface{}, error) {
+	defer func() {
+		if r := recover(); r != nil {
+			gosec.logger.Printf("Panic when running SSA analyser on package: %s", pkg.Name)
+		}
+	}()
+	ssaPass := &analysis.Pass{
+		Analyzer:          buildssa.Analyzer,
+		Fset:              pkg.Fset,
+		Files:             pkg.Syntax,
+		OtherFiles:        pkg.OtherFiles,
+		IgnoredFiles:      pkg.IgnoredFiles,
+		Pkg:               pkg.Types,
+		TypesInfo:         pkg.TypesInfo,
+		TypesSizes:        pkg.TypesSizes,
+		ResultOf:          nil,
+		Report:            nil,
+		ImportObjectFact:  nil,
+		ExportObjectFact:  nil,
+		ImportPackageFact: nil,
+		ExportPackageFact: nil,
+		AllObjectFacts:    nil,
+		AllPackageFacts:   nil,
+	}
+
+	return ssaPass.Analyzer.Run(ssaPass)
+}
+
 func isGeneratedFile(file *ast.File) bool {
 	for _, comment := range file.Comments {
 		for _, row := range comment.List {
@@ -449,10 +542,17 @@ func (gosec *Analyzer) ignore(n ast.Node) map[string]issue.SuppressionInfo {
 	if groups, ok := gosec.context.Comments[n]; ok && !gosec.ignoreNosec {
 
 		// Checks if an alternative for #nosec is set and, if not, uses the default.
-		noSecDefaultTag := "#nosec"
+		noSecDefaultTag, err := gosec.config.GetGlobal(Nosec)
+		if err != nil {
+			noSecDefaultTag = NoSecTag(string(Nosec))
+		} else {
+			noSecDefaultTag = NoSecTag(noSecDefaultTag)
+		}
 		noSecAlternativeTag, err := gosec.config.GetGlobal(NoSecAlternative)
 		if err != nil {
 			noSecAlternativeTag = noSecDefaultTag
+		} else {
+			noSecAlternativeTag = NoSecTag(noSecAlternativeTag)
 		}
 
 		for _, group := range groups {
@@ -507,11 +607,6 @@ func (gosec *Analyzer) ignore(n ast.Node) map[string]issue.SuppressionInfo {
 // Visit runs the gosec visitor logic over an AST created by parsing go code.
 // Rule methods added with AddRule will be invoked as necessary.
 func (gosec *Analyzer) Visit(n ast.Node) ast.Visitor {
-	ignores, ok := gosec.updateIgnoredRules(n)
-	if !ok {
-		return gosec
-	}
-
 	// Using ast.File instead of ast.ImportSpec, so that we can track all imports at once.
 	switch i := n.(type) {
 	case *ast.File:
@@ -519,56 +614,48 @@ func (gosec *Analyzer) Visit(n ast.Node) ast.Visitor {
 	}
 
 	for _, rule := range gosec.ruleset.RegisteredFor(n) {
-		suppressions, ignored := gosec.updateSuppressions(rule.ID(), ignores)
 		issue, err := rule.Match(n, gosec.context)
 		if err != nil {
 			file, line := GetLocation(n, gosec.context)
 			file = path.Base(file)
 			gosec.logger.Printf("Rule error: %v => %s (%s:%d)\n", reflect.TypeOf(rule), err, file, line)
 		}
-		gosec.updateIssues(issue, ignored, suppressions)
+		gosec.updateIssues(issue)
 	}
 	return gosec
 }
 
-func (gosec *Analyzer) updateIgnoredRules(n ast.Node) (map[string][]issue.SuppressionInfo, bool) {
-	if n == nil {
-		if len(gosec.context.Ignores) > 0 {
-			gosec.context.Ignores = gosec.context.Ignores[1:]
-		}
-		return nil, false
+func (gosec *Analyzer) updateIgnores() {
+	for n := range gosec.context.Comments {
+		gosec.updateIgnoredRulesForNode(n)
 	}
-	// Get any new rule exclusions.
-	ignoredRules := gosec.ignore(n)
+}
 
-	// Now create the union of exclusions.
-	ignores := map[string][]issue.SuppressionInfo{}
-	if len(gosec.context.Ignores) > 0 {
-		for k, v := range gosec.context.Ignores[0] {
-			ignores[k] = v
+func (gosec *Analyzer) updateIgnoredRulesForNode(n ast.Node) {
+	ignoredRules := gosec.ignore(n)
+	if len(ignoredRules) > 0 {
+		if gosec.context.Ignores == nil {
+			gosec.context.Ignores = newIgnores()
 		}
+		line := issue.GetLine(gosec.context.FileSet.File(n.Pos()), n)
+		gosec.context.Ignores.add(
+			gosec.context.FileSet.File(n.Pos()).Name(),
+			line,
+			ignoredRules,
+		)
 	}
-
-	for ruleID, suppression := range ignoredRules {
-		ignores[ruleID] = append(ignores[ruleID], suppression)
-	}
-
-	// Push the new set onto the stack.
-	gosec.context.Ignores = append([]map[string][]issue.SuppressionInfo{ignores}, gosec.context.Ignores...)
-
-	return ignores, true
 }
 
-func (gosec *Analyzer) updateSuppressions(id string, ignores map[string][]issue.SuppressionInfo) ([]issue.SuppressionInfo, bool) {
-	// Check if all rules are ignored.
-	generalSuppressions, generalIgnored := ignores[aliasOfAllRules]
-	// Check if the specific rule is ignored
-	ruleSuppressions, ruleIgnored := ignores[id]
+func (gosec *Analyzer) getSuppressionsAtLineInFile(file string, line string, id string) ([]issue.SuppressionInfo, bool) {
+	ignoredRules := gosec.context.Ignores.get(file, line)
 
+	// Check if the rule was specifically suppressed at this location.
+	generalSuppressions, generalIgnored := ignoredRules[aliasOfAllRules]
+	ruleSuppressions, ruleIgnored := ignoredRules[id]
 	ignored := generalIgnored || ruleIgnored
 	suppressions := append(generalSuppressions, ruleSuppressions...)
 
-	// Track external suppressions.
+	// Track external suppressions of this rule.
 	if gosec.ruleset.IsRuleSuppressed(id) {
 		ignored = true
 		suppressions = append(suppressions, issue.SuppressionInfo{
@@ -579,8 +666,9 @@ func (gosec *Analyzer) updateSuppressions(id string, ignores map[string][]issue.
 	return suppressions, ignored
 }
 
-func (gosec *Analyzer) updateIssues(issue *issue.Issue, ignored bool, suppressions []issue.SuppressionInfo) {
+func (gosec *Analyzer) updateIssues(issue *issue.Issue) {
 	if issue != nil {
+		suppressions, ignored := gosec.getSuppressionsAtLineInFile(issue.File, issue.Line, issue.RuleID)
 		if gosec.showIgnored {
 			issue.NoSec = ignored
 		}
diff --git a/vendor/github.com/securego/gosec/v2/analyzers/slice_bounds.go b/vendor/github.com/securego/gosec/v2/analyzers/slice_bounds.go
new file mode 100644
index 000000000..08a55eb42
--- /dev/null
+++ b/vendor/github.com/securego/gosec/v2/analyzers/slice_bounds.go
@@ -0,0 +1,386 @@
+// (c) Copyright gosec's authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package analyzers
+
+import (
+	"errors"
+	"fmt"
+	"go/token"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/buildssa"
+	"golang.org/x/tools/go/ssa"
+
+	"github.com/securego/gosec/v2/issue"
+)
+
+type bound int
+
+const (
+	lowerUnbounded bound = iota
+	upperUnbounded
+	unbounded
+	upperBounded
+)
+
+const maxDepth = 20
+
+func newSliceBoundsAnalyzer(id string, description string) *analysis.Analyzer {
+	return &analysis.Analyzer{
+		Name:     id,
+		Doc:      description,
+		Run:      runSliceBounds,
+		Requires: []*analysis.Analyzer{buildssa.Analyzer},
+	}
+}
+
+func runSliceBounds(pass *analysis.Pass) (interface{}, error) {
+	ssaResult, err := getSSAResult(pass)
+	if err != nil {
+		return nil, err
+	}
+
+	issues := map[ssa.Instruction]*issue.Issue{}
+	ifs := map[ssa.If]*ssa.BinOp{}
+	for _, mcall := range ssaResult.SSA.SrcFuncs {
+		for _, block := range mcall.DomPreorder() {
+			for _, instr := range block.Instrs {
+				switch instr := instr.(type) {
+				case *ssa.Alloc:
+					sliceCap, err := extractSliceCapFromAlloc(instr.String())
+					if err != nil {
+						break
+					}
+					allocRefs := instr.Referrers()
+					if allocRefs == nil {
+						break
+					}
+					for _, instr := range *allocRefs {
+						if slice, ok := instr.(*ssa.Slice); ok {
+							if _, ok := slice.X.(*ssa.Alloc); ok {
+								if slice.Parent() != nil {
+									l, h := extractSliceBounds(slice)
+									newCap := computeSliceNewCap(l, h, sliceCap)
+									violations := []ssa.Instruction{}
+									trackSliceBounds(0, newCap, slice, &violations, ifs)
+									for _, s := range violations {
+										switch s := s.(type) {
+										case *ssa.Slice:
+											issue := newIssue(
+												pass.Analyzer.Name,
+												"slice bounds out of range",
+												pass.Fset,
+												s.Pos(),
+												issue.Low,
+												issue.High)
+											issues[s] = issue
+										case *ssa.IndexAddr:
+											issue := newIssue(
+												pass.Analyzer.Name,
+												"slice index out of range",
+												pass.Fset,
+												s.Pos(),
+												issue.Low,
+												issue.High)
+											issues[s] = issue
+										}
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+
+	for ifref, binop := range ifs {
+		bound, value, err := extractBinOpBound(binop)
+		if err != nil {
+			continue
+		}
+		for i, block := range ifref.Block().Succs {
+			if i == 1 {
+				bound = invBound(bound)
+			}
+			for _, instr := range block.Instrs {
+				if _, ok := issues[instr]; ok {
+					switch bound {
+					case lowerUnbounded:
+						break
+					case upperUnbounded, unbounded:
+						delete(issues, instr)
+					case upperBounded:
+						switch tinstr := instr.(type) {
+						case *ssa.Slice:
+							lower, upper := extractSliceBounds(tinstr)
+							if isSliceInsideBounds(0, value, lower, upper) {
+								delete(issues, instr)
+							}
+						case *ssa.IndexAddr:
+							indexValue, err := extractIntValue(tinstr.Index.String())
+							if err != nil {
+								break
+							}
+							if isSliceIndexInsideBounds(0, value, indexValue) {
+								delete(issues, instr)
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+
+	foundIssues := []*issue.Issue{}
+	for _, issue := range issues {
+		foundIssues = append(foundIssues, issue)
+	}
+	if len(foundIssues) > 0 {
+		return foundIssues, nil
+	}
+	return nil, nil
+}
+
+func trackSliceBounds(depth int, sliceCap int, slice ssa.Node, violations *[]ssa.Instruction, ifs map[ssa.If]*ssa.BinOp) {
+	if depth == maxDepth {
+		return
+	}
+	depth++
+	if violations == nil {
+		violations = &[]ssa.Instruction{}
+	}
+	referrers := slice.Referrers()
+	if referrers != nil {
+		for _, refinstr := range *referrers {
+			switch refinstr := refinstr.(type) {
+			case *ssa.Slice:
+				checkAllSlicesBounds(depth, sliceCap, refinstr, violations, ifs)
+				switch refinstr.X.(type) {
+				case *ssa.Alloc, *ssa.Parameter:
+					l, h := extractSliceBounds(refinstr)
+					newCap := computeSliceNewCap(l, h, sliceCap)
+					trackSliceBounds(depth, newCap, refinstr, violations, ifs)
+				}
+			case *ssa.IndexAddr:
+				indexValue, err := extractIntValue(refinstr.Index.String())
+				if err == nil && !isSliceIndexInsideBounds(0, sliceCap, indexValue) {
+					*violations = append(*violations, refinstr)
+				}
+			case *ssa.Call:
+				if ifref, cond := extractSliceIfLenCondition(refinstr); ifref != nil && cond != nil {
+					ifs[*ifref] = cond
+				} else {
+					parPos := -1
+					for pos, arg := range refinstr.Call.Args {
+						if a, ok := arg.(*ssa.Slice); ok && a == slice {
+							parPos = pos
+						}
+					}
+					if fn, ok := refinstr.Call.Value.(*ssa.Function); ok {
+						if len(fn.Params) > parPos && parPos > -1 {
+							param := fn.Params[parPos]
+							trackSliceBounds(depth, sliceCap, param, violations, ifs)
+						}
+					}
+				}
+			}
+		}
+	}
+}
+
+func checkAllSlicesBounds(depth int, sliceCap int, slice *ssa.Slice, violations *[]ssa.Instruction, ifs map[ssa.If]*ssa.BinOp) {
+	if depth == maxDepth {
+		return
+	}
+	depth++
+	if violations == nil {
+		violations = &[]ssa.Instruction{}
+	}
+	sliceLow, sliceHigh := extractSliceBounds(slice)
+	if !isSliceInsideBounds(0, sliceCap, sliceLow, sliceHigh) {
+		*violations = append(*violations, slice)
+	}
+	switch slice.X.(type) {
+	case *ssa.Alloc, *ssa.Parameter, *ssa.Slice:
+		l, h := extractSliceBounds(slice)
+		newCap := computeSliceNewCap(l, h, sliceCap)
+		trackSliceBounds(depth, newCap, slice, violations, ifs)
+	}
+
+	references := slice.Referrers()
+	if references == nil {
+		return
+	}
+	for _, ref := range *references {
+		switch s := ref.(type) {
+		case *ssa.Slice:
+			checkAllSlicesBounds(depth, sliceCap, s, violations, ifs)
+			switch s.X.(type) {
+			case *ssa.Alloc, *ssa.Parameter:
+				l, h := extractSliceBounds(s)
+				newCap := computeSliceNewCap(l, h, sliceCap)
+				trackSliceBounds(depth, newCap, s, violations, ifs)
+			}
+		}
+	}
+}
+
+func extractSliceIfLenCondition(call *ssa.Call) (*ssa.If, *ssa.BinOp) {
+	if builtInLen, ok := call.Call.Value.(*ssa.Builtin); ok {
+		if builtInLen.Name() == "len" {
+			refs := call.Referrers()
+			if refs != nil {
+				for _, ref := range *refs {
+					if binop, ok := ref.(*ssa.BinOp); ok {
+						binoprefs := binop.Referrers()
+						for _, ref := range *binoprefs {
+							if ifref, ok := ref.(*ssa.If); ok {
+								return ifref, binop
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+	return nil, nil
+}
+
+func computeSliceNewCap(l, h, oldCap int) int {
+	if l == 0 && h == 0 {
+		return oldCap
+	}
+	if l > 0 && h == 0 {
+		return oldCap - l
+	}
+	if l == 0 && h > 0 {
+		return h
+	}
+	return h - l
+}
+
+func invBound(bound bound) bound {
+	switch bound {
+	case lowerUnbounded:
+		return upperUnbounded
+	case upperUnbounded:
+		return lowerUnbounded
+	case upperBounded:
+		return unbounded
+	case unbounded:
+		return upperBounded
+	default:
+		return unbounded
+	}
+}
+
+func extractBinOpBound(binop *ssa.BinOp) (bound, int, error) {
+	if binop.X != nil {
+		if x, ok := binop.X.(*ssa.Const); ok {
+			value, err := strconv.Atoi(x.Value.String())
+			if err != nil {
+				return lowerUnbounded, value, err
+			}
+			switch binop.Op {
+			case token.LSS, token.LEQ:
+				return upperUnbounded, value, nil
+			case token.GTR, token.GEQ:
+				return lowerUnbounded, value, nil
+			case token.EQL:
+				return upperBounded, value, nil
+			case token.NEQ:
+				return unbounded, value, nil
+			}
+		}
+	}
+	if binop.Y != nil {
+		if y, ok := binop.Y.(*ssa.Const); ok {
+			value, err := strconv.Atoi(y.Value.String())
+			if err != nil {
+				return lowerUnbounded, value, err
+			}
+			switch binop.Op {
+			case token.LSS, token.LEQ:
+				return lowerUnbounded, value, nil
+			case token.GTR, token.GEQ:
+				return upperUnbounded, value, nil
+			case token.EQL:
+				return upperBounded, value, nil
+			case token.NEQ:
+				return unbounded, value, nil
+			}
+		}
+	}
+	return lowerUnbounded, 0, fmt.Errorf("unable to extract constant from binop")
+}
+
+func isSliceIndexInsideBounds(l, h int, index int) bool {
+	return (l <= index && index < h)
+}
+
+func isSliceInsideBounds(l, h int, cl, ch int) bool {
+	return (l <= cl && h >= ch) && (l <= ch && h >= cl)
+}
+
+func extractSliceBounds(slice *ssa.Slice) (int, int) {
+	var low int
+	if slice.Low != nil {
+		l, err := extractIntValue(slice.Low.String())
+		if err == nil {
+			low = l
+		}
+	}
+	var high int
+	if slice.High != nil {
+		h, err := extractIntValue(slice.High.String())
+		if err == nil {
+			high = h
+		}
+	}
+	return low, high
+}
+
+func extractIntValue(value string) (int, error) {
+	parts := strings.Split(value, ":")
+	if len(parts) != 2 {
+		return 0, fmt.Errorf("invalid value: %s", value)
+	}
+	if parts[1] != "int" {
+		return 0, fmt.Errorf("invalid value: %s", value)
+	}
+	return strconv.Atoi(parts[0])
+}
+
+func extractSliceCapFromAlloc(instr string) (int, error) {
+	re := regexp.MustCompile(`new \[(\d+)\]*`)
+	var sliceCap int
+	matches := re.FindAllStringSubmatch(instr, -1)
+	if matches == nil {
+		return sliceCap, errors.New("no slice cap found")
+	}
+
+	if len(matches) > 0 {
+		m := matches[0]
+		if len(m) > 1 {
+			return strconv.Atoi(m[1])
+		}
+	}
+
+	return 0, errors.New("no slice cap found")
+}
diff --git a/vendor/github.com/securego/gosec/v2/analyzers/ssrf.go b/vendor/github.com/securego/gosec/v2/analyzers/ssrf.go
deleted file mode 100644
index a9dbd9500..000000000
--- a/vendor/github.com/securego/gosec/v2/analyzers/ssrf.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// (c) Copyright gosec's authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package analyzers
-
-import (
-	"golang.org/x/tools/go/analysis"
-	"golang.org/x/tools/go/analysis/passes/buildssa"
-	"golang.org/x/tools/go/ssa"
-
-	"github.com/securego/gosec/v2/issue"
-)
-
-func newSSRFAnalyzer(id string, description string) *analysis.Analyzer {
-	return &analysis.Analyzer{
-		Name:     id,
-		Doc:      description,
-		Run:      runSSRF,
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-	}
-}
-
-func runSSRF(pass *analysis.Pass) (interface{}, error) {
-	ssaResult, err := getSSAResult(pass)
-	if err != nil {
-		return nil, err
-	}
-	// TODO: implement the analysis
-	for _, fn := range ssaResult.SSA.SrcFuncs {
-		for _, block := range fn.DomPreorder() {
-			for _, instr := range block.Instrs {
-				switch instr := instr.(type) {
-				case *ssa.Call:
-					callee := instr.Call.StaticCallee()
-					if callee != nil {
-						ssaResult.Logger.Printf("callee: %s\n", callee)
-						return newIssue(pass.Analyzer.Name,
-							"not implemeted",
-							pass.Fset, instr.Call.Pos(), issue.Low, issue.High), nil
-					}
-				}
-			}
-		}
-	}
-	return nil, nil
-}
diff --git a/vendor/github.com/securego/gosec/v2/analyzers/util.go b/vendor/github.com/securego/gosec/v2/analyzers/util.go
index b090a3e45..5941184aa 100644
--- a/vendor/github.com/securego/gosec/v2/analyzers/util.go
+++ b/vendor/github.com/securego/gosec/v2/analyzers/util.go
@@ -28,7 +28,7 @@ import (
 )
 
 // SSAAnalyzerResult contains various information returned by the
-// SSA analysis along with some configuraion
+// SSA analysis along with some configuration
 type SSAAnalyzerResult struct {
 	Config map[string]interface{}
 	Logger *log.Logger
@@ -38,11 +38,11 @@ type SSAAnalyzerResult struct {
 // BuildDefaultAnalyzers returns the default list of analyzers
 func BuildDefaultAnalyzers() []*analysis.Analyzer {
 	return []*analysis.Analyzer{
-		newSSRFAnalyzer("G107", "URL provided to HTTP request as taint input"),
+		newSliceBoundsAnalyzer("G602", "Possible slice bounds out of range"),
 	}
 }
 
-// getSSAResult retrives the SSA result from analysis pass
+// getSSAResult retrieves the SSA result from analysis pass
 func getSSAResult(pass *analysis.Pass) (*SSAAnalyzerResult, error) {
 	result, ok := pass.ResultOf[buildssa.Analyzer]
 	if !ok {
diff --git a/vendor/github.com/securego/gosec/v2/config.go b/vendor/github.com/securego/gosec/v2/config.go
index ca4cf2175..9cbb7a713 100644
--- a/vendor/github.com/securego/gosec/v2/config.go
+++ b/vendor/github.com/securego/gosec/v2/config.go
@@ -33,6 +33,11 @@ const (
 	SSA GlobalOption = "ssa"
 )
 
+// NoSecTag returns the tag used to disable gosec for a line of code.
+func NoSecTag(tag string) string {
+	return fmt.Sprintf("%s%s", "#", tag)
+}
+
 // Config is used to provide configuration and customization to each of the rules.
 type Config map[string]interface{}
 
diff --git a/vendor/github.com/securego/gosec/v2/cwe/data.go b/vendor/github.com/securego/gosec/v2/cwe/data.go
index ff1ad3c7d..79a6b9d23 100644
--- a/vendor/github.com/securego/gosec/v2/cwe/data.go
+++ b/vendor/github.com/securego/gosec/v2/cwe/data.go
@@ -1,7 +1,5 @@
 package cwe
 
-import "fmt"
-
 const (
 	// Acronym is the acronym of CWE
 	Acronym = "CWE"
@@ -13,139 +11,128 @@ const (
 	Organization = "MITRE"
 	// Description the description of CWE
 	Description = "The MITRE Common Weakness Enumeration"
-)
-
-var (
 	// InformationURI link to the published CWE PDF
-	InformationURI = fmt.Sprintf("https://cwe.mitre.org/data/published/cwe_v%s.pdf/", Version)
+	InformationURI = "https://cwe.mitre.org/data/published/cwe_v" + Version + ".pdf/"
 	// DownloadURI link to the zipped XML of the CWE list
-	DownloadURI = fmt.Sprintf("https://cwe.mitre.org/data/xml/cwec_v%s.xml.zip", Version)
-
-	data = map[string]*Weakness{}
-
-	weaknesses = []*Weakness{
-		{
-			ID:          "118",
-			Description: "The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.",
-			Name:        "Incorrect Access of Indexable Resource ('Range Error')",
-		},
-		{
-			ID:          "190",
-			Description: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",
-			Name:        "Integer Overflow or Wraparound",
-		},
-		{
-			ID:          "200",
-			Description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
-			Name:        "Exposure of Sensitive Information to an Unauthorized Actor",
-		},
-		{
-			ID:          "22",
-			Description: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
-			Name:        "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
-		},
-		{
-			ID:          "242",
-			Description: "The program calls a function that can never be guaranteed to work safely.",
-			Name:        "Use of Inherently Dangerous Function",
-		},
-		{
-			ID:          "276",
-			Description: "During installation, installed file permissions are set to allow anyone to modify those files.",
-			Name:        "Incorrect Default Permissions",
-		},
-		{
-			ID:          "295",
-			Description: "The software does not validate, or incorrectly validates, a certificate.",
-			Name:        "Improper Certificate Validation",
-		},
-		{
-			ID:          "310",
-			Description: "Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.",
-			Name:        "Cryptographic Issues",
-		},
-		{
-			ID:          "322",
-			Description: "The software performs a key exchange with an actor without verifying the identity of that actor.",
-			Name:        "Key Exchange without Entity Authentication",
-		},
-		{
-			ID:          "326",
-			Description: "The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",
-			Name:        "Inadequate Encryption Strength",
-		},
-		{
-			ID:          "327",
-			Description: "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.",
-			Name:        "Use of a Broken or Risky Cryptographic Algorithm",
-		},
-		{
-			ID:          "338",
-			Description: "The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.",
-			Name:        "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
-		},
-		{
-			ID:          "377",
-			Description: "Creating and using insecure temporary files can leave application and system data vulnerable to attack.",
-			Name:        "Insecure Temporary File",
-		},
-		{
-			ID:          "400",
-			Description: "The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
-			Name:        "Uncontrolled Resource Consumption",
-		},
-		{
-			ID:          "409",
-			Description: "The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.",
-			Name:        "Improper Handling of Highly Compressed Data (Data Amplification)",
-		},
-		{
-			ID:          "703",
-			Description: "The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.",
-			Name:        "Improper Check or Handling of Exceptional Conditions",
-		},
-		{
-			ID:          "78",
-			Description: "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
-			Name:        "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
-		},
-		{
-			ID:          "79",
-			Description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
-			Name:        "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
-		},
-		{
-			ID:          "798",
-			Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",
-			Name:        "Use of Hard-coded Credentials",
-		},
-		{
-			ID:          "88",
-			Description: "The software constructs a string for a command to executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.",
-			Name:        "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
-		},
-		{
-			ID:          "89",
-			Description: "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
-			Name:        "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
-		},
-		{
-			ID:          "676",
-			Description: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.",
-			Name:        "Use of Potentially Dangerous Function",
-		},
-	}
+	DownloadURI = "https://cwe.mitre.org/data/xml/cwec_v" + Version + ".xml.zip"
 )
 
-func init() {
-	for _, weakness := range weaknesses {
-		data[weakness.ID] = weakness
-	}
+var idWeaknesses = map[string]*Weakness{
+	"118": {
+		ID:          "118",
+		Description: "The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.",
+		Name:        "Incorrect Access of Indexable Resource ('Range Error')",
+	},
+	"190": {
+		ID:          "190",
+		Description: "The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.",
+		Name:        "Integer Overflow or Wraparound",
+	},
+	"200": {
+		ID:          "200",
+		Description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
+		Name:        "Exposure of Sensitive Information to an Unauthorized Actor",
+	},
+	"22": {
+		ID:          "22",
+		Description: "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.",
+		Name:        "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+	},
+	"242": {
+		ID:          "242",
+		Description: "The program calls a function that can never be guaranteed to work safely.",
+		Name:        "Use of Inherently Dangerous Function",
+	},
+	"276": {
+		ID:          "276",
+		Description: "During installation, installed file permissions are set to allow anyone to modify those files.",
+		Name:        "Incorrect Default Permissions",
+	},
+	"295": {
+		ID:          "295",
+		Description: "The software does not validate, or incorrectly validates, a certificate.",
+		Name:        "Improper Certificate Validation",
+	},
+	"310": {
+		ID:          "310",
+		Description: "Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.",
+		Name:        "Cryptographic Issues",
+	},
+	"322": {
+		ID:          "322",
+		Description: "The software performs a key exchange with an actor without verifying the identity of that actor.",
+		Name:        "Key Exchange without Entity Authentication",
+	},
+	"326": {
+		ID:          "326",
+		Description: "The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.",
+		Name:        "Inadequate Encryption Strength",
+	},
+	"327": {
+		ID:          "327",
+		Description: "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.",
+		Name:        "Use of a Broken or Risky Cryptographic Algorithm",
+	},
+	"338": {
+		ID:          "338",
+		Description: "The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.",
+		Name:        "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
+	},
+	"377": {
+		ID:          "377",
+		Description: "Creating and using insecure temporary files can leave application and system data vulnerable to attack.",
+		Name:        "Insecure Temporary File",
+	},
+	"400": {
+		ID:          "400",
+		Description: "The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
+		Name:        "Uncontrolled Resource Consumption",
+	},
+	"409": {
+		ID:          "409",
+		Description: "The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.",
+		Name:        "Improper Handling of Highly Compressed Data (Data Amplification)",
+	},
+	"703": {
+		ID:          "703",
+		Description: "The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.",
+		Name:        "Improper Check or Handling of Exceptional Conditions",
+	},
+	"78": {
+		ID:          "78",
+		Description: "The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.",
+		Name:        "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+	},
+	"79": {
+		ID:          "79",
+		Description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
+		Name:        "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+	},
+	"798": {
+		ID:          "798",
+		Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.",
+		Name:        "Use of Hard-coded Credentials",
+	},
+	"88": {
+		ID:          "88",
+		Description: "The software constructs a string for a command to executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.",
+		Name:        "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
+	},
+	"89": {
+		ID:          "89",
+		Description: "The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.",
+		Name:        "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
+	},
+	"676": {
+		ID:          "676",
+		Description: "The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.",
+		Name:        "Use of Potentially Dangerous Function",
+	},
 }
 
 // Get Retrieves a CWE weakness by it's id
 func Get(id string) *Weakness {
-	weakness, ok := data[id]
+	weakness, ok := idWeaknesses[id]
 	if ok && weakness != nil {
 		return weakness
 	}
diff --git a/vendor/github.com/securego/gosec/v2/helpers.go b/vendor/github.com/securego/gosec/v2/helpers.go
index 08b7893eb..15b2b5f3a 100644
--- a/vendor/github.com/securego/gosec/v2/helpers.go
+++ b/vendor/github.com/securego/gosec/v2/helpers.go
@@ -96,11 +96,46 @@ func GetChar(n ast.Node) (byte, error) {
 	return 0, fmt.Errorf("Unexpected AST node type: %T", n)
 }
 
+// GetStringRecursive will recursively walk down a tree of *ast.BinaryExpr. It will then concat the results, and return.
+// Unlike the other getters, it does _not_ raise an error for unknown ast.Node types. At the base, the recursion will hit a non-BinaryExpr type,
+// either BasicLit or other, so it's not an error case. It will only error if `strconv.Unquote` errors. This matters, because there's
+// currently functionality that relies on error values being returned by GetString if and when it hits a non-basiclit string node type,
+// hence for cases where recursion is needed, we use this separate function, so that we can still be backwards compatible.
+//
+// This was added to handle a SQL injection concatenation case where the injected value is infixed between two strings, not at the start or end. See example below
+//
+// Do note that this will omit non-string values. So for example, if you were to use this node:
+// ```go
+// q := "SELECT * FROM foo WHERE name = '" + os.Args[0] + "' AND 1=1" // will result in "SELECT * FROM foo WHERE ” AND 1=1"
+
+func GetStringRecursive(n ast.Node) (string, error) {
+	if node, ok := n.(*ast.BasicLit); ok && node.Kind == token.STRING {
+		return strconv.Unquote(node.Value)
+	}
+
+	if expr, ok := n.(*ast.BinaryExpr); ok {
+		x, err := GetStringRecursive(expr.X)
+		if err != nil {
+			return "", err
+		}
+
+		y, err := GetStringRecursive(expr.Y)
+		if err != nil {
+			return "", err
+		}
+
+		return x + y, nil
+	}
+
+	return "", nil
+}
+
 // GetString will read and return a string value from an ast.BasicLit
 func GetString(n ast.Node) (string, error) {
 	if node, ok := n.(*ast.BasicLit); ok && node.Kind == token.STRING {
 		return strconv.Unquote(node.Value)
 	}
+
 	return "", fmt.Errorf("Unexpected AST node type: %T", n)
 }
 
@@ -148,7 +183,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) {
 			case *ast.CallExpr:
 				switch call := expr.Fun.(type) {
 				case *ast.Ident:
-					if call.Name == "new" {
+					if call.Name == "new" && len(expr.Args) > 0 {
 						t := ctx.Info.TypeOf(expr.Args[0])
 						if t != nil {
 							return t.String(), fn.Sel.Name, nil
@@ -201,22 +236,21 @@ func GetCallStringArgsValues(n ast.Node, _ *Context) []string {
 	return values
 }
 
-// GetIdentStringValues return the string values of an Ident if they can be resolved
-func GetIdentStringValues(ident *ast.Ident) []string {
+func getIdentStringValues(ident *ast.Ident, stringFinder func(ast.Node) (string, error)) []string {
 	values := []string{}
 	obj := ident.Obj
 	if obj != nil {
 		switch decl := obj.Decl.(type) {
 		case *ast.ValueSpec:
 			for _, v := range decl.Values {
-				value, err := GetString(v)
+				value, err := stringFinder(v)
 				if err == nil {
 					values = append(values, value)
 				}
 			}
 		case *ast.AssignStmt:
 			for _, v := range decl.Rhs {
-				value, err := GetString(v)
+				value, err := stringFinder(v)
 				if err == nil {
 					values = append(values, value)
 				}
@@ -226,6 +260,18 @@ func GetIdentStringValues(ident *ast.Ident) []string {
 	return values
 }
 
+// getIdentStringRecursive returns the string of values of an Ident if they can be resolved
+// The difference between this and GetIdentStringValues is that it will attempt to resolve the strings recursively,
+// if it is passed a *ast.BinaryExpr. See GetStringRecursive for details
+func GetIdentStringValuesRecursive(ident *ast.Ident) []string {
+	return getIdentStringValues(ident, GetStringRecursive)
+}
+
+// GetIdentStringValues return the string values of an Ident if they can be resolved
+func GetIdentStringValues(ident *ast.Ident) []string {
+	return getIdentStringValues(ident, GetString)
+}
+
 // GetBinaryExprOperands returns all operands of a binary expression by traversing
 // the expression tree
 func GetBinaryExprOperands(be *ast.BinaryExpr) []ast.Node {
@@ -301,7 +347,7 @@ func Getenv(key, userDefault string) string {
 	return userDefault
 }
 
-// GetPkgRelativePath returns the Go relative relative path derived
+// GetPkgRelativePath returns the Go relative path derived
 // form the given path
 func GetPkgRelativePath(path string) (string, error) {
 	abspath, err := filepath.Abs(path)
diff --git a/vendor/github.com/securego/gosec/v2/issue/issue.go b/vendor/github.com/securego/gosec/v2/issue/issue.go
index 5bf00dec2..1000b2042 100644
--- a/vendor/github.com/securego/gosec/v2/issue/issue.go
+++ b/vendor/github.com/securego/gosec/v2/issue/issue.go
@@ -87,6 +87,7 @@ var ruleToCWE = map[string]string{
 	"G504": "327",
 	"G505": "327",
 	"G601": "118",
+	"G602": "118",
 }
 
 // Issue is returned by a gosec rule if it discovers an issue with the scanned code.
@@ -177,11 +178,7 @@ func codeSnippetEndLine(node ast.Node, fobj *token.File) int64 {
 // New creates a new Issue
 func New(fobj *token.File, node ast.Node, ruleID, desc string, severity, confidence Score) *Issue {
 	name := fobj.Name()
-	start, end := fobj.Line(node.Pos()), fobj.Line(node.End())
-	line := strconv.Itoa(start)
-	if start != end {
-		line = fmt.Sprintf("%d-%d", start, end)
-	}
+	line := GetLine(fobj, node)
 	col := strconv.Itoa(fobj.Position(node.Pos()).Column)
 
 	var code string
@@ -216,3 +213,13 @@ func (i *Issue) WithSuppressions(suppressions []SuppressionInfo) *Issue {
 	i.Suppressions = suppressions
 	return i
 }
+
+// GetLine returns the line number of a given ast.Node
+func GetLine(fobj *token.File, node ast.Node) string {
+	start, end := fobj.Line(node.Pos()), fobj.Line(node.End())
+	line := strconv.Itoa(start)
+	if start != end {
+		line = fmt.Sprintf("%d-%d", start, end)
+	}
+	return line
+}
diff --git a/vendor/github.com/securego/gosec/v2/rule.go b/vendor/github.com/securego/gosec/v2/rule.go
index 5e973b6ac..490a25da0 100644
--- a/vendor/github.com/securego/gosec/v2/rule.go
+++ b/vendor/github.com/securego/gosec/v2/rule.go
@@ -43,7 +43,7 @@ func NewRuleSet() RuleSet {
 	return RuleSet{make(map[reflect.Type][]Rule), make(map[string]bool)}
 }
 
-// Register adds a trigger for the supplied rule for the the
+// Register adds a trigger for the supplied rule for the
 // specified ast nodes.
 func (r RuleSet) Register(rule Rule, isSuppressed bool, nodes ...ast.Node) {
 	for _, n := range nodes {
diff --git a/vendor/github.com/securego/gosec/v2/rules/fileperms.go b/vendor/github.com/securego/gosec/v2/rules/fileperms.go
index 0376b6a03..5311f74c6 100644
--- a/vendor/github.com/securego/gosec/v2/rules/fileperms.go
+++ b/vendor/github.com/securego/gosec/v2/rules/fileperms.go
@@ -30,6 +30,7 @@ type filePermissions struct {
 	calls []string
 }
 
+// ID returns the ID of the rule.
 func (r *filePermissions) ID() string {
 	return r.MetaData.ID
 }
@@ -55,6 +56,7 @@ func modeIsSubset(subset int64, superset int64) bool {
 	return (subset | superset) == superset
 }
 
+// Match checks if the rule is matched.
 func (r *filePermissions) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 	for _, pkg := range r.pkgs {
 		if callexpr, matched := gosec.MatchCallByPackage(n, c, pkg, r.calls...); matched {
@@ -116,3 +118,47 @@ func NewMkdirPerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 		},
 	}, []ast.Node{(*ast.CallExpr)(nil)}
 }
+
+type osCreatePermissions struct {
+	issue.MetaData
+	mode  int64
+	pkgs  []string
+	calls []string
+}
+
+const defaultOsCreateMode = 0o666
+
+// ID returns the ID of the rule.
+func (r *osCreatePermissions) ID() string {
+	return r.MetaData.ID
+}
+
+// Match checks if the rule is matched.
+func (r *osCreatePermissions) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
+	for _, pkg := range r.pkgs {
+		if _, matched := gosec.MatchCallByPackage(n, c, pkg, r.calls...); matched {
+			if !modeIsSubset(defaultOsCreateMode, r.mode) {
+				return c.NewIssue(n, r.ID(), r.What, r.Severity, r.Confidence), nil
+			}
+		}
+	}
+	return nil, nil
+}
+
+// NewOsCreatePerms reates a rule to detect file creation with a more permissive than configured
+// permission mask.
+func NewOsCreatePerms(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+	mode := getConfiguredMode(conf, id, 0o666)
+	return &osCreatePermissions{
+		mode:  mode,
+		pkgs:  []string{"os"},
+		calls: []string{"Create"},
+		MetaData: issue.MetaData{
+			ID:         id,
+			Severity:   issue.Medium,
+			Confidence: issue.High,
+			What: fmt.Sprintf("Expect file permissions to be %#o or less but os.Create used with default permissions %#o",
+				mode, defaultOsCreateMode),
+		},
+	}, []ast.Node{(*ast.CallExpr)(nil)}
+}
diff --git a/vendor/github.com/securego/gosec/v2/rules/hardcoded_credentials.go b/vendor/github.com/securego/gosec/v2/rules/hardcoded_credentials.go
index eac50d7c9..ed1fb947d 100644
--- a/vendor/github.com/securego/gosec/v2/rules/hardcoded_credentials.go
+++ b/vendor/github.com/securego/gosec/v2/rules/hardcoded_credentials.go
@@ -15,17 +15,178 @@
 package rules
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
 	"regexp"
 	"strconv"
 
-	zxcvbn "github.com/nbutton23/zxcvbn-go"
+	zxcvbn "github.com/ccojocar/zxcvbn-go"
 
 	"github.com/securego/gosec/v2"
 	"github.com/securego/gosec/v2/issue"
 )
 
+type secretPattern struct {
+	name   string
+	regexp *regexp.Regexp
+}
+
+var secretsPatterns = [...]secretPattern{
+	{
+		name:   "RSA private key",
+		regexp: regexp.MustCompile(`-----BEGIN RSA PRIVATE KEY-----`),
+	},
+	{
+		name:   "SSH (DSA) private key",
+		regexp: regexp.MustCompile(`-----BEGIN DSA PRIVATE KEY-----`),
+	},
+	{
+		name:   "SSH (EC) private key",
+		regexp: regexp.MustCompile(`-----BEGIN EC PRIVATE KEY-----`),
+	},
+	{
+		name:   "PGP private key block",
+		regexp: regexp.MustCompile(`-----BEGIN PGP PRIVATE KEY BLOCK-----`),
+	},
+	{
+		name:   "Slack Token",
+		regexp: regexp.MustCompile(`xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}`),
+	},
+	{
+		name:   "AWS API Key",
+		regexp: regexp.MustCompile(`AKIA[0-9A-Z]{16}`),
+	},
+	{
+		name:   "Amazon MWS Auth Token",
+		regexp: regexp.MustCompile(`amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`),
+	},
+	{
+		name:   "AWS AppSync GraphQL Key",
+		regexp: regexp.MustCompile(`da2-[a-z0-9]{26}`),
+	},
+	{
+		name:   "GitHub personal access token",
+		regexp: regexp.MustCompile(`ghp_[a-zA-Z0-9]{36}`),
+	},
+	{
+		name:   "GitHub fine-grained access token",
+		regexp: regexp.MustCompile(`github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}`),
+	},
+	{
+		name:   "GitHub action temporary token",
+		regexp: regexp.MustCompile(`ghs_[a-zA-Z0-9]{36}`),
+	},
+	{
+		name:   "Google API Key",
+		regexp: regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`),
+	},
+	{
+		name:   "Google Cloud Platform API Key",
+		regexp: regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`),
+	},
+	{
+		name:   "Google Cloud Platform OAuth",
+		regexp: regexp.MustCompile(`[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com`),
+	},
+	{
+		name:   "Google Drive API Key",
+		regexp: regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`),
+	},
+	{
+		name:   "Google Drive OAuth",
+		regexp: regexp.MustCompile(`[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com`),
+	},
+	{
+		name:   "Google (GCP) Service-account",
+		regexp: regexp.MustCompile(`"type": "service_account"`),
+	},
+	{
+		name:   "Google Gmail API Key",
+		regexp: regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`),
+	},
+	{
+		name:   "Google Gmail OAuth",
+		regexp: regexp.MustCompile(`[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com`),
+	},
+	{
+		name:   "Google OAuth Access Token",
+		regexp: regexp.MustCompile(`ya29\.[0-9A-Za-z\-_]+`),
+	},
+	{
+		name:   "Google YouTube API Key",
+		regexp: regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`),
+	},
+	{
+		name:   "Google YouTube OAuth",
+		regexp: regexp.MustCompile(`[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com`),
+	},
+	{
+		name:   "Generic API Key",
+		regexp: regexp.MustCompile(`[aA][pP][iI]_?[kK][eE][yY].*[''|"][0-9a-zA-Z]{32,45}[''|"]`),
+	},
+	{
+		name:   "Generic Secret",
+		regexp: regexp.MustCompile(`[sS][eE][cC][rR][eE][tT].*[''|"][0-9a-zA-Z]{32,45}[''|"]`),
+	},
+	{
+		name:   "Heroku API Key",
+		regexp: regexp.MustCompile(`[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}`),
+	},
+	{
+		name:   "MailChimp API Key",
+		regexp: regexp.MustCompile(`[0-9a-f]{32}-us[0-9]{1,2}`),
+	},
+	{
+		name:   "Mailgun API Key",
+		regexp: regexp.MustCompile(`key-[0-9a-zA-Z]{32}`),
+	},
+	{
+		name:   "Password in URL",
+		regexp: regexp.MustCompile(`[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}["'\\s]`),
+	},
+	{
+		name:   "Slack Webhook",
+		regexp: regexp.MustCompile(`https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}`),
+	},
+	{
+		name:   "Stripe API Key",
+		regexp: regexp.MustCompile(`sk_live_[0-9a-zA-Z]{24}`),
+	},
+	{
+		name:   "Stripe API Key",
+		regexp: regexp.MustCompile(`sk_live_[0-9a-zA-Z]{24}`),
+	},
+	{
+		name:   "Stripe Restricted API Key",
+		regexp: regexp.MustCompile(`rk_live_[0-9a-zA-Z]{24}`),
+	},
+	{
+		name:   "Square Access Token",
+		regexp: regexp.MustCompile(`sq0atp-[0-9A-Za-z\-_]{22}`),
+	},
+	{
+		name:   "Square OAuth Secret",
+		regexp: regexp.MustCompile(`sq0csp-[0-9A-Za-z\-_]{43}`),
+	},
+	{
+		name:   "Telegram Bot API Key",
+		regexp: regexp.MustCompile(`[0-9]+:AA[0-9A-Za-z\-_]{33}`),
+	},
+	{
+		name:   "Twilio API Key",
+		regexp: regexp.MustCompile(`SK[0-9a-fA-F]{32}`),
+	},
+	{
+		name:   "Twitter Access Token",
+		regexp: regexp.MustCompile(`[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}`),
+	},
+	{
+		name:   "Twitter OAuth",
+		regexp: regexp.MustCompile(`[tT][wW][iI][tT][tT][eE][rR].*[''|"][0-9a-zA-Z]{35,44}[''|"]`),
+	},
+}
+
 type credentials struct {
 	issue.MetaData
 	pattern          *regexp.Regexp
@@ -55,6 +216,15 @@ func (r *credentials) isHighEntropyString(str string) bool {
 			entropyPerChar >= r.perCharThreshold))
 }
 
+func (r *credentials) isSecretPattern(str string) (bool, string) {
+	for _, pattern := range secretsPatterns {
+		if pattern.regexp.MatchString(str) {
+			return true, pattern.name
+		}
+	}
+	return false, ""
+}
+
 func (r *credentials) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error) {
 	switch node := n.(type) {
 	case *ast.AssignStmt:
@@ -70,6 +240,7 @@ func (r *credentials) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error
 func (r *credentials) matchAssign(assign *ast.AssignStmt, ctx *gosec.Context) (*issue.Issue, error) {
 	for _, i := range assign.Lhs {
 		if ident, ok := i.(*ast.Ident); ok {
+			// First check LHS to find anything being assigned to variables whose name appears to be a cred
 			if r.pattern.MatchString(ident.Name) {
 				for _, e := range assign.Rhs {
 					if val, err := gosec.GetString(e); err == nil {
@@ -79,12 +250,28 @@ func (r *credentials) matchAssign(assign *ast.AssignStmt, ctx *gosec.Context) (*
 					}
 				}
 			}
+
+			// Now that no names were matched, match the RHS to see if the actual values being assigned are creds
+			for _, e := range assign.Rhs {
+				val, err := gosec.GetString(e)
+				if err != nil {
+					continue
+				}
+
+				if r.ignoreEntropy || r.isHighEntropyString(val) {
+					if ok, patternName := r.isSecretPattern(val); ok {
+						return ctx.NewIssue(assign, r.ID(), fmt.Sprintf("%s: %s", r.What, patternName), r.Severity, r.Confidence), nil
+					}
+				}
+			}
 		}
 	}
 	return nil, nil
 }
 
 func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gosec.Context) (*issue.Issue, error) {
+	// Running match against the variable name(s) first. Will catch any creds whose var name matches the pattern,
+	// then will go back over to check the values themselves.
 	for index, ident := range valueSpec.Names {
 		if r.pattern.MatchString(ident.Name) && valueSpec.Values != nil {
 			// const foo, bar = "same value"
@@ -98,6 +285,18 @@ func (r *credentials) matchValueSpec(valueSpec *ast.ValueSpec, ctx *gosec.Contex
 			}
 		}
 	}
+
+	// Now that no variable names have been matched, match the actual values to find any creds
+	for _, ident := range valueSpec.Values {
+		if val, err := gosec.GetString(ident); err == nil {
+			if r.ignoreEntropy || r.isHighEntropyString(val) {
+				if ok, patternName := r.isSecretPattern(val); ok {
+					return ctx.NewIssue(valueSpec, r.ID(), fmt.Sprintf("%s: %s", r.What, patternName), r.Severity, r.Confidence), nil
+				}
+			}
+		}
+	}
+
 	return nil, nil
 }
 
@@ -119,6 +318,22 @@ func (r *credentials) matchEqualityCheck(binaryExpr *ast.BinaryExpr, ctx *gosec.
 				}
 			}
 		}
+
+		// Now that the variable names have been checked, and no matches were found, make sure that
+		// either the left or right operands is a string literal so we can match the value.
+		identStrConst, ok := binaryExpr.X.(*ast.BasicLit)
+		if !ok {
+			identStrConst, ok = binaryExpr.Y.(*ast.BasicLit)
+		}
+
+		if ok && identStrConst.Kind == token.STRING {
+			s, _ := gosec.GetString(identStrConst)
+			if r.ignoreEntropy || r.isHighEntropyString(s) {
+				if ok, patternName := r.isSecretPattern(s); ok {
+					return ctx.NewIssue(binaryExpr, r.ID(), fmt.Sprintf("%s: %s", r.What, patternName), r.Severity, r.Confidence), nil
+				}
+			}
+		}
 	}
 	return nil, nil
 }
@@ -138,6 +353,7 @@ func NewHardcodedCredentials(id string, conf gosec.Config) (gosec.Rule, []ast.No
 				pattern = cfgPattern
 			}
 		}
+
 		if configIgnoreEntropy, ok := conf["ignore_entropy"]; ok {
 			if cfgIgnoreEntropy, ok := configIgnoreEntropy.(bool); ok {
 				ignoreEntropy = cfgIgnoreEntropy
diff --git a/vendor/github.com/securego/gosec/v2/rules/implicit_aliasing.go b/vendor/github.com/securego/gosec/v2/rules/implicit_aliasing.go
index 70678e29a..a7eabb20b 100644
--- a/vendor/github.com/securego/gosec/v2/rules/implicit_aliasing.go
+++ b/vendor/github.com/securego/gosec/v2/rules/implicit_aliasing.go
@@ -3,6 +3,7 @@ package rules
 import (
 	"go/ast"
 	"go/token"
+	"go/types"
 
 	"github.com/securego/gosec/v2"
 	"github.com/securego/gosec/v2/issue"
@@ -28,6 +29,23 @@ func containsUnary(exprs []*ast.UnaryExpr, expr *ast.UnaryExpr) bool {
 	return false
 }
 
+func getIdentExpr(expr ast.Expr) (*ast.Ident, bool) {
+	return doGetIdentExpr(expr, false)
+}
+
+func doGetIdentExpr(expr ast.Expr, hasSelector bool) (*ast.Ident, bool) {
+	switch node := expr.(type) {
+	case *ast.Ident:
+		return node, hasSelector
+	case *ast.SelectorExpr:
+		return doGetIdentExpr(node.X, true)
+	case *ast.UnaryExpr:
+		return doGetIdentExpr(node.X, hasSelector)
+	default:
+		return nil, false
+	}
+}
+
 func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 	switch node := n.(type) {
 	case *ast.RangeStmt:
@@ -72,9 +90,13 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er
 		}
 
 		// If we find a unary op of & (reference) of an object within r.aliases, complain.
-		if ident, ok := node.X.(*ast.Ident); ok && node.Op.String() == "&" {
-			if _, contains := r.aliases[ident.Obj]; contains {
-				return c.NewIssue(n, r.ID(), r.What, r.Severity, r.Confidence), nil
+		if identExpr, hasSelector := getIdentExpr(node); identExpr != nil && node.Op.String() == "&" {
+			if _, contains := r.aliases[identExpr.Obj]; contains {
+				_, isPointer := c.Info.TypeOf(identExpr).(*types.Pointer)
+
+				if !hasSelector || !isPointer {
+					return c.NewIssue(n, r.ID(), r.What, r.Severity, r.Confidence), nil
+				}
 			}
 		}
 	case *ast.ReturnStmt:
diff --git a/vendor/github.com/securego/gosec/v2/rules/rulelist.go b/vendor/github.com/securego/gosec/v2/rules/rulelist.go
index d856eccad..f9ca4f52c 100644
--- a/vendor/github.com/securego/gosec/v2/rules/rulelist.go
+++ b/vendor/github.com/securego/gosec/v2/rules/rulelist.go
@@ -91,6 +91,7 @@ func Generate(trackSuppressions bool, filters ...RuleFilter) RuleList {
 		{"G304", "File path provided as taint input", NewReadFile},
 		{"G305", "File path traversal when extracting zip archive", NewArchive},
 		{"G306", "Poor file permissions used when writing to a file", NewWritePerms},
+		{"G307", "Poor file permissions used when creating a file with os.Create", NewOsCreatePerms},
 
 		// crypto
 		{"G401", "Detect the usage of DES, RC4, MD5 or SHA1", NewUsesWeakCryptography},
diff --git a/vendor/github.com/securego/gosec/v2/rules/sql.go b/vendor/github.com/securego/gosec/v2/rules/sql.go
index 4085b5d26..61222bfdb 100644
--- a/vendor/github.com/securego/gosec/v2/rules/sql.go
+++ b/vendor/github.com/securego/gosec/v2/rules/sql.go
@@ -98,6 +98,32 @@ func (s *sqlStrConcat) ID() string {
 	return s.MetaData.ID
 }
 
+// findInjectionInBranch walks diwb a set if expressions, and will create new issues if it finds SQL injections
+// This method assumes you've already verified that the branch contains SQL syntax
+func (s *sqlStrConcat) findInjectionInBranch(ctx *gosec.Context, branch []ast.Expr) *ast.BinaryExpr {
+	for _, node := range branch {
+		be, ok := node.(*ast.BinaryExpr)
+		if !ok {
+			continue
+		}
+
+		operands := gosec.GetBinaryExprOperands(be)
+
+		for _, op := range operands {
+			if _, ok := op.(*ast.BasicLit); ok {
+				continue
+			}
+
+			if ident, ok := op.(*ast.Ident); ok && s.checkObject(ident, ctx) {
+				continue
+			}
+
+			return be
+		}
+	}
+	return nil
+}
+
 // see if we can figure out what it is
 func (s *sqlStrConcat) checkObject(n *ast.Ident, c *gosec.Context) bool {
 	if n.Obj != nil {
@@ -140,6 +166,28 @@ func (s *sqlStrConcat) checkQuery(call *ast.CallExpr, ctx *gosec.Context) (*issu
 		}
 	}
 
+	// Handle the case where an injection occurs as an infixed string concatenation, ie "SELECT * FROM foo WHERE name = '" + os.Args[0] + "' AND 1=1"
+	if id, ok := query.(*ast.Ident); ok {
+		var match bool
+		for _, str := range gosec.GetIdentStringValuesRecursive(id) {
+			if s.MatchPatterns(str) {
+				match = true
+				break
+			}
+		}
+
+		if !match {
+			return nil, nil
+		}
+
+		switch decl := id.Obj.Decl.(type) {
+		case *ast.AssignStmt:
+			if injection := s.findInjectionInBranch(ctx, decl.Rhs); injection != nil {
+				return ctx.NewIssue(injection, s.ID(), s.What, s.Severity, s.Confidence), nil
+			}
+		}
+	}
+
 	return nil, nil
 }
 
@@ -157,6 +205,7 @@ func (s *sqlStrConcat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
 			return s.checkQuery(sqlQueryCall, ctx)
 		}
 	}
+
 	return nil, nil
 }
 
@@ -165,7 +214,7 @@ func NewSQLStrConcat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &sqlStrConcat{
 		sqlStatement: sqlStatement{
 			patterns: []*regexp.Regexp{
-				regexp.MustCompile(`(?i)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE) `),
+				regexp.MustCompile("(?i)(SELECT|DELETE|INSERT|UPDATE|INTO|FROM|WHERE)( |\n|\r|\t)"),
 			},
 			MetaData: issue.MetaData{
 				ID:         id,
diff --git a/vendor/github.com/securego/gosec/v2/rules/subproc.go b/vendor/github.com/securego/gosec/v2/rules/subproc.go
index ea50d692d..1e2cedaa5 100644
--- a/vendor/github.com/securego/gosec/v2/rules/subproc.go
+++ b/vendor/github.com/securego/gosec/v2/rules/subproc.go
@@ -97,7 +97,7 @@ func (r *subprocess) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // isContext checks whether or not the node is a CommandContext call or not
-// Thi is required in order to skip the first argument from the check.
+// This is required in order to skip the first argument from the check.
 func (r *subprocess) isContext(n ast.Node, ctx *gosec.Context) bool {
 	selector, indent, err := gosec.GetCallInfo(n, ctx)
 	if err != nil {
diff --git a/vendor/github.com/securego/gosec/v2/rules/unsafe.go b/vendor/github.com/securego/gosec/v2/rules/unsafe.go
index e1e8d0231..2e2adca7c 100644
--- a/vendor/github.com/securego/gosec/v2/rules/unsafe.go
+++ b/vendor/github.com/securego/gosec/v2/rules/unsafe.go
@@ -43,7 +43,7 @@ func (r *usingUnsafe) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err
 func NewUsingUnsafe(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &usingUnsafe{
 		pkg:   "unsafe",
-		calls: []string{"Alignof", "Offsetof", "Sizeof", "Pointer"},
+		calls: []string{"Pointer", "String", "StringData", "Slice", "SliceData"},
 		MetaData: issue.MetaData{
 			ID:         id,
 			What:       "Use of unsafe calls should be audited",
diff --git a/vendor/github.com/sourcegraph/conc/.golangci.yml b/vendor/github.com/sourcegraph/conc/.golangci.yml
new file mode 100644
index 000000000..ae65a760a
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/.golangci.yml
@@ -0,0 +1,11 @@
+linters:
+  disable-all: true
+  enable:
+    - errcheck
+    - godot
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - typecheck
+    - unused
diff --git a/vendor/github.com/sourcegraph/conc/LICENSE b/vendor/github.com/sourcegraph/conc/LICENSE
new file mode 100644
index 000000000..1081f4ef4
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Sourcegraph
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/sourcegraph/conc/README.md b/vendor/github.com/sourcegraph/conc/README.md
new file mode 100644
index 000000000..1c87c3c96
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/README.md
@@ -0,0 +1,464 @@
+![conch](https://user-images.githubusercontent.com/12631702/210295964-785cc63d-d697-420c-99ff-f492eb81dec9.svg)
+
+# `conc`: better structured concurrency for go
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/sourcegraph/conc.svg)](https://pkg.go.dev/github.com/sourcegraph/conc)
+[![Sourcegraph](https://img.shields.io/badge/view%20on-sourcegraph-A112FE?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAEZklEQVRoQ+2aXWgUZxSG3292sxtNN43BhBakFPyhxSujRSxiU1pr7SaGXqgUxOIEW0IFkeYighYUxAuLUlq0lrq2iCDpjWtmFVtoG6QVNOCFVShVLyxIk0DVjZLMxt3xTGTccd2ZOd/8JBHci0CY9zvnPPN+/7sCIXwKavOwAcy2QgngQiIztDSE0OwQlDPYR1ebiaH6J5kZChyfW12gRG4QVgGTBfMchMbFP9Sn5nlZL2D0JjLD6710lc+z0NfqSGTXQRQ4bX07Mq423yoBL3OSyHSvUxirMuaEvgbJWrdcvkHMoJwxYuq4INUhyuWvQa1jvdMGxAvCxJlyEC9XOBCWL04wwRzpbDoDQ7wfZJzIQLi5Eggk6DiRhZgWIAbE3NrM4A3LPT8Q7UgqAqLqTmLSHLGPkyzG/qXEczhd0q6RH+zaSBfaUoc4iQx19pIClIscrTkNZzG6gd7qMY6eC2Hqyo705ZfTf+eqJmhMzcSbYtQpOXc92ZsZjLVAL4YNUQbJ5Ttg4CQrQdGYj44Xr9m1XJCzmZusFDJOWNpHjmh5x624a2ZFtOKDVL+uNo2TuXE3bZQQZUf8gtgqP31uI94Z/rMqix+IGiRfWw3xN9dCgVx+L3WrHm4Dju6PXz/EkjuXJ6R+IGgyOE1TbZqTq9y1eo0EZo7oMo1ktPu3xjHvuiLT5AFNszUyDULtWpzE2/fEsey8O5TbWuGWwxrs5rS7nFNMWJrNh2No74s9Ec4vRNmRRzPXMP19fBMSVsGcOJ98G8N3Wl2gXcbTjbX7vUBxLaeASDQCm5Cu/0E2tvtb0Ea+BowtskFD0wvlc6Rf2M+Jx7dTu7ubFr2dnKDRaMQe2v/tcIrNB7FH0O50AcrBaApmRDVwFO31ql3pD8QW4dP0feNwl/Q+kFEtRyIGyaWXnpy1OO0qNJWHo1y6iCmAGkBb/Ru+HenDWIF2mo4r8G+tRRzoniSn2uqFLxANhe9LKHVyTbz6egk9+x5w5fK6ulSNNMhZ/Feno+GebLZV6isTTa6k5qNl5RnZ5u56Ib6SBvFzaWBBVFZzvnERWlt/Cg4l27XChLCqFyLekjhy6xJyoytgjPf7opIB8QPx7sYFiMXHPGt76m741MhCKMZfng0nBOIjmoJPsLqWHwgFpe6V6qtfcopxveR2Oy+J0ntIN/zCWkf8QNAJ7y6d8Bq4lxLc2/qJl5K7t432XwcqX5CrI34gzATWuYILQtdQPyePDK3iuOekCR3Efjhig1B1Uq5UoXEEoZX7d1q535J5S9VOeFyYyEBku5XTMXXKQTToX5Rg7OI44nbW5oKYeYK4EniMeF0YFNSmb+grhc84LyRCEP1/OurOcipCQbKxDeK2V5FcVyIDMQvsgz5gwFhcWWwKyRlvQ3gv29RwWoDYAbIofNyBxI9eDlQ+n3YgsgCWnr4MStGXQXmv9pF2La/k3OccV54JEBM4yp9EsXa/3LfO0dGPcYq0Y7DfZB8nJzZw2rppHgKgVHs8L5wvRwAAAABJRU5ErkJggg==)](https://sourcegraph.com/github.com/sourcegraph/conc)
+[![Go Report Card](https://goreportcard.com/badge/github.com/sourcegraph/conc)](https://goreportcard.com/report/github.com/sourcegraph/conc)
+[![codecov](https://codecov.io/gh/sourcegraph/conc/branch/main/graph/badge.svg?token=MQZTEA1QWT)](https://codecov.io/gh/sourcegraph/conc)
+[![Discord](https://img.shields.io/badge/discord-chat-%235765F2)](https://discord.gg/bvXQXmtRjN)
+
+`conc` is your toolbelt for structured concurrency in go, making common tasks
+easier and safer.
+
+```sh
+go get github.com/sourcegraph/conc
+```
+
+# At a glance
+
+- Use [`conc.WaitGroup`](https://pkg.go.dev/github.com/sourcegraph/conc#WaitGroup) if you just want a safer version of `sync.WaitGroup`
+- Use [`pool.Pool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool) if you want a concurrency-limited task runner
+- Use [`pool.ResultPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ResultPool) if you want a concurrent task runner that collects task results
+- Use [`pool.(Result)?ErrorPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ErrorPool) if your tasks are fallible
+- Use [`pool.(Result)?ContextPool`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ContextPool) if your tasks should be canceled on failure
+- Use [`stream.Stream`](https://pkg.go.dev/github.com/sourcegraph/conc/stream#Stream) if you want to process an ordered stream of tasks in parallel with serial callbacks
+- Use [`iter.Map`](https://pkg.go.dev/github.com/sourcegraph/conc/iter#Map) if you want to concurrently map a slice
+- Use [`iter.ForEach`](https://pkg.go.dev/github.com/sourcegraph/conc/iter#ForEach) if you want to concurrently iterate over a slice
+- Use [`panics.Catcher`](https://pkg.go.dev/github.com/sourcegraph/conc/panics#Catcher) if you want to catch panics in your own goroutines
+
+All pools are created with
+[`pool.New()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#New)
+or
+[`pool.NewWithResults[T]()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#NewWithResults),
+then configured with methods:
+
+- [`p.WithMaxGoroutines()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.MaxGoroutines) configures the maximum number of goroutines in the pool
+- [`p.WithErrors()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.WithErrors) configures the pool to run tasks that return errors
+- [`p.WithContext(ctx)`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#Pool.WithContext) configures the pool to run tasks that should be canceled on first error
+- [`p.WithFirstError()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ErrorPool.WithFirstError) configures error pools to only keep the first returned error rather than an aggregated error
+- [`p.WithCollectErrored()`](https://pkg.go.dev/github.com/sourcegraph/conc/pool#ResultContextPool.WithCollectErrored) configures result pools to collect results even when the task errored
+
+# Goals
+
+The main goals of the package are:
+1) Make it harder to leak goroutines
+2) Handle panics gracefully
+3) Make concurrent code easier to read
+
+## Goal #1: Make it harder to leak goroutines
+
+A common pain point when working with goroutines is cleaning them up. It's
+really easy to fire off a `go` statement and fail to properly wait for it to
+complete.
+
+`conc` takes the opinionated stance that all concurrency should be scoped.
+That is, goroutines should have an owner and that owner should always
+ensure that its owned goroutines exit properly.
+
+In `conc`, the owner of a goroutine is always a `conc.WaitGroup`. Goroutines
+are spawned in a `WaitGroup` with `(*WaitGroup).Go()`, and
+`(*WaitGroup).Wait()` should always be called before the `WaitGroup` goes out
+of scope.
+
+In some cases, you might want a spawned goroutine to outlast the scope of the
+caller. In that case, you could pass a `WaitGroup` into the spawning function.
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    defer wg.Wait()
+
+    startTheThing(&wg)
+}
+
+func startTheThing(wg *conc.WaitGroup) {
+    wg.Go(func() { ... })
+}
+```
+
+For some more discussion on why scoped concurrency is nice, check out [this
+blog
+post](https://vorpus.org/blog/notes-on-structured-concurrency-or-go-statement-considered-harmful/).
+
+## Goal #2: Handle panics gracefully
+
+A frequent problem with goroutines in long-running applications is handling
+panics. A goroutine spawned without a panic handler will crash the whole process
+on panic. This is usually undesirable.
+
+However, if you do add a panic handler to a goroutine, what do you do with the
+panic once you catch it? Some options:
+1) Ignore it
+2) Log it
+3) Turn it into an error and return that to the goroutine spawner
+4) Propagate the panic to the goroutine spawner
+
+Ignoring panics is a bad idea since panics usually mean there is actually
+something wrong and someone should fix it.
+
+Just logging panics isn't great either because then there is no indication to the spawner
+that something bad happened, and it might just continue on as normal even though your
+program is in a really bad state.
+
+Both (3) and (4) are reasonable options, but both require the goroutine to have
+an owner that can actually receive the message that something went wrong. This
+is generally not true with a goroutine spawned with `go`, but in the `conc`
+package, all goroutines have an owner that must collect the spawned goroutine.
+In the conc package, any call to `Wait()` will panic if any of the spawned goroutines
+panicked. Additionally, it decorates the panic value with a stacktrace from the child
+goroutine so that you don't lose information about what caused the panic.
+
+Doing this all correctly every time you spawn something with `go` is not
+trivial and it requires a lot of boilerplate that makes the important parts of
+the code more difficult to read, so `conc` does this for you.
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+type caughtPanicError struct {
+    val   any
+    stack []byte
+}
+
+func (e *caughtPanicError) Error() string {
+    return fmt.Sprintf(
+        "panic: %q\n%s",
+        e.val,
+        string(e.stack)
+    )
+}
+
+func main() {
+    done := make(chan error)
+    go func() {
+        defer func() {
+            if v := recover(); v != nil {
+                done <- &caughtPanicError{
+                    val: v,
+                    stack: debug.Stack()
+                }
+            } else {
+                done <- nil
+            }
+        }()
+        doSomethingThatMightPanic()
+    }()
+    err := <-done
+    if err != nil {
+        panic(err)
+    }
+}
+```
+</td>
+<td>
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    wg.Go(doSomethingThatMightPanic)
+    // panics with a nice stacktrace
+    wg.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+## Goal #3: Make concurrent code easier to read
+
+Doing concurrency correctly is difficult. Doing it in a way that doesn't
+obfuscate what the code is actually doing is more difficult. The `conc` package
+attempts to make common operations easier by abstracting as much boilerplate
+complexity as possible.
+
+Want to run a set of concurrent tasks with a bounded set of goroutines? Use
+`pool.New()`. Want to process an ordered stream of results concurrently, but
+still maintain order? Try `stream.New()`. What about a concurrent map over
+a slice? Take a peek at `iter.Map()`.
+
+Browse some examples below for some comparisons with doing these by hand.
+
+# Examples
+
+Each of these examples forgoes propagating panics for simplicity. To see
+what kind of complexity that would add, check out the "Goal #2" header above.
+
+Spawn a set of goroutines and waiting for them to finish:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func main() {
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            // crashes on panic!
+            doSomething()
+        }()
+    }
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func main() {
+    var wg conc.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Go(doSomething)
+    }
+    wg.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+Process each element of a stream in a static pool of goroutines:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func process(stream chan int) {
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            for elem := range stream {
+                handle(elem)
+            }
+        }()
+    }
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func process(stream chan int) {
+    p := pool.New().WithMaxGoroutines(10)
+    for elem := range stream {
+        elem := elem
+        p.Go(func() {
+            handle(elem)
+        })
+    }
+    p.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+Process each element of a slice in a static pool of goroutines:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func process(values []int) {
+    feeder := make(chan int, 8)
+
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+            for elem := range feeder {
+                handle(elem)
+            }
+        }()
+    }
+
+    for _, value := range values {
+        feeder <- value
+    }
+    close(feeder)
+    wg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func process(values []int) {
+    iter.ForEach(values, handle)
+}
+```
+</td>
+</tr>
+</table>
+
+Concurrently map a slice:
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func concMap(
+    input []int,
+    f func(int) int,
+) []int {
+    res := make([]int, len(input))
+    var idx atomic.Int64
+
+    var wg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        wg.Add(1)
+        go func() {
+            defer wg.Done()
+
+            for {
+                i := int(idx.Add(1) - 1)
+                if i >= len(input) {
+                    return
+                }
+
+                res[i] = f(input[i])
+            }
+        }()
+    }
+    wg.Wait()
+    return res
+}
+```
+</td>
+<td>
+
+```go
+func concMap(
+    input []int,
+    f func(*int) int,
+) []int {
+    return iter.Map(input, f)
+}
+```
+</td>
+</tr>
+</table>
+
+Process an ordered stream concurrently:
+
+
+<table>
+<tr>
+<th><code>stdlib</code></th>
+<th><code>conc</code></th>
+</tr>
+<tr>
+<td>
+
+```go
+func mapStream(
+    in chan int,
+    out chan int,
+    f func(int) int,
+) {
+    tasks := make(chan func())
+    taskResults := make(chan chan int)
+
+    // Worker goroutines
+    var workerWg sync.WaitGroup
+    for i := 0; i < 10; i++ {
+        workerWg.Add(1)
+        go func() {
+            defer workerWg.Done()
+            for task := range tasks {
+                task()
+            }
+        }()
+    }
+
+    // Ordered reader goroutines
+    var readerWg sync.WaitGroup
+    readerWg.Add(1)
+    go func() {
+        defer readerWg.Done()
+        for result := range taskResults {
+            item := <-result
+            out <- item
+        }
+    }()
+
+    // Feed the workers with tasks
+    for elem := range in {
+        resultCh := make(chan int, 1)
+        taskResults <- resultCh
+        tasks <- func() {
+            resultCh <- f(elem)
+        }
+    }
+
+    // We've exhausted input.
+    // Wait for everything to finish
+    close(tasks)
+    workerWg.Wait()
+    close(taskResults)
+    readerWg.Wait()
+}
+```
+</td>
+<td>
+
+```go
+func mapStream(
+    in chan int,
+    out chan int,
+    f func(int) int,
+) {
+    s := stream.New().WithMaxGoroutines(10)
+    for elem := range in {
+        elem := elem
+        s.Go(func() stream.Callback {
+            res := f(elem)
+            return func() { out <- res }
+        })
+    }
+    s.Wait()
+}
+```
+</td>
+</tr>
+</table>
+
+# Status
+
+This package is currently pre-1.0. There are likely to be minor breaking
+changes before a 1.0 release as we stabilize the APIs and tweak defaults.
+Please open an issue if you have questions, concerns, or requests that you'd
+like addressed before the 1.0 release. Currently, a 1.0 is targeted for 
+March 2023.
diff --git a/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
new file mode 100644
index 000000000..7087e32a8
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go119.go
@@ -0,0 +1,10 @@
+//go:build !go1.20
+// +build !go1.20
+
+package multierror
+
+import "go.uber.org/multierr"
+
+var (
+	Join = multierr.Combine
+)
diff --git a/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
new file mode 100644
index 000000000..39cff829a
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/internal/multierror/multierror_go120.go
@@ -0,0 +1,10 @@
+//go:build go1.20
+// +build go1.20
+
+package multierror
+
+import "errors"
+
+var (
+	Join = errors.Join
+)
diff --git a/vendor/github.com/sourcegraph/conc/iter/iter.go b/vendor/github.com/sourcegraph/conc/iter/iter.go
new file mode 100644
index 000000000..124b4f940
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/iter/iter.go
@@ -0,0 +1,85 @@
+package iter
+
+import (
+	"runtime"
+	"sync/atomic"
+
+	"github.com/sourcegraph/conc"
+)
+
+// defaultMaxGoroutines returns the default maximum number of
+// goroutines to use within this package.
+func defaultMaxGoroutines() int { return runtime.GOMAXPROCS(0) }
+
+// Iterator can be used to configure the behaviour of ForEach
+// and ForEachIdx. The zero value is safe to use with reasonable
+// defaults.
+//
+// Iterator is also safe for reuse and concurrent use.
+type Iterator[T any] struct {
+	// MaxGoroutines controls the maximum number of goroutines
+	// to use on this Iterator's methods.
+	//
+	// If unset, MaxGoroutines defaults to runtime.GOMAXPROCS(0).
+	MaxGoroutines int
+}
+
+// ForEach executes f in parallel over each element in input.
+//
+// It is safe to mutate the input parameter, which makes it
+// possible to map in place.
+//
+// ForEach always uses at most runtime.GOMAXPROCS goroutines.
+// It takes roughly 2µs to start up the goroutines and adds
+// an overhead of roughly 50ns per element of input. For
+// a configurable goroutine limit, use a custom Iterator.
+func ForEach[T any](input []T, f func(*T)) { Iterator[T]{}.ForEach(input, f) }
+
+// ForEach executes f in parallel over each element in input,
+// using up to the Iterator's configured maximum number of
+// goroutines.
+//
+// It is safe to mutate the input parameter, which makes it
+// possible to map in place.
+//
+// It takes roughly 2µs to start up the goroutines and adds
+// an overhead of roughly 50ns per element of input.
+func (iter Iterator[T]) ForEach(input []T, f func(*T)) {
+	iter.ForEachIdx(input, func(_ int, t *T) {
+		f(t)
+	})
+}
+
+// ForEachIdx is the same as ForEach except it also provides the
+// index of the element to the callback.
+func ForEachIdx[T any](input []T, f func(int, *T)) { Iterator[T]{}.ForEachIdx(input, f) }
+
+// ForEachIdx is the same as ForEach except it also provides the
+// index of the element to the callback.
+func (iter Iterator[T]) ForEachIdx(input []T, f func(int, *T)) {
+	if iter.MaxGoroutines == 0 {
+		// iter is a value receiver and is hence safe to mutate
+		iter.MaxGoroutines = defaultMaxGoroutines()
+	}
+
+	numInput := len(input)
+	if iter.MaxGoroutines > numInput {
+		// No more concurrent tasks than the number of input items.
+		iter.MaxGoroutines = numInput
+	}
+
+	var idx atomic.Int64
+	// Create the task outside the loop to avoid extra closure allocations.
+	task := func() {
+		i := int(idx.Add(1) - 1)
+		for ; i < numInput; i = int(idx.Add(1) - 1) {
+			f(i, &input[i])
+		}
+	}
+
+	var wg conc.WaitGroup
+	for i := 0; i < iter.MaxGoroutines; i++ {
+		wg.Go(task)
+	}
+	wg.Wait()
+}
diff --git a/vendor/github.com/sourcegraph/conc/iter/map.go b/vendor/github.com/sourcegraph/conc/iter/map.go
new file mode 100644
index 000000000..efbe6bfaf
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/iter/map.go
@@ -0,0 +1,65 @@
+package iter
+
+import (
+	"sync"
+
+	"github.com/sourcegraph/conc/internal/multierror"
+)
+
+// Mapper is an Iterator with a result type R. It can be used to configure
+// the behaviour of Map and MapErr. The zero value is safe to use with
+// reasonable defaults.
+//
+// Mapper is also safe for reuse and concurrent use.
+type Mapper[T, R any] Iterator[T]
+
+// Map applies f to each element of input, returning the mapped result.
+//
+// Map always uses at most runtime.GOMAXPROCS goroutines. For a configurable
+// goroutine limit, use a custom Mapper.
+func Map[T, R any](input []T, f func(*T) R) []R {
+	return Mapper[T, R]{}.Map(input, f)
+}
+
+// Map applies f to each element of input, returning the mapped result.
+//
+// Map uses up to the configured Mapper's maximum number of goroutines.
+func (m Mapper[T, R]) Map(input []T, f func(*T) R) []R {
+	res := make([]R, len(input))
+	Iterator[T](m).ForEachIdx(input, func(i int, t *T) {
+		res[i] = f(t)
+	})
+	return res
+}
+
+// MapErr applies f to each element of the input, returning the mapped result
+// and a combined error of all returned errors.
+//
+// Map always uses at most runtime.GOMAXPROCS goroutines. For a configurable
+// goroutine limit, use a custom Mapper.
+func MapErr[T, R any](input []T, f func(*T) (R, error)) ([]R, error) {
+	return Mapper[T, R]{}.MapErr(input, f)
+}
+
+// MapErr applies f to each element of the input, returning the mapped result
+// and a combined error of all returned errors.
+//
+// Map uses up to the configured Mapper's maximum number of goroutines.
+func (m Mapper[T, R]) MapErr(input []T, f func(*T) (R, error)) ([]R, error) {
+	var (
+		res    = make([]R, len(input))
+		errMux sync.Mutex
+		errs   error
+	)
+	Iterator[T](m).ForEachIdx(input, func(i int, t *T) {
+		var err error
+		res[i], err = f(t)
+		if err != nil {
+			errMux.Lock()
+			// TODO: use stdlib errors once multierrors land in go 1.20
+			errs = multierror.Join(errs, err)
+			errMux.Unlock()
+		}
+	})
+	return res, errs
+}
diff --git a/vendor/github.com/sourcegraph/conc/panics/panics.go b/vendor/github.com/sourcegraph/conc/panics/panics.go
new file mode 100644
index 000000000..abbed7fa0
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/panics/panics.go
@@ -0,0 +1,102 @@
+package panics
+
+import (
+	"fmt"
+	"runtime"
+	"runtime/debug"
+	"sync/atomic"
+)
+
+// Catcher is used to catch panics. You can execute a function with Try,
+// which will catch any spawned panic. Try can be called any number of times,
+// from any number of goroutines. Once all calls to Try have completed, you can
+// get the value of the first panic (if any) with Recovered(), or you can just
+// propagate the panic (re-panic) with Repanic().
+type Catcher struct {
+	recovered atomic.Pointer[Recovered]
+}
+
+// Try executes f, catching any panic it might spawn. It is safe
+// to call from multiple goroutines simultaneously.
+func (p *Catcher) Try(f func()) {
+	defer p.tryRecover()
+	f()
+}
+
+func (p *Catcher) tryRecover() {
+	if val := recover(); val != nil {
+		rp := NewRecovered(1, val)
+		p.recovered.CompareAndSwap(nil, &rp)
+	}
+}
+
+// Repanic panics if any calls to Try caught a panic. It will panic with the
+// value of the first panic caught, wrapped in a panics.Recovered with caller
+// information.
+func (p *Catcher) Repanic() {
+	if val := p.Recovered(); val != nil {
+		panic(val)
+	}
+}
+
+// Recovered returns the value of the first panic caught by Try, or nil if
+// no calls to Try panicked.
+func (p *Catcher) Recovered() *Recovered {
+	return p.recovered.Load()
+}
+
+// NewRecovered creates a panics.Recovered from a panic value and a collected
+// stacktrace. The skip parameter allows the caller to skip stack frames when
+// collecting the stacktrace. Calling with a skip of 0 means include the call to
+// NewRecovered in the stacktrace.
+func NewRecovered(skip int, value any) Recovered {
+	// 64 frames should be plenty
+	var callers [64]uintptr
+	n := runtime.Callers(skip+1, callers[:])
+	return Recovered{
+		Value:   value,
+		Callers: callers[:n],
+		Stack:   debug.Stack(),
+	}
+}
+
+// Recovered is a panic that was caught with recover().
+type Recovered struct {
+	// The original value of the panic.
+	Value any
+	// The caller list as returned by runtime.Callers when the panic was
+	// recovered. Can be used to produce a more detailed stack information with
+	// runtime.CallersFrames.
+	Callers []uintptr
+	// The formatted stacktrace from the goroutine where the panic was recovered.
+	// Easier to use than Callers.
+	Stack []byte
+}
+
+// String renders a human-readable formatting of the panic.
+func (p *Recovered) String() string {
+	return fmt.Sprintf("panic: %v\nstacktrace:\n%s\n", p.Value, p.Stack)
+}
+
+// AsError casts the panic into an error implementation. The implementation
+// is unwrappable with the cause of the panic, if the panic was provided one.
+func (p *Recovered) AsError() error {
+	if p == nil {
+		return nil
+	}
+	return &ErrRecovered{*p}
+}
+
+// ErrRecovered wraps a panics.Recovered in an error implementation.
+type ErrRecovered struct{ Recovered }
+
+var _ error = (*ErrRecovered)(nil)
+
+func (p *ErrRecovered) Error() string { return p.String() }
+
+func (p *ErrRecovered) Unwrap() error {
+	if err, ok := p.Value.(error); ok {
+		return err
+	}
+	return nil
+}
diff --git a/vendor/github.com/sourcegraph/conc/panics/try.go b/vendor/github.com/sourcegraph/conc/panics/try.go
new file mode 100644
index 000000000..4ded92a1c
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/panics/try.go
@@ -0,0 +1,11 @@
+package panics
+
+// Try executes f, catching and returning any panic it might spawn.
+//
+// The recovered panic can be propagated with panic(), or handled as a normal error with
+// (*panics.Recovered).AsError().
+func Try(f func()) *Recovered {
+	var c Catcher
+	c.Try(f)
+	return c.Recovered()
+}
diff --git a/vendor/github.com/sourcegraph/conc/waitgroup.go b/vendor/github.com/sourcegraph/conc/waitgroup.go
new file mode 100644
index 000000000..47b1bc1a5
--- /dev/null
+++ b/vendor/github.com/sourcegraph/conc/waitgroup.go
@@ -0,0 +1,52 @@
+package conc
+
+import (
+	"sync"
+
+	"github.com/sourcegraph/conc/panics"
+)
+
+// NewWaitGroup creates a new WaitGroup.
+func NewWaitGroup() *WaitGroup {
+	return &WaitGroup{}
+}
+
+// WaitGroup is the primary building block for scoped concurrency.
+// Goroutines can be spawned in the WaitGroup with the Go method,
+// and calling Wait() will ensure that each of those goroutines exits
+// before continuing. Any panics in a child goroutine will be caught
+// and propagated to the caller of Wait().
+//
+// The zero value of WaitGroup is usable, just like sync.WaitGroup.
+// Also like sync.WaitGroup, it must not be copied after first use.
+type WaitGroup struct {
+	wg sync.WaitGroup
+	pc panics.Catcher
+}
+
+// Go spawns a new goroutine in the WaitGroup.
+func (h *WaitGroup) Go(f func()) {
+	h.wg.Add(1)
+	go func() {
+		defer h.wg.Done()
+		h.pc.Try(f)
+	}()
+}
+
+// Wait will block until all goroutines spawned with Go exit and will
+// propagate any panics spawned in a child goroutine.
+func (h *WaitGroup) Wait() {
+	h.wg.Wait()
+
+	// Propagate a panic if we caught one from a child goroutine.
+	h.pc.Repanic()
+}
+
+// WaitAndRecover will block until all goroutines spawned with Go exit and
+// will return a *panics.Recovered if one of the child goroutines panics.
+func (h *WaitGroup) WaitAndRecover() *panics.Recovered {
+	h.wg.Wait()
+
+	// Return a recovered panic if we caught one from a child goroutine.
+	return h.pc.Recovered()
+}
diff --git a/vendor/github.com/spf13/afero/afero.go b/vendor/github.com/spf13/afero/afero.go
index 199480cd0..39f658520 100644
--- a/vendor/github.com/spf13/afero/afero.go
+++ b/vendor/github.com/spf13/afero/afero.go
@@ -97,7 +97,7 @@ type Fs interface {
 	// Chown changes the uid and gid of the named file.
 	Chown(name string, uid, gid int) error
 
-	//Chtimes changes the access and modification times of the named file
+	// Chtimes changes the access and modification times of the named file
 	Chtimes(name string, atime time.Time, mtime time.Time) error
 }
 
diff --git a/vendor/github.com/spf13/afero/basepath.go b/vendor/github.com/spf13/afero/basepath.go
index 70a1d9168..2e72793a3 100644
--- a/vendor/github.com/spf13/afero/basepath.go
+++ b/vendor/github.com/spf13/afero/basepath.go
@@ -40,7 +40,6 @@ func (f *BasePathFile) Name() string {
 func (f *BasePathFile) ReadDir(n int) ([]fs.DirEntry, error) {
 	if rdf, ok := f.File.(fs.ReadDirFile); ok {
 		return rdf.ReadDir(n)
-
 	}
 	return readDirFile{f.File}.ReadDir(n)
 }
diff --git a/vendor/github.com/spf13/afero/const_bsds.go b/vendor/github.com/spf13/afero/const_bsds.go
index eed0f225f..30855de57 100644
--- a/vendor/github.com/spf13/afero/const_bsds.go
+++ b/vendor/github.com/spf13/afero/const_bsds.go
@@ -11,8 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build aix || darwin || openbsd || freebsd || netbsd || dragonfly
-// +build aix darwin openbsd freebsd netbsd dragonfly
+//go:build aix || darwin || openbsd || freebsd || netbsd || dragonfly || zos
+// +build aix darwin openbsd freebsd netbsd dragonfly zos
 
 package afero
 
diff --git a/vendor/github.com/spf13/afero/const_win_unix.go b/vendor/github.com/spf13/afero/const_win_unix.go
index 004d57e2f..12792d21e 100644
--- a/vendor/github.com/spf13/afero/const_win_unix.go
+++ b/vendor/github.com/spf13/afero/const_win_unix.go
@@ -10,8 +10,8 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-//go:build !darwin && !openbsd && !freebsd && !dragonfly && !netbsd && !aix
-// +build !darwin,!openbsd,!freebsd,!dragonfly,!netbsd,!aix
+//go:build !darwin && !openbsd && !freebsd && !dragonfly && !netbsd && !aix && !zos
+// +build !darwin,!openbsd,!freebsd,!dragonfly,!netbsd,!aix,!zos
 
 package afero
 
diff --git a/vendor/github.com/spf13/afero/copyOnWriteFs.go b/vendor/github.com/spf13/afero/copyOnWriteFs.go
index 6ff8f3099..184d6dd70 100644
--- a/vendor/github.com/spf13/afero/copyOnWriteFs.go
+++ b/vendor/github.com/spf13/afero/copyOnWriteFs.go
@@ -223,7 +223,7 @@ func (u *CopyOnWriteFs) OpenFile(name string, flag int, perm os.FileMode) (File,
 			return nil, err
 		}
 		if isaDir {
-			if err = u.layer.MkdirAll(dir, 0777); err != nil {
+			if err = u.layer.MkdirAll(dir, 0o777); err != nil {
 				return nil, err
 			}
 			return u.layer.OpenFile(name, flag, perm)
@@ -247,8 +247,9 @@ func (u *CopyOnWriteFs) OpenFile(name string, flag int, perm os.FileMode) (File,
 
 // This function handles the 9 different possibilities caused
 // by the union which are the intersection of the following...
-//  layer: doesn't exist, exists as a file, and exists as a directory
-//  base:  doesn't exist, exists as a file, and exists as a directory
+//
+//	layer: doesn't exist, exists as a file, and exists as a directory
+//	base:  doesn't exist, exists as a file, and exists as a directory
 func (u *CopyOnWriteFs) Open(name string) (File, error) {
 	// Since the overlay overrides the base we check that first
 	b, err := u.isBaseFile(name)
@@ -322,5 +323,5 @@ func (u *CopyOnWriteFs) MkdirAll(name string, perm os.FileMode) error {
 }
 
 func (u *CopyOnWriteFs) Create(name string) (File, error) {
-	return u.OpenFile(name, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0666)
+	return u.OpenFile(name, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0o666)
 }
diff --git a/vendor/github.com/spf13/afero/ioutil.go b/vendor/github.com/spf13/afero/ioutil.go
index 386c9cdc2..fa6abe1ee 100644
--- a/vendor/github.com/spf13/afero/ioutil.go
+++ b/vendor/github.com/spf13/afero/ioutil.go
@@ -141,8 +141,10 @@ func WriteFile(fs Fs, filename string, data []byte, perm os.FileMode) error {
 // We generate random temporary file names so that there's a good
 // chance the file doesn't exist yet - keeps the number of tries in
 // TempFile to a minimum.
-var randNum uint32
-var randmu sync.Mutex
+var (
+	randNum uint32
+	randmu  sync.Mutex
+)
 
 func reseed() uint32 {
 	return uint32(time.Now().UnixNano() + int64(os.Getpid()))
@@ -190,7 +192,7 @@ func TempFile(fs Fs, dir, pattern string) (f File, err error) {
 	nconflict := 0
 	for i := 0; i < 10000; i++ {
 		name := filepath.Join(dir, prefix+nextRandom()+suffix)
-		f, err = fs.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
+		f, err = fs.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o600)
 		if os.IsExist(err) {
 			if nconflict++; nconflict > 10 {
 				randmu.Lock()
@@ -214,6 +216,7 @@ func TempFile(fs Fs, dir, pattern string) (f File, err error) {
 func (a Afero) TempDir(dir, prefix string) (name string, err error) {
 	return TempDir(a.Fs, dir, prefix)
 }
+
 func TempDir(fs Fs, dir, prefix string) (name string, err error) {
 	if dir == "" {
 		dir = os.TempDir()
@@ -222,7 +225,7 @@ func TempDir(fs Fs, dir, prefix string) (name string, err error) {
 	nconflict := 0
 	for i := 0; i < 10000; i++ {
 		try := filepath.Join(dir, prefix+nextRandom())
-		err = fs.Mkdir(try, 0700)
+		err = fs.Mkdir(try, 0o700)
 		if os.IsExist(err) {
 			if nconflict++; nconflict > 10 {
 				randmu.Lock()
diff --git a/vendor/github.com/spf13/afero/mem/file.go b/vendor/github.com/spf13/afero/mem/file.go
index 3cf4693b5..62fe4498e 100644
--- a/vendor/github.com/spf13/afero/mem/file.go
+++ b/vendor/github.com/spf13/afero/mem/file.go
@@ -245,7 +245,7 @@ func (f *File) Truncate(size int64) error {
 	defer f.fileData.Unlock()
 	if size > int64(len(f.fileData.data)) {
 		diff := size - int64(len(f.fileData.data))
-		f.fileData.data = append(f.fileData.data, bytes.Repeat([]byte{00}, int(diff))...)
+		f.fileData.data = append(f.fileData.data, bytes.Repeat([]byte{0o0}, int(diff))...)
 	} else {
 		f.fileData.data = f.fileData.data[0:size]
 	}
@@ -285,7 +285,7 @@ func (f *File) Write(b []byte) (n int, err error) {
 		tail = f.fileData.data[n+int(cur):]
 	}
 	if diff > 0 {
-		f.fileData.data = append(f.fileData.data, append(bytes.Repeat([]byte{00}, int(diff)), b...)...)
+		f.fileData.data = append(f.fileData.data, append(bytes.Repeat([]byte{0o0}, int(diff)), b...)...)
 		f.fileData.data = append(f.fileData.data, tail...)
 	} else {
 		f.fileData.data = append(f.fileData.data[:cur], b...)
@@ -321,16 +321,19 @@ func (s *FileInfo) Name() string {
 	s.Unlock()
 	return name
 }
+
 func (s *FileInfo) Mode() os.FileMode {
 	s.Lock()
 	defer s.Unlock()
 	return s.mode
 }
+
 func (s *FileInfo) ModTime() time.Time {
 	s.Lock()
 	defer s.Unlock()
 	return s.modtime
 }
+
 func (s *FileInfo) IsDir() bool {
 	s.Lock()
 	defer s.Unlock()
diff --git a/vendor/github.com/spf13/afero/memmap.go b/vendor/github.com/spf13/afero/memmap.go
index d06975e71..d6c744e8d 100644
--- a/vendor/github.com/spf13/afero/memmap.go
+++ b/vendor/github.com/spf13/afero/memmap.go
@@ -15,9 +15,13 @@ package afero
 
 import (
 	"fmt"
+	"io"
+
 	"log"
 	"os"
 	"path/filepath"
+
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -43,7 +47,7 @@ func (m *MemMapFs) getData() map[string]*mem.FileData {
 		// Root should always exist, right?
 		// TODO: what about windows?
 		root := mem.CreateDir(FilePathSeparator)
-		mem.SetMode(root, os.ModeDir|0755)
+		mem.SetMode(root, os.ModeDir|0o755)
 		m.data[FilePathSeparator] = root
 	})
 	return m.data
@@ -87,6 +91,24 @@ func (m *MemMapFs) findParent(f *mem.FileData) *mem.FileData {
 	return pfile
 }
 
+func (m *MemMapFs) findDescendants(name string) []*mem.FileData {
+	fData := m.getData()
+	descendants := make([]*mem.FileData, 0, len(fData))
+	for p, dFile := range fData {
+		if strings.HasPrefix(p, name+FilePathSeparator) {
+			descendants = append(descendants, dFile)
+		}
+	}
+
+	sort.Slice(descendants, func(i, j int) bool {
+		cur := len(strings.Split(descendants[i].Name(), FilePathSeparator))
+		next := len(strings.Split(descendants[j].Name(), FilePathSeparator))
+		return cur < next
+	})
+
+	return descendants
+}
+
 func (m *MemMapFs) registerWithParent(f *mem.FileData, perm os.FileMode) {
 	if f == nil {
 		return
@@ -96,12 +118,12 @@ func (m *MemMapFs) registerWithParent(f *mem.FileData, perm os.FileMode) {
 		pdir := filepath.Dir(filepath.Clean(f.Name()))
 		err := m.lockfreeMkdir(pdir, perm)
 		if err != nil {
-			//log.Println("Mkdir error:", err)
+			// log.Println("Mkdir error:", err)
 			return
 		}
 		parent, err = m.lockfreeOpen(pdir)
 		if err != nil {
-			//log.Println("Open after Mkdir error:", err)
+			// log.Println("Open after Mkdir error:", err)
 			return
 		}
 	}
@@ -237,7 +259,7 @@ func (m *MemMapFs) OpenFile(name string, flag int, perm os.FileMode) (File, erro
 		file = mem.NewReadOnlyFileHandle(file.(*mem.File).Data())
 	}
 	if flag&os.O_APPEND > 0 {
-		_, err = file.Seek(0, os.SEEK_END)
+		_, err = file.Seek(0, io.SeekEnd)
 		if err != nil {
 			file.Close()
 			return nil, err
@@ -308,11 +330,22 @@ func (m *MemMapFs) Rename(oldname, newname string) error {
 	if _, ok := m.getData()[oldname]; ok {
 		m.mu.RUnlock()
 		m.mu.Lock()
-		m.unRegisterWithParent(oldname)
+		err := m.unRegisterWithParent(oldname)
+		if err != nil {
+			return err
+		}
+
 		fileData := m.getData()[oldname]
-		delete(m.getData(), oldname)
 		mem.ChangeFileName(fileData, newname)
 		m.getData()[newname] = fileData
+
+		err = m.renameDescendants(oldname, newname)
+		if err != nil {
+			return err
+		}
+
+		delete(m.getData(), oldname)
+
 		m.registerWithParent(fileData, 0)
 		m.mu.Unlock()
 		m.mu.RLock()
@@ -322,6 +355,29 @@ func (m *MemMapFs) Rename(oldname, newname string) error {
 	return nil
 }
 
+func (m *MemMapFs) renameDescendants(oldname, newname string) error {
+	descendants := m.findDescendants(oldname)
+	removes := make([]string, 0, len(descendants))
+	for _, desc := range descendants {
+		descNewName := strings.Replace(desc.Name(), oldname, newname, 1)
+		err := m.unRegisterWithParent(desc.Name())
+		if err != nil {
+			return err
+		}
+
+		removes = append(removes, desc.Name())
+		mem.ChangeFileName(desc, descNewName)
+		m.getData()[descNewName] = desc
+
+		m.registerWithParent(desc, 0)
+	}
+	for _, r := range removes {
+		delete(m.getData(), r)
+	}
+
+	return nil
+}
+
 func (m *MemMapFs) LstatIfPossible(name string) (os.FileInfo, bool, error) {
 	fileInfo, err := m.Stat(name)
 	return fileInfo, false, err
diff --git a/vendor/github.com/spf13/afero/regexpfs.go b/vendor/github.com/spf13/afero/regexpfs.go
index ac359c62a..218f3b235 100644
--- a/vendor/github.com/spf13/afero/regexpfs.go
+++ b/vendor/github.com/spf13/afero/regexpfs.go
@@ -10,7 +10,6 @@ import (
 // The RegexpFs filters files (not directories) by regular expression. Only
 // files matching the given regexp will be allowed, all others get a ENOENT error (
 // "No such file or directory").
-//
 type RegexpFs struct {
 	re     *regexp.Regexp
 	source Fs
diff --git a/vendor/github.com/spf13/afero/symlink.go b/vendor/github.com/spf13/afero/symlink.go
index d1c6ea53d..aa6ae125b 100644
--- a/vendor/github.com/spf13/afero/symlink.go
+++ b/vendor/github.com/spf13/afero/symlink.go
@@ -21,9 +21,9 @@ import (
 // filesystems saying so.
 // It indicates support for 3 symlink related interfaces that implement the
 // behaviors of the os methods:
-//    - Lstat
-//    - Symlink, and
-//    - Readlink
+//   - Lstat
+//   - Symlink, and
+//   - Readlink
 type Symlinker interface {
 	Lstater
 	Linker
diff --git a/vendor/github.com/spf13/afero/unionFile.go b/vendor/github.com/spf13/afero/unionFile.go
index 333d367f4..62dd6c93c 100644
--- a/vendor/github.com/spf13/afero/unionFile.go
+++ b/vendor/github.com/spf13/afero/unionFile.go
@@ -47,7 +47,7 @@ func (f *UnionFile) Read(s []byte) (int, error) {
 		if (err == nil || err == io.EOF) && f.Base != nil {
 			// advance the file position also in the base file, the next
 			// call may be a write at this position (or a seek with SEEK_CUR)
-			if _, seekErr := f.Base.Seek(int64(n), os.SEEK_CUR); seekErr != nil {
+			if _, seekErr := f.Base.Seek(int64(n), io.SeekCurrent); seekErr != nil {
 				// only overwrite err in case the seek fails: we need to
 				// report an eventual io.EOF to the caller
 				err = seekErr
@@ -130,7 +130,7 @@ func (f *UnionFile) Name() string {
 type DirsMerger func(lofi, bofi []os.FileInfo) ([]os.FileInfo, error)
 
 var defaultUnionMergeDirsFn = func(lofi, bofi []os.FileInfo) ([]os.FileInfo, error) {
-	var files = make(map[string]os.FileInfo)
+	files := make(map[string]os.FileInfo)
 
 	for _, fi := range lofi {
 		files[fi.Name()] = fi
@@ -151,7 +151,6 @@ var defaultUnionMergeDirsFn = func(lofi, bofi []os.FileInfo) ([]os.FileInfo, err
 	}
 
 	return rfi, nil
-
 }
 
 // Readdir will weave the two directories together and
@@ -275,7 +274,7 @@ func copyFile(base Fs, layer Fs, name string, bfh File) error {
 		return err
 	}
 	if !exists {
-		err = layer.MkdirAll(filepath.Dir(name), 0777) // FIXME?
+		err = layer.MkdirAll(filepath.Dir(name), 0o777) // FIXME?
 		if err != nil {
 			return err
 		}
diff --git a/vendor/github.com/spf13/afero/util.go b/vendor/github.com/spf13/afero/util.go
index cb7de23f2..9e4cba274 100644
--- a/vendor/github.com/spf13/afero/util.go
+++ b/vendor/github.com/spf13/afero/util.go
@@ -43,7 +43,7 @@ func WriteReader(fs Fs, path string, r io.Reader) (err error) {
 	ospath := filepath.FromSlash(dir)
 
 	if ospath != "" {
-		err = fs.MkdirAll(ospath, 0777) // rwx, rw, r
+		err = fs.MkdirAll(ospath, 0o777) // rwx, rw, r
 		if err != nil {
 			if err != os.ErrExist {
 				return err
@@ -71,7 +71,7 @@ func SafeWriteReader(fs Fs, path string, r io.Reader) (err error) {
 	ospath := filepath.FromSlash(dir)
 
 	if ospath != "" {
-		err = fs.MkdirAll(ospath, 0777) // rwx, rw, r
+		err = fs.MkdirAll(ospath, 0o777) // rwx, rw, r
 		if err != nil {
 			return
 		}
@@ -124,7 +124,7 @@ func GetTempDir(fs Fs, subPath string) string {
 			return addSlash(dir)
 		}
 
-		err := fs.MkdirAll(dir, 0777)
+		err := fs.MkdirAll(dir, 0o777)
 		if err != nil {
 			panic(err)
 		}
@@ -197,7 +197,6 @@ func FileContainsAnyBytes(fs Fs, filename string, subslices [][]byte) (bool, err
 
 // readerContains reports whether any of the subslices is within r.
 func readerContainsAny(r io.Reader, subslices ...[]byte) bool {
-
 	if r == nil || len(subslices) == 0 {
 		return false
 	}
diff --git a/vendor/github.com/spf13/cast/README.md b/vendor/github.com/spf13/cast/README.md
index 120a57342..58141f02f 100644
--- a/vendor/github.com/spf13/cast/README.md
+++ b/vendor/github.com/spf13/cast/README.md
@@ -1,7 +1,8 @@
-cast
-====
-[![GoDoc](https://godoc.org/github.com/spf13/cast?status.svg)](https://godoc.org/github.com/spf13/cast)
-[![Build Status](https://github.com/spf13/cast/actions/workflows/go.yml/badge.svg)](https://github.com/spf13/cast/actions/workflows/go.yml)
+# cast
+
+[![Build Status](https://github.com/spf13/cast/actions/workflows/ci.yml/badge.svg)](https://github.com/spf13/cast/actions/workflows/ci.yml)
+[![PkgGoDev](https://pkg.go.dev/badge/mod/github.com/spf13/cast)](https://pkg.go.dev/mod/github.com/spf13/cast)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.16-61CFDD.svg?style=flat-square)
 [![Go Report Card](https://goreportcard.com/badge/github.com/spf13/cast)](https://goreportcard.com/report/github.com/spf13/cast)
 
 Easy and safe casting from one type to another in Go
@@ -17,7 +18,7 @@ interface into a bool, etc. Cast does this intelligently when an obvious
 conversion is possible. It doesn’t make any attempts to guess what you meant,
 for example you can only convert a string to an int when it is a string
 representation of an int such as “8”. Cast was developed for use in
-[Hugo](http://hugo.spf13.com), a website engine which uses YAML, TOML or JSON
+[Hugo](https://gohugo.io), a website engine which uses YAML, TOML or JSON
 for meta data.
 
 ## Why use Cast?
@@ -72,4 +73,3 @@ the code for a complete set.
 	var eight interface{} = 8
     cast.ToInt(eight)              // 8
     cast.ToInt(nil)                // 0
-
diff --git a/vendor/github.com/spf13/cast/caste.go b/vendor/github.com/spf13/cast/caste.go
index 514d759bf..d49bbf83e 100644
--- a/vendor/github.com/spf13/cast/caste.go
+++ b/vendor/github.com/spf13/cast/caste.go
@@ -98,10 +98,31 @@ func ToBoolE(i interface{}) (bool, error) {
 	case nil:
 		return false, nil
 	case int:
-		if i.(int) != 0 {
-			return true, nil
-		}
-		return false, nil
+		return b != 0, nil
+	case int64:
+		return b != 0, nil
+	case int32:
+		return b != 0, nil
+	case int16:
+		return b != 0, nil
+	case int8:
+		return b != 0, nil
+	case uint:
+		return b != 0, nil
+	case uint64:
+		return b != 0, nil
+	case uint32:
+		return b != 0, nil
+	case uint16:
+		return b != 0, nil
+	case uint8:
+		return b != 0, nil
+	case float64:
+		return b != 0, nil
+	case float32:
+		return b != 0, nil
+	case time.Duration:
+		return b != 0, nil
 	case string:
 		return strconv.ParseBool(i.(string))
 	case json.Number:
@@ -1385,6 +1406,8 @@ func (f timeFormat) hasTimezone() bool {
 
 var (
 	timeFormats = []timeFormat{
+		// Keep common formats at the top.
+		{"2006-01-02", timeFormatNoTimezone},
 		{time.RFC3339, timeFormatNumericTimezone},
 		{"2006-01-02T15:04:05", timeFormatNoTimezone}, // iso8601 without timezone
 		{time.RFC1123Z, timeFormatNumericTimezone},
@@ -1400,7 +1423,6 @@ var (
 		{time.UnixDate, timeFormatNamedTimezone},
 		{time.RubyDate, timeFormatNumericTimezone},
 		{"2006-01-02 15:04:05Z07:00", timeFormatNumericTimezone},
-		{"2006-01-02", timeFormatNoTimezone},
 		{"02 Jan 2006", timeFormatNoTimezone},
 		{"2006-01-02 15:04:05 -07:00", timeFormatNumericTimezone},
 		{"2006-01-02 15:04:05 -0700", timeFormatNumericTimezone},
diff --git a/vendor/github.com/spf13/cobra/.golangci.yml b/vendor/github.com/spf13/cobra/.golangci.yml
index 2578d94b5..a618ec24d 100644
--- a/vendor/github.com/spf13/cobra/.golangci.yml
+++ b/vendor/github.com/spf13/cobra/.golangci.yml
@@ -19,7 +19,7 @@ linters:
   disable-all: true
   enable:
     #- bodyclose
-    - deadcode
+    # - deadcode ! deprecated since v1.49.0; replaced by 'unused'
     #- depguard
     #- dogsled
     #- dupl
@@ -51,12 +51,12 @@ linters:
     #- rowserrcheck
     #- scopelint
     #- staticcheck
-    - structcheck
+    #- structcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- stylecheck
     #- typecheck
     - unconvert
     #- unparam
-    #- unused
-    - varcheck
+    - unused
+    # - varcheck ! deprecated since v1.49.0; replaced by 'unused'
     #- whitespace
   fast: false
diff --git a/vendor/github.com/spf13/cobra/README.md b/vendor/github.com/spf13/cobra/README.md
index 592c0b8ab..6444f4b7f 100644
--- a/vendor/github.com/spf13/cobra/README.md
+++ b/vendor/github.com/spf13/cobra/README.md
@@ -4,7 +4,7 @@ Cobra is a library for creating powerful modern CLI applications.
 
 Cobra is used in many Go projects such as [Kubernetes](https://kubernetes.io/),
 [Hugo](https://gohugo.io), and [GitHub CLI](https://github.com/cli/cli) to
-name a few. [This list](./projects_using_cobra.md) contains a more extensive list of projects using Cobra.
+name a few. [This list](site/content/projects_using_cobra.md) contains a more extensive list of projects using Cobra.
 
 [![](https://img.shields.io/github/actions/workflow/status/spf13/cobra/test.yml?branch=main&longCache=true&label=Test&logo=github%20actions&logoColor=fff)](https://github.com/spf13/cobra/actions?query=workflow%3ATest)
 [![Go Reference](https://pkg.go.dev/badge/github.com/spf13/cobra.svg)](https://pkg.go.dev/github.com/spf13/cobra)
@@ -80,7 +80,7 @@ which maintains the same interface while adding POSIX compliance.
 
 # Installing
 Using Cobra is easy. First, use `go get` to install the latest version
-of the library.     
+of the library.
 
 ```
 go get -u github.com/spf13/cobra@latest
@@ -105,8 +105,8 @@ go install github.com/spf13/cobra-cli@latest
 
 For complete details on using the Cobra-CLI generator, please read [The Cobra Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
 
-For complete details on using the Cobra library, please read the [The Cobra User Guide](user_guide.md).
+For complete details on using the Cobra library, please read the [The Cobra User Guide](site/content/user_guide.md).
 
 # License
 
-Cobra is released under the Apache 2.0 license. See [LICENSE.txt](https://github.com/spf13/cobra/blob/master/LICENSE.txt)
+Cobra is released under the Apache 2.0 license. See [LICENSE.txt](LICENSE.txt)
diff --git a/vendor/github.com/spf13/cobra/active_help.go b/vendor/github.com/spf13/cobra/active_help.go
index 2d0239437..5f965e057 100644
--- a/vendor/github.com/spf13/cobra/active_help.go
+++ b/vendor/github.com/spf13/cobra/active_help.go
@@ -17,6 +17,7 @@ package cobra
 import (
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 )
 
@@ -29,6 +30,8 @@ const (
 	activeHelpGlobalDisable = "0"
 )
 
+var activeHelpEnvVarPrefixSubstRegexp = regexp.MustCompile(`[^A-Z0-9_]`)
+
 // AppendActiveHelp adds the specified string to the specified array to be used as ActiveHelp.
 // Such strings will be processed by the completion script and will be shown as ActiveHelp
 // to the user.
@@ -42,7 +45,7 @@ func AppendActiveHelp(compArray []string, activeHelpStr string) []string {
 
 // GetActiveHelpConfig returns the value of the ActiveHelp environment variable
 // <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the root command in upper
-// case, with all - replaced by _.
+// case, with all non-ASCII-alphanumeric characters replaced by `_`.
 // It will always return "0" if the global environment variable COBRA_ACTIVE_HELP
 // is set to "0".
 func GetActiveHelpConfig(cmd *Command) string {
@@ -55,9 +58,10 @@ func GetActiveHelpConfig(cmd *Command) string {
 
 // activeHelpEnvVar returns the name of the program-specific ActiveHelp environment
 // variable.  It has the format <PROGRAM>_ACTIVE_HELP where <PROGRAM> is the name of the
-// root command in upper case, with all - replaced by _.
+// root command in upper case, with all non-ASCII-alphanumeric characters replaced by `_`.
 func activeHelpEnvVar(name string) string {
 	// This format should not be changed: users will be using it explicitly.
 	activeHelpEnvVar := strings.ToUpper(fmt.Sprintf("%s%s", name, activeHelpEnvVarSuffix))
-	return strings.ReplaceAll(activeHelpEnvVar, "-", "_")
+	activeHelpEnvVar = activeHelpEnvVarPrefixSubstRegexp.ReplaceAllString(activeHelpEnvVar, "_")
+	return activeHelpEnvVar
 }
diff --git a/vendor/github.com/spf13/cobra/active_help.md b/vendor/github.com/spf13/cobra/active_help.md
deleted file mode 100644
index 5e7f59af3..000000000
--- a/vendor/github.com/spf13/cobra/active_help.md
+++ /dev/null
@@ -1,157 +0,0 @@
-# Active Help
-
-Active Help is a framework provided by Cobra which allows a program to define messages (hints, warnings, etc) that will be printed during program usage.  It aims to make it easier for your users to learn how to use your program.  If configured by the program, Active Help is printed when the user triggers shell completion.
-
-For example, 
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding.
-
-bash-5.1$ bin/helm package [tab]
-Please specify the path to the chart to package
-
-bash-5.1$ bin/helm package [tab][tab]
-bin/    internal/    scripts/    pkg/     testdata/
-```
-
-**Hint**: A good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions to guide the user in knowing what is expected by the program.
-## Supported shells
-
-Active Help is currently only supported for the following shells:
-- Bash (using [bash completion V2](shell_completions.md#bash-completion-v2) only). Note that bash 4.4 or higher is required for the prompt to appear when an Active Help message is printed.
-- Zsh
-
-## Adding Active Help messages
-
-As Active Help uses the shell completion system, the implementation of Active Help messages is done by enhancing custom dynamic completions.  If you are not familiar with dynamic completions, please refer to [Shell Completions](shell_completions.md).
-
-Adding Active Help is done through the use of the `cobra.AppendActiveHelp(...)` function, where the program repeatedly adds Active Help messages to the list of completions.  Keep reading for details.
-
-### Active Help for nouns
-
-Adding Active Help when completing a noun is done within the `ValidArgsFunction(...)` of a command.  Please notice the use of `cobra.AppendActiveHelp(...)` in the following example:
-
-```go
-cmd := &cobra.Command{
-	Use:   "add [NAME] [URL]",
-	Short: "add a chart repository",
-	Args:  require.ExactArgs(2),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return addRepo(args)
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		var comps []string
-		if len(args) == 0 {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		} else if len(args) == 1 {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		} else {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-		return comps, cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-The example above defines the completions (none, in this specific example) as well as the Active Help messages for the `helm repo add` command.  It yields the following behavior:
-```
-bash-5.1$ helm repo add [tab]
-You must choose a name for the repo you are adding
-
-bash-5.1$ helm repo add grafana [tab]
-You must specify the URL for the repo you are adding
-
-bash-5.1$ helm repo add grafana https://grafana.github.io/helm-charts [tab]
-This command does not take any more arguments
-```
-**Hint**: As can be seen in the above example, a good place to use Active Help messages is when the normal completion system does not provide any suggestions. In such cases, Active Help nicely supplements the normal shell completions.
-
-### Active Help for flags
-
-Providing Active Help for flags is done in the same fashion as for nouns, but using the completion function registered for the flag.  For example:
-```go
-_ = cmd.RegisterFlagCompletionFunc("version", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 2 {
-			return cobra.AppendActiveHelp(nil, "You must first specify the chart to install before the --version flag can be completed"), cobra.ShellCompDirectiveNoFileComp
-		}
-		return compVersionFlag(args[1], toComplete)
-	})
-```
-The example above prints an Active Help message when not enough information was given by the user to complete the `--version` flag.
-```
-bash-5.1$ bin/helm install myrelease --version 2.0.[tab]
-You must first specify the chart to install before the --version flag can be completed
-
-bash-5.1$ bin/helm install myrelease bitnami/solr --version 2.0.[tab][tab]
-2.0.1  2.0.2  2.0.3
-```
-
-## User control of Active Help
-
-You may want to allow your users to disable Active Help or choose between different levels of Active Help.  It is entirely up to the program to define the type of configurability of Active Help that it wants to offer, if any.
-Allowing to configure Active Help is entirely optional; you can use Active Help in your program without doing anything about Active Help configuration.
-
-The way to configure Active Help is to use the program's Active Help environment
-variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where `<PROGRAM>` is the name of your 
-program in uppercase with any `-` replaced by an `_`.  The variable should be set by the user to whatever
-Active Help configuration values are supported by the program.
-
-For example, say `helm` has chosen to support three levels for Active Help: `on`, `off`, `local`.  Then a user
-would set the desired behavior to `local` by doing `export HELM_ACTIVE_HELP=local` in their shell.
-
-For simplicity, when in `cmd.ValidArgsFunction(...)` or a flag's completion function, the program should read the
-Active Help configuration using the `cobra.GetActiveHelpConfig(cmd)` function and select what Active Help messages
-should or should not be added (instead of reading the environment variable directly).
-
-For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	activeHelpLevel := cobra.GetActiveHelpConfig(cmd)
-
-	var comps []string
-	if len(args) == 0 {
-		if activeHelpLevel != "off"  {
-			comps = cobra.AppendActiveHelp(comps, "You must choose a name for the repo you are adding")
-		}
-	} else if len(args) == 1 {
-		if activeHelpLevel != "off" {
-			comps = cobra.AppendActiveHelp(comps, "You must specify the URL for the repo you are adding")
-		}
-	} else {
-		if activeHelpLevel == "local" {
-			comps = cobra.AppendActiveHelp(comps, "This command does not take any more arguments")
-		}
-	}
-	return comps, cobra.ShellCompDirectiveNoFileComp
-},
-```
-**Note 1**: If the `<PROGRAM>_ACTIVE_HELP` environment variable is set to the string "0", Cobra will automatically disable all Active Help output (even if some output was specified by the program using the `cobra.AppendActiveHelp(...)` function).  Using "0" can simplify your code in situations where you want to blindly disable Active Help without having to call `cobra.GetActiveHelpConfig(cmd)` explicitly.
-
-**Note 2**: If a user wants to disable Active Help for every single program based on Cobra, she can set the environment variable `COBRA_ACTIVE_HELP` to "0".  In this case `cobra.GetActiveHelpConfig(cmd)` will return "0" no matter what the variable `<PROGRAM>_ACTIVE_HELP` is set to.
-
-**Note 3**: If the user does not set `<PROGRAM>_ACTIVE_HELP` or `COBRA_ACTIVE_HELP` (which will be a common case), the default value for the Active Help configuration returned by `cobra.GetActiveHelpConfig(cmd)` will be the empty string. 
-## Active Help with Cobra's default completion command
-
-Cobra provides a default `completion` command for programs that wish to use it.
-When using the default `completion` command, Active Help is configurable in the same
-fashion as described above using environment variables.  You may wish to document this in more
-details for your users.
-
-## Debugging Active Help
-
-Debugging your Active Help code is done in the same way as debugging your dynamic completion code, which is with Cobra's hidden `__complete` command.  Please refer to [debugging shell completion](shell_completions.md#debugging) for details.
-
-When debugging with the `__complete` command, if you want to specify different Active Help configurations, you should use the active help environment variable.  That variable is named `<PROGRAM>_ACTIVE_HELP` where any `-` is replaced by an `_`.  For example, we can test deactivating some Active Help as shown below:
-```
-$ HELM_ACTIVE_HELP=1 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-_activeHelp_ WARNING: cannot re-use a name that is still in use
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-
-$ HELM_ACTIVE_HELP=0 bin/helm __complete install wordpress bitnami/h<ENTER>
-bitnami/haproxy
-bitnami/harbor
-:0
-Completion ended with directive: ShellCompDirectiveDefault
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completions.go b/vendor/github.com/spf13/cobra/bash_completions.go
index 10c78847d..8a5315184 100644
--- a/vendor/github.com/spf13/cobra/bash_completions.go
+++ b/vendor/github.com/spf13/cobra/bash_completions.go
@@ -85,7 +85,7 @@ __%[1]s_handle_go_custom_completion()
     local out requestComp lastParam lastChar comp directive args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     # Disable ActiveHelp which is not supported for bash completion v1
     requestComp="%[8]s=0 ${words[0]} %[2]s ${args[*]}"
diff --git a/vendor/github.com/spf13/cobra/bash_completions.md b/vendor/github.com/spf13/cobra/bash_completions.md
deleted file mode 100644
index 52919b2fa..000000000
--- a/vendor/github.com/spf13/cobra/bash_completions.md
+++ /dev/null
@@ -1,93 +0,0 @@
-# Generating Bash Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its legacy dynamic completion solution (described below).  Unlike the `ValidArgsFunction` solution, the legacy solution will only work for Bash shell-completion and not for other shells. This legacy solution can be used along-side `ValidArgsFunction` and `RegisterFlagCompletionFunc()`, as long as both solutions are not used for the same command.  This provides a path to gradually migrate from the legacy solution to the new solution.
-
-**Note**: Cobra's default `completion` command uses bash completion V2.  If you are currently using Cobra's legacy dynamic completion solution, you should not use the default `completion` command but continue using your own.
-
-The legacy solution allows you to inject bash functions into the bash completion script.  Those bash functions are responsible for providing the completion choices for your own completions.
-
-Some code that works in kubernetes:
-
-```bash
-const (
-        bash_completion_func = `__kubectl_parse_get()
-{
-    local kubectl_output out
-    if kubectl_output=$(kubectl get --no-headers "$1" 2>/dev/null); then
-        out=($(echo "${kubectl_output}" | awk '{print $1}'))
-        COMPREPLY=( $( compgen -W "${out[*]}" -- "$cur" ) )
-    fi
-}
-
-__kubectl_get_resource()
-{
-    if [[ ${#nouns[@]} -eq 0 ]]; then
-        return 1
-    fi
-    __kubectl_parse_get ${nouns[${#nouns[@]} -1]}
-    if [[ $? -eq 0 ]]; then
-        return 0
-    fi
-}
-
-__kubectl_custom_func() {
-    case ${last_command} in
-        kubectl_get | kubectl_describe | kubectl_delete | kubectl_stop)
-            __kubectl_get_resource
-            return
-            ;;
-        *)
-            ;;
-    esac
-}
-`)
-```
-
-And then I set that in my command definition:
-
-```go
-cmds := &cobra.Command{
-	Use:   "kubectl",
-	Short: "kubectl controls the Kubernetes cluster manager",
-	Long: `kubectl controls the Kubernetes cluster manager.
-
-Find more information at https://github.com/GoogleCloudPlatform/kubernetes.`,
-	Run: runHelp,
-	BashCompletionFunction: bash_completion_func,
-}
-```
-
-The `BashCompletionFunction` option is really only valid/useful on the root command. Doing the above will cause `__kubectl_custom_func()` (`__<command-use>_custom_func()`) to be called when the built in processor was unable to find a solution. In the case of kubernetes a valid command might look something like `kubectl get pod [mypod]`. If you type `kubectl get pod [tab][tab]` the `__kubectl_customc_func()` will run because the cobra.Command only understood "kubectl" and "get." `__kubectl_custom_func()` will see that the cobra.Command is "kubectl_get" and will thus call another helper `__kubectl_get_resource()`.  `__kubectl_get_resource` will look at the 'nouns' collected. In our example the only noun will be `pod`.  So it will call `__kubectl_parse_get pod`.  `__kubectl_parse_get` will actually call out to kubernetes and get any pods.  It will then set `COMPREPLY` to valid pods!
-
-Similarly, for flags:
-
-```go
-	annotation := make(map[string][]string)
-	annotation[cobra.BashCompCustom] = []string{"__kubectl_get_namespaces"}
-
-	flag := &pflag.Flag{
-		Name:        "namespace",
-		Usage:       usage,
-		Annotations: annotation,
-	}
-	cmd.Flags().AddFlag(flag)
-```
-
-In addition add the `__kubectl_get_namespaces` implementation in the `BashCompletionFunction`
-value, e.g.:
-
-```bash
-__kubectl_get_namespaces()
-{
-    local template
-    template="{{ range .items  }}{{ .metadata.name }} {{ end }}"
-    local kubectl_out
-    if kubectl_out=$(kubectl get -o template --template="${template}" namespace 2>/dev/null); then
-        COMPREPLY=( $( compgen -W "${kubectl_out}[*]" -- "$cur" ) )
-    fi
-}
-```
diff --git a/vendor/github.com/spf13/cobra/bash_completionsV2.go b/vendor/github.com/spf13/cobra/bash_completionsV2.go
index 19b09560c..1cce5c329 100644
--- a/vendor/github.com/spf13/cobra/bash_completionsV2.go
+++ b/vendor/github.com/spf13/cobra/bash_completionsV2.go
@@ -57,7 +57,7 @@ __%[1]s_get_completion_results() {
     local requestComp lastParam lastChar args
 
     # Prepare the command to request completions for the program.
-    # Calling ${words[0]} instead of directly %[1]s allows to handle aliases
+    # Calling ${words[0]} instead of directly %[1]s allows handling aliases
     args=("${words[@]:1}")
     requestComp="${words[0]} %[2]s ${args[*]}"
 
diff --git a/vendor/github.com/spf13/cobra/cobra.go b/vendor/github.com/spf13/cobra/cobra.go
index b07b44a0c..a6b160ce5 100644
--- a/vendor/github.com/spf13/cobra/cobra.go
+++ b/vendor/github.com/spf13/cobra/cobra.go
@@ -43,12 +43,13 @@ var initializers []func()
 var finalizers []func()
 
 const (
-	defaultPrefixMatching  = false
-	defaultCommandSorting  = true
-	defaultCaseInsensitive = false
+	defaultPrefixMatching   = false
+	defaultCommandSorting   = true
+	defaultCaseInsensitive  = false
+	defaultTraverseRunHooks = false
 )
 
-// EnablePrefixMatching allows to set automatic prefix matching. Automatic prefix matching can be a dangerous thing
+// EnablePrefixMatching allows setting automatic prefix matching. Automatic prefix matching can be a dangerous thing
 // to automatically enable in CLI tools.
 // Set this to true to enable it.
 var EnablePrefixMatching = defaultPrefixMatching
@@ -60,6 +61,10 @@ var EnableCommandSorting = defaultCommandSorting
 // EnableCaseInsensitive allows case-insensitive commands names. (case sensitive by default)
 var EnableCaseInsensitive = defaultCaseInsensitive
 
+// EnableTraverseRunHooks executes persistent pre-run and post-run hooks from all parents.
+// By default this is disabled, which means only the first run hook to be found is executed.
+var EnableTraverseRunHooks = defaultTraverseRunHooks
+
 // MousetrapHelpText enables an information splash screen on Windows
 // if the CLI is started from explorer.exe.
 // To disable the mousetrap, just set this variable to blank string ("").
diff --git a/vendor/github.com/spf13/cobra/command.go b/vendor/github.com/spf13/cobra/command.go
index 01f7c6f1c..2fbe6c131 100644
--- a/vendor/github.com/spf13/cobra/command.go
+++ b/vendor/github.com/spf13/cobra/command.go
@@ -30,7 +30,10 @@ import (
 	flag "github.com/spf13/pflag"
 )
 
-const FlagSetByCobraAnnotation = "cobra_annotation_flag_set_by_cobra"
+const (
+	FlagSetByCobraAnnotation     = "cobra_annotation_flag_set_by_cobra"
+	CommandDisplayNameAnnotation = "cobra_annotation_command_display_name"
+)
 
 // FParseErrWhitelist configures Flag parse errors to be ignored
 type FParseErrWhitelist flag.ParseErrorsWhitelist
@@ -99,7 +102,7 @@ type Command struct {
 	Deprecated string
 
 	// Annotations are key/value pairs that can be used by applications to identify or
-	// group commands.
+	// group commands or set special options.
 	Annotations map[string]string
 
 	// Version defines the version for this command. If this value is non-empty and the command does not
@@ -115,6 +118,8 @@ type Command struct {
 	//   * PostRun()
 	//   * PersistentPostRun()
 	// All functions get the same args, the arguments after the command name.
+	// The *PreRun and *PostRun functions will only be executed if the Run function of the current
+	// command has been declared.
 	//
 	// PersistentPreRun: children of this command will inherit and execute.
 	PersistentPreRun func(cmd *Command, args []string)
@@ -181,6 +186,9 @@ type Command struct {
 	// versionTemplate is the version template defined by user.
 	versionTemplate string
 
+	// errPrefix is the error message prefix defined by user.
+	errPrefix string
+
 	// inReader is a reader defined by the user that replaces stdin
 	inReader io.Reader
 	// outWriter is a writer defined by the user that replaces stdout
@@ -346,6 +354,11 @@ func (c *Command) SetVersionTemplate(s string) {
 	c.versionTemplate = s
 }
 
+// SetErrPrefix sets error message prefix to be used. Application can use it to set custom prefix.
+func (c *Command) SetErrPrefix(s string) {
+	c.errPrefix = s
+}
+
 // SetGlobalNormalizationFunc sets a normalization function to all flag sets and also to child commands.
 // The user should not have a cyclic dependency on commands.
 func (c *Command) SetGlobalNormalizationFunc(n func(f *flag.FlagSet, name string) flag.NormalizedName) {
@@ -595,6 +608,18 @@ func (c *Command) VersionTemplate() string {
 `
 }
 
+// ErrPrefix return error message prefix for the command
+func (c *Command) ErrPrefix() string {
+	if c.errPrefix != "" {
+		return c.errPrefix
+	}
+
+	if c.HasParent() {
+		return c.parent.ErrPrefix()
+	}
+	return "Error:"
+}
+
 func hasNoOptDefVal(name string, fs *flag.FlagSet) bool {
 	flag := fs.Lookup(name)
 	if flag == nil {
@@ -752,7 +777,9 @@ func (c *Command) findNext(next string) *Command {
 	}
 
 	if len(matches) == 1 {
-		return matches[0]
+		// Temporarily disable gosec G602, which produces a false positive.
+		// See https://github.com/securego/gosec/issues/1005.
+		return matches[0] // #nosec G602
 	}
 
 	return nil
@@ -910,15 +937,31 @@ func (c *Command) execute(a []string) (err error) {
 		return err
 	}
 
+	parents := make([]*Command, 0, 5)
 	for p := c; p != nil; p = p.Parent() {
+		if EnableTraverseRunHooks {
+			// When EnableTraverseRunHooks is set:
+			// - Execute all persistent pre-runs from the root parent till this command.
+			// - Execute all persistent post-runs from this command till the root parent.
+			parents = append([]*Command{p}, parents...)
+		} else {
+			// Otherwise, execute only the first found persistent hook.
+			parents = append(parents, p)
+		}
+	}
+	for _, p := range parents {
 		if p.PersistentPreRunE != nil {
 			if err := p.PersistentPreRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPreRun != nil {
 			p.PersistentPreRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 	if c.PreRunE != nil {
@@ -955,10 +998,14 @@ func (c *Command) execute(a []string) (err error) {
 			if err := p.PersistentPostRunE(c, argWoFlags); err != nil {
 				return err
 			}
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		} else if p.PersistentPostRun != nil {
 			p.PersistentPostRun(c, argWoFlags)
-			break
+			if !EnableTraverseRunHooks {
+				break
+			}
 		}
 	}
 
@@ -1048,7 +1095,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 			c = cmd
 		}
 		if !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(c.ErrPrefix(), err.Error())
 			c.PrintErrf("Run '%v --help' for usage.\n", c.CommandPath())
 		}
 		return c, err
@@ -1077,7 +1124,7 @@ func (c *Command) ExecuteC() (cmd *Command, err error) {
 		// If root command has SilenceErrors flagged,
 		// all subcommands should respect it
 		if !cmd.SilenceErrors && !c.SilenceErrors {
-			c.PrintErrln("Error:", err.Error())
+			c.PrintErrln(cmd.ErrPrefix(), err.Error())
 		}
 
 		// If root command has SilenceUsage flagged,
@@ -1380,6 +1427,9 @@ func (c *Command) CommandPath() string {
 	if c.HasParent() {
 		return c.Parent().CommandPath() + " " + c.Name()
 	}
+	if displayName, ok := c.Annotations[CommandDisplayNameAnnotation]; ok {
+		return displayName
+	}
 	return c.Name()
 }
 
@@ -1402,6 +1452,7 @@ func (c *Command) UseLine() string {
 
 // DebugFlags used to determine which flags have been assigned to which commands
 // and which persist.
+// nolint:goconst
 func (c *Command) DebugFlags() {
 	c.Println("DebugFlags called on", c.Name())
 	var debugflags func(*Command)
diff --git a/vendor/github.com/spf13/cobra/completions.go b/vendor/github.com/spf13/cobra/completions.go
index ee38c4d0b..b60f6b200 100644
--- a/vendor/github.com/spf13/cobra/completions.go
+++ b/vendor/github.com/spf13/cobra/completions.go
@@ -145,6 +145,20 @@ func (c *Command) RegisterFlagCompletionFunc(flagName string, f func(cmd *Comman
 	return nil
 }
 
+// GetFlagCompletionFunc returns the completion function for the given flag of the command, if available.
+func (c *Command) GetFlagCompletionFunc(flagName string) (func(*Command, []string, string) ([]string, ShellCompDirective), bool) {
+	flag := c.Flag(flagName)
+	if flag == nil {
+		return nil, false
+	}
+
+	flagCompletionMutex.RLock()
+	defer flagCompletionMutex.RUnlock()
+
+	completionFunc, exists := flagCompletionFunctions[flag]
+	return completionFunc, exists
+}
+
 // Returns a string listing the different directive enabled in the specified parameter
 func (d ShellCompDirective) string() string {
 	var directives []string
@@ -283,9 +297,13 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 
 	// These flags are normally added when `execute()` is called on `finalCmd`,
 	// however, when doing completion, we don't call `finalCmd.execute()`.
-	// Let's add the --help and --version flag ourselves.
-	finalCmd.InitDefaultHelpFlag()
-	finalCmd.InitDefaultVersionFlag()
+	// Let's add the --help and --version flag ourselves but only if the finalCmd
+	// has not disabled flag parsing; if flag parsing is disabled, it is up to the
+	// finalCmd itself to handle the completion of *all* flags.
+	if !finalCmd.DisableFlagParsing {
+		finalCmd.InitDefaultHelpFlag()
+		finalCmd.InitDefaultVersionFlag()
+	}
 
 	// Check if we are doing flag value completion before parsing the flags.
 	// This is important because if we are completing a flag value, we need to also
@@ -389,6 +407,11 @@ func (c *Command) getCompletions(args []string) (*Command, []string, ShellCompDi
 			finalCmd.InheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
+			// Try to complete non-inherited flags even if DisableFlagParsing==true.
+			// This allows programs to tell Cobra about flags for completion even
+			// if the actual parsing of flags is not done by Cobra.
+			// For instance, Helm uses this to provide flag name completion for
+			// some of its plugins.
 			finalCmd.NonInheritedFlags().VisitAll(func(flag *pflag.Flag) {
 				doCompleteFlags(flag)
 			})
diff --git a/vendor/github.com/spf13/cobra/fish_completions.go b/vendor/github.com/spf13/cobra/fish_completions.go
index 12ca0d2b1..12d61b691 100644
--- a/vendor/github.com/spf13/cobra/fish_completions.go
+++ b/vendor/github.com/spf13/cobra/fish_completions.go
@@ -113,7 +113,7 @@ function __%[1]s_clear_perform_completion_once_result
     __%[1]s_debug ""
     __%[1]s_debug "========= clearing previously set __%[1]s_perform_completion_once_result variable =========="
     set --erase __%[1]s_perform_completion_once_result
-    __%[1]s_debug "Succesfully erased the variable __%[1]s_perform_completion_once_result"
+    __%[1]s_debug "Successfully erased the variable __%[1]s_perform_completion_once_result"
 end
 
 function __%[1]s_requires_order_preservation
diff --git a/vendor/github.com/spf13/cobra/fish_completions.md b/vendor/github.com/spf13/cobra/fish_completions.md
deleted file mode 100644
index 19b2ed129..000000000
--- a/vendor/github.com/spf13/cobra/fish_completions.md
+++ /dev/null
@@ -1,4 +0,0 @@
-## Generating Fish Completions For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
diff --git a/vendor/github.com/spf13/cobra/flag_groups.go b/vendor/github.com/spf13/cobra/flag_groups.go
index b35fde155..0671ec5f2 100644
--- a/vendor/github.com/spf13/cobra/flag_groups.go
+++ b/vendor/github.com/spf13/cobra/flag_groups.go
@@ -24,6 +24,7 @@ import (
 
 const (
 	requiredAsGroup   = "cobra_annotation_required_if_others_set"
+	oneRequired       = "cobra_annotation_one_required"
 	mutuallyExclusive = "cobra_annotation_mutually_exclusive"
 )
 
@@ -43,6 +44,22 @@ func (c *Command) MarkFlagsRequiredTogether(flagNames ...string) {
 	}
 }
 
+// MarkFlagsOneRequired marks the given flags with annotations so that Cobra errors
+// if the command is invoked without at least one flag from the given set of flags.
+func (c *Command) MarkFlagsOneRequired(flagNames ...string) {
+	c.mergePersistentFlags()
+	for _, v := range flagNames {
+		f := c.Flags().Lookup(v)
+		if f == nil {
+			panic(fmt.Sprintf("Failed to find flag %q and mark it as being in a one-required flag group", v))
+		}
+		if err := c.Flags().SetAnnotation(v, oneRequired, append(f.Annotations[oneRequired], strings.Join(flagNames, " "))); err != nil {
+			// Only errs if the flag isn't found.
+			panic(err)
+		}
+	}
+}
+
 // MarkFlagsMutuallyExclusive marks the given flags with annotations so that Cobra errors
 // if the command is invoked with more than one flag from the given set of flags.
 func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
@@ -59,7 +76,7 @@ func (c *Command) MarkFlagsMutuallyExclusive(flagNames ...string) {
 	}
 }
 
-// ValidateFlagGroups validates the mutuallyExclusive/requiredAsGroup logic and returns the
+// ValidateFlagGroups validates the mutuallyExclusive/oneRequired/requiredAsGroup logic and returns the
 // first error encountered.
 func (c *Command) ValidateFlagGroups() error {
 	if c.DisableFlagParsing {
@@ -71,15 +88,20 @@ func (c *Command) ValidateFlagGroups() error {
 	// groupStatus format is the list of flags as a unique ID,
 	// then a map of each flag name and whether it is set or not.
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	flags.VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
 	if err := validateRequiredFlagGroups(groupStatus); err != nil {
 		return err
 	}
+	if err := validateOneRequiredFlagGroups(oneRequiredGroupStatus); err != nil {
+		return err
+	}
 	if err := validateExclusiveFlagGroups(mutuallyExclusiveGroupStatus); err != nil {
 		return err
 	}
@@ -142,6 +164,27 @@ func validateRequiredFlagGroups(data map[string]map[string]bool) error {
 	return nil
 }
 
+func validateOneRequiredFlagGroups(data map[string]map[string]bool) error {
+	keys := sortedKeys(data)
+	for _, flagList := range keys {
+		flagnameAndStatus := data[flagList]
+		var set []string
+		for flagname, isSet := range flagnameAndStatus {
+			if isSet {
+				set = append(set, flagname)
+			}
+		}
+		if len(set) >= 1 {
+			continue
+		}
+
+		// Sort values, so they can be tested/scripted against consistently.
+		sort.Strings(set)
+		return fmt.Errorf("at least one of the flags in the group [%v] is required", flagList)
+	}
+	return nil
+}
+
 func validateExclusiveFlagGroups(data map[string]map[string]bool) error {
 	keys := sortedKeys(data)
 	for _, flagList := range keys {
@@ -176,6 +219,7 @@ func sortedKeys(m map[string]map[string]bool) []string {
 
 // enforceFlagGroupsForCompletion will do the following:
 // - when a flag in a group is present, other flags in the group will be marked required
+// - when none of the flags in a one-required group are present, all flags in the group will be marked required
 // - when a flag in a mutually exclusive group is present, other flags in the group will be marked as hidden
 // This allows the standard completion logic to behave appropriately for flag groups
 func (c *Command) enforceFlagGroupsForCompletion() {
@@ -185,9 +229,11 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 
 	flags := c.Flags()
 	groupStatus := map[string]map[string]bool{}
+	oneRequiredGroupStatus := map[string]map[string]bool{}
 	mutuallyExclusiveGroupStatus := map[string]map[string]bool{}
 	c.Flags().VisitAll(func(pflag *flag.Flag) {
 		processFlagForGroupAnnotation(flags, pflag, requiredAsGroup, groupStatus)
+		processFlagForGroupAnnotation(flags, pflag, oneRequired, oneRequiredGroupStatus)
 		processFlagForGroupAnnotation(flags, pflag, mutuallyExclusive, mutuallyExclusiveGroupStatus)
 	})
 
@@ -204,6 +250,26 @@ func (c *Command) enforceFlagGroupsForCompletion() {
 		}
 	}
 
+	// If none of the flags of a one-required group are present, we make all the flags
+	// of that group required so that the shell completion suggests them automatically
+	for flagList, flagnameAndStatus := range oneRequiredGroupStatus {
+		set := 0
+
+		for _, isSet := range flagnameAndStatus {
+			if isSet {
+				set++
+			}
+		}
+
+		// None of the flags of the group are set, mark all flags in the group
+		// as required
+		if set == 0 {
+			for _, fName := range strings.Split(flagList, " ") {
+				_ = c.MarkFlagRequired(fName)
+			}
+		}
+	}
+
 	// If a flag that is mutually exclusive to others is present, we hide the other
 	// flags of that group so the shell completion does not suggest them
 	for flagList, flagnameAndStatus := range mutuallyExclusiveGroupStatus {
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.go b/vendor/github.com/spf13/cobra/powershell_completions.go
index 177d2755f..551951939 100644
--- a/vendor/github.com/spf13/cobra/powershell_completions.go
+++ b/vendor/github.com/spf13/cobra/powershell_completions.go
@@ -47,7 +47,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 `+"    $_ -replace '\\s|#|@|\\$|;|,|''|\\{|\\}|\\(|\\)|\"|`|\\||<|>|&','`$&'"+`
 }
 
-[scriptblock]$__%[2]sCompleterBlock = {
+[scriptblock]${__%[2]sCompleterBlock} = {
     param(
             $WordToComplete,
             $CommandAst,
@@ -122,7 +122,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
 
     __%[1]s_debug "Calling $RequestComp"
     # First disable ActiveHelp which is not supported for Powershell
-    $env:%[10]s=0
+    ${env:%[10]s}=0
 
     #call the command store the output in $out and redirect stderr and stdout to null
     # $Out is an array contains each line per element
@@ -279,7 +279,7 @@ filter __%[1]s_escapeStringWithSpecialChars {
     }
 }
 
-Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock $__%[2]sCompleterBlock
+Register-ArgumentCompleter -CommandName '%[1]s' -ScriptBlock ${__%[2]sCompleterBlock}
 `, name, nameForVar, compCmd,
 		ShellCompDirectiveError, ShellCompDirectiveNoSpace, ShellCompDirectiveNoFileComp,
 		ShellCompDirectiveFilterFileExt, ShellCompDirectiveFilterDirs, ShellCompDirectiveKeepOrder, activeHelpEnvVar(name)))
diff --git a/vendor/github.com/spf13/cobra/powershell_completions.md b/vendor/github.com/spf13/cobra/powershell_completions.md
deleted file mode 100644
index c449f1e5c..000000000
--- a/vendor/github.com/spf13/cobra/powershell_completions.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Generating PowerShell Completions For Your Own cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md#powershell-completions) for details.
diff --git a/vendor/github.com/spf13/cobra/projects_using_cobra.md b/vendor/github.com/spf13/cobra/projects_using_cobra.md
deleted file mode 100644
index 8a291eb20..000000000
--- a/vendor/github.com/spf13/cobra/projects_using_cobra.md
+++ /dev/null
@@ -1,64 +0,0 @@
-## Projects using Cobra
-
-- [Allero](https://github.com/allero-io/allero)
-- [Arewefastyet](https://benchmark.vitess.io)
-- [Arduino CLI](https://github.com/arduino/arduino-cli)
-- [Bleve](https://blevesearch.com/)
-- [Cilium](https://cilium.io/)
-- [CloudQuery](https://github.com/cloudquery/cloudquery)
-- [CockroachDB](https://www.cockroachlabs.com/)
-- [Constellation](https://github.com/edgelesssys/constellation)
-- [Cosmos SDK](https://github.com/cosmos/cosmos-sdk)
-- [Datree](https://github.com/datreeio/datree)
-- [Delve](https://github.com/derekparker/delve)
-- [Docker (distribution)](https://github.com/docker/distribution)
-- [Etcd](https://etcd.io/)
-- [Gardener](https://github.com/gardener/gardenctl)
-- [Giant Swarm's gsctl](https://github.com/giantswarm/gsctl)
-- [Git Bump](https://github.com/erdaltsksn/git-bump)
-- [GitHub CLI](https://github.com/cli/cli)
-- [GitHub Labeler](https://github.com/erdaltsksn/gh-label)
-- [Golangci-lint](https://golangci-lint.run)
-- [GopherJS](https://github.com/gopherjs/gopherjs)
-- [GoReleaser](https://goreleaser.com)
-- [Helm](https://helm.sh)
-- [Hugo](https://gohugo.io)
-- [Infracost](https://github.com/infracost/infracost)
-- [Istio](https://istio.io)
-- [Kool](https://github.com/kool-dev/kool)
-- [Kubernetes](https://kubernetes.io/)
-- [Kubescape](https://github.com/kubescape/kubescape)
-- [KubeVirt](https://github.com/kubevirt/kubevirt)
-- [Linkerd](https://linkerd.io/)
-- [Mattermost-server](https://github.com/mattermost/mattermost-server)
-- [Mercure](https://mercure.rocks/)
-- [Meroxa CLI](https://github.com/meroxa/cli)
-- [Metal Stack CLI](https://github.com/metal-stack/metalctl)
-- [Moby (former Docker)](https://github.com/moby/moby)
-- [Moldy](https://github.com/Moldy-Community/moldy)
-- [Multi-gitter](https://github.com/lindell/multi-gitter)
-- [Nanobox](https://github.com/nanobox-io/nanobox)/[Nanopack](https://github.com/nanopack)
-- [nFPM](https://nfpm.goreleaser.com)
-- [Okteto](https://github.com/okteto/okteto)
-- [OpenShift](https://www.openshift.com/)
-- [Ory Hydra](https://github.com/ory/hydra)
-- [Ory Kratos](https://github.com/ory/kratos)
-- [Pixie](https://github.com/pixie-io/pixie)
-- [Polygon Edge](https://github.com/0xPolygon/polygon-edge)
-- [Pouch](https://github.com/alibaba/pouch)
-- [ProjectAtomic (enterprise)](https://www.projectatomic.io/)
-- [Prototool](https://github.com/uber/prototool)
-- [Pulumi](https://www.pulumi.com)
-- [QRcp](https://github.com/claudiodangelis/qrcp)
-- [Random](https://github.com/erdaltsksn/random)
-- [Rclone](https://rclone.org/)
-- [Scaleway CLI](https://github.com/scaleway/scaleway-cli)
-- [Sia](https://github.com/SiaFoundation/siad)
-- [Skaffold](https://skaffold.dev/)
-- [Tendermint](https://github.com/tendermint/tendermint)
-- [Twitch CLI](https://github.com/twitchdev/twitch-cli)
-- [UpCloud CLI (`upctl`)](https://github.com/UpCloudLtd/upcloud-cli)
-- [Vitess](https://vitess.io)
-- VMware's [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) & [Tanzu Framework](https://github.com/vmware-tanzu/tanzu-framework)
-- [Werf](https://werf.io/)
-- [ZITADEL](https://github.com/zitadel/zitadel)
diff --git a/vendor/github.com/spf13/cobra/shell_completions.md b/vendor/github.com/spf13/cobra/shell_completions.md
deleted file mode 100644
index 065c0621d..000000000
--- a/vendor/github.com/spf13/cobra/shell_completions.md
+++ /dev/null
@@ -1,576 +0,0 @@
-# Generating shell completions
-
-Cobra can generate shell completions for multiple shells.
-The currently supported shells are:
-- Bash
-- Zsh
-- fish
-- PowerShell
-
-Cobra will automatically provide your program with a fully functional `completion` command,
-similarly to how it provides the `help` command.
-
-## Creating your own completion command
-
-If you do not wish to use the default `completion` command, you can choose to
-provide your own, which will take precedence over the default one. (This also provides
-backwards-compatibility with programs that already have their own `completion` command.)
-
-If you are using the `cobra-cli` generator,
-which can be found at [spf13/cobra-cli](https://github.com/spf13/cobra-cli),
-you can create a completion command by running
-
-```bash
-cobra-cli add completion
-```
-and then modifying the generated `cmd/completion.go` file to look something like this
-(writing the shell script to stdout allows the most flexible use):
-
-```go
-var completionCmd = &cobra.Command{
-	Use:   "completion [bash|zsh|fish|powershell]",
-	Short: "Generate completion script",
-	Long: fmt.Sprintf(`To load completions:
-
-Bash:
-
-  $ source <(%[1]s completion bash)
-
-  # To load completions for each session, execute once:
-  # Linux:
-  $ %[1]s completion bash > /etc/bash_completion.d/%[1]s
-  # macOS:
-  $ %[1]s completion bash > $(brew --prefix)/etc/bash_completion.d/%[1]s
-
-Zsh:
-
-  # If shell completion is not already enabled in your environment,
-  # you will need to enable it.  You can execute the following once:
-
-  $ echo "autoload -U compinit; compinit" >> ~/.zshrc
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion zsh > "${fpath[1]}/_%[1]s"
-
-  # You will need to start a new shell for this setup to take effect.
-
-fish:
-
-  $ %[1]s completion fish | source
-
-  # To load completions for each session, execute once:
-  $ %[1]s completion fish > ~/.config/fish/completions/%[1]s.fish
-
-PowerShell:
-
-  PS> %[1]s completion powershell | Out-String | Invoke-Expression
-
-  # To load completions for every new session, run:
-  PS> %[1]s completion powershell > %[1]s.ps1
-  # and source this file from your PowerShell profile.
-`,cmd.Root().Name()),
-	DisableFlagsInUseLine: true,
-	ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-	Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
-	Run: func(cmd *cobra.Command, args []string) {
-		switch args[0] {
-		case "bash":
-			cmd.Root().GenBashCompletion(os.Stdout)
-		case "zsh":
-			cmd.Root().GenZshCompletion(os.Stdout)
-		case "fish":
-			cmd.Root().GenFishCompletion(os.Stdout, true)
-		case "powershell":
-			cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
-		}
-	},
-}
-```
-
-**Note:** The cobra generator may include messages printed to stdout, for example, if the config file is loaded; this will break the auto-completion script so must be removed.
-
-## Adapting the default completion command
-
-Cobra provides a few options for the default `completion` command.  To configure such options you must set
-the `CompletionOptions` field on the *root* command.
-
-To tell Cobra *not* to provide the default `completion` command:
-```
-rootCmd.CompletionOptions.DisableDefaultCmd = true
-```
-
-To tell Cobra to mark the default `completion` command as *hidden*:
-```
-rootCmd.CompletionOptions.HiddenDefaultCmd = true
-```
-
-To tell Cobra *not* to provide the user with the `--no-descriptions` flag to the completion sub-commands:
-```
-rootCmd.CompletionOptions.DisableNoDescFlag = true
-```
-
-To tell Cobra to completely disable descriptions for completions:
-```
-rootCmd.CompletionOptions.DisableDescriptions = true
-```
-
-# Customizing completions
-
-The generated completion scripts will automatically handle completing commands and flags.  However, you can make your completions much more powerful by providing information to complete your program's nouns and flag values.
-
-## Completion of nouns
-
-### Static completion of nouns
-
-Cobra allows you to provide a pre-defined list of completion choices for your nouns using the `ValidArgs` field.
-For example, if you want `kubectl get [tab][tab]` to show a list of valid "nouns" you have to set them.
-Some simplified code from `kubectl get` looks like:
-
-```go
-validArgs = []string{ "pod", "node", "service", "replicationcontroller" }
-
-cmd := &cobra.Command{
-	Use:     "get [(-o|--output=)json|yaml|template|...] (RESOURCE [NAME] | RESOURCE/NAME ...)",
-	Short:   "Display one or many resources",
-	Long:    get_long,
-	Example: get_example,
-	Run: func(cmd *cobra.Command, args []string) {
-		cobra.CheckErr(RunGet(f, out, cmd, args))
-	},
-	ValidArgs: validArgs,
-}
-```
-
-Notice we put the `ValidArgs` field on the `get` sub-command. Doing so will give results like:
-
-```bash
-$ kubectl get [tab][tab]
-node   pod   replicationcontroller   service
-```
-
-#### Aliases for nouns
-
-If your nouns have aliases, you can define them alongside `ValidArgs` using `ArgAliases`:
-
-```go
-argAliases = []string { "pods", "nodes", "services", "svc", "replicationcontrollers", "rc" }
-
-cmd := &cobra.Command{
-    ...
-	ValidArgs:  validArgs,
-	ArgAliases: argAliases
-}
-```
-
-The aliases are shown to the user on tab completion only if no completions were found within sub-commands or `ValidArgs`.
-
-### Dynamic completion of nouns
-
-In some cases it is not possible to provide a list of completions in advance.  Instead, the list of completions must be determined at execution-time. In a similar fashion as for static completions, you can use the `ValidArgsFunction` field to provide a Go function that Cobra will execute when it needs the list of completion choices for the nouns of a command.  Note that either `ValidArgs` or `ValidArgsFunction` can be used for a single cobra command, but not both.
-Simplified code from `helm status` looks like:
-
-```go
-cmd := &cobra.Command{
-	Use:   "status RELEASE_NAME",
-	Short: "Display the status of the named release",
-	Long:  status_long,
-	RunE: func(cmd *cobra.Command, args []string) {
-		RunGet(args[0])
-	},
-	ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		if len(args) != 0 {
-			return nil, cobra.ShellCompDirectiveNoFileComp
-		}
-		return getReleasesFromCluster(toComplete), cobra.ShellCompDirectiveNoFileComp
-	},
-}
-```
-Where `getReleasesFromCluster()` is a Go function that obtains the list of current Helm releases running on the Kubernetes cluster.
-Notice we put the `ValidArgsFunction` on the `status` sub-command. Let's assume the Helm releases on the cluster are: `harbor`, `notary`, `rook` and `thanos` then this dynamic completion will give results like:
-
-```bash
-$ helm status [tab][tab]
-harbor notary rook thanos
-```
-You may have noticed the use of `cobra.ShellCompDirective`.  These directives are bit fields allowing to control some shell completion behaviors for your particular completion.  You can combine them with the bit-or operator such as `cobra.ShellCompDirectiveNoSpace | cobra.ShellCompDirectiveNoFileComp`
-```go
-// Indicates that the shell will perform its default behavior after completions
-// have been provided (this implies none of the other directives).
-ShellCompDirectiveDefault
-
-// Indicates an error occurred and completions should be ignored.
-ShellCompDirectiveError
-
-// Indicates that the shell should not add a space after the completion,
-// even if there is a single completion provided.
-ShellCompDirectiveNoSpace
-
-// Indicates that the shell should not provide file completion even when
-// no completion is provided.
-ShellCompDirectiveNoFileComp
-
-// Indicates that the returned completions should be used as file extension filters.
-// For example, to complete only files of the form *.json or *.yaml:
-//    return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt
-// For flags, using MarkFlagFilename() and MarkPersistentFlagFilename()
-// is a shortcut to using this directive explicitly.
-//
-ShellCompDirectiveFilterFileExt
-
-// Indicates that only directory names should be provided in file completion.
-// For example:
-//    return nil, ShellCompDirectiveFilterDirs
-// For flags, using MarkFlagDirname() is a shortcut to using this directive explicitly.
-//
-// To request directory names within another directory, the returned completions
-// should specify a single directory name within which to search. For example,
-// to complete directories within "themes/":
-//    return []string{"themes"}, ShellCompDirectiveFilterDirs
-//
-ShellCompDirectiveFilterDirs
-
-// ShellCompDirectiveKeepOrder indicates that the shell should preserve the order
-// in which the completions are provided
-ShellCompDirectiveKeepOrder
-```
-
-***Note***: When using the `ValidArgsFunction`, Cobra will call your registered function after having parsed all flags and arguments provided in the command-line.  You therefore don't need to do this parsing yourself.  For example, when a user calls `helm status --namespace my-rook-ns [tab][tab]`, Cobra will call your registered `ValidArgsFunction` after having parsed the `--namespace` flag, as it would have done when calling the `RunE` function.
-
-#### Debugging
-
-Cobra achieves dynamic completion through the use of a hidden command called by the completion script.  To debug your Go completion code, you can call this hidden command directly:
-```bash
-$ helm __complete status har<ENTER>
-harbor
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** If the noun to complete is empty (when the user has not yet typed any letters of that noun), you must pass an empty parameter to the `__complete` command:
-```bash
-$ helm __complete status ""<ENTER>
-harbor
-notary
-rook
-thanos
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-Calling the `__complete` command directly allows you to run the Go debugger to troubleshoot your code.  You can also add printouts to your code; Cobra provides the following functions to use for printouts in Go completion code:
-```go
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and optionally prints to stderr.
-cobra.CompDebug(msg string, printToStdErr bool) {
-cobra.CompDebugln(msg string, printToStdErr bool)
-
-// Prints to the completion script debug file (if BASH_COMP_DEBUG_FILE
-// is set to a file path) and to stderr.
-cobra.CompError(msg string)
-cobra.CompErrorln(msg string)
-```
-***Important:*** You should **not** leave traces that print directly to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned above.
-
-## Completions for flags
-
-### Mark flags as required
-
-Most of the time completions will only show sub-commands. But if a flag is required to make a sub-command work, you probably want it to show up when the user types [tab][tab].  You can mark a flag as 'Required' like so:
-
-```go
-cmd.MarkFlagRequired("pod")
-cmd.MarkFlagRequired("container")
-```
-
-and you'll get something like
-
-```bash
-$ kubectl exec [tab][tab]
--c            --container=  -p            --pod=
-```
-
-### Specify dynamic flag completion
-
-As for nouns, Cobra provides a way of defining dynamic completion of flags.  To provide a Go function that Cobra will execute when it needs the list of completion choices for a flag, you must register the function using the `command.RegisterFlagCompletionFunc()` function.
-
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"json", "table", "yaml"}, cobra.ShellCompDirectiveDefault
-})
-```
-Notice that calling `RegisterFlagCompletionFunc()` is done through the `command` with which the flag is associated.  In our example this dynamic completion will give results like so:
-
-```bash
-$ helm status --output [tab][tab]
-json table yaml
-```
-
-#### Debugging
-
-You can also easily debug your Go completion code for flags:
-```bash
-$ helm __complete status --output ""
-json
-table
-yaml
-:4
-Completion ended with directive: ShellCompDirectiveNoFileComp # This is on stderr
-```
-***Important:*** You should **not** leave traces that print to stdout in your completion code as they will be interpreted as completion choices by the completion script.  Instead, use the cobra-provided debugging traces functions mentioned further above.
-
-### Specify valid filename extensions for flags that take a filename
-
-To limit completions of flag values to file names with certain extensions you can either use the different `MarkFlagFilename()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterFileExt`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagFilename(flagName, "yaml", "json")
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"yaml", "json"}, ShellCompDirectiveFilterFileExt})
-```
-
-### Limit flag completions to directory names
-
-To limit completions of flag values to directory names you can either use the `MarkFlagDirname()` functions or a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs`, like so:
-```go
-flagName := "output"
-cmd.MarkFlagDirname(flagName)
-```
-or
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return nil, cobra.ShellCompDirectiveFilterDirs
-})
-```
-To limit completions of flag values to directory names *within another directory* you can use a combination of `RegisterFlagCompletionFunc()` and `ShellCompDirectiveFilterDirs` like so:
-```go
-flagName := "output"
-cmd.RegisterFlagCompletionFunc(flagName, func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"themes"}, cobra.ShellCompDirectiveFilterDirs
-})
-```
-### Descriptions for completions
-
-Cobra provides support for completion descriptions.  Such descriptions are supported for each shell
-(however, for bash, it is only available in the [completion V2 version](#bash-completion-v2)).
-For commands and flags, Cobra will provide the descriptions automatically, based on usage information.
-For example, using zsh:
-```
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-```
-while using fish:
-```
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-```
-
-Cobra allows you to add descriptions to your own completions.  Simply add the description text after each completion, following a `\t` separator.  This technique applies to completions returned by `ValidArgs`, `ValidArgsFunction` and `RegisterFlagCompletionFunc()`.  For example:
-```go
-ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-	return []string{"harbor\tAn image registry", "thanos\tLong-term metrics"}, cobra.ShellCompDirectiveNoFileComp
-}}
-```
-or
-```go
-ValidArgs: []string{"bash\tCompletions for bash", "zsh\tCompletions for zsh"}
-```
-
-If you don't want to show descriptions in the completions, you can add `--no-descriptions` to the default `completion` command to disable them, like:
-
-```bash
-$ source <(helm completion bash)
-$ helm completion [tab][tab]
-bash        (generate autocompletion script for bash)        powershell  (generate autocompletion script for powershell)
-fish        (generate autocompletion script for fish)        zsh         (generate autocompletion script for zsh)
-
-$ source <(helm completion bash --no-descriptions)
-$ helm completion [tab][tab]
-bash        fish        powershell  zsh
-```
-## Bash completions
-
-### Dependencies
-
-The bash completion script generated by Cobra requires the `bash_completion` package. You should update the help text of your completion command to show how to install the `bash_completion` package ([Kubectl docs](https://kubernetes.io/docs/tasks/tools/install-kubectl/#enabling-shell-autocompletion))
-
-### Aliases
-
-You can also configure `bash` aliases for your program and they will also support completions.
-
-```bash
-alias aliasname=origcommand
-complete -o default -F __start_origcommand aliasname
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab><tab>
-completion     firstcommand   secondcommand
-```
-### Bash legacy dynamic completions
-
-For backward compatibility, Cobra still supports its bash legacy dynamic completion solution.
-Please refer to [Bash Completions](bash_completions.md) for details.
-
-### Bash completion V2
-
-Cobra provides two versions for bash completion.  The original bash completion (which started it all!) can be used by calling
-`GenBashCompletion()` or `GenBashCompletionFile()`.
-
-A new V2 bash completion version is also available.  This version can be used by calling `GenBashCompletionV2()` or
-`GenBashCompletionFileV2()`.  The V2 version does **not** support the legacy dynamic completion
-(see [Bash Completions](bash_completions.md)) but instead works only with the Go dynamic completion
-solution described in this document.
-Unless your program already uses the legacy dynamic completion solution, it is recommended that you use the bash
-completion V2 solution which provides the following extra features:
-- Supports completion descriptions (like the other shells)
-- Small completion script of less than 300 lines (v1 generates scripts of thousands of lines; `kubectl` for example has a bash v1 completion script of over 13K lines)
-- Streamlined user experience thanks to a completion behavior aligned with the other shells 
-
-`Bash` completion V2 supports descriptions for completions. When calling `GenBashCompletionV2()` or `GenBashCompletionFileV2()`
-you must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra
-will provide the description automatically based on usage information.  You can choose to make this option configurable by
-your users.
-
-```
-# With descriptions
-$ helm s[tab][tab]
-search  (search for a keyword in charts)           status  (display the status of the named release)
-show    (show information of a chart)
-
-# Without descriptions
-$ helm s[tab][tab]
-search  show  status
-```
-**Note**: Cobra's default `completion` command uses bash completion V2.  If for some reason you need to use bash completion V1, you will need to implement your own `completion` command. 
-## Zsh completions
-
-Cobra supports native zsh completion generated from the root `cobra.Command`.
-The generated completion script should be put somewhere in your `$fpath` and be named
-`_<yourProgram>`.  You will need to start a new shell for the completions to become available.
-
-Zsh supports descriptions for completions. Cobra will provide the description automatically,
-based on usage information. Cobra provides a way to completely disable such descriptions by
-using `GenZshCompletionNoDesc()` or `GenZshCompletionFileNoDesc()`. You can choose to make
-this a configurable option to your users.
-```
-# With descriptions
-$ helm s[tab]
-search  -- search for a keyword in charts
-show    -- show information of a chart
-status  -- displays the status of the named release
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in Bash scripting (legacy) are not supported and will be ignored for `zsh` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `zsh`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-
-### Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backward-compatible, some small changes in behavior were introduced.
-Please refer to [Zsh Completions](zsh_completions.md) for details.
-
-## fish completions
-
-Cobra supports native fish completions generated from the root `cobra.Command`.  You can use the `command.GenFishCompletion()` or `command.GenFishCompletionFile()` functions. You must provide these functions with a parameter indicating if the completions should be annotated with a description; Cobra will provide the description automatically based on usage information.  You can choose to make this option configurable by your users.
-```
-# With descriptions
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-*Note*: Because of backward-compatibility requirements, we were forced to have a different API to disable completion descriptions between `zsh` and `fish`.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `fish` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `fish`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `fish`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `fish`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `fish`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
-
-## PowerShell completions
-
-Cobra supports native PowerShell completions generated from the root `cobra.Command`. You can use the `command.GenPowerShellCompletion()` or `command.GenPowerShellCompletionFile()` functions. To include descriptions use `command.GenPowerShellCompletionWithDesc()` and `command.GenPowerShellCompletionFileWithDesc()`. Cobra will provide the description automatically based on usage information. You can choose to make this option configurable by your users.
-
-The script is designed to support all three PowerShell completion modes:
-
-* TabCompleteNext (default windows style - on each key press the next option is displayed)
-* Complete (works like bash)
-* MenuComplete (works like zsh)
-
-You set the mode with `Set-PSReadLineKeyHandler -Key Tab -Function <mode>`. Descriptions are only displayed when using the `Complete` or `MenuComplete` mode.
-
-Users need PowerShell version 5.0 or above, which comes with Windows 10 and can be downloaded separately for Windows 7 or 8.1. They can then write the completions to a file and source this file from their PowerShell profile, which is referenced by the `$Profile` environment variable. See `Get-Help about_Profiles` for more info about PowerShell profiles.
-
-```
-# With descriptions and Mode 'Complete'
-$ helm s[tab]
-search  (search for a keyword in charts)  show  (show information of a chart)  status  (displays the status of the named release)
-
-# With descriptions and Mode 'MenuComplete' The description of the current selected value will be displayed below the suggestions.
-$ helm s[tab]
-search    show     status  
-
-search for a keyword in charts
-
-# Without descriptions
-$ helm s[tab]
-search  show  status
-```
-### Aliases
-
-You can also configure `powershell` aliases for your program and they will also support completions.
-
-```
-$ sal aliasname origcommand
-$ Register-ArgumentCompleter -CommandName 'aliasname' -ScriptBlock $__origcommandCompleterBlock
-
-# and now when you run `aliasname` completion will make
-# suggestions as it did for `origcommand`.
-
-$ aliasname <tab>
-completion     firstcommand   secondcommand
-```
-The name of the completer block variable is of the form `$__<programName>CompleterBlock` where every `-` and `:` in the program name have been replaced with `_`, to respect powershell naming syntax.
-
-### Limitations
-
-* Custom completions implemented in bash scripting (legacy) are not supported and will be ignored for `powershell` (including the use of the `BashCompCustom` flag annotation).
-  * You should instead use `ValidArgsFunction` and `RegisterFlagCompletionFunc()` which are portable to the different shells (`bash`, `zsh`, `fish`, `powershell`).
-* The function `MarkFlagCustom()` is not supported and will be ignored for `powershell`.
-  * You should instead use `RegisterFlagCompletionFunc()`.
-* The following flag completion annotations are not supported and will be ignored for `powershell`:
-  * `BashCompFilenameExt` (filtering by file extension)
-  * `BashCompSubdirsInDir` (filtering by directory)
-* The functions corresponding to the above annotations are consequently not supported and will be ignored for `powershell`:
-  * `MarkFlagFilename()` and `MarkPersistentFlagFilename()` (filtering by file extension)
-  * `MarkFlagDirname()` and `MarkPersistentFlagDirname()` (filtering by directory)
-* Similarly, the following completion directives are not supported and will be ignored for `powershell`:
-  * `ShellCompDirectiveFilterFileExt` (filtering by file extension)
-  * `ShellCompDirectiveFilterDirs` (filtering by directory)
diff --git a/vendor/github.com/spf13/cobra/user_guide.md b/vendor/github.com/spf13/cobra/user_guide.md
deleted file mode 100644
index 85201d840..000000000
--- a/vendor/github.com/spf13/cobra/user_guide.md
+++ /dev/null
@@ -1,726 +0,0 @@
-# User Guide
-
-While you are welcome to provide your own organization, typically a Cobra-based
-application will follow the following organizational structure:
-
-```
-  ▾ appName/
-    ▾ cmd/
-        add.go
-        your.go
-        commands.go
-        here.go
-      main.go
-```
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: initializing Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-## Using the Cobra Generator
-
-Cobra-CLI is its own program that will create your application and add any
-commands you want. It's the easiest way to incorporate Cobra into your application.
-
-For complete details on using the Cobra generator, please refer to [The Cobra-CLI Generator README](https://github.com/spf13/cobra-cli/blob/main/README.md)
-
-## Using the Cobra Library
-
-To manually implement Cobra you need to create a bare main.go file and a rootCmd file.
-You will optionally provide additional commands as you see fit.
-
-### Create rootCmd
-
-Cobra doesn't require any special constructors. Simply create your commands.
-
-Ideally you place this in app/cmd/root.go:
-
-```go
-var rootCmd = &cobra.Command{
-  Use:   "hugo",
-  Short: "Hugo is a very fast static site generator",
-  Long: `A Fast and Flexible Static Site Generator built with
-                love by spf13 and friends in Go.
-                Complete documentation is available at https://gohugo.io/documentation/`,
-  Run: func(cmd *cobra.Command, args []string) {
-    // Do Stuff Here
-  },
-}
-
-func Execute() {
-  if err := rootCmd.Execute(); err != nil {
-    fmt.Fprintln(os.Stderr, err)
-    os.Exit(1)
-  }
-}
-```
-
-You will additionally define flags and handle configuration in your init() function.
-
-For example cmd/root.go:
-
-```go
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-var (
-	// Used for flags.
-	cfgFile     string
-	userLicense string
-
-	rootCmd = &cobra.Command{
-		Use:   "cobra-cli",
-		Short: "A generator for Cobra based Applications",
-		Long: `Cobra is a CLI library for Go that empowers applications.
-This application is a tool to generate the needed files
-to quickly create a Cobra application.`,
-	}
-)
-
-// Execute executes the root command.
-func Execute() error {
-	return rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initConfig)
-
-	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.cobra.yaml)")
-	rootCmd.PersistentFlags().StringP("author", "a", "YOUR NAME", "author name for copyright attribution")
-	rootCmd.PersistentFlags().StringVarP(&userLicense, "license", "l", "", "name of license for the project")
-	rootCmd.PersistentFlags().Bool("viper", true, "use Viper for configuration")
-	viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-	viper.BindPFlag("useViper", rootCmd.PersistentFlags().Lookup("viper"))
-	viper.SetDefault("author", "NAME HERE <EMAIL ADDRESS>")
-	viper.SetDefault("license", "apache")
-
-	rootCmd.AddCommand(addCmd)
-	rootCmd.AddCommand(initCmd)
-}
-
-func initConfig() {
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := os.UserHomeDir()
-		cobra.CheckErr(err)
-
-		// Search config in home directory with name ".cobra" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigType("yaml")
-		viper.SetConfigName(".cobra")
-	}
-
-	viper.AutomaticEnv()
-
-	if err := viper.ReadInConfig(); err == nil {
-		fmt.Println("Using config file:", viper.ConfigFileUsed())
-	}
-}
-```
-
-### Create your main.go
-
-With the root command you need to have your main function execute it.
-Execute should be run on the root for clarity, though it can be called on any command.
-
-In a Cobra app, typically the main.go file is very bare. It serves one purpose: to initialize Cobra.
-
-```go
-package main
-
-import (
-  "{pathToYourApp}/cmd"
-)
-
-func main() {
-  cmd.Execute()
-}
-```
-
-### Create additional commands
-
-Additional commands can be defined and typically are each given their own file
-inside of the cmd/ directory.
-
-If you wanted to create a version command you would create cmd/version.go and
-populate it with the following:
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(versionCmd)
-}
-
-var versionCmd = &cobra.Command{
-  Use:   "version",
-  Short: "Print the version number of Hugo",
-  Long:  `All software has versions. This is Hugo's`,
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hugo Static Site Generator v0.9 -- HEAD")
-  },
-}
-```
-
-### Organizing subcommands
-
-A command may have subcommands which in turn may have other subcommands. This is achieved by using
-`AddCommand`. In some cases, especially in larger applications, each subcommand may be defined in
-its own go package.
-
-The suggested approach is for the parent command to use `AddCommand` to add its most immediate
-subcommands. For example, consider the following directory structure:
-
-```text
-├── cmd
-│   ├── root.go
-│   └── sub1
-│       ├── sub1.go
-│       └── sub2
-│           ├── leafA.go
-│           ├── leafB.go
-│           └── sub2.go
-└── main.go
-```
-
-In this case:
-
-* The `init` function of `root.go` adds the command defined in `sub1.go` to the root command.
-* The `init` function of `sub1.go` adds the command defined in `sub2.go` to the sub1 command.
-* The `init` function of `sub2.go` adds the commands defined in `leafA.go` and `leafB.go` to the
-  sub2 command.
-
-This approach ensures the subcommands are always included at compile time while avoiding cyclic
-references.
-
-### Returning and handling errors
-
-If you wish to return an error to the caller of a command, `RunE` can be used.
-
-```go
-package cmd
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func init() {
-  rootCmd.AddCommand(tryCmd)
-}
-
-var tryCmd = &cobra.Command{
-  Use:   "try",
-  Short: "Try and possibly fail at something",
-  RunE: func(cmd *cobra.Command, args []string) error {
-    if err := someFunc(); err != nil {
-	return err
-    }
-    return nil
-  },
-}
-```
-
-The error can then be caught at the execute function call.
-
-## Working with Flags
-
-Flags provide modifiers to control how the action command operates.
-
-### Assign flags to a command
-
-Since the flags are defined and used in different locations, we need to
-define a variable outside with the correct scope to assign the flag to
-work with.
-
-```go
-var Verbose bool
-var Source string
-```
-
-There are two different approaches to assign a flag.
-
-### Persistent Flags
-
-A flag can be 'persistent', meaning that this flag will be available to the
-command it's assigned to as well as every command under that command. For
-global flags, assign a flag as a persistent flag on the root.
-
-```go
-rootCmd.PersistentFlags().BoolVarP(&Verbose, "verbose", "v", false, "verbose output")
-```
-
-### Local Flags
-
-A flag can also be assigned locally, which will only apply to that specific command.
-
-```go
-localCmd.Flags().StringVarP(&Source, "source", "s", "", "Source directory to read from")
-```
-
-### Local Flag on Parent Commands
-
-By default, Cobra only parses local flags on the target command, and any local flags on
-parent commands are ignored. By enabling `Command.TraverseChildren`, Cobra will
-parse local flags on each command before executing the target command.
-
-```go
-command := cobra.Command{
-  Use: "print [OPTIONS] [COMMANDS]",
-  TraverseChildren: true,
-}
-```
-
-### Bind Flags with Config
-
-You can also bind your flags with [viper](https://github.com/spf13/viper):
-```go
-var author string
-
-func init() {
-  rootCmd.PersistentFlags().StringVar(&author, "author", "YOUR NAME", "Author name for copyright attribution")
-  viper.BindPFlag("author", rootCmd.PersistentFlags().Lookup("author"))
-}
-```
-
-In this example, the persistent flag `author` is bound with `viper`.
-**Note**: the variable `author` will not be set to the value from config,
-when the `--author` flag is provided by user.
-
-More in [viper documentation](https://github.com/spf13/viper#working-with-flags).
-
-### Required flags
-
-Flags are optional by default. If instead you wish your command to report an error
-when a flag has not been set, mark it as required:
-```go
-rootCmd.Flags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkFlagRequired("region")
-```
-
-Or, for persistent flags:
-```go
-rootCmd.PersistentFlags().StringVarP(&Region, "region", "r", "", "AWS region (required)")
-rootCmd.MarkPersistentFlagRequired("region")
-```
-
-### Flag Groups
-
-If you have different flags that must be provided together (e.g. if they provide the `--username` flag they MUST provide the `--password` flag as well) then
-Cobra can enforce that requirement:
-```go
-rootCmd.Flags().StringVarP(&u, "username", "u", "", "Username (required if password is set)")
-rootCmd.Flags().StringVarP(&pw, "password", "p", "", "Password (required if username is set)")
-rootCmd.MarkFlagsRequiredTogether("username", "password")
-```
-
-You can also prevent different flags from being provided together if they represent mutually
-exclusive options such as specifying an output format as either `--json` or `--yaml` but never both:
-```go
-rootCmd.Flags().BoolVar(&ofJson, "json", false, "Output in JSON")
-rootCmd.Flags().BoolVar(&ofYaml, "yaml", false, "Output in YAML")
-rootCmd.MarkFlagsMutuallyExclusive("json", "yaml")
-```
-
-In both of these cases:
-  - both local and persistent flags can be used
-    - **NOTE:** the group is only enforced on commands where every flag is defined
-  - a flag may appear in multiple groups
-  - a group may contain any number of flags
-
-## Positional and Custom Arguments
-
-Validation of positional arguments can be specified using the `Args` field of `Command`.
-The following validators are built in:
-
-- Number of arguments:
-  - `NoArgs` - report an error if there are any positional args.
-  - `ArbitraryArgs` - accept any number of args.
-  - `MinimumNArgs(int)` - report an error if less than N positional args are provided.
-  - `MaximumNArgs(int)` - report an error if more than N positional args are provided.
-  - `ExactArgs(int)` - report an error if there are not exactly N positional args.
-  - `RangeArgs(min, max)` - report an error if the number of args is not between `min` and `max`.
-- Content of the arguments:
-  - `OnlyValidArgs` - report an error if there are any positional args not specified in the `ValidArgs` field of `Command`, which can optionally be set to a list of valid values for positional args.
-
-If `Args` is undefined or `nil`, it defaults to `ArbitraryArgs`.
-
-Moreover, `MatchAll(pargs ...PositionalArgs)` enables combining existing checks with arbitrary other checks.
-For instance, if you want to report an error if there are not exactly N positional args OR if there are any positional
-args that are not in the `ValidArgs` field of `Command`, you can call `MatchAll` on `ExactArgs` and `OnlyValidArgs`, as
-shown below:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: cobra.MatchAll(cobra.ExactArgs(2), cobra.OnlyValidArgs),
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-It is possible to set any custom validator that satisfies `func(cmd *cobra.Command, args []string) error`.
-For example:
-
-```go
-var cmd = &cobra.Command{
-  Short: "hello",
-  Args: func(cmd *cobra.Command, args []string) error {
-    // Optionally run one of the validators provided by cobra
-    if err := cobra.MinimumNArgs(1)(cmd, args); err != nil {
-        return err
-    }
-    // Run the custom validation logic
-    if myapp.IsValidColor(args[0]) {
-      return nil
-    }
-    return fmt.Errorf("invalid color specified: %s", args[0])
-  },
-  Run: func(cmd *cobra.Command, args []string) {
-    fmt.Println("Hello, World!")
-  },
-}
-```
-
-## Example
-
-In the example below, we have defined three commands. Two are at the top level
-and one (cmdTimes) is a child of one of the top commands. In this case the root
-is not executable, meaning that a subcommand is required. This is accomplished
-by not providing a 'Run' for the 'rootCmd'.
-
-We have only defined one flag for a single command.
-
-More documentation about flags is available at https://github.com/spf13/pflag
-
-```go
-package main
-
-import (
-  "fmt"
-  "strings"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-  var echoTimes int
-
-  var cmdPrint = &cobra.Command{
-    Use:   "print [string to print]",
-    Short: "Print anything to the screen",
-    Long: `print is for printing anything back to the screen.
-For many years people have printed back to the screen.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Print: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdEcho = &cobra.Command{
-    Use:   "echo [string to echo]",
-    Short: "Echo anything to the screen",
-    Long: `echo is for echoing anything back.
-Echo works a lot like print, except it has a child command.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Println("Echo: " + strings.Join(args, " "))
-    },
-  }
-
-  var cmdTimes = &cobra.Command{
-    Use:   "times [string to echo]",
-    Short: "Echo anything to the screen more times",
-    Long: `echo things multiple times back to the user by providing
-a count and a string.`,
-    Args: cobra.MinimumNArgs(1),
-    Run: func(cmd *cobra.Command, args []string) {
-      for i := 0; i < echoTimes; i++ {
-        fmt.Println("Echo: " + strings.Join(args, " "))
-      }
-    },
-  }
-
-  cmdTimes.Flags().IntVarP(&echoTimes, "times", "t", 1, "times to echo the input")
-
-  var rootCmd = &cobra.Command{Use: "app"}
-  rootCmd.AddCommand(cmdPrint, cmdEcho)
-  cmdEcho.AddCommand(cmdTimes)
-  rootCmd.Execute()
-}
-```
-
-For a more complete example of a larger application, please checkout [Hugo](https://gohugo.io/).
-
-## Help Command
-
-Cobra automatically adds a help command to your application when you have subcommands.
-This will be called when a user runs 'app help'. Additionally, help will also
-support all other commands as input. Say, for instance, you have a command called
-'create' without any additional configuration; Cobra will work when 'app help
-create' is called.  Every command will automatically have the '--help' flag added.
-
-### Example
-
-The following output is automatically generated by Cobra. Nothing beyond the
-command and flag definitions are needed.
-
-    $ cobra-cli help
-
-    Cobra is a CLI library for Go that empowers applications.
-    This application is a tool to generate the needed files
-    to quickly create a Cobra application.
-
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra-cli [command] --help" for more information about a command.
-
-
-Help is just a command like any other. There is no special logic or behavior
-around it. In fact, you can provide your own if you want.
-
-### Grouping commands in help
-
-Cobra supports grouping of available commands in the help output.  To group commands, each group must be explicitly
-defined using `AddGroup()` on the parent command.  Then a subcommand can be added to a group using the `GroupID` element
-of that subcommand. The groups will appear in the help output in the same order as they are defined using different
-calls to `AddGroup()`.  If you use the generated `help` or `completion` commands, you can set their group ids using
-`SetHelpCommandGroupId()` and `SetCompletionCommandGroupId()` on the root command, respectively.
-
-### Defining your own help
-
-You can provide your own Help command or your own template for the default command to use
-with the following functions:
-
-```go
-cmd.SetHelpCommand(cmd *Command)
-cmd.SetHelpFunc(f func(*Command, []string))
-cmd.SetHelpTemplate(s string)
-```
-
-The latter two will also apply to any children commands.
-
-## Usage Message
-
-When the user provides an invalid flag or invalid command, Cobra responds by
-showing the user the 'usage'.
-
-### Example
-You may recognize this from the help above. That's because the default help
-embeds the usage as part of its output.
-
-    $ cobra-cli --invalid
-    Error: unknown flag: --invalid
-    Usage:
-      cobra-cli [command]
-
-    Available Commands:
-      add         Add a command to a Cobra Application
-      completion  Generate the autocompletion script for the specified shell
-      help        Help about any command
-      init        Initialize a Cobra Application
-
-    Flags:
-      -a, --author string    author name for copyright attribution (default "YOUR NAME")
-          --config string    config file (default is $HOME/.cobra.yaml)
-      -h, --help             help for cobra-cli
-      -l, --license string   name of license for the project
-          --viper            use Viper for configuration
-
-    Use "cobra [command] --help" for more information about a command.
-
-### Defining your own usage
-You can provide your own usage function or template for Cobra to use.
-Like help, the function and template are overridable through public methods:
-
-```go
-cmd.SetUsageFunc(f func(*Command) error)
-cmd.SetUsageTemplate(s string)
-```
-
-## Version Flag
-
-Cobra adds a top-level '--version' flag if the Version field is set on the root command.
-Running an application with the '--version' flag will print the version to stdout using
-the version template. The template can be customized using the
-`cmd.SetVersionTemplate(s string)` function.
-
-## PreRun and PostRun Hooks
-
-It is possible to run functions before or after the main `Run` function of your command. The `PersistentPreRun` and `PreRun` functions will be executed before `Run`. `PersistentPostRun` and `PostRun` will be executed after `Run`.  The `Persistent*Run` functions will be inherited by children if they do not declare their own.  These functions are run in the following order:
-
-- `PersistentPreRun`
-- `PreRun`
-- `Run`
-- `PostRun`
-- `PersistentPostRun`
-
-An example of two commands which use all of these features is below.  When the subcommand is executed, it will run the root command's `PersistentPreRun` but not the root command's `PersistentPostRun`:
-
-```go
-package main
-
-import (
-  "fmt"
-
-  "github.com/spf13/cobra"
-)
-
-func main() {
-
-  var rootCmd = &cobra.Command{
-    Use:   "root [sub]",
-    Short: "My root command",
-    PersistentPreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPreRun with args: %v\n", args)
-    },
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside rootCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  var subCmd = &cobra.Command{
-    Use:   "sub [no options!]",
-    Short: "My subcommand",
-    PreRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PreRun with args: %v\n", args)
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd Run with args: %v\n", args)
-    },
-    PostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PostRun with args: %v\n", args)
-    },
-    PersistentPostRun: func(cmd *cobra.Command, args []string) {
-      fmt.Printf("Inside subCmd PersistentPostRun with args: %v\n", args)
-    },
-  }
-
-  rootCmd.AddCommand(subCmd)
-
-  rootCmd.SetArgs([]string{""})
-  rootCmd.Execute()
-  fmt.Println()
-  rootCmd.SetArgs([]string{"sub", "arg1", "arg2"})
-  rootCmd.Execute()
-}
-```
-
-Output:
-```
-Inside rootCmd PersistentPreRun with args: []
-Inside rootCmd PreRun with args: []
-Inside rootCmd Run with args: []
-Inside rootCmd PostRun with args: []
-Inside rootCmd PersistentPostRun with args: []
-
-Inside rootCmd PersistentPreRun with args: [arg1 arg2]
-Inside subCmd PreRun with args: [arg1 arg2]
-Inside subCmd Run with args: [arg1 arg2]
-Inside subCmd PostRun with args: [arg1 arg2]
-Inside subCmd PersistentPostRun with args: [arg1 arg2]
-```
-
-## Suggestions when "unknown command" happens
-
-Cobra will print automatic suggestions when "unknown command" errors happen. This allows Cobra to behave similarly to the `git` command when a typo happens. For example:
-
-```
-$ hugo srever
-Error: unknown command "srever" for "hugo"
-
-Did you mean this?
-        server
-
-Run 'hugo --help' for usage.
-```
-
-Suggestions are automatically generated based on existing subcommands and use an implementation of [Levenshtein distance](https://en.wikipedia.org/wiki/Levenshtein_distance). Every registered command that matches a minimum distance of 2 (ignoring case) will be displayed as a suggestion.
-
-If you need to disable suggestions or tweak the string distance in your command, use:
-
-```go
-command.DisableSuggestions = true
-```
-
-or
-
-```go
-command.SuggestionsMinimumDistance = 1
-```
-
-You can also explicitly set names for which a given command will be suggested using the `SuggestFor` attribute. This allows suggestions for strings that are not close in terms of string distance, but make sense in your set of commands but for which
-you don't want aliases. Example:
-
-```
-$ kubectl remove
-Error: unknown command "remove" for "kubectl"
-
-Did you mean this?
-        delete
-
-Run 'kubectl help' for usage.
-```
-
-## Generating documentation for your command
-
-Cobra can generate documentation based on subcommands, flags, etc. Read more about it in the [docs generation documentation](doc/README.md).
-
-## Generating shell completions
-
-Cobra can generate a shell-completion file for the following shells: bash, zsh, fish, PowerShell. If you add more information to your commands, these completions can be amazingly powerful and flexible.  Read more about it in [Shell Completions](shell_completions.md).
-
-## Providing Active Help
-
-Cobra makes use of the shell-completion system to define a framework allowing you to provide Active Help to your users.  Active Help are messages (hints, warnings, etc) printed as the program is being used.  Read more about it in [Active Help](active_help.md).
diff --git a/vendor/github.com/spf13/cobra/zsh_completions.md b/vendor/github.com/spf13/cobra/zsh_completions.md
deleted file mode 100644
index 7cff61787..000000000
--- a/vendor/github.com/spf13/cobra/zsh_completions.md
+++ /dev/null
@@ -1,48 +0,0 @@
-## Generating Zsh Completion For Your cobra.Command
-
-Please refer to [Shell Completions](shell_completions.md) for details.
-
-## Zsh completions standardization
-
-Cobra 1.1 standardized its zsh completion support to align it with its other shell completions.  Although the API was kept backwards-compatible, some small changes in behavior were introduced.
-
-### Deprecation summary
-
-See further below for more details on these deprecations.
-
-* `cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` is no longer needed.  It is therefore **deprecated** and silently ignored.
-* `cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt`.
-* `cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored.
-  * Instead use `ValidArgsFunction`.
-
-### Behavioral changes
-
-**Noun completion**
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `ValidArgsFunction` with `ShellCompDirectiveNoFileComp` to turn off file completion on a per-argument basis|
-|Completion of flag names without the `-` prefix having been typed|Flag names are only completed if the user has typed the first `-`|
-`cmd.MarkZshCompPositionalArgumentFile(pos, []string{})` used to turn on file completion on a per-argument position basis|File completion for all arguments by default; `cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored|
-|`cmd.MarkZshCompPositionalArgumentFile(pos, glob[])` used to turn on file completion **with glob filtering** on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentFile()` is **deprecated** and silently ignored; use `ValidArgsFunction` with `ShellCompDirectiveFilterFileExt` for file **extension** filtering (not full glob filtering)|
-|`cmd.MarkZshCompPositionalArgumentWords(pos, words[])` used to provide completion choices on a per-argument position basis (zsh-specific)|`cmd.MarkZshCompPositionalArgumentWords()` is **deprecated** and silently ignored; use `ValidArgsFunction` to achieve the same behavior|
-
-**Flag-value completion**
-
-|Old behavior|New behavior|
-|---|---|
-|No file completion by default (opposite of bash)|File completion by default; use `RegisterFlagCompletionFunc()` with `ShellCompDirectiveNoFileComp` to turn off file completion|
-|`cmd.MarkFlagFilename(flag, []string{})` and similar used to turn on file completion|File completion by default; `cmd.MarkFlagFilename(flag, []string{})` no longer needed in this context and silently ignored|
-|`cmd.MarkFlagFilename(flag, glob[])`  used to turn on file completion **with glob filtering** (syntax of `[]string{"*.yaml", "*.yml"}` incompatible with bash)|Will continue to work, however, support for bash syntax is added and should be used instead so as to work for all shells (`[]string{"yaml", "yml"}`)|
-|`cmd.MarkFlagDirname(flag)` only completes directories (zsh-specific)|Has been added for all shells|
-|Completion of a flag name does not repeat, unless flag is of type `*Array` or `*Slice` (not supported by bash)|Retained for `zsh` and added to `fish`|
-|Completion of a flag name does not provide the `=` form (unlike bash)|Retained for `zsh` and added to `fish`|
-
-**Improvements**
-
-* Custom completion support (`ValidArgsFunction` and `RegisterFlagCompletionFunc()`)
-* File completion by default if no other completions found
-* Handling of required flags
-* File extension filtering no longer mutually exclusive with bash usage
-* Completion of directory names *within* another directory
-* Support for `=` form of flags
diff --git a/vendor/github.com/spf13/jwalterweatherman/.gitignore b/vendor/github.com/spf13/jwalterweatherman/.gitignore
deleted file mode 100644
index a71f88af8..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.bench
-go.sum
\ No newline at end of file
diff --git a/vendor/github.com/spf13/jwalterweatherman/README.md b/vendor/github.com/spf13/jwalterweatherman/README.md
deleted file mode 100644
index 932a23fc6..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/README.md
+++ /dev/null
@@ -1,148 +0,0 @@
-jWalterWeatherman
-=================
-
-Seamless printing to the terminal (stdout) and logging to a io.Writer
-(file) that’s as easy to use as fmt.Println.
-
-![and_that__s_why_you_always_leave_a_note_by_jonnyetc-d57q7um](https://cloud.githubusercontent.com/assets/173412/11002937/ccd01654-847d-11e5-828e-12ebaf582eaf.jpg)
-Graphic by [JonnyEtc](http://jonnyetc.deviantart.com/art/And-That-s-Why-You-Always-Leave-a-Note-315311422)
-
-JWW is primarily a wrapper around the excellent standard log library. It
-provides a few advantages over using the standard log library alone.
-
-1. Ready to go out of the box. 
-2. One library for both printing to the terminal and logging (to files).
-3. Really easy to log to either a temp file or a file you specify.
-
-
-I really wanted a very straightforward library that could seamlessly do
-the following things.
-
-1. Replace all the println, printf, etc statements thoughout my code with
-   something more useful
-2. Allow the user to easily control what levels are printed to stdout
-3. Allow the user to easily control what levels are logged
-4. Provide an easy mechanism (like fmt.Println) to print info to the user
-   which can be easily logged as well 
-5. Due to 2 & 3 provide easy verbose mode for output and logs
-6. Not have any unnecessary initialization cruft. Just use it.
-
-# Usage
-
-## Step 1. Use it
-Put calls throughout your source based on type of feedback.
-No initialization or setup needs to happen. Just start calling things.
-
-Available Loggers are:
-
- * TRACE
- * DEBUG
- * INFO
- * WARN
- * ERROR
- * CRITICAL
- * FATAL
-
-These each are loggers based on the log standard library and follow the
-standard usage. Eg.
-
-```go
-    import (
-        jww "github.com/spf13/jwalterweatherman"
-    )
-
-    ...
-
-    if err != nil {
-
-        // This is a pretty serious error and the user should know about
-        // it. It will be printed to the terminal as well as logged under the
-        // default thresholds.
-
-        jww.ERROR.Println(err)
-    }
-
-    if err2 != nil {
-        // This error isn’t going to materially change the behavior of the
-        // application, but it’s something that may not be what the user
-        // expects. Under the default thresholds, Warn will be logged, but
-        // not printed to the terminal. 
-
-        jww.WARN.Println(err2)
-    }
-
-    // Information that’s relevant to what’s happening, but not very
-    // important for the user. Under the default thresholds this will be
-    // discarded.
-
-    jww.INFO.Printf("information %q", response)
-
-```
-
-NOTE: You can also use the library in a non-global setting by creating an instance of a Notebook:
-
-```go
-notepad = jww.NewNotepad(jww.LevelInfo, jww.LevelTrace, os.Stdout, ioutil.Discard, "", log.Ldate|log.Ltime)
-notepad.WARN.Println("Some warning"")
-```
-
-_Why 7 levels?_
-
-Maybe you think that 7 levels are too much for any application... and you
-are probably correct. Just because there are seven levels doesn’t mean
-that you should be using all 7 levels. Pick the right set for your needs.
-Remember they only have to mean something to your project.
-
-## Step 2. Optionally configure JWW
-
-Under the default thresholds :
-
- * Debug, Trace & Info goto /dev/null
- * Warn and above is logged (when a log file/io.Writer is provided)
- * Error and above is printed to the terminal (stdout)
-
-### Changing the thresholds
-
-The threshold can be changed at any time, but will only affect calls that
-execute after the change was made.
-
-This is very useful if your application has a verbose mode. Of course you
-can decide what verbose means to you or even have multiple levels of
-verbosity.
-
-
-```go
-    import (
-        jww "github.com/spf13/jwalterweatherman"
-    )
-
-    if Verbose {
-        jww.SetLogThreshold(jww.LevelTrace)
-        jww.SetStdoutThreshold(jww.LevelInfo)
-    }
-```
-
-Note that JWW's own internal output uses log levels as well, so set the log
-level before making any other calls if you want to see what it's up to.
-
-
-### Setting a log file
-
-JWW can log to any `io.Writer`:
-
-
-```go
-
-    jww.SetLogOutput(customWriter) 
-
-```
-
-
-# More information
-
-This is an early release. I’ve been using it for a while and this is the
-third interface I’ve tried. I like this one pretty well, but no guarantees
-that it won’t change a bit.
-
-I wrote this for use in [hugo](https://gohugo.io). If you are looking
-for a static website engine that’s super fast please checkout Hugo.
diff --git a/vendor/github.com/spf13/jwalterweatherman/default_notepad.go b/vendor/github.com/spf13/jwalterweatherman/default_notepad.go
deleted file mode 100644
index a018c15c4..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/default_notepad.go
+++ /dev/null
@@ -1,111 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"io"
-	"io/ioutil"
-	"log"
-	"os"
-)
-
-var (
-	TRACE    *log.Logger
-	DEBUG    *log.Logger
-	INFO     *log.Logger
-	WARN     *log.Logger
-	ERROR    *log.Logger
-	CRITICAL *log.Logger
-	FATAL    *log.Logger
-
-	LOG      *log.Logger
-	FEEDBACK *Feedback
-
-	defaultNotepad *Notepad
-)
-
-func reloadDefaultNotepad() {
-	TRACE = defaultNotepad.TRACE
-	DEBUG = defaultNotepad.DEBUG
-	INFO = defaultNotepad.INFO
-	WARN = defaultNotepad.WARN
-	ERROR = defaultNotepad.ERROR
-	CRITICAL = defaultNotepad.CRITICAL
-	FATAL = defaultNotepad.FATAL
-
-	LOG = defaultNotepad.LOG
-	FEEDBACK = defaultNotepad.FEEDBACK
-}
-
-func init() {
-	defaultNotepad = NewNotepad(LevelError, LevelWarn, os.Stdout, ioutil.Discard, "", log.Ldate|log.Ltime)
-	reloadDefaultNotepad()
-}
-
-// SetLogThreshold set the log threshold for the default notepad. Trace by default.
-func SetLogThreshold(threshold Threshold) {
-	defaultNotepad.SetLogThreshold(threshold)
-	reloadDefaultNotepad()
-}
-
-// SetLogOutput set the log output for the default notepad. Discarded by default.
-func SetLogOutput(handle io.Writer) {
-	defaultNotepad.SetLogOutput(handle)
-	reloadDefaultNotepad()
-}
-
-// SetStdoutThreshold set the standard output threshold for the default notepad.
-// Info by default.
-func SetStdoutThreshold(threshold Threshold) {
-	defaultNotepad.SetStdoutThreshold(threshold)
-	reloadDefaultNotepad()
-}
-
-// SetStdoutOutput set the stdout output for the default notepad. Default is stdout.
-func SetStdoutOutput(handle io.Writer) {
-	defaultNotepad.outHandle = handle
-	defaultNotepad.init()
-	reloadDefaultNotepad()
-}
-
-// SetPrefix set the prefix for the default logger. Empty by default.
-func SetPrefix(prefix string) {
-	defaultNotepad.SetPrefix(prefix)
-	reloadDefaultNotepad()
-}
-
-// SetFlags set the flags for the default logger. "log.Ldate | log.Ltime" by default.
-func SetFlags(flags int) {
-	defaultNotepad.SetFlags(flags)
-	reloadDefaultNotepad()
-}
-
-// SetLogListeners configures the default logger with one or more log listeners.
-func SetLogListeners(l ...LogListener) {
-	defaultNotepad.logListeners = l
-	defaultNotepad.init()
-	reloadDefaultNotepad()
-}
-
-// Level returns the current global log threshold.
-func LogThreshold() Threshold {
-	return defaultNotepad.logThreshold
-}
-
-// Level returns the current global output threshold.
-func StdoutThreshold() Threshold {
-	return defaultNotepad.stdoutThreshold
-}
-
-// GetStdoutThreshold returns the defined Treshold for the log logger.
-func GetLogThreshold() Threshold {
-	return defaultNotepad.GetLogThreshold()
-}
-
-// GetStdoutThreshold returns the Treshold for the stdout logger.
-func GetStdoutThreshold() Threshold {
-	return defaultNotepad.GetStdoutThreshold()
-}
diff --git a/vendor/github.com/spf13/jwalterweatherman/log_counter.go b/vendor/github.com/spf13/jwalterweatherman/log_counter.go
deleted file mode 100644
index 41285f3dc..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/log_counter.go
+++ /dev/null
@@ -1,46 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"io"
-	"sync/atomic"
-)
-
-// Counter is an io.Writer that increments a counter on Write.
-type Counter struct {
-	count uint64
-}
-
-func (c *Counter) incr() {
-	atomic.AddUint64(&c.count, 1)
-}
-
-// Reset resets the counter.
-func (c *Counter) Reset() {
-	atomic.StoreUint64(&c.count, 0)
-}
-
-// Count returns the current count.
-func (c *Counter) Count() uint64 {
-	return atomic.LoadUint64(&c.count)
-}
-
-func (c *Counter) Write(p []byte) (n int, err error) {
-	c.incr()
-	return len(p), nil
-}
-
-// LogCounter creates a LogListener that counts log statements >= the given threshold.
-func LogCounter(counter *Counter, t1 Threshold) LogListener {
-	return func(t2 Threshold) io.Writer {
-		if t2 < t1 {
-			// Not interested in this threshold.
-			return nil
-		}
-		return counter
-	}
-}
diff --git a/vendor/github.com/spf13/jwalterweatherman/notepad.go b/vendor/github.com/spf13/jwalterweatherman/notepad.go
deleted file mode 100644
index cc7957bf7..000000000
--- a/vendor/github.com/spf13/jwalterweatherman/notepad.go
+++ /dev/null
@@ -1,225 +0,0 @@
-// Copyright © 2016 Steve Francia <spf@spf13.com>.
-//
-// Use of this source code is governed by an MIT-style
-// license that can be found in the LICENSE file.
-
-package jwalterweatherman
-
-import (
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-)
-
-type Threshold int
-
-func (t Threshold) String() string {
-	return prefixes[t]
-}
-
-const (
-	LevelTrace Threshold = iota
-	LevelDebug
-	LevelInfo
-	LevelWarn
-	LevelError
-	LevelCritical
-	LevelFatal
-)
-
-var prefixes map[Threshold]string = map[Threshold]string{
-	LevelTrace:    "TRACE",
-	LevelDebug:    "DEBUG",
-	LevelInfo:     "INFO",
-	LevelWarn:     "WARN",
-	LevelError:    "ERROR",
-	LevelCritical: "CRITICAL",
-	LevelFatal:    "FATAL",
-}
-
-// Notepad is where you leave a note!
-type Notepad struct {
-	TRACE    *log.Logger
-	DEBUG    *log.Logger
-	INFO     *log.Logger
-	WARN     *log.Logger
-	ERROR    *log.Logger
-	CRITICAL *log.Logger
-	FATAL    *log.Logger
-
-	LOG      *log.Logger
-	FEEDBACK *Feedback
-
-	loggers         [7]**log.Logger
-	logHandle       io.Writer
-	outHandle       io.Writer
-	logThreshold    Threshold
-	stdoutThreshold Threshold
-	prefix          string
-	flags           int
-
-	logListeners []LogListener
-}
-
-// A LogListener can ble supplied to a Notepad to listen on log writes for a given
-// threshold. This can be used to capture log events in unit tests and similar.
-// Note that this function will be invoked once for each log threshold. If
-// the given threshold is not of interest to you, return nil.
-// Note that these listeners will receive log events for a given threshold, even
-// if the current configuration says not to log it. That way you can count ERRORs even
-// if you don't print them to the console.
-type LogListener func(t Threshold) io.Writer
-
-// NewNotepad creates a new Notepad.
-func NewNotepad(
-	outThreshold Threshold,
-	logThreshold Threshold,
-	outHandle, logHandle io.Writer,
-	prefix string, flags int,
-	logListeners ...LogListener,
-) *Notepad {
-
-	n := &Notepad{logListeners: logListeners}
-
-	n.loggers = [7]**log.Logger{&n.TRACE, &n.DEBUG, &n.INFO, &n.WARN, &n.ERROR, &n.CRITICAL, &n.FATAL}
-	n.outHandle = outHandle
-	n.logHandle = logHandle
-	n.stdoutThreshold = outThreshold
-	n.logThreshold = logThreshold
-
-	if len(prefix) != 0 {
-		n.prefix = "[" + prefix + "] "
-	} else {
-		n.prefix = ""
-	}
-
-	n.flags = flags
-
-	n.LOG = log.New(n.logHandle,
-		"LOG:   ",
-		n.flags)
-	n.FEEDBACK = &Feedback{out: log.New(outHandle, "", 0), log: n.LOG}
-
-	n.init()
-	return n
-}
-
-// init creates the loggers for each level depending on the notepad thresholds.
-func (n *Notepad) init() {
-	logAndOut := io.MultiWriter(n.outHandle, n.logHandle)
-
-	for t, logger := range n.loggers {
-		threshold := Threshold(t)
-		prefix := n.prefix + threshold.String() + " "
-
-		switch {
-		case threshold >= n.logThreshold && threshold >= n.stdoutThreshold:
-			*logger = log.New(n.createLogWriters(threshold, logAndOut), prefix, n.flags)
-
-		case threshold >= n.logThreshold:
-			*logger = log.New(n.createLogWriters(threshold, n.logHandle), prefix, n.flags)
-
-		case threshold >= n.stdoutThreshold:
-			*logger = log.New(n.createLogWriters(threshold, n.outHandle), prefix, n.flags)
-
-		default:
-			*logger = log.New(n.createLogWriters(threshold, ioutil.Discard), prefix, n.flags)
-		}
-	}
-}
-
-func (n *Notepad) createLogWriters(t Threshold, handle io.Writer) io.Writer {
-	if len(n.logListeners) == 0 {
-		return handle
-	}
-	writers := []io.Writer{handle}
-	for _, l := range n.logListeners {
-		w := l(t)
-		if w != nil {
-			writers = append(writers, w)
-		}
-	}
-
-	if len(writers) == 1 {
-		return handle
-	}
-
-	return io.MultiWriter(writers...)
-}
-
-// SetLogThreshold changes the threshold above which messages are written to the
-// log file.
-func (n *Notepad) SetLogThreshold(threshold Threshold) {
-	n.logThreshold = threshold
-	n.init()
-}
-
-// SetLogOutput changes the file where log messages are written.
-func (n *Notepad) SetLogOutput(handle io.Writer) {
-	n.logHandle = handle
-	n.init()
-}
-
-// GetStdoutThreshold returns the defined Treshold for the log logger.
-func (n *Notepad) GetLogThreshold() Threshold {
-	return n.logThreshold
-}
-
-// SetStdoutThreshold changes the threshold above which messages are written to the
-// standard output.
-func (n *Notepad) SetStdoutThreshold(threshold Threshold) {
-	n.stdoutThreshold = threshold
-	n.init()
-}
-
-// GetStdoutThreshold returns the Treshold for the stdout logger.
-func (n *Notepad) GetStdoutThreshold() Threshold {
-	return n.stdoutThreshold
-}
-
-// SetPrefix changes the prefix used by the notepad. Prefixes are displayed between
-// brackets at the beginning of the line. An empty prefix won't be displayed at all.
-func (n *Notepad) SetPrefix(prefix string) {
-	if len(prefix) != 0 {
-		n.prefix = "[" + prefix + "] "
-	} else {
-		n.prefix = ""
-	}
-	n.init()
-}
-
-// SetFlags choose which flags the logger will display (after prefix and message
-// level). See the package log for more informations on this.
-func (n *Notepad) SetFlags(flags int) {
-	n.flags = flags
-	n.init()
-}
-
-// Feedback writes plainly to the outHandle while
-// logging with the standard extra information (date, file, etc).
-type Feedback struct {
-	out *log.Logger
-	log *log.Logger
-}
-
-func (fb *Feedback) Println(v ...interface{}) {
-	fb.output(fmt.Sprintln(v...))
-}
-
-func (fb *Feedback) Printf(format string, v ...interface{}) {
-	fb.output(fmt.Sprintf(format, v...))
-}
-
-func (fb *Feedback) Print(v ...interface{}) {
-	fb.output(fmt.Sprint(v...))
-}
-
-func (fb *Feedback) output(s string) {
-	if fb.out != nil {
-		fb.out.Output(2, s)
-	}
-	if fb.log != nil {
-		fb.log.Output(2, s)
-	}
-}
diff --git a/vendor/github.com/spf13/viper/.editorconfig b/vendor/github.com/spf13/viper/.editorconfig
index 6d0b6d356..1f664d13a 100644
--- a/vendor/github.com/spf13/viper/.editorconfig
+++ b/vendor/github.com/spf13/viper/.editorconfig
@@ -13,3 +13,6 @@ indent_style = tab
 
 [{Makefile,*.mk}]
 indent_style = tab
+
+[*.nix]
+indent_size = 2
diff --git a/vendor/github.com/spf13/viper/.envrc b/vendor/github.com/spf13/viper/.envrc
new file mode 100644
index 000000000..3ce7171a3
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.envrc
@@ -0,0 +1,4 @@
+if ! has nix_direnv_version || ! nix_direnv_version 2.3.0; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.3.0/direnvrc" "sha256-Dmd+j63L84wuzgyjITIfSxSD57Tx7v51DMxVZOsiUD8="
+fi
+use flake . --impure
diff --git a/vendor/github.com/spf13/viper/.gitignore b/vendor/github.com/spf13/viper/.gitignore
index 896250839..f1bbd4280 100644
--- a/vendor/github.com/spf13/viper/.gitignore
+++ b/vendor/github.com/spf13/viper/.gitignore
@@ -1,4 +1,7 @@
+/.devenv/
+/.direnv/
 /.idea/
+/.pre-commit-config.yaml
 /bin/
 /build/
 /var/
diff --git a/vendor/github.com/spf13/viper/.golangci.yaml b/vendor/github.com/spf13/viper/.golangci.yaml
index 16e039652..acd9eebac 100644
--- a/vendor/github.com/spf13/viper/.golangci.yaml
+++ b/vendor/github.com/spf13/viper/.golangci.yaml
@@ -16,7 +16,6 @@ linters:
     disable-all: true
     enable:
         - bodyclose
-        - deadcode
         - dogsled
         - dupl
         - durationcheck
@@ -43,14 +42,12 @@ linters:
         - rowserrcheck
         - sqlclosecheck
         - staticcheck
-        - structcheck
         - stylecheck
         - tparallel
         - typecheck
         - unconvert
         - unparam
         - unused
-        - varcheck
         - wastedassign
         - whitespace
 
@@ -83,6 +80,11 @@ linters:
         # - goheader
         # - gomodguard
 
+        # deprecated
+        # - deadcode
+        # - structcheck
+        # - varcheck
+
         # don't enable:
         # - asciicheck
         # - funlen
diff --git a/vendor/github.com/spf13/viper/.yamlignore b/vendor/github.com/spf13/viper/.yamlignore
new file mode 100644
index 000000000..c04c4dead
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.yamlignore
@@ -0,0 +1,2 @@
+# TODO: FIXME
+/.github/
diff --git a/vendor/github.com/spf13/viper/.yamllint.yaml b/vendor/github.com/spf13/viper/.yamllint.yaml
new file mode 100644
index 000000000..bac19ce18
--- /dev/null
+++ b/vendor/github.com/spf13/viper/.yamllint.yaml
@@ -0,0 +1,6 @@
+ignore-from-file: [.gitignore, .yamlignore]
+
+extends: default
+
+rules:
+  line-length: disable
diff --git a/vendor/github.com/spf13/viper/Makefile b/vendor/github.com/spf13/viper/Makefile
index 3f4234d33..a77b9c81c 100644
--- a/vendor/github.com/spf13/viper/Makefile
+++ b/vendor/github.com/spf13/viper/Makefile
@@ -15,8 +15,8 @@ TEST_FORMAT = short-verbose
 endif
 
 # Dependency versions
-GOTESTSUM_VERSION = 1.8.0
-GOLANGCI_VERSION = 1.50.1
+GOTESTSUM_VERSION = 1.9.0
+GOLANGCI_VERSION = 1.53.3
 
 # Add the ability to override some variables
 # Use with care
@@ -29,11 +29,6 @@ clear: ## Clear the working area and the project
 .PHONY: check
 check: test lint ## Run tests and linters
 
-bin/gotestsum: bin/gotestsum-${GOTESTSUM_VERSION}
-	@ln -sf gotestsum-${GOTESTSUM_VERSION} bin/gotestsum
-bin/gotestsum-${GOTESTSUM_VERSION}:
-	@mkdir -p bin
-	curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum-${GOTESTSUM_VERSION} && chmod +x ./bin/gotestsum-${GOTESTSUM_VERSION}
 
 TEST_PKGS ?= ./...
 .PHONY: test
@@ -44,20 +39,36 @@ test: bin/gotestsum ## Run tests
 	@mkdir -p ${BUILD_DIR}
 	bin/gotestsum --no-summary=skipped --junitfile ${BUILD_DIR}/coverage.xml --format ${TEST_FORMAT} -- -race -coverprofile=${BUILD_DIR}/coverage.txt -covermode=atomic $(filter-out -v,${GOARGS}) $(if ${TEST_PKGS},${TEST_PKGS},./...)
 
-bin/golangci-lint: bin/golangci-lint-${GOLANGCI_VERSION}
-	@ln -sf golangci-lint-${GOLANGCI_VERSION} bin/golangci-lint
-bin/golangci-lint-${GOLANGCI_VERSION}:
+.PHONY: lint
+lint: lint-go lint-yaml
+lint: ## Run linters
+
+.PHONY: lint-go
+lint-go:
+	golangci-lint run $(if ${CI},--out-format github-actions,)
+
+.PHONY: lint-yaml
+lint-yaml:
+	yamllint $(if ${CI},-f github,) --no-warnings .
+
+.PHONY: fmt
+fmt: ## Format code
+	golangci-lint run --fix
+
+deps: bin/golangci-lint bin/gotestsum yamllint
+deps: ## Install dependencies
+
+bin/gotestsum:
 	@mkdir -p bin
-	curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b ./bin/ v${GOLANGCI_VERSION}
-	@mv bin/golangci-lint "$@"
+	curl -L https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_${OS}_amd64.tar.gz | tar -zOxf - gotestsum > ./bin/gotestsum && chmod +x ./bin/gotestsum
 
-.PHONY: lint
-lint: bin/golangci-lint ## Run linter
-	bin/golangci-lint run
+bin/golangci-lint:
+	@mkdir -p bin
+	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- v${GOLANGCI_VERSION}
 
-.PHONY: fix
-fix: bin/golangci-lint ## Fix lint violations
-	bin/golangci-lint run --fix
+.PHONY: yamllint
+yamllint:
+	pip3 install --user yamllint
 
 # Add custom targets here
 -include custom.mk
diff --git a/vendor/github.com/spf13/viper/README.md b/vendor/github.com/spf13/viper/README.md
index cd3929052..78102fbe2 100644
--- a/vendor/github.com/spf13/viper/README.md
+++ b/vendor/github.com/spf13/viper/README.md
@@ -11,7 +11,7 @@
 [![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/spf13/viper/ci.yaml?branch=master&style=flat-square)](https://github.com/spf13/viper/actions?query=workflow%3ACI)
 [![Join the chat at https://gitter.im/spf13/viper](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/spf13/viper?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 [![Go Report Card](https://goreportcard.com/badge/github.com/spf13/viper?style=flat-square)](https://goreportcard.com/report/github.com/spf13/viper)
-![Go Version](https://img.shields.io/badge/go%20version-%3E=1.16-61CFDD.svg?style=flat-square)
+![Go Version](https://img.shields.io/badge/go%20version-%3E=1.19-61CFDD.svg?style=flat-square)
 [![PkgGoDev](https://pkg.go.dev/badge/mod/github.com/spf13/viper)](https://pkg.go.dev/mod/github.com/spf13/viper)
 
 **Go configuration with fangs!**
@@ -27,6 +27,10 @@ Many Go projects are built using Viper including:
 * [doctl](https://github.com/digitalocean/doctl)
 * [Clairctl](https://github.com/jgsqware/clairctl)
 * [Mercure](https://mercure.rocks)
+* [Meshery](https://github.com/meshery/meshery)
+* [Bearer](https://github.com/bearer/bearer)
+* [Coder](https://github.com/coder/coder)
+* [Vitess](https://vitess.io/)
 
 
 ## Install
@@ -137,7 +141,7 @@ if err := viper.ReadInConfig(); err != nil {
 // Config file found and successfully parsed
 ```
 
-*NOTE [since 1.6]:* You can also have a file without an extension and specify the format programmaticaly. For those configuration files that lie in the home of the user without any extension like `.bashrc`
+*NOTE [since 1.6]:* You can also have a file without an extension and specify the format programmatically. For those configuration files that lie in the home of the user without any extension like `.bashrc`
 
 ### Writing Config Files
 
@@ -218,6 +222,7 @@ These could be from a command line flag, or from your own application logic.
 ```go
 viper.Set("Verbose", true)
 viper.Set("LogFile", LogFile)
+viper.Set("host.port", 5899)   // set subset
 ```
 
 ### Registering and Using Aliases
@@ -484,6 +489,15 @@ err := viper.ReadRemoteConfig()
 
 Of course, you're allowed to use `SecureRemoteProvider` also
 
+
+#### NATS
+
+```go
+viper.AddRemoteProvider("nats", "nats://127.0.0.1:4222", "myapp.config")
+viper.SetConfigType("json")
+err := viper.ReadRemoteConfig()
+```
+
 ### Remote Key/Value Store Example - Encrypted
 
 ```go
@@ -531,19 +545,19 @@ go func(){
 In Viper, there are a few ways to get a value depending on the value’s type.
 The following functions and methods exist:
 
- * `Get(key string) : interface{}`
+ * `Get(key string) : any`
  * `GetBool(key string) : bool`
  * `GetFloat64(key string) : float64`
  * `GetInt(key string) : int`
  * `GetIntSlice(key string) : []int`
  * `GetString(key string) : string`
- * `GetStringMap(key string) : map[string]interface{}`
+ * `GetStringMap(key string) : map[string]any`
  * `GetStringMapString(key string) : map[string]string`
  * `GetStringSlice(key string) : []string`
  * `GetTime(key string) : time.Time`
  * `GetDuration(key string) : time.Duration`
  * `IsSet(key string) : bool`
- * `AllSettings() : map[string]interface{}`
+ * `AllSettings() : map[string]any`
 
 One important thing to recognize is that each Get function will return a zero
 value if it’s not found. To check if a given key exists, the `IsSet()` method
@@ -706,8 +720,8 @@ etc.
 
 There are two methods to do this:
 
- * `Unmarshal(rawVal interface{}) : error`
- * `UnmarshalKey(key string, rawVal interface{}) : error`
+ * `Unmarshal(rawVal any) : error`
+ * `UnmarshalKey(key string, rawVal any) : error`
 
 Example:
 
@@ -732,9 +746,9 @@ you have to change the delimiter:
 ```go
 v := viper.NewWithOptions(viper.KeyDelimiter("::"))
 
-v.SetDefault("chart::values", map[string]interface{}{
-	"ingress": map[string]interface{}{
-		"annotations": map[string]interface{}{
+v.SetDefault("chart::values", map[string]any{
+	"ingress": map[string]any{
+		"annotations": map[string]any{
 			"traefik.frontend.rule.type":                 "PathPrefix",
 			"traefik.ingress.kubernetes.io/ssl-redirect": "true",
 		},
@@ -743,7 +757,7 @@ v.SetDefault("chart::values", map[string]interface{}{
 
 type config struct {
 	Chart struct{
-		Values map[string]interface{}
+		Values map[string]any
 	}
 }
 
@@ -879,3 +893,31 @@ No, you will need to synchronize access to the viper yourself (for example by us
 ## Troubleshooting
 
 See [TROUBLESHOOTING.md](TROUBLESHOOTING.md).
+
+## Development
+
+**For an optimal developer experience, it is recommended to install [Nix](https://nixos.org/download.html) and [direnv](https://direnv.net/docs/installation.html).**
+
+_Alternatively, install [Go](https://go.dev/dl/) on your computer then run `make deps` to install the rest of the dependencies._
+
+Run the test suite:
+
+```shell
+make test
+```
+
+Run linters:
+
+```shell
+make lint # pass -j option to run them in parallel
+```
+
+Some linter violations can automatically be fixed:
+
+```shell
+make fmt
+```
+
+## License
+
+The project is licensed under the [MIT License](LICENSE).
diff --git a/vendor/github.com/spf13/viper/experimental_logger.go b/vendor/github.com/spf13/viper/experimental_logger.go
deleted file mode 100644
index 206dad6a0..000000000
--- a/vendor/github.com/spf13/viper/experimental_logger.go
+++ /dev/null
@@ -1,11 +0,0 @@
-//go:build viper_logger
-// +build viper_logger
-
-package viper
-
-// WithLogger sets a custom logger.
-func WithLogger(l Logger) Option {
-	return optionFunc(func(v *Viper) {
-		v.logger = l
-	})
-}
diff --git a/vendor/github.com/spf13/viper/flags.go b/vendor/github.com/spf13/viper/flags.go
index b5ddbf5d4..ddb4da602 100644
--- a/vendor/github.com/spf13/viper/flags.go
+++ b/vendor/github.com/spf13/viper/flags.go
@@ -30,7 +30,7 @@ func (p pflagValueSet) VisitAll(fn func(flag FlagValue)) {
 	})
 }
 
-// pflagValue is a wrapper aroung *pflag.flag
+// pflagValue is a wrapper around *pflag.flag
 // that implements FlagValue
 type pflagValue struct {
 	flag *pflag.Flag
diff --git a/vendor/github.com/spf13/viper/flake.lock b/vendor/github.com/spf13/viper/flake.lock
new file mode 100644
index 000000000..78da51090
--- /dev/null
+++ b/vendor/github.com/spf13/viper/flake.lock
@@ -0,0 +1,255 @@
+{
+  "nodes": {
+    "devenv": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix": "nix",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1687972261,
+        "narHash": "sha256-+mxvZfwMVoaZYETmuQWqTi/7T9UKoAE+WpdSQkOVJ2g=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "e85df562088573305e55906eaa964341f8cb0d9f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1687762428,
+        "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1676545802,
+        "narHash": "sha256-EK4rZ+Hd5hsvXnzSzk2ikhStJnD63odF7SzsQ8CuSPU=",
+        "owner": "domenkozar",
+        "repo": "nix",
+        "rev": "7c91803598ffbcfe4a55c44ac6d49b2cf07a527f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "domenkozar",
+        "ref": "relaxed-flakes",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1678875422,
+        "narHash": "sha256-T3o6NcQPwXjxJMn2shz86Chch4ljXgZn746c2caGxd8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "126f49a01de5b7e35a43fd43f891ecf6d3a51459",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "dir": "lib",
+        "lastModified": 1685564631,
+        "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1678872516,
+        "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1687886075,
+        "narHash": "sha256-PeayJDDDy+uw1Ats4moZnRdL1OFuZm1Tj+KiHlD67+o=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a565059a348422af5af9026b5174dc5c0dcefdae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1686050334,
+        "narHash": "sha256-R0mczWjDzBpIvM3XXhO908X5e2CQqjyh/gFbwZk/7/Q=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "6881eb2ae5d8a3516e34714e7a90d9d95914c4dc",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs_2"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/vendor/github.com/spf13/viper/flake.nix b/vendor/github.com/spf13/viper/flake.nix
new file mode 100644
index 000000000..9b26c3fcf
--- /dev/null
+++ b/vendor/github.com/spf13/viper/flake.nix
@@ -0,0 +1,56 @@
+{
+  description = "Viper";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    flake-parts.url = "github:hercules-ci/flake-parts";
+    devenv.url = "github:cachix/devenv";
+  };
+
+  outputs = inputs@{ flake-parts, ... }:
+    flake-parts.lib.mkFlake { inherit inputs; } {
+      imports = [
+        inputs.devenv.flakeModule
+      ];
+
+      systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-darwin" ];
+
+      perSystem = { config, self', inputs', pkgs, system, ... }: rec {
+        devenv.shells = {
+          default = {
+            languages = {
+              go.enable = true;
+            };
+
+            pre-commit.hooks = {
+              nixpkgs-fmt.enable = true;
+              yamllint.enable = true;
+            };
+
+            packages = with pkgs; [
+              gnumake
+
+              golangci-lint
+              yamllint
+            ];
+
+            scripts = {
+              versions.exec = ''
+                go version
+                golangci-lint version
+              '';
+            };
+
+            enterShell = ''
+              versions
+            '';
+
+            # https://github.com/cachix/devenv/issues/528#issuecomment-1556108767
+            containers = pkgs.lib.mkForce { };
+          };
+
+          ci = devenv.shells.default;
+        };
+      };
+    };
+}
diff --git a/vendor/github.com/spf13/viper/fs.go b/vendor/github.com/spf13/viper/fs.go
deleted file mode 100644
index ecb1769e5..000000000
--- a/vendor/github.com/spf13/viper/fs.go
+++ /dev/null
@@ -1,65 +0,0 @@
-//go:build go1.16 && finder
-// +build go1.16,finder
-
-package viper
-
-import (
-	"errors"
-	"io/fs"
-	"path"
-)
-
-type finder struct {
-	paths      []string
-	fileNames  []string
-	extensions []string
-
-	withoutExtension bool
-}
-
-func (f finder) Find(fsys fs.FS) (string, error) {
-	for _, searchPath := range f.paths {
-		for _, fileName := range f.fileNames {
-			for _, extension := range f.extensions {
-				filePath := path.Join(searchPath, fileName+"."+extension)
-
-				ok, err := fileExists(fsys, filePath)
-				if err != nil {
-					return "", err
-				}
-
-				if ok {
-					return filePath, nil
-				}
-			}
-
-			if f.withoutExtension {
-				filePath := path.Join(searchPath, fileName)
-
-				ok, err := fileExists(fsys, filePath)
-				if err != nil {
-					return "", err
-				}
-
-				if ok {
-					return filePath, nil
-				}
-			}
-		}
-	}
-
-	return "", nil
-}
-
-func fileExists(fsys fs.FS, filePath string) (bool, error) {
-	fileInfo, err := fs.Stat(fsys, filePath)
-	if err == nil {
-		return !fileInfo.IsDir(), nil
-	}
-
-	if errors.Is(err, fs.ErrNotExist) {
-		return false, nil
-	}
-
-	return false, err
-}
diff --git a/vendor/github.com/spf13/viper/internal/encoding/decoder.go b/vendor/github.com/spf13/viper/internal/encoding/decoder.go
index f472e9ff1..8a7b1dbc9 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/decoder.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/decoder.go
@@ -5,9 +5,9 @@ import (
 )
 
 // Decoder decodes the contents of b into v.
-// It's primarily used for decoding contents of a file into a map[string]interface{}.
+// It's primarily used for decoding contents of a file into a map[string]any.
 type Decoder interface {
-	Decode(b []byte, v map[string]interface{}) error
+	Decode(b []byte, v map[string]any) error
 }
 
 const (
@@ -48,7 +48,7 @@ func (e *DecoderRegistry) RegisterDecoder(format string, enc Decoder) error {
 }
 
 // Decode calls the underlying Decoder based on the format.
-func (e *DecoderRegistry) Decode(format string, b []byte, v map[string]interface{}) error {
+func (e *DecoderRegistry) Decode(format string, b []byte, v map[string]any) error {
 	e.mu.RLock()
 	decoder, ok := e.decoders[format]
 	e.mu.RUnlock()
diff --git a/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go b/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
index 4485063b6..3ebc76f02 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/dotenv/codec.go
@@ -15,8 +15,8 @@ const keyDelimiter = "_"
 // (commonly called as dotenv format).
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
-	flattened := map[string]interface{}{}
+func (Codec) Encode(v map[string]any) ([]byte, error) {
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", keyDelimiter)
 
@@ -40,7 +40,7 @@ func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	var buf bytes.Buffer
 
 	_, err := buf.Write(b)
diff --git a/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
index ce6e6efa3..1340c7308 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/dotenv/map_utils.go
@@ -7,27 +7,27 @@ import (
 )
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/encoder.go b/vendor/github.com/spf13/viper/internal/encoding/encoder.go
index 2341bf235..659585962 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/encoder.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/encoder.go
@@ -5,9 +5,9 @@ import (
 )
 
 // Encoder encodes the contents of v into a byte representation.
-// It's primarily used for encoding a map[string]interface{} into a file format.
+// It's primarily used for encoding a map[string]any into a file format.
 type Encoder interface {
-	Encode(v map[string]interface{}) ([]byte, error)
+	Encode(v map[string]any) ([]byte, error)
 }
 
 const (
@@ -47,7 +47,7 @@ func (e *EncoderRegistry) RegisterEncoder(format string, enc Encoder) error {
 	return nil
 }
 
-func (e *EncoderRegistry) Encode(format string, v map[string]interface{}) ([]byte, error) {
+func (e *EncoderRegistry) Encode(format string, v map[string]any) ([]byte, error) {
 	e.mu.RLock()
 	encoder, ok := e.encoders[format]
 	e.mu.RUnlock()
diff --git a/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go b/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
index 7fde8e4bc..d7fa8a1b7 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/hcl/codec.go
@@ -12,7 +12,7 @@ import (
 // TODO: add printer config to the codec?
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	b, err := json.Marshal(v)
 	if err != nil {
 		return nil, err
@@ -35,6 +35,6 @@ func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return hcl.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go b/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
index 9acd87fc3..d91cf59d2 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/ini/codec.go
@@ -19,11 +19,11 @@ type Codec struct {
 	LoadOptions  LoadOptions
 }
 
-func (c Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (c Codec) Encode(v map[string]any) ([]byte, error) {
 	cfg := ini.Empty()
 	ini.PrettyFormat = false
 
-	flattened := map[string]interface{}{}
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", c.keyDelimiter())
 
@@ -62,7 +62,7 @@ func (c Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (c Codec) Decode(b []byte, v map[string]interface{}) error {
+func (c Codec) Decode(b []byte, v map[string]any) error {
 	cfg := ini.Empty(c.LoadOptions)
 
 	err := cfg.Append(b)
diff --git a/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
index 8329856b5..c1919a386 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/ini/map_utils.go
@@ -15,22 +15,22 @@ import (
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
@@ -40,27 +40,27 @@ func deepSearch(m map[string]interface{}, path []string) map[string]interface{}
 }
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
index b8a2251c1..e92e5172c 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/codec.go
@@ -20,12 +20,12 @@ type Codec struct {
 	Properties *properties.Properties
 }
 
-func (c *Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (c *Codec) Encode(v map[string]any) ([]byte, error) {
 	if c.Properties == nil {
 		c.Properties = properties.NewProperties()
 	}
 
-	flattened := map[string]interface{}{}
+	flattened := map[string]any{}
 
 	flattened = flattenAndMergeMap(flattened, v, "", c.keyDelimiter())
 
@@ -54,7 +54,7 @@ func (c *Codec) Encode(v map[string]interface{}) ([]byte, error) {
 	return buf.Bytes(), nil
 }
 
-func (c *Codec) Decode(b []byte, v map[string]interface{}) error {
+func (c *Codec) Decode(b []byte, v map[string]any) error {
 	var err error
 	c.Properties, err = properties.Load(b, properties.UTF8)
 	if err != nil {
diff --git a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
index 93755cac1..8386920aa 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/javaproperties/map_utils.go
@@ -15,22 +15,22 @@ import (
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
@@ -40,27 +40,27 @@ func deepSearch(m map[string]interface{}, path []string) map[string]interface{}
 }
 
 // flattenAndMergeMap recursively flattens the given map into a new map
-// Code is based on the function with the same name in tha main package.
+// Code is based on the function with the same name in the main package.
 // TODO: move it to a common place
-func flattenAndMergeMap(shadow map[string]interface{}, m map[string]interface{}, prefix string, delimiter string) map[string]interface{} {
+func flattenAndMergeMap(shadow map[string]any, m map[string]any, prefix string, delimiter string) map[string]any {
 	if shadow != nil && prefix != "" && shadow[prefix] != nil {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
 	}
 	if shadow == nil {
-		shadow = make(map[string]interface{})
+		shadow = make(map[string]any)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += delimiter
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
diff --git a/vendor/github.com/spf13/viper/internal/encoding/json/codec.go b/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
index 1b7caaceb..da7546b5a 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/json/codec.go
@@ -7,11 +7,11 @@ import (
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for JSON encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	// TODO: expose prefix and indent in the Codec as setting?
 	return json.MarshalIndent(v, "", "  ")
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return json.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go b/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
index a993c5994..c70aa8d28 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/toml/codec.go
@@ -7,10 +7,10 @@ import (
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for TOML encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	return toml.Marshal(v)
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return toml.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go b/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
index 82dc136a3..036879249 100644
--- a/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
+++ b/vendor/github.com/spf13/viper/internal/encoding/yaml/codec.go
@@ -5,10 +5,10 @@ import "gopkg.in/yaml.v3"
 // Codec implements the encoding.Encoder and encoding.Decoder interfaces for YAML encoding.
 type Codec struct{}
 
-func (Codec) Encode(v map[string]interface{}) ([]byte, error) {
+func (Codec) Encode(v map[string]any) ([]byte, error) {
 	return yaml.Marshal(v)
 }
 
-func (Codec) Decode(b []byte, v map[string]interface{}) error {
+func (Codec) Decode(b []byte, v map[string]any) error {
 	return yaml.Unmarshal(b, &v)
 }
diff --git a/vendor/github.com/spf13/viper/logger.go b/vendor/github.com/spf13/viper/logger.go
index a64e1446c..8938053b3 100644
--- a/vendor/github.com/spf13/viper/logger.go
+++ b/vendor/github.com/spf13/viper/logger.go
@@ -1,77 +1,68 @@
 package viper
 
 import (
-	"fmt"
+	"context"
 
-	jww "github.com/spf13/jwalterweatherman"
+	slog "github.com/sagikazarmark/slog-shim"
 )
 
 // Logger is a unified interface for various logging use cases and practices, including:
 //   - leveled logging
 //   - structured logging
+//
+// Deprecated: use `log/slog` instead.
 type Logger interface {
 	// Trace logs a Trace event.
 	//
 	// Even more fine-grained information than Debug events.
 	// Loggers not supporting this level should fall back to Debug.
-	Trace(msg string, keyvals ...interface{})
+	Trace(msg string, keyvals ...any)
 
 	// Debug logs a Debug event.
 	//
 	// A verbose series of information events.
 	// They are useful when debugging the system.
-	Debug(msg string, keyvals ...interface{})
+	Debug(msg string, keyvals ...any)
 
 	// Info logs an Info event.
 	//
 	// General information about what's happening inside the system.
-	Info(msg string, keyvals ...interface{})
+	Info(msg string, keyvals ...any)
 
 	// Warn logs a Warn(ing) event.
 	//
 	// Non-critical events that should be looked at.
-	Warn(msg string, keyvals ...interface{})
+	Warn(msg string, keyvals ...any)
 
 	// Error logs an Error event.
 	//
 	// Critical events that require immediate attention.
 	// Loggers commonly provide Fatal and Panic levels above Error level,
-	// but exiting and panicing is out of scope for a logging library.
-	Error(msg string, keyvals ...interface{})
+	// but exiting and panicking is out of scope for a logging library.
+	Error(msg string, keyvals ...any)
 }
 
-type jwwLogger struct{}
-
-func (jwwLogger) Trace(msg string, keyvals ...interface{}) {
-	jww.TRACE.Printf(jwwLogMessage(msg, keyvals...))
+// WithLogger sets a custom logger.
+func WithLogger(l *slog.Logger) Option {
+	return optionFunc(func(v *Viper) {
+		v.logger = l
+	})
 }
 
-func (jwwLogger) Debug(msg string, keyvals ...interface{}) {
-	jww.DEBUG.Printf(jwwLogMessage(msg, keyvals...))
-}
+type discardHandler struct{}
 
-func (jwwLogger) Info(msg string, keyvals ...interface{}) {
-	jww.INFO.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) Enabled(_ context.Context, _ slog.Level) bool {
+	return false
 }
 
-func (jwwLogger) Warn(msg string, keyvals ...interface{}) {
-	jww.WARN.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) Handle(_ context.Context, _ slog.Record) error {
+	return nil
 }
 
-func (jwwLogger) Error(msg string, keyvals ...interface{}) {
-	jww.ERROR.Printf(jwwLogMessage(msg, keyvals...))
+func (n *discardHandler) WithAttrs(_ []slog.Attr) slog.Handler {
+	return n
 }
 
-func jwwLogMessage(msg string, keyvals ...interface{}) string {
-	out := msg
-
-	if len(keyvals) > 0 && len(keyvals)%2 == 1 {
-		keyvals = append(keyvals, nil)
-	}
-
-	for i := 0; i <= len(keyvals)-2; i += 2 {
-		out = fmt.Sprintf("%s %v=%v", out, keyvals[i], keyvals[i+1])
-	}
-
-	return out
+func (n *discardHandler) WithGroup(_ string) slog.Handler {
+	return n
 }
diff --git a/vendor/github.com/spf13/viper/util.go b/vendor/github.com/spf13/viper/util.go
index 64e657505..52116ac44 100644
--- a/vendor/github.com/spf13/viper/util.go
+++ b/vendor/github.com/spf13/viper/util.go
@@ -18,6 +18,7 @@ import (
 	"strings"
 	"unicode"
 
+	slog "github.com/sagikazarmark/slog-shim"
 	"github.com/spf13/cast"
 )
 
@@ -31,13 +32,18 @@ func (pe ConfigParseError) Error() string {
 	return fmt.Sprintf("While parsing config: %s", pe.err.Error())
 }
 
+// Unwrap returns the wrapped error.
+func (pe ConfigParseError) Unwrap() error {
+	return pe.err
+}
+
 // toCaseInsensitiveValue checks if the value is a  map;
 // if so, create a copy and lower-case the keys recursively.
-func toCaseInsensitiveValue(value interface{}) interface{} {
+func toCaseInsensitiveValue(value any) any {
 	switch v := value.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		value = copyAndInsensitiviseMap(cast.ToStringMap(v))
-	case map[string]interface{}:
+	case map[string]any:
 		value = copyAndInsensitiviseMap(v)
 	}
 
@@ -46,15 +52,15 @@ func toCaseInsensitiveValue(value interface{}) interface{} {
 
 // copyAndInsensitiviseMap behaves like insensitiviseMap, but creates a copy of
 // any map it makes case insensitive.
-func copyAndInsensitiviseMap(m map[string]interface{}) map[string]interface{} {
-	nm := make(map[string]interface{})
+func copyAndInsensitiviseMap(m map[string]any) map[string]any {
+	nm := make(map[string]any)
 
 	for key, val := range m {
 		lkey := strings.ToLower(key)
 		switch v := val.(type) {
-		case map[interface{}]interface{}:
+		case map[any]any:
 			nm[lkey] = copyAndInsensitiviseMap(cast.ToStringMap(v))
-		case map[string]interface{}:
+		case map[string]any:
 			nm[lkey] = copyAndInsensitiviseMap(v)
 		default:
 			nm[lkey] = v
@@ -64,23 +70,23 @@ func copyAndInsensitiviseMap(m map[string]interface{}) map[string]interface{} {
 	return nm
 }
 
-func insensitiviseVal(val interface{}) interface{} {
-	switch val.(type) {
-	case map[interface{}]interface{}:
+func insensitiviseVal(val any) any {
+	switch v := val.(type) {
+	case map[any]any:
 		// nested map: cast and recursively insensitivise
 		val = cast.ToStringMap(val)
-		insensitiviseMap(val.(map[string]interface{}))
-	case map[string]interface{}:
+		insensitiviseMap(val.(map[string]any))
+	case map[string]any:
 		// nested map: recursively insensitivise
-		insensitiviseMap(val.(map[string]interface{}))
-	case []interface{}:
+		insensitiviseMap(v)
+	case []any:
 		// nested array: recursively insensitivise
-		insensitiveArray(val.([]interface{}))
+		insensitiveArray(v)
 	}
 	return val
 }
 
-func insensitiviseMap(m map[string]interface{}) {
+func insensitiviseMap(m map[string]any) {
 	for key, val := range m {
 		val = insensitiviseVal(val)
 		lower := strings.ToLower(key)
@@ -93,13 +99,13 @@ func insensitiviseMap(m map[string]interface{}) {
 	}
 }
 
-func insensitiveArray(a []interface{}) {
+func insensitiveArray(a []any) {
 	for i, val := range a {
 		a[i] = insensitiviseVal(val)
 	}
 }
 
-func absPathify(logger Logger, inPath string) string {
+func absPathify(logger *slog.Logger, inPath string) string {
 	logger.Info("trying to resolve absolute path", "path", inPath)
 
 	if inPath == "$HOME" || strings.HasPrefix(inPath, "$HOME"+string(os.PathSeparator)) {
@@ -192,22 +198,22 @@ func parseSizeInBytes(sizeStr string) uint {
 // In case intermediate keys do not exist, or map to a non-map value,
 // a new map is created and inserted, and the search continues from there:
 // the initial map "m" may be modified!
-func deepSearch(m map[string]interface{}, path []string) map[string]interface{} {
+func deepSearch(m map[string]any, path []string) map[string]any {
 	for _, k := range path {
 		m2, ok := m[k]
 		if !ok {
 			// intermediate key does not exist
 			// => create it and continue from there
-			m3 := make(map[string]interface{})
+			m3 := make(map[string]any)
 			m[k] = m3
 			m = m3
 			continue
 		}
-		m3, ok := m2.(map[string]interface{})
+		m3, ok := m2.(map[string]any)
 		if !ok {
 			// intermediate key is a value
 			// => replace with a new map
-			m3 = make(map[string]interface{})
+			m3 = make(map[string]any)
 			m[k] = m3
 		}
 		// continue search from here
diff --git a/vendor/github.com/spf13/viper/viper.go b/vendor/github.com/spf13/viper/viper.go
index 06610fc5a..c1eab71b7 100644
--- a/vendor/github.com/spf13/viper/viper.go
+++ b/vendor/github.com/spf13/viper/viper.go
@@ -25,7 +25,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -36,6 +35,7 @@ import (
 
 	"github.com/fsnotify/fsnotify"
 	"github.com/mitchellh/mapstructure"
+	slog "github.com/sagikazarmark/slog-shim"
 	"github.com/spf13/afero"
 	"github.com/spf13/cast"
 	"github.com/spf13/pflag"
@@ -206,10 +206,11 @@ type Viper struct {
 	envKeyReplacer      StringReplacer
 	allowEmptyEnv       bool
 
-	config         map[string]interface{}
-	override       map[string]interface{}
-	defaults       map[string]interface{}
-	kvstore        map[string]interface{}
+	parents        []string
+	config         map[string]any
+	override       map[string]any
+	defaults       map[string]any
+	kvstore        map[string]any
 	pflags         map[string]FlagValue
 	env            map[string][]string
 	aliases        map[string]string
@@ -217,7 +218,7 @@ type Viper struct {
 
 	onConfigChange func(fsnotify.Event)
 
-	logger Logger
+	logger *slog.Logger
 
 	// TODO: should probably be protected with a mutex
 	encoderRegistry *encoding.EncoderRegistry
@@ -231,15 +232,16 @@ func New() *Viper {
 	v.configName = "config"
 	v.configPermissions = os.FileMode(0o644)
 	v.fs = afero.NewOsFs()
-	v.config = make(map[string]interface{})
-	v.override = make(map[string]interface{})
-	v.defaults = make(map[string]interface{})
-	v.kvstore = make(map[string]interface{})
+	v.config = make(map[string]any)
+	v.parents = []string{}
+	v.override = make(map[string]any)
+	v.defaults = make(map[string]any)
+	v.kvstore = make(map[string]any)
 	v.pflags = make(map[string]FlagValue)
 	v.env = make(map[string][]string)
 	v.aliases = make(map[string]string)
 	v.typeByDefValue = false
-	v.logger = jwwLogger{}
+	v.logger = slog.New(&discardHandler{})
 
 	v.resetEncoding()
 
@@ -300,7 +302,7 @@ func NewWithOptions(opts ...Option) *Viper {
 func Reset() {
 	v = New()
 	SupportedExts = []string{"json", "toml", "yaml", "yml", "properties", "props", "prop", "hcl", "tfvars", "dotenv", "env", "ini"}
-	SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore"}
+	SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore", "nats"}
 }
 
 // TODO: make this lazy initialization instead
@@ -419,7 +421,7 @@ type RemoteProvider interface {
 var SupportedExts = []string{"json", "toml", "yaml", "yml", "properties", "props", "prop", "hcl", "tfvars", "dotenv", "env", "ini"}
 
 // SupportedRemoteProviders are universally supported remote providers.
-var SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore"}
+var SupportedRemoteProviders = []string{"etcd", "etcd3", "consul", "firestore", "nats"}
 
 // OnConfigChange sets the event handler that is called when a config file changes.
 func OnConfigChange(run func(in fsnotify.Event)) { v.OnConfigChange(run) }
@@ -439,13 +441,14 @@ func (v *Viper) WatchConfig() {
 	go func() {
 		watcher, err := newWatcher()
 		if err != nil {
-			log.Fatal(err)
+			v.logger.Error(fmt.Sprintf("failed to create watcher: %s", err))
+			os.Exit(1)
 		}
 		defer watcher.Close()
 		// we have to watch the entire directory to pick up renames/atomic saves in a cross-platform way
 		filename, err := v.getConfigFile()
 		if err != nil {
-			log.Printf("error: %v\n", err)
+			v.logger.Error(fmt.Sprintf("get config file: %s", err))
 			initWG.Done()
 			return
 		}
@@ -474,7 +477,7 @@ func (v *Viper) WatchConfig() {
 						realConfigFile = currentConfigFile
 						err := v.ReadInConfig()
 						if err != nil {
-							log.Printf("error reading config file: %v\n", err)
+							v.logger.Error(fmt.Sprintf("read config file: %s", err))
 						}
 						if v.onConfigChange != nil {
 							v.onConfigChange(event)
@@ -486,7 +489,7 @@ func (v *Viper) WatchConfig() {
 
 				case err, ok := <-watcher.Errors:
 					if ok { // 'Errors' channel is not closed
-						log.Printf("watcher error: %v\n", err)
+						v.logger.Error(fmt.Sprintf("watcher error: %s", err))
 					}
 					eventsWG.Done()
 					return
@@ -521,6 +524,12 @@ func (v *Viper) SetEnvPrefix(in string) {
 	}
 }
 
+func GetEnvPrefix() string { return v.GetEnvPrefix() }
+
+func (v *Viper) GetEnvPrefix() string {
+	return v.envPrefix
+}
+
 func (v *Viper) mergeWithEnvPrefix(in string) string {
 	if v.envPrefix != "" {
 		return strings.ToUpper(v.envPrefix + "_" + in)
@@ -576,8 +585,8 @@ func (v *Viper) AddConfigPath(in string) {
 
 // AddRemoteProvider adds a remote configuration source.
 // Remote Providers are searched in the order they are added.
-// provider is a string value: "etcd", "etcd3", "consul" or "firestore" are currently supported.
-// endpoint is the url.  etcd requires http://ip:port  consul requires ip:port
+// provider is a string value: "etcd", "etcd3", "consul", "firestore" or "nats" are currently supported.
+// endpoint is the url.  etcd requires http://ip:port, consul requires ip:port, nats requires nats://ip:port
 // path is the path in the k/v store to retrieve configuration
 // To retrieve a config file called myapp.json from /configs/myapp.json
 // you should set path to /configs and set config name (SetConfigName()) to
@@ -607,7 +616,7 @@ func (v *Viper) AddRemoteProvider(provider, endpoint, path string) error {
 
 // AddSecureRemoteProvider adds a remote configuration source.
 // Secure Remote Providers are searched in the order they are added.
-// provider is a string value: "etcd", "etcd3", "consul" or "firestore" are currently supported.
+// provider is a string value: "etcd", "etcd3", "consul", "firestore" or "nats" are currently supported.
 // endpoint is the url.  etcd requires http://ip:port  consul requires ip:port
 // secretkeyring is the filepath to your openpgp secret keyring.  e.g. /etc/secrets/myring.gpg
 // path is the path in the k/v store to retrieve configuration
@@ -651,7 +660,7 @@ func (v *Viper) providerPathExists(p *defaultRemoteProvider) bool {
 // searchMap recursively searches for a value for path in source map.
 // Returns nil if not found.
 // Note: This assumes that the path entries and map keys are lower cased.
-func (v *Viper) searchMap(source map[string]interface{}, path []string) interface{} {
+func (v *Viper) searchMap(source map[string]any, path []string) any {
 	if len(path) == 0 {
 		return source
 	}
@@ -664,13 +673,13 @@ func (v *Viper) searchMap(source map[string]interface{}, path []string) interfac
 		}
 
 		// Nested case
-		switch next.(type) {
-		case map[interface{}]interface{}:
+		switch next := next.(type) {
+		case map[any]any:
 			return v.searchMap(cast.ToStringMap(next), path[1:])
-		case map[string]interface{}:
+		case map[string]any:
 			// Type assertion is safe here since it is only reached
 			// if the type of `next` is the same as the type being asserted
-			return v.searchMap(next.(map[string]interface{}), path[1:])
+			return v.searchMap(next, path[1:])
 		default:
 			// got a value but nested key expected, return "nil" for not found
 			return nil
@@ -690,7 +699,7 @@ func (v *Viper) searchMap(source map[string]interface{}, path []string) interfac
 // in their keys).
 //
 // Note: This assumes that the path entries and map keys are lower cased.
-func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []string) interface{} {
+func (v *Viper) searchIndexableWithPathPrefixes(source any, path []string) any {
 	if len(path) == 0 {
 		return source
 	}
@@ -699,11 +708,11 @@ func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []strin
 	for i := len(path); i > 0; i-- {
 		prefixKey := strings.ToLower(strings.Join(path[0:i], v.keyDelim))
 
-		var val interface{}
+		var val any
 		switch sourceIndexable := source.(type) {
-		case []interface{}:
+		case []any:
 			val = v.searchSliceWithPathPrefixes(sourceIndexable, prefixKey, i, path)
-		case map[string]interface{}:
+		case map[string]any:
 			val = v.searchMapWithPathPrefixes(sourceIndexable, prefixKey, i, path)
 		}
 		if val != nil {
@@ -720,11 +729,11 @@ func (v *Viper) searchIndexableWithPathPrefixes(source interface{}, path []strin
 // This function is part of the searchIndexableWithPathPrefixes recurring search and
 // should not be called directly from functions other than searchIndexableWithPathPrefixes.
 func (v *Viper) searchSliceWithPathPrefixes(
-	sourceSlice []interface{},
+	sourceSlice []any,
 	prefixKey string,
 	pathIndex int,
 	path []string,
-) interface{} {
+) any {
 	// if the prefixKey is not a number or it is out of bounds of the slice
 	index, err := strconv.Atoi(prefixKey)
 	if err != nil || len(sourceSlice) <= index {
@@ -739,9 +748,9 @@ func (v *Viper) searchSliceWithPathPrefixes(
 	}
 
 	switch n := next.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		return v.searchIndexableWithPathPrefixes(cast.ToStringMap(n), path[pathIndex:])
-	case map[string]interface{}, []interface{}:
+	case map[string]any, []any:
 		return v.searchIndexableWithPathPrefixes(n, path[pathIndex:])
 	default:
 		// got a value but nested key expected, do nothing and look for next prefix
@@ -756,11 +765,11 @@ func (v *Viper) searchSliceWithPathPrefixes(
 // This function is part of the searchIndexableWithPathPrefixes recurring search and
 // should not be called directly from functions other than searchIndexableWithPathPrefixes.
 func (v *Viper) searchMapWithPathPrefixes(
-	sourceMap map[string]interface{},
+	sourceMap map[string]any,
 	prefixKey string,
 	pathIndex int,
 	path []string,
-) interface{} {
+) any {
 	next, ok := sourceMap[prefixKey]
 	if !ok {
 		return nil
@@ -773,9 +782,9 @@ func (v *Viper) searchMapWithPathPrefixes(
 
 	// Nested case
 	switch n := next.(type) {
-	case map[interface{}]interface{}:
+	case map[any]any:
 		return v.searchIndexableWithPathPrefixes(cast.ToStringMap(n), path[pathIndex:])
-	case map[string]interface{}, []interface{}:
+	case map[string]any, []any:
 		return v.searchIndexableWithPathPrefixes(n, path[pathIndex:])
 	default:
 		// got a value but nested key expected, do nothing and look for next prefix
@@ -790,8 +799,8 @@ func (v *Viper) searchMapWithPathPrefixes(
 // e.g., if "foo.bar" has a value in the given map, it “shadows”
 //
 //	"foo.bar.baz" in a lower-priority map
-func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{}) string {
-	var parentVal interface{}
+func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]any) string {
+	var parentVal any
 	for i := 1; i < len(path); i++ {
 		parentVal = v.searchMap(m, path[0:i])
 		if parentVal == nil {
@@ -799,9 +808,9 @@ func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{})
 			return ""
 		}
 		switch parentVal.(type) {
-		case map[interface{}]interface{}:
+		case map[any]any:
 			continue
-		case map[string]interface{}:
+		case map[string]any:
 			continue
 		default:
 			// parentVal is a regular value which shadows "path"
@@ -816,9 +825,9 @@ func (v *Viper) isPathShadowedInDeepMap(path []string, m map[string]interface{})
 // e.g., if "foo.bar" has a value in the given map, it “shadows”
 //
 //	"foo.bar.baz" in a lower-priority map
-func (v *Viper) isPathShadowedInFlatMap(path []string, mi interface{}) string {
+func (v *Viper) isPathShadowedInFlatMap(path []string, mi any) string {
 	// unify input map
-	var m map[string]interface{}
+	var m map[string]any
 	switch mi.(type) {
 	case map[string]string, map[string]FlagValue:
 		m = cast.ToStringMap(mi)
@@ -885,9 +894,9 @@ func GetViper() *Viper {
 // override, flag, env, config file, key/value store, default
 //
 // Get returns an interface. For a specific value use one of the Get____ methods.
-func Get(key string) interface{} { return v.Get(key) }
+func Get(key string) any { return v.Get(key) }
 
-func (v *Viper) Get(key string) interface{} {
+func (v *Viper) Get(key string) any {
 	lcaseKey := strings.ToLower(key)
 	val := v.find(lcaseKey, true)
 	if val == nil {
@@ -928,6 +937,8 @@ func (v *Viper) Get(key string) interface{} {
 			return cast.ToStringSlice(val)
 		case []int:
 			return cast.ToIntSlice(val)
+		case []time.Duration:
+			return cast.ToDurationSlice(val)
 		}
 	}
 
@@ -946,6 +957,10 @@ func (v *Viper) Sub(key string) *Viper {
 	}
 
 	if reflect.TypeOf(data).Kind() == reflect.Map {
+		subv.parents = append(v.parents, strings.ToLower(key))
+		subv.automaticEnvApplied = v.automaticEnvApplied
+		subv.envPrefix = v.envPrefix
+		subv.envKeyReplacer = v.envKeyReplacer
 		subv.config = cast.ToStringMap(data)
 		return subv
 	}
@@ -1051,9 +1066,9 @@ func (v *Viper) GetStringSlice(key string) []string {
 }
 
 // GetStringMap returns the value associated with the key as a map of interfaces.
-func GetStringMap(key string) map[string]interface{} { return v.GetStringMap(key) }
+func GetStringMap(key string) map[string]any { return v.GetStringMap(key) }
 
-func (v *Viper) GetStringMap(key string) map[string]interface{} {
+func (v *Viper) GetStringMap(key string) map[string]any {
 	return cast.ToStringMap(v.Get(key))
 }
 
@@ -1081,27 +1096,27 @@ func (v *Viper) GetSizeInBytes(key string) uint {
 }
 
 // UnmarshalKey takes a single key and unmarshals it into a Struct.
-func UnmarshalKey(key string, rawVal interface{}, opts ...DecoderConfigOption) error {
+func UnmarshalKey(key string, rawVal any, opts ...DecoderConfigOption) error {
 	return v.UnmarshalKey(key, rawVal, opts...)
 }
 
-func (v *Viper) UnmarshalKey(key string, rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) UnmarshalKey(key string, rawVal any, opts ...DecoderConfigOption) error {
 	return decode(v.Get(key), defaultDecoderConfig(rawVal, opts...))
 }
 
 // Unmarshal unmarshals the config into a Struct. Make sure that the tags
 // on the fields of the structure are properly set.
-func Unmarshal(rawVal interface{}, opts ...DecoderConfigOption) error {
+func Unmarshal(rawVal any, opts ...DecoderConfigOption) error {
 	return v.Unmarshal(rawVal, opts...)
 }
 
-func (v *Viper) Unmarshal(rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) Unmarshal(rawVal any, opts ...DecoderConfigOption) error {
 	return decode(v.AllSettings(), defaultDecoderConfig(rawVal, opts...))
 }
 
-// defaultDecoderConfig returns default mapsstructure.DecoderConfig with suppot
+// defaultDecoderConfig returns default mapstructure.DecoderConfig with support
 // of time.Duration values & string slices
-func defaultDecoderConfig(output interface{}, opts ...DecoderConfigOption) *mapstructure.DecoderConfig {
+func defaultDecoderConfig(output any, opts ...DecoderConfigOption) *mapstructure.DecoderConfig {
 	c := &mapstructure.DecoderConfig{
 		Metadata:         nil,
 		Result:           output,
@@ -1118,7 +1133,7 @@ func defaultDecoderConfig(output interface{}, opts ...DecoderConfigOption) *maps
 }
 
 // A wrapper around mapstructure.Decode that mimics the WeakDecode functionality
-func decode(input interface{}, config *mapstructure.DecoderConfig) error {
+func decode(input any, config *mapstructure.DecoderConfig) error {
 	decoder, err := mapstructure.NewDecoder(config)
 	if err != nil {
 		return err
@@ -1128,11 +1143,11 @@ func decode(input interface{}, config *mapstructure.DecoderConfig) error {
 
 // UnmarshalExact unmarshals the config into a Struct, erroring if a field is nonexistent
 // in the destination struct.
-func UnmarshalExact(rawVal interface{}, opts ...DecoderConfigOption) error {
+func UnmarshalExact(rawVal any, opts ...DecoderConfigOption) error {
 	return v.UnmarshalExact(rawVal, opts...)
 }
 
-func (v *Viper) UnmarshalExact(rawVal interface{}, opts ...DecoderConfigOption) error {
+func (v *Viper) UnmarshalExact(rawVal any, opts ...DecoderConfigOption) error {
 	config := defaultDecoderConfig(rawVal, opts...)
 	config.ErrorUnused = true
 
@@ -1229,9 +1244,9 @@ func (v *Viper) MustBindEnv(input ...string) {
 // corresponds to a flag, the flag's default value is returned.
 //
 // Note: this assumes a lower-cased key given.
-func (v *Viper) find(lcaseKey string, flagDefault bool) interface{} {
+func (v *Viper) find(lcaseKey string, flagDefault bool) any {
 	var (
-		val    interface{}
+		val    any
 		exists bool
 		path   = strings.Split(lcaseKey, v.keyDelim)
 		nested = len(path) > 1
@@ -1274,8 +1289,15 @@ func (v *Viper) find(lcaseKey string, flagDefault bool) interface{} {
 			s = strings.TrimSuffix(s, "]")
 			res, _ := readAsCSV(s)
 			return cast.ToIntSlice(res)
+		case "durationSlice":
+			s := strings.TrimPrefix(flag.ValueString(), "[")
+			s = strings.TrimSuffix(s, "]")
+			slice := strings.Split(s, ",")
+			return cast.ToDurationSlice(slice)
 		case "stringToString":
 			return stringToStringConv(flag.ValueString())
+		case "stringToInt":
+			return stringToIntConv(flag.ValueString())
 		default:
 			return flag.ValueString()
 		}
@@ -1286,9 +1308,10 @@ func (v *Viper) find(lcaseKey string, flagDefault bool) interface{} {
 
 	// Env override next
 	if v.automaticEnvApplied {
+		envKey := strings.Join(append(v.parents, lcaseKey), ".")
 		// even if it hasn't been registered, if automaticEnv is used,
 		// check any Get request
-		if val, ok := v.getEnv(v.mergeWithEnvPrefix(lcaseKey)); ok {
+		if val, ok := v.getEnv(v.mergeWithEnvPrefix(envKey)); ok {
 			return val
 		}
 		if nested && v.isPathShadowedInAutoEnv(path) != "" {
@@ -1355,6 +1378,13 @@ func (v *Viper) find(lcaseKey string, flagDefault bool) interface{} {
 				return cast.ToIntSlice(res)
 			case "stringToString":
 				return stringToStringConv(flag.ValueString())
+			case "stringToInt":
+				return stringToIntConv(flag.ValueString())
+			case "durationSlice":
+				s := strings.TrimPrefix(flag.ValueString(), "[")
+				s = strings.TrimSuffix(s, "]")
+				slice := strings.Split(s, ",")
+				return cast.ToDurationSlice(slice)
 			default:
 				return flag.ValueString()
 			}
@@ -1375,25 +1405,49 @@ func readAsCSV(val string) ([]string, error) {
 }
 
 // mostly copied from pflag's implementation of this operation here https://github.com/spf13/pflag/blob/master/string_to_string.go#L79
-// alterations are: errors are swallowed, map[string]interface{} is returned in order to enable cast.ToStringMap
-func stringToStringConv(val string) interface{} {
+// alterations are: errors are swallowed, map[string]any is returned in order to enable cast.ToStringMap
+func stringToStringConv(val string) any {
 	val = strings.Trim(val, "[]")
 	// An empty string would cause an empty map
 	if len(val) == 0 {
-		return map[string]interface{}{}
+		return map[string]any{}
 	}
 	r := csv.NewReader(strings.NewReader(val))
 	ss, err := r.Read()
 	if err != nil {
 		return nil
 	}
-	out := make(map[string]interface{}, len(ss))
+	out := make(map[string]any, len(ss))
+	for _, pair := range ss {
+		k, vv, found := strings.Cut(pair, "=")
+		if !found {
+			return nil
+		}
+		out[k] = vv
+	}
+	return out
+}
+
+// mostly copied from pflag's implementation of this operation here https://github.com/spf13/pflag/blob/d5e0c0615acee7028e1e2740a11102313be88de1/string_to_int.go#L68
+// alterations are: errors are swallowed, map[string]any is returned in order to enable cast.ToStringMap
+func stringToIntConv(val string) any {
+	val = strings.Trim(val, "[]")
+	// An empty string would cause an empty map
+	if len(val) == 0 {
+		return map[string]any{}
+	}
+	ss := strings.Split(val, ",")
+	out := make(map[string]any, len(ss))
 	for _, pair := range ss {
-		kv := strings.SplitN(pair, "=", 2)
-		if len(kv) != 2 {
+		k, vv, found := strings.Cut(pair, "=")
+		if !found {
+			return nil
+		}
+		var err error
+		out[k], err = strconv.Atoi(vv)
+		if err != nil {
 			return nil
 		}
-		out[kv[0]] = kv[1]
 	}
 	return out
 }
@@ -1491,9 +1545,9 @@ func (v *Viper) InConfig(key string) bool {
 // SetDefault sets the default value for this key.
 // SetDefault is case-insensitive for a key.
 // Default only used when no value is provided by the user via flag, config or ENV.
-func SetDefault(key string, value interface{}) { v.SetDefault(key, value) }
+func SetDefault(key string, value any) { v.SetDefault(key, value) }
 
-func (v *Viper) SetDefault(key string, value interface{}) {
+func (v *Viper) SetDefault(key string, value any) {
 	// If alias passed in, then set the proper default
 	key = v.realKey(strings.ToLower(key))
 	value = toCaseInsensitiveValue(value)
@@ -1510,9 +1564,9 @@ func (v *Viper) SetDefault(key string, value interface{}) {
 // Set is case-insensitive for a key.
 // Will be used instead of values obtained via
 // flags, config file, ENV, default, or key/value store.
-func Set(key string, value interface{}) { v.Set(key, value) }
+func Set(key string, value any) { v.Set(key, value) }
 
-func (v *Viper) Set(key string, value interface{}) {
+func (v *Viper) Set(key string, value any) {
 	// If alias passed in, then set the proper override
 	key = v.realKey(strings.ToLower(key))
 	value = toCaseInsensitiveValue(value)
@@ -1546,7 +1600,7 @@ func (v *Viper) ReadInConfig() error {
 		return err
 	}
 
-	config := make(map[string]interface{})
+	config := make(map[string]any)
 
 	err = v.unmarshalReader(bytes.NewReader(file), config)
 	if err != nil {
@@ -1584,7 +1638,7 @@ func (v *Viper) MergeInConfig() error {
 func ReadConfig(in io.Reader) error { return v.ReadConfig(in) }
 
 func (v *Viper) ReadConfig(in io.Reader) error {
-	v.config = make(map[string]interface{})
+	v.config = make(map[string]any)
 	return v.unmarshalReader(in, v.config)
 }
 
@@ -1592,7 +1646,7 @@ func (v *Viper) ReadConfig(in io.Reader) error {
 func MergeConfig(in io.Reader) error { return v.MergeConfig(in) }
 
 func (v *Viper) MergeConfig(in io.Reader) error {
-	cfg := make(map[string]interface{})
+	cfg := make(map[string]any)
 	if err := v.unmarshalReader(in, cfg); err != nil {
 		return err
 	}
@@ -1601,11 +1655,11 @@ func (v *Viper) MergeConfig(in io.Reader) error {
 
 // MergeConfigMap merges the configuration from the map given with an existing config.
 // Note that the map given may be modified.
-func MergeConfigMap(cfg map[string]interface{}) error { return v.MergeConfigMap(cfg) }
+func MergeConfigMap(cfg map[string]any) error { return v.MergeConfigMap(cfg) }
 
-func (v *Viper) MergeConfigMap(cfg map[string]interface{}) error {
+func (v *Viper) MergeConfigMap(cfg map[string]any) error {
 	if v.config == nil {
-		v.config = make(map[string]interface{})
+		v.config = make(map[string]any)
 	}
 	insensitiviseMap(cfg)
 	mergeMaps(cfg, v.config, nil)
@@ -1670,7 +1724,7 @@ func (v *Viper) writeConfig(filename string, force bool) error {
 		return UnsupportedConfigError(configType)
 	}
 	if v.config == nil {
-		v.config = make(map[string]interface{})
+		v.config = make(map[string]any)
 	}
 	flags := os.O_CREATE | os.O_TRUNC | os.O_WRONLY
 	if !force {
@@ -1691,11 +1745,11 @@ func (v *Viper) writeConfig(filename string, force bool) error {
 
 // Unmarshal a Reader into a map.
 // Should probably be an unexported function.
-func unmarshalReader(in io.Reader, c map[string]interface{}) error {
+func unmarshalReader(in io.Reader, c map[string]any) error {
 	return v.unmarshalReader(in, c)
 }
 
-func (v *Viper) unmarshalReader(in io.Reader, c map[string]interface{}) error {
+func (v *Viper) unmarshalReader(in io.Reader, c map[string]any) error {
 	buf := new(bytes.Buffer)
 	buf.ReadFrom(in)
 
@@ -1729,7 +1783,7 @@ func (v *Viper) marshalWriter(f afero.File, configType string) error {
 	return nil
 }
 
-func keyExists(k string, m map[string]interface{}) string {
+func keyExists(k string, m map[string]any) string {
 	lk := strings.ToLower(k)
 	for mk := range m {
 		lmk := strings.ToLower(mk)
@@ -1741,33 +1795,33 @@ func keyExists(k string, m map[string]interface{}) string {
 }
 
 func castToMapStringInterface(
-	src map[interface{}]interface{},
-) map[string]interface{} {
-	tgt := map[string]interface{}{}
+	src map[any]any,
+) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[fmt.Sprintf("%v", k)] = v
 	}
 	return tgt
 }
 
-func castMapStringSliceToMapInterface(src map[string][]string) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapStringSliceToMapInterface(src map[string][]string) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
 	return tgt
 }
 
-func castMapStringToMapInterface(src map[string]string) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapStringToMapInterface(src map[string]string) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
 	return tgt
 }
 
-func castMapFlagToMapInterface(src map[string]FlagValue) map[string]interface{} {
-	tgt := map[string]interface{}{}
+func castMapFlagToMapInterface(src map[string]FlagValue) map[string]any {
+	tgt := map[string]any{}
 	for k, v := range src {
 		tgt[k] = v
 	}
@@ -1775,17 +1829,15 @@ func castMapFlagToMapInterface(src map[string]FlagValue) map[string]interface{}
 }
 
 // mergeMaps merges two maps. The `itgt` parameter is for handling go-yaml's
-// insistence on parsing nested structures as `map[interface{}]interface{}`
+// insistence on parsing nested structures as `map[any]any`
 // instead of using a `string` as the key for nest structures beyond one level
 // deep. Both map types are supported as there is a go-yaml fork that uses
-// `map[string]interface{}` instead.
-func mergeMaps(
-	src, tgt map[string]interface{}, itgt map[interface{}]interface{},
-) {
+// `map[string]any` instead.
+func mergeMaps(src, tgt map[string]any, itgt map[any]any) {
 	for sk, sv := range src {
 		tk := keyExists(sk, tgt)
 		if tk == "" {
-			v.logger.Trace("", "tk", "\"\"", fmt.Sprintf("tgt[%s]", sk), sv)
+			v.logger.Debug("", "tk", "\"\"", fmt.Sprintf("tgt[%s]", sk), sv)
 			tgt[sk] = sv
 			if itgt != nil {
 				itgt[sk] = sv
@@ -1795,7 +1847,7 @@ func mergeMaps(
 
 		tv, ok := tgt[tk]
 		if !ok {
-			v.logger.Trace("", fmt.Sprintf("ok[%s]", tk), false, fmt.Sprintf("tgt[%s]", sk), sv)
+			v.logger.Debug("", fmt.Sprintf("ok[%s]", tk), false, fmt.Sprintf("tgt[%s]", sk), sv)
 			tgt[sk] = sv
 			if itgt != nil {
 				itgt[sk] = sv
@@ -1806,7 +1858,7 @@ func mergeMaps(
 		svType := reflect.TypeOf(sv)
 		tvType := reflect.TypeOf(tv)
 
-		v.logger.Trace(
+		v.logger.Debug(
 			"processing",
 			"key", sk,
 			"st", svType,
@@ -1816,12 +1868,12 @@ func mergeMaps(
 		)
 
 		switch ttv := tv.(type) {
-		case map[interface{}]interface{}:
-			v.logger.Trace("merging maps (must convert)")
-			tsv, ok := sv.(map[interface{}]interface{})
+		case map[any]any:
+			v.logger.Debug("merging maps (must convert)")
+			tsv, ok := sv.(map[any]any)
 			if !ok {
 				v.logger.Error(
-					"Could not cast sv to map[interface{}]interface{}",
+					"Could not cast sv to map[any]any",
 					"key", sk,
 					"st", svType,
 					"tt", tvType,
@@ -1834,12 +1886,12 @@ func mergeMaps(
 			ssv := castToMapStringInterface(tsv)
 			stv := castToMapStringInterface(ttv)
 			mergeMaps(ssv, stv, ttv)
-		case map[string]interface{}:
-			v.logger.Trace("merging maps")
-			tsv, ok := sv.(map[string]interface{})
+		case map[string]any:
+			v.logger.Debug("merging maps")
+			tsv, ok := sv.(map[string]any)
 			if !ok {
 				v.logger.Error(
-					"Could not cast sv to map[string]interface{}",
+					"Could not cast sv to map[string]any",
 					"key", sk,
 					"st", svType,
 					"tt", tvType,
@@ -1850,7 +1902,7 @@ func mergeMaps(
 			}
 			mergeMaps(tsv, ttv, nil)
 		default:
-			v.logger.Trace("setting value")
+			v.logger.Debug("setting value")
 			tgt[tk] = sv
 			if itgt != nil {
 				itgt[tk] = sv
@@ -1901,7 +1953,7 @@ func (v *Viper) getKeyValueConfig() error {
 	return RemoteConfigError("No Files Found")
 }
 
-func (v *Viper) getRemoteConfig(provider RemoteProvider) (map[string]interface{}, error) {
+func (v *Viper) getRemoteConfig(provider RemoteProvider) (map[string]any, error) {
 	reader, err := RemoteConfig.Get(provider)
 	if err != nil {
 		return nil, err
@@ -1950,7 +2002,7 @@ func (v *Viper) watchKeyValueConfig() error {
 	return RemoteConfigError("No Files Found")
 }
 
-func (v *Viper) watchRemoteConfig(provider RemoteProvider) (map[string]interface{}, error) {
+func (v *Viper) watchRemoteConfig(provider RemoteProvider) (map[string]any, error) {
 	reader, err := RemoteConfig.Watch(provider)
 	if err != nil {
 		return nil, err
@@ -1989,7 +2041,7 @@ func (v *Viper) AllKeys() []string {
 //     it is skipped.
 //
 // The resulting set of paths is merged to the given shadow set at the same time.
-func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interface{}, prefix string) map[string]bool {
+func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]any, prefix string) map[string]bool {
 	if shadow != nil && prefix != "" && shadow[prefix] {
 		// prefix is shadowed => nothing more to flatten
 		return shadow
@@ -1998,16 +2050,16 @@ func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interfac
 		shadow = make(map[string]bool)
 	}
 
-	var m2 map[string]interface{}
+	var m2 map[string]any
 	if prefix != "" {
 		prefix += v.keyDelim
 	}
 	for k, val := range m {
 		fullKey := prefix + k
-		switch val.(type) {
-		case map[string]interface{}:
-			m2 = val.(map[string]interface{})
-		case map[interface{}]interface{}:
+		switch val := val.(type) {
+		case map[string]any:
+			m2 = val
+		case map[any]any:
 			m2 = cast.ToStringMap(val)
 		default:
 			// immediate value
@@ -2022,7 +2074,7 @@ func (v *Viper) flattenAndMergeMap(shadow map[string]bool, m map[string]interfac
 
 // mergeFlatMap merges the given maps, excluding values of the second map
 // shadowed by values from the first map.
-func (v *Viper) mergeFlatMap(shadow map[string]bool, m map[string]interface{}) map[string]bool {
+func (v *Viper) mergeFlatMap(shadow map[string]bool, m map[string]any) map[string]bool {
 	// scan keys
 outer:
 	for k := range m {
@@ -2042,11 +2094,11 @@ outer:
 	return shadow
 }
 
-// AllSettings merges all settings and returns them as a map[string]interface{}.
-func AllSettings() map[string]interface{} { return v.AllSettings() }
+// AllSettings merges all settings and returns them as a map[string]any.
+func AllSettings() map[string]any { return v.AllSettings() }
 
-func (v *Viper) AllSettings() map[string]interface{} {
-	m := map[string]interface{}{}
+func (v *Viper) AllSettings() map[string]any {
+	m := map[string]any{}
 	// start from the list of keys, and construct the map one value at a time
 	for _, k := range v.AllKeys() {
 		value := v.Get(k)
diff --git a/vendor/github.com/spf13/viper/viper_go1_15.go b/vendor/github.com/spf13/viper/viper_go1_15.go
index 19a771cbd..7fc6aff33 100644
--- a/vendor/github.com/spf13/viper/viper_go1_15.go
+++ b/vendor/github.com/spf13/viper/viper_go1_15.go
@@ -1,5 +1,4 @@
-//go:build !go1.16 || !finder
-// +build !go1.16 !finder
+//go:build !finder
 
 package viper
 
diff --git a/vendor/github.com/spf13/viper/viper_go1_16.go b/vendor/github.com/spf13/viper/viper_go1_16.go
index e10172fa3..d96a1bd22 100644
--- a/vendor/github.com/spf13/viper/viper_go1_16.go
+++ b/vendor/github.com/spf13/viper/viper_go1_16.go
@@ -1,32 +1,38 @@
-//go:build go1.16 && finder
-// +build go1.16,finder
+//go:build finder
 
 package viper
 
 import (
 	"fmt"
 
-	"github.com/spf13/afero"
+	"github.com/sagikazarmark/locafero"
 )
 
 // Search all configPaths for any config file.
 // Returns the first path that exists (and is a config file).
 func (v *Viper) findConfigFile() (string, error) {
-	finder := finder{
-		paths:            v.configPaths,
-		fileNames:        []string{v.configName},
-		extensions:       SupportedExts,
-		withoutExtension: v.configType != "",
+	var names []string
+
+	if v.configType != "" {
+		names = locafero.NameWithOptionalExtensions(v.configName, SupportedExts...)
+	} else {
+		names = locafero.NameWithExtensions(v.configName, SupportedExts...)
+	}
+
+	finder := locafero.Finder{
+		Paths: v.configPaths,
+		Names: names,
+		Type:  locafero.FileTypeFile,
 	}
 
-	file, err := finder.Find(afero.NewIOFS(v.fs))
+	results, err := finder.Find(v.fs)
 	if err != nil {
 		return "", err
 	}
 
-	if file == "" {
+	if len(results) == 0 {
 		return "", ConfigFileNotFoundError{v.configName, fmt.Sprintf("%s", v.configPaths)}
 	}
 
-	return file, nil
+	return results[0], nil
 }
diff --git a/vendor/github.com/spf13/viper/watch.go b/vendor/github.com/spf13/viper/watch.go
index 1ce84eaf8..e98fce89c 100644
--- a/vendor/github.com/spf13/viper/watch.go
+++ b/vendor/github.com/spf13/viper/watch.go
@@ -1,5 +1,4 @@
 //go:build darwin || dragonfly || freebsd || openbsd || linux || netbsd || solaris || windows
-// +build darwin dragonfly freebsd openbsd linux netbsd solaris windows
 
 package viper
 
diff --git a/vendor/github.com/spf13/viper/watch_unsupported.go b/vendor/github.com/spf13/viper/watch_unsupported.go
index 7e2715377..707640560 100644
--- a/vendor/github.com/spf13/viper/watch_unsupported.go
+++ b/vendor/github.com/spf13/viper/watch_unsupported.go
@@ -1,5 +1,4 @@
 //go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
-// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
 
 package viper
 
diff --git a/vendor/github.com/subosito/gotenv/CHANGELOG.md b/vendor/github.com/subosito/gotenv/CHANGELOG.md
index 757caad26..c4fe7d326 100644
--- a/vendor/github.com/subosito/gotenv/CHANGELOG.md
+++ b/vendor/github.com/subosito/gotenv/CHANGELOG.md
@@ -1,5 +1,42 @@
 # Changelog
 
+## [1.5.0] - 2023-08-15
+
+### Fixed
+
+- Use io.Reader instead of custom Reader
+
+## [1.5.0] - 2023-08-15
+
+### Added
+
+- Support for reading UTF16 files
+
+### Fixed
+
+- Scanner error handling
+- Reader error handling
+
+## [1.4.2] - 2023-01-11
+
+### Fixed
+
+- Env var initialization
+
+### Changed
+
+- More consitent line splitting
+
+## [1.4.1] - 2022-08-23
+
+### Fixed
+
+- Missing file close
+
+### Changed
+
+- Updated dependencies
+
 ## [1.4.0] - 2022-06-02
 
 ### Added
diff --git a/vendor/github.com/subosito/gotenv/gotenv.go b/vendor/github.com/subosito/gotenv/gotenv.go
index dc013e1e0..1191d3587 100644
--- a/vendor/github.com/subosito/gotenv/gotenv.go
+++ b/vendor/github.com/subosito/gotenv/gotenv.go
@@ -12,6 +12,9 @@ import (
 	"sort"
 	"strconv"
 	"strings"
+
+	"golang.org/x/text/encoding/unicode"
+	"golang.org/x/text/transform"
 )
 
 const (
@@ -20,9 +23,13 @@ const (
 
 	// Pattern for detecting valid variable within a value
 	variablePattern = `(\\)?(\$)(\{?([A-Z0-9_]+)?\}?)`
+)
 
-	// Byte order mark character
-	bom = "\xef\xbb\xbf"
+// Byte order mark character
+var (
+	bomUTF8    = []byte("\xEF\xBB\xBF")
+	bomUTF16LE = []byte("\xFF\xFE")
+	bomUTF16BE = []byte("\xFE\xFF")
 )
 
 // Env holds key/value pair of valid environment variable
@@ -203,19 +210,40 @@ func splitLines(data []byte, atEOF bool) (advance int, token []byte, err error)
 
 func strictParse(r io.Reader, override bool) (Env, error) {
 	env := make(Env)
-	scanner := bufio.NewScanner(r)
-	scanner.Split(splitLines)
 
-	firstLine := true
+	buf := new(bytes.Buffer)
+	tee := io.TeeReader(r, buf)
 
-	for scanner.Scan() {
-		line := strings.TrimSpace(scanner.Text())
+	// There can be a maximum of 3 BOM bytes.
+	bomByteBuffer := make([]byte, 3)
+	_, err := tee.Read(bomByteBuffer)
+	if err != nil && err != io.EOF {
+		return env, err
+	}
+
+	z := io.MultiReader(buf, r)
+
+	// We chooes a different scanner depending on file encoding.
+	var scanner *bufio.Scanner
 
-		if firstLine {
-			line = strings.TrimPrefix(line, bom)
-			firstLine = false
+	if bytes.HasPrefix(bomByteBuffer, bomUTF8) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF8BOM.NewDecoder()))
+	} else if bytes.HasPrefix(bomByteBuffer, bomUTF16LE) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF16(unicode.LittleEndian, unicode.ExpectBOM).NewDecoder()))
+	} else if bytes.HasPrefix(bomByteBuffer, bomUTF16BE) {
+		scanner = bufio.NewScanner(transform.NewReader(z, unicode.UTF16(unicode.BigEndian, unicode.ExpectBOM).NewDecoder()))
+	} else {
+		scanner = bufio.NewScanner(z)
+	}
+
+	scanner.Split(splitLines)
+
+	for scanner.Scan() {
+		if err := scanner.Err(); err != nil {
+			return env, err
 		}
 
+		line := strings.TrimSpace(scanner.Text())
 		if line == "" || line[0] == '#' {
 			continue
 		}
@@ -263,7 +291,7 @@ func strictParse(r io.Reader, override bool) (Env, error) {
 		}
 	}
 
-	return env, nil
+	return env, scanner.Err()
 }
 
 var (
diff --git a/vendor/github.com/tetafro/godot/.golangci.yml b/vendor/github.com/tetafro/godot/.golangci.yml
index 2b799b265..920135d40 100644
--- a/vendor/github.com/tetafro/godot/.golangci.yml
+++ b/vendor/github.com/tetafro/godot/.golangci.yml
@@ -19,7 +19,6 @@ linters:
     - unused
     - varcheck
     - bodyclose
-    - depguard
     - dogsled
     - dupl
     - funlen
@@ -51,7 +50,7 @@ linters:
 
 linters-settings:
   godot:
-    check-all: true
+    scope: toplevel
 
 issues:
   exclude-use-default: false
diff --git a/vendor/github.com/tetafro/godot/README.md b/vendor/github.com/tetafro/godot/README.md
index 3f97b0e39..6b2e530b9 100644
--- a/vendor/github.com/tetafro/godot/README.md
+++ b/vendor/github.com/tetafro/godot/README.md
@@ -1,7 +1,7 @@
 # godot
 
 [![License](http://img.shields.io/badge/license-MIT-green.svg?style=flat)](https://raw.githubusercontent.com/tetafro/godot/master/LICENSE)
-[![Github CI](https://img.shields.io/github/workflow/status/tetafro/godot/Test)](https://github.com/tetafro/godot/actions?query=workflow%3ATest)
+[![Github CI](https://img.shields.io/github/actions/workflow/status/tetafro/godot/push.yml)](https://github.com/tetafro/godot/actions)
 [![Go Report](https://goreportcard.com/badge/github.com/tetafro/godot)](https://goreportcard.com/report/github.com/tetafro/godot)
 [![Codecov](https://codecov.io/gh/tetafro/godot/branch/master/graph/badge.svg)](https://codecov.io/gh/tetafro/godot)
 
@@ -21,7 +21,7 @@ end of the last sentence if needed.
 Build from source
 
 ```sh
-go get -u github.com/tetafro/godot/cmd/godot
+go install github.com/tetafro/godot/cmd/godot@latest
 ```
 
 or download binary from [releases page](https://github.com/tetafro/godot/releases).
diff --git a/vendor/github.com/tetafro/godot/checks.go b/vendor/github.com/tetafro/godot/checks.go
index cba54f310..f5471cdf7 100644
--- a/vendor/github.com/tetafro/godot/checks.go
+++ b/vendor/github.com/tetafro/godot/checks.go
@@ -240,6 +240,9 @@ func isSpecialBlock(comment string) bool {
 		strings.Contains(comment, "#define")) {
 		return true
 	}
+	if strings.HasPrefix(comment, "// Output: ") {
+		return true
+	}
 	return false
 }
 
diff --git a/vendor/github.com/tetafro/godot/getters.go b/vendor/github.com/tetafro/godot/getters.go
index 6153772bd..1a47c824f 100644
--- a/vendor/github.com/tetafro/godot/getters.go
+++ b/vendor/github.com/tetafro/godot/getters.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"go/ast"
 	"go/token"
-	"io/ioutil"
+	"os"
 	"regexp"
 	"strings"
 )
@@ -200,10 +200,10 @@ func (pf *parsedFile) getAllComments(exclude []*regexp.Regexp) []comment {
 	return comments
 }
 
-// getText extracts text from comment. If comment is a special block
+// getText extracts text from comment. If the comment is a special block
 // (e.g., CGO code), a block of empty lines is returned. If comment contains
 // special lines (e.g., tags or indented code examples), they are replaced
-// with `specialReplacer` to skip checks for it.
+// with `specialReplacer` to skip checks for them.
 // The result can be multiline.
 func getText(comment *ast.CommentGroup, exclude []*regexp.Regexp) (s string) {
 	if len(comment.List) == 1 &&
@@ -241,10 +241,10 @@ func getText(comment *ast.CommentGroup, exclude []*regexp.Regexp) (s string) {
 	return s[:len(s)-1] // trim last "\n"
 }
 
-// readFile reads file and returns it's lines as strings.
+// readFile reads file and returns its lines as strings.
 func readFile(file *ast.File, fset *token.FileSet) ([]string, error) {
 	fname := fset.File(file.Package)
-	f, err := ioutil.ReadFile(fname.Name())
+	f, err := os.ReadFile(fname.Name())
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/github.com/tetafro/godot/godot.go b/vendor/github.com/tetafro/godot/godot.go
index 3a360a214..df9271296 100644
--- a/vendor/github.com/tetafro/godot/godot.go
+++ b/vendor/github.com/tetafro/godot/godot.go
@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"go/ast"
 	"go/token"
-	"io/ioutil"
 	"os"
 	"regexp"
 	"sort"
@@ -69,7 +68,7 @@ func Run(file *ast.File, fset *token.FileSet, settings Settings) ([]Issue, error
 // Fix fixes all issues and returns new version of file content.
 func Fix(path string, file *ast.File, fset *token.FileSet, settings Settings) ([]byte, error) {
 	// Read file
-	content, err := ioutil.ReadFile(path) // nolint: gosec
+	content, err := os.ReadFile(path) // nolint: gosec
 	if err != nil {
 		return nil, fmt.Errorf("read file: %v", err)
 	}
@@ -102,7 +101,7 @@ func Fix(path string, file *ast.File, fset *token.FileSet, settings Settings) ([
 	return fixed, nil
 }
 
-// Replace rewrites original file with it's fixed version.
+// Replace rewrites original file with its fixed version.
 func Replace(path string, file *ast.File, fset *token.FileSet, settings Settings) error {
 	info, err := os.Stat(path)
 	if err != nil {
@@ -115,7 +114,7 @@ func Replace(path string, file *ast.File, fset *token.FileSet, settings Settings
 		return fmt.Errorf("fix issues: %v", err)
 	}
 
-	if err := ioutil.WriteFile(path, fixed, mode); err != nil {
+	if err := os.WriteFile(path, fixed, mode); err != nil {
 		return fmt.Errorf("write file: %v", err)
 	}
 	return nil
diff --git a/vendor/github.com/ultraware/funlen/README.md b/vendor/github.com/ultraware/funlen/README.md
index aaf348521..af2187694 100644
--- a/vendor/github.com/ultraware/funlen/README.md
+++ b/vendor/github.com/ultraware/funlen/README.md
@@ -1,9 +1,47 @@
 # Funlen linter
 
-Funlen is a linter that checks for long functions. It can checks both on the number of lines and the number of statements.
+Funlen is a linter that checks for long functions. It can check both on the number of lines and the number of statements.
 
 The default limits are 60 lines and 40 statements. You can configure these.
 
-## Installation guide
+## Description
+
+The intent for the funlen linter is to fit a function within one screen. If you need to scroll through a long function, tracing variables back to their definition or even just finding matching brackets can become difficult.
+
+Besides checking lines there's also a separate check for the number of statements, which gives a clearer idea of how much is actually being done in a function.
+
+The default values are used internally, but might to be adjusted for your specific environment.
+
+## Installation
 
 Funlen is included in [golangci-lint](https://github.com/golangci/golangci-lint/). Install it and enable funlen.
+
+# Exclude for tests
+
+golangci-lint offers a way to exclude linters in certain cases. More info can be found here: https://golangci-lint.run/usage/configuration/#issues-configuration.
+
+## Disable funlen for \_test.go files
+
+You can utilize the issues configuration in `.golangci.yml` to exclude the funlen linter for all test files:
+
+```yaml
+issues:
+  exclude-rules:
+    # disable funlen for all _test.go files
+    - path: _test.go
+      linters:
+        - funlen
+```
+
+## Disable funlen only for Test funcs
+
+If you want to keep funlen enabled for example in helper functions in test files but disable it specifically for Test funcs, you can use the following configuration:
+
+```yaml
+issues:
+  exclude-rules:
+    # disable funlen for test funcs
+    - source: "^func Test"
+      linters:
+        - funlen
+```
diff --git a/vendor/github.com/ultraware/funlen/main.go b/vendor/github.com/ultraware/funlen/main.go
index 2ba353002..b68ddb926 100644
--- a/vendor/github.com/ultraware/funlen/main.go
+++ b/vendor/github.com/ultraware/funlen/main.go
@@ -13,7 +13,7 @@ const (
 )
 
 // Run runs this linter on the provided code
-func Run(file *ast.File, fset *token.FileSet, lineLimit, stmtLimit int) []Message {
+func Run(file *ast.File, fset *token.FileSet, lineLimit int, stmtLimit int, ignoreComments bool) []Message {
 	if lineLimit == 0 {
 		lineLimit = defaultLineLimit
 	}
@@ -21,6 +21,8 @@ func Run(file *ast.File, fset *token.FileSet, lineLimit, stmtLimit int) []Messag
 		stmtLimit = defaultStmtLimit
 	}
 
+	cmap := ast.NewCommentMap(fset, file, file.Comments)
+
 	var msgs []Message
 	for _, f := range file.Decls {
 		decl, ok := f.(*ast.FuncDecl)
@@ -36,7 +38,7 @@ func Run(file *ast.File, fset *token.FileSet, lineLimit, stmtLimit int) []Messag
 		}
 
 		if lineLimit > 0 {
-			if lines := getLines(fset, decl); lines > lineLimit {
+			if lines := getLines(fset, decl, cmap.Filter(decl), ignoreComments); lines > lineLimit {
 				msgs = append(msgs, makeLineMessage(fset, decl.Name, lines, lineLimit))
 			}
 		}
@@ -65,8 +67,26 @@ func makeStmtMessage(fset *token.FileSet, funcInfo *ast.Ident, stmts, stmtLimit
 	}
 }
 
-func getLines(fset *token.FileSet, f *ast.FuncDecl) int { // nolint: interfacer
-	return fset.Position(f.End()).Line - fset.Position(f.Pos()).Line - 1
+func getLines(fset *token.FileSet, f *ast.FuncDecl, cmap ast.CommentMap, ignoreComments bool) int { // nolint: interfacer
+	var lineCount int
+	var commentCount int
+
+	lineCount = fset.Position(f.End()).Line - fset.Position(f.Pos()).Line - 1
+
+	if !ignoreComments {
+		return lineCount
+	}
+
+	for _, c := range cmap.Comments() {
+		// If the CommenGroup's lines are inside the function
+		// count how many comments are in the CommentGroup
+		if (fset.Position(c.Pos()).Line > fset.Position(f.Pos()).Line) &&
+			(fset.Position(c.End()).Line < fset.Position(f.End()).Line) {
+			commentCount += len(c.List)
+		}
+	}
+
+	return lineCount - commentCount
 }
 
 func parseStmts(s []ast.Stmt) (total int) {
diff --git a/vendor/github.com/uudashr/gocognit/README.md b/vendor/github.com/uudashr/gocognit/README.md
index 1e028c789..57f31cf74 100644
--- a/vendor/github.com/uudashr/gocognit/README.md
+++ b/vendor/github.com/uudashr/gocognit/README.md
@@ -1,6 +1,6 @@
 [![GoDoc](https://godoc.org/github.com/uudashr/gocognit?status.svg)](https://godoc.org/github.com/uudashr/gocognit)
 # Gocognit
-Gocognit calculates cognitive complexities of functions in Go source code. A measurement of how hard does the code is intuitively to understand.
+Gocognit calculates cognitive complexities of functions (and methods) in Go source code. A measurement of how hard does the code is intuitively to understand.
 
 ## Understanding the complexity
 
@@ -37,10 +37,10 @@ func GetWords(number int) string {
 
 As you see above codes are the same, but the second code are easier to understand, that is why the cognitive complexity score are lower compare to the first one.
 
-## Comparison with cyclometic complexity
+## Comparison with cyclomatic complexity
 
 ### Example 1
-#### Cyclometic complexity
+#### Cyclomatic complexity
 ```go
 func GetWords(number int) string {      // +1
     switch number {
@@ -160,16 +160,40 @@ $ go get github.com/uudashr/gocognit/cmd/gocognit
 ```
 $ gocognit
 Calculate cognitive complexities of Go functions.
+
 Usage:
-        gocognit [flags] <Go file or directory> ...
+
+  gocognit [<flag> ...] <Go file or directory> ...
+
 Flags:
-        -over N   show functions with complexity > N only and
-                  return exit code 1 if the set is non-empty
-        -top N    show the top N most complex functions only
-        -avg      show the average complexity over all functions,
-                  not depending on whether -over or -top are set
-The output fields for each line are:
-<complexity> <package> <function> <file:row:column>
+
+  -over N    show functions with complexity > N only
+             and return exit code 1 if the output is non-empty
+  -top N     show the top N most complex functions only
+  -avg       show the average complexity over all functions,
+             not depending on whether -over or -top are set
+  -json      encode the output as JSON
+  -f format  string the format to use 
+             (default "{{.PkgName}}.{{.FuncName}}:{{.Complexity}}:{{.Pos}}")
+
+The (default) output fields for each line are:
+
+  <complexity> <package> <function> <file:row:column>
+
+The (default) output fields for each line are:
+
+  {{.Complexity}} {{.PkgName}} {{.FuncName}} {{.Pos}}
+
+or equal to <complexity> <package> <function> <file:row:column>
+
+The struct being passed to the template is:
+
+  type Stat struct {
+    PkgName    string
+    FuncName   string
+    Complexity int
+    Pos        token.Position
+  }
 ```
 
 Examples:
@@ -180,6 +204,7 @@ $ gocognit main.go
 $ gocognit -top 10 src/
 $ gocognit -over 25 docker
 $ gocognit -avg .
+$ gocognit -ignore "_test|testdata" .
 ```
 
 The output fields for each line are:
@@ -187,6 +212,15 @@ The output fields for each line are:
 <complexity> <package> <function> <file:row:column>
 ```
 
+## Ignore individual functions
+Ignore individual functions by specifying `gocognit:ignore` directive.
+```go
+//gocognit:ignore
+func IgnoreMe() {
+    // ...
+}
+```
+
 ## Related project
 - [Gocyclo](https://github.com/fzipp/gocyclo) where the code are based on.
 - [Cognitive Complexity: A new way of measuring understandability](https://www.sonarsource.com/docs/CognitiveComplexity.pdf) white paper by G. Ann Campbell.
\ No newline at end of file
diff --git a/vendor/github.com/uudashr/gocognit/gocognit.go b/vendor/github.com/uudashr/gocognit/gocognit.go
index 1d539ee78..2bba2eb4f 100644
--- a/vendor/github.com/uudashr/gocognit/gocognit.go
+++ b/vendor/github.com/uudashr/gocognit/gocognit.go
@@ -26,6 +26,11 @@ func (s Stat) String() string {
 func ComplexityStats(f *ast.File, fset *token.FileSet, stats []Stat) []Stat {
 	for _, decl := range f.Decls {
 		if fn, ok := decl.(*ast.FuncDecl); ok {
+			d := parseDirective(fn.Doc)
+			if d.Ignore {
+				continue
+			}
+
 			stats = append(stats, Stat{
 				PkgName:    f.Name.Name,
 				FuncName:   funcName(fn),
@@ -37,6 +42,24 @@ func ComplexityStats(f *ast.File, fset *token.FileSet, stats []Stat) []Stat {
 	return stats
 }
 
+type directive struct {
+	Ignore bool
+}
+
+func parseDirective(doc *ast.CommentGroup) directive {
+	if doc == nil {
+		return directive{}
+	}
+
+	for _, c := range doc.List {
+		if c.Text == "//gocognit:ignore" {
+			return directive{Ignore: true}
+		}
+	}
+
+	return directive{}
+}
+
 // funcName returns the name representation of a function or method:
 // "(Type).Name" for methods or simply "Name" for functions.
 func funcName(fn *ast.FuncDecl) string {
@@ -272,7 +295,7 @@ func (v *complexityVisitor) visitBranchStmt(n *ast.BranchStmt) ast.Visitor {
 }
 
 func (v *complexityVisitor) visitBinaryExpr(n *ast.BinaryExpr) ast.Visitor {
-	if (n.Op == token.LAND || n.Op == token.LOR) && !v.isCalculated(n) {
+	if isBinaryLogicalOp(n.Op) && !v.isCalculated(n) {
 		ops := v.collectBinaryOps(n)
 
 		var lastOp token.Token
@@ -299,15 +322,10 @@ func (v *complexityVisitor) visitCallExpr(n *ast.CallExpr) ast.Visitor {
 
 func (v *complexityVisitor) collectBinaryOps(exp ast.Expr) []token.Token {
 	v.markCalculated(exp)
-	switch exp := exp.(type) {
-	case *ast.BinaryExpr:
+	if exp, ok := exp.(*ast.BinaryExpr); ok {
 		return mergeBinaryOps(v.collectBinaryOps(exp.X), exp.Op, v.collectBinaryOps(exp.Y))
-	case *ast.ParenExpr:
-		// interest only on what inside paranthese
-		return v.collectBinaryOps(exp.X)
-	default:
-		return []token.Token{}
 	}
+	return nil
 }
 
 func (v *complexityVisitor) incIfComplexity(n *ast.IfStmt) {
@@ -320,16 +338,18 @@ func (v *complexityVisitor) incIfComplexity(n *ast.IfStmt) {
 
 func mergeBinaryOps(x []token.Token, op token.Token, y []token.Token) []token.Token {
 	var out []token.Token
-	if len(x) != 0 {
-		out = append(out, x...)
-	}
-	out = append(out, op)
-	if len(y) != 0 {
-		out = append(out, y...)
+	out = append(out, x...)
+	if isBinaryLogicalOp(op) {
+		out = append(out, op)
 	}
+	out = append(out, y...)
 	return out
 }
 
+func isBinaryLogicalOp(op token.Token) bool {
+	return op == token.LAND || op == token.LOR
+}
+
 const Doc = `Find complex function using cognitive complexity calculation.
 
 The gocognit analysis reports functions or methods which the complexity is over 
@@ -359,13 +379,19 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		(*ast.FuncDecl)(nil),
 	}
 	inspect.Preorder(nodeFilter, func(n ast.Node) {
-		fnDecl := n.(*ast.FuncDecl)
+		funcDecl := n.(*ast.FuncDecl)
+
+		d := parseDirective(funcDecl.Doc)
+		if d.Ignore {
+			return
+		}
+
+		fnName := funcName(funcDecl)
 
-		fnName := funcName(fnDecl)
-		fnComplexity := Complexity(fnDecl)
+		fnComplexity := Complexity(funcDecl)
 
 		if fnComplexity > over {
-			pass.Reportf(fnDecl.Pos(), "cognitive complexity %d of func %s is high (> %d)", fnComplexity, fnName, over)
+			pass.Reportf(funcDecl.Pos(), "cognitive complexity %d of func %s is high (> %d)", fnComplexity, fnName, over)
 		}
 	})
 
diff --git a/vendor/github.com/xen0n/gosmopolitan/README.md b/vendor/github.com/xen0n/gosmopolitan/README.md
index 93e3701e5..86a5e64e0 100644
--- a/vendor/github.com/xen0n/gosmopolitan/README.md
+++ b/vendor/github.com/xen0n/gosmopolitan/README.md
@@ -54,7 +54,9 @@ following characteristics, and may not suit your particular project's needs:
 
 * Originally developed for an audience using non-Latin writing system(s),
 * Returns bare strings intended for humans containing such non-Latin characters, and
-* May occasionally (or frequently) refer to the local timezone.
+* May occasionally (or frequently) refer to the system timezone, but is
+  architecturally forbidden/discouraged to just treat the system timezone as
+  the reference timezone.
 
 For example, the lints may prove valuable if you're revamping a web service
 originally targetting the Chinese market (hence producing strings with Chinese
@@ -64,71 +66,18 @@ will output nothing.
 
 ## golangci-lint integration
 
-`gosmopolitan` is not integrated into [`golangci-lint`][gcl-home] yet, but
-you can nevertheless run it [as a custom plugin][gcl-plugin].
+`gosmopolitan` support [has been merged][gcl-pr] into [`golangci-lint`][gcl-home],
+and will be usable out-of-the-box in golangci-lint v1.53.0 or later.
 
+Due to the opinionated coding style this linter advocates and checks for, if
+you have `enable-all: true` in your `golangci.yml` and your project deals a
+lot with Chinese text and/or `time.Local`, then you'll get flooded with lints
+when you upgrade to golangci-lint v1.53.0. Just disable this linter (and
+better yet, move away from `enable-all: true`) if the style does not suit your
+specific use case.
+
+[gcl-pr]: https://github.com/golangci/golangci-lint/pull/3458
 [gcl-home]: https://golangci-lint.run
-[gcl-plugin]: https://golangci-lint.run/contributing/new-linters/#how-to-add-a-private-linter-to-golangci-lint
-
-First make yourself a plugin `.so` file like this:
-
-```go
-// compile this with something like `go build -buildmode=plugin`
-
-package main
-
-import (
-	"github.com/xen0n/gosmopolitan"
-	"golang.org/x/tools/go/analysis"
-)
-
-type analyzerPlugin struct{}
-
-func (analyzerPlugin) GetAnalyzers() []*analysis.Analyzer {
-	// You can customize the options via gosmopolitan.NewAnalyzerWithConfig
-	// instead.
-	return []*analysis.Analyzer{
-		gosmopolitan.DefaultAnalyzer,
-	}
-}
-
-var AnalyzerPlugin analyzerPlugin
-```
-
-You just need to make sure the `golang.org/x/tools` version used to build the
-plugin is consistent with that of your `golangci-lint` binary. (Of course the
-`golangci-lint` binary should be built with plugin support enabled too;
-notably, [the Homebrew `golangci-lint` is built without plugin support][hb-issue],
-so beware of this.)
-
-[hb-issue]: https://github.com/golangci/golangci-lint/issues/1182
-
-|`golangci-lint` version|`gosmopolitan` tag to use|
-|-----------------------|-------------------------|
-|1.50.x|v1.0.0|
-
-Then reference it in your `.golangci.yml`, and enable it in the `linters`
-section:
-
-```yaml
-linters:
-  # ...
-  enable:
-    # ...
-    - gosmopolitan
-    # ...
-
-linters-settings:
-  custom:
-    gosmopolitan:
-      path: 'path/to/your/plugin.so'
-      description: 'Report certain i18n/l10n anti-patterns in your Go codebase'
-      original-url: 'https://github.com/xen0n/gosmopolitan'
-  # ...
-```
-
-Then you can `golangci-lint run` and `//nolint:gosmopolitan` as you would
-with any other supported linter.
 
 ## License
 
diff --git a/vendor/github.com/xen0n/gosmopolitan/README.zh-Hans.md b/vendor/github.com/xen0n/gosmopolitan/README.zh-Hans.md
index 7f1b7b7ad..682d10880 100644
--- a/vendor/github.com/xen0n/gosmopolitan/README.zh-Hans.md
+++ b/vendor/github.com/xen0n/gosmopolitan/README.zh-Hans.md
@@ -46,7 +46,7 @@
 
 * 项目原先是为使用非拉丁字母书写系统的受众群体开发的，
 * 项目会返回包含这些非拉丁字母字符的裸的字符串（即，未经处理或变换的），
-* 项目可能偶尔（或者经常）引用程序当前运行环境的本地时区。
+* 项目可能偶尔（或者经常）引用程序当前运行环境的系统时区，但项目架构上禁止或不建议把系统时区直接作为业务参考时区使用。
 
 举个例子：如果您在翻新一个本来面向中国用户群体（因此到处都在产生含有汉字的字符串）的
 web 服务，以使其更加国际化，这里的 lints 可能会很有价值。
@@ -55,66 +55,14 @@ linter 则什么都不会输出。
 
 ## 与 golangci-lint 集成
 
-`gosmopolitan` 目前没有集成进上游 [`golangci-lint`][gcl-home]，但您仍然可以[以自定义插件的方式][gcl-plugin]使用本项目。
+`gosmopolitan` 支持[已经被合并][gcl-pr]入 [`golangci-lint`][gcl-home] 上游，在 golangci-lint v1.53.0 及以后的版本可以开箱即用。
 
+[gcl-pr]: https://github.com/golangci/golangci-lint/pull/3458
 [gcl-home]: https://golangci-lint.run
-[gcl-plugin]: https://golangci-lint.run/contributing/new-linters/#how-to-add-a-private-linter-to-golangci-lint
 
-首先像这样做一个插件 `.so` 文件：
-
-```go
-// 用类似 `go build -buildmode=plugin` 的方式编译
-
-package main
-
-import (
-	"github.com/xen0n/gosmopolitan"
-	"golang.org/x/tools/go/analysis"
-)
-
-type analyzerPlugin struct{}
-
-func (analyzerPlugin) GetAnalyzers() []*analysis.Analyzer {
-	// 你可以用 gosmopolitan.NewAnalyzer 来自定义配置。
-	return []*analysis.Analyzer{
-		gosmopolitan.DefaultAnalyzer,
-	}
-}
-
-var AnalyzerPlugin analyzerPlugin
-```
-
-您只需要保证构建时使用的 `golang.org/x/tools` 模块版本和您的 `golangci-lint`
-二进制的相应模块版本一致。（当然，`golangci-lint` 二进制也应该包含插件支持；
-[Homebrew 的 `golangci-lint` 没有插件支持][hb-issue]，尤其需要注意。）
-
-[hb-issue]: https://github.com/golangci/golangci-lint/issues/1182
-
-|`golangci-lint` 版本|对应可用的 `gosmopolitan` tag|
-|--------------------|-----------------------------|
-|1.50.x|v1.0.0|
-
-然后在您的 `.golangci.yml` 中引用它，在 `linters` 一节中启用它：
-
-```yaml
-linters:
-  # ...
-  enable:
-    # ...
-    - gosmopolitan
-    # ...
-
-linters-settings:
-  custom:
-    gosmopolitan:
-      path: 'path/to/your/plugin.so'
-      description: 'Report certain i18n/l10n anti-patterns in your Go codebase'
-      original-url: 'https://github.com/xen0n/gosmopolitan'
-  # ...
-```
-
-这样您就可以像使用其他 linters 一样 `golangci-lint run` 和
-`//nolint:gosmopolitan` 了。
+由于本 linter 倡导和检查的代码风格带有鲜明立场，如果您在 `golangci.yml` 开了
+`enable-all: true` 并且您的项目处理很多中文文本或者 `time.Local`，那么您一旦升级到
+golangci-lint v1.53.0 就将被 lints 淹没。如果这种代码风格不适合您的具体使用场景，直接禁用本 linter（或者更彻底一些，不要 `enable-all: true` 了）就好。
 
 ## 许可证
 
diff --git a/vendor/github.com/ykadowak/zerologlint/README.md b/vendor/github.com/ykadowak/zerologlint/README.md
index 14443e2e3..b0a5fc0f9 100644
--- a/vendor/github.com/ykadowak/zerologlint/README.md
+++ b/vendor/github.com/ykadowak/zerologlint/README.md
@@ -47,5 +47,17 @@ func main() {
 
     // 4. Deferred case
     defer log.Info() // "must be dispatched by Msg or Send method"
+
+    // 5. zerolog.Logger case
+    logger2 := zerolog.New(os.Stdout)
+    logger2.Info().Send()
+
+    // 6. Dispatch in other function case
+    event := log.Info()
+    dispatcher(event)
+}
+
+func dispatcher(e *zerolog.Event) {
+    e.Send()
 }
 ```
diff --git a/vendor/github.com/ykadowak/zerologlint/zerologlint.go b/vendor/github.com/ykadowak/zerologlint/zerologlint.go
index bd588f996..bec50e52b 100644
--- a/vendor/github.com/ykadowak/zerologlint/zerologlint.go
+++ b/vendor/github.com/ykadowak/zerologlint/zerologlint.go
@@ -2,6 +2,7 @@ package zerologlint
 
 import (
 	"go/token"
+	"go/types"
 	"strings"
 
 	"golang.org/x/tools/go/analysis"
@@ -65,14 +66,11 @@ func inspect(cd callDefer, set *map[posser]struct{}) {
 
 	// check if it's in github.com/rs/zerolog/log since there's some
 	// functions in github.com/rs/zerolog that returns zerolog.Event
-	// which should not be included
-	if isInLogPkg(*c) {
+	// which should not be included. However, zerolog.Logger receiver is an exception.
+	if isInLogPkg(*c) || isLoggerRecv(*c) {
 		if isZerologEvent(c.Value) {
-			// check if this is a new instance of zerolog.Event like logger := log.Error()
-			// which should be dispatched afterwards at some point
-			if len(c.Args) == 0 {
-				(*set)[cd] = struct{}{}
-			}
+			// this ssa block should be dispatched afterwards at some point
+			(*set)[cd] = struct{}{}
 			return
 		}
 	}
@@ -81,23 +79,63 @@ func inspect(cd callDefer, set *map[posser]struct{}) {
 	// check if the base is zerolog.Event.
 	// if so, check if the StaticCallee is Send() or Msg().
 	// if so, remove the arg[0] from the set.
+	f := c.StaticCallee()
+	if f == nil {
+		return
+	}
+	if !isDispatchMethod(f) {
+		shouldReturn := true
+		for _, p := range f.Params {
+			if isZerologEvent(p) {
+				// check if this zerolog.Event as a parameter is dispatched in the function
+				// TODO: specifically, it can be dispatched in another function that is called in this function, and
+				//       this algorithm cannot track that. But I'm tired of thinking about that for now.
+				for _, b := range f.Blocks {
+					for _, instr := range b.Instrs {
+						switch v := instr.(type) {
+						case *ssa.Call:
+							if inspectDispatchInFunction(v.Common()) {
+								shouldReturn = false
+							}
+						case *ssa.Defer:
+							if inspectDispatchInFunction(v.Common()) {
+								shouldReturn = false
+							}
+						}
+					}
+				}
+			}
+		}
+		if shouldReturn {
+			return
+		}
+	}
 	for _, arg := range c.Args {
 		if isZerologEvent(arg) {
-			if isDispatchMethod(*c) {
-				val := getRootSsaValue(arg)
-				// if there's branch, remove both ways from the set
-				if phi, ok := val.(*ssa.Phi); ok {
-					for _, edge := range phi.Edges {
-						delete(*set, edge)
-					}
-				} else {
-					delete(*set, val)
+			val := getRootSsaValue(arg)
+			// if there's branch, remove both ways from the set
+			if phi, ok := val.(*ssa.Phi); ok {
+				for _, edge := range phi.Edges {
+					delete(*set, edge)
 				}
+			} else {
+				delete(*set, val)
 			}
 		}
 	}
 }
 
+func inspectDispatchInFunction(cc *ssa.CallCommon) bool {
+	if isDispatchMethod(cc.StaticCallee()) {
+		for _, arg := range cc.Args {
+			if isZerologEvent(arg) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
 func isInLogPkg(c ssa.CallCommon) bool {
 	switch v := c.Value.(type) {
 	case ssa.Member:
@@ -106,9 +144,18 @@ func isInLogPkg(c ssa.CallCommon) bool {
 			return false
 		}
 		return strings.HasSuffix(p.Pkg.Path(), "github.com/rs/zerolog/log")
-	default:
-		return false
 	}
+	return false
+}
+
+func isLoggerRecv(c ssa.CallCommon) bool {
+	switch f := c.Value.(type) {
+	case *ssa.Function:
+		if recv := f.Signature.Recv(); recv != nil {
+			return strings.HasSuffix(types.TypeString(recv.Type(), nil), "zerolog.Logger")
+		}
+	}
+	return false
 }
 
 func isZerologEvent(v ssa.Value) bool {
@@ -116,8 +163,11 @@ func isZerologEvent(v ssa.Value) bool {
 	return strings.HasSuffix(ts, "github.com/rs/zerolog.Event")
 }
 
-func isDispatchMethod(c ssa.CallCommon) bool {
-	m := c.StaticCallee().Name()
+func isDispatchMethod(f *ssa.Function) bool {
+	if f == nil {
+		return false
+	}
+	m := f.Name()
 	if m == "Send" || m == "Msg" || m == "Msgf" || m == "MsgFunc" {
 		return true
 	}
@@ -127,15 +177,23 @@ func isDispatchMethod(c ssa.CallCommon) bool {
 func getRootSsaValue(v ssa.Value) ssa.Value {
 	if c, ok := v.(*ssa.Call); ok {
 		v := c.Value()
+
 		// When there is no receiver, that's the block of zerolog.Event
-		// eg. Error() method in log.Error().Str("foo", "bar"). Send()
+		// eg. Error() method in log.Error().Str("foo", "bar").Send()
 		if len(v.Call.Args) == 0 {
 			return v
 		}
 
+		// Even when there is a receiver, if it's a zerolog.Logger instance, return this block
+		// eg. Info() method in zerolog.New(os.Stdout).Info()
+		root := v.Call.Args[0]
+		if !isZerologEvent(root) {
+			return v
+		}
+
 		// Ok to just return the receiver because all the method in this
 		// chain is zerolog.Event at this point.
-		return getRootSsaValue(v.Call.Args[0])
+		return getRootSsaValue(root)
 	}
 	return v
 }
diff --git a/vendor/gitlab.com/bosi/decorder/.gitignore b/vendor/gitlab.com/bosi/decorder/.gitignore
index 7b533f819..48baa654b 100644
--- a/vendor/gitlab.com/bosi/decorder/.gitignore
+++ b/vendor/gitlab.com/bosi/decorder/.gitignore
@@ -1,7 +1,7 @@
 /.idea
 /.env
+/.env.example
 /decorder
-/deforder
 /LICENSES-3RD-PARTY
 /ytt
 /yq
\ No newline at end of file
diff --git a/vendor/gitlab.com/bosi/decorder/.gitlab-ci.yml b/vendor/gitlab.com/bosi/decorder/.gitlab-ci.yml
index 1ea3b03f2..73e1273b3 100644
--- a/vendor/gitlab.com/bosi/decorder/.gitlab-ci.yml
+++ b/vendor/gitlab.com/bosi/decorder/.gitlab-ci.yml
@@ -12,7 +12,7 @@ stages:
 
 test:
     stage: test
-    image: golang:1.18.4@sha256:9349ed889adb906efa5ebc06485fe1b6a12fb265a01c9266a137bb1352565560
+    image: golang:1.21.0@sha256:b490ae1f0ece153648dd3c5d25be59a63f966b5f9e1311245c947de4506981aa
     before_script:
         - set -eu
         - if [[ -f .env.pipeline ]];then cp .env.pipeline .env;fi
@@ -27,14 +27,16 @@ test:
 
 lint:source-code:
     stage: test
-    image: golangci/golangci-lint:v1.47.2-alpine@sha256:10ed4891fdd1f7249f5e39d7c17ea746ce26adada3c05686c6aa31290abcd180
+    image: golangci/golangci-lint:v1.54.2-alpine@sha256:e950721f6ae622dcc041f57cc0b61c3a78d4bbfc588facfc8b0166901a9f4848
     script:
+        - apk add make bash
+        - make settings
         - '### run linter ###'
         - golangci-lint run ./...
 
 license-check:
     stage: test
-    image: golang:1.18.4@sha256:9349ed889adb906efa5ebc06485fe1b6a12fb265a01c9266a137bb1352565560
+    image: golang:1.21.0@sha256:b490ae1f0ece153648dd3c5d25be59a63f966b5f9e1311245c947de4506981aa
     before_script:
         - set -eu
         - if [[ -f .env.pipeline ]];then cp .env.pipeline .env;fi
@@ -51,7 +53,7 @@ license-check:
 
 pages:
     stage: release
-    image: golang:1.18.4@sha256:9349ed889adb906efa5ebc06485fe1b6a12fb265a01c9266a137bb1352565560
+    image: golang:1.21.0@sha256:b490ae1f0ece153648dd3c5d25be59a63f966b5f9e1311245c947de4506981aa
     only:
         - tags
     script:
diff --git a/vendor/gitlab.com/bosi/decorder/README.md b/vendor/gitlab.com/bosi/decorder/README.md
index e72954937..5947e5ca2 100644
--- a/vendor/gitlab.com/bosi/decorder/README.md
+++ b/vendor/gitlab.com/bosi/decorder/README.md
@@ -1,25 +1,29 @@
 # Decorder
 
-A declaration order linter for golang. In case of this tool declarations are `type`, `const`, `var` and `func`.
+A declaration order linter for Go. In case of this tool declarations are `type`, `const`, `var` and `func`.
 
 ## Rules
 
 This linter applies multiple rules where each can be disabled via cli parameter.
 
-| rule               | description                                                                                                                                                                                                    | cli-options                                                                                       |
-|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|
-| declaration order  | Enforces the order of global declarations (e.g. all global constants are always defined before variables). You can also define a subset of declarations if you don't want to enforce the order of all of them. | * disable check: `-disable-dec-order-check` <br> * custom order: `-dec-order var,const,func,type` |
-| declaration number | Enforces that the statements const, var and type are only used once per file. You have to use parenthesis to declare e.g multiple global types inside a file.                                                  | disable check: `-disable-dec-num-check`                                                           |
-| init func first    | Enforces the init func to be the first function in file.                                                                                                                                                       | disable check: `-disable-init-func-first-check`                                                   |
+| rule               | description                                                                                                                                                                                                        | cli-options                                                                                                                                                                                                                                                                                |
+|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| declaration order  | Enforces the order of global declarations (e.g. all global constants are always defined before variables). <br>You can also define a subset of declarations if you don't want to enforce the order of all of them. | * disable all checks: `-disable-dec-order-check` <br> * disable type checks: `-disable-type-dec-order-check` <br> * disable const checks: `-disable-const-dec-order-check` <br> * disable var checks: `-disable-var-dec-order-check` <br> * custom order: `-dec-order var,const,func,type` |
+| declaration number | Enforces that the statements const, var and type are only used once per file. You have to use parenthesis <br>to declare e.g multiple global types inside a file.                                                  | disable check: `-disable-dec-num-check`                                                                                                                                                                                                                                                    |
+| init func first    | Enforces the init func to be the first function in file.                                                                                                                                                           | disable check: `-disable-init-func-first-check`                                                                                                                                                                                                                                            |
 
 You may find the implementation of the rules inside `analyzer.go`.
 
+Underscore var declarations can be ignored via `-ignore-underscore-vars`.
+
 ## Installation
 
 ```shell
 go install gitlab.com/bosi/decorder/cmd/decorder
 ```
 
+You can use the linter via golangci-lint as well: https://golangci-lint.run/usage/linters/#decorder.
+
 ## Usage
 
 ```shell
@@ -35,6 +39,12 @@ decorder -disable-dec-order-check ./...
 # disable check for multiple declarations statements
 decorder -disable-dec-num-check ./...
 
+# disable check for multiple declarations (var only) statements
+decorder -disable-var-dec-num-check ./...
+
 # disable check that init func is always first function
 decorder -disable-init-func-first-check ./...
+
+# ignore underscore variables for all checks
+decorder -ignore-underscore-vars ./...
 ```
\ No newline at end of file
diff --git a/vendor/gitlab.com/bosi/decorder/analyzer.go b/vendor/gitlab.com/bosi/decorder/analyzer.go
index 308c96b96..08f82ccc1 100644
--- a/vendor/gitlab.com/bosi/decorder/analyzer.go
+++ b/vendor/gitlab.com/bosi/decorder/analyzer.go
@@ -1,9 +1,11 @@
 package decorder
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
 	"strings"
+	"sync"
 
 	"golang.org/x/tools/go/analysis"
 )
@@ -16,6 +18,17 @@ type (
 		funcPoss    []funcPos
 	}
 
+	options struct {
+		decOrder                  string
+		ignoreUnderscoreVars      bool
+		disableDecNumCheck        bool
+		disableTypeDecNumCheck    bool
+		disableConstDecNumCheck   bool
+		disableVarDecNumCheck     bool
+		disableDecOrderCheck      bool
+		disableInitFuncFirstCheck bool
+	}
+
 	funcPos struct {
 		start token.Pos
 		end   token.Pos
@@ -26,9 +39,15 @@ const (
 	Name = "decorder"
 
 	FlagDo    = "dec-order"
+	FlagIuv   = "ignore-underscore-vars"
 	FlagDdnc  = "disable-dec-num-check"
+	FlagDtdnc = "disable-type-dec-num-check"
+	FlagDcdnc = "disable-const-dec-num-check"
+	FlagDvdnc = "disable-var-dec-num-check"
 	FlagDdoc  = "disable-dec-order-check"
 	FlagDiffc = "disable-init-func-first-check"
+
+	defaultDecOrder = "type,const,var,func"
 )
 
 var (
@@ -38,27 +57,45 @@ var (
 		Run:  run,
 	}
 
-	decOrder                  string
-	disableDecNumCheck        bool
-	disableDecOrderCheck      bool
-	disableInitFuncFirstCheck bool
+	opts = options{}
 
 	tokens = []token.Token{token.TYPE, token.CONST, token.VAR, token.FUNC}
+
+	decNumConf = map[token.Token]bool{
+		token.TYPE:  false,
+		token.CONST: false,
+		token.VAR:   false,
+	}
+	decLock sync.Mutex
 )
 
 //nolint:lll
 func init() {
-	Analyzer.Flags.StringVar(&decOrder, FlagDo, "type,const,var,func", "define the required order of types, constants, variables and functions declarations inside a file")
-	Analyzer.Flags.BoolVar(&disableDecNumCheck, FlagDdnc, false, "option to disable check for number of e.g. var declarations inside file")
-	Analyzer.Flags.BoolVar(&disableDecOrderCheck, FlagDdoc, false, "option to disable check for order of declarations inside file")
-	Analyzer.Flags.BoolVar(&disableInitFuncFirstCheck, FlagDiffc, false, "option to disable check that init function is always first function in file")
+	Analyzer.Flags.StringVar(&opts.decOrder, FlagDo, defaultDecOrder, "define the required order of types, constants, variables and functions declarations inside a file")
+	Analyzer.Flags.BoolVar(&opts.ignoreUnderscoreVars, FlagIuv, false, "option to ignore underscore vars for dec order and dec num check")
+	Analyzer.Flags.BoolVar(&opts.disableDecNumCheck, FlagDdnc, false, "option to disable (all) checks for number of declarations inside file")
+	Analyzer.Flags.BoolVar(&opts.disableTypeDecNumCheck, FlagDtdnc, false, "option to disable check for number of type declarations inside file")
+	Analyzer.Flags.BoolVar(&opts.disableConstDecNumCheck, FlagDcdnc, false, "option to disable check for number of const declarations inside file")
+	Analyzer.Flags.BoolVar(&opts.disableVarDecNumCheck, FlagDvdnc, false, "option to disable check for number of var declarations inside file")
+	Analyzer.Flags.BoolVar(&opts.disableDecOrderCheck, FlagDdoc, false, "option to disable check for order of declarations inside file")
+	Analyzer.Flags.BoolVar(&opts.disableInitFuncFirstCheck, FlagDiffc, false, "option to disable check that init function is always first function in file")
+}
+
+func initDec() {
+	decLock.Lock()
+	decNumConf[token.TYPE] = opts.disableTypeDecNumCheck
+	decNumConf[token.CONST] = opts.disableConstDecNumCheck
+	decNumConf[token.VAR] = opts.disableVarDecNumCheck
+	decLock.Unlock()
 }
 
 func run(pass *analysis.Pass) (interface{}, error) {
+	initDec()
+
 	for _, f := range pass.Files {
 		ast.Inspect(f, runDeclNumAndDecOrderCheck(pass))
 
-		if !disableInitFuncFirstCheck {
+		if !opts.disableInitFuncFirstCheck {
 			ast.Inspect(f, runInitFuncFirstCheck(pass))
 		}
 	}
@@ -90,7 +127,7 @@ func runInitFuncFirstCheck(pass *analysis.Pass) func(ast.Node) bool {
 func runDeclNumAndDecOrderCheck(pass *analysis.Pass) func(ast.Node) bool {
 	dnc := newDecNumChecker()
 
-	if disableDecNumCheck && disableDecOrderCheck {
+	if opts.disableDecNumCheck && opts.disableDecOrderCheck {
 		return func(n ast.Node) bool {
 			return true
 		}
@@ -113,7 +150,7 @@ func runDeclNumAndDecOrderCheck(pass *analysis.Pass) func(ast.Node) bool {
 
 		dnc.handleGenDecl(gd, pass)
 
-		if !disableDecOrderCheck {
+		if !opts.disableDecOrderCheck {
 			dnc.handleDecOrderCheck(gd, pass)
 		}
 
@@ -134,7 +171,7 @@ func newDecNumChecker() decNumChecker {
 		dnc.tokenMap[t.String()] = t
 	}
 
-	for _, do := range strings.Split(decOrder, ",") {
+	for _, do := range strings.Split(opts.decOrder, ",") {
 		dnc.decOrder = append(dnc.decOrder, strings.TrimSpace(do))
 	}
 
@@ -159,19 +196,33 @@ func (dnc decNumChecker) isToLate(t token.Token) (string, bool) {
 func (dnc *decNumChecker) handleGenDecl(gd *ast.GenDecl, pass *analysis.Pass) {
 	for _, t := range tokens {
 		if gd.Tok == t {
+			if opts.ignoreUnderscoreVars && declName(gd) == "_" {
+				continue
+			}
+
 			dnc.tokenCounts[t]++
 
-			if !disableDecNumCheck && dnc.tokenCounts[t] > 1 {
+			if !opts.disableDecNumCheck && !decNumConf[t] && dnc.tokenCounts[t] > 1 {
 				pass.Reportf(gd.Pos(), "multiple \"%s\" declarations are not allowed; use parentheses instead", t.String())
 			}
 		}
 	}
 }
 
+func declName(gd *ast.GenDecl) string {
+	for _, spec := range gd.Specs {
+		s, ok := spec.(*ast.ValueSpec)
+		if ok && len(s.Names) > 0 && s.Names[0] != nil {
+			return s.Names[0].Name
+		}
+	}
+	return ""
+}
+
 func (dnc decNumChecker) handleDecOrderCheck(gd *ast.GenDecl, pass *analysis.Pass) {
 	l, c := dnc.isToLate(gd.Tok)
 	if !c {
-		pass.Reportf(gd.Pos(), "%s must not be placed after %s", gd.Tok.String(), l)
+		pass.Reportf(gd.Pos(), fmtWrongOrderMsg(gd.Tok.String(), l))
 	}
 }
 
@@ -189,12 +240,16 @@ func (dnc *decNumChecker) handleFuncDec(fd *ast.FuncDecl, pass *analysis.Pass) b
 
 	dnc.tokenCounts[token.FUNC]++
 
-	if !disableDecOrderCheck {
+	if !opts.disableDecOrderCheck {
 		l, c := dnc.isToLate(token.FUNC)
 		if !c {
-			pass.Reportf(fd.Pos(), "%s must not be placed after %s", token.FUNC.String(), l)
+			pass.Reportf(fd.Pos(), fmtWrongOrderMsg(token.FUNC.String(), l))
 		}
 	}
 
 	return true
 }
+
+func fmtWrongOrderMsg(target string, notAfter string) string {
+	return fmt.Sprintf("%s must not be placed after %s (desired order: %s)", target, notAfter, opts.decOrder)
+}
diff --git a/vendor/gitlab.com/bosi/decorder/renovate.json b/vendor/gitlab.com/bosi/decorder/renovate.json
index 5c0388c59..60041578c 100644
--- a/vendor/gitlab.com/bosi/decorder/renovate.json
+++ b/vendor/gitlab.com/bosi/decorder/renovate.json
@@ -1,29 +1,7 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
     "extends": [
-        "config:base",
-        "group:allNonMajor",
-        ":automergePatch",
-        ":automergeMinor",
-        ":automergeLinters",
-        ":automergeTesters",
-        ":automergeTypes"
-    ],
-    "enabled": true,
-    "dependencyDashboard": false,
-    "separateMajorMinor": true,
-    "separateMultipleMajor": false,
-    "prHourlyLimit": 2,
-    "prConcurrentLimit": 10,
-    "labels": [
-        "depUpdate"
-    ],
-    "updateLockFiles": true,
-    "docker": {
-        "pinDigests": true
-    },
-    "postUpdateOptions": [
-        "gomodTidy"
+        "gitlab>bosi/renovate-configs//configs/golang",
+        "gitlab>bosi/renovate-configs//configs/automerge"
     ]
 }
-
diff --git a/vendor/go-simpler.org/sloglint/.golangci.yml b/vendor/go-simpler.org/sloglint/.golangci.yml
new file mode 100644
index 000000000..ef926a056
--- /dev/null
+++ b/vendor/go-simpler.org/sloglint/.golangci.yml
@@ -0,0 +1,22 @@
+linters:
+  disable-all: true
+  enable:
+    # enabled by default:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    # disabled by default:
+    - gocritic
+    - gofumpt
+
+linters-settings:
+  gocritic:
+    enabled-tags:
+      - diagnostic
+      - style
+      - performance
+      - experimental
+      - opinionated
diff --git a/vendor/go-simpler.org/sloglint/.goreleaser.yml b/vendor/go-simpler.org/sloglint/.goreleaser.yml
new file mode 100644
index 000000000..d31ea11d3
--- /dev/null
+++ b/vendor/go-simpler.org/sloglint/.goreleaser.yml
@@ -0,0 +1,18 @@
+builds:
+  - main: ./cmd/sloglint
+    env:
+      - CGO_ENABLED=0
+    flags:
+      - -trimpath
+    ldflags:
+      - -s -w -X main.version={{.Version}}
+    targets:
+      - darwin_amd64
+      - darwin_arm64
+      - linux_amd64
+      - windows_amd64
+
+archives:
+  - format_overrides:
+      - goos: windows
+        format: zip
diff --git a/vendor/go-simpler.org/sloglint/LICENSE b/vendor/go-simpler.org/sloglint/LICENSE
new file mode 100644
index 000000000..a612ad981
--- /dev/null
+++ b/vendor/go-simpler.org/sloglint/LICENSE
@@ -0,0 +1,373 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - "Incompatible With Secondary Licenses" Notice
+---------------------------------------------------------
+
+  This Source Code Form is "Incompatible With Secondary Licenses", as
+  defined by the Mozilla Public License, v. 2.0.
diff --git a/vendor/go-simpler.org/sloglint/README.md b/vendor/go-simpler.org/sloglint/README.md
new file mode 100644
index 000000000..8f26f3aa7
--- /dev/null
+++ b/vendor/go-simpler.org/sloglint/README.md
@@ -0,0 +1,102 @@
+# sloglint
+
+[![checks](https://github.com/go-simpler/sloglint/actions/workflows/checks.yml/badge.svg)](https://github.com/go-simpler/sloglint/actions/workflows/checks.yml)
+[![pkg.go.dev](https://pkg.go.dev/badge/go-simpler.org/sloglint.svg)](https://pkg.go.dev/go-simpler.org/sloglint)
+[![goreportcard](https://goreportcard.com/badge/go-simpler.org/sloglint)](https://goreportcard.com/report/go-simpler.org/sloglint)
+[![codecov](https://codecov.io/gh/go-simpler/sloglint/branch/main/graph/badge.svg)](https://codecov.io/gh/go-simpler/sloglint)
+
+A Go linter that ensures consistent code style when using `log/slog`.
+
+## 📌 About
+
+The `log/slog` API allows two different types of arguments: key-value pairs and attributes.
+People may have different opinions about which one is better,
+but nobody probably wants to mix them up because it makes the code harder to read.
+
+```go
+slog.Info("a user has logged in", "user_id", 42, slog.String("ip_address", "192.0.2.0")) // ugh
+```
+
+`sloglint` finds such function calls and checks that all the arguments are either key-value pairs or attributes.
+The linter has several options, so you can adjust it to your own code style.
+
+## 🚀 Features
+
+* Forbid mixing key-value pairs and attributes within a single function call (default)
+* Enforce using either key-value pairs or attributes for the entire project (optional)
+* Enforce using constants instead of raw keys (optional)
+* Enforce putting arguments on separate lines (optional)
+
+## 📦 Install
+
+Download a prebuilt binary from the [Releases][1] page.
+
+## 📋 Usage
+
+```shell
+sloglint [flags] ./...
+```
+
+### Key-value pairs only
+
+The `-kv-only` flag causes `sloglint` to report any use of attributes.
+
+```go
+slog.Info("a user has logged in", slog.Int("user_id", 42)) // sloglint: attributes should not be used
+```
+
+### Attributes only
+
+In contrast, the `-attr-only` flag causes `sloglint` to report any use of key-value pairs.
+
+```go
+slog.Info("a user has logged in", "user_id", 42) // sloglint: key-value pairs should not be used
+```
+
+### No raw keys
+
+To prevent typos, you may want to forbid the use of raw keys altogether.
+The `-no-raw-keys` flag causes `sloglint` to report the use of strings as keys (including `slog.Attr` calls, e.g. `slog.Int("user_id", 42)`).
+
+```go
+slog.Info("a user has logged in", "user_id", 42) // sloglint: raw keys should not be used
+```
+
+This report can be fixed by using either constants...
+
+```go
+const UserId = "user_id"
+
+slog.Info("a user has logged in", UserId, 42)
+```
+
+...or custom `slog.Attr` constructors.
+
+```go
+func UserId(value int) slog.Attr { return slog.Int("user_id", value) }
+
+slog.Info("a user has logged in", UserId(42))
+```
+
+> 💡 Such helpers can be automatically generated for you by the [`sloggen`][2] tool. Give it a try too!
+
+### Arguments on separate lines
+
+To improve code readability, you may want to put arguments on separate lines, especially when using key-value pairs.
+The `-args-on-sep-lines` flag causes `sloglint` to report 2+ arguments on the same line.
+
+```go
+slog.Info("a user has logged in", "user_id", 42, "ip_address", "192.0.2.0") // sloglint: arguments should be put on separate lines
+```
+
+This report can be fixed by reformatting the code.
+
+```go
+slog.Info("a user has logged in",
+    "user_id", 42,
+    "ip_address", "192.0.2.0",
+)
+```
+
+[1]: https://github.com/go-simpler/sloglint/releases
+[2]: https://github.com/go-simpler/sloggen
diff --git a/vendor/go-simpler.org/sloglint/sloglint.go b/vendor/go-simpler.org/sloglint/sloglint.go
new file mode 100644
index 000000000..4e4520698
--- /dev/null
+++ b/vendor/go-simpler.org/sloglint/sloglint.go
@@ -0,0 +1,226 @@
+// Package sloglint implements the sloglint analyzer.
+package sloglint
+
+import (
+	"errors"
+	"flag"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"strconv"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
+)
+
+// Options are options for the sloglint analyzer.
+type Options struct {
+	KVOnly         bool // Enforce using key-value pairs only (incompatible with AttrOnly).
+	AttrOnly       bool // Enforce using attributes only (incompatible with KVOnly).
+	NoRawKeys      bool // Enforce using constants instead of raw keys.
+	ArgsOnSepLines bool // Enforce putting arguments on separate lines.
+}
+
+// New creates a new sloglint analyzer.
+func New(opts *Options) *analysis.Analyzer {
+	if opts == nil {
+		opts = new(Options)
+	}
+	return &analysis.Analyzer{
+		Name:     "sloglint",
+		Doc:      "ensure consistent code style when using log/slog",
+		Flags:    flags(opts),
+		Requires: []*analysis.Analyzer{inspect.Analyzer},
+		Run: func(pass *analysis.Pass) (any, error) {
+			if opts.KVOnly && opts.AttrOnly {
+				return nil, errors.New("sloglint: incompatible options provided")
+			}
+			run(pass, opts)
+			return nil, nil
+		},
+	}
+}
+
+func flags(opts *Options) flag.FlagSet {
+	fs := flag.NewFlagSet("sloglint", flag.ContinueOnError)
+
+	boolVar := func(value *bool, name, usage string) {
+		fs.Func(name, usage, func(s string) error {
+			v, err := strconv.ParseBool(s)
+			*value = v
+			return err
+		})
+	}
+
+	boolVar(&opts.KVOnly, "kv-only", "enforce using key-value pairs only (incompatible with -attr-only)")
+	boolVar(&opts.AttrOnly, "attr-only", "enforce using attributes only (incompatible with -kv-only)")
+	boolVar(&opts.NoRawKeys, "no-raw-keys", "enforce using constants instead of raw keys")
+	boolVar(&opts.ArgsOnSepLines, "args-on-sep-lines", "enforce putting arguments on separate lines")
+
+	return *fs
+}
+
+var slogFuncs = map[string]int{ // funcName:argsPos
+	"log/slog.Log":                    3,
+	"log/slog.Debug":                  1,
+	"log/slog.Info":                   1,
+	"log/slog.Warn":                   1,
+	"log/slog.Error":                  1,
+	"log/slog.DebugContext":           2,
+	"log/slog.InfoContext":            2,
+	"log/slog.WarnContext":            2,
+	"log/slog.ErrorContext":           2,
+	"(*log/slog.Logger).Log":          3,
+	"(*log/slog.Logger).Debug":        1,
+	"(*log/slog.Logger).Info":         1,
+	"(*log/slog.Logger).Warn":         1,
+	"(*log/slog.Logger).Error":        1,
+	"(*log/slog.Logger).DebugContext": 2,
+	"(*log/slog.Logger).InfoContext":  2,
+	"(*log/slog.Logger).WarnContext":  2,
+	"(*log/slog.Logger).ErrorContext": 2,
+}
+
+var attrFuncs = map[string]struct{}{
+	"log/slog.String":   {},
+	"log/slog.Int64":    {},
+	"log/slog.Int":      {},
+	"log/slog.Uint64":   {},
+	"log/slog.Float64":  {},
+	"log/slog.Bool":     {},
+	"log/slog.Time":     {},
+	"log/slog.Duration": {},
+	"log/slog.Group":    {},
+	"log/slog.Any":      {},
+}
+
+func run(pass *analysis.Pass, opts *Options) {
+	visit := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+	filter := []ast.Node{(*ast.CallExpr)(nil)}
+
+	visit.Preorder(filter, func(node ast.Node) {
+		call := node.(*ast.CallExpr)
+
+		fn := typeutil.StaticCallee(pass.TypesInfo, call)
+		if fn == nil {
+			return
+		}
+
+		argsPos, ok := slogFuncs[fn.FullName()]
+		if !ok {
+			return
+		}
+
+		// NOTE: we assume that the arguments have already been validated by govet.
+		args := call.Args[argsPos:]
+		if len(args) == 0 {
+			return
+		}
+
+		var keys []ast.Expr
+		var attrs []ast.Expr
+
+		for i := 0; i < len(args); i++ {
+			typ := pass.TypesInfo.TypeOf(args[i])
+			if typ == nil {
+				continue
+			}
+			switch typ.String() {
+			case "string":
+				keys = append(keys, args[i])
+				i++ // skip the value.
+			case "log/slog.Attr":
+				attrs = append(attrs, args[i])
+			}
+		}
+
+		switch {
+		case opts.KVOnly && len(attrs) > 0:
+			pass.Reportf(call.Pos(), "attributes should not be used")
+		case opts.AttrOnly && len(attrs) < len(args):
+			pass.Reportf(call.Pos(), "key-value pairs should not be used")
+		case 0 < len(attrs) && len(attrs) < len(args):
+			pass.Reportf(call.Pos(), "key-value pairs and attributes should not be mixed")
+		}
+
+		if opts.NoRawKeys && rawKeysUsed(pass.TypesInfo, keys, attrs) {
+			pass.Reportf(call.Pos(), "raw keys should not be used")
+		}
+		if opts.ArgsOnSepLines && argsOnSameLine(pass.Fset, call, keys, attrs) {
+			pass.Reportf(call.Pos(), "arguments should be put on separate lines")
+		}
+	})
+}
+
+func rawKeysUsed(info *types.Info, keys, attrs []ast.Expr) bool {
+	isConst := func(expr ast.Expr) bool {
+		ident, ok := expr.(*ast.Ident)
+		return ok && ident.Obj != nil && ident.Obj.Kind == ast.Con
+	}
+
+	for _, key := range keys {
+		if !isConst(key) {
+			return true
+		}
+	}
+
+	for _, attr := range attrs {
+		switch attr := attr.(type) {
+		case *ast.CallExpr: // e.g. slog.Int()
+			fn := typeutil.StaticCallee(info, attr)
+			if _, ok := attrFuncs[fn.FullName()]; ok && !isConst(attr.Args[0]) {
+				return true
+			}
+
+		case *ast.CompositeLit: // slog.Attr{}
+			isRawKey := func(kv *ast.KeyValueExpr) bool {
+				return kv.Key.(*ast.Ident).Name == "Key" && !isConst(kv.Value)
+			}
+
+			switch len(attr.Elts) {
+			case 1: // slog.Attr{Key: ...} | slog.Attr{Value: ...}
+				kv := attr.Elts[0].(*ast.KeyValueExpr)
+				if isRawKey(kv) {
+					return true
+				}
+			case 2: // slog.Attr{..., ...} | slog.Attr{Key: ..., Value: ...}
+				kv1, ok := attr.Elts[0].(*ast.KeyValueExpr)
+				if ok {
+					kv2 := attr.Elts[1].(*ast.KeyValueExpr)
+					if isRawKey(kv1) || isRawKey(kv2) {
+						return true
+					}
+				} else if !isConst(attr.Elts[0]) {
+					return true
+				}
+			}
+		}
+	}
+
+	return false
+}
+
+func argsOnSameLine(fset *token.FileSet, call ast.Expr, keys, attrs []ast.Expr) bool {
+	if len(keys)+len(attrs) <= 1 {
+		return false // special case: slog.Info("msg", "key", "value") is ok.
+	}
+
+	l := len(keys) + len(attrs) + 1
+	args := make([]ast.Expr, 0, l)
+	args = append(args, call)
+	args = append(args, keys...)
+	args = append(args, attrs...)
+
+	lines := make(map[int]struct{}, l)
+	for _, arg := range args {
+		line := fset.Position(arg.Pos()).Line
+		if _, ok := lines[line]; ok {
+			return true
+		}
+		lines[line] = struct{}{}
+	}
+
+	return false
+}
diff --git a/vendor/go.tmz.dev/musttag/musttag.go b/vendor/go.tmz.dev/musttag/musttag.go
index 200163f26..7f4e05e75 100644
--- a/vendor/go.tmz.dev/musttag/musttag.go
+++ b/vendor/go.tmz.dev/musttag/musttag.go
@@ -8,8 +8,8 @@ import (
 	"go/token"
 	"go/types"
 	"path"
-	"path/filepath"
 	"reflect"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -43,16 +43,23 @@ func New(funcs ...Func) *analysis.Analyzer {
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
 		Run: func(pass *analysis.Pass) (any, error) {
 			l := len(builtins) + len(funcs) + len(flagFuncs)
-			m := make(map[string]Func, l)
+			f := make(map[string]Func, l)
+
 			toMap := func(slice []Func) {
 				for _, fn := range slice {
-					m[fn.Name] = fn
+					f[fn.Name] = fn
 				}
 			}
 			toMap(builtins)
 			toMap(funcs)
 			toMap(flagFuncs)
-			return run(pass, m)
+
+			mainModule, err := getMainModule()
+			if err != nil {
+				return nil, err
+			}
+
+			return run(pass, mainModule, f)
 		},
 	}
 }
@@ -81,27 +88,16 @@ func flags(funcs *[]Func) flag.FlagSet {
 }
 
 // for tests only.
-var (
-	report = func(pass *analysis.Pass, st *structType, fn Func, fnPos token.Position) {
-		const format = "`%s` should be annotated with the `%s` tag as it is passed to `%s` at %s"
-		pass.Reportf(st.Pos, format, st.Name, fn.Tag, fn.shortName(), fnPos)
-	}
+var report = func(pass *analysis.Pass, st *structType, fn Func, fnPos token.Position) {
+	const format = "`%s` should be annotated with the `%s` tag as it is passed to `%s` at %s"
+	pass.Reportf(st.Pos, format, st.Name, fn.Tag, fn.shortName(), fnPos)
+}
 
-	// HACK: mainModulePackages() does not return packages from `testdata`,
-	// because it is ignored by the go tool, and thus, by the `go list` command.
-	// For tests to pass we need to add the packages with tests to the main module manually.
-	testPackages []string
-)
+var cleanFullName = regexp.MustCompile(`([^*/(]+/vendor/)`)
 
 // run starts the analysis.
-func run(pass *analysis.Pass, funcs map[string]Func) (any, error) {
-	moduleDir, modulePackages, err := mainModule()
-	if err != nil {
-		return nil, err
-	}
-	for _, pkg := range testPackages {
-		modulePackages[pkg] = struct{}{}
-	}
+func run(pass *analysis.Pass, mainModule string, funcs map[string]Func) (any, error) {
+	var err error
 
 	walk := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
 	filter := []ast.Node{(*ast.CallExpr)(nil)}
@@ -116,12 +112,13 @@ func run(pass *analysis.Pass, funcs map[string]Func) (any, error) {
 			return // not a function call.
 		}
 
-		caller := typeutil.StaticCallee(pass.TypesInfo, call)
-		if caller == nil {
+		callee := typeutil.StaticCallee(pass.TypesInfo, call)
+		if callee == nil {
 			return // not a static call.
 		}
 
-		fn, ok := funcs[caller.FullName()]
+		name := cleanFullName.ReplaceAllString(callee.FullName(), "")
+		fn, ok := funcs[name]
 		if !ok {
 			return // the function is not supported.
 		}
@@ -148,7 +145,7 @@ func run(pass *analysis.Pass, funcs map[string]Func) (any, error) {
 		}
 
 		checker := checker{
-			mainModule: modulePackages,
+			mainModule: mainModule,
 			seenTypes:  make(map[string]struct{}),
 		}
 
@@ -164,7 +161,6 @@ func run(pass *analysis.Pass, funcs map[string]Func) (any, error) {
 		}
 
 		p := pass.Fset.Position(call.Pos())
-		p.Filename, _ = filepath.Rel(moduleDir, p.Filename)
 		report(pass, result, fn, p)
 	})
 
@@ -181,7 +177,7 @@ type structType struct {
 
 // checker parses and checks struct types.
 type checker struct {
-	mainModule map[string]struct{} // do not check types outside of the main module; see issue #17.
+	mainModule string
 	seenTypes  map[string]struct{} // prevent panic on recursive types; see issue #16.
 }
 
@@ -202,13 +198,16 @@ func (c *checker) parseStructType(t types.Type, pos token.Pos) (*structType, boo
 		if pkg == nil {
 			return nil, false
 		}
-		if _, ok := c.mainModule[pkg.Path()]; !ok {
+
+		if !strings.HasPrefix(pkg.Path(), c.mainModule) {
 			return nil, false
 		}
+
 		s, ok := t.Underlying().(*types.Struct)
 		if !ok {
 			return nil, false
 		}
+
 		return &structType{
 			Struct: s,
 			Pos:    t.Obj().Pos(),
diff --git a/vendor/go.tmz.dev/musttag/utils.go b/vendor/go.tmz.dev/musttag/utils.go
index 73e21310a..673747f15 100644
--- a/vendor/go.tmz.dev/musttag/utils.go
+++ b/vendor/go.tmz.dev/musttag/utils.go
@@ -1,41 +1,57 @@
 package musttag
 
 import (
+	"encoding/json"
+	"errors"
 	"fmt"
+	"io"
+	"os"
 	"os/exec"
 	"strings"
 )
 
-// mainModule returns the directory and the set of packages of the main module.
-func mainModule() (dir string, packages map[string]struct{}, _ error) {
-	// https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns
-	// > When using modules, "all" expands to all packages in the main module
-	// > and their dependencies, including dependencies needed by tests of any of those.
+var (
+	getwd = os.Getwd
 
-	// NOTE: the command may run out of file descriptors if go version <= 1.18,
-	// especially on macOS, which has the default soft limit set to 256 (ulimit -nS).
-	// Since go1.19 the limit is automatically increased to the maximum allowed value;
-	// see https://github.com/golang/go/issues/46279 for details.
-	cmd := [...]string{"go", "list", "-f={{if and (not .Standard) .Module.Main}}{{.ImportPath}}{{end}}", "all"}
-
-	out, err := exec.Command(cmd[0], cmd[1:]...).Output()
-	if err != nil {
-		return "", nil, fmt.Errorf("running `go list all`: %w", err)
+	commandOutput = func(name string, args ...string) (string, error) {
+		output, err := exec.Command(name, args...).Output()
+		return string(output), err
 	}
+)
 
-	list := strings.Split(strings.TrimSpace(string(out)), "\n")
-	packages = make(map[string]struct{}, len(list)*2)
+func getMainModule() (string, error) {
+	args := []string{"go", "list", "-m", "-json"}
 
-	for _, pkg := range list {
-		packages[pkg] = struct{}{}
-		packages[pkg+"_test"] = struct{}{} // `*_test` packages belong to the main module, see issue #24.
+	output, err := commandOutput(args[0], args[1:]...)
+	if err != nil {
+		return "", fmt.Errorf("running `%s`: %w", strings.Join(args, " "), err)
 	}
 
-	out, err = exec.Command("go", "list", "-m", "-f={{.Dir}}").Output()
+	cwd, err := getwd()
 	if err != nil {
-		return "", nil, fmt.Errorf("running `go list -m`: %w", err)
+		return "", fmt.Errorf("getting wd: %w", err)
 	}
 
-	dir = strings.TrimSpace(string(out))
-	return dir, packages, nil
+	decoder := json.NewDecoder(strings.NewReader(output))
+
+	for {
+		// multiple JSON objects will be returned when using Go workspaces; see #63 for details.
+		var module struct {
+			Path      string `json:"Path"`
+			Main      bool   `json:"Main"`
+			Dir       string `json:"Dir"`
+			GoMod     string `json:"GoMod"`
+			GoVersion string `json:"GoVersion"`
+		}
+		if err := decoder.Decode(&module); err != nil {
+			if errors.Is(err, io.EOF) {
+				return "", fmt.Errorf("main module not found\n%s", output)
+			}
+			return "", fmt.Errorf("decoding json: %w\n%s", err, output)
+		}
+
+		if module.Main && strings.HasPrefix(cwd, module.Dir) {
+			return module.Path, nil
+		}
+	}
 }
diff --git a/vendor/go.uber.org/atomic/.codecov.yml b/vendor/go.uber.org/atomic/.codecov.yml
deleted file mode 100644
index 571116cc3..000000000
--- a/vendor/go.uber.org/atomic/.codecov.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-coverage:
-  range: 80..100
-  round: down
-  precision: 2
-
-  status:
-    project:                   # measuring the overall project coverage
-      default:                 # context, you can create multiple ones with custom titles
-        enabled: yes           # must be yes|true to enable this status
-        target: 100            # specify the target coverage for each commit status
-                               #   option: "auto" (must increase from parent commit or pull request base)
-                               #   option: "X%" a static target percentage to hit
-        if_not_found: success  # if parent is not found report status as success, error, or failure
-        if_ci_failed: error    # if ci fails report status as success, error, or failure
-
-# Also update COVER_IGNORE_PKGS in the Makefile.
-ignore:
-  - /internal/gen-atomicint/
-  - /internal/gen-valuewrapper/
diff --git a/vendor/go.uber.org/atomic/.gitignore b/vendor/go.uber.org/atomic/.gitignore
deleted file mode 100644
index 2e337a0ed..000000000
--- a/vendor/go.uber.org/atomic/.gitignore
+++ /dev/null
@@ -1,15 +0,0 @@
-/bin
-.DS_Store
-/vendor
-cover.html
-cover.out
-lint.log
-
-# Binaries
-*.test
-
-# Profiling output
-*.prof
-
-# Output of fossa analyzer
-/fossa
diff --git a/vendor/go.uber.org/atomic/CHANGELOG.md b/vendor/go.uber.org/atomic/CHANGELOG.md
deleted file mode 100644
index 5fe03f21b..000000000
--- a/vendor/go.uber.org/atomic/CHANGELOG.md
+++ /dev/null
@@ -1,117 +0,0 @@
-# Changelog
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [1.10.0] - 2022-08-11
-### Added
-- Add `atomic.Float32` type for atomic operations on `float32`.
-- Add `CompareAndSwap` and `Swap` methods to `atomic.String`, `atomic.Error`,
-  and `atomic.Value`.
-- Add generic `atomic.Pointer[T]` type for atomic operations on pointers of any
-  type. This is present only for Go 1.18 or higher, and is a drop-in for
-  replacement for the standard library's `sync/atomic.Pointer` type.
-
-### Changed
-- Deprecate `CAS` methods on all types in favor of corresponding
-  `CompareAndSwap` methods.
-
-Thanks to @eNV25 and @icpd for their contributions to this release.
-
-[1.10.0]: https://github.com/uber-go/atomic/compare/v1.9.0...v1.10.0
-
-## [1.9.0] - 2021-07-15
-### Added
-- Add `Float64.Swap` to match int atomic operations.
-- Add `atomic.Time` type for atomic operations on `time.Time` values.
-
-[1.9.0]: https://github.com/uber-go/atomic/compare/v1.8.0...v1.9.0
-
-## [1.8.0] - 2021-06-09
-### Added
-- Add `atomic.Uintptr` type for atomic operations on `uintptr` values.
-- Add `atomic.UnsafePointer` type for atomic operations on `unsafe.Pointer` values.
-
-[1.8.0]: https://github.com/uber-go/atomic/compare/v1.7.0...v1.8.0
-
-## [1.7.0] - 2020-09-14
-### Added
-- Support JSON serialization and deserialization of primitive atomic types.
-- Support Text marshalling and unmarshalling for string atomics.
-
-### Changed
-- Disallow incorrect comparison of atomic values in a non-atomic way.
-
-### Removed
-- Remove dependency on `golang.org/x/{lint, tools}`.
-
-[1.7.0]: https://github.com/uber-go/atomic/compare/v1.6.0...v1.7.0
-
-## [1.6.0] - 2020-02-24
-### Changed
-- Drop library dependency on `golang.org/x/{lint, tools}`.
-
-[1.6.0]: https://github.com/uber-go/atomic/compare/v1.5.1...v1.6.0
-
-## [1.5.1] - 2019-11-19
-- Fix bug where `Bool.CAS` and `Bool.Toggle` do work correctly together
-  causing `CAS` to fail even though the old value matches.
-
-[1.5.1]: https://github.com/uber-go/atomic/compare/v1.5.0...v1.5.1
-
-## [1.5.0] - 2019-10-29
-### Changed
-- With Go modules, only the `go.uber.org/atomic` import path is supported now.
-  If you need to use the old import path, please add a `replace` directive to
-  your `go.mod`.
-
-[1.5.0]: https://github.com/uber-go/atomic/compare/v1.4.0...v1.5.0
-
-## [1.4.0] - 2019-05-01
-### Added
- - Add `atomic.Error` type for atomic operations on `error` values.
-
-[1.4.0]: https://github.com/uber-go/atomic/compare/v1.3.2...v1.4.0
-
-## [1.3.2] - 2018-05-02
-### Added
-- Add `atomic.Duration` type for atomic operations on `time.Duration` values.
-
-[1.3.2]: https://github.com/uber-go/atomic/compare/v1.3.1...v1.3.2
-
-## [1.3.1] - 2017-11-14
-### Fixed
-- Revert optimization for `atomic.String.Store("")` which caused data races.
-
-[1.3.1]: https://github.com/uber-go/atomic/compare/v1.3.0...v1.3.1
-
-## [1.3.0] - 2017-11-13
-### Added
-- Add `atomic.Bool.CAS` for compare-and-swap semantics on bools.
-
-### Changed
-- Optimize `atomic.String.Store("")` by avoiding an allocation.
-
-[1.3.0]: https://github.com/uber-go/atomic/compare/v1.2.0...v1.3.0
-
-## [1.2.0] - 2017-04-12
-### Added
-- Shadow `atomic.Value` from `sync/atomic`.
-
-[1.2.0]: https://github.com/uber-go/atomic/compare/v1.1.0...v1.2.0
-
-## [1.1.0] - 2017-03-10
-### Added
-- Add atomic `Float64` type.
-
-### Changed
-- Support new `go.uber.org/atomic` import path.
-
-[1.1.0]: https://github.com/uber-go/atomic/compare/v1.0.0...v1.1.0
-
-## [1.0.0] - 2016-07-18
-
-- Initial release.
-
-[1.0.0]: https://github.com/uber-go/atomic/releases/tag/v1.0.0
diff --git a/vendor/go.uber.org/atomic/Makefile b/vendor/go.uber.org/atomic/Makefile
deleted file mode 100644
index 46c945b32..000000000
--- a/vendor/go.uber.org/atomic/Makefile
+++ /dev/null
@@ -1,79 +0,0 @@
-# Directory to place `go install`ed binaries into.
-export GOBIN ?= $(shell pwd)/bin
-
-GOLINT = $(GOBIN)/golint
-GEN_ATOMICINT = $(GOBIN)/gen-atomicint
-GEN_ATOMICWRAPPER = $(GOBIN)/gen-atomicwrapper
-STATICCHECK = $(GOBIN)/staticcheck
-
-GO_FILES ?= $(shell find . '(' -path .git -o -path vendor ')' -prune -o -name '*.go' -print)
-
-# Also update ignore section in .codecov.yml.
-COVER_IGNORE_PKGS = \
-	go.uber.org/atomic/internal/gen-atomicint \
-	go.uber.org/atomic/internal/gen-atomicwrapper
-
-.PHONY: build
-build:
-	go build ./...
-
-.PHONY: test
-test:
-	go test -race ./...
-
-.PHONY: gofmt
-gofmt:
-	$(eval FMT_LOG := $(shell mktemp -t gofmt.XXXXX))
-	gofmt -e -s -l $(GO_FILES) > $(FMT_LOG) || true
-	@[ ! -s "$(FMT_LOG)" ] || (echo "gofmt failed:" && cat $(FMT_LOG) && false)
-
-$(GOLINT):
-	cd tools && go install golang.org/x/lint/golint
-
-$(STATICCHECK):
-	cd tools && go install honnef.co/go/tools/cmd/staticcheck
-
-$(GEN_ATOMICWRAPPER): $(wildcard ./internal/gen-atomicwrapper/*)
-	go build -o $@ ./internal/gen-atomicwrapper
-
-$(GEN_ATOMICINT): $(wildcard ./internal/gen-atomicint/*)
-	go build -o $@ ./internal/gen-atomicint
-
-.PHONY: golint
-golint: $(GOLINT)
-	$(GOLINT) ./...
-
-.PHONY: staticcheck
-staticcheck: $(STATICCHECK)
-	$(STATICCHECK) ./...
-
-.PHONY: lint
-lint: gofmt golint staticcheck generatenodirty
-
-# comma separated list of packages to consider for code coverage.
-COVER_PKG = $(shell \
-	go list -find ./... | \
-	grep -v $(foreach pkg,$(COVER_IGNORE_PKGS),-e "^$(pkg)$$") | \
-	paste -sd, -)
-
-.PHONY: cover
-cover:
-	go test -coverprofile=cover.out -coverpkg  $(COVER_PKG) -v ./...
-	go tool cover -html=cover.out -o cover.html
-
-.PHONY: generate
-generate: $(GEN_ATOMICINT) $(GEN_ATOMICWRAPPER)
-	go generate ./...
-
-.PHONY: generatenodirty
-generatenodirty:
-	@[ -z "$$(git status --porcelain)" ] || ( \
-		echo "Working tree is dirty. Commit your changes first."; \
-		git status; \
-		exit 1 )
-	@make generate
-	@status=$$(git status --porcelain); \
-		[ -z "$$status" ] || ( \
-		echo "Working tree is dirty after `make generate`:"; \
-		echo "$$status"; \
-		echo "Please ensure that the generated code is up-to-date." )
diff --git a/vendor/go.uber.org/atomic/README.md b/vendor/go.uber.org/atomic/README.md
deleted file mode 100644
index 96b47a1f1..000000000
--- a/vendor/go.uber.org/atomic/README.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# atomic [![GoDoc][doc-img]][doc] [![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] [![Go Report Card][reportcard-img]][reportcard]
-
-Simple wrappers for primitive types to enforce atomic access.
-
-## Installation
-
-```shell
-$ go get -u go.uber.org/atomic@v1
-```
-
-### Legacy Import Path
-
-As of v1.5.0, the import path `go.uber.org/atomic` is the only supported way
-of using this package. If you are using Go modules, this package will fail to
-compile with the legacy import path path `github.com/uber-go/atomic`.
-
-We recommend migrating your code to the new import path but if you're unable
-to do so, or if your dependencies are still using the old import path, you
-will have to add a `replace` directive to your `go.mod` file downgrading the
-legacy import path to an older version.
-
-```
-replace github.com/uber-go/atomic => github.com/uber-go/atomic v1.4.0
-```
-
-You can do so automatically by running the following command.
-
-```shell
-$ go mod edit -replace github.com/uber-go/atomic=github.com/uber-go/atomic@v1.4.0
-```
-
-## Usage
-
-The standard library's `sync/atomic` is powerful, but it's easy to forget which
-variables must be accessed atomically. `go.uber.org/atomic` preserves all the
-functionality of the standard library, but wraps the primitive types to
-provide a safer, more convenient API.
-
-```go
-var atom atomic.Uint32
-atom.Store(42)
-atom.Sub(2)
-atom.CAS(40, 11)
-```
-
-See the [documentation][doc] for a complete API specification.
-
-## Development Status
-
-Stable.
-
----
-
-Released under the [MIT License](LICENSE.txt).
-
-[doc-img]: https://godoc.org/github.com/uber-go/atomic?status.svg
-[doc]: https://godoc.org/go.uber.org/atomic
-[ci-img]: https://github.com/uber-go/atomic/actions/workflows/go.yml/badge.svg
-[ci]: https://github.com/uber-go/atomic/actions/workflows/go.yml
-[cov-img]: https://codecov.io/gh/uber-go/atomic/branch/master/graph/badge.svg
-[cov]: https://codecov.io/gh/uber-go/atomic
-[reportcard-img]: https://goreportcard.com/badge/go.uber.org/atomic
-[reportcard]: https://goreportcard.com/report/go.uber.org/atomic
diff --git a/vendor/go.uber.org/atomic/bool.go b/vendor/go.uber.org/atomic/bool.go
deleted file mode 100644
index dfa2085f4..000000000
--- a/vendor/go.uber.org/atomic/bool.go
+++ /dev/null
@@ -1,88 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-)
-
-// Bool is an atomic type-safe wrapper for bool values.
-type Bool struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Uint32
-}
-
-var _zeroBool bool
-
-// NewBool creates a new Bool.
-func NewBool(val bool) *Bool {
-	x := &Bool{}
-	if val != _zeroBool {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped bool.
-func (x *Bool) Load() bool {
-	return truthy(x.v.Load())
-}
-
-// Store atomically stores the passed bool.
-func (x *Bool) Store(val bool) {
-	x.v.Store(boolToInt(val))
-}
-
-// CAS is an atomic compare-and-swap for bool values.
-//
-// Deprecated: Use CompareAndSwap.
-func (x *Bool) CAS(old, new bool) (swapped bool) {
-	return x.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap for bool values.
-func (x *Bool) CompareAndSwap(old, new bool) (swapped bool) {
-	return x.v.CompareAndSwap(boolToInt(old), boolToInt(new))
-}
-
-// Swap atomically stores the given bool and returns the old
-// value.
-func (x *Bool) Swap(val bool) (old bool) {
-	return truthy(x.v.Swap(boolToInt(val)))
-}
-
-// MarshalJSON encodes the wrapped bool into JSON.
-func (x *Bool) MarshalJSON() ([]byte, error) {
-	return json.Marshal(x.Load())
-}
-
-// UnmarshalJSON decodes a bool from JSON.
-func (x *Bool) UnmarshalJSON(b []byte) error {
-	var v bool
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	x.Store(v)
-	return nil
-}
diff --git a/vendor/go.uber.org/atomic/doc.go b/vendor/go.uber.org/atomic/doc.go
deleted file mode 100644
index ae7390ee6..000000000
--- a/vendor/go.uber.org/atomic/doc.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-// Package atomic provides simple wrappers around numerics to enforce atomic
-// access.
-package atomic
diff --git a/vendor/go.uber.org/atomic/duration.go b/vendor/go.uber.org/atomic/duration.go
deleted file mode 100644
index 6f4157445..000000000
--- a/vendor/go.uber.org/atomic/duration.go
+++ /dev/null
@@ -1,89 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"time"
-)
-
-// Duration is an atomic type-safe wrapper for time.Duration values.
-type Duration struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Int64
-}
-
-var _zeroDuration time.Duration
-
-// NewDuration creates a new Duration.
-func NewDuration(val time.Duration) *Duration {
-	x := &Duration{}
-	if val != _zeroDuration {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped time.Duration.
-func (x *Duration) Load() time.Duration {
-	return time.Duration(x.v.Load())
-}
-
-// Store atomically stores the passed time.Duration.
-func (x *Duration) Store(val time.Duration) {
-	x.v.Store(int64(val))
-}
-
-// CAS is an atomic compare-and-swap for time.Duration values.
-//
-// Deprecated: Use CompareAndSwap.
-func (x *Duration) CAS(old, new time.Duration) (swapped bool) {
-	return x.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap for time.Duration values.
-func (x *Duration) CompareAndSwap(old, new time.Duration) (swapped bool) {
-	return x.v.CompareAndSwap(int64(old), int64(new))
-}
-
-// Swap atomically stores the given time.Duration and returns the old
-// value.
-func (x *Duration) Swap(val time.Duration) (old time.Duration) {
-	return time.Duration(x.v.Swap(int64(val)))
-}
-
-// MarshalJSON encodes the wrapped time.Duration into JSON.
-func (x *Duration) MarshalJSON() ([]byte, error) {
-	return json.Marshal(x.Load())
-}
-
-// UnmarshalJSON decodes a time.Duration from JSON.
-func (x *Duration) UnmarshalJSON(b []byte) error {
-	var v time.Duration
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	x.Store(v)
-	return nil
-}
diff --git a/vendor/go.uber.org/atomic/duration_ext.go b/vendor/go.uber.org/atomic/duration_ext.go
deleted file mode 100644
index 4c18b0a9e..000000000
--- a/vendor/go.uber.org/atomic/duration_ext.go
+++ /dev/null
@@ -1,40 +0,0 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import "time"
-
-//go:generate bin/gen-atomicwrapper -name=Duration -type=time.Duration -wrapped=Int64 -pack=int64 -unpack=time.Duration -cas -swap -json -imports time -file=duration.go
-
-// Add atomically adds to the wrapped time.Duration and returns the new value.
-func (d *Duration) Add(delta time.Duration) time.Duration {
-	return time.Duration(d.v.Add(int64(delta)))
-}
-
-// Sub atomically subtracts from the wrapped time.Duration and returns the new value.
-func (d *Duration) Sub(delta time.Duration) time.Duration {
-	return time.Duration(d.v.Sub(int64(delta)))
-}
-
-// String encodes the wrapped value as a string.
-func (d *Duration) String() string {
-	return d.Load().String()
-}
diff --git a/vendor/go.uber.org/atomic/error.go b/vendor/go.uber.org/atomic/error.go
deleted file mode 100644
index 27b23ea16..000000000
--- a/vendor/go.uber.org/atomic/error.go
+++ /dev/null
@@ -1,62 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-// Error is an atomic type-safe wrapper for error values.
-type Error struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Value
-}
-
-var _zeroError error
-
-// NewError creates a new Error.
-func NewError(val error) *Error {
-	x := &Error{}
-	if val != _zeroError {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped error.
-func (x *Error) Load() error {
-	return unpackError(x.v.Load())
-}
-
-// Store atomically stores the passed error.
-func (x *Error) Store(val error) {
-	x.v.Store(packError(val))
-}
-
-// CompareAndSwap is an atomic compare-and-swap for error values.
-func (x *Error) CompareAndSwap(old, new error) (swapped bool) {
-	return x.v.CompareAndSwap(packError(old), packError(new))
-}
-
-// Swap atomically stores the given error and returns the old
-// value.
-func (x *Error) Swap(val error) (old error) {
-	return unpackError(x.v.Swap(packError(val)))
-}
diff --git a/vendor/go.uber.org/atomic/float32.go b/vendor/go.uber.org/atomic/float32.go
deleted file mode 100644
index 5d535a6d2..000000000
--- a/vendor/go.uber.org/atomic/float32.go
+++ /dev/null
@@ -1,77 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"math"
-)
-
-// Float32 is an atomic type-safe wrapper for float32 values.
-type Float32 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Uint32
-}
-
-var _zeroFloat32 float32
-
-// NewFloat32 creates a new Float32.
-func NewFloat32(val float32) *Float32 {
-	x := &Float32{}
-	if val != _zeroFloat32 {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped float32.
-func (x *Float32) Load() float32 {
-	return math.Float32frombits(x.v.Load())
-}
-
-// Store atomically stores the passed float32.
-func (x *Float32) Store(val float32) {
-	x.v.Store(math.Float32bits(val))
-}
-
-// Swap atomically stores the given float32 and returns the old
-// value.
-func (x *Float32) Swap(val float32) (old float32) {
-	return math.Float32frombits(x.v.Swap(math.Float32bits(val)))
-}
-
-// MarshalJSON encodes the wrapped float32 into JSON.
-func (x *Float32) MarshalJSON() ([]byte, error) {
-	return json.Marshal(x.Load())
-}
-
-// UnmarshalJSON decodes a float32 from JSON.
-func (x *Float32) UnmarshalJSON(b []byte) error {
-	var v float32
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	x.Store(v)
-	return nil
-}
diff --git a/vendor/go.uber.org/atomic/float32_ext.go b/vendor/go.uber.org/atomic/float32_ext.go
deleted file mode 100644
index b0cd8d9c8..000000000
--- a/vendor/go.uber.org/atomic/float32_ext.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"math"
-	"strconv"
-)
-
-//go:generate bin/gen-atomicwrapper -name=Float32 -type=float32 -wrapped=Uint32 -pack=math.Float32bits -unpack=math.Float32frombits -swap -json -imports math -file=float32.go
-
-// Add atomically adds to the wrapped float32 and returns the new value.
-func (f *Float32) Add(delta float32) float32 {
-	for {
-		old := f.Load()
-		new := old + delta
-		if f.CAS(old, new) {
-			return new
-		}
-	}
-}
-
-// Sub atomically subtracts from the wrapped float32 and returns the new value.
-func (f *Float32) Sub(delta float32) float32 {
-	return f.Add(-delta)
-}
-
-// CAS is an atomic compare-and-swap for float32 values.
-//
-// Deprecated: Use CompareAndSwap
-func (f *Float32) CAS(old, new float32) (swapped bool) {
-	return f.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap for float32 values.
-//
-// Note: CompareAndSwap handles NaN incorrectly. NaN != NaN using Go's inbuilt operators
-// but CompareAndSwap allows a stored NaN to compare equal to a passed in NaN.
-// This avoids typical CompareAndSwap loops from blocking forever, e.g.,
-//
-//	for {
-//	  old := atom.Load()
-//	  new = f(old)
-//	  if atom.CompareAndSwap(old, new) {
-//	    break
-//	  }
-//	}
-//
-// If CompareAndSwap did not match NaN to match, then the above would loop forever.
-func (f *Float32) CompareAndSwap(old, new float32) (swapped bool) {
-	return f.v.CompareAndSwap(math.Float32bits(old), math.Float32bits(new))
-}
-
-// String encodes the wrapped value as a string.
-func (f *Float32) String() string {
-	// 'g' is the behavior for floats with %v.
-	return strconv.FormatFloat(float64(f.Load()), 'g', -1, 32)
-}
diff --git a/vendor/go.uber.org/atomic/float64.go b/vendor/go.uber.org/atomic/float64.go
deleted file mode 100644
index 11d5189a5..000000000
--- a/vendor/go.uber.org/atomic/float64.go
+++ /dev/null
@@ -1,77 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"math"
-)
-
-// Float64 is an atomic type-safe wrapper for float64 values.
-type Float64 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Uint64
-}
-
-var _zeroFloat64 float64
-
-// NewFloat64 creates a new Float64.
-func NewFloat64(val float64) *Float64 {
-	x := &Float64{}
-	if val != _zeroFloat64 {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped float64.
-func (x *Float64) Load() float64 {
-	return math.Float64frombits(x.v.Load())
-}
-
-// Store atomically stores the passed float64.
-func (x *Float64) Store(val float64) {
-	x.v.Store(math.Float64bits(val))
-}
-
-// Swap atomically stores the given float64 and returns the old
-// value.
-func (x *Float64) Swap(val float64) (old float64) {
-	return math.Float64frombits(x.v.Swap(math.Float64bits(val)))
-}
-
-// MarshalJSON encodes the wrapped float64 into JSON.
-func (x *Float64) MarshalJSON() ([]byte, error) {
-	return json.Marshal(x.Load())
-}
-
-// UnmarshalJSON decodes a float64 from JSON.
-func (x *Float64) UnmarshalJSON(b []byte) error {
-	var v float64
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	x.Store(v)
-	return nil
-}
diff --git a/vendor/go.uber.org/atomic/float64_ext.go b/vendor/go.uber.org/atomic/float64_ext.go
deleted file mode 100644
index 48c52b0ab..000000000
--- a/vendor/go.uber.org/atomic/float64_ext.go
+++ /dev/null
@@ -1,76 +0,0 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"math"
-	"strconv"
-)
-
-//go:generate bin/gen-atomicwrapper -name=Float64 -type=float64 -wrapped=Uint64 -pack=math.Float64bits -unpack=math.Float64frombits -swap -json -imports math -file=float64.go
-
-// Add atomically adds to the wrapped float64 and returns the new value.
-func (f *Float64) Add(delta float64) float64 {
-	for {
-		old := f.Load()
-		new := old + delta
-		if f.CAS(old, new) {
-			return new
-		}
-	}
-}
-
-// Sub atomically subtracts from the wrapped float64 and returns the new value.
-func (f *Float64) Sub(delta float64) float64 {
-	return f.Add(-delta)
-}
-
-// CAS is an atomic compare-and-swap for float64 values.
-//
-// Deprecated: Use CompareAndSwap
-func (f *Float64) CAS(old, new float64) (swapped bool) {
-	return f.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap for float64 values.
-//
-// Note: CompareAndSwap handles NaN incorrectly. NaN != NaN using Go's inbuilt operators
-// but CompareAndSwap allows a stored NaN to compare equal to a passed in NaN.
-// This avoids typical CompareAndSwap loops from blocking forever, e.g.,
-//
-//	for {
-//	  old := atom.Load()
-//	  new = f(old)
-//	  if atom.CompareAndSwap(old, new) {
-//	    break
-//	  }
-//	}
-//
-// If CompareAndSwap did not match NaN to match, then the above would loop forever.
-func (f *Float64) CompareAndSwap(old, new float64) (swapped bool) {
-	return f.v.CompareAndSwap(math.Float64bits(old), math.Float64bits(new))
-}
-
-// String encodes the wrapped value as a string.
-func (f *Float64) String() string {
-	// 'g' is the behavior for floats with %v.
-	return strconv.FormatFloat(f.Load(), 'g', -1, 64)
-}
diff --git a/vendor/go.uber.org/atomic/gen.go b/vendor/go.uber.org/atomic/gen.go
deleted file mode 100644
index 1e9ef4f87..000000000
--- a/vendor/go.uber.org/atomic/gen.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-//go:generate bin/gen-atomicint -name=Int32 -wrapped=int32 -file=int32.go
-//go:generate bin/gen-atomicint -name=Int64 -wrapped=int64 -file=int64.go
-//go:generate bin/gen-atomicint -name=Uint32 -wrapped=uint32 -unsigned -file=uint32.go
-//go:generate bin/gen-atomicint -name=Uint64 -wrapped=uint64 -unsigned -file=uint64.go
-//go:generate bin/gen-atomicint -name=Uintptr -wrapped=uintptr -unsigned -file=uintptr.go
diff --git a/vendor/go.uber.org/atomic/int32.go b/vendor/go.uber.org/atomic/int32.go
deleted file mode 100644
index b9a68f42c..000000000
--- a/vendor/go.uber.org/atomic/int32.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// @generated Code generated by gen-atomicint.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"strconv"
-	"sync/atomic"
-)
-
-// Int32 is an atomic wrapper around int32.
-type Int32 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v int32
-}
-
-// NewInt32 creates a new Int32.
-func NewInt32(val int32) *Int32 {
-	return &Int32{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (i *Int32) Load() int32 {
-	return atomic.LoadInt32(&i.v)
-}
-
-// Add atomically adds to the wrapped int32 and returns the new value.
-func (i *Int32) Add(delta int32) int32 {
-	return atomic.AddInt32(&i.v, delta)
-}
-
-// Sub atomically subtracts from the wrapped int32 and returns the new value.
-func (i *Int32) Sub(delta int32) int32 {
-	return atomic.AddInt32(&i.v, -delta)
-}
-
-// Inc atomically increments the wrapped int32 and returns the new value.
-func (i *Int32) Inc() int32 {
-	return i.Add(1)
-}
-
-// Dec atomically decrements the wrapped int32 and returns the new value.
-func (i *Int32) Dec() int32 {
-	return i.Sub(1)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap.
-func (i *Int32) CAS(old, new int32) (swapped bool) {
-	return i.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (i *Int32) CompareAndSwap(old, new int32) (swapped bool) {
-	return atomic.CompareAndSwapInt32(&i.v, old, new)
-}
-
-// Store atomically stores the passed value.
-func (i *Int32) Store(val int32) {
-	atomic.StoreInt32(&i.v, val)
-}
-
-// Swap atomically swaps the wrapped int32 and returns the old value.
-func (i *Int32) Swap(val int32) (old int32) {
-	return atomic.SwapInt32(&i.v, val)
-}
-
-// MarshalJSON encodes the wrapped int32 into JSON.
-func (i *Int32) MarshalJSON() ([]byte, error) {
-	return json.Marshal(i.Load())
-}
-
-// UnmarshalJSON decodes JSON into the wrapped int32.
-func (i *Int32) UnmarshalJSON(b []byte) error {
-	var v int32
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	i.Store(v)
-	return nil
-}
-
-// String encodes the wrapped value as a string.
-func (i *Int32) String() string {
-	v := i.Load()
-	return strconv.FormatInt(int64(v), 10)
-}
diff --git a/vendor/go.uber.org/atomic/int64.go b/vendor/go.uber.org/atomic/int64.go
deleted file mode 100644
index 78d260976..000000000
--- a/vendor/go.uber.org/atomic/int64.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// @generated Code generated by gen-atomicint.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"strconv"
-	"sync/atomic"
-)
-
-// Int64 is an atomic wrapper around int64.
-type Int64 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v int64
-}
-
-// NewInt64 creates a new Int64.
-func NewInt64(val int64) *Int64 {
-	return &Int64{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (i *Int64) Load() int64 {
-	return atomic.LoadInt64(&i.v)
-}
-
-// Add atomically adds to the wrapped int64 and returns the new value.
-func (i *Int64) Add(delta int64) int64 {
-	return atomic.AddInt64(&i.v, delta)
-}
-
-// Sub atomically subtracts from the wrapped int64 and returns the new value.
-func (i *Int64) Sub(delta int64) int64 {
-	return atomic.AddInt64(&i.v, -delta)
-}
-
-// Inc atomically increments the wrapped int64 and returns the new value.
-func (i *Int64) Inc() int64 {
-	return i.Add(1)
-}
-
-// Dec atomically decrements the wrapped int64 and returns the new value.
-func (i *Int64) Dec() int64 {
-	return i.Sub(1)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap.
-func (i *Int64) CAS(old, new int64) (swapped bool) {
-	return i.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (i *Int64) CompareAndSwap(old, new int64) (swapped bool) {
-	return atomic.CompareAndSwapInt64(&i.v, old, new)
-}
-
-// Store atomically stores the passed value.
-func (i *Int64) Store(val int64) {
-	atomic.StoreInt64(&i.v, val)
-}
-
-// Swap atomically swaps the wrapped int64 and returns the old value.
-func (i *Int64) Swap(val int64) (old int64) {
-	return atomic.SwapInt64(&i.v, val)
-}
-
-// MarshalJSON encodes the wrapped int64 into JSON.
-func (i *Int64) MarshalJSON() ([]byte, error) {
-	return json.Marshal(i.Load())
-}
-
-// UnmarshalJSON decodes JSON into the wrapped int64.
-func (i *Int64) UnmarshalJSON(b []byte) error {
-	var v int64
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	i.Store(v)
-	return nil
-}
-
-// String encodes the wrapped value as a string.
-func (i *Int64) String() string {
-	v := i.Load()
-	return strconv.FormatInt(int64(v), 10)
-}
diff --git a/vendor/go.uber.org/atomic/nocmp.go b/vendor/go.uber.org/atomic/nocmp.go
deleted file mode 100644
index 54b74174a..000000000
--- a/vendor/go.uber.org/atomic/nocmp.go
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-// nocmp is an uncomparable struct. Embed this inside another struct to make
-// it uncomparable.
-//
-//	type Foo struct {
-//	  nocmp
-//	  // ...
-//	}
-//
-// This DOES NOT:
-//
-//   - Disallow shallow copies of structs
-//   - Disallow comparison of pointers to uncomparable structs
-type nocmp [0]func()
diff --git a/vendor/go.uber.org/atomic/pointer_go118.go b/vendor/go.uber.org/atomic/pointer_go118.go
deleted file mode 100644
index e0f47dba4..000000000
--- a/vendor/go.uber.org/atomic/pointer_go118.go
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) 2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//go:build go1.18 && !go1.19
-// +build go1.18,!go1.19
-
-package atomic
-
-import "unsafe"
-
-type Pointer[T any] struct {
-	_ nocmp // disallow non-atomic comparison
-	p UnsafePointer
-}
-
-// NewPointer creates a new Pointer.
-func NewPointer[T any](v *T) *Pointer[T] {
-	var p Pointer[T]
-	if v != nil {
-		p.p.Store(unsafe.Pointer(v))
-	}
-	return &p
-}
-
-// Load atomically loads the wrapped value.
-func (p *Pointer[T]) Load() *T {
-	return (*T)(p.p.Load())
-}
-
-// Store atomically stores the passed value.
-func (p *Pointer[T]) Store(val *T) {
-	p.p.Store(unsafe.Pointer(val))
-}
-
-// Swap atomically swaps the wrapped pointer and returns the old value.
-func (p *Pointer[T]) Swap(val *T) (old *T) {
-	return (*T)(p.p.Swap(unsafe.Pointer(val)))
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
-	return p.p.CompareAndSwap(unsafe.Pointer(old), unsafe.Pointer(new))
-}
diff --git a/vendor/go.uber.org/atomic/pointer_go119.go b/vendor/go.uber.org/atomic/pointer_go119.go
deleted file mode 100644
index 6726f17ad..000000000
--- a/vendor/go.uber.org/atomic/pointer_go119.go
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright (c) 2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//go:build go1.19
-// +build go1.19
-
-package atomic
-
-import "sync/atomic"
-
-// Pointer is an atomic pointer of type *T.
-type Pointer[T any] struct {
-	_ nocmp // disallow non-atomic comparison
-	p atomic.Pointer[T]
-}
-
-// NewPointer creates a new Pointer.
-func NewPointer[T any](v *T) *Pointer[T] {
-	var p Pointer[T]
-	if v != nil {
-		p.p.Store(v)
-	}
-	return &p
-}
-
-// Load atomically loads the wrapped value.
-func (p *Pointer[T]) Load() *T {
-	return p.p.Load()
-}
-
-// Store atomically stores the passed value.
-func (p *Pointer[T]) Store(val *T) {
-	p.p.Store(val)
-}
-
-// Swap atomically swaps the wrapped pointer and returns the old value.
-func (p *Pointer[T]) Swap(val *T) (old *T) {
-	return p.p.Swap(val)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (p *Pointer[T]) CompareAndSwap(old, new *T) (swapped bool) {
-	return p.p.CompareAndSwap(old, new)
-}
diff --git a/vendor/go.uber.org/atomic/string.go b/vendor/go.uber.org/atomic/string.go
deleted file mode 100644
index c4bea70f4..000000000
--- a/vendor/go.uber.org/atomic/string.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-// String is an atomic type-safe wrapper for string values.
-type String struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v Value
-}
-
-var _zeroString string
-
-// NewString creates a new String.
-func NewString(val string) *String {
-	x := &String{}
-	if val != _zeroString {
-		x.Store(val)
-	}
-	return x
-}
-
-// Load atomically loads the wrapped string.
-func (x *String) Load() string {
-	if v := x.v.Load(); v != nil {
-		return v.(string)
-	}
-	return _zeroString
-}
-
-// Store atomically stores the passed string.
-func (x *String) Store(val string) {
-	x.v.Store(val)
-}
-
-// CompareAndSwap is an atomic compare-and-swap for string values.
-func (x *String) CompareAndSwap(old, new string) (swapped bool) {
-	return x.v.CompareAndSwap(old, new)
-}
-
-// Swap atomically stores the given string and returns the old
-// value.
-func (x *String) Swap(val string) (old string) {
-	return x.v.Swap(val).(string)
-}
diff --git a/vendor/go.uber.org/atomic/string_ext.go b/vendor/go.uber.org/atomic/string_ext.go
deleted file mode 100644
index 1f63dfd5b..000000000
--- a/vendor/go.uber.org/atomic/string_ext.go
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-//go:generate bin/gen-atomicwrapper -name=String -type=string -wrapped=Value -compareandswap -swap -file=string.go
-
-// String returns the wrapped value.
-func (s *String) String() string {
-	return s.Load()
-}
-
-// MarshalText encodes the wrapped string into a textual form.
-//
-// This makes it encodable as JSON, YAML, XML, and more.
-func (s *String) MarshalText() ([]byte, error) {
-	return []byte(s.Load()), nil
-}
-
-// UnmarshalText decodes text and replaces the wrapped string with it.
-//
-// This makes it decodable from JSON, YAML, XML, and more.
-func (s *String) UnmarshalText(b []byte) error {
-	s.Store(string(b))
-	return nil
-}
diff --git a/vendor/go.uber.org/atomic/time_ext.go b/vendor/go.uber.org/atomic/time_ext.go
deleted file mode 100644
index 1e3dc978a..000000000
--- a/vendor/go.uber.org/atomic/time_ext.go
+++ /dev/null
@@ -1,36 +0,0 @@
-//  Copyright (c) 2021 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import "time"
-
-//go:generate bin/gen-atomicwrapper -name=Time -type=time.Time -wrapped=Value -pack=packTime -unpack=unpackTime -imports time -file=time.go
-
-func packTime(t time.Time) interface{} {
-	return t
-}
-
-func unpackTime(v interface{}) time.Time {
-	if t, ok := v.(time.Time); ok {
-		return t
-	}
-	return time.Time{}
-}
diff --git a/vendor/go.uber.org/atomic/uint32.go b/vendor/go.uber.org/atomic/uint32.go
deleted file mode 100644
index d6f04a96d..000000000
--- a/vendor/go.uber.org/atomic/uint32.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// @generated Code generated by gen-atomicint.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"strconv"
-	"sync/atomic"
-)
-
-// Uint32 is an atomic wrapper around uint32.
-type Uint32 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v uint32
-}
-
-// NewUint32 creates a new Uint32.
-func NewUint32(val uint32) *Uint32 {
-	return &Uint32{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (i *Uint32) Load() uint32 {
-	return atomic.LoadUint32(&i.v)
-}
-
-// Add atomically adds to the wrapped uint32 and returns the new value.
-func (i *Uint32) Add(delta uint32) uint32 {
-	return atomic.AddUint32(&i.v, delta)
-}
-
-// Sub atomically subtracts from the wrapped uint32 and returns the new value.
-func (i *Uint32) Sub(delta uint32) uint32 {
-	return atomic.AddUint32(&i.v, ^(delta - 1))
-}
-
-// Inc atomically increments the wrapped uint32 and returns the new value.
-func (i *Uint32) Inc() uint32 {
-	return i.Add(1)
-}
-
-// Dec atomically decrements the wrapped uint32 and returns the new value.
-func (i *Uint32) Dec() uint32 {
-	return i.Sub(1)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap.
-func (i *Uint32) CAS(old, new uint32) (swapped bool) {
-	return i.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (i *Uint32) CompareAndSwap(old, new uint32) (swapped bool) {
-	return atomic.CompareAndSwapUint32(&i.v, old, new)
-}
-
-// Store atomically stores the passed value.
-func (i *Uint32) Store(val uint32) {
-	atomic.StoreUint32(&i.v, val)
-}
-
-// Swap atomically swaps the wrapped uint32 and returns the old value.
-func (i *Uint32) Swap(val uint32) (old uint32) {
-	return atomic.SwapUint32(&i.v, val)
-}
-
-// MarshalJSON encodes the wrapped uint32 into JSON.
-func (i *Uint32) MarshalJSON() ([]byte, error) {
-	return json.Marshal(i.Load())
-}
-
-// UnmarshalJSON decodes JSON into the wrapped uint32.
-func (i *Uint32) UnmarshalJSON(b []byte) error {
-	var v uint32
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	i.Store(v)
-	return nil
-}
-
-// String encodes the wrapped value as a string.
-func (i *Uint32) String() string {
-	v := i.Load()
-	return strconv.FormatUint(uint64(v), 10)
-}
diff --git a/vendor/go.uber.org/atomic/uint64.go b/vendor/go.uber.org/atomic/uint64.go
deleted file mode 100644
index 2574bdd5e..000000000
--- a/vendor/go.uber.org/atomic/uint64.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// @generated Code generated by gen-atomicint.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"strconv"
-	"sync/atomic"
-)
-
-// Uint64 is an atomic wrapper around uint64.
-type Uint64 struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v uint64
-}
-
-// NewUint64 creates a new Uint64.
-func NewUint64(val uint64) *Uint64 {
-	return &Uint64{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (i *Uint64) Load() uint64 {
-	return atomic.LoadUint64(&i.v)
-}
-
-// Add atomically adds to the wrapped uint64 and returns the new value.
-func (i *Uint64) Add(delta uint64) uint64 {
-	return atomic.AddUint64(&i.v, delta)
-}
-
-// Sub atomically subtracts from the wrapped uint64 and returns the new value.
-func (i *Uint64) Sub(delta uint64) uint64 {
-	return atomic.AddUint64(&i.v, ^(delta - 1))
-}
-
-// Inc atomically increments the wrapped uint64 and returns the new value.
-func (i *Uint64) Inc() uint64 {
-	return i.Add(1)
-}
-
-// Dec atomically decrements the wrapped uint64 and returns the new value.
-func (i *Uint64) Dec() uint64 {
-	return i.Sub(1)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap.
-func (i *Uint64) CAS(old, new uint64) (swapped bool) {
-	return i.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (i *Uint64) CompareAndSwap(old, new uint64) (swapped bool) {
-	return atomic.CompareAndSwapUint64(&i.v, old, new)
-}
-
-// Store atomically stores the passed value.
-func (i *Uint64) Store(val uint64) {
-	atomic.StoreUint64(&i.v, val)
-}
-
-// Swap atomically swaps the wrapped uint64 and returns the old value.
-func (i *Uint64) Swap(val uint64) (old uint64) {
-	return atomic.SwapUint64(&i.v, val)
-}
-
-// MarshalJSON encodes the wrapped uint64 into JSON.
-func (i *Uint64) MarshalJSON() ([]byte, error) {
-	return json.Marshal(i.Load())
-}
-
-// UnmarshalJSON decodes JSON into the wrapped uint64.
-func (i *Uint64) UnmarshalJSON(b []byte) error {
-	var v uint64
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	i.Store(v)
-	return nil
-}
-
-// String encodes the wrapped value as a string.
-func (i *Uint64) String() string {
-	v := i.Load()
-	return strconv.FormatUint(uint64(v), 10)
-}
diff --git a/vendor/go.uber.org/atomic/uintptr.go b/vendor/go.uber.org/atomic/uintptr.go
deleted file mode 100644
index 81b275a7a..000000000
--- a/vendor/go.uber.org/atomic/uintptr.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// @generated Code generated by gen-atomicint.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"encoding/json"
-	"strconv"
-	"sync/atomic"
-)
-
-// Uintptr is an atomic wrapper around uintptr.
-type Uintptr struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v uintptr
-}
-
-// NewUintptr creates a new Uintptr.
-func NewUintptr(val uintptr) *Uintptr {
-	return &Uintptr{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (i *Uintptr) Load() uintptr {
-	return atomic.LoadUintptr(&i.v)
-}
-
-// Add atomically adds to the wrapped uintptr and returns the new value.
-func (i *Uintptr) Add(delta uintptr) uintptr {
-	return atomic.AddUintptr(&i.v, delta)
-}
-
-// Sub atomically subtracts from the wrapped uintptr and returns the new value.
-func (i *Uintptr) Sub(delta uintptr) uintptr {
-	return atomic.AddUintptr(&i.v, ^(delta - 1))
-}
-
-// Inc atomically increments the wrapped uintptr and returns the new value.
-func (i *Uintptr) Inc() uintptr {
-	return i.Add(1)
-}
-
-// Dec atomically decrements the wrapped uintptr and returns the new value.
-func (i *Uintptr) Dec() uintptr {
-	return i.Sub(1)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap.
-func (i *Uintptr) CAS(old, new uintptr) (swapped bool) {
-	return i.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (i *Uintptr) CompareAndSwap(old, new uintptr) (swapped bool) {
-	return atomic.CompareAndSwapUintptr(&i.v, old, new)
-}
-
-// Store atomically stores the passed value.
-func (i *Uintptr) Store(val uintptr) {
-	atomic.StoreUintptr(&i.v, val)
-}
-
-// Swap atomically swaps the wrapped uintptr and returns the old value.
-func (i *Uintptr) Swap(val uintptr) (old uintptr) {
-	return atomic.SwapUintptr(&i.v, val)
-}
-
-// MarshalJSON encodes the wrapped uintptr into JSON.
-func (i *Uintptr) MarshalJSON() ([]byte, error) {
-	return json.Marshal(i.Load())
-}
-
-// UnmarshalJSON decodes JSON into the wrapped uintptr.
-func (i *Uintptr) UnmarshalJSON(b []byte) error {
-	var v uintptr
-	if err := json.Unmarshal(b, &v); err != nil {
-		return err
-	}
-	i.Store(v)
-	return nil
-}
-
-// String encodes the wrapped value as a string.
-func (i *Uintptr) String() string {
-	v := i.Load()
-	return strconv.FormatUint(uint64(v), 10)
-}
diff --git a/vendor/go.uber.org/atomic/unsafe_pointer.go b/vendor/go.uber.org/atomic/unsafe_pointer.go
deleted file mode 100644
index 34868baf6..000000000
--- a/vendor/go.uber.org/atomic/unsafe_pointer.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright (c) 2021-2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import (
-	"sync/atomic"
-	"unsafe"
-)
-
-// UnsafePointer is an atomic wrapper around unsafe.Pointer.
-type UnsafePointer struct {
-	_ nocmp // disallow non-atomic comparison
-
-	v unsafe.Pointer
-}
-
-// NewUnsafePointer creates a new UnsafePointer.
-func NewUnsafePointer(val unsafe.Pointer) *UnsafePointer {
-	return &UnsafePointer{v: val}
-}
-
-// Load atomically loads the wrapped value.
-func (p *UnsafePointer) Load() unsafe.Pointer {
-	return atomic.LoadPointer(&p.v)
-}
-
-// Store atomically stores the passed value.
-func (p *UnsafePointer) Store(val unsafe.Pointer) {
-	atomic.StorePointer(&p.v, val)
-}
-
-// Swap atomically swaps the wrapped unsafe.Pointer and returns the old value.
-func (p *UnsafePointer) Swap(val unsafe.Pointer) (old unsafe.Pointer) {
-	return atomic.SwapPointer(&p.v, val)
-}
-
-// CAS is an atomic compare-and-swap.
-//
-// Deprecated: Use CompareAndSwap
-func (p *UnsafePointer) CAS(old, new unsafe.Pointer) (swapped bool) {
-	return p.CompareAndSwap(old, new)
-}
-
-// CompareAndSwap is an atomic compare-and-swap.
-func (p *UnsafePointer) CompareAndSwap(old, new unsafe.Pointer) (swapped bool) {
-	return atomic.CompareAndSwapPointer(&p.v, old, new)
-}
diff --git a/vendor/go.uber.org/atomic/value.go b/vendor/go.uber.org/atomic/value.go
deleted file mode 100644
index 52caedb9a..000000000
--- a/vendor/go.uber.org/atomic/value.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-package atomic
-
-import "sync/atomic"
-
-// Value shadows the type of the same name from sync/atomic
-// https://godoc.org/sync/atomic#Value
-type Value struct {
-	_ nocmp // disallow non-atomic comparison
-
-	atomic.Value
-}
diff --git a/vendor/go.uber.org/multierr/CHANGELOG.md b/vendor/go.uber.org/multierr/CHANGELOG.md
index d2c8aadaf..f8177b978 100644
--- a/vendor/go.uber.org/multierr/CHANGELOG.md
+++ b/vendor/go.uber.org/multierr/CHANGELOG.md
@@ -1,6 +1,21 @@
 Releases
 ========
 
+v1.11.0 (2023-03-28)
+====================
+-   `Errors` now supports any error that implements multiple-error
+    interface.
+-   Add `Every` function to allow checking if all errors in the chain
+    satisfies `errors.Is` against the target error.
+
+v1.10.0 (2023-03-08)
+====================
+
+-   Comply with Go 1.20's multiple-error interface.
+-   Drop Go 1.18 support.
+    Per the support policy, only Go 1.19 and 1.20 are supported now.
+-   Drop all non-test external dependencies.
+
 v1.9.0 (2022-12-12)
 ===================
 
diff --git a/vendor/go.uber.org/multierr/README.md b/vendor/go.uber.org/multierr/README.md
index 70aacecd7..5ab6ac40f 100644
--- a/vendor/go.uber.org/multierr/README.md
+++ b/vendor/go.uber.org/multierr/README.md
@@ -2,9 +2,29 @@
 
 `multierr` allows combining one or more Go `error`s together.
 
+## Features
+
+- **Idiomatic**:
+  multierr follows best practices in Go, and keeps your code idiomatic.
+    - It keeps the underlying error type hidden,
+      allowing you to deal in `error` values exclusively.
+    - It provides APIs to safely append into an error from a `defer` statement.
+- **Performant**:
+  multierr is optimized for performance:
+    - It avoids allocations where possible.
+    - It utilizes slice resizing semantics to optimize common cases
+      like appending into the same error object from a loop.
+- **Interoperable**:
+  multierr interoperates with the Go standard library's error APIs seamlessly:
+    - The `errors.Is` and `errors.As` functions *just work*.
+- **Lightweight**:
+  multierr comes with virtually no dependencies.
+
 ## Installation
 
-    go get -u go.uber.org/multierr
+```bash
+go get -u go.uber.org/multierr@latest
+```
 
 ## Status
 
diff --git a/vendor/go.uber.org/multierr/error.go b/vendor/go.uber.org/multierr/error.go
index cdd91ae56..3a828b2df 100644
--- a/vendor/go.uber.org/multierr/error.go
+++ b/vendor/go.uber.org/multierr/error.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2017-2021 Uber Technologies, Inc.
+// Copyright (c) 2017-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -147,8 +147,7 @@ import (
 	"io"
 	"strings"
 	"sync"
-
-	"go.uber.org/atomic"
+	"sync/atomic"
 )
 
 var (
@@ -196,23 +195,7 @@ type errorGroup interface {
 //
 // Callers of this function are free to modify the returned slice.
 func Errors(err error) []error {
-	if err == nil {
-		return nil
-	}
-
-	// Note that we're casting to multiError, not errorGroup. Our contract is
-	// that returned errors MAY implement errorGroup. Errors, however, only
-	// has special behavior for multierr-specific error objects.
-	//
-	// This behavior can be expanded in the future but I think it's prudent to
-	// start with as little as possible in terms of contract and possibility
-	// of misuse.
-	eg, ok := err.(*multiError)
-	if !ok {
-		return []error{err}
-	}
-
-	return append(([]error)(nil), eg.Errors()...)
+	return extractErrors(err)
 }
 
 // multiError is an error that holds one or more errors.
@@ -227,8 +210,6 @@ type multiError struct {
 	errors     []error
 }
 
-var _ errorGroup = (*multiError)(nil)
-
 // Errors returns the list of underlying errors.
 //
 // This slice MUST NOT be modified.
@@ -239,33 +220,6 @@ func (merr *multiError) Errors() []error {
 	return merr.errors
 }
 
-// As attempts to find the first error in the error list that matches the type
-// of the value that target points to.
-//
-// This function allows errors.As to traverse the values stored on the
-// multierr error.
-func (merr *multiError) As(target interface{}) bool {
-	for _, err := range merr.Errors() {
-		if errors.As(err, target) {
-			return true
-		}
-	}
-	return false
-}
-
-// Is attempts to match the provided error against errors in the error list.
-//
-// This function allows errors.Is to traverse the values stored on the
-// multierr error.
-func (merr *multiError) Is(target error) bool {
-	for _, err := range merr.Errors() {
-		if errors.Is(err, target) {
-			return true
-		}
-	}
-	return false
-}
-
 func (merr *multiError) Error() string {
 	if merr == nil {
 		return ""
@@ -281,6 +235,17 @@ func (merr *multiError) Error() string {
 	return result
 }
 
+// Every compares every error in the given err against the given target error
+// using [errors.Is], and returns true only if every comparison returned true.
+func Every(err error, target error) bool {
+	for _, e := range extractErrors(err) {
+		if !errors.Is(e, target) {
+			return false
+		}
+	}
+	return true
+}
+
 func (merr *multiError) Format(f fmt.State, c rune) {
 	if c == 'v' && f.Flag('+') {
 		merr.writeMultiline(f)
diff --git a/vendor/go.uber.org/atomic/error_ext.go b/vendor/go.uber.org/multierr/error_post_go120.go
similarity index 65%
rename from vendor/go.uber.org/atomic/error_ext.go
rename to vendor/go.uber.org/multierr/error_post_go120.go
index d31fb633b..a173f9c25 100644
--- a/vendor/go.uber.org/atomic/error_ext.go
+++ b/vendor/go.uber.org/multierr/error_post_go120.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2017-2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -18,22 +18,31 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package atomic
+//go:build go1.20
+// +build go1.20
 
-// atomic.Value panics on nil inputs, or if the underlying type changes.
-// Stabilize by always storing a custom struct that we control.
+package multierr
 
-//go:generate bin/gen-atomicwrapper -name=Error -type=error -wrapped=Value -pack=packError -unpack=unpackError -compareandswap -swap -file=error.go
-
-type packedError struct{ Value error }
+// Unwrap returns a list of errors wrapped by this multierr.
+func (merr *multiError) Unwrap() []error {
+	return merr.Errors()
+}
 
-func packError(v error) interface{} {
-	return packedError{v}
+type multipleErrors interface {
+	Unwrap() []error
 }
 
-func unpackError(v interface{}) error {
-	if err, ok := v.(packedError); ok {
-		return err.Value
+func extractErrors(err error) []error {
+	if err == nil {
+		return nil
 	}
-	return nil
+
+	// check if the given err is an Unwrapable error that
+	// implements multipleErrors interface.
+	eg, ok := err.(multipleErrors)
+	if !ok {
+		return []error{err}
+	}
+
+	return append(([]error)(nil), eg.Unwrap()...)
 }
diff --git a/vendor/go.uber.org/multierr/error_pre_go120.go b/vendor/go.uber.org/multierr/error_pre_go120.go
new file mode 100644
index 000000000..93872a3fc
--- /dev/null
+++ b/vendor/go.uber.org/multierr/error_pre_go120.go
@@ -0,0 +1,79 @@
+// Copyright (c) 2017-2023 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+//go:build !go1.20
+// +build !go1.20
+
+package multierr
+
+import "errors"
+
+// Versions of Go before 1.20 did not support the Unwrap() []error method.
+// This provides a similar behavior by implementing the Is(..) and As(..)
+// methods.
+// See the errors.Join proposal for details:
+// https://github.com/golang/go/issues/53435
+
+// As attempts to find the first error in the error list that matches the type
+// of the value that target points to.
+//
+// This function allows errors.As to traverse the values stored on the
+// multierr error.
+func (merr *multiError) As(target interface{}) bool {
+	for _, err := range merr.Errors() {
+		if errors.As(err, target) {
+			return true
+		}
+	}
+	return false
+}
+
+// Is attempts to match the provided error against errors in the error list.
+//
+// This function allows errors.Is to traverse the values stored on the
+// multierr error.
+func (merr *multiError) Is(target error) bool {
+	for _, err := range merr.Errors() {
+		if errors.Is(err, target) {
+			return true
+		}
+	}
+	return false
+}
+
+func extractErrors(err error) []error {
+	if err == nil {
+		return nil
+	}
+
+	// Note that we're casting to multiError, not errorGroup. Our contract is
+	// that returned errors MAY implement errorGroup. Errors, however, only
+	// has special behavior for multierr-specific error objects.
+	//
+	// This behavior can be expanded in the future but I think it's prudent to
+	// start with as little as possible in terms of contract and possibility
+	// of misuse.
+	eg, ok := err.(*multiError)
+	if !ok {
+		return []error{err}
+	}
+
+	return append(([]error)(nil), eg.Errors()...)
+}
diff --git a/vendor/go.uber.org/multierr/glide.yaml b/vendor/go.uber.org/multierr/glide.yaml
deleted file mode 100644
index 6ef084ec2..000000000
--- a/vendor/go.uber.org/multierr/glide.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-package: go.uber.org/multierr
-import:
-- package: go.uber.org/atomic
-  version: ^1
-testImport:
-- package: github.com/stretchr/testify
-  subpackages:
-  - assert
diff --git a/vendor/go.uber.org/zap/.golangci.yml b/vendor/go.uber.org/zap/.golangci.yml
new file mode 100644
index 000000000..fbc6df790
--- /dev/null
+++ b/vendor/go.uber.org/zap/.golangci.yml
@@ -0,0 +1,77 @@
+output:
+  # Make output more digestible with quickfix in vim/emacs/etc.
+  sort-results: true
+  print-issued-lines: false
+
+linters:
+  # We'll track the golangci-lint default linters manually
+  # instead of letting them change without our control.
+  disable-all: true
+  enable:
+    # golangci-lint defaults:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+
+    # Our own extras:
+    - gofmt
+    - nolintlint # lints nolint directives
+    - revive
+
+linters-settings:
+  govet:
+    # These govet checks are disabled by default, but they're useful.
+    enable:
+      - niliness
+      - reflectvaluecompare
+      - sortslice
+      - unusedwrite
+
+  errcheck:
+    exclude-functions:
+      # These methods can not fail.
+      # They operate on an in-memory buffer.
+      - (*go.uber.org/zap/buffer.Buffer).Write
+      - (*go.uber.org/zap/buffer.Buffer).WriteByte
+      - (*go.uber.org/zap/buffer.Buffer).WriteString
+
+      - (*go.uber.org/zap/zapio.Writer).Close
+      - (*go.uber.org/zap/zapio.Writer).Sync
+      - (*go.uber.org/zap/zapio.Writer).Write
+      # Write to zapio.Writer cannot fail,
+      # so io.WriteString on it cannot fail.
+      - io.WriteString(*go.uber.org/zap/zapio.Writer)
+
+      # Writing a plain string to a fmt.State cannot fail.
+      - io.WriteString(fmt.State)
+
+issues:
+  # Print all issues reported by all linters.
+  max-issues-per-linter: 0
+  max-same-issues: 0
+
+  # Don't ignore some of the issues that golangci-lint considers okay.
+  # This includes documenting all exported entities.
+  exclude-use-default: false
+
+  exclude-rules:
+    # Don't warn on unused parameters.
+    # Parameter names are useful; replacing them with '_' is undesirable.
+    - linters: [revive]
+      text: 'unused-parameter: parameter \S+ seems to be unused, consider removing or renaming it as _'
+
+    # staticcheck already has smarter checks for empty blocks.
+    # revive's empty-block linter has false positives.
+    # For example, as of writing this, the following is not allowed.
+    #   for foo() { }
+    - linters: [revive]
+      text: 'empty-block: this block is empty, you can remove it'
+
+    # Ignore logger.Sync() errcheck failures in example_test.go
+    # since those are intended to be uncomplicated examples.
+    - linters: [errcheck]
+      path: example_test.go
+      text: 'Error return value of `logger.Sync` is not checked'
diff --git a/vendor/go.uber.org/zap/CHANGELOG.md b/vendor/go.uber.org/zap/CHANGELOG.md
index 0db1f9f15..11b465976 100644
--- a/vendor/go.uber.org/zap/CHANGELOG.md
+++ b/vendor/go.uber.org/zap/CHANGELOG.md
@@ -1,7 +1,39 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
-This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 1.26.0 (14 Sep 2023)
+Enhancements:
+* [#1319][]: Add `WithLazy` method to `Logger` which lazily evaluates the structured
+context.
+* [#1350][]: String encoding is much (~50%) faster now.
+
+Thanks to @jquirke, @cdvr1993 for their contributions to this release.
+
+[#1319]: https://github.com/uber-go/zap/pull/1319
+[#1350]: https://github.com/uber-go/zap/pull/1350
+
+## 1.25.0 (1 Aug 2023)
+
+This release contains several improvements including performance, API additions,
+and two new experimental packages whose APIs are unstable and may change in the
+future.
+
+Enhancements:
+* [#1246][]: Add `zap/exp/zapslog` package for integration with slog.
+* [#1273][]: Add `Name` to `Logger` which returns the Logger's name if one is set.
+* [#1281][]: Add `zap/exp/expfield` package which contains helper methods
+`Str` and `Strs` for constructing String-like zap.Fields.
+* [#1310][]: Reduce stack size on `Any`. 
+
+Thanks to @knight42, @dzakaammar, @bcspragu, and @rexywork for their contributions
+to this release.
+
+[#1246]: https://github.com/uber-go/zap/pull/1246
+[#1273]: https://github.com/uber-go/zap/pull/1273
+[#1281]: https://github.com/uber-go/zap/pull/1281
+[#1310]: https://github.com/uber-go/zap/pull/1310
 
 ## 1.24.0 (30 Nov 2022)
 
@@ -27,7 +59,6 @@ Enhancements:
 [#1147]: https://github.com/uber-go/zap/pull/1147
 [#1155]: https://github.com/uber-go/zap/pull/1155
 
-
 ## 1.22.0 (8 Aug 2022)
 
 Enhancements:
@@ -176,6 +207,16 @@ Enhancements:
 
 Thanks to @ash2k, @FMLS, @jimmystewpot, @Oncilla, @tsoslow, @tylitianrui, @withshubh, and @wziww for their contributions to this release.
 
+[#865]: https://github.com/uber-go/zap/pull/865
+[#867]: https://github.com/uber-go/zap/pull/867
+[#881]: https://github.com/uber-go/zap/pull/881
+[#903]: https://github.com/uber-go/zap/pull/903
+[#912]: https://github.com/uber-go/zap/pull/912
+[#913]: https://github.com/uber-go/zap/pull/913
+[#928]: https://github.com/uber-go/zap/pull/928
+[#931]: https://github.com/uber-go/zap/pull/931
+[#936]: https://github.com/uber-go/zap/pull/936
+
 ## 1.16.0 (1 Sep 2020)
 
 Bugfixes:
@@ -197,6 +238,17 @@ Enhancements:
 
 Thanks to @SteelPhase, @tmshn, @lixingwang, @wyxloading, @moul, @segevfiner, @andy-retailnext and @jcorbin for their contributions to this release.
 
+[#629]: https://github.com/uber-go/zap/pull/629
+[#697]: https://github.com/uber-go/zap/pull/697
+[#828]: https://github.com/uber-go/zap/pull/828
+[#835]: https://github.com/uber-go/zap/pull/835
+[#843]: https://github.com/uber-go/zap/pull/843
+[#844]: https://github.com/uber-go/zap/pull/844
+[#852]: https://github.com/uber-go/zap/pull/852
+[#854]: https://github.com/uber-go/zap/pull/854
+[#861]: https://github.com/uber-go/zap/pull/861
+[#862]: https://github.com/uber-go/zap/pull/862
+
 ## 1.15.0 (23 Apr 2020)
 
 Bugfixes:
@@ -213,6 +265,11 @@ Enhancements:
 
 Thanks to @danielbprice for their contributions to this release.
 
+[#804]: https://github.com/uber-go/zap/pull/804
+[#812]: https://github.com/uber-go/zap/pull/812
+[#806]: https://github.com/uber-go/zap/pull/806
+[#813]: https://github.com/uber-go/zap/pull/813
+
 ## 1.14.1 (14 Mar 2020)
 
 Bugfixes:
@@ -225,6 +282,10 @@ Bugfixes:
 
 Thanks to @YashishDua for their contributions to this release.
 
+[#791]: https://github.com/uber-go/zap/pull/791
+[#795]: https://github.com/uber-go/zap/pull/795
+[#799]: https://github.com/uber-go/zap/pull/799
+
 ## 1.14.0 (20 Feb 2020)
 
 Enhancements:
@@ -235,6 +296,11 @@ Enhancements:
 
 Thanks to @caibirdme for their contributions to this release.
 
+[#771]: https://github.com/uber-go/zap/pull/771
+[#773]: https://github.com/uber-go/zap/pull/773
+[#775]: https://github.com/uber-go/zap/pull/775
+[#786]: https://github.com/uber-go/zap/pull/786
+
 ## 1.13.0 (13 Nov 2019)
 
 Enhancements:
@@ -243,11 +309,15 @@ Enhancements:
 
 Thanks to @jbizzle for their contributions to this release.
 
+[#758]: https://github.com/uber-go/zap/pull/758
+
 ## 1.12.0 (29 Oct 2019)
 
 Enhancements:
 * [#751][]: Migrate to Go modules.
 
+[#751]: https://github.com/uber-go/zap/pull/751
+
 ## 1.11.0 (21 Oct 2019)
 
 Enhancements:
@@ -256,6 +326,9 @@ Enhancements:
 
 Thanks to @juicemia, @uhthomas for their contributions to this release.
 
+[#725]: https://github.com/uber-go/zap/pull/725
+[#736]: https://github.com/uber-go/zap/pull/736
+
 ## 1.10.0 (29 Apr 2019)
 
 Bugfixes:
@@ -273,12 +346,20 @@ Enhancements:
 Thanks to @iaroslav-ciupin, @lelenanam, @joa, @NWilson for their contributions
 to this release.
 
+[#657]: https://github.com/uber-go/zap/pull/657
+[#706]: https://github.com/uber-go/zap/pull/706
+[#610]: https://github.com/uber-go/zap/pull/610
+[#675]: https://github.com/uber-go/zap/pull/675
+[#704]: https://github.com/uber-go/zap/pull/704
+
 ## v1.9.1 (06 Aug 2018)
 
 Bugfixes:
 
 * [#614][]: MapObjectEncoder should not ignore empty slices.
 
+[#614]: https://github.com/uber-go/zap/pull/614
+
 ## v1.9.0 (19 Jul 2018)
 
 Enhancements:
@@ -288,6 +369,10 @@ Enhancements:
 Thanks to @nfarah86, @AlekSi, @JeanMertz, @philippgille, @etsangsplk, and
 @dimroc for their contributions to this release.
 
+[#602]: https://github.com/uber-go/zap/pull/602
+[#572]: https://github.com/uber-go/zap/pull/572
+[#606]: https://github.com/uber-go/zap/pull/606
+
 ## v1.8.0 (13 Apr 2018)
 
 Enhancements:
@@ -301,11 +386,18 @@ Bugfixes:
 
 Thanks to @DiSiqueira and @djui for their contributions to this release.
 
+[#508]: https://github.com/uber-go/zap/pull/508
+[#518]: https://github.com/uber-go/zap/pull/518
+[#577]: https://github.com/uber-go/zap/pull/577
+[#574]: https://github.com/uber-go/zap/pull/574
+
 ## v1.7.1 (25 Sep 2017)
 
 Bugfixes:
 * [#504][]: Store strings when using AddByteString with the map encoder.
 
+[#504]: https://github.com/uber-go/zap/pull/504
+
 ## v1.7.0 (21 Sep 2017)
 
 Enhancements:
@@ -313,6 +405,8 @@ Enhancements:
 * [#487][]: Add `NewStdLogAt`, which extends `NewStdLog` by allowing the user
   to specify the level of the logged messages.
 
+[#487]: https://github.com/uber-go/zap/pull/487
+
 ## v1.6.0 (30 Aug 2017)
 
 Enhancements:
@@ -321,6 +415,9 @@ Enhancements:
 * [#490][]: Add a `ContextMap` method to observer logs for simpler
   field validation in tests.
 
+[#490]: https://github.com/uber-go/zap/pull/490
+[#491]: https://github.com/uber-go/zap/pull/491
+
 ## v1.5.0 (22 Jul 2017)
 
 Enhancements:
@@ -334,6 +431,11 @@ Bugfixes:
 
 Thanks to @richard-tunein and @pavius for their contributions to this release.
 
+[#477]: https://github.com/uber-go/zap/pull/477
+[#465]: https://github.com/uber-go/zap/pull/465
+[#460]: https://github.com/uber-go/zap/pull/460
+[#470]: https://github.com/uber-go/zap/pull/470
+
 ## v1.4.1 (08 Jun 2017)
 
 This release fixes two bugs.
@@ -343,6 +445,9 @@ Bugfixes:
 * [#435][]: Support a variety of case conventions when unmarshaling levels.
 * [#444][]: Fix a panic in the observer.
 
+[#435]: https://github.com/uber-go/zap/pull/435
+[#444]: https://github.com/uber-go/zap/pull/444
+
 ## v1.4.0 (12 May 2017)
 
 This release adds a few small features and is fully backward-compatible.
@@ -355,6 +460,10 @@ Enhancements:
 * [#431][]: Make `zap.AtomicLevel` implement `fmt.Stringer`, which makes a
   variety of operations a bit simpler.
 
+[#424]: https://github.com/uber-go/zap/pull/424
+[#425]: https://github.com/uber-go/zap/pull/425
+[#431]: https://github.com/uber-go/zap/pull/431
+
 ## v1.3.0 (25 Apr 2017)
 
 This release adds an enhancement to zap's testing helpers as well as the
@@ -366,6 +475,9 @@ Enhancements:
   particularly useful when testing the `SugaredLogger`.
 * [#416][]: Make `AtomicLevel` implement `encoding.TextMarshaler`.
 
+[#415]: https://github.com/uber-go/zap/pull/415
+[#416]: https://github.com/uber-go/zap/pull/416
+
 ## v1.2.0 (13 Apr 2017)
 
 This release adds a gRPC compatibility wrapper. It is fully backward-compatible.
@@ -375,6 +487,8 @@ Enhancements:
 * [#402][]: Add a `zapgrpc` package that wraps zap's Logger and implements
   `grpclog.Logger`.
 
+[#402]: https://github.com/uber-go/zap/pull/402
+
 ## v1.1.0 (31 Mar 2017)
 
 This release fixes two bugs and adds some enhancements to zap's testing helpers.
@@ -392,6 +506,10 @@ Enhancements:
 
 Thanks to @moitias for contributing to this release.
 
+[#385]: https://github.com/uber-go/zap/pull/385
+[#396]: https://github.com/uber-go/zap/pull/396
+[#386]: https://github.com/uber-go/zap/pull/386
+
 ## v1.0.0 (14 Mar 2017)
 
 This is zap's first stable release. All exported APIs are now final, and no
@@ -437,6 +555,20 @@ Enhancements:
 Thanks to @suyash, @htrendev, @flisky, @Ulexus, and @skipor for their
 contributions to this release.
 
+[#366]: https://github.com/uber-go/zap/pull/366
+[#364]: https://github.com/uber-go/zap/pull/364
+[#371]: https://github.com/uber-go/zap/pull/371
+[#362]: https://github.com/uber-go/zap/pull/362
+[#369]: https://github.com/uber-go/zap/pull/369
+[#347]: https://github.com/uber-go/zap/pull/347
+[#373]: https://github.com/uber-go/zap/pull/373
+[#348]: https://github.com/uber-go/zap/pull/348
+[#327]: https://github.com/uber-go/zap/pull/327
+[#376]: https://github.com/uber-go/zap/pull/376
+[#346]: https://github.com/uber-go/zap/pull/346
+[#365]: https://github.com/uber-go/zap/pull/365
+[#372]: https://github.com/uber-go/zap/pull/372
+
 ## v1.0.0-rc.3 (7 Mar 2017)
 
 This is the third release candidate for zap's stable release. There are no
@@ -458,6 +590,11 @@ Enhancements:
 
 Thanks to @ansel1 and @suyash for their contributions to this release.
 
+[#339]: https://github.com/uber-go/zap/pull/339
+[#307]: https://github.com/uber-go/zap/pull/307
+[#353]: https://github.com/uber-go/zap/pull/353
+[#311]: https://github.com/uber-go/zap/pull/311
+
 ## v1.0.0-rc.2 (21 Feb 2017)
 
 This is the second release candidate for zap's stable release. It includes two
@@ -495,6 +632,15 @@ Enhancements:
 
 Thanks to @skipor and @chapsuk for their contributions to this release.
 
+[#316]: https://github.com/uber-go/zap/pull/316
+[#309]: https://github.com/uber-go/zap/pull/309
+[#317]: https://github.com/uber-go/zap/pull/317
+[#321]: https://github.com/uber-go/zap/pull/321
+[#325]: https://github.com/uber-go/zap/pull/325
+[#333]: https://github.com/uber-go/zap/pull/333
+[#326]: https://github.com/uber-go/zap/pull/326
+[#300]: https://github.com/uber-go/zap/pull/300
+
 ## v1.0.0-rc.1 (14 Feb 2017)
 
 This is the first release candidate for zap's stable release. There are multiple
@@ -523,95 +669,3 @@ backward compatibility concerns and all functionality is new.
 
 Early zap adopters should pin to the 0.1.x minor version until they're ready to
 upgrade to the upcoming stable release.
-
-[#316]: https://github.com/uber-go/zap/pull/316
-[#309]: https://github.com/uber-go/zap/pull/309
-[#317]: https://github.com/uber-go/zap/pull/317
-[#321]: https://github.com/uber-go/zap/pull/321
-[#325]: https://github.com/uber-go/zap/pull/325
-[#333]: https://github.com/uber-go/zap/pull/333
-[#326]: https://github.com/uber-go/zap/pull/326
-[#300]: https://github.com/uber-go/zap/pull/300
-[#339]: https://github.com/uber-go/zap/pull/339
-[#307]: https://github.com/uber-go/zap/pull/307
-[#353]: https://github.com/uber-go/zap/pull/353
-[#311]: https://github.com/uber-go/zap/pull/311
-[#366]: https://github.com/uber-go/zap/pull/366
-[#364]: https://github.com/uber-go/zap/pull/364
-[#371]: https://github.com/uber-go/zap/pull/371
-[#362]: https://github.com/uber-go/zap/pull/362
-[#369]: https://github.com/uber-go/zap/pull/369
-[#347]: https://github.com/uber-go/zap/pull/347
-[#373]: https://github.com/uber-go/zap/pull/373
-[#348]: https://github.com/uber-go/zap/pull/348
-[#327]: https://github.com/uber-go/zap/pull/327
-[#376]: https://github.com/uber-go/zap/pull/376
-[#346]: https://github.com/uber-go/zap/pull/346
-[#365]: https://github.com/uber-go/zap/pull/365
-[#372]: https://github.com/uber-go/zap/pull/372
-[#385]: https://github.com/uber-go/zap/pull/385
-[#396]: https://github.com/uber-go/zap/pull/396
-[#386]: https://github.com/uber-go/zap/pull/386
-[#402]: https://github.com/uber-go/zap/pull/402
-[#415]: https://github.com/uber-go/zap/pull/415
-[#416]: https://github.com/uber-go/zap/pull/416
-[#424]: https://github.com/uber-go/zap/pull/424
-[#425]: https://github.com/uber-go/zap/pull/425
-[#431]: https://github.com/uber-go/zap/pull/431
-[#435]: https://github.com/uber-go/zap/pull/435
-[#444]: https://github.com/uber-go/zap/pull/444
-[#477]: https://github.com/uber-go/zap/pull/477
-[#465]: https://github.com/uber-go/zap/pull/465
-[#460]: https://github.com/uber-go/zap/pull/460
-[#470]: https://github.com/uber-go/zap/pull/470
-[#487]: https://github.com/uber-go/zap/pull/487
-[#490]: https://github.com/uber-go/zap/pull/490
-[#491]: https://github.com/uber-go/zap/pull/491
-[#504]: https://github.com/uber-go/zap/pull/504
-[#508]: https://github.com/uber-go/zap/pull/508
-[#518]: https://github.com/uber-go/zap/pull/518
-[#577]: https://github.com/uber-go/zap/pull/577
-[#574]: https://github.com/uber-go/zap/pull/574
-[#602]: https://github.com/uber-go/zap/pull/602
-[#572]: https://github.com/uber-go/zap/pull/572
-[#606]: https://github.com/uber-go/zap/pull/606
-[#614]: https://github.com/uber-go/zap/pull/614
-[#657]: https://github.com/uber-go/zap/pull/657
-[#706]: https://github.com/uber-go/zap/pull/706
-[#610]: https://github.com/uber-go/zap/pull/610
-[#675]: https://github.com/uber-go/zap/pull/675
-[#704]: https://github.com/uber-go/zap/pull/704
-[#725]: https://github.com/uber-go/zap/pull/725
-[#736]: https://github.com/uber-go/zap/pull/736
-[#751]: https://github.com/uber-go/zap/pull/751
-[#758]: https://github.com/uber-go/zap/pull/758
-[#771]: https://github.com/uber-go/zap/pull/771
-[#773]: https://github.com/uber-go/zap/pull/773
-[#775]: https://github.com/uber-go/zap/pull/775
-[#786]: https://github.com/uber-go/zap/pull/786
-[#791]: https://github.com/uber-go/zap/pull/791
-[#795]: https://github.com/uber-go/zap/pull/795
-[#799]: https://github.com/uber-go/zap/pull/799
-[#804]: https://github.com/uber-go/zap/pull/804
-[#812]: https://github.com/uber-go/zap/pull/812
-[#806]: https://github.com/uber-go/zap/pull/806
-[#813]: https://github.com/uber-go/zap/pull/813
-[#629]: https://github.com/uber-go/zap/pull/629
-[#697]: https://github.com/uber-go/zap/pull/697
-[#828]: https://github.com/uber-go/zap/pull/828
-[#835]: https://github.com/uber-go/zap/pull/835
-[#843]: https://github.com/uber-go/zap/pull/843
-[#844]: https://github.com/uber-go/zap/pull/844
-[#852]: https://github.com/uber-go/zap/pull/852
-[#854]: https://github.com/uber-go/zap/pull/854
-[#861]: https://github.com/uber-go/zap/pull/861
-[#862]: https://github.com/uber-go/zap/pull/862
-[#865]: https://github.com/uber-go/zap/pull/865
-[#867]: https://github.com/uber-go/zap/pull/867
-[#881]: https://github.com/uber-go/zap/pull/881
-[#903]: https://github.com/uber-go/zap/pull/903
-[#912]: https://github.com/uber-go/zap/pull/912
-[#913]: https://github.com/uber-go/zap/pull/913
-[#928]: https://github.com/uber-go/zap/pull/928
-[#931]: https://github.com/uber-go/zap/pull/931
-[#936]: https://github.com/uber-go/zap/pull/936
diff --git a/vendor/go.uber.org/zap/Makefile b/vendor/go.uber.org/zap/Makefile
index 9b1bc3b0e..eb1cee53b 100644
--- a/vendor/go.uber.org/zap/Makefile
+++ b/vendor/go.uber.org/zap/Makefile
@@ -1,50 +1,51 @@
-export GOBIN ?= $(shell pwd)/bin
+# Directory containing the Makefile.
+PROJECT_ROOT = $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 
-GOLINT = $(GOBIN)/golint
-STATICCHECK = $(GOBIN)/staticcheck
+export GOBIN ?= $(PROJECT_ROOT)/bin
+export PATH := $(GOBIN):$(PATH)
+
+GOVULNCHECK = $(GOBIN)/govulncheck
 BENCH_FLAGS ?= -cpuprofile=cpu.pprof -memprofile=mem.pprof -benchmem
 
 # Directories containing independent Go modules.
-#
-# We track coverage only for the main module.
-MODULE_DIRS = . ./benchmarks ./zapgrpc/internal/test
+MODULE_DIRS = . ./exp ./benchmarks ./zapgrpc/internal/test
 
-# Many Go tools take file globs or directories as arguments instead of packages.
-GO_FILES := $(shell \
-	find . '(' -path '*/.*' -o -path './vendor' ')' -prune \
-	-o -name '*.go' -print | cut -b3-)
+# Directories that we want to track coverage for.
+COVER_DIRS = . ./exp
 
 .PHONY: all
 all: lint test
 
 .PHONY: lint
-lint: $(GOLINT) $(STATICCHECK)
-	@rm -rf lint.log
-	@echo "Checking formatting..."
-	@gofmt -d -s $(GO_FILES) 2>&1 | tee lint.log
-	@echo "Checking vet..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go vet ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking lint..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(GOLINT) ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking staticcheck..."
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && $(STATICCHECK) ./... 2>&1) &&) true | tee -a lint.log
-	@echo "Checking for unresolved FIXMEs..."
-	@git grep -i fixme | grep -v -e Makefile | tee -a lint.log
-	@echo "Checking for license headers..."
-	@./checklicense.sh | tee -a lint.log
-	@[ ! -s lint.log ]
-	@echo "Checking 'go mod tidy'..."
-	@make tidy
-	@if ! git diff --quiet; then \
-		echo "'go mod tidy' resulted in changes or working tree is dirty:"; \
-		git --no-pager diff; \
-	fi
-
-$(GOLINT):
-	cd tools && go install golang.org/x/lint/golint
-
-$(STATICCHECK):
-	cd tools && go install honnef.co/go/tools/cmd/staticcheck
+lint: golangci-lint tidy-lint license-lint
+
+.PHONY: golangci-lint
+golangci-lint:
+	@$(foreach mod,$(MODULE_DIRS), \
+		(cd $(mod) && \
+		echo "[lint] golangci-lint: $(mod)" && \
+		golangci-lint run --path-prefix $(mod)) &&) true
+
+.PHONY: tidy
+tidy:
+	@$(foreach dir,$(MODULE_DIRS), \
+		(cd $(dir) && go mod tidy) &&) true
+
+.PHONY: tidy-lint
+tidy-lint:
+	@$(foreach mod,$(MODULE_DIRS), \
+		(cd $(mod) && \
+		echo "[lint] tidy: $(mod)" && \
+		go mod tidy && \
+		git diff --exit-code -- go.mod go.sum) &&) true
+
+
+.PHONY: license-lint
+license-lint:
+	./checklicense.sh
+
+$(GOVULNCHECK):
+	cd tools && go install golang.org/x/vuln/cmd/govulncheck
 
 .PHONY: test
 test:
@@ -52,8 +53,10 @@ test:
 
 .PHONY: cover
 cover:
-	go test -race -coverprofile=cover.out -coverpkg=./... ./...
-	go tool cover -html=cover.out -o cover.html
+	@$(foreach dir,$(COVER_DIRS), ( \
+		cd $(dir) && \
+		go test -race -coverprofile=cover.out -coverpkg=./... ./... \
+		&& go tool cover -html=cover.out -o cover.html) &&) true
 
 .PHONY: bench
 BENCH ?= .
@@ -68,6 +71,6 @@ updatereadme:
 	rm -f README.md
 	cat .readme.tmpl | go run internal/readme/readme.go > README.md
 
-.PHONY: tidy
-tidy:
-	@$(foreach dir,$(MODULE_DIRS),(cd $(dir) && go mod tidy) &&) true
+.PHONY: vulncheck
+vulncheck: $(GOVULNCHECK)
+	$(GOVULNCHECK) ./...
diff --git a/vendor/go.uber.org/zap/README.md b/vendor/go.uber.org/zap/README.md
index a553a428c..9de08927b 100644
--- a/vendor/go.uber.org/zap/README.md
+++ b/vendor/go.uber.org/zap/README.md
@@ -54,7 +54,7 @@ and make many small allocations. Put differently, using `encoding/json` and
 Zap takes a different approach. It includes a reflection-free, zero-allocation
 JSON encoder, and the base `Logger` strives to avoid serialization overhead
 and allocations wherever possible. By building the high-level `SugaredLogger`
-on that foundation, zap lets users _choose_ when they need to count every
+on that foundation, zap lets users *choose* when they need to count every
 allocation and when they'd prefer a more familiar, loosely typed API.
 
 As measured by its own [benchmarking suite][], not only is zap more performant
@@ -64,40 +64,43 @@ id="anchor-versions">[1](#footnote-versions)</sup>
 
 Log a message and 10 fields:
 
-| Package             |    Time     | Time % to zap | Objects Allocated |
-| :------------------ | :---------: | :-----------: | :---------------: |
-| :zap: zap           | 2900 ns/op  |      +0%      |    5 allocs/op    |
-| :zap: zap (sugared) | 3475 ns/op  |     +20%      |   10 allocs/op    |
-| zerolog             | 10639 ns/op |     +267%     |   32 allocs/op    |
-| go-kit              | 14434 ns/op |     +398%     |   59 allocs/op    |
-| logrus              | 17104 ns/op |     +490%     |   81 allocs/op    |
-| apex/log            | 32424 ns/op |    +1018%     |   66 allocs/op    |
-| log15               | 33579 ns/op |    +1058%     |   76 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 1744 ns/op | +0% | 5 allocs/op
+| :zap: zap (sugared) | 2483 ns/op | +42% | 10 allocs/op
+| zerolog | 918 ns/op | -47% | 1 allocs/op
+| go-kit | 5590 ns/op | +221% | 57 allocs/op
+| slog | 5640 ns/op | +223% | 40 allocs/op
+| apex/log | 21184 ns/op | +1115% | 63 allocs/op
+| logrus | 24338 ns/op | +1296% | 79 allocs/op
+| log15 | 26054 ns/op | +1394% | 74 allocs/op
 
 Log a message with a logger that already has 10 fields of context:
 
-| Package             |    Time     | Time % to zap | Objects Allocated |
-| :------------------ | :---------: | :-----------: | :---------------: |
-| :zap: zap           |  373 ns/op  |      +0%      |    0 allocs/op    |
-| :zap: zap (sugared) |  452 ns/op  |     +21%      |    1 allocs/op    |
-| zerolog             |  288 ns/op  |     -23%      |    0 allocs/op    |
-| go-kit              | 11785 ns/op |    +3060%     |   58 allocs/op    |
-| logrus              | 19629 ns/op |    +5162%     |   70 allocs/op    |
-| log15               | 21866 ns/op |    +5762%     |   72 allocs/op    |
-| apex/log            | 30890 ns/op |    +8182%     |   55 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 193 ns/op | +0% | 0 allocs/op
+| :zap: zap (sugared) | 227 ns/op | +18% | 1 allocs/op
+| zerolog | 81 ns/op | -58% | 0 allocs/op
+| slog | 322 ns/op | +67% | 0 allocs/op
+| go-kit | 5377 ns/op | +2686% | 56 allocs/op
+| apex/log | 19518 ns/op | +10013% | 53 allocs/op
+| log15 | 19812 ns/op | +10165% | 70 allocs/op
+| logrus | 21997 ns/op | +11297% | 68 allocs/op
 
 Log a static string, without any context or `printf`-style templating:
 
-| Package             |    Time    | Time % to zap | Objects Allocated |
-| :------------------ | :--------: | :-----------: | :---------------: |
-| :zap: zap           | 381 ns/op  |      +0%      |    0 allocs/op    |
-| :zap: zap (sugared) | 410 ns/op  |      +8%      |    1 allocs/op    |
-| zerolog             | 369 ns/op  |      -3%      |    0 allocs/op    |
-| standard library    | 385 ns/op  |      +1%      |    2 allocs/op    |
-| go-kit              | 606 ns/op  |     +59%      |   11 allocs/op    |
-| logrus              | 1730 ns/op |     +354%     |   25 allocs/op    |
-| apex/log            | 1998 ns/op |     +424%     |    7 allocs/op    |
-| log15               | 4546 ns/op |    +1093%     |   22 allocs/op    |
+| Package | Time | Time % to zap | Objects Allocated |
+| :------ | :--: | :-----------: | :---------------: |
+| :zap: zap | 165 ns/op | +0% | 0 allocs/op
+| :zap: zap (sugared) | 212 ns/op | +28% | 1 allocs/op
+| zerolog | 95 ns/op | -42% | 0 allocs/op
+| slog | 296 ns/op | +79% | 0 allocs/op
+| go-kit | 415 ns/op | +152% | 9 allocs/op
+| standard library | 422 ns/op | +156% | 2 allocs/op
+| apex/log | 1601 ns/op | +870% | 5 allocs/op
+| logrus | 3017 ns/op | +1728% | 23 allocs/op
+| log15 | 3469 ns/op | +2002% | 20 allocs/op
 
 ## Development Status: Stable
 
@@ -131,3 +134,4 @@ pinned in the [benchmarks/go.mod][] file. [↩](#anchor-versions)
 [cov]: https://codecov.io/gh/uber-go/zap
 [benchmarking suite]: https://github.com/uber-go/zap/tree/master/benchmarks
 [benchmarks/go.mod]: https://github.com/uber-go/zap/blob/master/benchmarks/go.mod
+
diff --git a/vendor/go.uber.org/zap/array.go b/vendor/go.uber.org/zap/array.go
index 5be3704a3..abfccb566 100644
--- a/vendor/go.uber.org/zap/array.go
+++ b/vendor/go.uber.org/zap/array.go
@@ -21,6 +21,7 @@
 package zap
 
 import (
+	"fmt"
 	"time"
 
 	"go.uber.org/zap/zapcore"
@@ -94,11 +95,137 @@ func Int8s(key string, nums []int8) Field {
 	return Array(key, int8s(nums))
 }
 
+// Objects constructs a field with the given key, holding a list of the
+// provided objects that can be marshaled by Zap.
+//
+// Note that these objects must implement zapcore.ObjectMarshaler directly.
+// That is, if you're trying to marshal a []Request, the MarshalLogObject
+// method must be declared on the Request type, not its pointer (*Request).
+// If it's on the pointer, use ObjectValues.
+//
+// Given an object that implements MarshalLogObject on the value receiver, you
+// can log a slice of those objects with Objects like so:
+//
+//	type Author struct{ ... }
+//	func (a Author) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var authors []Author = ...
+//	logger.Info("loading article", zap.Objects("authors", authors))
+//
+// Similarly, given a type that implements MarshalLogObject on its pointer
+// receiver, you can log a slice of pointers to that object with Objects like
+// so:
+//
+//	type Request struct{ ... }
+//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var requests []*Request = ...
+//	logger.Info("sending requests", zap.Objects("requests", requests))
+//
+// If instead, you have a slice of values of such an object, use the
+// ObjectValues constructor.
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
+func Objects[T zapcore.ObjectMarshaler](key string, values []T) Field {
+	return Array(key, objects[T](values))
+}
+
+type objects[T zapcore.ObjectMarshaler] []T
+
+func (os objects[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for _, o := range os {
+		if err := arr.AppendObject(o); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ObjectMarshalerPtr is a constraint that specifies that the given type
+// implements zapcore.ObjectMarshaler on a pointer receiver.
+type ObjectMarshalerPtr[T any] interface {
+	*T
+	zapcore.ObjectMarshaler
+}
+
+// ObjectValues constructs a field with the given key, holding a list of the
+// provided objects, where pointers to these objects can be marshaled by Zap.
+//
+// Note that pointers to these objects must implement zapcore.ObjectMarshaler.
+// That is, if you're trying to marshal a []Request, the MarshalLogObject
+// method must be declared on the *Request type, not the value (Request).
+// If it's on the value, use Objects.
+//
+// Given an object that implements MarshalLogObject on the pointer receiver,
+// you can log a slice of those objects with ObjectValues like so:
+//
+//	type Request struct{ ... }
+//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
+//
+// If instead, you have a slice of pointers of such an object, use the Objects
+// field constructor.
+//
+//	var requests []*Request = ...
+//	logger.Info("sending requests", zap.Objects("requests", requests))
+func ObjectValues[T any, P ObjectMarshalerPtr[T]](key string, values []T) Field {
+	return Array(key, objectValues[T, P](values))
+}
+
+type objectValues[T any, P ObjectMarshalerPtr[T]] []T
+
+func (os objectValues[T, P]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for i := range os {
+		// It is necessary for us to explicitly reference the "P" type.
+		// We cannot simply pass "&os[i]" to AppendObject because its type
+		// is "*T", which the type system does not consider as
+		// implementing ObjectMarshaler.
+		// Only the type "P" satisfies ObjectMarshaler, which we have
+		// to convert "*T" to explicitly.
+		var p P = &os[i]
+		if err := arr.AppendObject(p); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // Strings constructs a field that carries a slice of strings.
 func Strings(key string, ss []string) Field {
 	return Array(key, stringArray(ss))
 }
 
+// Stringers constructs a field with the given key, holding a list of the
+// output provided by the value's String method
+//
+// Given an object that implements String on the value receiver, you
+// can log a slice of those objects with Objects like so:
+//
+//	type Request struct{ ... }
+//	func (a Request) String() string
+//
+//	var requests []Request = ...
+//	logger.Info("sending requests", zap.Stringers("requests", requests))
+//
+// Note that these objects must implement fmt.Stringer directly.
+// That is, if you're trying to marshal a []Request, the String method
+// must be declared on the Request type, not its pointer (*Request).
+func Stringers[T fmt.Stringer](key string, values []T) Field {
+	return Array(key, stringers[T](values))
+}
+
+type stringers[T fmt.Stringer] []T
+
+func (os stringers[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
+	for _, o := range os {
+		arr.AppendString(o.String())
+	}
+	return nil
+}
+
 // Times constructs a field that carries a slice of time.Times.
 func Times(key string, ts []time.Time) Field {
 	return Array(key, times(ts))
diff --git a/vendor/go.uber.org/zap/array_go118.go b/vendor/go.uber.org/zap/array_go118.go
deleted file mode 100644
index d0d2c49d6..000000000
--- a/vendor/go.uber.org/zap/array_go118.go
+++ /dev/null
@@ -1,156 +0,0 @@
-// Copyright (c) 2022 Uber Technologies, Inc.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy
-// of this software and associated documentation files (the "Software"), to deal
-// in the Software without restriction, including without limitation the rights
-// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-// copies of the Software, and to permit persons to whom the Software is
-// furnished to do so, subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in
-// all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
-
-//go:build go1.18
-// +build go1.18
-
-package zap
-
-import (
-	"fmt"
-
-	"go.uber.org/zap/zapcore"
-)
-
-// Objects constructs a field with the given key, holding a list of the
-// provided objects that can be marshaled by Zap.
-//
-// Note that these objects must implement zapcore.ObjectMarshaler directly.
-// That is, if you're trying to marshal a []Request, the MarshalLogObject
-// method must be declared on the Request type, not its pointer (*Request).
-// If it's on the pointer, use ObjectValues.
-//
-// Given an object that implements MarshalLogObject on the value receiver, you
-// can log a slice of those objects with Objects like so:
-//
-//	type Author struct{ ... }
-//	func (a Author) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var authors []Author = ...
-//	logger.Info("loading article", zap.Objects("authors", authors))
-//
-// Similarly, given a type that implements MarshalLogObject on its pointer
-// receiver, you can log a slice of pointers to that object with Objects like
-// so:
-//
-//	type Request struct{ ... }
-//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var requests []*Request = ...
-//	logger.Info("sending requests", zap.Objects("requests", requests))
-//
-// If instead, you have a slice of values of such an object, use the
-// ObjectValues constructor.
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
-func Objects[T zapcore.ObjectMarshaler](key string, values []T) Field {
-	return Array(key, objects[T](values))
-}
-
-type objects[T zapcore.ObjectMarshaler] []T
-
-func (os objects[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for _, o := range os {
-		if err := arr.AppendObject(o); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// ObjectMarshalerPtr is a constraint that specifies that the given type
-// implements zapcore.ObjectMarshaler on a pointer receiver.
-type ObjectMarshalerPtr[T any] interface {
-	*T
-	zapcore.ObjectMarshaler
-}
-
-// ObjectValues constructs a field with the given key, holding a list of the
-// provided objects, where pointers to these objects can be marshaled by Zap.
-//
-// Note that pointers to these objects must implement zapcore.ObjectMarshaler.
-// That is, if you're trying to marshal a []Request, the MarshalLogObject
-// method must be declared on the *Request type, not the value (Request).
-// If it's on the value, use Objects.
-//
-// Given an object that implements MarshalLogObject on the pointer receiver,
-// you can log a slice of those objects with ObjectValues like so:
-//
-//	type Request struct{ ... }
-//	func (r *Request) MarshalLogObject(enc zapcore.ObjectEncoder) error
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.ObjectValues("requests", requests))
-//
-// If instead, you have a slice of pointers of such an object, use the Objects
-// field constructor.
-//
-//	var requests []*Request = ...
-//	logger.Info("sending requests", zap.Objects("requests", requests))
-func ObjectValues[T any, P ObjectMarshalerPtr[T]](key string, values []T) Field {
-	return Array(key, objectValues[T, P](values))
-}
-
-type objectValues[T any, P ObjectMarshalerPtr[T]] []T
-
-func (os objectValues[T, P]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for i := range os {
-		// It is necessary for us to explicitly reference the "P" type.
-		// We cannot simply pass "&os[i]" to AppendObject because its type
-		// is "*T", which the type system does not consider as
-		// implementing ObjectMarshaler.
-		// Only the type "P" satisfies ObjectMarshaler, which we have
-		// to convert "*T" to explicitly.
-		var p P = &os[i]
-		if err := arr.AppendObject(p); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-// Stringers constructs a field with the given key, holding a list of the
-// output provided by the value's String method
-//
-// Given an object that implements String on the value receiver, you
-// can log a slice of those objects with Objects like so:
-//
-//	type Request struct{ ... }
-//	func (a Request) String() string
-//
-//	var requests []Request = ...
-//	logger.Info("sending requests", zap.Stringers("requests", requests))
-//
-// Note that these objects must implement fmt.Stringer directly.
-// That is, if you're trying to marshal a []Request, the String method
-// must be declared on the Request type, not its pointer (*Request).
-func Stringers[T fmt.Stringer](key string, values []T) Field {
-	return Array(key, stringers[T](values))
-}
-
-type stringers[T fmt.Stringer] []T
-
-func (os stringers[T]) MarshalLogArray(arr zapcore.ArrayEncoder) error {
-	for _, o := range os {
-		arr.AppendString(o.String())
-	}
-	return nil
-}
diff --git a/vendor/go.uber.org/zap/buffer/buffer.go b/vendor/go.uber.org/zap/buffer/buffer.go
index 9e929cd98..27fb5cd5d 100644
--- a/vendor/go.uber.org/zap/buffer/buffer.go
+++ b/vendor/go.uber.org/zap/buffer/buffer.go
@@ -42,6 +42,11 @@ func (b *Buffer) AppendByte(v byte) {
 	b.bs = append(b.bs, v)
 }
 
+// AppendBytes writes a single byte to the Buffer.
+func (b *Buffer) AppendBytes(v []byte) {
+	b.bs = append(b.bs, v...)
+}
+
 // AppendString writes a string to the Buffer.
 func (b *Buffer) AppendString(s string) {
 	b.bs = append(b.bs, s...)
diff --git a/vendor/go.uber.org/zap/buffer/pool.go b/vendor/go.uber.org/zap/buffer/pool.go
index 8fb3e202c..846323360 100644
--- a/vendor/go.uber.org/zap/buffer/pool.go
+++ b/vendor/go.uber.org/zap/buffer/pool.go
@@ -20,25 +20,29 @@
 
 package buffer
 
-import "sync"
+import (
+	"go.uber.org/zap/internal/pool"
+)
 
 // A Pool is a type-safe wrapper around a sync.Pool.
 type Pool struct {
-	p *sync.Pool
+	p *pool.Pool[*Buffer]
 }
 
 // NewPool constructs a new Pool.
 func NewPool() Pool {
-	return Pool{p: &sync.Pool{
-		New: func() interface{} {
-			return &Buffer{bs: make([]byte, 0, _size)}
-		},
-	}}
+	return Pool{
+		p: pool.New(func() *Buffer {
+			return &Buffer{
+				bs: make([]byte, 0, _size),
+			}
+		}),
+	}
 }
 
 // Get retrieves a Buffer from the pool, creating one if necessary.
 func (p Pool) Get() *Buffer {
-	buf := p.p.Get().(*Buffer)
+	buf := p.p.Get()
 	buf.Reset()
 	buf.pool = p
 	return buf
diff --git a/vendor/go.uber.org/zap/config.go b/vendor/go.uber.org/zap/config.go
index ee6096766..e76e4e64f 100644
--- a/vendor/go.uber.org/zap/config.go
+++ b/vendor/go.uber.org/zap/config.go
@@ -95,6 +95,32 @@ type Config struct {
 
 // NewProductionEncoderConfig returns an opinionated EncoderConfig for
 // production environments.
+//
+// Messages encoded with this configuration will be JSON-formatted
+// and will have the following keys by default:
+//
+//   - "level": The logging level (e.g. "info", "error").
+//   - "ts": The current time in number of seconds since the Unix epoch.
+//   - "msg": The message passed to the log statement.
+//   - "caller": If available, a short path to the file and line number
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//   - "stacktrace": If available, a stack trace from the line
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//
+// By default, the following formats are used for different types:
+//
+//   - Time is formatted as floating-point number of seconds since the Unix
+//     epoch.
+//   - Duration is formatted as floating-point number of seconds.
+//
+// You may change these by setting the appropriate fields in the returned
+// object.
+// For example, use the following to change the time encoding format:
+//
+//	cfg := zap.NewProductionEncoderConfig()
+//	cfg.EncodeTime = zapcore.ISO8601TimeEncoder
 func NewProductionEncoderConfig() zapcore.EncoderConfig {
 	return zapcore.EncoderConfig{
 		TimeKey:        "ts",
@@ -112,11 +138,22 @@ func NewProductionEncoderConfig() zapcore.EncoderConfig {
 	}
 }
 
-// NewProductionConfig is a reasonable production logging configuration.
-// Logging is enabled at InfoLevel and above.
+// NewProductionConfig builds a reasonable default production logging
+// configuration.
+// Logging is enabled at InfoLevel and above, and uses a JSON encoder.
+// Logs are written to standard error.
+// Stacktraces are included on logs of ErrorLevel and above.
+// DPanicLevel logs will not panic, but will write a stacktrace.
+//
+// Sampling is enabled at 100:100 by default,
+// meaning that after the first 100 log entries
+// with the same level and message in the same second,
+// it will log every 100th entry
+// with the same level and message in the same second.
+// You may disable this behavior by setting Sampling to nil.
 //
-// It uses a JSON encoder, writes to standard error, and enables sampling.
-// Stacktraces are automatically included on logs of ErrorLevel and above.
+// See [NewProductionEncoderConfig] for information
+// on the default encoder configuration.
 func NewProductionConfig() Config {
 	return Config{
 		Level:       NewAtomicLevelAt(InfoLevel),
@@ -134,6 +171,32 @@ func NewProductionConfig() Config {
 
 // NewDevelopmentEncoderConfig returns an opinionated EncoderConfig for
 // development environments.
+//
+// Messages encoded with this configuration will use Zap's console encoder
+// intended to print human-readable output.
+// It will print log messages with the following information:
+//
+//   - The log level (e.g. "INFO", "ERROR").
+//   - The time in ISO8601 format (e.g. "2017-01-01T12:00:00Z").
+//   - The message passed to the log statement.
+//   - If available, a short path to the file and line number
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//   - If available, a stacktrace from the line
+//     where the log statement was issued.
+//     The logger configuration determines whether this field is captured.
+//
+// By default, the following formats are used for different types:
+//
+//   - Time is formatted in ISO8601 format (e.g. "2017-01-01T12:00:00Z").
+//   - Duration is formatted as a string (e.g. "1.234s").
+//
+// You may change these by setting the appropriate fields in the returned
+// object.
+// For example, use the following to change the time encoding format:
+//
+//	cfg := zap.NewDevelopmentEncoderConfig()
+//	cfg.EncodeTime = zapcore.ISO8601TimeEncoder
 func NewDevelopmentEncoderConfig() zapcore.EncoderConfig {
 	return zapcore.EncoderConfig{
 		// Keys can be anything except the empty string.
@@ -152,12 +215,15 @@ func NewDevelopmentEncoderConfig() zapcore.EncoderConfig {
 	}
 }
 
-// NewDevelopmentConfig is a reasonable development logging configuration.
-// Logging is enabled at DebugLevel and above.
+// NewDevelopmentConfig builds a reasonable default development logging
+// configuration.
+// Logging is enabled at DebugLevel and above, and uses a console encoder.
+// Logs are written to standard error.
+// Stacktraces are included on logs of WarnLevel and above.
+// DPanicLevel logs will panic.
 //
-// It enables development mode (which makes DPanicLevel logs panic), uses a
-// console encoder, writes to standard error, and disables sampling.
-// Stacktraces are automatically included on logs of WarnLevel and above.
+// See [NewDevelopmentEncoderConfig] for information
+// on the default encoder configuration.
 func NewDevelopmentConfig() Config {
 	return Config{
 		Level:            NewAtomicLevelAt(DebugLevel),
diff --git a/vendor/go.uber.org/zap/error.go b/vendor/go.uber.org/zap/error.go
index 65982a51e..45f7b838d 100644
--- a/vendor/go.uber.org/zap/error.go
+++ b/vendor/go.uber.org/zap/error.go
@@ -21,14 +21,13 @@
 package zap
 
 import (
-	"sync"
-
+	"go.uber.org/zap/internal/pool"
 	"go.uber.org/zap/zapcore"
 )
 
-var _errArrayElemPool = sync.Pool{New: func() interface{} {
+var _errArrayElemPool = pool.New(func() *errArrayElem {
 	return &errArrayElem{}
-}}
+})
 
 // Error is shorthand for the common idiom NamedError("error", err).
 func Error(err error) Field {
@@ -60,11 +59,14 @@ func (errs errArray) MarshalLogArray(arr zapcore.ArrayEncoder) error {
 		// potentially an "errorVerbose" attribute, we need to wrap it in a
 		// type that implements LogObjectMarshaler. To prevent this from
 		// allocating, pool the wrapper type.
-		elem := _errArrayElemPool.Get().(*errArrayElem)
+		elem := _errArrayElemPool.Get()
 		elem.error = errs[i]
-		arr.AppendObject(elem)
+		err := arr.AppendObject(elem)
 		elem.error = nil
 		_errArrayElemPool.Put(elem)
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/vendor/go.uber.org/zap/field.go b/vendor/go.uber.org/zap/field.go
index bbb745db5..c8dd3358a 100644
--- a/vendor/go.uber.org/zap/field.go
+++ b/vendor/go.uber.org/zap/field.go
@@ -25,6 +25,7 @@ import (
 	"math"
 	"time"
 
+	"go.uber.org/zap/internal/stacktrace"
 	"go.uber.org/zap/zapcore"
 )
 
@@ -374,7 +375,7 @@ func StackSkip(key string, skip int) Field {
 	// from expanding the zapcore.Field union struct to include a byte slice. Since
 	// taking a stacktrace is already so expensive (~10us), the extra allocation
 	// is okay.
-	return String(key, takeStacktrace(skip+1)) // skip StackSkip
+	return String(key, stacktrace.Take(skip+1)) // skip StackSkip
 }
 
 // Duration constructs a field with the given key and value. The encoder
@@ -410,6 +411,63 @@ func Inline(val zapcore.ObjectMarshaler) Field {
 	}
 }
 
+// Dict constructs a field containing the provided key-value pairs.
+// It acts similar to [Object], but with the fields specified as arguments.
+func Dict(key string, val ...Field) Field {
+	return dictField(key, val)
+}
+
+// We need a function with the signature (string, T) for zap.Any.
+func dictField(key string, val []Field) Field {
+	return Object(key, dictObject(val))
+}
+
+type dictObject []Field
+
+func (d dictObject) MarshalLogObject(enc zapcore.ObjectEncoder) error {
+	for _, f := range d {
+		f.AddTo(enc)
+	}
+	return nil
+}
+
+// We discovered an issue where zap.Any can cause a performance degradation
+// when used in new goroutines.
+//
+// This happens because the compiler assigns 4.8kb (one zap.Field per arm of
+// switch statement) of stack space for zap.Any when it takes the form:
+//
+//	switch v := v.(type) {
+//	case string:
+//		return String(key, v)
+//	case int:
+//		return Int(key, v)
+//		// ...
+//	default:
+//		return Reflect(key, v)
+//	}
+//
+// To avoid this, we use the type switch to assign a value to a single local variable
+// and then call a function on it.
+// The local variable is just a function reference so it doesn't allocate
+// when converted to an interface{}.
+//
+// A fair bit of experimentation went into this.
+// See also:
+//
+// - https://github.com/uber-go/zap/pull/1301
+// - https://github.com/uber-go/zap/pull/1303
+// - https://github.com/uber-go/zap/pull/1304
+// - https://github.com/uber-go/zap/pull/1305
+// - https://github.com/uber-go/zap/pull/1308
+type anyFieldC[T any] func(string, T) Field
+
+func (f anyFieldC[T]) Any(key string, val any) Field {
+	v, _ := val.(T)
+	// val is guaranteed to be a T, except when it's nil.
+	return f(key, v)
+}
+
 // Any takes a key and an arbitrary value and chooses the best way to represent
 // them as a field, falling back to a reflection-based approach only if
 // necessary.
@@ -418,132 +476,138 @@ func Inline(val zapcore.ObjectMarshaler) Field {
 // them. To minimize surprises, []byte values are treated as binary blobs, byte
 // values are treated as uint8, and runes are always treated as integers.
 func Any(key string, value interface{}) Field {
-	switch val := value.(type) {
+	var c interface{ Any(string, any) Field }
+
+	switch value.(type) {
 	case zapcore.ObjectMarshaler:
-		return Object(key, val)
+		c = anyFieldC[zapcore.ObjectMarshaler](Object)
 	case zapcore.ArrayMarshaler:
-		return Array(key, val)
+		c = anyFieldC[zapcore.ArrayMarshaler](Array)
+	case []Field:
+		c = anyFieldC[[]Field](dictField)
 	case bool:
-		return Bool(key, val)
+		c = anyFieldC[bool](Bool)
 	case *bool:
-		return Boolp(key, val)
+		c = anyFieldC[*bool](Boolp)
 	case []bool:
-		return Bools(key, val)
+		c = anyFieldC[[]bool](Bools)
 	case complex128:
-		return Complex128(key, val)
+		c = anyFieldC[complex128](Complex128)
 	case *complex128:
-		return Complex128p(key, val)
+		c = anyFieldC[*complex128](Complex128p)
 	case []complex128:
-		return Complex128s(key, val)
+		c = anyFieldC[[]complex128](Complex128s)
 	case complex64:
-		return Complex64(key, val)
+		c = anyFieldC[complex64](Complex64)
 	case *complex64:
-		return Complex64p(key, val)
+		c = anyFieldC[*complex64](Complex64p)
 	case []complex64:
-		return Complex64s(key, val)
+		c = anyFieldC[[]complex64](Complex64s)
 	case float64:
-		return Float64(key, val)
+		c = anyFieldC[float64](Float64)
 	case *float64:
-		return Float64p(key, val)
+		c = anyFieldC[*float64](Float64p)
 	case []float64:
-		return Float64s(key, val)
+		c = anyFieldC[[]float64](Float64s)
 	case float32:
-		return Float32(key, val)
+		c = anyFieldC[float32](Float32)
 	case *float32:
-		return Float32p(key, val)
+		c = anyFieldC[*float32](Float32p)
 	case []float32:
-		return Float32s(key, val)
+		c = anyFieldC[[]float32](Float32s)
 	case int:
-		return Int(key, val)
+		c = anyFieldC[int](Int)
 	case *int:
-		return Intp(key, val)
+		c = anyFieldC[*int](Intp)
 	case []int:
-		return Ints(key, val)
+		c = anyFieldC[[]int](Ints)
 	case int64:
-		return Int64(key, val)
+		c = anyFieldC[int64](Int64)
 	case *int64:
-		return Int64p(key, val)
+		c = anyFieldC[*int64](Int64p)
 	case []int64:
-		return Int64s(key, val)
+		c = anyFieldC[[]int64](Int64s)
 	case int32:
-		return Int32(key, val)
+		c = anyFieldC[int32](Int32)
 	case *int32:
-		return Int32p(key, val)
+		c = anyFieldC[*int32](Int32p)
 	case []int32:
-		return Int32s(key, val)
+		c = anyFieldC[[]int32](Int32s)
 	case int16:
-		return Int16(key, val)
+		c = anyFieldC[int16](Int16)
 	case *int16:
-		return Int16p(key, val)
+		c = anyFieldC[*int16](Int16p)
 	case []int16:
-		return Int16s(key, val)
+		c = anyFieldC[[]int16](Int16s)
 	case int8:
-		return Int8(key, val)
+		c = anyFieldC[int8](Int8)
 	case *int8:
-		return Int8p(key, val)
+		c = anyFieldC[*int8](Int8p)
 	case []int8:
-		return Int8s(key, val)
+		c = anyFieldC[[]int8](Int8s)
 	case string:
-		return String(key, val)
+		c = anyFieldC[string](String)
 	case *string:
-		return Stringp(key, val)
+		c = anyFieldC[*string](Stringp)
 	case []string:
-		return Strings(key, val)
+		c = anyFieldC[[]string](Strings)
 	case uint:
-		return Uint(key, val)
+		c = anyFieldC[uint](Uint)
 	case *uint:
-		return Uintp(key, val)
+		c = anyFieldC[*uint](Uintp)
 	case []uint:
-		return Uints(key, val)
+		c = anyFieldC[[]uint](Uints)
 	case uint64:
-		return Uint64(key, val)
+		c = anyFieldC[uint64](Uint64)
 	case *uint64:
-		return Uint64p(key, val)
+		c = anyFieldC[*uint64](Uint64p)
 	case []uint64:
-		return Uint64s(key, val)
+		c = anyFieldC[[]uint64](Uint64s)
 	case uint32:
-		return Uint32(key, val)
+		c = anyFieldC[uint32](Uint32)
 	case *uint32:
-		return Uint32p(key, val)
+		c = anyFieldC[*uint32](Uint32p)
 	case []uint32:
-		return Uint32s(key, val)
+		c = anyFieldC[[]uint32](Uint32s)
 	case uint16:
-		return Uint16(key, val)
+		c = anyFieldC[uint16](Uint16)
 	case *uint16:
-		return Uint16p(key, val)
+		c = anyFieldC[*uint16](Uint16p)
 	case []uint16:
-		return Uint16s(key, val)
+		c = anyFieldC[[]uint16](Uint16s)
 	case uint8:
-		return Uint8(key, val)
+		c = anyFieldC[uint8](Uint8)
 	case *uint8:
-		return Uint8p(key, val)
+		c = anyFieldC[*uint8](Uint8p)
 	case []byte:
-		return Binary(key, val)
+		c = anyFieldC[[]byte](Binary)
 	case uintptr:
-		return Uintptr(key, val)
+		c = anyFieldC[uintptr](Uintptr)
 	case *uintptr:
-		return Uintptrp(key, val)
+		c = anyFieldC[*uintptr](Uintptrp)
 	case []uintptr:
-		return Uintptrs(key, val)
+		c = anyFieldC[[]uintptr](Uintptrs)
 	case time.Time:
-		return Time(key, val)
+		c = anyFieldC[time.Time](Time)
 	case *time.Time:
-		return Timep(key, val)
+		c = anyFieldC[*time.Time](Timep)
 	case []time.Time:
-		return Times(key, val)
+		c = anyFieldC[[]time.Time](Times)
 	case time.Duration:
-		return Duration(key, val)
+		c = anyFieldC[time.Duration](Duration)
 	case *time.Duration:
-		return Durationp(key, val)
+		c = anyFieldC[*time.Duration](Durationp)
 	case []time.Duration:
-		return Durations(key, val)
+		c = anyFieldC[[]time.Duration](Durations)
 	case error:
-		return NamedError(key, val)
+		c = anyFieldC[error](NamedError)
 	case []error:
-		return Errors(key, val)
+		c = anyFieldC[[]error](Errors)
 	case fmt.Stringer:
-		return Stringer(key, val)
+		c = anyFieldC[fmt.Stringer](Stringer)
 	default:
-		return Reflect(key, val)
+		c = anyFieldC[any](Reflect)
 	}
+
+	return c.Any(key, value)
 }
diff --git a/vendor/go.uber.org/zap/http_handler.go b/vendor/go.uber.org/zap/http_handler.go
index 632b6831a..2be8f6515 100644
--- a/vendor/go.uber.org/zap/http_handler.go
+++ b/vendor/go.uber.org/zap/http_handler.go
@@ -69,6 +69,13 @@ import (
 //
 //	curl -X PUT localhost:8080/log/level -H "Content-Type: application/json" -d '{"level":"debug"}'
 func (lvl AtomicLevel) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if err := lvl.serveHTTP(w, r); err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		fmt.Fprintf(w, "internal error: %v", err)
+	}
+}
+
+func (lvl AtomicLevel) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 	type errorResponse struct {
 		Error string `json:"error"`
 	}
@@ -80,19 +87,20 @@ func (lvl AtomicLevel) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	switch r.Method {
 	case http.MethodGet:
-		enc.Encode(payload{Level: lvl.Level()})
+		return enc.Encode(payload{Level: lvl.Level()})
+
 	case http.MethodPut:
 		requestedLvl, err := decodePutRequest(r.Header.Get("Content-Type"), r)
 		if err != nil {
 			w.WriteHeader(http.StatusBadRequest)
-			enc.Encode(errorResponse{Error: err.Error()})
-			return
+			return enc.Encode(errorResponse{Error: err.Error()})
 		}
 		lvl.SetLevel(requestedLvl)
-		enc.Encode(payload{Level: lvl.Level()})
+		return enc.Encode(payload{Level: lvl.Level()})
+
 	default:
 		w.WriteHeader(http.StatusMethodNotAllowed)
-		enc.Encode(errorResponse{
+		return enc.Encode(errorResponse{
 			Error: "Only GET and PUT are supported.",
 		})
 	}
@@ -129,5 +137,4 @@ func decodePutJSON(body io.Reader) (zapcore.Level, error) {
 		return 0, errors.New("must specify logging level")
 	}
 	return *pld.Level, nil
-
 }
diff --git a/vendor/go.uber.org/zap/internal/level_enabler.go b/vendor/go.uber.org/zap/internal/level_enabler.go
index 5f3e3f1b9..40bfed81e 100644
--- a/vendor/go.uber.org/zap/internal/level_enabler.go
+++ b/vendor/go.uber.org/zap/internal/level_enabler.go
@@ -18,6 +18,8 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
+// Package internal and its subpackages hold types and functionality
+// that are not part of Zap's public API.
 package internal
 
 import "go.uber.org/zap/zapcore"
diff --git a/vendor/go.uber.org/atomic/bool_ext.go b/vendor/go.uber.org/zap/internal/pool/pool.go
similarity index 56%
rename from vendor/go.uber.org/atomic/bool_ext.go
rename to vendor/go.uber.org/zap/internal/pool/pool.go
index a2e60e987..60e9d2c43 100644
--- a/vendor/go.uber.org/atomic/bool_ext.go
+++ b/vendor/go.uber.org/zap/internal/pool/pool.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
+// Copyright (c) 2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -18,36 +18,41 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package atomic
+// Package pool provides internal pool utilities.
+package pool
 
 import (
-	"strconv"
+	"sync"
 )
 
-//go:generate bin/gen-atomicwrapper -name=Bool -type=bool -wrapped=Uint32 -pack=boolToInt -unpack=truthy -cas -swap -json -file=bool.go
-
-func truthy(n uint32) bool {
-	return n == 1
+// A Pool is a generic wrapper around [sync.Pool] to provide strongly-typed
+// object pooling.
+//
+// Note that SA6002 (ref: https://staticcheck.io/docs/checks/#SA6002) will
+// not be detected, so all internal pool use must take care to only store
+// pointer types.
+type Pool[T any] struct {
+	pool sync.Pool
 }
 
-func boolToInt(b bool) uint32 {
-	if b {
-		return 1
+// New returns a new [Pool] for T, and will use fn to construct new Ts when
+// the pool is empty.
+func New[T any](fn func() T) *Pool[T] {
+	return &Pool[T]{
+		pool: sync.Pool{
+			New: func() any {
+				return fn()
+			},
+		},
 	}
-	return 0
 }
 
-// Toggle atomically negates the Boolean and returns the previous value.
-func (b *Bool) Toggle() (old bool) {
-	for {
-		old := b.Load()
-		if b.CAS(old, !old) {
-			return old
-		}
-	}
+// Get gets a T from the pool, or creates a new one if the pool is empty.
+func (p *Pool[T]) Get() T {
+	return p.pool.Get().(T)
 }
 
-// String encodes the wrapped value as a string.
-func (b *Bool) String() string {
-	return strconv.FormatBool(b.Load())
+// Put returns x into the pool.
+func (p *Pool[T]) Put(x T) {
+	p.pool.Put(x)
 }
diff --git a/vendor/go.uber.org/zap/stacktrace.go b/vendor/go.uber.org/zap/internal/stacktrace/stack.go
similarity index 73%
rename from vendor/go.uber.org/zap/stacktrace.go
rename to vendor/go.uber.org/zap/internal/stacktrace/stack.go
index 817a3bde8..82af7551f 100644
--- a/vendor/go.uber.org/zap/stacktrace.go
+++ b/vendor/go.uber.org/zap/internal/stacktrace/stack.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2016 Uber Technologies, Inc.
+// Copyright (c) 2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -18,25 +18,26 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package zap
+// Package stacktrace provides support for gathering stack traces
+// efficiently.
+package stacktrace
 
 import (
 	"runtime"
-	"sync"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
-var _stacktracePool = sync.Pool{
-	New: func() interface{} {
-		return &stacktrace{
-			storage: make([]uintptr, 64),
-		}
-	},
-}
+var _stackPool = pool.New(func() *Stack {
+	return &Stack{
+		storage: make([]uintptr, 64),
+	}
+})
 
-type stacktrace struct {
+// Stack is a captured stack trace.
+type Stack struct {
 	pcs    []uintptr // program counters; always a subslice of storage
 	frames *runtime.Frames
 
@@ -50,30 +51,30 @@ type stacktrace struct {
 	storage []uintptr
 }
 
-// stacktraceDepth specifies how deep of a stack trace should be captured.
-type stacktraceDepth int
+// Depth specifies how deep of a stack trace should be captured.
+type Depth int
 
 const (
-	// stacktraceFirst captures only the first frame.
-	stacktraceFirst stacktraceDepth = iota
+	// First captures only the first frame.
+	First Depth = iota
 
-	// stacktraceFull captures the entire call stack, allocating more
+	// Full captures the entire call stack, allocating more
 	// storage for it if needed.
-	stacktraceFull
+	Full
 )
 
-// captureStacktrace captures a stack trace of the specified depth, skipping
+// Capture captures a stack trace of the specified depth, skipping
 // the provided number of frames. skip=0 identifies the caller of
-// captureStacktrace.
+// Capture.
 //
 // The caller must call Free on the returned stacktrace after using it.
-func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
-	stack := _stacktracePool.Get().(*stacktrace)
+func Capture(skip int, depth Depth) *Stack {
+	stack := _stackPool.Get()
 
 	switch depth {
-	case stacktraceFirst:
+	case First:
 		stack.pcs = stack.storage[:1]
-	case stacktraceFull:
+	case Full:
 		stack.pcs = stack.storage
 	}
 
@@ -87,7 +88,7 @@ func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
 	// runtime.Callers truncates the recorded stacktrace if there is no
 	// room in the provided slice. For the full stack trace, keep expanding
 	// storage until there are fewer frames than there is room.
-	if depth == stacktraceFull {
+	if depth == Full {
 		pcs := stack.pcs
 		for numFrames == len(pcs) {
 			pcs = make([]uintptr, len(pcs)*2)
@@ -109,50 +110,54 @@ func captureStacktrace(skip int, depth stacktraceDepth) *stacktrace {
 
 // Free releases resources associated with this stacktrace
 // and returns it back to the pool.
-func (st *stacktrace) Free() {
+func (st *Stack) Free() {
 	st.frames = nil
 	st.pcs = nil
-	_stacktracePool.Put(st)
+	_stackPool.Put(st)
 }
 
 // Count reports the total number of frames in this stacktrace.
 // Count DOES NOT change as Next is called.
-func (st *stacktrace) Count() int {
+func (st *Stack) Count() int {
 	return len(st.pcs)
 }
 
 // Next returns the next frame in the stack trace,
 // and a boolean indicating whether there are more after it.
-func (st *stacktrace) Next() (_ runtime.Frame, more bool) {
+func (st *Stack) Next() (_ runtime.Frame, more bool) {
 	return st.frames.Next()
 }
 
-func takeStacktrace(skip int) string {
-	stack := captureStacktrace(skip+1, stacktraceFull)
+// Take returns a string representation of the current stacktrace.
+//
+// skip is the number of frames to skip before recording the stack trace.
+// skip=0 identifies the caller of Take.
+func Take(skip int) string {
+	stack := Capture(skip+1, Full)
 	defer stack.Free()
 
 	buffer := bufferpool.Get()
 	defer buffer.Free()
 
-	stackfmt := newStackFormatter(buffer)
+	stackfmt := NewFormatter(buffer)
 	stackfmt.FormatStack(stack)
 	return buffer.String()
 }
 
-// stackFormatter formats a stack trace into a readable string representation.
-type stackFormatter struct {
+// Formatter formats a stack trace into a readable string representation.
+type Formatter struct {
 	b        *buffer.Buffer
 	nonEmpty bool // whehther we've written at least one frame already
 }
 
-// newStackFormatter builds a new stackFormatter.
-func newStackFormatter(b *buffer.Buffer) stackFormatter {
-	return stackFormatter{b: b}
+// NewFormatter builds a new Formatter.
+func NewFormatter(b *buffer.Buffer) Formatter {
+	return Formatter{b: b}
 }
 
 // FormatStack formats all remaining frames in the provided stacktrace -- minus
 // the final runtime.main/runtime.goexit frame.
-func (sf *stackFormatter) FormatStack(stack *stacktrace) {
+func (sf *Formatter) FormatStack(stack *Stack) {
 	// Note: On the last iteration, frames.Next() returns false, with a valid
 	// frame, but we ignore this frame. The last frame is a runtime frame which
 	// adds noise, since it's only either runtime.main or runtime.goexit.
@@ -162,7 +167,7 @@ func (sf *stackFormatter) FormatStack(stack *stacktrace) {
 }
 
 // FormatFrame formats the given frame.
-func (sf *stackFormatter) FormatFrame(frame runtime.Frame) {
+func (sf *Formatter) FormatFrame(frame runtime.Frame) {
 	if sf.nonEmpty {
 		sf.b.AppendByte('\n')
 	}
diff --git a/vendor/go.uber.org/zap/level.go b/vendor/go.uber.org/zap/level.go
index db951e19a..155b208bd 100644
--- a/vendor/go.uber.org/zap/level.go
+++ b/vendor/go.uber.org/zap/level.go
@@ -21,7 +21,8 @@
 package zap
 
 import (
-	"go.uber.org/atomic"
+	"sync/atomic"
+
 	"go.uber.org/zap/internal"
 	"go.uber.org/zap/zapcore"
 )
@@ -76,9 +77,9 @@ var _ internal.LeveledEnabler = AtomicLevel{}
 // NewAtomicLevel creates an AtomicLevel with InfoLevel and above logging
 // enabled.
 func NewAtomicLevel() AtomicLevel {
-	return AtomicLevel{
-		l: atomic.NewInt32(int32(InfoLevel)),
-	}
+	lvl := AtomicLevel{l: new(atomic.Int32)}
+	lvl.l.Store(int32(InfoLevel))
+	return lvl
 }
 
 // NewAtomicLevelAt is a convenience function that creates an AtomicLevel
diff --git a/vendor/go.uber.org/zap/logger.go b/vendor/go.uber.org/zap/logger.go
index cd44030d1..6205fe48a 100644
--- a/vendor/go.uber.org/zap/logger.go
+++ b/vendor/go.uber.org/zap/logger.go
@@ -27,6 +27,7 @@ import (
 	"strings"
 
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/stacktrace"
 	"go.uber.org/zap/zapcore"
 )
 
@@ -173,7 +174,8 @@ func (log *Logger) WithOptions(opts ...Option) *Logger {
 }
 
 // With creates a child logger and adds structured context to it. Fields added
-// to the child don't affect the parent, and vice versa.
+// to the child don't affect the parent, and vice versa. Any fields that
+// require evaluation (such as Objects) are evaluated upon invocation of With.
 func (log *Logger) With(fields ...Field) *Logger {
 	if len(fields) == 0 {
 		return log
@@ -183,6 +185,28 @@ func (log *Logger) With(fields ...Field) *Logger {
 	return l
 }
 
+// WithLazy creates a child logger and adds structured context to it lazily.
+//
+// The fields are evaluated only if the logger is further chained with [With]
+// or is written to with any of the log level methods.
+// Until that occurs, the logger may retain references to objects inside the fields,
+// and logging will reflect the state of an object at the time of logging,
+// not the time of WithLazy().
+//
+// WithLazy provides a worthwhile performance optimization for contextual loggers
+// when the likelihood of using the child logger is low,
+// such as error paths and rarely taken branches.
+//
+// Similar to [With], fields added to the child don't affect the parent, and vice versa.
+func (log *Logger) WithLazy(fields ...Field) *Logger {
+	if len(fields) == 0 {
+		return log
+	}
+	return log.WithOptions(WrapCore(func(core zapcore.Core) zapcore.Core {
+		return zapcore.NewLazyWith(core, fields)
+	}))
+}
+
 // Level reports the minimum enabled level for this logger.
 //
 // For NopLoggers, this is [zapcore.InvalidLevel].
@@ -199,6 +223,8 @@ func (log *Logger) Check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 
 // Log logs a message at the specified level. The message includes any fields
 // passed at the log site, as well as any fields accumulated on the logger.
+// Any Fields that require  evaluation (such as Objects) are evaluated upon
+// invocation of Log.
 func (log *Logger) Log(lvl zapcore.Level, msg string, fields ...Field) {
 	if ce := log.check(lvl, msg); ce != nil {
 		ce.Write(fields...)
@@ -281,9 +307,15 @@ func (log *Logger) Core() zapcore.Core {
 	return log.core
 }
 
+// Name returns the Logger's underlying name,
+// or an empty string if the logger is unnamed.
+func (log *Logger) Name() string {
+	return log.name
+}
+
 func (log *Logger) clone() *Logger {
-	copy := *log
-	return &copy
+	clone := *log
+	return &clone
 }
 
 func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
@@ -354,17 +386,17 @@ func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 
 	// Adding the caller or stack trace requires capturing the callers of
 	// this function. We'll share information between these two.
-	stackDepth := stacktraceFirst
+	stackDepth := stacktrace.First
 	if addStack {
-		stackDepth = stacktraceFull
+		stackDepth = stacktrace.Full
 	}
-	stack := captureStacktrace(log.callerSkip+callerSkipOffset, stackDepth)
+	stack := stacktrace.Capture(log.callerSkip+callerSkipOffset, stackDepth)
 	defer stack.Free()
 
 	if stack.Count() == 0 {
 		if log.addCaller {
 			fmt.Fprintf(log.errorOutput, "%v Logger.check error: failed to get caller\n", ent.Time.UTC())
-			log.errorOutput.Sync()
+			_ = log.errorOutput.Sync()
 		}
 		return ce
 	}
@@ -385,7 +417,7 @@ func (log *Logger) check(lvl zapcore.Level, msg string) *zapcore.CheckedEntry {
 		buffer := bufferpool.Get()
 		defer buffer.Free()
 
-		stackfmt := newStackFormatter(buffer)
+		stackfmt := stacktrace.NewFormatter(buffer)
 
 		// We've already extracted the first frame, so format that
 		// separately and defer to stackfmt for the rest.
diff --git a/vendor/go.uber.org/zap/sink.go b/vendor/go.uber.org/zap/sink.go
index 478c9a10f..499772a00 100644
--- a/vendor/go.uber.org/zap/sink.go
+++ b/vendor/go.uber.org/zap/sink.go
@@ -66,7 +66,8 @@ func newSinkRegistry() *sinkRegistry {
 		factories: make(map[string]func(*url.URL) (Sink, error)),
 		openFile:  os.OpenFile,
 	}
-	sr.RegisterSink(schemeFile, sr.newFileSinkFromURL)
+	// Infallible operation: the registry is empty, so we can't have a conflict.
+	_ = sr.RegisterSink(schemeFile, sr.newFileSinkFromURL)
 	return sr
 }
 
@@ -154,7 +155,7 @@ func (sr *sinkRegistry) newFileSinkFromPath(path string) (Sink, error) {
 	case "stderr":
 		return nopCloserSink{os.Stderr}, nil
 	}
-	return sr.openFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0666)
+	return sr.openFile(path, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0o666)
 }
 
 func normalizeScheme(s string) (string, error) {
diff --git a/vendor/go.uber.org/zap/sugar.go b/vendor/go.uber.org/zap/sugar.go
index ac387b3e4..00ac5fe3a 100644
--- a/vendor/go.uber.org/zap/sugar.go
+++ b/vendor/go.uber.org/zap/sugar.go
@@ -122,74 +122,88 @@ func (s *SugaredLogger) Level() zapcore.Level {
 	return zapcore.LevelOf(s.base.core)
 }
 
-// Debug uses fmt.Sprint to construct and log a message.
+// Debug logs the provided arguments at [DebugLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Debug(args ...interface{}) {
 	s.log(DebugLevel, "", args, nil)
 }
 
-// Info uses fmt.Sprint to construct and log a message.
+// Info logs the provided arguments at [InfoLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Info(args ...interface{}) {
 	s.log(InfoLevel, "", args, nil)
 }
 
-// Warn uses fmt.Sprint to construct and log a message.
+// Warn logs the provided arguments at [WarnLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Warn(args ...interface{}) {
 	s.log(WarnLevel, "", args, nil)
 }
 
-// Error uses fmt.Sprint to construct and log a message.
+// Error logs the provided arguments at [ErrorLevel].
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Error(args ...interface{}) {
 	s.log(ErrorLevel, "", args, nil)
 }
 
-// DPanic uses fmt.Sprint to construct and log a message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanic logs the provided arguments at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) DPanic(args ...interface{}) {
 	s.log(DPanicLevel, "", args, nil)
 }
 
-// Panic uses fmt.Sprint to construct and log a message, then panics.
+// Panic constructs a message with the provided arguments and panics.
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Panic(args ...interface{}) {
 	s.log(PanicLevel, "", args, nil)
 }
 
-// Fatal uses fmt.Sprint to construct and log a message, then calls os.Exit.
+// Fatal constructs a message with the provided arguments and calls os.Exit.
+// Spaces are added between arguments when neither is a string.
 func (s *SugaredLogger) Fatal(args ...interface{}) {
 	s.log(FatalLevel, "", args, nil)
 }
 
-// Debugf uses fmt.Sprintf to log a templated message.
+// Debugf formats the message according to the format specifier
+// and logs it at [DebugLevel].
 func (s *SugaredLogger) Debugf(template string, args ...interface{}) {
 	s.log(DebugLevel, template, args, nil)
 }
 
-// Infof uses fmt.Sprintf to log a templated message.
+// Infof formats the message according to the format specifier
+// and logs it at [InfoLevel].
 func (s *SugaredLogger) Infof(template string, args ...interface{}) {
 	s.log(InfoLevel, template, args, nil)
 }
 
-// Warnf uses fmt.Sprintf to log a templated message.
+// Warnf formats the message according to the format specifier
+// and logs it at [WarnLevel].
 func (s *SugaredLogger) Warnf(template string, args ...interface{}) {
 	s.log(WarnLevel, template, args, nil)
 }
 
-// Errorf uses fmt.Sprintf to log a templated message.
+// Errorf formats the message according to the format specifier
+// and logs it at [ErrorLevel].
 func (s *SugaredLogger) Errorf(template string, args ...interface{}) {
 	s.log(ErrorLevel, template, args, nil)
 }
 
-// DPanicf uses fmt.Sprintf to log a templated message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanicf formats the message according to the format specifier
+// and logs it at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
 func (s *SugaredLogger) DPanicf(template string, args ...interface{}) {
 	s.log(DPanicLevel, template, args, nil)
 }
 
-// Panicf uses fmt.Sprintf to log a templated message, then panics.
+// Panicf formats the message according to the format specifier
+// and panics.
 func (s *SugaredLogger) Panicf(template string, args ...interface{}) {
 	s.log(PanicLevel, template, args, nil)
 }
 
-// Fatalf uses fmt.Sprintf to log a templated message, then calls os.Exit.
+// Fatalf formats the message according to the format specifier
+// and calls os.Exit.
 func (s *SugaredLogger) Fatalf(template string, args ...interface{}) {
 	s.log(FatalLevel, template, args, nil)
 }
@@ -241,38 +255,45 @@ func (s *SugaredLogger) Fatalw(msg string, keysAndValues ...interface{}) {
 	s.log(FatalLevel, msg, nil, keysAndValues)
 }
 
-// Debugln uses fmt.Sprintln to construct and log a message.
+// Debugln logs a message at [DebugLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Debugln(args ...interface{}) {
 	s.logln(DebugLevel, args, nil)
 }
 
-// Infoln uses fmt.Sprintln to construct and log a message.
+// Infoln logs a message at [InfoLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Infoln(args ...interface{}) {
 	s.logln(InfoLevel, args, nil)
 }
 
-// Warnln uses fmt.Sprintln to construct and log a message.
+// Warnln logs a message at [WarnLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Warnln(args ...interface{}) {
 	s.logln(WarnLevel, args, nil)
 }
 
-// Errorln uses fmt.Sprintln to construct and log a message.
+// Errorln logs a message at [ErrorLevel].
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Errorln(args ...interface{}) {
 	s.logln(ErrorLevel, args, nil)
 }
 
-// DPanicln uses fmt.Sprintln to construct and log a message. In development, the
-// logger then panics. (See DPanicLevel for details.)
+// DPanicln logs a message at [DPanicLevel].
+// In development, the logger then panics. (See [DPanicLevel] for details.)
+// Spaces are always added between arguments.
 func (s *SugaredLogger) DPanicln(args ...interface{}) {
 	s.logln(DPanicLevel, args, nil)
 }
 
-// Panicln uses fmt.Sprintln to construct and log a message, then panics.
+// Panicln logs a message at [PanicLevel] and panics.
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Panicln(args ...interface{}) {
 	s.logln(PanicLevel, args, nil)
 }
 
-// Fatalln uses fmt.Sprintln to construct and log a message, then calls os.Exit.
+// Fatalln logs a message at [FatalLevel] and calls os.Exit.
+// Spaces are always added between arguments.
 func (s *SugaredLogger) Fatalln(args ...interface{}) {
 	s.logln(FatalLevel, args, nil)
 }
diff --git a/vendor/go.uber.org/zap/writer.go b/vendor/go.uber.org/zap/writer.go
index f08728e1e..06768c679 100644
--- a/vendor/go.uber.org/zap/writer.go
+++ b/vendor/go.uber.org/zap/writer.go
@@ -48,21 +48,21 @@ import (
 // os.Stdout and os.Stderr. When specified without a scheme, relative file
 // paths also work.
 func Open(paths ...string) (zapcore.WriteSyncer, func(), error) {
-	writers, close, err := open(paths)
+	writers, closeAll, err := open(paths)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	writer := CombineWriteSyncers(writers...)
-	return writer, close, nil
+	return writer, closeAll, nil
 }
 
 func open(paths []string) ([]zapcore.WriteSyncer, func(), error) {
 	writers := make([]zapcore.WriteSyncer, 0, len(paths))
 	closers := make([]io.Closer, 0, len(paths))
-	close := func() {
+	closeAll := func() {
 		for _, c := range closers {
-			c.Close()
+			_ = c.Close()
 		}
 	}
 
@@ -77,11 +77,11 @@ func open(paths []string) ([]zapcore.WriteSyncer, func(), error) {
 		closers = append(closers, sink)
 	}
 	if openErr != nil {
-		close()
+		closeAll()
 		return nil, nil, openErr
 	}
 
-	return writers, close, nil
+	return writers, closeAll, nil
 }
 
 // CombineWriteSyncers is a utility that combines multiple WriteSyncers into a
diff --git a/vendor/go.uber.org/zap/zapcore/console_encoder.go b/vendor/go.uber.org/zap/zapcore/console_encoder.go
index 1aa5dc364..8ca0bfaf5 100644
--- a/vendor/go.uber.org/zap/zapcore/console_encoder.go
+++ b/vendor/go.uber.org/zap/zapcore/console_encoder.go
@@ -22,20 +22,20 @@ package zapcore
 
 import (
 	"fmt"
-	"sync"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
-var _sliceEncoderPool = sync.Pool{
-	New: func() interface{} {
-		return &sliceArrayEncoder{elems: make([]interface{}, 0, 2)}
-	},
-}
+var _sliceEncoderPool = pool.New(func() *sliceArrayEncoder {
+	return &sliceArrayEncoder{
+		elems: make([]interface{}, 0, 2),
+	}
+})
 
 func getSliceEncoder() *sliceArrayEncoder {
-	return _sliceEncoderPool.Get().(*sliceArrayEncoder)
+	return _sliceEncoderPool.Get()
 }
 
 func putSliceEncoder(e *sliceArrayEncoder) {
diff --git a/vendor/go.uber.org/zap/zapcore/core.go b/vendor/go.uber.org/zap/zapcore/core.go
index 9dfd64051..776e93f6f 100644
--- a/vendor/go.uber.org/zap/zapcore/core.go
+++ b/vendor/go.uber.org/zap/zapcore/core.go
@@ -102,9 +102,9 @@ func (c *ioCore) Write(ent Entry, fields []Field) error {
 		return err
 	}
 	if ent.Level > ErrorLevel {
-		// Since we may be crashing the program, sync the output. Ignore Sync
-		// errors, pending a clean solution to issue #370.
-		c.Sync()
+		// Since we may be crashing the program, sync the output.
+		// Ignore Sync errors, pending a clean solution to issue #370.
+		_ = c.Sync()
 	}
 	return nil
 }
diff --git a/vendor/go.uber.org/zap/zapcore/entry.go b/vendor/go.uber.org/zap/zapcore/entry.go
index 9d326e95e..459a5d7ce 100644
--- a/vendor/go.uber.org/zap/zapcore/entry.go
+++ b/vendor/go.uber.org/zap/zapcore/entry.go
@@ -24,25 +24,23 @@ import (
 	"fmt"
 	"runtime"
 	"strings"
-	"sync"
 	"time"
 
 	"go.uber.org/multierr"
 	"go.uber.org/zap/internal/bufferpool"
 	"go.uber.org/zap/internal/exit"
+	"go.uber.org/zap/internal/pool"
 )
 
-var (
-	_cePool = sync.Pool{New: func() interface{} {
-		// Pre-allocate some space for cores.
-		return &CheckedEntry{
-			cores: make([]Core, 4),
-		}
-	}}
-)
+var _cePool = pool.New(func() *CheckedEntry {
+	// Pre-allocate some space for cores.
+	return &CheckedEntry{
+		cores: make([]Core, 4),
+	}
+})
 
 func getCheckedEntry() *CheckedEntry {
-	ce := _cePool.Get().(*CheckedEntry)
+	ce := _cePool.Get()
 	ce.reset()
 	return ce
 }
@@ -244,7 +242,7 @@ func (ce *CheckedEntry) Write(fields ...Field) {
 			// CheckedEntry is being used after it was returned to the pool,
 			// the message may be an amalgamation from multiple call sites.
 			fmt.Fprintf(ce.ErrorOutput, "%v Unsafe CheckedEntry re-use near Entry %+v.\n", ce.Time, ce.Entry)
-			ce.ErrorOutput.Sync()
+			_ = ce.ErrorOutput.Sync() // ignore error
 		}
 		return
 	}
@@ -256,7 +254,7 @@ func (ce *CheckedEntry) Write(fields ...Field) {
 	}
 	if err != nil && ce.ErrorOutput != nil {
 		fmt.Fprintf(ce.ErrorOutput, "%v write error: %v\n", ce.Time, err)
-		ce.ErrorOutput.Sync()
+		_ = ce.ErrorOutput.Sync() // ignore error
 	}
 
 	hook := ce.after
diff --git a/vendor/go.uber.org/zap/zapcore/error.go b/vendor/go.uber.org/zap/zapcore/error.go
index 06359907a..c40df1326 100644
--- a/vendor/go.uber.org/zap/zapcore/error.go
+++ b/vendor/go.uber.org/zap/zapcore/error.go
@@ -23,7 +23,8 @@ package zapcore
 import (
 	"fmt"
 	"reflect"
-	"sync"
+
+	"go.uber.org/zap/internal/pool"
 )
 
 // Encodes the given error into fields of an object. A field with the given
@@ -97,15 +98,18 @@ func (errs errArray) MarshalLogArray(arr ArrayEncoder) error {
 		}
 
 		el := newErrArrayElem(errs[i])
-		arr.AppendObject(el)
+		err := arr.AppendObject(el)
 		el.Free()
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
 
-var _errArrayElemPool = sync.Pool{New: func() interface{} {
+var _errArrayElemPool = pool.New(func() *errArrayElem {
 	return &errArrayElem{}
-}}
+})
 
 // Encodes any error into a {"error": ...} re-using the same errors logic.
 //
@@ -113,7 +117,7 @@ var _errArrayElemPool = sync.Pool{New: func() interface{} {
 type errArrayElem struct{ err error }
 
 func newErrArrayElem(err error) *errArrayElem {
-	e := _errArrayElemPool.Get().(*errArrayElem)
+	e := _errArrayElemPool.Get()
 	e.err = err
 	return e
 }
diff --git a/vendor/go.uber.org/zap/zapcore/json_encoder.go b/vendor/go.uber.org/zap/zapcore/json_encoder.go
index 3921c5cd3..c8ab86979 100644
--- a/vendor/go.uber.org/zap/zapcore/json_encoder.go
+++ b/vendor/go.uber.org/zap/zapcore/json_encoder.go
@@ -23,24 +23,20 @@ package zapcore
 import (
 	"encoding/base64"
 	"math"
-	"sync"
 	"time"
 	"unicode/utf8"
 
 	"go.uber.org/zap/buffer"
 	"go.uber.org/zap/internal/bufferpool"
+	"go.uber.org/zap/internal/pool"
 )
 
 // For JSON-escaping; see jsonEncoder.safeAddString below.
 const _hex = "0123456789abcdef"
 
-var _jsonPool = sync.Pool{New: func() interface{} {
+var _jsonPool = pool.New(func() *jsonEncoder {
 	return &jsonEncoder{}
-}}
-
-func getJSONEncoder() *jsonEncoder {
-	return _jsonPool.Get().(*jsonEncoder)
-}
+})
 
 func putJSONEncoder(enc *jsonEncoder) {
 	if enc.reflectBuf != nil {
@@ -354,7 +350,7 @@ func (enc *jsonEncoder) Clone() Encoder {
 }
 
 func (enc *jsonEncoder) clone() *jsonEncoder {
-	clone := getJSONEncoder()
+	clone := _jsonPool.Get()
 	clone.EncoderConfig = enc.EncoderConfig
 	clone.spaced = enc.spaced
 	clone.openNamespaces = enc.openNamespaces
@@ -490,73 +486,98 @@ func (enc *jsonEncoder) appendFloat(val float64, bitSize int) {
 // Unlike the standard library's encoder, it doesn't attempt to protect the
 // user from browser vulnerabilities or JSONP-related problems.
 func (enc *jsonEncoder) safeAddString(s string) {
-	for i := 0; i < len(s); {
-		if enc.tryAddRuneSelf(s[i]) {
-			i++
-			continue
-		}
-		r, size := utf8.DecodeRuneInString(s[i:])
-		if enc.tryAddRuneError(r, size) {
-			i++
-			continue
-		}
-		enc.buf.AppendString(s[i : i+size])
-		i += size
-	}
+	safeAppendStringLike(
+		(*buffer.Buffer).AppendString,
+		utf8.DecodeRuneInString,
+		enc.buf,
+		s,
+	)
 }
 
 // safeAddByteString is no-alloc equivalent of safeAddString(string(s)) for s []byte.
 func (enc *jsonEncoder) safeAddByteString(s []byte) {
+	safeAppendStringLike(
+		(*buffer.Buffer).AppendBytes,
+		utf8.DecodeRune,
+		enc.buf,
+		s,
+	)
+}
+
+// safeAppendStringLike is a generic implementation of safeAddString and safeAddByteString.
+// It appends a string or byte slice to the buffer, escaping all special characters.
+func safeAppendStringLike[S []byte | string](
+	// appendTo appends this string-like object to the buffer.
+	appendTo func(*buffer.Buffer, S),
+	// decodeRune decodes the next rune from the string-like object
+	// and returns its value and width in bytes.
+	decodeRune func(S) (rune, int),
+	buf *buffer.Buffer,
+	s S,
+) {
+	// The encoding logic below works by skipping over characters
+	// that can be safely copied as-is,
+	// until a character is found that needs special handling.
+	// At that point, we copy everything we've seen so far,
+	// and then handle that special character.
+	//
+	// last is the index of the last byte that was copied to the buffer.
+	last := 0
 	for i := 0; i < len(s); {
-		if enc.tryAddRuneSelf(s[i]) {
+		if s[i] >= utf8.RuneSelf {
+			// Character >= RuneSelf may be part of a multi-byte rune.
+			// They need to be decoded before we can decide how to handle them.
+			r, size := decodeRune(s[i:])
+			if r != utf8.RuneError || size != 1 {
+				// No special handling required.
+				// Skip over this rune and continue.
+				i += size
+				continue
+			}
+
+			// Invalid UTF-8 sequence.
+			// Replace it with the Unicode replacement character.
+			appendTo(buf, s[last:i])
+			buf.AppendString(`\ufffd`)
+
 			i++
-			continue
-		}
-		r, size := utf8.DecodeRune(s[i:])
-		if enc.tryAddRuneError(r, size) {
+			last = i
+		} else {
+			// Character < RuneSelf is a single-byte UTF-8 rune.
+			if s[i] >= 0x20 && s[i] != '\\' && s[i] != '"' {
+				// No escaping necessary.
+				// Skip over this character and continue.
+				i++
+				continue
+			}
+
+			// This character needs to be escaped.
+			appendTo(buf, s[last:i])
+			switch s[i] {
+			case '\\', '"':
+				buf.AppendByte('\\')
+				buf.AppendByte(s[i])
+			case '\n':
+				buf.AppendByte('\\')
+				buf.AppendByte('n')
+			case '\r':
+				buf.AppendByte('\\')
+				buf.AppendByte('r')
+			case '\t':
+				buf.AppendByte('\\')
+				buf.AppendByte('t')
+			default:
+				// Encode bytes < 0x20, except for the escape sequences above.
+				buf.AppendString(`\u00`)
+				buf.AppendByte(_hex[s[i]>>4])
+				buf.AppendByte(_hex[s[i]&0xF])
+			}
+
 			i++
-			continue
+			last = i
 		}
-		enc.buf.Write(s[i : i+size])
-		i += size
-	}
-}
-
-// tryAddRuneSelf appends b if it is valid UTF-8 character represented in a single byte.
-func (enc *jsonEncoder) tryAddRuneSelf(b byte) bool {
-	if b >= utf8.RuneSelf {
-		return false
-	}
-	if 0x20 <= b && b != '\\' && b != '"' {
-		enc.buf.AppendByte(b)
-		return true
-	}
-	switch b {
-	case '\\', '"':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte(b)
-	case '\n':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('n')
-	case '\r':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('r')
-	case '\t':
-		enc.buf.AppendByte('\\')
-		enc.buf.AppendByte('t')
-	default:
-		// Encode bytes < 0x20, except for the escape sequences above.
-		enc.buf.AppendString(`\u00`)
-		enc.buf.AppendByte(_hex[b>>4])
-		enc.buf.AppendByte(_hex[b&0xF])
 	}
-	return true
-}
 
-func (enc *jsonEncoder) tryAddRuneError(r rune, size int) bool {
-	if r == utf8.RuneError && size == 1 {
-		enc.buf.AppendString(`\ufffd`)
-		return true
-	}
-	return false
+	// add remaining
+	appendTo(buf, s[last:])
 }
diff --git a/vendor/go.uber.org/atomic/time.go b/vendor/go.uber.org/zap/zapcore/lazy_with.go
similarity index 60%
rename from vendor/go.uber.org/atomic/time.go
rename to vendor/go.uber.org/zap/zapcore/lazy_with.go
index 1660feb14..05288d6a8 100644
--- a/vendor/go.uber.org/atomic/time.go
+++ b/vendor/go.uber.org/zap/zapcore/lazy_with.go
@@ -1,6 +1,4 @@
-// @generated Code generated by gen-atomicwrapper.
-
-// Copyright (c) 2020-2022 Uber Technologies, Inc.
+// Copyright (c) 2023 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -20,36 +18,37 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package atomic
-
-import (
-	"time"
-)
+package zapcore
 
-// Time is an atomic type-safe wrapper for time.Time values.
-type Time struct {
-	_ nocmp // disallow non-atomic comparison
+import "sync"
 
-	v Value
+type lazyWithCore struct {
+	Core
+	sync.Once
+	fields []Field
 }
 
-var _zeroTime time.Time
-
-// NewTime creates a new Time.
-func NewTime(val time.Time) *Time {
-	x := &Time{}
-	if val != _zeroTime {
-		x.Store(val)
+// NewLazyWith wraps a Core with a "lazy" Core that will only encode fields if
+// the logger is written to (or is further chained in a lon-lazy manner).
+func NewLazyWith(core Core, fields []Field) Core {
+	return &lazyWithCore{
+		Core:   core,
+		fields: fields,
 	}
-	return x
 }
 
-// Load atomically loads the wrapped time.Time.
-func (x *Time) Load() time.Time {
-	return unpackTime(x.v.Load())
+func (d *lazyWithCore) initOnce() {
+	d.Once.Do(func() {
+		d.Core = d.Core.With(d.fields)
+	})
+}
+
+func (d *lazyWithCore) With(fields []Field) Core {
+	d.initOnce()
+	return d.Core.With(fields)
 }
 
-// Store atomically stores the passed time.Time.
-func (x *Time) Store(val time.Time) {
-	x.v.Store(packTime(val))
+func (d *lazyWithCore) Check(e Entry, ce *CheckedEntry) *CheckedEntry {
+	d.initOnce()
+	return d.Core.Check(e, ce)
 }
diff --git a/vendor/go.uber.org/zap/zapcore/sampler.go b/vendor/go.uber.org/zap/zapcore/sampler.go
index dc518055a..b7c093a4f 100644
--- a/vendor/go.uber.org/zap/zapcore/sampler.go
+++ b/vendor/go.uber.org/zap/zapcore/sampler.go
@@ -21,9 +21,8 @@
 package zapcore
 
 import (
+	"sync/atomic"
 	"time"
-
-	"go.uber.org/atomic"
 )
 
 const (
@@ -66,16 +65,16 @@ func (c *counter) IncCheckReset(t time.Time, tick time.Duration) uint64 {
 	tn := t.UnixNano()
 	resetAfter := c.resetAt.Load()
 	if resetAfter > tn {
-		return c.counter.Inc()
+		return c.counter.Add(1)
 	}
 
 	c.counter.Store(1)
 
 	newResetAfter := tn + tick.Nanoseconds()
-	if !c.resetAt.CAS(resetAfter, newResetAfter) {
+	if !c.resetAt.CompareAndSwap(resetAfter, newResetAfter) {
 		// We raced with another goroutine trying to reset, and it also reset
 		// the counter to 1, so we need to reincrement the counter.
-		return c.counter.Inc()
+		return c.counter.Add(1)
 	}
 
 	return 1
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
index a014ac92a..063e7784f 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 package argon2
 
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
index b2cc05150..f3b653a12 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_ref.go b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
index 167c59d2d..16d58c650 100644
--- a/vendor/golang.org/x/crypto/argon2/blamka_ref.go
+++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package argon2
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
index 56bfaaa17..4f506f879 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.7 && amd64 && gc && !purego
-// +build go1.7,amd64,gc,!purego
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
index 4b9daa18d..353bb7cac 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.7 && amd64 && gc && !purego
-// +build go1.7,amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
index 5fa1b3284..1d0770abb 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.7 && amd64 && gc && !purego
-// +build !go1.7,amd64,gc,!purego
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
index ae75eb9af..adfac00c1 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
index b0137cdf0..6e28668cd 100644
--- a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go
index 9d8633963..d9fcac3a4 100644
--- a/vendor/golang.org/x/crypto/blake2b/register.go
+++ b/vendor/golang.org/x/crypto/blake2b/register.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.9
-// +build go1.9
 
 package blake2b
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
index 5dfacbb98..661ea132e 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
index f1f66230d..7dd2638e8 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
index 02ff3d05e..db42e6676 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!arm64 && !s390x && !ppc64le) || !gc || purego
-// +build !arm64,!s390x,!ppc64le !gc purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
index da420b2e9..3a4287f99 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
index 5c0fed26f..66aebae25 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -20,7 +20,6 @@
 // due to the calling conventions and initialization of constants.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
index 4652247b8..683ccfd1c 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package chacha20
 
diff --git a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
index f3ef5a019..1eda91a3d 100644
--- a/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
+++ b/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "go_asm.h"
 #include "textflag.h"
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
index edcf163c4..70c541692 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.go
@@ -1,7 +1,6 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
index 293f013c9..60817acc4 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64.s
@@ -1,7 +1,6 @@
 // Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
 
 //go:build amd64 && gc && !purego
-// +build amd64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
index ddb6c9b8f..9da280d1d 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_amd64_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || !gc || purego
-// +build !amd64 !gc purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
index af459ef51..075fe9b92 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && gc && !purego
-// +build arm64,gc,!purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
index 5c91e4589..3126a4341 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && gc && !purego
-// +build arm64,gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
index 234a5b2e5..fc029ac12 100644
--- a/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
+++ b/vendor/golang.org/x/crypto/curve25519/internal/field/fe_arm64_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !arm64 || !gc || purego
-// +build !arm64 !gc purego
 
 package field
 
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
index dda3f143b..f4ded5fee 100644
--- a/vendor/golang.org/x/crypto/hkdf/hkdf.go
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -56,7 +56,9 @@ func (f *hkdf) Read(p []byte) (int, error) {
 
 	// Fill the rest of the buffer
 	for len(p) > 0 {
-		f.expander.Reset()
+		if f.counter > 1 {
+			f.expander.Reset()
+		}
 		f.expander.Write(f.prev)
 		f.expander.Write(f.info)
 		f.expander.Write([]byte{f.counter})
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias.go b/vendor/golang.org/x/crypto/internal/alias/alias.go
index 69c17f822..551ff0c35 100644
--- a/vendor/golang.org/x/crypto/internal/alias/alias.go
+++ b/vendor/golang.org/x/crypto/internal/alias/alias.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !purego
-// +build !purego
 
 // Package alias implements memory aliasing tests.
 package alias
diff --git a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
index 4775b0a43..6fe61b5c6 100644
--- a/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
+++ b/vendor/golang.org/x/crypto/internal/alias/alias_purego.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build purego
-// +build purego
 
 // Package alias implements memory aliasing tests.
 package alias
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
index 45b5c966b..d33c8890f 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.13
-// +build !go1.13
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
index ed52b3418..495c1fa69 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.13
-// +build go1.13
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
index f184b67d9..333da285b 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
-// +build !amd64,!ppc64le,!s390x !gc purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
index 6d522333f..164cd47d3 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
index 1d74f0f88..e0d3c6475 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
index 4a069941a..4aec4874b 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
index 58422aad2..d2ca5deeb 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
index ec9596688..e1d033a49 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package poly1305
 
diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
index aa9e0494c..0fe3a7c21 100644
--- a/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
+++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/sha3/hashes_generic.go b/vendor/golang.org/x/crypto/sha3/hashes_generic.go
index c74fc20fc..fe8c84793 100644
--- a/vendor/golang.org/x/crypto/sha3/hashes_generic.go
+++ b/vendor/golang.org/x/crypto/sha3/hashes_generic.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !gc || purego || !s390x
-// +build !gc purego !s390x
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf.go b/vendor/golang.org/x/crypto/sha3/keccakf.go
index e5faa375c..ce48b1dd3 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf.go
+++ b/vendor/golang.org/x/crypto/sha3/keccakf.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !amd64 || purego || !gc
-// +build !amd64 purego !gc
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
index 248a38241..b908696be 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
index 4cfa54383..8fb26aebb 100644
--- a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && !purego && gc
-// +build amd64,!purego,gc
 
 // This code was translated into a form compatible with 6a from the public
 // domain sources at https://github.com/gvanas/KeccakCodePackage
diff --git a/vendor/golang.org/x/crypto/sha3/register.go b/vendor/golang.org/x/crypto/sha3/register.go
index 8b4453aac..addfd5049 100644
--- a/vendor/golang.org/x/crypto/sha3/register.go
+++ b/vendor/golang.org/x/crypto/sha3/register.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.4
-// +build go1.4
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
index ec26f147f..d861bca52 100644
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
index a0e051b04..826b862c7 100644
--- a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc && !purego
-// +build gc,!purego
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/crypto/sha3/shake_generic.go b/vendor/golang.org/x/crypto/sha3/shake_generic.go
index 5c0710ef9..8d31cf5be 100644
--- a/vendor/golang.org/x/crypto/sha3/shake_generic.go
+++ b/vendor/golang.org/x/crypto/sha3/shake_generic.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !gc || purego || !s390x
-// +build !gc purego !s390x
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/xor.go b/vendor/golang.org/x/crypto/sha3/xor.go
index 59c8eb941..7337cca88 100644
--- a/vendor/golang.org/x/crypto/sha3/xor.go
+++ b/vendor/golang.org/x/crypto/sha3/xor.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (!amd64 && !386 && !ppc64le) || purego
-// +build !amd64,!386,!ppc64le purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go b/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
index 1ce606246..870e2d16e 100644
--- a/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
+++ b/vendor/golang.org/x/crypto/sha3/xor_unaligned.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (amd64 || 386 || ppc64le) && !purego
-// +build amd64 386 ppc64le
-// +build !purego
 
 package sha3
 
diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
index 9f09aae7d..fecba8eb3 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/client.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/client.go
@@ -141,9 +141,14 @@ const (
 	agentAddSmartcardKeyConstrained = 26
 
 	// 3.7 Key constraint identifiers
-	agentConstrainLifetime  = 1
-	agentConstrainConfirm   = 2
-	agentConstrainExtension = 3
+	agentConstrainLifetime = 1
+	agentConstrainConfirm  = 2
+	// Constraint extension identifier up to version 2 of the protocol. A
+	// backward incompatible change will be required if we want to add support
+	// for SSH_AGENT_CONSTRAIN_MAXSIGN which uses the same ID.
+	agentConstrainExtensionV00 = 3
+	// Constraint extension identifier in version 3 and later of the protocol.
+	agentConstrainExtension = 255
 )
 
 // maxAgentResponseBytes is the maximum agent reply size that is accepted. This
@@ -205,7 +210,7 @@ type constrainLifetimeAgentMsg struct {
 }
 
 type constrainExtensionAgentMsg struct {
-	ExtensionName    string `sshtype:"3"`
+	ExtensionName    string `sshtype:"255|3"`
 	ExtensionDetails []byte
 
 	// Rest is a field used for parsing, not part of message
diff --git a/vendor/golang.org/x/crypto/ssh/agent/server.go b/vendor/golang.org/x/crypto/ssh/agent/server.go
index dd2e0a3e7..e35ca7ce3 100644
--- a/vendor/golang.org/x/crypto/ssh/agent/server.go
+++ b/vendor/golang.org/x/crypto/ssh/agent/server.go
@@ -208,7 +208,7 @@ func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse
 		case agentConstrainConfirm:
 			confirmBeforeUse = true
 			constraints = constraints[1:]
-		case agentConstrainExtension:
+		case agentConstrainExtension, agentConstrainExtensionV00:
 			var msg constrainExtensionAgentMsg
 			if err = ssh.Unmarshal(constraints, &msg); err != nil {
 				return 0, false, nil, err
diff --git a/vendor/golang.org/x/crypto/ssh/client_auth.go b/vendor/golang.org/x/crypto/ssh/client_auth.go
index 5c3bc2572..34bf089d0 100644
--- a/vendor/golang.org/x/crypto/ssh/client_auth.go
+++ b/vendor/golang.org/x/crypto/ssh/client_auth.go
@@ -307,7 +307,10 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
 	}
 	var methods []string
 	var errSigAlgo error
-	for _, signer := range signers {
+
+	origSignersLen := len(signers)
+	for idx := 0; idx < len(signers); idx++ {
+		signer := signers[idx]
 		pub := signer.PublicKey()
 		as, algo, err := pickSignatureAlgorithm(signer, extensions)
 		if err != nil && errSigAlgo == nil {
@@ -321,6 +324,21 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
 		if err != nil {
 			return authFailure, nil, err
 		}
+		// OpenSSH 7.2-7.7 advertises support for rsa-sha2-256 and rsa-sha2-512
+		// in the "server-sig-algs" extension but doesn't support these
+		// algorithms for certificate authentication, so if the server rejects
+		// the key try to use the obtained algorithm as if "server-sig-algs" had
+		// not been implemented if supported from the algorithm signer.
+		if !ok && idx < origSignersLen && isRSACert(algo) && algo != CertAlgoRSAv01 {
+			if contains(as.Algorithms(), KeyAlgoRSA) {
+				// We retry using the compat algorithm after all signers have
+				// been tried normally.
+				signers = append(signers, &multiAlgorithmSigner{
+					AlgorithmSigner:     as,
+					supportedAlgorithms: []string{KeyAlgoRSA},
+				})
+			}
+		}
 		if !ok {
 			continue
 		}
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go
index b419c761e..7e9c2cbc6 100644
--- a/vendor/golang.org/x/crypto/ssh/common.go
+++ b/vendor/golang.org/x/crypto/ssh/common.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"io"
 	"math"
-	"strings"
 	"sync"
 
 	_ "crypto/sha1"
@@ -128,6 +127,14 @@ func isRSA(algo string) bool {
 	return contains(algos, underlyingAlgo(algo))
 }
 
+func isRSACert(algo string) bool {
+	_, ok := certKeyAlgoNames[algo]
+	if !ok {
+		return false
+	}
+	return isRSA(algo)
+}
+
 // supportedPubKeyAuthAlgos specifies the supported client public key
 // authentication algorithms. Note that this doesn't include certificate types
 // since those use the underlying algorithm. This list is sent to the client if
@@ -140,8 +147,6 @@ var supportedPubKeyAuthAlgos = []string{
 	KeyAlgoDSA,
 }
 
-var supportedPubKeyAuthAlgosList = strings.Join(supportedPubKeyAuthAlgos, ",")
-
 // unexpectedMessageError results when the SSH message that we received didn't
 // match what we wanted.
 func unexpectedMessageError(expected, got uint8) error {
diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go
index 70a7369ff..49bbba769 100644
--- a/vendor/golang.org/x/crypto/ssh/handshake.go
+++ b/vendor/golang.org/x/crypto/ssh/handshake.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"log"
 	"net"
+	"strings"
 	"sync"
 )
 
@@ -50,6 +51,10 @@ type handshakeTransport struct {
 	// connection.
 	hostKeys []Signer
 
+	// publicKeyAuthAlgorithms is non-empty if we are the server. In that case,
+	// it contains the supported client public key authentication algorithms.
+	publicKeyAuthAlgorithms []string
+
 	// hostKeyAlgorithms is non-empty if we are the client. In that case,
 	// we accept these key types from the server as host key.
 	hostKeyAlgorithms []string
@@ -141,6 +146,7 @@ func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byt
 func newServerTransport(conn keyingTransport, clientVersion, serverVersion []byte, config *ServerConfig) *handshakeTransport {
 	t := newHandshakeTransport(conn, &config.Config, clientVersion, serverVersion)
 	t.hostKeys = config.hostKeys
+	t.publicKeyAuthAlgorithms = config.PublicKeyAuthAlgorithms
 	go t.readLoop()
 	go t.kexLoop()
 	return t
@@ -649,6 +655,7 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 	// message with the server-sig-algs extension if the client supports it. See
 	// RFC 8308, Sections 2.4 and 3.1, and [PROTOCOL], Section 1.9.
 	if !isClient && firstKeyExchange && contains(clientInit.KexAlgos, "ext-info-c") {
+		supportedPubKeyAuthAlgosList := strings.Join(t.publicKeyAuthAlgorithms, ",")
 		extInfo := &extInfoMsg{
 			NumExtensions: 2,
 			Payload:       make([]byte, 0, 4+15+4+len(supportedPubKeyAuthAlgosList)+4+16+4+1),
diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go
index ef1bad731..df4ebdada 100644
--- a/vendor/golang.org/x/crypto/ssh/keys.go
+++ b/vendor/golang.org/x/crypto/ssh/keys.go
@@ -1232,16 +1232,27 @@ func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{},
 		return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
 	}
 
+	var result interface{}
+
 	switch block.Type {
 	case "RSA PRIVATE KEY":
-		return x509.ParsePKCS1PrivateKey(buf)
+		result, err = x509.ParsePKCS1PrivateKey(buf)
 	case "EC PRIVATE KEY":
-		return x509.ParseECPrivateKey(buf)
+		result, err = x509.ParseECPrivateKey(buf)
 	case "DSA PRIVATE KEY":
-		return ParseDSAPrivateKey(buf)
+		result, err = ParseDSAPrivateKey(buf)
 	default:
-		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
+		err = fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
+	// Because of deficiencies in the format, DecryptPEMBlock does not always
+	// detect an incorrect password. In these cases decrypted DER bytes is
+	// random noise. If the parsing of the key returns an asn1.StructuralError
+	// we return x509.IncorrectPasswordError.
+	if _, ok := err.(asn1.StructuralError); ok {
+		return nil, x509.IncorrectPasswordError
+	}
+
+	return result, err
 }
 
 // ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as
diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go
index 727c71b9c..7f0c236a9 100644
--- a/vendor/golang.org/x/crypto/ssh/server.go
+++ b/vendor/golang.org/x/crypto/ssh/server.go
@@ -64,6 +64,13 @@ type ServerConfig struct {
 	// Config contains configuration shared between client and server.
 	Config
 
+	// PublicKeyAuthAlgorithms specifies the supported client public key
+	// authentication algorithms. Note that this should not include certificate
+	// types since those use the underlying algorithm. This list is sent to the
+	// client if it supports the server-sig-algs extension. Order is irrelevant.
+	// If unspecified then a default set of algorithms is used.
+	PublicKeyAuthAlgorithms []string
+
 	hostKeys []Signer
 
 	// NoClientAuth is true if clients are allowed to connect without
@@ -201,6 +208,15 @@ func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewCha
 	if fullConf.MaxAuthTries == 0 {
 		fullConf.MaxAuthTries = 6
 	}
+	if len(fullConf.PublicKeyAuthAlgorithms) == 0 {
+		fullConf.PublicKeyAuthAlgorithms = supportedPubKeyAuthAlgos
+	} else {
+		for _, algo := range fullConf.PublicKeyAuthAlgorithms {
+			if !contains(supportedPubKeyAuthAlgos, algo) {
+				return nil, nil, nil, fmt.Errorf("ssh: unsupported public key authentication algorithm %s", algo)
+			}
+		}
+	}
 	// Check if the config contains any unsupported key exchanges
 	for _, kex := range fullConf.KeyExchanges {
 		if _, ok := serverForbiddenKexAlgos[kex]; ok {
@@ -321,7 +337,7 @@ func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
 	return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
 }
 
-func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *connection,
+func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, token []byte, s *connection,
 	sessionID []byte, userAuthReq userAuthRequestMsg) (authErr error, perms *Permissions, err error) {
 	gssAPIServer := gssapiConfig.Server
 	defer gssAPIServer.DeleteSecContext()
@@ -331,7 +347,7 @@ func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *c
 			outToken     []byte
 			needContinue bool
 		)
-		outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(firstToken)
+		outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(token)
 		if err != nil {
 			return err, nil, nil
 		}
@@ -353,6 +369,7 @@ func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *c
 		if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
 			return nil, nil, err
 		}
+		token = userAuthGSSAPITokenReq.Token
 	}
 	packet, err := s.transport.readPacket()
 	if err != nil {
@@ -524,7 +541,7 @@ userAuthLoop:
 				return nil, parseError(msgUserAuthRequest)
 			}
 			algo := string(algoBytes)
-			if !contains(supportedPubKeyAuthAlgos, underlyingAlgo(algo)) {
+			if !contains(config.PublicKeyAuthAlgorithms, underlyingAlgo(algo)) {
 				authErr = fmt.Errorf("ssh: algorithm %q not accepted", algo)
 				break
 			}
@@ -591,7 +608,7 @@ userAuthLoop:
 				// algorithm name that corresponds to algo with
 				// sig.Format.  This is usually the same, but
 				// for certs, the names differ.
-				if !contains(supportedPubKeyAuthAlgos, sig.Format) {
+				if !contains(config.PublicKeyAuthAlgorithms, sig.Format) {
 					authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
 					break
 				}
diff --git a/vendor/golang.org/x/crypto/ssh/tcpip.go b/vendor/golang.org/x/crypto/ssh/tcpip.go
index 80d35f5ec..ef5059a11 100644
--- a/vendor/golang.org/x/crypto/ssh/tcpip.go
+++ b/vendor/golang.org/x/crypto/ssh/tcpip.go
@@ -5,6 +5,7 @@
 package ssh
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -332,6 +333,40 @@ func (l *tcpListener) Addr() net.Addr {
 	return l.laddr
 }
 
+// DialContext initiates a connection to the addr from the remote host.
+//
+// The provided Context must be non-nil. If the context expires before the
+// connection is complete, an error is returned. Once successfully connected,
+// any expiration of the context will not affect the connection.
+//
+// See func Dial for additional information.
+func (c *Client) DialContext(ctx context.Context, n, addr string) (net.Conn, error) {
+	if err := ctx.Err(); err != nil {
+		return nil, err
+	}
+	type connErr struct {
+		conn net.Conn
+		err  error
+	}
+	ch := make(chan connErr)
+	go func() {
+		conn, err := c.Dial(n, addr)
+		select {
+		case ch <- connErr{conn, err}:
+		case <-ctx.Done():
+			if conn != nil {
+				conn.Close()
+			}
+		}
+	}()
+	select {
+	case res := <-ch:
+		return res.conn, res.err
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	}
+}
+
 // Dial initiates a connection to the addr from the remote host.
 // The resulting connection has a zero LocalAddr() and RemoteAddr().
 func (c *Client) Dial(n, addr string) (net.Conn, error) {
diff --git a/vendor/golang.org/x/exp/slog/attr.go b/vendor/golang.org/x/exp/slog/attr.go
new file mode 100644
index 000000000..a180d0e1d
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/attr.go
@@ -0,0 +1,102 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"fmt"
+	"time"
+)
+
+// An Attr is a key-value pair.
+type Attr struct {
+	Key   string
+	Value Value
+}
+
+// String returns an Attr for a string value.
+func String(key, value string) Attr {
+	return Attr{key, StringValue(value)}
+}
+
+// Int64 returns an Attr for an int64.
+func Int64(key string, value int64) Attr {
+	return Attr{key, Int64Value(value)}
+}
+
+// Int converts an int to an int64 and returns
+// an Attr with that value.
+func Int(key string, value int) Attr {
+	return Int64(key, int64(value))
+}
+
+// Uint64 returns an Attr for a uint64.
+func Uint64(key string, v uint64) Attr {
+	return Attr{key, Uint64Value(v)}
+}
+
+// Float64 returns an Attr for a floating-point number.
+func Float64(key string, v float64) Attr {
+	return Attr{key, Float64Value(v)}
+}
+
+// Bool returns an Attr for a bool.
+func Bool(key string, v bool) Attr {
+	return Attr{key, BoolValue(v)}
+}
+
+// Time returns an Attr for a time.Time.
+// It discards the monotonic portion.
+func Time(key string, v time.Time) Attr {
+	return Attr{key, TimeValue(v)}
+}
+
+// Duration returns an Attr for a time.Duration.
+func Duration(key string, v time.Duration) Attr {
+	return Attr{key, DurationValue(v)}
+}
+
+// Group returns an Attr for a Group Value.
+// The first argument is the key; the remaining arguments
+// are converted to Attrs as in [Logger.Log].
+//
+// Use Group to collect several key-value pairs under a single
+// key on a log line, or as the result of LogValue
+// in order to log a single value as multiple Attrs.
+func Group(key string, args ...any) Attr {
+	return Attr{key, GroupValue(argsToAttrSlice(args)...)}
+}
+
+func argsToAttrSlice(args []any) []Attr {
+	var (
+		attr  Attr
+		attrs []Attr
+	)
+	for len(args) > 0 {
+		attr, args = argsToAttr(args)
+		attrs = append(attrs, attr)
+	}
+	return attrs
+}
+
+// Any returns an Attr for the supplied value.
+// See [Value.AnyValue] for how values are treated.
+func Any(key string, value any) Attr {
+	return Attr{key, AnyValue(value)}
+}
+
+// Equal reports whether a and b have equal keys and values.
+func (a Attr) Equal(b Attr) bool {
+	return a.Key == b.Key && a.Value.Equal(b.Value)
+}
+
+func (a Attr) String() string {
+	return fmt.Sprintf("%s=%s", a.Key, a.Value)
+}
+
+// isEmpty reports whether a has an empty key and a nil value.
+// That can be written as Attr{} or Any("", nil).
+func (a Attr) isEmpty() bool {
+	return a.Key == "" && a.Value.num == 0 && a.Value.any == nil
+}
diff --git a/vendor/golang.org/x/exp/slog/doc.go b/vendor/golang.org/x/exp/slog/doc.go
new file mode 100644
index 000000000..4beaf8674
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/doc.go
@@ -0,0 +1,316 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package slog provides structured logging,
+in which log records include a message,
+a severity level, and various other attributes
+expressed as key-value pairs.
+
+It defines a type, [Logger],
+which provides several methods (such as [Logger.Info] and [Logger.Error])
+for reporting events of interest.
+
+Each Logger is associated with a [Handler].
+A Logger output method creates a [Record] from the method arguments
+and passes it to the Handler, which decides how to handle it.
+There is a default Logger accessible through top-level functions
+(such as [Info] and [Error]) that call the corresponding Logger methods.
+
+A log record consists of a time, a level, a message, and a set of key-value
+pairs, where the keys are strings and the values may be of any type.
+As an example,
+
+	slog.Info("hello", "count", 3)
+
+creates a record containing the time of the call,
+a level of Info, the message "hello", and a single
+pair with key "count" and value 3.
+
+The [Info] top-level function calls the [Logger.Info] method on the default Logger.
+In addition to [Logger.Info], there are methods for Debug, Warn and Error levels.
+Besides these convenience methods for common levels,
+there is also a [Logger.Log] method which takes the level as an argument.
+Each of these methods has a corresponding top-level function that uses the
+default logger.
+
+The default handler formats the log record's message, time, level, and attributes
+as a string and passes it to the [log] package.
+
+	2022/11/08 15:28:26 INFO hello count=3
+
+For more control over the output format, create a logger with a different handler.
+This statement uses [New] to create a new logger with a TextHandler
+that writes structured records in text form to standard error:
+
+	logger := slog.New(slog.NewTextHandler(os.Stderr, nil))
+
+[TextHandler] output is a sequence of key=value pairs, easily and unambiguously
+parsed by machine. This statement:
+
+	logger.Info("hello", "count", 3)
+
+produces this output:
+
+	time=2022-11-08T15:28:26.000-05:00 level=INFO msg=hello count=3
+
+The package also provides [JSONHandler], whose output is line-delimited JSON:
+
+	logger := slog.New(slog.NewJSONHandler(os.Stdout, nil))
+	logger.Info("hello", "count", 3)
+
+produces this output:
+
+	{"time":"2022-11-08T15:28:26.000000000-05:00","level":"INFO","msg":"hello","count":3}
+
+Both [TextHandler] and [JSONHandler] can be configured with [HandlerOptions].
+There are options for setting the minimum level (see Levels, below),
+displaying the source file and line of the log call, and
+modifying attributes before they are logged.
+
+Setting a logger as the default with
+
+	slog.SetDefault(logger)
+
+will cause the top-level functions like [Info] to use it.
+[SetDefault] also updates the default logger used by the [log] package,
+so that existing applications that use [log.Printf] and related functions
+will send log records to the logger's handler without needing to be rewritten.
+
+Some attributes are common to many log calls.
+For example, you may wish to include the URL or trace identifier of a server request
+with all log events arising from the request.
+Rather than repeat the attribute with every log call, you can use [Logger.With]
+to construct a new Logger containing the attributes:
+
+	logger2 := logger.With("url", r.URL)
+
+The arguments to With are the same key-value pairs used in [Logger.Info].
+The result is a new Logger with the same handler as the original, but additional
+attributes that will appear in the output of every call.
+
+# Levels
+
+A [Level] is an integer representing the importance or severity of a log event.
+The higher the level, the more severe the event.
+This package defines constants for the most common levels,
+but any int can be used as a level.
+
+In an application, you may wish to log messages only at a certain level or greater.
+One common configuration is to log messages at Info or higher levels,
+suppressing debug logging until it is needed.
+The built-in handlers can be configured with the minimum level to output by
+setting [HandlerOptions.Level].
+The program's `main` function typically does this.
+The default value is LevelInfo.
+
+Setting the [HandlerOptions.Level] field to a [Level] value
+fixes the handler's minimum level throughout its lifetime.
+Setting it to a [LevelVar] allows the level to be varied dynamically.
+A LevelVar holds a Level and is safe to read or write from multiple
+goroutines.
+To vary the level dynamically for an entire program, first initialize
+a global LevelVar:
+
+	var programLevel = new(slog.LevelVar) // Info by default
+
+Then use the LevelVar to construct a handler, and make it the default:
+
+	h := slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: programLevel})
+	slog.SetDefault(slog.New(h))
+
+Now the program can change its logging level with a single statement:
+
+	programLevel.Set(slog.LevelDebug)
+
+# Groups
+
+Attributes can be collected into groups.
+A group has a name that is used to qualify the names of its attributes.
+How this qualification is displayed depends on the handler.
+[TextHandler] separates the group and attribute names with a dot.
+[JSONHandler] treats each group as a separate JSON object, with the group name as the key.
+
+Use [Group] to create a Group attribute from a name and a list of key-value pairs:
+
+	slog.Group("request",
+	    "method", r.Method,
+	    "url", r.URL)
+
+TextHandler would display this group as
+
+	request.method=GET request.url=http://example.com
+
+JSONHandler would display it as
+
+	"request":{"method":"GET","url":"http://example.com"}
+
+Use [Logger.WithGroup] to qualify all of a Logger's output
+with a group name. Calling WithGroup on a Logger results in a
+new Logger with the same Handler as the original, but with all
+its attributes qualified by the group name.
+
+This can help prevent duplicate attribute keys in large systems,
+where subsystems might use the same keys.
+Pass each subsystem a different Logger with its own group name so that
+potential duplicates are qualified:
+
+	logger := slog.Default().With("id", systemID)
+	parserLogger := logger.WithGroup("parser")
+	parseInput(input, parserLogger)
+
+When parseInput logs with parserLogger, its keys will be qualified with "parser",
+so even if it uses the common key "id", the log line will have distinct keys.
+
+# Contexts
+
+Some handlers may wish to include information from the [context.Context] that is
+available at the call site. One example of such information
+is the identifier for the current span when tracing is enabled.
+
+The [Logger.Log] and [Logger.LogAttrs] methods take a context as a first
+argument, as do their corresponding top-level functions.
+
+Although the convenience methods on Logger (Info and so on) and the
+corresponding top-level functions do not take a context, the alternatives ending
+in "Context" do. For example,
+
+	slog.InfoContext(ctx, "message")
+
+It is recommended to pass a context to an output method if one is available.
+
+# Attrs and Values
+
+An [Attr] is a key-value pair. The Logger output methods accept Attrs as well as
+alternating keys and values. The statement
+
+	slog.Info("hello", slog.Int("count", 3))
+
+behaves the same as
+
+	slog.Info("hello", "count", 3)
+
+There are convenience constructors for [Attr] such as [Int], [String], and [Bool]
+for common types, as well as the function [Any] for constructing Attrs of any
+type.
+
+The value part of an Attr is a type called [Value].
+Like an [any], a Value can hold any Go value,
+but it can represent typical values, including all numbers and strings,
+without an allocation.
+
+For the most efficient log output, use [Logger.LogAttrs].
+It is similar to [Logger.Log] but accepts only Attrs, not alternating
+keys and values; this allows it, too, to avoid allocation.
+
+The call
+
+	logger.LogAttrs(nil, slog.LevelInfo, "hello", slog.Int("count", 3))
+
+is the most efficient way to achieve the same output as
+
+	slog.Info("hello", "count", 3)
+
+# Customizing a type's logging behavior
+
+If a type implements the [LogValuer] interface, the [Value] returned from its LogValue
+method is used for logging. You can use this to control how values of the type
+appear in logs. For example, you can redact secret information like passwords,
+or gather a struct's fields in a Group. See the examples under [LogValuer] for
+details.
+
+A LogValue method may return a Value that itself implements [LogValuer]. The [Value.Resolve]
+method handles these cases carefully, avoiding infinite loops and unbounded recursion.
+Handler authors and others may wish to use Value.Resolve instead of calling LogValue directly.
+
+# Wrapping output methods
+
+The logger functions use reflection over the call stack to find the file name
+and line number of the logging call within the application. This can produce
+incorrect source information for functions that wrap slog. For instance, if you
+define this function in file mylog.go:
+
+	func Infof(format string, args ...any) {
+	    slog.Default().Info(fmt.Sprintf(format, args...))
+	}
+
+and you call it like this in main.go:
+
+	Infof(slog.Default(), "hello, %s", "world")
+
+then slog will report the source file as mylog.go, not main.go.
+
+A correct implementation of Infof will obtain the source location
+(pc) and pass it to NewRecord.
+The Infof function in the package-level example called "wrapping"
+demonstrates how to do this.
+
+# Working with Records
+
+Sometimes a Handler will need to modify a Record
+before passing it on to another Handler or backend.
+A Record contains a mixture of simple public fields (e.g. Time, Level, Message)
+and hidden fields that refer to state (such as attributes) indirectly. This
+means that modifying a simple copy of a Record (e.g. by calling
+[Record.Add] or [Record.AddAttrs] to add attributes)
+may have unexpected effects on the original.
+Before modifying a Record, use [Clone] to
+create a copy that shares no state with the original,
+or create a new Record with [NewRecord]
+and build up its Attrs by traversing the old ones with [Record.Attrs].
+
+# Performance considerations
+
+If profiling your application demonstrates that logging is taking significant time,
+the following suggestions may help.
+
+If many log lines have a common attribute, use [Logger.With] to create a Logger with
+that attribute. The built-in handlers will format that attribute only once, at the
+call to [Logger.With]. The [Handler] interface is designed to allow that optimization,
+and a well-written Handler should take advantage of it.
+
+The arguments to a log call are always evaluated, even if the log event is discarded.
+If possible, defer computation so that it happens only if the value is actually logged.
+For example, consider the call
+
+	slog.Info("starting request", "url", r.URL.String())  // may compute String unnecessarily
+
+The URL.String method will be called even if the logger discards Info-level events.
+Instead, pass the URL directly:
+
+	slog.Info("starting request", "url", &r.URL) // calls URL.String only if needed
+
+The built-in [TextHandler] will call its String method, but only
+if the log event is enabled.
+Avoiding the call to String also preserves the structure of the underlying value.
+For example [JSONHandler] emits the components of the parsed URL as a JSON object.
+If you want to avoid eagerly paying the cost of the String call
+without causing the handler to potentially inspect the structure of the value,
+wrap the value in a fmt.Stringer implementation that hides its Marshal methods.
+
+You can also use the [LogValuer] interface to avoid unnecessary work in disabled log
+calls. Say you need to log some expensive value:
+
+	slog.Debug("frobbing", "value", computeExpensiveValue(arg))
+
+Even if this line is disabled, computeExpensiveValue will be called.
+To avoid that, define a type implementing LogValuer:
+
+	type expensive struct { arg int }
+
+	func (e expensive) LogValue() slog.Value {
+	    return slog.AnyValue(computeExpensiveValue(e.arg))
+	}
+
+Then use a value of that type in log calls:
+
+	slog.Debug("frobbing", "value", expensive{arg})
+
+Now computeExpensiveValue will only be called when the line is enabled.
+
+The built-in handlers acquire a lock before calling [io.Writer.Write]
+to ensure that each record is written in one piece. User-defined
+handlers are responsible for their own locking.
+*/
+package slog
diff --git a/vendor/golang.org/x/exp/slog/handler.go b/vendor/golang.org/x/exp/slog/handler.go
new file mode 100644
index 000000000..74f88738c
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/handler.go
@@ -0,0 +1,559 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"strconv"
+	"sync"
+	"time"
+
+	"golang.org/x/exp/slices"
+	"golang.org/x/exp/slog/internal/buffer"
+)
+
+// A Handler handles log records produced by a Logger..
+//
+// A typical handler may print log records to standard error,
+// or write them to a file or database, or perhaps augment them
+// with additional attributes and pass them on to another handler.
+//
+// Any of the Handler's methods may be called concurrently with itself
+// or with other methods. It is the responsibility of the Handler to
+// manage this concurrency.
+//
+// Users of the slog package should not invoke Handler methods directly.
+// They should use the methods of [Logger] instead.
+type Handler interface {
+	// Enabled reports whether the handler handles records at the given level.
+	// The handler ignores records whose level is lower.
+	// It is called early, before any arguments are processed,
+	// to save effort if the log event should be discarded.
+	// If called from a Logger method, the first argument is the context
+	// passed to that method, or context.Background() if nil was passed
+	// or the method does not take a context.
+	// The context is passed so Enabled can use its values
+	// to make a decision.
+	Enabled(context.Context, Level) bool
+
+	// Handle handles the Record.
+	// It will only be called when Enabled returns true.
+	// The Context argument is as for Enabled.
+	// It is present solely to provide Handlers access to the context's values.
+	// Canceling the context should not affect record processing.
+	// (Among other things, log messages may be necessary to debug a
+	// cancellation-related problem.)
+	//
+	// Handle methods that produce output should observe the following rules:
+	//   - If r.Time is the zero time, ignore the time.
+	//   - If r.PC is zero, ignore it.
+	//   - Attr's values should be resolved.
+	//   - If an Attr's key and value are both the zero value, ignore the Attr.
+	//     This can be tested with attr.Equal(Attr{}).
+	//   - If a group's key is empty, inline the group's Attrs.
+	//   - If a group has no Attrs (even if it has a non-empty key),
+	//     ignore it.
+	Handle(context.Context, Record) error
+
+	// WithAttrs returns a new Handler whose attributes consist of
+	// both the receiver's attributes and the arguments.
+	// The Handler owns the slice: it may retain, modify or discard it.
+	WithAttrs(attrs []Attr) Handler
+
+	// WithGroup returns a new Handler with the given group appended to
+	// the receiver's existing groups.
+	// The keys of all subsequent attributes, whether added by With or in a
+	// Record, should be qualified by the sequence of group names.
+	//
+	// How this qualification happens is up to the Handler, so long as
+	// this Handler's attribute keys differ from those of another Handler
+	// with a different sequence of group names.
+	//
+	// A Handler should treat WithGroup as starting a Group of Attrs that ends
+	// at the end of the log event. That is,
+	//
+	//     logger.WithGroup("s").LogAttrs(level, msg, slog.Int("a", 1), slog.Int("b", 2))
+	//
+	// should behave like
+	//
+	//     logger.LogAttrs(level, msg, slog.Group("s", slog.Int("a", 1), slog.Int("b", 2)))
+	//
+	// If the name is empty, WithGroup returns the receiver.
+	WithGroup(name string) Handler
+}
+
+type defaultHandler struct {
+	ch *commonHandler
+	// log.Output, except for testing
+	output func(calldepth int, message string) error
+}
+
+func newDefaultHandler(output func(int, string) error) *defaultHandler {
+	return &defaultHandler{
+		ch:     &commonHandler{json: false},
+		output: output,
+	}
+}
+
+func (*defaultHandler) Enabled(_ context.Context, l Level) bool {
+	return l >= LevelInfo
+}
+
+// Collect the level, attributes and message in a string and
+// write it with the default log.Logger.
+// Let the log.Logger handle time and file/line.
+func (h *defaultHandler) Handle(ctx context.Context, r Record) error {
+	buf := buffer.New()
+	buf.WriteString(r.Level.String())
+	buf.WriteByte(' ')
+	buf.WriteString(r.Message)
+	state := h.ch.newHandleState(buf, true, " ", nil)
+	defer state.free()
+	state.appendNonBuiltIns(r)
+
+	// skip [h.output, defaultHandler.Handle, handlerWriter.Write, log.Output]
+	return h.output(4, buf.String())
+}
+
+func (h *defaultHandler) WithAttrs(as []Attr) Handler {
+	return &defaultHandler{h.ch.withAttrs(as), h.output}
+}
+
+func (h *defaultHandler) WithGroup(name string) Handler {
+	return &defaultHandler{h.ch.withGroup(name), h.output}
+}
+
+// HandlerOptions are options for a TextHandler or JSONHandler.
+// A zero HandlerOptions consists entirely of default values.
+type HandlerOptions struct {
+	// AddSource causes the handler to compute the source code position
+	// of the log statement and add a SourceKey attribute to the output.
+	AddSource bool
+
+	// Level reports the minimum record level that will be logged.
+	// The handler discards records with lower levels.
+	// If Level is nil, the handler assumes LevelInfo.
+	// The handler calls Level.Level for each record processed;
+	// to adjust the minimum level dynamically, use a LevelVar.
+	Level Leveler
+
+	// ReplaceAttr is called to rewrite each non-group attribute before it is logged.
+	// The attribute's value has been resolved (see [Value.Resolve]).
+	// If ReplaceAttr returns an Attr with Key == "", the attribute is discarded.
+	//
+	// The built-in attributes with keys "time", "level", "source", and "msg"
+	// are passed to this function, except that time is omitted
+	// if zero, and source is omitted if AddSource is false.
+	//
+	// The first argument is a list of currently open groups that contain the
+	// Attr. It must not be retained or modified. ReplaceAttr is never called
+	// for Group attributes, only their contents. For example, the attribute
+	// list
+	//
+	//     Int("a", 1), Group("g", Int("b", 2)), Int("c", 3)
+	//
+	// results in consecutive calls to ReplaceAttr with the following arguments:
+	//
+	//     nil, Int("a", 1)
+	//     []string{"g"}, Int("b", 2)
+	//     nil, Int("c", 3)
+	//
+	// ReplaceAttr can be used to change the default keys of the built-in
+	// attributes, convert types (for example, to replace a `time.Time` with the
+	// integer seconds since the Unix epoch), sanitize personal information, or
+	// remove attributes from the output.
+	ReplaceAttr func(groups []string, a Attr) Attr
+}
+
+// Keys for "built-in" attributes.
+const (
+	// TimeKey is the key used by the built-in handlers for the time
+	// when the log method is called. The associated Value is a [time.Time].
+	TimeKey = "time"
+	// LevelKey is the key used by the built-in handlers for the level
+	// of the log call. The associated value is a [Level].
+	LevelKey = "level"
+	// MessageKey is the key used by the built-in handlers for the
+	// message of the log call. The associated value is a string.
+	MessageKey = "msg"
+	// SourceKey is the key used by the built-in handlers for the source file
+	// and line of the log call. The associated value is a string.
+	SourceKey = "source"
+)
+
+type commonHandler struct {
+	json              bool // true => output JSON; false => output text
+	opts              HandlerOptions
+	preformattedAttrs []byte
+	groupPrefix       string   // for text: prefix of groups opened in preformatting
+	groups            []string // all groups started from WithGroup
+	nOpenGroups       int      // the number of groups opened in preformattedAttrs
+	mu                sync.Mutex
+	w                 io.Writer
+}
+
+func (h *commonHandler) clone() *commonHandler {
+	// We can't use assignment because we can't copy the mutex.
+	return &commonHandler{
+		json:              h.json,
+		opts:              h.opts,
+		preformattedAttrs: slices.Clip(h.preformattedAttrs),
+		groupPrefix:       h.groupPrefix,
+		groups:            slices.Clip(h.groups),
+		nOpenGroups:       h.nOpenGroups,
+		w:                 h.w,
+	}
+}
+
+// enabled reports whether l is greater than or equal to the
+// minimum level.
+func (h *commonHandler) enabled(l Level) bool {
+	minLevel := LevelInfo
+	if h.opts.Level != nil {
+		minLevel = h.opts.Level.Level()
+	}
+	return l >= minLevel
+}
+
+func (h *commonHandler) withAttrs(as []Attr) *commonHandler {
+	h2 := h.clone()
+	// Pre-format the attributes as an optimization.
+	prefix := buffer.New()
+	defer prefix.Free()
+	prefix.WriteString(h.groupPrefix)
+	state := h2.newHandleState((*buffer.Buffer)(&h2.preformattedAttrs), false, "", prefix)
+	defer state.free()
+	if len(h2.preformattedAttrs) > 0 {
+		state.sep = h.attrSep()
+	}
+	state.openGroups()
+	for _, a := range as {
+		state.appendAttr(a)
+	}
+	// Remember the new prefix for later keys.
+	h2.groupPrefix = state.prefix.String()
+	// Remember how many opened groups are in preformattedAttrs,
+	// so we don't open them again when we handle a Record.
+	h2.nOpenGroups = len(h2.groups)
+	return h2
+}
+
+func (h *commonHandler) withGroup(name string) *commonHandler {
+	if name == "" {
+		return h
+	}
+	h2 := h.clone()
+	h2.groups = append(h2.groups, name)
+	return h2
+}
+
+func (h *commonHandler) handle(r Record) error {
+	state := h.newHandleState(buffer.New(), true, "", nil)
+	defer state.free()
+	if h.json {
+		state.buf.WriteByte('{')
+	}
+	// Built-in attributes. They are not in a group.
+	stateGroups := state.groups
+	state.groups = nil // So ReplaceAttrs sees no groups instead of the pre groups.
+	rep := h.opts.ReplaceAttr
+	// time
+	if !r.Time.IsZero() {
+		key := TimeKey
+		val := r.Time.Round(0) // strip monotonic to match Attr behavior
+		if rep == nil {
+			state.appendKey(key)
+			state.appendTime(val)
+		} else {
+			state.appendAttr(Time(key, val))
+		}
+	}
+	// level
+	key := LevelKey
+	val := r.Level
+	if rep == nil {
+		state.appendKey(key)
+		state.appendString(val.String())
+	} else {
+		state.appendAttr(Any(key, val))
+	}
+	// source
+	if h.opts.AddSource {
+		state.appendAttr(Any(SourceKey, r.source()))
+	}
+	key = MessageKey
+	msg := r.Message
+	if rep == nil {
+		state.appendKey(key)
+		state.appendString(msg)
+	} else {
+		state.appendAttr(String(key, msg))
+	}
+	state.groups = stateGroups // Restore groups passed to ReplaceAttrs.
+	state.appendNonBuiltIns(r)
+	state.buf.WriteByte('\n')
+
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	_, err := h.w.Write(*state.buf)
+	return err
+}
+
+func (s *handleState) appendNonBuiltIns(r Record) {
+	// preformatted Attrs
+	if len(s.h.preformattedAttrs) > 0 {
+		s.buf.WriteString(s.sep)
+		s.buf.Write(s.h.preformattedAttrs)
+		s.sep = s.h.attrSep()
+	}
+	// Attrs in Record -- unlike the built-in ones, they are in groups started
+	// from WithGroup.
+	s.prefix = buffer.New()
+	defer s.prefix.Free()
+	s.prefix.WriteString(s.h.groupPrefix)
+	s.openGroups()
+	r.Attrs(func(a Attr) bool {
+		s.appendAttr(a)
+		return true
+	})
+	if s.h.json {
+		// Close all open groups.
+		for range s.h.groups {
+			s.buf.WriteByte('}')
+		}
+		// Close the top-level object.
+		s.buf.WriteByte('}')
+	}
+}
+
+// attrSep returns the separator between attributes.
+func (h *commonHandler) attrSep() string {
+	if h.json {
+		return ","
+	}
+	return " "
+}
+
+// handleState holds state for a single call to commonHandler.handle.
+// The initial value of sep determines whether to emit a separator
+// before the next key, after which it stays true.
+type handleState struct {
+	h       *commonHandler
+	buf     *buffer.Buffer
+	freeBuf bool           // should buf be freed?
+	sep     string         // separator to write before next key
+	prefix  *buffer.Buffer // for text: key prefix
+	groups  *[]string      // pool-allocated slice of active groups, for ReplaceAttr
+}
+
+var groupPool = sync.Pool{New: func() any {
+	s := make([]string, 0, 10)
+	return &s
+}}
+
+func (h *commonHandler) newHandleState(buf *buffer.Buffer, freeBuf bool, sep string, prefix *buffer.Buffer) handleState {
+	s := handleState{
+		h:       h,
+		buf:     buf,
+		freeBuf: freeBuf,
+		sep:     sep,
+		prefix:  prefix,
+	}
+	if h.opts.ReplaceAttr != nil {
+		s.groups = groupPool.Get().(*[]string)
+		*s.groups = append(*s.groups, h.groups[:h.nOpenGroups]...)
+	}
+	return s
+}
+
+func (s *handleState) free() {
+	if s.freeBuf {
+		s.buf.Free()
+	}
+	if gs := s.groups; gs != nil {
+		*gs = (*gs)[:0]
+		groupPool.Put(gs)
+	}
+}
+
+func (s *handleState) openGroups() {
+	for _, n := range s.h.groups[s.h.nOpenGroups:] {
+		s.openGroup(n)
+	}
+}
+
+// Separator for group names and keys.
+const keyComponentSep = '.'
+
+// openGroup starts a new group of attributes
+// with the given name.
+func (s *handleState) openGroup(name string) {
+	if s.h.json {
+		s.appendKey(name)
+		s.buf.WriteByte('{')
+		s.sep = ""
+	} else {
+		s.prefix.WriteString(name)
+		s.prefix.WriteByte(keyComponentSep)
+	}
+	// Collect group names for ReplaceAttr.
+	if s.groups != nil {
+		*s.groups = append(*s.groups, name)
+	}
+}
+
+// closeGroup ends the group with the given name.
+func (s *handleState) closeGroup(name string) {
+	if s.h.json {
+		s.buf.WriteByte('}')
+	} else {
+		(*s.prefix) = (*s.prefix)[:len(*s.prefix)-len(name)-1 /* for keyComponentSep */]
+	}
+	s.sep = s.h.attrSep()
+	if s.groups != nil {
+		*s.groups = (*s.groups)[:len(*s.groups)-1]
+	}
+}
+
+// appendAttr appends the Attr's key and value using app.
+// It handles replacement and checking for an empty key.
+// after replacement).
+func (s *handleState) appendAttr(a Attr) {
+	if rep := s.h.opts.ReplaceAttr; rep != nil && a.Value.Kind() != KindGroup {
+		var gs []string
+		if s.groups != nil {
+			gs = *s.groups
+		}
+		// Resolve before calling ReplaceAttr, so the user doesn't have to.
+		a.Value = a.Value.Resolve()
+		a = rep(gs, a)
+	}
+	a.Value = a.Value.Resolve()
+	// Elide empty Attrs.
+	if a.isEmpty() {
+		return
+	}
+	// Special case: Source.
+	if v := a.Value; v.Kind() == KindAny {
+		if src, ok := v.Any().(*Source); ok {
+			if s.h.json {
+				a.Value = src.group()
+			} else {
+				a.Value = StringValue(fmt.Sprintf("%s:%d", src.File, src.Line))
+			}
+		}
+	}
+	if a.Value.Kind() == KindGroup {
+		attrs := a.Value.Group()
+		// Output only non-empty groups.
+		if len(attrs) > 0 {
+			// Inline a group with an empty key.
+			if a.Key != "" {
+				s.openGroup(a.Key)
+			}
+			for _, aa := range attrs {
+				s.appendAttr(aa)
+			}
+			if a.Key != "" {
+				s.closeGroup(a.Key)
+			}
+		}
+	} else {
+		s.appendKey(a.Key)
+		s.appendValue(a.Value)
+	}
+}
+
+func (s *handleState) appendError(err error) {
+	s.appendString(fmt.Sprintf("!ERROR:%v", err))
+}
+
+func (s *handleState) appendKey(key string) {
+	s.buf.WriteString(s.sep)
+	if s.prefix != nil {
+		// TODO: optimize by avoiding allocation.
+		s.appendString(string(*s.prefix) + key)
+	} else {
+		s.appendString(key)
+	}
+	if s.h.json {
+		s.buf.WriteByte(':')
+	} else {
+		s.buf.WriteByte('=')
+	}
+	s.sep = s.h.attrSep()
+}
+
+func (s *handleState) appendString(str string) {
+	if s.h.json {
+		s.buf.WriteByte('"')
+		*s.buf = appendEscapedJSONString(*s.buf, str)
+		s.buf.WriteByte('"')
+	} else {
+		// text
+		if needsQuoting(str) {
+			*s.buf = strconv.AppendQuote(*s.buf, str)
+		} else {
+			s.buf.WriteString(str)
+		}
+	}
+}
+
+func (s *handleState) appendValue(v Value) {
+	var err error
+	if s.h.json {
+		err = appendJSONValue(s, v)
+	} else {
+		err = appendTextValue(s, v)
+	}
+	if err != nil {
+		s.appendError(err)
+	}
+}
+
+func (s *handleState) appendTime(t time.Time) {
+	if s.h.json {
+		appendJSONTime(s, t)
+	} else {
+		writeTimeRFC3339Millis(s.buf, t)
+	}
+}
+
+// This takes half the time of Time.AppendFormat.
+func writeTimeRFC3339Millis(buf *buffer.Buffer, t time.Time) {
+	year, month, day := t.Date()
+	buf.WritePosIntWidth(year, 4)
+	buf.WriteByte('-')
+	buf.WritePosIntWidth(int(month), 2)
+	buf.WriteByte('-')
+	buf.WritePosIntWidth(day, 2)
+	buf.WriteByte('T')
+	hour, min, sec := t.Clock()
+	buf.WritePosIntWidth(hour, 2)
+	buf.WriteByte(':')
+	buf.WritePosIntWidth(min, 2)
+	buf.WriteByte(':')
+	buf.WritePosIntWidth(sec, 2)
+	ns := t.Nanosecond()
+	buf.WriteByte('.')
+	buf.WritePosIntWidth(ns/1e6, 3)
+	_, offsetSeconds := t.Zone()
+	if offsetSeconds == 0 {
+		buf.WriteByte('Z')
+	} else {
+		offsetMinutes := offsetSeconds / 60
+		if offsetMinutes < 0 {
+			buf.WriteByte('-')
+			offsetMinutes = -offsetMinutes
+		} else {
+			buf.WriteByte('+')
+		}
+		buf.WritePosIntWidth(offsetMinutes/60, 2)
+		buf.WriteByte(':')
+		buf.WritePosIntWidth(offsetMinutes%60, 2)
+	}
+}
diff --git a/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go b/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
new file mode 100644
index 000000000..7786c166e
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/internal/buffer/buffer.go
@@ -0,0 +1,84 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package buffer provides a pool-allocated byte buffer.
+package buffer
+
+import (
+	"sync"
+)
+
+// Buffer adapted from go/src/fmt/print.go
+type Buffer []byte
+
+// Having an initial size gives a dramatic speedup.
+var bufPool = sync.Pool{
+	New: func() any {
+		b := make([]byte, 0, 1024)
+		return (*Buffer)(&b)
+	},
+}
+
+func New() *Buffer {
+	return bufPool.Get().(*Buffer)
+}
+
+func (b *Buffer) Free() {
+	// To reduce peak allocation, return only smaller buffers to the pool.
+	const maxBufferSize = 16 << 10
+	if cap(*b) <= maxBufferSize {
+		*b = (*b)[:0]
+		bufPool.Put(b)
+	}
+}
+
+func (b *Buffer) Reset() {
+	*b = (*b)[:0]
+}
+
+func (b *Buffer) Write(p []byte) (int, error) {
+	*b = append(*b, p...)
+	return len(p), nil
+}
+
+func (b *Buffer) WriteString(s string) {
+	*b = append(*b, s...)
+}
+
+func (b *Buffer) WriteByte(c byte) {
+	*b = append(*b, c)
+}
+
+func (b *Buffer) WritePosInt(i int) {
+	b.WritePosIntWidth(i, 0)
+}
+
+// WritePosIntWidth writes non-negative integer i to the buffer, padded on the left
+// by zeroes to the given width. Use a width of 0 to omit padding.
+func (b *Buffer) WritePosIntWidth(i, width int) {
+	// Cheap integer to fixed-width decimal ASCII.
+	// Copied from log/log.go.
+
+	if i < 0 {
+		panic("negative int")
+	}
+
+	// Assemble decimal in reverse order.
+	var bb [20]byte
+	bp := len(bb) - 1
+	for i >= 10 || width > 1 {
+		width--
+		q := i / 10
+		bb[bp] = byte('0' + i - q*10)
+		bp--
+		i = q
+	}
+	// i < 10
+	bb[bp] = byte('0' + i)
+	b.Write(bb[bp:])
+}
+
+func (b *Buffer) String() string {
+	return string(*b)
+}
diff --git a/vendor/golang.org/x/exp/slog/internal/ignorepc.go b/vendor/golang.org/x/exp/slog/internal/ignorepc.go
new file mode 100644
index 000000000..d1256426f
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/internal/ignorepc.go
@@ -0,0 +1,9 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+// If IgnorePC is true, do not invoke runtime.Callers to get the pc.
+// This is solely for benchmarking the slowdown from runtime.Callers.
+var IgnorePC = false
diff --git a/vendor/golang.org/x/exp/slog/json_handler.go b/vendor/golang.org/x/exp/slog/json_handler.go
new file mode 100644
index 000000000..157ada869
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/json_handler.go
@@ -0,0 +1,336 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"strconv"
+	"time"
+	"unicode/utf8"
+
+	"golang.org/x/exp/slog/internal/buffer"
+)
+
+// JSONHandler is a Handler that writes Records to an io.Writer as
+// line-delimited JSON objects.
+type JSONHandler struct {
+	*commonHandler
+}
+
+// NewJSONHandler creates a JSONHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewJSONHandler(w io.Writer, opts *HandlerOptions) *JSONHandler {
+	if opts == nil {
+		opts = &HandlerOptions{}
+	}
+	return &JSONHandler{
+		&commonHandler{
+			json: true,
+			w:    w,
+			opts: *opts,
+		},
+	}
+}
+
+// Enabled reports whether the handler handles records at the given level.
+// The handler ignores records whose level is lower.
+func (h *JSONHandler) Enabled(_ context.Context, level Level) bool {
+	return h.commonHandler.enabled(level)
+}
+
+// WithAttrs returns a new JSONHandler whose attributes consists
+// of h's attributes followed by attrs.
+func (h *JSONHandler) WithAttrs(attrs []Attr) Handler {
+	return &JSONHandler{commonHandler: h.commonHandler.withAttrs(attrs)}
+}
+
+func (h *JSONHandler) WithGroup(name string) Handler {
+	return &JSONHandler{commonHandler: h.commonHandler.withGroup(name)}
+}
+
+// Handle formats its argument Record as a JSON object on a single line.
+//
+// If the Record's time is zero, the time is omitted.
+// Otherwise, the key is "time"
+// and the value is output as with json.Marshal.
+//
+// If the Record's level is zero, the level is omitted.
+// Otherwise, the key is "level"
+// and the value of [Level.String] is output.
+//
+// If the AddSource option is set and source information is available,
+// the key is "source"
+// and the value is output as "FILE:LINE".
+//
+// The message's key is "msg".
+//
+// To modify these or other attributes, or remove them from the output, use
+// [HandlerOptions.ReplaceAttr].
+//
+// Values are formatted as with an [encoding/json.Encoder] with SetEscapeHTML(false),
+// with two exceptions.
+//
+// First, an Attr whose Value is of type error is formatted as a string, by
+// calling its Error method. Only errors in Attrs receive this special treatment,
+// not errors embedded in structs, slices, maps or other data structures that
+// are processed by the encoding/json package.
+//
+// Second, an encoding failure does not cause Handle to return an error.
+// Instead, the error message is formatted as a string.
+//
+// Each call to Handle results in a single serialized call to io.Writer.Write.
+func (h *JSONHandler) Handle(_ context.Context, r Record) error {
+	return h.commonHandler.handle(r)
+}
+
+// Adapted from time.Time.MarshalJSON to avoid allocation.
+func appendJSONTime(s *handleState, t time.Time) {
+	if y := t.Year(); y < 0 || y >= 10000 {
+		// RFC 3339 is clear that years are 4 digits exactly.
+		// See golang.org/issue/4556#c15 for more discussion.
+		s.appendError(errors.New("time.Time year outside of range [0,9999]"))
+	}
+	s.buf.WriteByte('"')
+	*s.buf = t.AppendFormat(*s.buf, time.RFC3339Nano)
+	s.buf.WriteByte('"')
+}
+
+func appendJSONValue(s *handleState, v Value) error {
+	switch v.Kind() {
+	case KindString:
+		s.appendString(v.str())
+	case KindInt64:
+		*s.buf = strconv.AppendInt(*s.buf, v.Int64(), 10)
+	case KindUint64:
+		*s.buf = strconv.AppendUint(*s.buf, v.Uint64(), 10)
+	case KindFloat64:
+		// json.Marshal is funny about floats; it doesn't
+		// always match strconv.AppendFloat. So just call it.
+		// That's expensive, but floats are rare.
+		if err := appendJSONMarshal(s.buf, v.Float64()); err != nil {
+			return err
+		}
+	case KindBool:
+		*s.buf = strconv.AppendBool(*s.buf, v.Bool())
+	case KindDuration:
+		// Do what json.Marshal does.
+		*s.buf = strconv.AppendInt(*s.buf, int64(v.Duration()), 10)
+	case KindTime:
+		s.appendTime(v.Time())
+	case KindAny:
+		a := v.Any()
+		_, jm := a.(json.Marshaler)
+		if err, ok := a.(error); ok && !jm {
+			s.appendString(err.Error())
+		} else {
+			return appendJSONMarshal(s.buf, a)
+		}
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+	return nil
+}
+
+func appendJSONMarshal(buf *buffer.Buffer, v any) error {
+	// Use a json.Encoder to avoid escaping HTML.
+	var bb bytes.Buffer
+	enc := json.NewEncoder(&bb)
+	enc.SetEscapeHTML(false)
+	if err := enc.Encode(v); err != nil {
+		return err
+	}
+	bs := bb.Bytes()
+	buf.Write(bs[:len(bs)-1]) // remove final newline
+	return nil
+}
+
+// appendEscapedJSONString escapes s for JSON and appends it to buf.
+// It does not surround the string in quotation marks.
+//
+// Modified from encoding/json/encode.go:encodeState.string,
+// with escapeHTML set to false.
+func appendEscapedJSONString(buf []byte, s string) []byte {
+	char := func(b byte) { buf = append(buf, b) }
+	str := func(s string) { buf = append(buf, s...) }
+
+	start := 0
+	for i := 0; i < len(s); {
+		if b := s[i]; b < utf8.RuneSelf {
+			if safeSet[b] {
+				i++
+				continue
+			}
+			if start < i {
+				str(s[start:i])
+			}
+			char('\\')
+			switch b {
+			case '\\', '"':
+				char(b)
+			case '\n':
+				char('n')
+			case '\r':
+				char('r')
+			case '\t':
+				char('t')
+			default:
+				// This encodes bytes < 0x20 except for \t, \n and \r.
+				str(`u00`)
+				char(hex[b>>4])
+				char(hex[b&0xF])
+			}
+			i++
+			start = i
+			continue
+		}
+		c, size := utf8.DecodeRuneInString(s[i:])
+		if c == utf8.RuneError && size == 1 {
+			if start < i {
+				str(s[start:i])
+			}
+			str(`\ufffd`)
+			i += size
+			start = i
+			continue
+		}
+		// U+2028 is LINE SEPARATOR.
+		// U+2029 is PARAGRAPH SEPARATOR.
+		// They are both technically valid characters in JSON strings,
+		// but don't work in JSONP, which has to be evaluated as JavaScript,
+		// and can lead to security holes there. It is valid JSON to
+		// escape them, so we do so unconditionally.
+		// See http://timelessrepo.com/json-isnt-a-javascript-subset for discussion.
+		if c == '\u2028' || c == '\u2029' {
+			if start < i {
+				str(s[start:i])
+			}
+			str(`\u202`)
+			char(hex[c&0xF])
+			i += size
+			start = i
+			continue
+		}
+		i += size
+	}
+	if start < len(s) {
+		str(s[start:])
+	}
+	return buf
+}
+
+var hex = "0123456789abcdef"
+
+// Copied from encoding/json/tables.go.
+//
+// safeSet holds the value true if the ASCII character with the given array
+// position can be represented inside a JSON string without any further
+// escaping.
+//
+// All values are true except for the ASCII control characters (0-31), the
+// double quote ("), and the backslash character ("\").
+var safeSet = [utf8.RuneSelf]bool{
+	' ':      true,
+	'!':      true,
+	'"':      false,
+	'#':      true,
+	'$':      true,
+	'%':      true,
+	'&':      true,
+	'\'':     true,
+	'(':      true,
+	')':      true,
+	'*':      true,
+	'+':      true,
+	',':      true,
+	'-':      true,
+	'.':      true,
+	'/':      true,
+	'0':      true,
+	'1':      true,
+	'2':      true,
+	'3':      true,
+	'4':      true,
+	'5':      true,
+	'6':      true,
+	'7':      true,
+	'8':      true,
+	'9':      true,
+	':':      true,
+	';':      true,
+	'<':      true,
+	'=':      true,
+	'>':      true,
+	'?':      true,
+	'@':      true,
+	'A':      true,
+	'B':      true,
+	'C':      true,
+	'D':      true,
+	'E':      true,
+	'F':      true,
+	'G':      true,
+	'H':      true,
+	'I':      true,
+	'J':      true,
+	'K':      true,
+	'L':      true,
+	'M':      true,
+	'N':      true,
+	'O':      true,
+	'P':      true,
+	'Q':      true,
+	'R':      true,
+	'S':      true,
+	'T':      true,
+	'U':      true,
+	'V':      true,
+	'W':      true,
+	'X':      true,
+	'Y':      true,
+	'Z':      true,
+	'[':      true,
+	'\\':     false,
+	']':      true,
+	'^':      true,
+	'_':      true,
+	'`':      true,
+	'a':      true,
+	'b':      true,
+	'c':      true,
+	'd':      true,
+	'e':      true,
+	'f':      true,
+	'g':      true,
+	'h':      true,
+	'i':      true,
+	'j':      true,
+	'k':      true,
+	'l':      true,
+	'm':      true,
+	'n':      true,
+	'o':      true,
+	'p':      true,
+	'q':      true,
+	'r':      true,
+	's':      true,
+	't':      true,
+	'u':      true,
+	'v':      true,
+	'w':      true,
+	'x':      true,
+	'y':      true,
+	'z':      true,
+	'{':      true,
+	'|':      true,
+	'}':      true,
+	'~':      true,
+	'\u007f': true,
+}
diff --git a/vendor/golang.org/x/exp/slog/level.go b/vendor/golang.org/x/exp/slog/level.go
new file mode 100644
index 000000000..b2365f0aa
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/level.go
@@ -0,0 +1,201 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"sync/atomic"
+)
+
+// A Level is the importance or severity of a log event.
+// The higher the level, the more important or severe the event.
+type Level int
+
+// Level numbers are inherently arbitrary,
+// but we picked them to satisfy three constraints.
+// Any system can map them to another numbering scheme if it wishes.
+//
+// First, we wanted the default level to be Info, Since Levels are ints, Info is
+// the default value for int, zero.
+//
+
+// Second, we wanted to make it easy to use levels to specify logger verbosity.
+// Since a larger level means a more severe event, a logger that accepts events
+// with smaller (or more negative) level means a more verbose logger. Logger
+// verbosity is thus the negation of event severity, and the default verbosity
+// of 0 accepts all events at least as severe as INFO.
+//
+// Third, we wanted some room between levels to accommodate schemes with named
+// levels between ours. For example, Google Cloud Logging defines a Notice level
+// between Info and Warn. Since there are only a few of these intermediate
+// levels, the gap between the numbers need not be large. Our gap of 4 matches
+// OpenTelemetry's mapping. Subtracting 9 from an OpenTelemetry level in the
+// DEBUG, INFO, WARN and ERROR ranges converts it to the corresponding slog
+// Level range. OpenTelemetry also has the names TRACE and FATAL, which slog
+// does not. But those OpenTelemetry levels can still be represented as slog
+// Levels by using the appropriate integers.
+//
+// Names for common levels.
+const (
+	LevelDebug Level = -4
+	LevelInfo  Level = 0
+	LevelWarn  Level = 4
+	LevelError Level = 8
+)
+
+// String returns a name for the level.
+// If the level has a name, then that name
+// in uppercase is returned.
+// If the level is between named values, then
+// an integer is appended to the uppercased name.
+// Examples:
+//
+//	LevelWarn.String() => "WARN"
+//	(LevelInfo+2).String() => "INFO+2"
+func (l Level) String() string {
+	str := func(base string, val Level) string {
+		if val == 0 {
+			return base
+		}
+		return fmt.Sprintf("%s%+d", base, val)
+	}
+
+	switch {
+	case l < LevelInfo:
+		return str("DEBUG", l-LevelDebug)
+	case l < LevelWarn:
+		return str("INFO", l-LevelInfo)
+	case l < LevelError:
+		return str("WARN", l-LevelWarn)
+	default:
+		return str("ERROR", l-LevelError)
+	}
+}
+
+// MarshalJSON implements [encoding/json.Marshaler]
+// by quoting the output of [Level.String].
+func (l Level) MarshalJSON() ([]byte, error) {
+	// AppendQuote is sufficient for JSON-encoding all Level strings.
+	// They don't contain any runes that would produce invalid JSON
+	// when escaped.
+	return strconv.AppendQuote(nil, l.String()), nil
+}
+
+// UnmarshalJSON implements [encoding/json.Unmarshaler]
+// It accepts any string produced by [Level.MarshalJSON],
+// ignoring case.
+// It also accepts numeric offsets that would result in a different string on
+// output. For example, "Error-8" would marshal as "INFO".
+func (l *Level) UnmarshalJSON(data []byte) error {
+	s, err := strconv.Unquote(string(data))
+	if err != nil {
+		return err
+	}
+	return l.parse(s)
+}
+
+// MarshalText implements [encoding.TextMarshaler]
+// by calling [Level.String].
+func (l Level) MarshalText() ([]byte, error) {
+	return []byte(l.String()), nil
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler].
+// It accepts any string produced by [Level.MarshalText],
+// ignoring case.
+// It also accepts numeric offsets that would result in a different string on
+// output. For example, "Error-8" would marshal as "INFO".
+func (l *Level) UnmarshalText(data []byte) error {
+	return l.parse(string(data))
+}
+
+func (l *Level) parse(s string) (err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("slog: level string %q: %w", s, err)
+		}
+	}()
+
+	name := s
+	offset := 0
+	if i := strings.IndexAny(s, "+-"); i >= 0 {
+		name = s[:i]
+		offset, err = strconv.Atoi(s[i:])
+		if err != nil {
+			return err
+		}
+	}
+	switch strings.ToUpper(name) {
+	case "DEBUG":
+		*l = LevelDebug
+	case "INFO":
+		*l = LevelInfo
+	case "WARN":
+		*l = LevelWarn
+	case "ERROR":
+		*l = LevelError
+	default:
+		return errors.New("unknown name")
+	}
+	*l += Level(offset)
+	return nil
+}
+
+// Level returns the receiver.
+// It implements Leveler.
+func (l Level) Level() Level { return l }
+
+// A LevelVar is a Level variable, to allow a Handler level to change
+// dynamically.
+// It implements Leveler as well as a Set method,
+// and it is safe for use by multiple goroutines.
+// The zero LevelVar corresponds to LevelInfo.
+type LevelVar struct {
+	val atomic.Int64
+}
+
+// Level returns v's level.
+func (v *LevelVar) Level() Level {
+	return Level(int(v.val.Load()))
+}
+
+// Set sets v's level to l.
+func (v *LevelVar) Set(l Level) {
+	v.val.Store(int64(l))
+}
+
+func (v *LevelVar) String() string {
+	return fmt.Sprintf("LevelVar(%s)", v.Level())
+}
+
+// MarshalText implements [encoding.TextMarshaler]
+// by calling [Level.MarshalText].
+func (v *LevelVar) MarshalText() ([]byte, error) {
+	return v.Level().MarshalText()
+}
+
+// UnmarshalText implements [encoding.TextUnmarshaler]
+// by calling [Level.UnmarshalText].
+func (v *LevelVar) UnmarshalText(data []byte) error {
+	var l Level
+	if err := l.UnmarshalText(data); err != nil {
+		return err
+	}
+	v.Set(l)
+	return nil
+}
+
+// A Leveler provides a Level value.
+//
+// As Level itself implements Leveler, clients typically supply
+// a Level value wherever a Leveler is needed, such as in HandlerOptions.
+// Clients who need to vary the level dynamically can provide a more complex
+// Leveler implementation such as *LevelVar.
+type Leveler interface {
+	Level() Level
+}
diff --git a/vendor/golang.org/x/exp/slog/logger.go b/vendor/golang.org/x/exp/slog/logger.go
new file mode 100644
index 000000000..e87ec9936
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/logger.go
@@ -0,0 +1,343 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"log"
+	"runtime"
+	"sync/atomic"
+	"time"
+
+	"golang.org/x/exp/slog/internal"
+)
+
+var defaultLogger atomic.Value
+
+func init() {
+	defaultLogger.Store(New(newDefaultHandler(log.Output)))
+}
+
+// Default returns the default Logger.
+func Default() *Logger { return defaultLogger.Load().(*Logger) }
+
+// SetDefault makes l the default Logger.
+// After this call, output from the log package's default Logger
+// (as with [log.Print], etc.) will be logged at LevelInfo using l's Handler.
+func SetDefault(l *Logger) {
+	defaultLogger.Store(l)
+	// If the default's handler is a defaultHandler, then don't use a handleWriter,
+	// or we'll deadlock as they both try to acquire the log default mutex.
+	// The defaultHandler will use whatever the log default writer is currently
+	// set to, which is correct.
+	// This can occur with SetDefault(Default()).
+	// See TestSetDefault.
+	if _, ok := l.Handler().(*defaultHandler); !ok {
+		capturePC := log.Flags()&(log.Lshortfile|log.Llongfile) != 0
+		log.SetOutput(&handlerWriter{l.Handler(), LevelInfo, capturePC})
+		log.SetFlags(0) // we want just the log message, no time or location
+	}
+}
+
+// handlerWriter is an io.Writer that calls a Handler.
+// It is used to link the default log.Logger to the default slog.Logger.
+type handlerWriter struct {
+	h         Handler
+	level     Level
+	capturePC bool
+}
+
+func (w *handlerWriter) Write(buf []byte) (int, error) {
+	if !w.h.Enabled(context.Background(), w.level) {
+		return 0, nil
+	}
+	var pc uintptr
+	if !internal.IgnorePC && w.capturePC {
+		// skip [runtime.Callers, w.Write, Logger.Output, log.Print]
+		var pcs [1]uintptr
+		runtime.Callers(4, pcs[:])
+		pc = pcs[0]
+	}
+
+	// Remove final newline.
+	origLen := len(buf) // Report that the entire buf was written.
+	if len(buf) > 0 && buf[len(buf)-1] == '\n' {
+		buf = buf[:len(buf)-1]
+	}
+	r := NewRecord(time.Now(), w.level, string(buf), pc)
+	return origLen, w.h.Handle(context.Background(), r)
+}
+
+// A Logger records structured information about each call to its
+// Log, Debug, Info, Warn, and Error methods.
+// For each call, it creates a Record and passes it to a Handler.
+//
+// To create a new Logger, call [New] or a Logger method
+// that begins "With".
+type Logger struct {
+	handler Handler // for structured logging
+}
+
+func (l *Logger) clone() *Logger {
+	c := *l
+	return &c
+}
+
+// Handler returns l's Handler.
+func (l *Logger) Handler() Handler { return l.handler }
+
+// With returns a new Logger that includes the given arguments, converted to
+// Attrs as in [Logger.Log].
+// The Attrs will be added to each output from the Logger.
+// The new Logger shares the old Logger's context.
+// The new Logger's handler is the result of calling WithAttrs on the receiver's
+// handler.
+func (l *Logger) With(args ...any) *Logger {
+	c := l.clone()
+	c.handler = l.handler.WithAttrs(argsToAttrSlice(args))
+	return c
+}
+
+// WithGroup returns a new Logger that starts a group. The keys of all
+// attributes added to the Logger will be qualified by the given name.
+// (How that qualification happens depends on the [Handler.WithGroup]
+// method of the Logger's Handler.)
+// The new Logger shares the old Logger's context.
+//
+// The new Logger's handler is the result of calling WithGroup on the receiver's
+// handler.
+func (l *Logger) WithGroup(name string) *Logger {
+	c := l.clone()
+	c.handler = l.handler.WithGroup(name)
+	return c
+
+}
+
+// New creates a new Logger with the given non-nil Handler and a nil context.
+func New(h Handler) *Logger {
+	if h == nil {
+		panic("nil Handler")
+	}
+	return &Logger{handler: h}
+}
+
+// With calls Logger.With on the default logger.
+func With(args ...any) *Logger {
+	return Default().With(args...)
+}
+
+// Enabled reports whether l emits log records at the given context and level.
+func (l *Logger) Enabled(ctx context.Context, level Level) bool {
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	return l.Handler().Enabled(ctx, level)
+}
+
+// NewLogLogger returns a new log.Logger such that each call to its Output method
+// dispatches a Record to the specified handler. The logger acts as a bridge from
+// the older log API to newer structured logging handlers.
+func NewLogLogger(h Handler, level Level) *log.Logger {
+	return log.New(&handlerWriter{h, level, true}, "", 0)
+}
+
+// Log emits a log record with the current time and the given level and message.
+// The Record's Attrs consist of the Logger's attributes followed by
+// the Attrs specified by args.
+//
+// The attribute arguments are processed as follows:
+//   - If an argument is an Attr, it is used as is.
+//   - If an argument is a string and this is not the last argument,
+//     the following argument is treated as the value and the two are combined
+//     into an Attr.
+//   - Otherwise, the argument is treated as a value with key "!BADKEY".
+func (l *Logger) Log(ctx context.Context, level Level, msg string, args ...any) {
+	l.log(ctx, level, msg, args...)
+}
+
+// LogAttrs is a more efficient version of [Logger.Log] that accepts only Attrs.
+func (l *Logger) LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	l.logAttrs(ctx, level, msg, attrs...)
+}
+
+// Debug logs at LevelDebug.
+func (l *Logger) Debug(msg string, args ...any) {
+	l.log(nil, LevelDebug, msg, args...)
+}
+
+// DebugContext logs at LevelDebug with the given context.
+func (l *Logger) DebugContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelDebug, msg, args...)
+}
+
+// DebugCtx logs at LevelDebug with the given context.
+// Deprecated: Use Logger.DebugContext.
+func (l *Logger) DebugCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelDebug, msg, args...)
+}
+
+// Info logs at LevelInfo.
+func (l *Logger) Info(msg string, args ...any) {
+	l.log(nil, LevelInfo, msg, args...)
+}
+
+// InfoContext logs at LevelInfo with the given context.
+func (l *Logger) InfoContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelInfo, msg, args...)
+}
+
+// InfoCtx logs at LevelInfo with the given context.
+// Deprecated: Use Logger.InfoContext.
+func (l *Logger) InfoCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelInfo, msg, args...)
+}
+
+// Warn logs at LevelWarn.
+func (l *Logger) Warn(msg string, args ...any) {
+	l.log(nil, LevelWarn, msg, args...)
+}
+
+// WarnContext logs at LevelWarn with the given context.
+func (l *Logger) WarnContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelWarn, msg, args...)
+}
+
+// WarnCtx logs at LevelWarn with the given context.
+// Deprecated: Use Logger.WarnContext.
+func (l *Logger) WarnCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelWarn, msg, args...)
+}
+
+// Error logs at LevelError.
+func (l *Logger) Error(msg string, args ...any) {
+	l.log(nil, LevelError, msg, args...)
+}
+
+// ErrorContext logs at LevelError with the given context.
+func (l *Logger) ErrorContext(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelError, msg, args...)
+}
+
+// ErrorCtx logs at LevelError with the given context.
+// Deprecated: Use Logger.ErrorContext.
+func (l *Logger) ErrorCtx(ctx context.Context, msg string, args ...any) {
+	l.log(ctx, LevelError, msg, args...)
+}
+
+// log is the low-level logging method for methods that take ...any.
+// It must always be called directly by an exported logging method
+// or function, because it uses a fixed call depth to obtain the pc.
+func (l *Logger) log(ctx context.Context, level Level, msg string, args ...any) {
+	if !l.Enabled(ctx, level) {
+		return
+	}
+	var pc uintptr
+	if !internal.IgnorePC {
+		var pcs [1]uintptr
+		// skip [runtime.Callers, this function, this function's caller]
+		runtime.Callers(3, pcs[:])
+		pc = pcs[0]
+	}
+	r := NewRecord(time.Now(), level, msg, pc)
+	r.Add(args...)
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	_ = l.Handler().Handle(ctx, r)
+}
+
+// logAttrs is like [Logger.log], but for methods that take ...Attr.
+func (l *Logger) logAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	if !l.Enabled(ctx, level) {
+		return
+	}
+	var pc uintptr
+	if !internal.IgnorePC {
+		var pcs [1]uintptr
+		// skip [runtime.Callers, this function, this function's caller]
+		runtime.Callers(3, pcs[:])
+		pc = pcs[0]
+	}
+	r := NewRecord(time.Now(), level, msg, pc)
+	r.AddAttrs(attrs...)
+	if ctx == nil {
+		ctx = context.Background()
+	}
+	_ = l.Handler().Handle(ctx, r)
+}
+
+// Debug calls Logger.Debug on the default logger.
+func Debug(msg string, args ...any) {
+	Default().log(nil, LevelDebug, msg, args...)
+}
+
+// DebugContext calls Logger.DebugContext on the default logger.
+func DebugContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelDebug, msg, args...)
+}
+
+// Info calls Logger.Info on the default logger.
+func Info(msg string, args ...any) {
+	Default().log(nil, LevelInfo, msg, args...)
+}
+
+// InfoContext calls Logger.InfoContext on the default logger.
+func InfoContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelInfo, msg, args...)
+}
+
+// Warn calls Logger.Warn on the default logger.
+func Warn(msg string, args ...any) {
+	Default().log(nil, LevelWarn, msg, args...)
+}
+
+// WarnContext calls Logger.WarnContext on the default logger.
+func WarnContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelWarn, msg, args...)
+}
+
+// Error calls Logger.Error on the default logger.
+func Error(msg string, args ...any) {
+	Default().log(nil, LevelError, msg, args...)
+}
+
+// ErrorContext calls Logger.ErrorContext on the default logger.
+func ErrorContext(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelError, msg, args...)
+}
+
+// DebugCtx calls Logger.DebugContext on the default logger.
+// Deprecated: call DebugContext.
+func DebugCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelDebug, msg, args...)
+}
+
+// InfoCtx calls Logger.InfoContext on the default logger.
+// Deprecated: call InfoContext.
+func InfoCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelInfo, msg, args...)
+}
+
+// WarnCtx calls Logger.WarnContext on the default logger.
+// Deprecated: call WarnContext.
+func WarnCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelWarn, msg, args...)
+}
+
+// ErrorCtx calls Logger.ErrorContext on the default logger.
+// Deprecated: call ErrorContext.
+func ErrorCtx(ctx context.Context, msg string, args ...any) {
+	Default().log(ctx, LevelError, msg, args...)
+}
+
+// Log calls Logger.Log on the default logger.
+func Log(ctx context.Context, level Level, msg string, args ...any) {
+	Default().log(ctx, level, msg, args...)
+}
+
+// LogAttrs calls Logger.LogAttrs on the default logger.
+func LogAttrs(ctx context.Context, level Level, msg string, attrs ...Attr) {
+	Default().logAttrs(ctx, level, msg, attrs...)
+}
diff --git a/vendor/golang.org/x/exp/slog/noplog.bench b/vendor/golang.org/x/exp/slog/noplog.bench
new file mode 100644
index 000000000..ed9296ff6
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/noplog.bench
@@ -0,0 +1,36 @@
+goos: linux
+goarch: amd64
+pkg: golang.org/x/exp/slog
+cpu: Intel(R) Xeon(R) CPU @ 2.20GHz
+BenchmarkNopLog/attrs-8         	 1000000	      1090 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1097 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1078 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1095 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-8         	 1000000	      1096 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4007268	       308.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4016138	       299.7 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 4020529	       305.9 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 3977829	       303.4 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/attrs-parallel-8         	 3225438	       318.5 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1179256	       994.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1002 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1216710	       993.2 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1013 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/keys-values-8            	 1000000	      1016 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  989066	      1163 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  994116	      1163 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	 1000000	      1152 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  991675	      1165 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-8            	  965268	      1166 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3955503	       303.3 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3861188	       307.8 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3967752	       303.9 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3955203	       302.7 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/WithContext-parallel-8   	 3948278	       301.1 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  940622	      1247 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  936381	      1257 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  959730	      1266 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  943473	      1290 ns/op	       0 B/op	       0 allocs/op
+BenchmarkNopLog/Ctx-8                    	  919414	      1259 ns/op	       0 B/op	       0 allocs/op
+PASS
+ok  	golang.org/x/exp/slog	40.566s
diff --git a/vendor/golang.org/x/exp/slog/record.go b/vendor/golang.org/x/exp/slog/record.go
new file mode 100644
index 000000000..38b3440f7
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/record.go
@@ -0,0 +1,207 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"runtime"
+	"time"
+
+	"golang.org/x/exp/slices"
+)
+
+const nAttrsInline = 5
+
+// A Record holds information about a log event.
+// Copies of a Record share state.
+// Do not modify a Record after handing out a copy to it.
+// Use [Record.Clone] to create a copy with no shared state.
+type Record struct {
+	// The time at which the output method (Log, Info, etc.) was called.
+	Time time.Time
+
+	// The log message.
+	Message string
+
+	// The level of the event.
+	Level Level
+
+	// The program counter at the time the record was constructed, as determined
+	// by runtime.Callers. If zero, no program counter is available.
+	//
+	// The only valid use for this value is as an argument to
+	// [runtime.CallersFrames]. In particular, it must not be passed to
+	// [runtime.FuncForPC].
+	PC uintptr
+
+	// Allocation optimization: an inline array sized to hold
+	// the majority of log calls (based on examination of open-source
+	// code). It holds the start of the list of Attrs.
+	front [nAttrsInline]Attr
+
+	// The number of Attrs in front.
+	nFront int
+
+	// The list of Attrs except for those in front.
+	// Invariants:
+	//   - len(back) > 0 iff nFront == len(front)
+	//   - Unused array elements are zero. Used to detect mistakes.
+	back []Attr
+}
+
+// NewRecord creates a Record from the given arguments.
+// Use [Record.AddAttrs] to add attributes to the Record.
+//
+// NewRecord is intended for logging APIs that want to support a [Handler] as
+// a backend.
+func NewRecord(t time.Time, level Level, msg string, pc uintptr) Record {
+	return Record{
+		Time:    t,
+		Message: msg,
+		Level:   level,
+		PC:      pc,
+	}
+}
+
+// Clone returns a copy of the record with no shared state.
+// The original record and the clone can both be modified
+// without interfering with each other.
+func (r Record) Clone() Record {
+	r.back = slices.Clip(r.back) // prevent append from mutating shared array
+	return r
+}
+
+// NumAttrs returns the number of attributes in the Record.
+func (r Record) NumAttrs() int {
+	return r.nFront + len(r.back)
+}
+
+// Attrs calls f on each Attr in the Record.
+// Iteration stops if f returns false.
+func (r Record) Attrs(f func(Attr) bool) {
+	for i := 0; i < r.nFront; i++ {
+		if !f(r.front[i]) {
+			return
+		}
+	}
+	for _, a := range r.back {
+		if !f(a) {
+			return
+		}
+	}
+}
+
+// AddAttrs appends the given Attrs to the Record's list of Attrs.
+func (r *Record) AddAttrs(attrs ...Attr) {
+	n := copy(r.front[r.nFront:], attrs)
+	r.nFront += n
+	// Check if a copy was modified by slicing past the end
+	// and seeing if the Attr there is non-zero.
+	if cap(r.back) > len(r.back) {
+		end := r.back[:len(r.back)+1][len(r.back)]
+		if !end.isEmpty() {
+			panic("copies of a slog.Record were both modified")
+		}
+	}
+	r.back = append(r.back, attrs[n:]...)
+}
+
+// Add converts the args to Attrs as described in [Logger.Log],
+// then appends the Attrs to the Record's list of Attrs.
+func (r *Record) Add(args ...any) {
+	var a Attr
+	for len(args) > 0 {
+		a, args = argsToAttr(args)
+		if r.nFront < len(r.front) {
+			r.front[r.nFront] = a
+			r.nFront++
+		} else {
+			if r.back == nil {
+				r.back = make([]Attr, 0, countAttrs(args))
+			}
+			r.back = append(r.back, a)
+		}
+	}
+
+}
+
+// countAttrs returns the number of Attrs that would be created from args.
+func countAttrs(args []any) int {
+	n := 0
+	for i := 0; i < len(args); i++ {
+		n++
+		if _, ok := args[i].(string); ok {
+			i++
+		}
+	}
+	return n
+}
+
+const badKey = "!BADKEY"
+
+// argsToAttr turns a prefix of the nonempty args slice into an Attr
+// and returns the unconsumed portion of the slice.
+// If args[0] is an Attr, it returns it.
+// If args[0] is a string, it treats the first two elements as
+// a key-value pair.
+// Otherwise, it treats args[0] as a value with a missing key.
+func argsToAttr(args []any) (Attr, []any) {
+	switch x := args[0].(type) {
+	case string:
+		if len(args) == 1 {
+			return String(badKey, x), nil
+		}
+		return Any(x, args[1]), args[2:]
+
+	case Attr:
+		return x, args[1:]
+
+	default:
+		return Any(badKey, x), args[1:]
+	}
+}
+
+// Source describes the location of a line of source code.
+type Source struct {
+	// Function is the package path-qualified function name containing the
+	// source line. If non-empty, this string uniquely identifies a single
+	// function in the program. This may be the empty string if not known.
+	Function string `json:"function"`
+	// File and Line are the file name and line number (1-based) of the source
+	// line. These may be the empty string and zero, respectively, if not known.
+	File string `json:"file"`
+	Line int    `json:"line"`
+}
+
+// attrs returns the non-zero fields of s as a slice of attrs.
+// It is similar to a LogValue method, but we don't want Source
+// to implement LogValuer because it would be resolved before
+// the ReplaceAttr function was called.
+func (s *Source) group() Value {
+	var as []Attr
+	if s.Function != "" {
+		as = append(as, String("function", s.Function))
+	}
+	if s.File != "" {
+		as = append(as, String("file", s.File))
+	}
+	if s.Line != 0 {
+		as = append(as, Int("line", s.Line))
+	}
+	return GroupValue(as...)
+}
+
+// source returns a Source for the log event.
+// If the Record was created without the necessary information,
+// or if the location is unavailable, it returns a non-nil *Source
+// with zero fields.
+func (r Record) source() *Source {
+	fs := runtime.CallersFrames([]uintptr{r.PC})
+	f, _ := fs.Next()
+	return &Source{
+		Function: f.Function,
+		File:     f.File,
+		Line:     f.Line,
+	}
+}
diff --git a/vendor/golang.org/x/exp/slog/text_handler.go b/vendor/golang.org/x/exp/slog/text_handler.go
new file mode 100644
index 000000000..75b66b716
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/text_handler.go
@@ -0,0 +1,161 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"context"
+	"encoding"
+	"fmt"
+	"io"
+	"reflect"
+	"strconv"
+	"unicode"
+	"unicode/utf8"
+)
+
+// TextHandler is a Handler that writes Records to an io.Writer as a
+// sequence of key=value pairs separated by spaces and followed by a newline.
+type TextHandler struct {
+	*commonHandler
+}
+
+// NewTextHandler creates a TextHandler that writes to w,
+// using the given options.
+// If opts is nil, the default options are used.
+func NewTextHandler(w io.Writer, opts *HandlerOptions) *TextHandler {
+	if opts == nil {
+		opts = &HandlerOptions{}
+	}
+	return &TextHandler{
+		&commonHandler{
+			json: false,
+			w:    w,
+			opts: *opts,
+		},
+	}
+}
+
+// Enabled reports whether the handler handles records at the given level.
+// The handler ignores records whose level is lower.
+func (h *TextHandler) Enabled(_ context.Context, level Level) bool {
+	return h.commonHandler.enabled(level)
+}
+
+// WithAttrs returns a new TextHandler whose attributes consists
+// of h's attributes followed by attrs.
+func (h *TextHandler) WithAttrs(attrs []Attr) Handler {
+	return &TextHandler{commonHandler: h.commonHandler.withAttrs(attrs)}
+}
+
+func (h *TextHandler) WithGroup(name string) Handler {
+	return &TextHandler{commonHandler: h.commonHandler.withGroup(name)}
+}
+
+// Handle formats its argument Record as a single line of space-separated
+// key=value items.
+//
+// If the Record's time is zero, the time is omitted.
+// Otherwise, the key is "time"
+// and the value is output in RFC3339 format with millisecond precision.
+//
+// If the Record's level is zero, the level is omitted.
+// Otherwise, the key is "level"
+// and the value of [Level.String] is output.
+//
+// If the AddSource option is set and source information is available,
+// the key is "source" and the value is output as FILE:LINE.
+//
+// The message's key is "msg".
+//
+// To modify these or other attributes, or remove them from the output, use
+// [HandlerOptions.ReplaceAttr].
+//
+// If a value implements [encoding.TextMarshaler], the result of MarshalText is
+// written. Otherwise, the result of fmt.Sprint is written.
+//
+// Keys and values are quoted with [strconv.Quote] if they contain Unicode space
+// characters, non-printing characters, '"' or '='.
+//
+// Keys inside groups consist of components (keys or group names) separated by
+// dots. No further escaping is performed.
+// Thus there is no way to determine from the key "a.b.c" whether there
+// are two groups "a" and "b" and a key "c", or a single group "a.b" and a key "c",
+// or single group "a" and a key "b.c".
+// If it is necessary to reconstruct the group structure of a key
+// even in the presence of dots inside components, use
+// [HandlerOptions.ReplaceAttr] to encode that information in the key.
+//
+// Each call to Handle results in a single serialized call to
+// io.Writer.Write.
+func (h *TextHandler) Handle(_ context.Context, r Record) error {
+	return h.commonHandler.handle(r)
+}
+
+func appendTextValue(s *handleState, v Value) error {
+	switch v.Kind() {
+	case KindString:
+		s.appendString(v.str())
+	case KindTime:
+		s.appendTime(v.time())
+	case KindAny:
+		if tm, ok := v.any.(encoding.TextMarshaler); ok {
+			data, err := tm.MarshalText()
+			if err != nil {
+				return err
+			}
+			// TODO: avoid the conversion to string.
+			s.appendString(string(data))
+			return nil
+		}
+		if bs, ok := byteSlice(v.any); ok {
+			// As of Go 1.19, this only allocates for strings longer than 32 bytes.
+			s.buf.WriteString(strconv.Quote(string(bs)))
+			return nil
+		}
+		s.appendString(fmt.Sprintf("%+v", v.Any()))
+	default:
+		*s.buf = v.append(*s.buf)
+	}
+	return nil
+}
+
+// byteSlice returns its argument as a []byte if the argument's
+// underlying type is []byte, along with a second return value of true.
+// Otherwise it returns nil, false.
+func byteSlice(a any) ([]byte, bool) {
+	if bs, ok := a.([]byte); ok {
+		return bs, true
+	}
+	// Like Printf's %s, we allow both the slice type and the byte element type to be named.
+	t := reflect.TypeOf(a)
+	if t != nil && t.Kind() == reflect.Slice && t.Elem().Kind() == reflect.Uint8 {
+		return reflect.ValueOf(a).Bytes(), true
+	}
+	return nil, false
+}
+
+func needsQuoting(s string) bool {
+	if len(s) == 0 {
+		return true
+	}
+	for i := 0; i < len(s); {
+		b := s[i]
+		if b < utf8.RuneSelf {
+			// Quote anything except a backslash that would need quoting in a
+			// JSON string, as well as space and '='
+			if b != '\\' && (b == ' ' || b == '=' || !safeSet[b]) {
+				return true
+			}
+			i++
+			continue
+		}
+		r, size := utf8.DecodeRuneInString(s[i:])
+		if r == utf8.RuneError || unicode.IsSpace(r) || !unicode.IsPrint(r) {
+			return true
+		}
+		i += size
+	}
+	return false
+}
diff --git a/vendor/golang.org/x/exp/slog/value.go b/vendor/golang.org/x/exp/slog/value.go
new file mode 100644
index 000000000..3550c46fc
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value.go
@@ -0,0 +1,456 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package slog
+
+import (
+	"fmt"
+	"math"
+	"runtime"
+	"strconv"
+	"strings"
+	"time"
+	"unsafe"
+
+	"golang.org/x/exp/slices"
+)
+
+// A Value can represent any Go value, but unlike type any,
+// it can represent most small values without an allocation.
+// The zero Value corresponds to nil.
+type Value struct {
+	_ [0]func() // disallow ==
+	// num holds the value for Kinds Int64, Uint64, Float64, Bool and Duration,
+	// the string length for KindString, and nanoseconds since the epoch for KindTime.
+	num uint64
+	// If any is of type Kind, then the value is in num as described above.
+	// If any is of type *time.Location, then the Kind is Time and time.Time value
+	// can be constructed from the Unix nanos in num and the location (monotonic time
+	// is not preserved).
+	// If any is of type stringptr, then the Kind is String and the string value
+	// consists of the length in num and the pointer in any.
+	// Otherwise, the Kind is Any and any is the value.
+	// (This implies that Attrs cannot store values of type Kind, *time.Location
+	// or stringptr.)
+	any any
+}
+
+// Kind is the kind of a Value.
+type Kind int
+
+// The following list is sorted alphabetically, but it's also important that
+// KindAny is 0 so that a zero Value represents nil.
+
+const (
+	KindAny Kind = iota
+	KindBool
+	KindDuration
+	KindFloat64
+	KindInt64
+	KindString
+	KindTime
+	KindUint64
+	KindGroup
+	KindLogValuer
+)
+
+var kindStrings = []string{
+	"Any",
+	"Bool",
+	"Duration",
+	"Float64",
+	"Int64",
+	"String",
+	"Time",
+	"Uint64",
+	"Group",
+	"LogValuer",
+}
+
+func (k Kind) String() string {
+	if k >= 0 && int(k) < len(kindStrings) {
+		return kindStrings[k]
+	}
+	return "<unknown slog.Kind>"
+}
+
+// Unexported version of Kind, just so we can store Kinds in Values.
+// (No user-provided value has this type.)
+type kind Kind
+
+// Kind returns v's Kind.
+func (v Value) Kind() Kind {
+	switch x := v.any.(type) {
+	case Kind:
+		return x
+	case stringptr:
+		return KindString
+	case timeLocation:
+		return KindTime
+	case groupptr:
+		return KindGroup
+	case LogValuer:
+		return KindLogValuer
+	case kind: // a kind is just a wrapper for a Kind
+		return KindAny
+	default:
+		return KindAny
+	}
+}
+
+//////////////// Constructors
+
+// IntValue returns a Value for an int.
+func IntValue(v int) Value {
+	return Int64Value(int64(v))
+}
+
+// Int64Value returns a Value for an int64.
+func Int64Value(v int64) Value {
+	return Value{num: uint64(v), any: KindInt64}
+}
+
+// Uint64Value returns a Value for a uint64.
+func Uint64Value(v uint64) Value {
+	return Value{num: v, any: KindUint64}
+}
+
+// Float64Value returns a Value for a floating-point number.
+func Float64Value(v float64) Value {
+	return Value{num: math.Float64bits(v), any: KindFloat64}
+}
+
+// BoolValue returns a Value for a bool.
+func BoolValue(v bool) Value {
+	u := uint64(0)
+	if v {
+		u = 1
+	}
+	return Value{num: u, any: KindBool}
+}
+
+// Unexported version of *time.Location, just so we can store *time.Locations in
+// Values. (No user-provided value has this type.)
+type timeLocation *time.Location
+
+// TimeValue returns a Value for a time.Time.
+// It discards the monotonic portion.
+func TimeValue(v time.Time) Value {
+	if v.IsZero() {
+		// UnixNano on the zero time is undefined, so represent the zero time
+		// with a nil *time.Location instead. time.Time.Location method never
+		// returns nil, so a Value with any == timeLocation(nil) cannot be
+		// mistaken for any other Value, time.Time or otherwise.
+		return Value{any: timeLocation(nil)}
+	}
+	return Value{num: uint64(v.UnixNano()), any: timeLocation(v.Location())}
+}
+
+// DurationValue returns a Value for a time.Duration.
+func DurationValue(v time.Duration) Value {
+	return Value{num: uint64(v.Nanoseconds()), any: KindDuration}
+}
+
+// AnyValue returns a Value for the supplied value.
+//
+// If the supplied value is of type Value, it is returned
+// unmodified.
+//
+// Given a value of one of Go's predeclared string, bool, or
+// (non-complex) numeric types, AnyValue returns a Value of kind
+// String, Bool, Uint64, Int64, or Float64. The width of the
+// original numeric type is not preserved.
+//
+// Given a time.Time or time.Duration value, AnyValue returns a Value of kind
+// KindTime or KindDuration. The monotonic time is not preserved.
+//
+// For nil, or values of all other types, including named types whose
+// underlying type is numeric, AnyValue returns a value of kind KindAny.
+func AnyValue(v any) Value {
+	switch v := v.(type) {
+	case string:
+		return StringValue(v)
+	case int:
+		return Int64Value(int64(v))
+	case uint:
+		return Uint64Value(uint64(v))
+	case int64:
+		return Int64Value(v)
+	case uint64:
+		return Uint64Value(v)
+	case bool:
+		return BoolValue(v)
+	case time.Duration:
+		return DurationValue(v)
+	case time.Time:
+		return TimeValue(v)
+	case uint8:
+		return Uint64Value(uint64(v))
+	case uint16:
+		return Uint64Value(uint64(v))
+	case uint32:
+		return Uint64Value(uint64(v))
+	case uintptr:
+		return Uint64Value(uint64(v))
+	case int8:
+		return Int64Value(int64(v))
+	case int16:
+		return Int64Value(int64(v))
+	case int32:
+		return Int64Value(int64(v))
+	case float64:
+		return Float64Value(v)
+	case float32:
+		return Float64Value(float64(v))
+	case []Attr:
+		return GroupValue(v...)
+	case Kind:
+		return Value{any: kind(v)}
+	case Value:
+		return v
+	default:
+		return Value{any: v}
+	}
+}
+
+//////////////// Accessors
+
+// Any returns v's value as an any.
+func (v Value) Any() any {
+	switch v.Kind() {
+	case KindAny:
+		if k, ok := v.any.(kind); ok {
+			return Kind(k)
+		}
+		return v.any
+	case KindLogValuer:
+		return v.any
+	case KindGroup:
+		return v.group()
+	case KindInt64:
+		return int64(v.num)
+	case KindUint64:
+		return v.num
+	case KindFloat64:
+		return v.float()
+	case KindString:
+		return v.str()
+	case KindBool:
+		return v.bool()
+	case KindDuration:
+		return v.duration()
+	case KindTime:
+		return v.time()
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+}
+
+// Int64 returns v's value as an int64. It panics
+// if v is not a signed integer.
+func (v Value) Int64() int64 {
+	if g, w := v.Kind(), KindInt64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return int64(v.num)
+}
+
+// Uint64 returns v's value as a uint64. It panics
+// if v is not an unsigned integer.
+func (v Value) Uint64() uint64 {
+	if g, w := v.Kind(), KindUint64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.num
+}
+
+// Bool returns v's value as a bool. It panics
+// if v is not a bool.
+func (v Value) Bool() bool {
+	if g, w := v.Kind(), KindBool; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.bool()
+}
+
+func (v Value) bool() bool {
+	return v.num == 1
+}
+
+// Duration returns v's value as a time.Duration. It panics
+// if v is not a time.Duration.
+func (v Value) Duration() time.Duration {
+	if g, w := v.Kind(), KindDuration; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+
+	return v.duration()
+}
+
+func (v Value) duration() time.Duration {
+	return time.Duration(int64(v.num))
+}
+
+// Float64 returns v's value as a float64. It panics
+// if v is not a float64.
+func (v Value) Float64() float64 {
+	if g, w := v.Kind(), KindFloat64; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+
+	return v.float()
+}
+
+func (v Value) float() float64 {
+	return math.Float64frombits(v.num)
+}
+
+// Time returns v's value as a time.Time. It panics
+// if v is not a time.Time.
+func (v Value) Time() time.Time {
+	if g, w := v.Kind(), KindTime; g != w {
+		panic(fmt.Sprintf("Value kind is %s, not %s", g, w))
+	}
+	return v.time()
+}
+
+func (v Value) time() time.Time {
+	loc := v.any.(timeLocation)
+	if loc == nil {
+		return time.Time{}
+	}
+	return time.Unix(0, int64(v.num)).In(loc)
+}
+
+// LogValuer returns v's value as a LogValuer. It panics
+// if v is not a LogValuer.
+func (v Value) LogValuer() LogValuer {
+	return v.any.(LogValuer)
+}
+
+// Group returns v's value as a []Attr.
+// It panics if v's Kind is not KindGroup.
+func (v Value) Group() []Attr {
+	if sp, ok := v.any.(groupptr); ok {
+		return unsafe.Slice((*Attr)(sp), v.num)
+	}
+	panic("Group: bad kind")
+}
+
+func (v Value) group() []Attr {
+	return unsafe.Slice((*Attr)(v.any.(groupptr)), v.num)
+}
+
+//////////////// Other
+
+// Equal reports whether v and w represent the same Go value.
+func (v Value) Equal(w Value) bool {
+	k1 := v.Kind()
+	k2 := w.Kind()
+	if k1 != k2 {
+		return false
+	}
+	switch k1 {
+	case KindInt64, KindUint64, KindBool, KindDuration:
+		return v.num == w.num
+	case KindString:
+		return v.str() == w.str()
+	case KindFloat64:
+		return v.float() == w.float()
+	case KindTime:
+		return v.time().Equal(w.time())
+	case KindAny, KindLogValuer:
+		return v.any == w.any // may panic if non-comparable
+	case KindGroup:
+		return slices.EqualFunc(v.group(), w.group(), Attr.Equal)
+	default:
+		panic(fmt.Sprintf("bad kind: %s", k1))
+	}
+}
+
+// append appends a text representation of v to dst.
+// v is formatted as with fmt.Sprint.
+func (v Value) append(dst []byte) []byte {
+	switch v.Kind() {
+	case KindString:
+		return append(dst, v.str()...)
+	case KindInt64:
+		return strconv.AppendInt(dst, int64(v.num), 10)
+	case KindUint64:
+		return strconv.AppendUint(dst, v.num, 10)
+	case KindFloat64:
+		return strconv.AppendFloat(dst, v.float(), 'g', -1, 64)
+	case KindBool:
+		return strconv.AppendBool(dst, v.bool())
+	case KindDuration:
+		return append(dst, v.duration().String()...)
+	case KindTime:
+		return append(dst, v.time().String()...)
+	case KindGroup:
+		return fmt.Append(dst, v.group())
+	case KindAny, KindLogValuer:
+		return fmt.Append(dst, v.any)
+	default:
+		panic(fmt.Sprintf("bad kind: %s", v.Kind()))
+	}
+}
+
+// A LogValuer is any Go value that can convert itself into a Value for logging.
+//
+// This mechanism may be used to defer expensive operations until they are
+// needed, or to expand a single value into a sequence of components.
+type LogValuer interface {
+	LogValue() Value
+}
+
+const maxLogValues = 100
+
+// Resolve repeatedly calls LogValue on v while it implements LogValuer,
+// and returns the result.
+// If v resolves to a group, the group's attributes' values are not recursively
+// resolved.
+// If the number of LogValue calls exceeds a threshold, a Value containing an
+// error is returned.
+// Resolve's return value is guaranteed not to be of Kind KindLogValuer.
+func (v Value) Resolve() (rv Value) {
+	orig := v
+	defer func() {
+		if r := recover(); r != nil {
+			rv = AnyValue(fmt.Errorf("LogValue panicked\n%s", stack(3, 5)))
+		}
+	}()
+
+	for i := 0; i < maxLogValues; i++ {
+		if v.Kind() != KindLogValuer {
+			return v
+		}
+		v = v.LogValuer().LogValue()
+	}
+	err := fmt.Errorf("LogValue called too many times on Value of type %T", orig.Any())
+	return AnyValue(err)
+}
+
+func stack(skip, nFrames int) string {
+	pcs := make([]uintptr, nFrames+1)
+	n := runtime.Callers(skip+1, pcs)
+	if n == 0 {
+		return "(no stack)"
+	}
+	frames := runtime.CallersFrames(pcs[:n])
+	var b strings.Builder
+	i := 0
+	for {
+		frame, more := frames.Next()
+		fmt.Fprintf(&b, "called from %s (%s:%d)\n", frame.Function, frame.File, frame.Line)
+		if !more {
+			break
+		}
+		i++
+		if i >= nFrames {
+			fmt.Fprintf(&b, "(rest of stack elided)\n")
+			break
+		}
+	}
+	return b.String()
+}
diff --git a/vendor/golang.org/x/exp/slog/value_119.go b/vendor/golang.org/x/exp/slog/value_119.go
new file mode 100644
index 000000000..29b0d7329
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value_119.go
@@ -0,0 +1,53 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.19 && !go1.20
+
+package slog
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+type (
+	stringptr unsafe.Pointer // used in Value.any when the Value is a string
+	groupptr  unsafe.Pointer // used in Value.any when the Value is a []Attr
+)
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&value))
+	return Value{num: uint64(hdr.Len), any: stringptr(hdr.Data)}
+}
+
+func (v Value) str() string {
+	var s string
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&s))
+	hdr.Data = uintptr(v.any.(stringptr))
+	hdr.Len = int(v.num)
+	return s
+}
+
+// String returns Value's value as a string, formatted like fmt.Sprint. Unlike
+// the methods Int64, Float64, and so on, which panic if v is of the
+// wrong kind, String never panics.
+func (v Value) String() string {
+	if sp, ok := v.any.(stringptr); ok {
+		// Inlining this code makes a huge difference.
+		var s string
+		hdr := (*reflect.StringHeader)(unsafe.Pointer(&s))
+		hdr.Data = uintptr(sp)
+		hdr.Len = int(v.num)
+		return s
+	}
+	return string(v.append(nil))
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&as))
+	return Value{num: uint64(hdr.Len), any: groupptr(hdr.Data)}
+}
diff --git a/vendor/golang.org/x/exp/slog/value_120.go b/vendor/golang.org/x/exp/slog/value_120.go
new file mode 100644
index 000000000..f7d4c0932
--- /dev/null
+++ b/vendor/golang.org/x/exp/slog/value_120.go
@@ -0,0 +1,39 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.20
+
+package slog
+
+import "unsafe"
+
+type (
+	stringptr *byte // used in Value.any when the Value is a string
+	groupptr  *Attr // used in Value.any when the Value is a []Attr
+)
+
+// StringValue returns a new Value for a string.
+func StringValue(value string) Value {
+	return Value{num: uint64(len(value)), any: stringptr(unsafe.StringData(value))}
+}
+
+// GroupValue returns a new Value for a list of Attrs.
+// The caller must not subsequently mutate the argument slice.
+func GroupValue(as ...Attr) Value {
+	return Value{num: uint64(len(as)), any: groupptr(unsafe.SliceData(as))}
+}
+
+// String returns Value's value as a string, formatted like fmt.Sprint. Unlike
+// the methods Int64, Float64, and so on, which panic if v is of the
+// wrong kind, String never panics.
+func (v Value) String() string {
+	if sp, ok := v.any.(stringptr); ok {
+		return unsafe.String(sp, v.num)
+	}
+	return string(v.append(nil))
+}
+
+func (v Value) str() string {
+	return unsafe.String(v.any.(stringptr), v.num)
+}
diff --git a/vendor/golang.org/x/mod/modfile/rule.go b/vendor/golang.org/x/mod/modfile/rule.go
index 930b6c59b..35fd1f534 100644
--- a/vendor/golang.org/x/mod/modfile/rule.go
+++ b/vendor/golang.org/x/mod/modfile/rule.go
@@ -367,7 +367,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a
 				}
 			}
 			if !fixed {
-				errorf("invalid go version '%s': must match format 1.23", args[0])
+				errorf("invalid go version '%s': must match format 1.23.0", args[0])
 				return
 			}
 		}
@@ -384,7 +384,7 @@ func (f *File) add(errs *ErrorList, block *LineBlock, line *Line, verb string, a
 			errorf("toolchain directive expects exactly one argument")
 			return
 		} else if strict && !ToolchainRE.MatchString(args[0]) {
-			errorf("invalid toolchain version '%s': must match format go1.23 or local", args[0])
+			errorf("invalid toolchain version '%s': must match format go1.23.0 or local", args[0])
 			return
 		}
 		f.Toolchain = &Toolchain{Syntax: line}
@@ -542,7 +542,7 @@ func parseReplace(filename string, line *Line, verb string, args []string, fix V
 			if strings.Contains(ns, "@") {
 				return nil, errorf("replacement module must match format 'path version', not 'path@version'")
 			}
-			return nil, errorf("replacement module without version must be directory path (rooted or starting with ./ or ../)")
+			return nil, errorf("replacement module without version must be directory path (rooted or starting with . or ..)")
 		}
 		if filepath.Separator == '/' && strings.Contains(ns, `\`) {
 			return nil, errorf("replacement directory appears to be Windows path (on a non-windows system)")
@@ -555,7 +555,6 @@ func parseReplace(filename string, line *Line, verb string, args []string, fix V
 		}
 		if IsDirectoryPath(ns) {
 			return nil, errorf("replacement module directory path %q cannot have version", ns)
-
 		}
 	}
 	return &Replace{
@@ -679,14 +678,15 @@ func (f *WorkFile) add(errs *ErrorList, line *Line, verb string, args []string,
 	}
 }
 
-// IsDirectoryPath reports whether the given path should be interpreted
-// as a directory path. Just like on the go command line, relative paths
+// IsDirectoryPath reports whether the given path should be interpreted as a directory path.
+// Just like on the go command line, relative paths starting with a '.' or '..' path component
 // and rooted paths are directory paths; the rest are module paths.
 func IsDirectoryPath(ns string) bool {
 	// Because go.mod files can move from one system to another,
 	// we check all known path syntaxes, both Unix and Windows.
-	return strings.HasPrefix(ns, "./") || strings.HasPrefix(ns, "../") || strings.HasPrefix(ns, "/") ||
-		strings.HasPrefix(ns, `.\`) || strings.HasPrefix(ns, `..\`) || strings.HasPrefix(ns, `\`) ||
+	return ns == "." || strings.HasPrefix(ns, "./") || strings.HasPrefix(ns, `.\`) ||
+		ns == ".." || strings.HasPrefix(ns, "../") || strings.HasPrefix(ns, `..\`) ||
+		strings.HasPrefix(ns, "/") || strings.HasPrefix(ns, `\`) ||
 		len(ns) >= 2 && ('A' <= ns[0] && ns[0] <= 'Z' || 'a' <= ns[0] && ns[0] <= 'z') && ns[1] == ':'
 }
 
diff --git a/vendor/golang.org/x/net/context/context.go b/vendor/golang.org/x/net/context/context.go
deleted file mode 100644
index cf66309c4..000000000
--- a/vendor/golang.org/x/net/context/context.go
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package context defines the Context type, which carries deadlines,
-// cancelation signals, and other request-scoped values across API boundaries
-// and between processes.
-// As of Go 1.7 this package is available in the standard library under the
-// name context.  https://golang.org/pkg/context.
-//
-// Incoming requests to a server should create a Context, and outgoing calls to
-// servers should accept a Context. The chain of function calls between must
-// propagate the Context, optionally replacing it with a modified copy created
-// using WithDeadline, WithTimeout, WithCancel, or WithValue.
-//
-// Programs that use Contexts should follow these rules to keep interfaces
-// consistent across packages and enable static analysis tools to check context
-// propagation:
-//
-// Do not store Contexts inside a struct type; instead, pass a Context
-// explicitly to each function that needs it. The Context should be the first
-// parameter, typically named ctx:
-//
-//	func DoSomething(ctx context.Context, arg Arg) error {
-//		// ... use ctx ...
-//	}
-//
-// Do not pass a nil Context, even if a function permits it. Pass context.TODO
-// if you are unsure about which Context to use.
-//
-// Use context Values only for request-scoped data that transits processes and
-// APIs, not for passing optional parameters to functions.
-//
-// The same Context may be passed to functions running in different goroutines;
-// Contexts are safe for simultaneous use by multiple goroutines.
-//
-// See http://blog.golang.org/context for example code for a server that uses
-// Contexts.
-package context // import "golang.org/x/net/context"
-
-// Background returns a non-nil, empty Context. It is never canceled, has no
-// values, and has no deadline. It is typically used by the main function,
-// initialization, and tests, and as the top-level Context for incoming
-// requests.
-func Background() Context {
-	return background
-}
-
-// TODO returns a non-nil, empty Context. Code should use context.TODO when
-// it's unclear which Context to use or it is not yet available (because the
-// surrounding function has not yet been extended to accept a Context
-// parameter).  TODO is recognized by static analysis tools that determine
-// whether Contexts are propagated correctly in a program.
-func TODO() Context {
-	return todo
-}
diff --git a/vendor/golang.org/x/net/context/go17.go b/vendor/golang.org/x/net/context/go17.go
deleted file mode 100644
index 2cb9c408f..000000000
--- a/vendor/golang.org/x/net/context/go17.go
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.7
-// +build go1.7
-
-package context
-
-import (
-	"context" // standard library's context, as of Go 1.7
-	"time"
-)
-
-var (
-	todo       = context.TODO()
-	background = context.Background()
-)
-
-// Canceled is the error returned by Context.Err when the context is canceled.
-var Canceled = context.Canceled
-
-// DeadlineExceeded is the error returned by Context.Err when the context's
-// deadline passes.
-var DeadlineExceeded = context.DeadlineExceeded
-
-// WithCancel returns a copy of parent with a new Done channel. The returned
-// context's Done channel is closed when the returned cancel function is called
-// or when the parent context's Done channel is closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
-	ctx, f := context.WithCancel(parent)
-	return ctx, f
-}
-
-// WithDeadline returns a copy of the parent context with the deadline adjusted
-// to be no later than d. If the parent's deadline is already earlier than d,
-// WithDeadline(parent, d) is semantically equivalent to parent. The returned
-// context's Done channel is closed when the deadline expires, when the returned
-// cancel function is called, or when the parent context's Done channel is
-// closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
-	ctx, f := context.WithDeadline(parent, deadline)
-	return ctx, f
-}
-
-// WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete:
-//
-//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-//		return slowOperation(ctx)
-//	}
-func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
-	return WithDeadline(parent, time.Now().Add(timeout))
-}
-
-// WithValue returns a copy of parent in which the value associated with key is
-// val.
-//
-// Use context Values only for request-scoped data that transits processes and
-// APIs, not for passing optional parameters to functions.
-func WithValue(parent Context, key interface{}, val interface{}) Context {
-	return context.WithValue(parent, key, val)
-}
diff --git a/vendor/golang.org/x/net/context/go19.go b/vendor/golang.org/x/net/context/go19.go
deleted file mode 100644
index 64d31ecc3..000000000
--- a/vendor/golang.org/x/net/context/go19.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.9
-// +build go1.9
-
-package context
-
-import "context" // standard library's context, as of Go 1.7
-
-// A Context carries a deadline, a cancelation signal, and other values across
-// API boundaries.
-//
-// Context's methods may be called by multiple goroutines simultaneously.
-type Context = context.Context
-
-// A CancelFunc tells an operation to abandon its work.
-// A CancelFunc does not wait for the work to stop.
-// After the first call, subsequent calls to a CancelFunc do nothing.
-type CancelFunc = context.CancelFunc
diff --git a/vendor/golang.org/x/net/context/pre_go17.go b/vendor/golang.org/x/net/context/pre_go17.go
deleted file mode 100644
index 7b6b68511..000000000
--- a/vendor/golang.org/x/net/context/pre_go17.go
+++ /dev/null
@@ -1,301 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.7
-// +build !go1.7
-
-package context
-
-import (
-	"errors"
-	"fmt"
-	"sync"
-	"time"
-)
-
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
-	return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
-	return nil
-}
-
-func (*emptyCtx) Err() error {
-	return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
-	return nil
-}
-
-func (e *emptyCtx) String() string {
-	switch e {
-	case background:
-		return "context.Background"
-	case todo:
-		return "context.TODO"
-	}
-	return "unknown empty Context"
-}
-
-var (
-	background = new(emptyCtx)
-	todo       = new(emptyCtx)
-)
-
-// Canceled is the error returned by Context.Err when the context is canceled.
-var Canceled = errors.New("context canceled")
-
-// DeadlineExceeded is the error returned by Context.Err when the context's
-// deadline passes.
-var DeadlineExceeded = errors.New("context deadline exceeded")
-
-// WithCancel returns a copy of parent with a new Done channel. The returned
-// context's Done channel is closed when the returned cancel function is called
-// or when the parent context's Done channel is closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
-	c := newCancelCtx(parent)
-	propagateCancel(parent, c)
-	return c, func() { c.cancel(true, Canceled) }
-}
-
-// newCancelCtx returns an initialized cancelCtx.
-func newCancelCtx(parent Context) *cancelCtx {
-	return &cancelCtx{
-		Context: parent,
-		done:    make(chan struct{}),
-	}
-}
-
-// propagateCancel arranges for child to be canceled when parent is.
-func propagateCancel(parent Context, child canceler) {
-	if parent.Done() == nil {
-		return // parent is never canceled
-	}
-	if p, ok := parentCancelCtx(parent); ok {
-		p.mu.Lock()
-		if p.err != nil {
-			// parent has already been canceled
-			child.cancel(false, p.err)
-		} else {
-			if p.children == nil {
-				p.children = make(map[canceler]bool)
-			}
-			p.children[child] = true
-		}
-		p.mu.Unlock()
-	} else {
-		go func() {
-			select {
-			case <-parent.Done():
-				child.cancel(false, parent.Err())
-			case <-child.Done():
-			}
-		}()
-	}
-}
-
-// parentCancelCtx follows a chain of parent references until it finds a
-// *cancelCtx. This function understands how each of the concrete types in this
-// package represents its parent.
-func parentCancelCtx(parent Context) (*cancelCtx, bool) {
-	for {
-		switch c := parent.(type) {
-		case *cancelCtx:
-			return c, true
-		case *timerCtx:
-			return c.cancelCtx, true
-		case *valueCtx:
-			parent = c.Context
-		default:
-			return nil, false
-		}
-	}
-}
-
-// removeChild removes a context from its parent.
-func removeChild(parent Context, child canceler) {
-	p, ok := parentCancelCtx(parent)
-	if !ok {
-		return
-	}
-	p.mu.Lock()
-	if p.children != nil {
-		delete(p.children, child)
-	}
-	p.mu.Unlock()
-}
-
-// A canceler is a context type that can be canceled directly. The
-// implementations are *cancelCtx and *timerCtx.
-type canceler interface {
-	cancel(removeFromParent bool, err error)
-	Done() <-chan struct{}
-}
-
-// A cancelCtx can be canceled. When canceled, it also cancels any children
-// that implement canceler.
-type cancelCtx struct {
-	Context
-
-	done chan struct{} // closed by the first cancel call.
-
-	mu       sync.Mutex
-	children map[canceler]bool // set to nil by the first cancel call
-	err      error             // set to non-nil by the first cancel call
-}
-
-func (c *cancelCtx) Done() <-chan struct{} {
-	return c.done
-}
-
-func (c *cancelCtx) Err() error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	return c.err
-}
-
-func (c *cancelCtx) String() string {
-	return fmt.Sprintf("%v.WithCancel", c.Context)
-}
-
-// cancel closes c.done, cancels each of c's children, and, if
-// removeFromParent is true, removes c from its parent's children.
-func (c *cancelCtx) cancel(removeFromParent bool, err error) {
-	if err == nil {
-		panic("context: internal error: missing cancel error")
-	}
-	c.mu.Lock()
-	if c.err != nil {
-		c.mu.Unlock()
-		return // already canceled
-	}
-	c.err = err
-	close(c.done)
-	for child := range c.children {
-		// NOTE: acquiring the child's lock while holding parent's lock.
-		child.cancel(false, err)
-	}
-	c.children = nil
-	c.mu.Unlock()
-
-	if removeFromParent {
-		removeChild(c.Context, c)
-	}
-}
-
-// WithDeadline returns a copy of the parent context with the deadline adjusted
-// to be no later than d. If the parent's deadline is already earlier than d,
-// WithDeadline(parent, d) is semantically equivalent to parent. The returned
-// context's Done channel is closed when the deadline expires, when the returned
-// cancel function is called, or when the parent context's Done channel is
-// closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
-	if cur, ok := parent.Deadline(); ok && cur.Before(deadline) {
-		// The current deadline is already sooner than the new one.
-		return WithCancel(parent)
-	}
-	c := &timerCtx{
-		cancelCtx: newCancelCtx(parent),
-		deadline:  deadline,
-	}
-	propagateCancel(parent, c)
-	d := deadline.Sub(time.Now())
-	if d <= 0 {
-		c.cancel(true, DeadlineExceeded) // deadline has already passed
-		return c, func() { c.cancel(true, Canceled) }
-	}
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if c.err == nil {
-		c.timer = time.AfterFunc(d, func() {
-			c.cancel(true, DeadlineExceeded)
-		})
-	}
-	return c, func() { c.cancel(true, Canceled) }
-}
-
-// A timerCtx carries a timer and a deadline. It embeds a cancelCtx to
-// implement Done and Err. It implements cancel by stopping its timer then
-// delegating to cancelCtx.cancel.
-type timerCtx struct {
-	*cancelCtx
-	timer *time.Timer // Under cancelCtx.mu.
-
-	deadline time.Time
-}
-
-func (c *timerCtx) Deadline() (deadline time.Time, ok bool) {
-	return c.deadline, true
-}
-
-func (c *timerCtx) String() string {
-	return fmt.Sprintf("%v.WithDeadline(%s [%s])", c.cancelCtx.Context, c.deadline, c.deadline.Sub(time.Now()))
-}
-
-func (c *timerCtx) cancel(removeFromParent bool, err error) {
-	c.cancelCtx.cancel(false, err)
-	if removeFromParent {
-		// Remove this timerCtx from its parent cancelCtx's children.
-		removeChild(c.cancelCtx.Context, c)
-	}
-	c.mu.Lock()
-	if c.timer != nil {
-		c.timer.Stop()
-		c.timer = nil
-	}
-	c.mu.Unlock()
-}
-
-// WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete:
-//
-//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-//		return slowOperation(ctx)
-//	}
-func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
-	return WithDeadline(parent, time.Now().Add(timeout))
-}
-
-// WithValue returns a copy of parent in which the value associated with key is
-// val.
-//
-// Use context Values only for request-scoped data that transits processes and
-// APIs, not for passing optional parameters to functions.
-func WithValue(parent Context, key interface{}, val interface{}) Context {
-	return &valueCtx{parent, key, val}
-}
-
-// A valueCtx carries a key-value pair. It implements Value for that key and
-// delegates all other calls to the embedded Context.
-type valueCtx struct {
-	Context
-	key, val interface{}
-}
-
-func (c *valueCtx) String() string {
-	return fmt.Sprintf("%v.WithValue(%#v, %#v)", c.Context, c.key, c.val)
-}
-
-func (c *valueCtx) Value(key interface{}) interface{} {
-	if c.key == key {
-		return c.val
-	}
-	return c.Context.Value(key)
-}
diff --git a/vendor/golang.org/x/net/context/pre_go19.go b/vendor/golang.org/x/net/context/pre_go19.go
deleted file mode 100644
index 1f9715341..000000000
--- a/vendor/golang.org/x/net/context/pre_go19.go
+++ /dev/null
@@ -1,110 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.9
-// +build !go1.9
-
-package context
-
-import "time"
-
-// A Context carries a deadline, a cancelation signal, and other values across
-// API boundaries.
-//
-// Context's methods may be called by multiple goroutines simultaneously.
-type Context interface {
-	// Deadline returns the time when work done on behalf of this context
-	// should be canceled. Deadline returns ok==false when no deadline is
-	// set. Successive calls to Deadline return the same results.
-	Deadline() (deadline time.Time, ok bool)
-
-	// Done returns a channel that's closed when work done on behalf of this
-	// context should be canceled. Done may return nil if this context can
-	// never be canceled. Successive calls to Done return the same value.
-	//
-	// WithCancel arranges for Done to be closed when cancel is called;
-	// WithDeadline arranges for Done to be closed when the deadline
-	// expires; WithTimeout arranges for Done to be closed when the timeout
-	// elapses.
-	//
-	// Done is provided for use in select statements:
-	//
-	//  // Stream generates values with DoSomething and sends them to out
-	//  // until DoSomething returns an error or ctx.Done is closed.
-	//  func Stream(ctx context.Context, out chan<- Value) error {
-	//  	for {
-	//  		v, err := DoSomething(ctx)
-	//  		if err != nil {
-	//  			return err
-	//  		}
-	//  		select {
-	//  		case <-ctx.Done():
-	//  			return ctx.Err()
-	//  		case out <- v:
-	//  		}
-	//  	}
-	//  }
-	//
-	// See http://blog.golang.org/pipelines for more examples of how to use
-	// a Done channel for cancelation.
-	Done() <-chan struct{}
-
-	// Err returns a non-nil error value after Done is closed. Err returns
-	// Canceled if the context was canceled or DeadlineExceeded if the
-	// context's deadline passed. No other values for Err are defined.
-	// After Done is closed, successive calls to Err return the same value.
-	Err() error
-
-	// Value returns the value associated with this context for key, or nil
-	// if no value is associated with key. Successive calls to Value with
-	// the same key returns the same result.
-	//
-	// Use context values only for request-scoped data that transits
-	// processes and API boundaries, not for passing optional parameters to
-	// functions.
-	//
-	// A key identifies a specific value in a Context. Functions that wish
-	// to store values in Context typically allocate a key in a global
-	// variable then use that key as the argument to context.WithValue and
-	// Context.Value. A key can be any type that supports equality;
-	// packages should define keys as an unexported type to avoid
-	// collisions.
-	//
-	// Packages that define a Context key should provide type-safe accessors
-	// for the values stores using that key:
-	//
-	// 	// Package user defines a User type that's stored in Contexts.
-	// 	package user
-	//
-	// 	import "golang.org/x/net/context"
-	//
-	// 	// User is the type of value stored in the Contexts.
-	// 	type User struct {...}
-	//
-	// 	// key is an unexported type for keys defined in this package.
-	// 	// This prevents collisions with keys defined in other packages.
-	// 	type key int
-	//
-	// 	// userKey is the key for user.User values in Contexts. It is
-	// 	// unexported; clients use user.NewContext and user.FromContext
-	// 	// instead of using this key directly.
-	// 	var userKey key = 0
-	//
-	// 	// NewContext returns a new Context that carries value u.
-	// 	func NewContext(ctx context.Context, u *User) context.Context {
-	// 		return context.WithValue(ctx, userKey, u)
-	// 	}
-	//
-	// 	// FromContext returns the User value stored in ctx, if any.
-	// 	func FromContext(ctx context.Context) (*User, bool) {
-	// 		u, ok := ctx.Value(userKey).(*User)
-	// 		return u, ok
-	// 	}
-	Value(key interface{}) interface{}
-}
-
-// A CancelFunc tells an operation to abandon its work.
-// A CancelFunc does not wait for the work to stop.
-// After the first call, subsequent calls to a CancelFunc do nothing.
-type CancelFunc func()
diff --git a/vendor/golang.org/x/net/http2/databuffer.go b/vendor/golang.org/x/net/http2/databuffer.go
index a3067f8de..e6f55cbd1 100644
--- a/vendor/golang.org/x/net/http2/databuffer.go
+++ b/vendor/golang.org/x/net/http2/databuffer.go
@@ -20,41 +20,44 @@ import (
 // TODO: Benchmark to determine if the pools are necessary. The GC may have
 // improved enough that we can instead allocate chunks like this:
 // make([]byte, max(16<<10, expectedBytesRemaining))
-var (
-	dataChunkSizeClasses = []int{
-		1 << 10,
-		2 << 10,
-		4 << 10,
-		8 << 10,
-		16 << 10,
-	}
-	dataChunkPools = [...]sync.Pool{
-		{New: func() interface{} { return make([]byte, 1<<10) }},
-		{New: func() interface{} { return make([]byte, 2<<10) }},
-		{New: func() interface{} { return make([]byte, 4<<10) }},
-		{New: func() interface{} { return make([]byte, 8<<10) }},
-		{New: func() interface{} { return make([]byte, 16<<10) }},
-	}
-)
+var dataChunkPools = [...]sync.Pool{
+	{New: func() interface{} { return new([1 << 10]byte) }},
+	{New: func() interface{} { return new([2 << 10]byte) }},
+	{New: func() interface{} { return new([4 << 10]byte) }},
+	{New: func() interface{} { return new([8 << 10]byte) }},
+	{New: func() interface{} { return new([16 << 10]byte) }},
+}
 
 func getDataBufferChunk(size int64) []byte {
-	i := 0
-	for ; i < len(dataChunkSizeClasses)-1; i++ {
-		if size <= int64(dataChunkSizeClasses[i]) {
-			break
-		}
+	switch {
+	case size <= 1<<10:
+		return dataChunkPools[0].Get().(*[1 << 10]byte)[:]
+	case size <= 2<<10:
+		return dataChunkPools[1].Get().(*[2 << 10]byte)[:]
+	case size <= 4<<10:
+		return dataChunkPools[2].Get().(*[4 << 10]byte)[:]
+	case size <= 8<<10:
+		return dataChunkPools[3].Get().(*[8 << 10]byte)[:]
+	default:
+		return dataChunkPools[4].Get().(*[16 << 10]byte)[:]
 	}
-	return dataChunkPools[i].Get().([]byte)
 }
 
 func putDataBufferChunk(p []byte) {
-	for i, n := range dataChunkSizeClasses {
-		if len(p) == n {
-			dataChunkPools[i].Put(p)
-			return
-		}
+	switch len(p) {
+	case 1 << 10:
+		dataChunkPools[0].Put((*[1 << 10]byte)(p))
+	case 2 << 10:
+		dataChunkPools[1].Put((*[2 << 10]byte)(p))
+	case 4 << 10:
+		dataChunkPools[2].Put((*[4 << 10]byte)(p))
+	case 8 << 10:
+		dataChunkPools[3].Put((*[8 << 10]byte)(p))
+	case 16 << 10:
+		dataChunkPools[4].Put((*[16 << 10]byte)(p))
+	default:
+		panic(fmt.Sprintf("unexpected buffer len=%v", len(p)))
 	}
-	panic(fmt.Sprintf("unexpected buffer len=%v", len(p)))
 }
 
 // dataBuffer is an io.ReadWriter backed by a list of data chunks.
diff --git a/vendor/golang.org/x/net/http2/go111.go b/vendor/golang.org/x/net/http2/go111.go
deleted file mode 100644
index 5bf62b032..000000000
--- a/vendor/golang.org/x/net/http2/go111.go
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.11
-// +build go1.11
-
-package http2
-
-import (
-	"net/http/httptrace"
-	"net/textproto"
-)
-
-func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool {
-	return trace != nil && trace.WroteHeaderField != nil
-}
-
-func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {
-	if trace != nil && trace.WroteHeaderField != nil {
-		trace.WroteHeaderField(k, []string{v})
-	}
-}
-
-func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
-	if trace != nil {
-		return trace.Got1xxResponse
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/net/http2/go115.go b/vendor/golang.org/x/net/http2/go115.go
deleted file mode 100644
index 908af1ab9..000000000
--- a/vendor/golang.org/x/net/http2/go115.go
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.15
-// +build go1.15
-
-package http2
-
-import (
-	"context"
-	"crypto/tls"
-)
-
-// dialTLSWithContext uses tls.Dialer, added in Go 1.15, to open a TLS
-// connection.
-func (t *Transport) dialTLSWithContext(ctx context.Context, network, addr string, cfg *tls.Config) (*tls.Conn, error) {
-	dialer := &tls.Dialer{
-		Config: cfg,
-	}
-	cn, err := dialer.DialContext(ctx, network, addr)
-	if err != nil {
-		return nil, err
-	}
-	tlsCn := cn.(*tls.Conn) // DialContext comment promises this will always succeed
-	return tlsCn, nil
-}
diff --git a/vendor/golang.org/x/net/http2/go118.go b/vendor/golang.org/x/net/http2/go118.go
deleted file mode 100644
index aca4b2b31..000000000
--- a/vendor/golang.org/x/net/http2/go118.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.18
-// +build go1.18
-
-package http2
-
-import (
-	"crypto/tls"
-	"net"
-)
-
-func tlsUnderlyingConn(tc *tls.Conn) net.Conn {
-	return tc.NetConn()
-}
diff --git a/vendor/golang.org/x/net/http2/not_go111.go b/vendor/golang.org/x/net/http2/not_go111.go
deleted file mode 100644
index cc0baa819..000000000
--- a/vendor/golang.org/x/net/http2/not_go111.go
+++ /dev/null
@@ -1,21 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.11
-// +build !go1.11
-
-package http2
-
-import (
-	"net/http/httptrace"
-	"net/textproto"
-)
-
-func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool { return false }
-
-func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {}
-
-func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
-	return nil
-}
diff --git a/vendor/golang.org/x/net/http2/not_go115.go b/vendor/golang.org/x/net/http2/not_go115.go
deleted file mode 100644
index e6c04cf7a..000000000
--- a/vendor/golang.org/x/net/http2/not_go115.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.15
-// +build !go1.15
-
-package http2
-
-import (
-	"context"
-	"crypto/tls"
-)
-
-// dialTLSWithContext opens a TLS connection.
-func (t *Transport) dialTLSWithContext(ctx context.Context, network, addr string, cfg *tls.Config) (*tls.Conn, error) {
-	cn, err := tls.Dial(network, addr, cfg)
-	if err != nil {
-		return nil, err
-	}
-	if err := cn.Handshake(); err != nil {
-		return nil, err
-	}
-	if cfg.InsecureSkipVerify {
-		return cn, nil
-	}
-	if err := cn.VerifyHostname(cfg.ServerName); err != nil {
-		return nil, err
-	}
-	return cn, nil
-}
diff --git a/vendor/golang.org/x/net/http2/not_go118.go b/vendor/golang.org/x/net/http2/not_go118.go
deleted file mode 100644
index eab532c96..000000000
--- a/vendor/golang.org/x/net/http2/not_go118.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2021 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.18
-// +build !go1.18
-
-package http2
-
-import (
-	"crypto/tls"
-	"net"
-)
-
-func tlsUnderlyingConn(tc *tls.Conn) net.Conn {
-	return nil
-}
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
index 02c88b6b3..ae94c6408 100644
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@@ -2549,7 +2549,6 @@ type responseWriterState struct {
 	wroteHeader   bool        // WriteHeader called (explicitly or implicitly). Not necessarily sent to user yet.
 	sentHeader    bool        // have we sent the header frame?
 	handlerDone   bool        // handler has finished
-	dirty         bool        // a Write failed; don't reuse this responseWriterState
 
 	sentContentLen int64 // non-zero if handler set a Content-Length header
 	wroteBytes     int64
@@ -2669,7 +2668,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			date:          date,
 		})
 		if err != nil {
-			rws.dirty = true
 			return 0, err
 		}
 		if endStream {
@@ -2690,7 +2688,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 	if len(p) > 0 || endStream {
 		// only send a 0 byte DATA frame if we're ending the stream.
 		if err := rws.conn.writeDataFromHandler(rws.stream, p, endStream); err != nil {
-			rws.dirty = true
 			return 0, err
 		}
 	}
@@ -2702,9 +2699,6 @@ func (rws *responseWriterState) writeChunk(p []byte) (n int, err error) {
 			trailers:  rws.trailers,
 			endStream: true,
 		})
-		if err != nil {
-			rws.dirty = true
-		}
 		return len(p), err
 	}
 	return len(p), nil
@@ -2920,14 +2914,12 @@ func (rws *responseWriterState) writeHeader(code int) {
 			h.Del("Transfer-Encoding")
 		}
 
-		if rws.conn.writeHeaders(rws.stream, &writeResHeaders{
+		rws.conn.writeHeaders(rws.stream, &writeResHeaders{
 			streamID:    rws.stream.id,
 			httpResCode: code,
 			h:           h,
 			endStream:   rws.handlerDone && !rws.hasTrailers(),
-		}) != nil {
-			rws.dirty = true
-		}
+		})
 
 		return
 	}
@@ -2992,19 +2984,10 @@ func (w *responseWriter) write(lenData int, dataB []byte, dataS string) (n int,
 
 func (w *responseWriter) handlerDone() {
 	rws := w.rws
-	dirty := rws.dirty
 	rws.handlerDone = true
 	w.Flush()
 	w.rws = nil
-	if !dirty {
-		// Only recycle the pool if all prior Write calls to
-		// the serverConn goroutine completed successfully. If
-		// they returned earlier due to resets from the peer
-		// there might still be write goroutines outstanding
-		// from the serverConn referencing the rws memory. See
-		// issue 20704.
-		responseWriterStatePool.Put(rws)
-	}
+	responseWriterStatePool.Put(rws)
 }
 
 // Push errors.
@@ -3187,6 +3170,7 @@ func (sc *serverConn) startPush(msg *startPushRequest) {
 			panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
 		}
 
+		sc.curHandlers++
 		go sc.runHandler(rw, req, sc.handler.ServeHTTP)
 		return promisedID, nil
 	}
diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go
index 4515b22c4..df578b86c 100644
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@@ -1018,7 +1018,7 @@ func (cc *ClientConn) forceCloseConn() {
 	if !ok {
 		return
 	}
-	if nc := tlsUnderlyingConn(tc); nc != nil {
+	if nc := tc.NetConn(); nc != nil {
 		nc.Close()
 	}
 }
@@ -3201,3 +3201,34 @@ func traceFirstResponseByte(trace *httptrace.ClientTrace) {
 		trace.GotFirstResponseByte()
 	}
 }
+
+func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool {
+	return trace != nil && trace.WroteHeaderField != nil
+}
+
+func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {
+	if trace != nil && trace.WroteHeaderField != nil {
+		trace.WroteHeaderField(k, []string{v})
+	}
+}
+
+func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
+	if trace != nil {
+		return trace.Got1xxResponse
+	}
+	return nil
+}
+
+// dialTLSWithContext uses tls.Dialer, added in Go 1.15, to open a TLS
+// connection.
+func (t *Transport) dialTLSWithContext(ctx context.Context, network, addr string, cfg *tls.Config) (*tls.Conn, error) {
+	dialer := &tls.Dialer{
+		Config: cfg,
+	}
+	cn, err := dialer.DialContext(ctx, network, addr)
+	if err != nil {
+		return nil, err
+	}
+	tlsCn := cn.(*tls.Conn) // DialContext comment promises this will always succeed
+	return tlsCn, nil
+}
diff --git a/vendor/golang.org/x/net/idna/go118.go b/vendor/golang.org/x/net/idna/go118.go
index c5c4338db..712f1ad83 100644
--- a/vendor/golang.org/x/net/idna/go118.go
+++ b/vendor/golang.org/x/net/idna/go118.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.18
-// +build go1.18
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/idna10.0.0.go b/vendor/golang.org/x/net/idna/idna10.0.0.go
index 64ccf85fe..7b3717884 100644
--- a/vendor/golang.org/x/net/idna/idna10.0.0.go
+++ b/vendor/golang.org/x/net/idna/idna10.0.0.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.10
-// +build go1.10
 
 // Package idna implements IDNA2008 using the compatibility processing
 // defined by UTS (Unicode Technical Standard) #46, which defines a standard to
diff --git a/vendor/golang.org/x/net/idna/idna9.0.0.go b/vendor/golang.org/x/net/idna/idna9.0.0.go
index ee1698cef..cc6a892a4 100644
--- a/vendor/golang.org/x/net/idna/idna9.0.0.go
+++ b/vendor/golang.org/x/net/idna/idna9.0.0.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.10
-// +build !go1.10
 
 // Package idna implements IDNA2008 using the compatibility processing
 // defined by UTS (Unicode Technical Standard) #46, which defines a standard to
diff --git a/vendor/golang.org/x/net/idna/pre_go118.go b/vendor/golang.org/x/net/idna/pre_go118.go
index 3aaccab1c..40e74bb3d 100644
--- a/vendor/golang.org/x/net/idna/pre_go118.go
+++ b/vendor/golang.org/x/net/idna/pre_go118.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.18
-// +build !go1.18
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables10.0.0.go b/vendor/golang.org/x/net/idna/tables10.0.0.go
index d1d62ef45..c6c2bf10a 100644
--- a/vendor/golang.org/x/net/idna/tables10.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables11.0.0.go b/vendor/golang.org/x/net/idna/tables11.0.0.go
index 167efba71..76789393c 100644
--- a/vendor/golang.org/x/net/idna/tables11.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables12.0.0.go b/vendor/golang.org/x/net/idna/tables12.0.0.go
index ab40f7bcc..0600cd2ae 100644
--- a/vendor/golang.org/x/net/idna/tables12.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables13.0.0.go b/vendor/golang.org/x/net/idna/tables13.0.0.go
index 66701eadf..2fb768ef6 100644
--- a/vendor/golang.org/x/net/idna/tables13.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables15.0.0.go b/vendor/golang.org/x/net/idna/tables15.0.0.go
index 40033778f..5ff05fe1a 100644
--- a/vendor/golang.org/x/net/idna/tables15.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/tables9.0.0.go b/vendor/golang.org/x/net/idna/tables9.0.0.go
index 4074b5332..0f25e84ca 100644
--- a/vendor/golang.org/x/net/idna/tables9.0.0.go
+++ b/vendor/golang.org/x/net/idna/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/trie12.0.0.go b/vendor/golang.org/x/net/idna/trie12.0.0.go
index bb63f904b..8a75b9667 100644
--- a/vendor/golang.org/x/net/idna/trie12.0.0.go
+++ b/vendor/golang.org/x/net/idna/trie12.0.0.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.16
-// +build !go1.16
 
 package idna
 
diff --git a/vendor/golang.org/x/net/idna/trie13.0.0.go b/vendor/golang.org/x/net/idna/trie13.0.0.go
index 7d68a8dc1..fa45bb907 100644
--- a/vendor/golang.org/x/net/idna/trie13.0.0.go
+++ b/vendor/golang.org/x/net/idna/trie13.0.0.go
@@ -5,7 +5,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.16
-// +build go1.16
 
 package idna
 
diff --git a/vendor/golang.org/x/oauth2/deviceauth.go b/vendor/golang.org/x/oauth2/deviceauth.go
new file mode 100644
index 000000000..e99c92f39
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/deviceauth.go
@@ -0,0 +1,198 @@
+package oauth2
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2/internal"
+)
+
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+const (
+	errAuthorizationPending = "authorization_pending"
+	errSlowDown             = "slow_down"
+	errAccessDenied         = "access_denied"
+	errExpiredToken         = "expired_token"
+)
+
+// DeviceAuthResponse describes a successful RFC 8628 Device Authorization Response
+// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+type DeviceAuthResponse struct {
+	// DeviceCode
+	DeviceCode string `json:"device_code"`
+	// UserCode is the code the user should enter at the verification uri
+	UserCode string `json:"user_code"`
+	// VerificationURI is where user should enter the user code
+	VerificationURI string `json:"verification_uri"`
+	// VerificationURIComplete (if populated) includes the user code in the verification URI. This is typically shown to the user in non-textual form, such as a QR code.
+	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
+	// Expiry is when the device code and user code expire
+	Expiry time.Time `json:"expires_in,omitempty"`
+	// Interval is the duration in seconds that Poll should wait between requests
+	Interval int64 `json:"interval,omitempty"`
+}
+
+func (d DeviceAuthResponse) MarshalJSON() ([]byte, error) {
+	type Alias DeviceAuthResponse
+	var expiresIn int64
+	if !d.Expiry.IsZero() {
+		expiresIn = int64(time.Until(d.Expiry).Seconds())
+	}
+	return json.Marshal(&struct {
+		ExpiresIn int64 `json:"expires_in,omitempty"`
+		*Alias
+	}{
+		ExpiresIn: expiresIn,
+		Alias:     (*Alias)(&d),
+	})
+
+}
+
+func (c *DeviceAuthResponse) UnmarshalJSON(data []byte) error {
+	type Alias DeviceAuthResponse
+	aux := &struct {
+		ExpiresIn int64 `json:"expires_in"`
+		// workaround misspelling of verification_uri
+		VerificationURL string `json:"verification_url"`
+		*Alias
+	}{
+		Alias: (*Alias)(c),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+	if aux.ExpiresIn != 0 {
+		c.Expiry = time.Now().UTC().Add(time.Second * time.Duration(aux.ExpiresIn))
+	}
+	if c.VerificationURI == "" {
+		c.VerificationURI = aux.VerificationURL
+	}
+	return nil
+}
+
+// DeviceAuth returns a device auth struct which contains a device code
+// and authorization information provided for users to enter on another device.
+func (c *Config) DeviceAuth(ctx context.Context, opts ...AuthCodeOption) (*DeviceAuthResponse, error) {
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+	v := url.Values{
+		"client_id": {c.ClientID},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+	return retrieveDeviceAuth(ctx, c, v)
+}
+
+func retrieveDeviceAuth(ctx context.Context, c *Config, v url.Values) (*DeviceAuthResponse, error) {
+	if c.Endpoint.DeviceAuthURL == "" {
+		return nil, errors.New("endpoint missing DeviceAuthURL")
+	}
+
+	req, err := http.NewRequest("POST", c.Endpoint.DeviceAuthURL, strings.NewReader(v.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Set("Accept", "application/json")
+
+	t := time.Now()
+	r, err := internal.ContextClient(ctx).Do(req)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := io.ReadAll(io.LimitReader(r.Body, 1<<20))
+	if err != nil {
+		return nil, fmt.Errorf("oauth2: cannot auth device: %v", err)
+	}
+	if code := r.StatusCode; code < 200 || code > 299 {
+		return nil, &RetrieveError{
+			Response: r,
+			Body:     body,
+		}
+	}
+
+	da := &DeviceAuthResponse{}
+	err = json.Unmarshal(body, &da)
+	if err != nil {
+		return nil, fmt.Errorf("unmarshal %s", err)
+	}
+
+	if !da.Expiry.IsZero() {
+		// Make a small adjustment to account for time taken by the request
+		da.Expiry = da.Expiry.Add(-time.Since(t))
+	}
+
+	return da, nil
+}
+
+// DeviceAccessToken polls the server to exchange a device code for a token.
+func (c *Config) DeviceAccessToken(ctx context.Context, da *DeviceAuthResponse, opts ...AuthCodeOption) (*Token, error) {
+	if !da.Expiry.IsZero() {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithDeadline(ctx, da.Expiry)
+		defer cancel()
+	}
+
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+	v := url.Values{
+		"client_id":   {c.ClientID},
+		"grant_type":  {"urn:ietf:params:oauth:grant-type:device_code"},
+		"device_code": {da.DeviceCode},
+	}
+	if len(c.Scopes) > 0 {
+		v.Set("scope", strings.Join(c.Scopes, " "))
+	}
+	for _, opt := range opts {
+		opt.setValue(v)
+	}
+
+	// "If no value is provided, clients MUST use 5 as the default."
+	// https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+	interval := da.Interval
+	if interval == 0 {
+		interval = 5
+	}
+
+	ticker := time.NewTicker(time.Duration(interval) * time.Second)
+	defer ticker.Stop()
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case <-ticker.C:
+			tok, err := retrieveToken(ctx, c, v)
+			if err == nil {
+				return tok, nil
+			}
+
+			e, ok := err.(*RetrieveError)
+			if !ok {
+				return nil, err
+			}
+			switch e.ErrorCode {
+			case errSlowDown:
+				// https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+				// "the interval MUST be increased by 5 seconds for this and all subsequent requests"
+				interval += 5
+				ticker.Reset(time.Duration(interval) * time.Second)
+			case errAuthorizationPending:
+				// Do nothing.
+			case errAccessDenied, errExpiredToken:
+				fallthrough
+			default:
+				return tok, err
+			}
+		}
+	}
+}
diff --git a/vendor/golang.org/x/oauth2/internal/token.go b/vendor/golang.org/x/oauth2/internal/token.go
index 58901bda5..e83ddeef0 100644
--- a/vendor/golang.org/x/oauth2/internal/token.go
+++ b/vendor/golang.org/x/oauth2/internal/token.go
@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 )
 
@@ -115,41 +116,60 @@ const (
 	AuthStyleInHeader AuthStyle = 2
 )
 
-// authStyleCache is the set of tokenURLs we've successfully used via
+// LazyAuthStyleCache is a backwards compatibility compromise to let Configs
+// have a lazily-initialized AuthStyleCache.
+//
+// The two users of this, oauth2.Config and oauth2/clientcredentials.Config,
+// both would ideally just embed an unexported AuthStyleCache but because both
+// were historically allowed to be copied by value we can't retroactively add an
+// uncopyable Mutex to them.
+//
+// We could use an atomic.Pointer, but that was added recently enough (in Go
+// 1.18) that we'd break Go 1.17 users where the tests as of 2023-08-03
+// still pass. By using an atomic.Value, it supports both Go 1.17 and
+// copying by value, even if that's not ideal.
+type LazyAuthStyleCache struct {
+	v atomic.Value // of *AuthStyleCache
+}
+
+func (lc *LazyAuthStyleCache) Get() *AuthStyleCache {
+	if c, ok := lc.v.Load().(*AuthStyleCache); ok {
+		return c
+	}
+	c := new(AuthStyleCache)
+	if !lc.v.CompareAndSwap(nil, c) {
+		c = lc.v.Load().(*AuthStyleCache)
+	}
+	return c
+}
+
+// AuthStyleCache is the set of tokenURLs we've successfully used via
 // RetrieveToken and which style auth we ended up using.
 // It's called a cache, but it doesn't (yet?) shrink. It's expected that
 // the set of OAuth2 servers a program contacts over time is fixed and
 // small.
-var authStyleCache struct {
-	sync.Mutex
-	m map[string]AuthStyle // keyed by tokenURL
-}
-
-// ResetAuthCache resets the global authentication style cache used
-// for AuthStyleUnknown token requests.
-func ResetAuthCache() {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	authStyleCache.m = nil
+type AuthStyleCache struct {
+	mu sync.Mutex
+	m  map[string]AuthStyle // keyed by tokenURL
 }
 
 // lookupAuthStyle reports which auth style we last used with tokenURL
 // when calling RetrieveToken and whether we have ever done so.
-func lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	style, ok = authStyleCache.m[tokenURL]
+func (c *AuthStyleCache) lookupAuthStyle(tokenURL string) (style AuthStyle, ok bool) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	style, ok = c.m[tokenURL]
 	return
 }
 
 // setAuthStyle adds an entry to authStyleCache, documented above.
-func setAuthStyle(tokenURL string, v AuthStyle) {
-	authStyleCache.Lock()
-	defer authStyleCache.Unlock()
-	if authStyleCache.m == nil {
-		authStyleCache.m = make(map[string]AuthStyle)
+func (c *AuthStyleCache) setAuthStyle(tokenURL string, v AuthStyle) {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	if c.m == nil {
+		c.m = make(map[string]AuthStyle)
 	}
-	authStyleCache.m[tokenURL] = v
+	c.m[tokenURL] = v
 }
 
 // newTokenRequest returns a new *http.Request to retrieve a new token
@@ -189,10 +209,10 @@ func cloneURLValues(v url.Values) url.Values {
 	return v2
 }
 
-func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle) (*Token, error) {
+func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values, authStyle AuthStyle, styleCache *AuthStyleCache) (*Token, error) {
 	needsAuthStyleProbe := authStyle == 0
 	if needsAuthStyleProbe {
-		if style, ok := lookupAuthStyle(tokenURL); ok {
+		if style, ok := styleCache.lookupAuthStyle(tokenURL); ok {
 			authStyle = style
 			needsAuthStyleProbe = false
 		} else {
@@ -222,7 +242,7 @@ func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string,
 		token, err = doTokenRoundTrip(ctx, req)
 	}
 	if needsAuthStyleProbe && err == nil {
-		setAuthStyle(tokenURL, authStyle)
+		styleCache.setAuthStyle(tokenURL, authStyle)
 	}
 	// Don't overwrite `RefreshToken` with an empty value
 	// if this was a token refreshing request.
diff --git a/vendor/golang.org/x/oauth2/oauth2.go b/vendor/golang.org/x/oauth2/oauth2.go
index 9085fabe3..90a2c3d6d 100644
--- a/vendor/golang.org/x/oauth2/oauth2.go
+++ b/vendor/golang.org/x/oauth2/oauth2.go
@@ -58,6 +58,10 @@ type Config struct {
 
 	// Scope specifies optional requested permissions.
 	Scopes []string
+
+	// authStyleCache caches which auth style to use when Endpoint.AuthStyle is
+	// the zero value (AuthStyleAutoDetect).
+	authStyleCache internal.LazyAuthStyleCache
 }
 
 // A TokenSource is anything that can return a token.
@@ -71,8 +75,9 @@ type TokenSource interface {
 // Endpoint represents an OAuth 2.0 provider's authorization and token
 // endpoint URLs.
 type Endpoint struct {
-	AuthURL  string
-	TokenURL string
+	AuthURL       string
+	DeviceAuthURL string
+	TokenURL      string
 
 	// AuthStyle optionally specifies how the endpoint wants the
 	// client ID & client secret sent. The zero value means to
@@ -139,15 +144,19 @@ func SetAuthURLParam(key, value string) AuthCodeOption {
 // AuthCodeURL returns a URL to OAuth 2.0 provider's consent page
 // that asks for permissions for the required scopes explicitly.
 //
-// State is a token to protect the user from CSRF attacks. You must
-// always provide a non-empty string and validate that it matches the
-// state query parameter on your redirect callback.
-// See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.
+// State is an opaque value used by the client to maintain state between the
+// request and callback. The authorization server includes this value when
+// redirecting the user agent back to the client.
 //
 // Opts may include AccessTypeOnline or AccessTypeOffline, as well
 // as ApprovalForce.
-// It can also be used to pass the PKCE challenge.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+//
+// To protect against CSRF attacks, opts should include a PKCE challenge
+// (S256ChallengeOption). Not all servers support PKCE. An alternative is to
+// generate a random state parameter and verify it after exchange.
+// See https://datatracker.ietf.org/doc/html/rfc6749#section-10.12 (predating
+// PKCE), https://www.oauth.com/oauth2-servers/pkce/ and
+// https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-09.html#name-cross-site-request-forgery (describing both approaches)
 func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 	var buf bytes.Buffer
 	buf.WriteString(c.Endpoint.AuthURL)
@@ -162,7 +171,6 @@ func (c *Config) AuthCodeURL(state string, opts ...AuthCodeOption) string {
 		v.Set("scope", strings.Join(c.Scopes, " "))
 	}
 	if state != "" {
-		// TODO(light): Docs say never to omit state; don't allow empty.
 		v.Set("state", state)
 	}
 	for _, opt := range opts {
@@ -207,10 +215,11 @@ func (c *Config) PasswordCredentialsToken(ctx context.Context, username, passwor
 // The provided context optionally controls which HTTP client is used. See the HTTPClient variable.
 //
 // The code will be in the *http.Request.FormValue("code"). Before
-// calling Exchange, be sure to validate FormValue("state").
+// calling Exchange, be sure to validate FormValue("state") if you are
+// using it to protect against CSRF attacks.
 //
-// Opts may include the PKCE verifier code if previously used in AuthCodeURL.
-// See https://www.oauth.com/oauth2-servers/pkce/ for more info.
+// If using PKCE to protect against CSRF attacks, opts should include a
+// VerifierOption.
 func (c *Config) Exchange(ctx context.Context, code string, opts ...AuthCodeOption) (*Token, error) {
 	v := url.Values{
 		"grant_type": {"authorization_code"},
diff --git a/vendor/golang.org/x/oauth2/pkce.go b/vendor/golang.org/x/oauth2/pkce.go
new file mode 100644
index 000000000..50593b6df
--- /dev/null
+++ b/vendor/golang.org/x/oauth2/pkce.go
@@ -0,0 +1,68 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+package oauth2
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/base64"
+	"net/url"
+)
+
+const (
+	codeChallengeKey       = "code_challenge"
+	codeChallengeMethodKey = "code_challenge_method"
+	codeVerifierKey        = "code_verifier"
+)
+
+// GenerateVerifier generates a PKCE code verifier with 32 octets of randomness.
+// This follows recommendations in RFC 7636.
+//
+// A fresh verifier should be generated for each authorization.
+// S256ChallengeOption(verifier) should then be passed to Config.AuthCodeURL
+// (or Config.DeviceAccess) and VerifierOption(verifier) to Config.Exchange
+// (or Config.DeviceAccessToken).
+func GenerateVerifier() string {
+	// "RECOMMENDED that the output of a suitable random number generator be
+	// used to create a 32-octet sequence.  The octet sequence is then
+	// base64url-encoded to produce a 43-octet URL-safe string to use as the
+	// code verifier."
+	// https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+	data := make([]byte, 32)
+	if _, err := rand.Read(data); err != nil {
+		panic(err)
+	}
+	return base64.RawURLEncoding.EncodeToString(data)
+}
+
+// VerifierOption returns a PKCE code verifier AuthCodeOption. It should be
+// passed to Config.Exchange or Config.DeviceAccessToken only.
+func VerifierOption(verifier string) AuthCodeOption {
+	return setParam{k: codeVerifierKey, v: verifier}
+}
+
+// S256ChallengeFromVerifier returns a PKCE code challenge derived from verifier with method S256.
+//
+// Prefer to use S256ChallengeOption where possible.
+func S256ChallengeFromVerifier(verifier string) string {
+	sha := sha256.Sum256([]byte(verifier))
+	return base64.RawURLEncoding.EncodeToString(sha[:])
+}
+
+// S256ChallengeOption derives a PKCE code challenge derived from verifier with
+// method S256. It should be passed to Config.AuthCodeURL or Config.DeviceAccess
+// only.
+func S256ChallengeOption(verifier string) AuthCodeOption {
+	return challengeOption{
+		challenge_method: "S256",
+		challenge:        S256ChallengeFromVerifier(verifier),
+	}
+}
+
+type challengeOption struct{ challenge_method, challenge string }
+
+func (p challengeOption) setValue(m url.Values) {
+	m.Set(codeChallengeMethodKey, p.challenge_method)
+	m.Set(codeChallengeKey, p.challenge)
+}
diff --git a/vendor/golang.org/x/oauth2/token.go b/vendor/golang.org/x/oauth2/token.go
index 5ffce9764..5bbb33217 100644
--- a/vendor/golang.org/x/oauth2/token.go
+++ b/vendor/golang.org/x/oauth2/token.go
@@ -164,7 +164,7 @@ func tokenFromInternal(t *internal.Token) *Token {
 // This token is then mapped from *internal.Token into an *oauth2.Token which is returned along
 // with an error..
 func retrieveToken(ctx context.Context, c *Config, v url.Values) (*Token, error) {
-	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle))
+	tk, err := internal.RetrieveToken(ctx, c.ClientID, c.ClientSecret, c.Endpoint.TokenURL, v, internal.AuthStyle(c.Endpoint.AuthStyle), c.authStyleCache.Get())
 	if err != nil {
 		if rErr, ok := err.(*internal.RetrieveError); ok {
 			return nil, (*RetrieveError)(rErr)
diff --git a/vendor/golang.org/x/sync/errgroup/go120.go b/vendor/golang.org/x/sync/errgroup/go120.go
index 7d419d376..f93c740b6 100644
--- a/vendor/golang.org/x/sync/errgroup/go120.go
+++ b/vendor/golang.org/x/sync/errgroup/go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.20
-// +build go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sync/errgroup/pre_go120.go b/vendor/golang.org/x/sync/errgroup/pre_go120.go
index 1795c18ac..88ce33434 100644
--- a/vendor/golang.org/x/sync/errgroup/pre_go120.go
+++ b/vendor/golang.org/x/sync/errgroup/pre_go120.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.20
-// +build !go1.20
 
 package errgroup
 
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
index 8aaeef545..9bf0c32eb 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_aix.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
index c61f95a05..fcb9a3888 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_arm64.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
index ccf542a73..a8acd3e32 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
index 0af2f2484..c8ae6ddc1 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
index fa7cdb9bc..910728fb1 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
index 2aff31891..7f1946780 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
index 4bfbda619..9526d2ce3 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
index 6cc73109f..3f73a05dc 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 #include <cpuid.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
index 863d415ab..99c60fe9f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gccgo
-// +build 386 amd64 amd64p32
-// +build gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
index 159a686f6..743eb5435 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !386 && !amd64 && !amd64p32 && !arm64
-// +build !386,!amd64,!amd64p32,!arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
index 6000db4cd..4686c1d54 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
index f4992b1a5..cd63e7335 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x
-// +build linux,!arm,!arm64,!mips64,!mips64le,!ppc64,!ppc64le,!s390x
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
index 021356d6d..197188e67 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
index 0f57b05bd..558635850 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_loong64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64
-// +build loong64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
index f4063c664..fedb00cc4 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips64 || mips64le
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
index 07c4e36d8..ffb4ec7eb 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build mips || mipsle
-// +build mips mipsle
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
index d7b4fb4cc..e9ecf2a45 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && arm
-// +build !linux,arm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
index f3cde129b..5341e7f88 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && !netbsd && !openbsd && arm64
-// +build !linux,!netbsd,!openbsd,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
index 0dafe9644..5f8f2419a 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && (mips64 || mips64le)
-// +build !linux
-// +build mips64 mips64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
index 060d46b6e..89608fba2 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !linux && (ppc64 || ppc64le)
-// +build !aix
-// +build !linux
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
index dd10eb79f..5ab87808f 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !linux && riscv64
-// +build !linux,riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
index 4e8acd165..c14f12b14 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 || ppc64le
-// +build ppc64 ppc64le
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
index ff7da60eb..7f0c79c00 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64
-// +build riscv64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
index 96f81e209..1fb4b7013 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_s390x.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
index 7747d888a..384787ea3 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_wasm.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build wasm
-// +build wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 2dcde8285..c29f5e4c5 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32
-// +build 386 amd64 amd64p32
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.s b/vendor/golang.org/x/sys/cpu/cpu_x86.s
index 39acab2ff..7d7ba33ef 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.s
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (386 || amd64 || amd64p32) && gc
-// +build 386 amd64 amd64p32
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
index 93ce03a34..7fe04b0a1 100644
--- a/vendor/golang.org/x/sys/cpu/endian_big.go
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
index 55db853ef..48eccc4c7 100644
--- a/vendor/golang.org/x/sys/cpu/endian_little.go
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh wasm
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
index d87bd6b3e..4cd64c704 100644
--- a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
index b975ea2a0..4c9788ea8 100644
--- a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.21
-// +build go1.21
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
index 96134157a..1b9ccb091 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -9,7 +9,6 @@
 // gccgo's libgo and thus must not used a CGo method.
 
 //go:build aix && gccgo
-// +build aix,gccgo
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
index 904be42ff..e8b6cdbe9 100644
--- a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -7,7 +7,6 @@
 // (See golang.org/issue/32102)
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package cpu
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go118.go b/vendor/golang.org/x/sys/execabs/execabs_go118.go
index 2000064a8..5627d70e3 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go118.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go118.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.19
-// +build !go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go
index f364b3418..d60ab1b41 100644
--- a/vendor/golang.org/x/sys/execabs/execabs_go119.go
+++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.19
-// +build go1.19
 
 package execabs
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
index c9b69937a..73687de74 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.5
-// +build go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
index 98bf56b73..fb9458218 100644
--- a/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+++ b/vendor/golang.org/x/sys/plan9/pwd_plan9.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.5
-// +build !go1.5
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race.go b/vendor/golang.org/x/sys/plan9/race.go
index 62377d2ff..c02d9ed33 100644
--- a/vendor/golang.org/x/sys/plan9/race.go
+++ b/vendor/golang.org/x/sys/plan9/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && race
-// +build plan9,race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/race0.go b/vendor/golang.org/x/sys/plan9/race0.go
index f8da30876..7b15e15f6 100644
--- a/vendor/golang.org/x/sys/plan9/race0.go
+++ b/vendor/golang.org/x/sys/plan9/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9 && !race
-// +build plan9,!race
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/str.go b/vendor/golang.org/x/sys/plan9/str.go
index 55fa8d025..ba3e8ff8a 100644
--- a/vendor/golang.org/x/sys/plan9/str.go
+++ b/vendor/golang.org/x/sys/plan9/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/syscall.go b/vendor/golang.org/x/sys/plan9/syscall.go
index 67e5b0115..d631fd664 100644
--- a/vendor/golang.org/x/sys/plan9/syscall.go
+++ b/vendor/golang.org/x/sys/plan9/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build plan9
-// +build plan9
 
 // Package plan9 contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
index 3f40b9bd7..f780d5c80 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && 386
-// +build plan9,386
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
index 0e6a96aa4..7de61065f 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && amd64
-// +build plan9,amd64
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
index 244c501b7..ea85780f0 100644
--- a/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+++ b/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build plan9 && arm
-// +build plan9,arm
 
 package plan9
 
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index abc89c104..e7d3df4bd 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-// +build go1.9
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
index db9171c2e..269e173ca 100644
--- a/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
index e0fcd9b3d..a4fcef0e0 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_386.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
index 2b99c349a..1e63615c5 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
-// +build darwin dragonfly freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
index d702d4adc..6496c3100 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (freebsd || netbsd || openbsd) && gc
-// +build freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
index fe36a7391..4fd1f54da 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
index e5b9a8489..42f7eb9e4 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
index d560019ea..f8902667e 100644
--- a/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || freebsd || netbsd || openbsd) && gc
-// +build darwin freebsd netbsd openbsd
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_386.s b/vendor/golang.org/x/sys/unix/asm_linux_386.s
index 8fd101d07..3b4734870 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_386.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_386.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
index 7ed38e43c..67e29f317 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
index 8ef1d5140..d6ae269ce 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
index 98ae02760..01e5e253c 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && arm64 && gc
-// +build linux
-// +build arm64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
index 565357288..2abf12f6e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && loong64 && gc
-// +build linux
-// +build loong64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
index 21231d2ce..f84bae712 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le) && gc
-// +build linux
-// +build mips64 mips64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
index 6783b26c6..f08f62807 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle) && gc
-// +build linux
-// +build mips mipsle
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
index 19d498934..bdfc024d2 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le) && gc
-// +build linux
-// +build ppc64 ppc64le
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
index e42eb81d5..2e8c99612 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && gc
-// +build riscv64
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
index c46aab339..2c394b11e 100644
--- a/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && s390x && gc
-// +build linux
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
index 5e7a1169c..fab586a2c 100644
--- a/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
index f8c5394c1..f949ec547 100644
--- a/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+++ b/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gc
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 3b54e1858..2f67ba86d 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x && gc
-// +build zos
-// +build s390x
-// +build gc
 
 #include "textflag.h"
 
diff --git a/vendor/golang.org/x/sys/unix/cap_freebsd.go b/vendor/golang.org/x/sys/unix/cap_freebsd.go
index 0b7c6adb8..a08657890 100644
--- a/vendor/golang.org/x/sys/unix/cap_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/cap_freebsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd
-// +build freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/constants.go b/vendor/golang.org/x/sys/unix/constants.go
index 394a3965b..6fb7cb77d 100644
--- a/vendor/golang.org/x/sys/unix/constants.go
+++ b/vendor/golang.org/x/sys/unix/constants.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
index 65a998508..d78513461 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
index 8fc08ad0a..623a5e697 100644
--- a/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used AIX.
diff --git a/vendor/golang.org/x/sys/unix/dev_zos.go b/vendor/golang.org/x/sys/unix/dev_zos.go
index a388e59a0..bb6a64fe9 100644
--- a/vendor/golang.org/x/sys/unix/dev_zos.go
+++ b/vendor/golang.org/x/sys/unix/dev_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Functions to access/create device major and minor numbers matching the
 // encoding used by z/OS.
diff --git a/vendor/golang.org/x/sys/unix/dirent.go b/vendor/golang.org/x/sys/unix/dirent.go
index 2499f977b..1ebf11782 100644
--- a/vendor/golang.org/x/sys/unix/dirent.go
+++ b/vendor/golang.org/x/sys/unix/dirent.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_big.go b/vendor/golang.org/x/sys/unix/endian_big.go
index a52026557..1095fd31d 100644
--- a/vendor/golang.org/x/sys/unix/endian_big.go
+++ b/vendor/golang.org/x/sys/unix/endian_big.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/endian_little.go b/vendor/golang.org/x/sys/unix/endian_little.go
index b0f2bc4ae..b9f0e277b 100644
--- a/vendor/golang.org/x/sys/unix/endian_little.go
+++ b/vendor/golang.org/x/sys/unix/endian_little.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 //
 //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/env_unix.go b/vendor/golang.org/x/sys/unix/env_unix.go
index 29ccc4d13..a96da71f4 100644
--- a/vendor/golang.org/x/sys/unix/env_unix.go
+++ b/vendor/golang.org/x/sys/unix/env_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Unix environment variables.
 
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
index cedaf7e02..7753fddea 100644
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ b/vendor/golang.org/x/sys/unix/epoll_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go
index e9b991258..6200876fb 100644
--- a/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/vendor/golang.org/x/sys/unix/fcntl.go
@@ -2,8 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build dragonfly || freebsd || linux || netbsd || openbsd
-// +build dragonfly freebsd linux netbsd openbsd
+//go:build dragonfly || freebsd || linux || netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
index 29d44808b..13b4acd5c 100644
--- a/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+++ b/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fdset.go b/vendor/golang.org/x/sys/unix/fdset.go
index a8068f94f..9e83d18cd 100644
--- a/vendor/golang.org/x/sys/unix/fdset.go
+++ b/vendor/golang.org/x/sys/unix/fdset.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
index e377cc9f4..c8bde601e 100644
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo.go b/vendor/golang.org/x/sys/unix/gccgo.go
index b06f52d74..aca5721dd 100644
--- a/vendor/golang.org/x/sys/unix/gccgo.go
+++ b/vendor/golang.org/x/sys/unix/gccgo.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c
index f98a1c542..d468b7b47 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_c.c
+++ b/vendor/golang.org/x/sys/unix/gccgo_c.c
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && !aix && !hurd
-// +build gccgo,!aix,!hurd
 
 #include <errno.h>
 #include <stdint.h>
diff --git a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
index e60e49a3d..972d61bd7 100644
--- a/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build gccgo && linux && amd64
-// +build gccgo,linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ifreq_linux.go b/vendor/golang.org/x/sys/unix/ifreq_linux.go
index 15721a510..848840ae4 100644
--- a/vendor/golang.org/x/sys/unix/ifreq_linux.go
+++ b/vendor/golang.org/x/sys/unix/ifreq_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
index 0d12c0851..dbe680eab 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -231,3 +231,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
 func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
 	return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
 }
+
+// IoctlLoopConfigure configures all loop device parameters in a single step
+func IoctlLoopConfigure(fd int, value *LoopConfig) error {
+	return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value))
+}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_signed.go b/vendor/golang.org/x/sys/unix/ioctl_signed.go
index 7def9580e..5b0759bd8 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_signed.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_signed.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || solaris
-// +build aix solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
index 649913d1e..20f470b9d 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ioctl_zos.go b/vendor/golang.org/x/sys/unix/ioctl_zos.go
index cdc21bf76..c8b2a750f 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_zos.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_zos.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index 47fa6a7eb..6202638ba 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -519,6 +519,7 @@ ccflags="$@"
 		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
 		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
 		$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
+		$2 == "LOOP_CONFIGURE" ||
 		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
 		$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
 		$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
@@ -560,7 +561,7 @@ ccflags="$@"
 		$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
 		$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
 		$2 ~ /^CLONE_[A-Z_]+/ ||
-		$2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ &&
+		$2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ &&
 		$2 ~ /^(BPF|DLT)_/ ||
 		$2 ~ /^AUDIT_/ ||
 		$2 ~ /^(CLOCK|TIMER)_/ ||
@@ -663,7 +664,6 @@ echo '// mkerrors.sh' "$@"
 echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
 echo
 echo "//go:build ${GOARCH} && ${GOOS}"
-echo "// +build ${GOARCH},${GOOS}"
 echo
 go tool cgo -godefs -- "$@" _const.go >_error.out
 cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index ca0513632..4b68e5978 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fa93d0aa9..fd45fe529 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux || netbsd
-// +build linux netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 53f1b4c5b..4d0a3430e 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 // For Unix, get the pagesize from the runtime.
 
diff --git a/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
index eb48294b2..6a09af53e 100644
--- a/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/pledge_openbsd.go
@@ -8,54 +8,31 @@ import (
 	"errors"
 	"fmt"
 	"strconv"
-	"syscall"
-	"unsafe"
 )
 
 // Pledge implements the pledge syscall.
 //
-// The pledge syscall does not accept execpromises on OpenBSD releases
-// before 6.3.
-//
-// execpromises must be empty when Pledge is called on OpenBSD
-// releases predating 6.3, otherwise an error will be returned.
+// This changes both the promises and execpromises; use PledgePromises or
+// PledgeExecpromises to only change the promises or execpromises
+// respectively.
 //
 // For more information see pledge(2).
 func Pledge(promises, execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	pptr, err := syscall.BytePtrFromString(promises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable will hold either a nil unsafe.Pointer or
-	// an unsafe.Pointer to a string (execpromises).
-	var expr unsafe.Pointer
-
-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
-	if maj > 6 || (maj == 6 && min > 2) {
-		exptr, err := syscall.BytePtrFromString(execpromises)
-		if err != nil {
-			return err
-		}
-		expr = unsafe.Pointer(exptr)
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, exptr)
 }
 
 // PledgePromises implements the pledge syscall.
@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
 //
 // For more information see pledge(2).
 func PledgePromises(promises string) error {
-	maj, min, err := majmin()
-	if err != nil {
-		return err
-	}
-
-	err = pledgeAvailable(maj, min, "")
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	// This variable holds the execpromises and is always nil.
-	var expr unsafe.Pointer
-
-	pptr, err := syscall.BytePtrFromString(promises)
+	pptr, err := BytePtrFromString(promises)
 	if err != nil {
 		return err
 	}
 
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(pptr, nil)
 }
 
 // PledgeExecpromises implements the pledge syscall.
@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
 //
 // For more information see pledge(2).
 func PledgeExecpromises(execpromises string) error {
-	maj, min, err := majmin()
-	if err != nil {
+	if err := pledgeAvailable(); err != nil {
 		return err
 	}
 
-	err = pledgeAvailable(maj, min, execpromises)
+	exptr, err := BytePtrFromString(execpromises)
 	if err != nil {
 		return err
 	}
 
-	// This variable holds the promises and is always nil.
-	var pptr unsafe.Pointer
-
-	exptr, err := syscall.BytePtrFromString(execpromises)
-	if err != nil {
-		return err
-	}
-
-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
-	if e != 0 {
-		return e
-	}
-
-	return nil
+	return pledge(nil, exptr)
 }
 
 // majmin returns major and minor version number for an OpenBSD system.
@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
 
 // pledgeAvailable checks for availability of the pledge(2) syscall
 // based on the running OpenBSD version.
-func pledgeAvailable(maj, min int, execpromises string) error {
-	// If OpenBSD <= 5.9, pledge is not available.
-	if (maj == 5 && min != 9) || maj < 5 {
-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
+func pledgeAvailable() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
 	}
 
-	// If OpenBSD <= 6.2 and execpromises is not empty,
-	// return an error - execpromises is not available before 6.3
-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
+	// Require OpenBSD 6.4 as a minimum.
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
 	}
 
 	return nil
diff --git a/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
index 463c3eff7..3f0975f3d 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_darwin.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ptrace_ios.go b/vendor/golang.org/x/sys/unix/ptrace_ios.go
index ed0509a01..a4d35db5d 100644
--- a/vendor/golang.org/x/sys/unix/ptrace_ios.go
+++ b/vendor/golang.org/x/sys/unix/ptrace_ios.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ios
-// +build ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race.go b/vendor/golang.org/x/sys/unix/race.go
index 6f6c5fec5..714d2aae7 100644
--- a/vendor/golang.org/x/sys/unix/race.go
+++ b/vendor/golang.org/x/sys/unix/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && race) || (linux && race) || (freebsd && race)
-// +build darwin,race linux,race freebsd,race
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/race0.go b/vendor/golang.org/x/sys/unix/race0.go
index 706e1322a..4a9f6634c 100644
--- a/vendor/golang.org/x/sys/unix/race0.go
+++ b/vendor/golang.org/x/sys/unix/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
index 4d6257569..dbd2b6ccb 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdents.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
-// +build aix dragonfly freebsd linux netbsd openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 2a4ba47c4..130398b6b 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin
-// +build darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
index 3865943f6..c3a62dbb1 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Socket control messages
 
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
index 0840fe4a5..4a1eab37e 100644
--- a/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall.go b/vendor/golang.org/x/sys/unix/syscall.go
index 63e8c8383..5ea74da98 100644
--- a/vendor/golang.org/x/sys/unix/syscall.go
+++ b/vendor/golang.org/x/sys/unix/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 // Package unix contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index e94e6cdac..67ce6cef2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix
-// +build aix
 
 // Aix system calls.
 // This file is compiled as ordinary Go code,
@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
index f2871fa95..1fdaa4760 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
index 75718ec0f..c87f9a9f4 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 4217de518..a00c3e545 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 // BSD system call wrappers shared by *BSD based systems
 // including OS X (Darwin) and FreeBSD.  Like the other
@@ -317,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return string(buf[:vallen-1]), nil
+	return ByteSliceToString(buf[:vallen]), nil
 }
 
 //sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
index b37310ce9..0eaecf5fc 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
index d51ec9963..f36c6707c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 53c96641f..16dc69937 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && go1.12
-// +build darwin,go1.12
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
index 4e2d32120..14bab6b2d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
index b8da51004..3967bca77 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
index 47155c483..eff19ada2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
index 08932093f..4f24b517a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
index d151a0d0e..ac30759ec 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
index d5cd64b37..aab725ca7 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index 381fd4673..ba46651f8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build hurd
-// +build hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
index 7cf54a3e4..df89f9e6b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && hurd
-// +build 386,hurd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_illumos.go b/vendor/golang.org/x/sys/unix/syscall_illumos.go
index 87db5a6a8..a863f7052 100644
--- a/vendor/golang.org/x/sys/unix/syscall_illumos.go
+++ b/vendor/golang.org/x/sys/unix/syscall_illumos.go
@@ -5,7 +5,6 @@
 // illumos system calls not present on Solaris.
 
 //go:build amd64 && illumos
-// +build amd64,illumos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index fb4e50224..0f85e29e6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (
 }
 
 //sys	fchmodat(dirfd int, path string, mode uint32) (err error)
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	// Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior
-	// and check the flags. Otherwise the mode would be applied to the symlink
-	// destination which is not what the user expects.
-	if flags&^AT_SYMLINK_NOFOLLOW != 0 {
-		return EINVAL
-	} else if flags&AT_SYMLINK_NOFOLLOW != 0 {
-		return EOPNOTSUPP
+//sys	fchmodat2(dirfd int, path string, mode uint32, flags int) (err error)
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
+	// Linux fchmodat doesn't support the flags parameter, but fchmodat2 does.
+	// Try fchmodat2 if flags are specified.
+	if flags != 0 {
+		err := fchmodat2(dirfd, path, mode, flags)
+		if err == ENOSYS {
+			// fchmodat2 isn't available. If the flags are known to be valid,
+			// return EOPNOTSUPP to indicate that fchmodat doesn't support them.
+			if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
+				return EINVAL
+			} else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
+				return EOPNOTSUPP
+			}
+		}
+		return err
 	}
 	return fchmodat(dirfd, path, mode)
 }
@@ -417,7 +425,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -1301,7 +1310,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 			return "", err
 		}
 	}
-	return string(buf[:vallen-1]), nil
+	return ByteSliceToString(buf[:vallen]), nil
 }
 
 func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
@@ -2482,3 +2491,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
 	}
 	return attr, nil
 }
+
+//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
index c7d9945ea..506dafa7b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
index 08086ac6a..38d55641b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
-// +build linux
-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
index 70601ce36..d557cf8de 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
index 8b0f0f3aa..facdb83b2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && linux && gc
-// +build amd64,linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
index da2986415..cd2dd797f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index f5266689a..cf2ee6c75 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
index 2b1168d7d..ffc4c2b63 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc
-// +build linux,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
index 9843fb489..9ebfdcf44 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gc && 386
-// +build linux,gc,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
index a6008fccd..5f2b57c4c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && gc && linux
-// +build arm,gc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
index 7740af242..d1a3ad826 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && 386
-// +build linux,gccgo,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
index e16a12299..f2f67423e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && gccgo && arm
-// +build linux,gccgo,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index f6ab02ec1..3d0e98451 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
index 93fe59d25..70963a95a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips64 || mips64le)
-// +build linux
-// +build mips64 mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
index aae7f0ffd..c218ebd28 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (mips || mipsle)
-// +build linux
-// +build mips mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
index 66eff19a3..e6c48500c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
index 806aa2574..7286a9aa8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64 || ppc64le)
-// +build linux
-// +build ppc64 ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 5e6ceee12..6f5a28894 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
index 2f89e8f5d..66f31210d 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
index 7ca064ae7..11d1f1698 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
index 5199d282f..7a5eb5743 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
index 70a9c52e9..62d8957ae 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
index 3eb5942f9..ce6a06885 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
index fc6ccfd81..d46d689d1 100644
--- a/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index 6f34479b5..b25343c71 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
 }
 
 func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
-	var _p0 unsafe.Pointer
+	var bufptr *Statfs_t
 	var bufsize uintptr
 	if len(buf) > 0 {
-		_p0 = unsafe.Pointer(&buf[0])
+		bufptr = &buf[0]
 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
 	}
-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
-	n = int(r0)
-	if e1 != 0 {
-		err = e1
-	}
-	return
+	return getfsstat(bufptr, bufsize, flags)
 }
 
 //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
@@ -171,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) {
 
 //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
 
+//sys	fcntl(fd int, cmd int, arg int) (n int, err error)
+//sys	fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+	return fcntl(int(fd), cmd, arg)
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+	_, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk))
+	return err
+}
+
 //sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
 
 func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
@@ -326,4 +335,7 @@ func Uname(uname *Utsname) error {
 //sys	write(fd int, p []byte) (n int, err error)
 //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
 //sys	munmap(addr uintptr, length uintptr) (err error)
+//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
 //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
+//sys	pledge(promises *byte, execpromises *byte) (err error)
+//sys	unveil(path *byte, flags *byte) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
index 6baabcdcb..9ddc89f4f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
index bab25360e..70a3c96ee 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
index 8eed3c4d4..265caa87f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
index 483dde99d..ac4fda171 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
index 04aa43f41..0a451e6dd 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build openbsd
-// +build openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
index c2796139c..30a308cbb 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
index 23199a7ff..ea954330f 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index b99cfa134..21974af06 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
 	if n > 0 {
 		sl += _Socklen(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
@@ -157,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return string(buf[:vallen-1]), nil
+	return ByteSliceToString(buf[:vallen]), nil
 }
 
 const ImplementsGetwd = true
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
index 0bd25ef81..e02d8ceae 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index f6eda2705..77081de8c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
index b6919ca58..05c95bccf 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
@@ -3,8 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
index f6f707acf..23f39b7af 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
@@ -3,9 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux && (ppc64le || ppc64) && gc
-// +build linux
-// +build ppc64le ppc64
-// +build gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index 4596d041c..b473038c6 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
@@ -1105,7 +1104,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
 		return "", err
 	}
 
-	return string(buf[:vallen-1]), nil
+	return ByteSliceToString(buf[:vallen]), nil
 }
 
 func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
index 2c3a4437f..4fcd38de2 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_linux.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build linux
-// +build linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 5bb41d17b..79a84f18b 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build (darwin && !ios) || linux
-// +build darwin,!ios linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 71bddefdb..9eb0db664 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin && !ios
-// +build darwin,!ios
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go
index 616b1b284..7997b1902 100644
--- a/vendor/golang.org/x/sys/unix/timestruct.go
+++ b/vendor/golang.org/x/sys/unix/timestruct.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
index 168d5ae77..cb7e598ce 100644
--- a/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/unveil_openbsd.go
@@ -4,39 +4,48 @@
 
 package unix
 
-import (
-	"syscall"
-	"unsafe"
-)
+import "fmt"
 
 // Unveil implements the unveil syscall.
 // For more information see unveil(2).
 // Note that the special case of blocking further
 // unveil calls is handled by UnveilBlock.
 func Unveil(path string, flags string) error {
-	pathPtr, err := syscall.BytePtrFromString(path)
-	if err != nil {
+	if err := supportsUnveil(); err != nil {
 		return err
 	}
-	flagsPtr, err := syscall.BytePtrFromString(flags)
+	pathPtr, err := BytePtrFromString(path)
 	if err != nil {
 		return err
 	}
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
-	if e != 0 {
-		return e
+	flagsPtr, err := BytePtrFromString(flags)
+	if err != nil {
+		return err
 	}
-	return nil
+	return unveil(pathPtr, flagsPtr)
 }
 
 // UnveilBlock blocks future unveil calls.
 // For more information see unveil(2).
 func UnveilBlock() error {
-	// Both pointers must be nil.
-	var pathUnsafe, flagsUnsafe unsafe.Pointer
-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
-	if e != 0 {
-		return e
+	if err := supportsUnveil(); err != nil {
+		return err
 	}
+	return unveil(nil, nil)
+}
+
+// supportsUnveil checks for availability of the unveil(2) system call based
+// on the running OpenBSD version.
+func supportsUnveil() error {
+	maj, min, err := majmin()
+	if err != nil {
+		return err
+	}
+
+	// unveil is not available before 6.4
+	if maj < 6 || (maj == 6 && min <= 3) {
+		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
+	}
+
 	return nil
 }
diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go
index f5f8e9f36..e16879396 100644
--- a/vendor/golang.org/x/sys/unix/xattr_bsd.go
+++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build freebsd || netbsd
-// +build freebsd netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
index ca9799b79..2fb219d78 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 // Created by cgo -godefs - DO NOT EDIT
 // cgo -godefs -- -maix32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
index 200c8c26f..b0e6f5c85 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -maix64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index 143007627..e40fa8524 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index ab044a742..bb02aa6c0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
index 17bba0e44..c0e0f8694 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
index f8c2c5138..6c6923906 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
index 96310c3be..dd9163f8e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
index 777b69def..493a2a793 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
index c557ac2db..8b437b307 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
index 341b4d962..67c02dd57 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index f9c7f479b..c73cfe2f1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -481,10 +480,13 @@ const (
 	BPF_FROM_BE                                 = 0x8
 	BPF_FROM_LE                                 = 0x0
 	BPF_FS_MAGIC                                = 0xcafe4a11
+	BPF_F_AFTER                                 = 0x10
 	BPF_F_ALLOW_MULTI                           = 0x2
 	BPF_F_ALLOW_OVERRIDE                        = 0x1
 	BPF_F_ANY_ALIGNMENT                         = 0x2
-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
+	BPF_F_BEFORE                                = 0x8
+	BPF_F_ID                                    = 0x20
+	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
 	BPF_F_QUERY_EFFECTIVE                       = 0x1
 	BPF_F_REPLACE                               = 0x4
 	BPF_F_SLEEPABLE                             = 0x10
@@ -521,6 +523,7 @@ const (
 	BPF_MAJOR_VERSION                           = 0x1
 	BPF_MAXINSNS                                = 0x1000
 	BPF_MEM                                     = 0x60
+	BPF_MEMSX                                   = 0x80
 	BPF_MEMWORDS                                = 0x10
 	BPF_MINOR_VERSION                           = 0x1
 	BPF_MISC                                    = 0x7
@@ -776,6 +779,8 @@ const (
 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
 	DEVLINK_GENL_NAME                           = "devlink"
 	DEVLINK_GENL_VERSION                        = 0x1
+	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
+	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
@@ -1698,6 +1703,7 @@ const (
 	KEXEC_ON_CRASH                              = 0x1
 	KEXEC_PRESERVE_CONTEXT                      = 0x2
 	KEXEC_SEGMENT_MAX                           = 0x10
+	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
 	KEYCTL_CAPABILITIES                         = 0x1f
 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
@@ -1795,6 +1801,7 @@ const (
 	LOCK_SH                                     = 0x1
 	LOCK_UN                                     = 0x8
 	LOOP_CLR_FD                                 = 0x4c01
+	LOOP_CONFIGURE                              = 0x4c0a
 	LOOP_CTL_ADD                                = 0x4c80
 	LOOP_CTL_GET_FREE                           = 0x4c82
 	LOOP_CTL_REMOVE                             = 0x4c81
@@ -2275,6 +2282,7 @@ const (
 	PERF_MEM_LVLNUM_PMEM                        = 0xe
 	PERF_MEM_LVLNUM_RAM                         = 0xd
 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
+	PERF_MEM_LVLNUM_UNC                         = 0x8
 	PERF_MEM_LVL_HIT                            = 0x2
 	PERF_MEM_LVL_IO                             = 0x1000
 	PERF_MEM_LVL_L1                             = 0x8
@@ -3461,6 +3469,7 @@ const (
 	XDP_PACKET_HEADROOM                         = 0x100
 	XDP_PGOFF_RX_RING                           = 0x0
 	XDP_PGOFF_TX_RING                           = 0x80000000
+	XDP_PKT_CONTD                               = 0x1
 	XDP_RING_NEED_WAKEUP                        = 0x1
 	XDP_RX_RING                                 = 0x2
 	XDP_SHARED_UMEM                             = 0x1
@@ -3473,6 +3482,7 @@ const (
 	XDP_UMEM_REG                                = 0x4
 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
 	XDP_USE_NEED_WAKEUP                         = 0x8
+	XDP_USE_SG                                  = 0x10
 	XDP_ZEROCOPY                                = 0x4
 	XENFS_SUPER_MAGIC                           = 0xabba1974
 	XFS_SUPER_MAGIC                             = 0x58465342
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 30aee00a5..4920821cf 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index 8ebfa5127..a0c1e4112 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 271a21cdc..c63985560 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 910c330a3..47cc62e25 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index a640798c9..27ac4a09e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
@@ -119,6 +118,7 @@ const (
 	IXOFF                            = 0x1000
 	IXON                             = 0x400
 	LASX_CTX_MAGIC                   = 0x41535801
+	LBT_CTX_MAGIC                    = 0x42540001
 	LSX_CTX_MAGIC                    = 0x53580001
 	MAP_ANON                         = 0x20
 	MAP_ANONYMOUS                    = 0x20
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 0d5925d34..54694642a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index d72a00e0b..3adb81d75 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 02ba129f8..2dfe98f0d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 8daa6dd96..f5398f84f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 63c8fa2f7..c54f152d6 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 930799ec1..76057dc72 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index 8605a7dd7..e0c3725e2 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 95a016f1c..18f2813ed 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
@@ -228,6 +227,9 @@ const (
 	PPPIOCUNBRIDGECHAN               = 0x7434
 	PPPIOCXFERUNIT                   = 0x744e
 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
+	PTRACE_GETFDPIC                  = 0x21
+	PTRACE_GETFDPIC_EXEC             = 0x0
+	PTRACE_GETFDPIC_INTERP           = 0x1
 	RLIMIT_AS                        = 0x9
 	RLIMIT_MEMLOCK                   = 0x8
 	RLIMIT_NOFILE                    = 0x7
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 1ae0108f5..11619d4ec 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 1bb7c6333..396d994da 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
index 72f7420d2..130085df4 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
index 8d4eb0c08..84769a1a3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
index 9eef9749f..602ded003 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -marm _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
index 3b62ba192..efc0406ee 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
index af20e474b..5a6500f83 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m32 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
index 6015fcb2b..a5aeeb979 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
index 8d44955e4..0e9748a72 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
index ae16fe754..4f4449abc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
index 03d90fe35..76a363f0f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
index 8e2c51b1e..43ca0cdfd 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
index 13d403031..b1b8bb200 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
index 1afee6a08..d2ddd3176 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 // Code generated by cmd/cgo -godefs; DO NOT EDIT.
 // cgo -godefs -- -m64 _const.go
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index fc7d0506f..4dfd2e051 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on zerrors_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
index 97f20ca28..586317c78 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
 
 //go:build linux && (arm || arm64)
-// +build linux
-// +build arm arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
index 0b5f79430..d7c881be7 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
 
 //go:build linux && (mips || mips64)
-// +build linux
-// +build mips mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
index 2807f7e64..2d2de5d29 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
 
 //go:build linux && (mipsle || mips64le)
-// +build linux
-// +build mipsle mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
index 281ea64e3..5adc79fb5 100644
--- a/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+++ b/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
@@ -1,8 +1,6 @@
 // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
 
 //go:build linux && (386 || amd64)
-// +build linux
-// +build 386 amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
index d1d1d2331..6ea64a3c0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc
-// +build aix,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
index f99a18adc..99ee4399a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64
-// +build aix,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
index c4d50ae50..b68a78362 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gc
-// +build aix,ppc64,gc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
index 6903d3b09..0a87450bf 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build aix && ppc64 && gccgo
-// +build aix,ppc64,gccgo
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index 1cad561e9..ccb02f240 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && amd64
-// +build darwin,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index b18edbd0e..1b40b997b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build darwin && arm64
-// +build darwin,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
index 0c67df64a..aad65fc79 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build dragonfly && amd64
-// +build dragonfly,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
index e6e05d145..c0096391a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && 386
-// +build freebsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
index 7508accac..7664df749 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && amd64
-// +build freebsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
index 7b56aead4..ae099182c 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm
-// +build freebsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
index cc623dcaa..11fd5d45b 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && arm64
-// +build freebsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
index 581849197..c3d2d6530 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build freebsd && riscv64
-// +build freebsd,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
index 6be25cd19..c698cbc01 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build illumos && amd64
-// +build illumos,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index 1ff3aec74..1488d2712 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -38,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) {
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) {
+	var _p0 *byte
+	_p0, err = BytePtrFromString(path)
+	if err != nil {
+		return
+	}
+	_, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ioctl(fd int, req uint, arg uintptr) (err error) {
 	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
 	if e1 != 0 {
@@ -2195,3 +2209,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
 	}
 	return
 }
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
+	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
index 07b549cc2..4def3e9fc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && 386
-// +build linux,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
index 5f481bf83..fef2bc8ba 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && amd64
-// +build linux,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
index 824cd52c7..a9fd76a88 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm
-// +build linux,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
index e77aecfe9..460065028 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && arm64
-// +build linux,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
index 806ffd1e1..c8987d264 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && loong64
-// +build linux,loong64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
index 961a3afb7..921f43061 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips
-// +build linux,mips
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
index ed05005e9..44f067829 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64
-// +build linux,mips64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
index d365b718f..e7fa0abf0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mips64le
-// +build linux,mips64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
index c3f1b8bbd..8c5125675 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && mipsle
-// +build linux,mipsle
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
index a6574cf98..7392fd45e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc
-// +build linux,ppc
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
index f40990264..41180434e 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64
-// +build linux,ppc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
index 9dfcc2997..40c6ce7ae 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && ppc64le
-// +build linux,ppc64le
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
index 0ab4f2ed7..2cfe34adb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && riscv64
-// +build linux,riscv64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
index 6cde32237..61e6f0709 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && s390x
-// +build linux,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
index 5253d65bf..834b84204 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build linux && sparc64
-// +build linux,sparc64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
index 2df3c5bac..e91ebc14a 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && 386
-// +build netbsd,386
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
index a60556bab..be28babbc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && amd64
-// +build netbsd,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
index 9f788917a..fb587e826 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm
-// +build netbsd,arm
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
index 82a4cb2dc..d576438bb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build netbsd && arm64
-// +build netbsd,arm64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 66b3b6456..a1d061597 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && 386
-// +build openbsd,386
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 3dcacd30d..41b561731 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
 DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index c5c4cc112..5b2a74097 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && amd64
-// +build openbsd,amd64
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 2763620b0..4019a656f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index 93bfbb328..f6eda1344 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm
-// +build openbsd,arm
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index c92231404..ac4af24f9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
 DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $4
+DATA	·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
 DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
+DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
 DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
+DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
+DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index a107b8fda..55df20ae9 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && arm64
-// +build openbsd,arm64
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index a6bc32c92..f77d53212 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index c427de509..8c1155cbc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && mips64
-// +build openbsd,mips64
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index b4e7bceab..fae140b62 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index 60c1a99ae..7cc80c58d 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && ppc64
-// +build openbsd,ppc64
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index ca3f76600..9d1e0ff06 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_fcntl(SB)
+	RET
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_ppoll(SB)
 	RET
@@ -801,8 +807,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_getfsstat(SB)
+	RET
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	CALL	libc_utimensat(SB)
 	RET
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_pledge(SB)
+	RET
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	CALL	libc_unveil(SB)
+	RET
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index 52eba360f..0688737f4 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build openbsd && riscv64
-// +build openbsd,riscv64
 
 package unix
 
@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
 	n = int(r0)
@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
 
 // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
 
+func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
+	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
+	n = int(r0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_getfsstat_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
 func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
 	var _p0 *byte
 	_p0, err = BytePtrFromString(path)
@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
 var libc_utimensat_trampoline_addr uintptr
 
 //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pledge(promises *byte, execpromises *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_pledge_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pledge pledge "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unveil(path *byte, flags *byte) (err error) {
+	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
+	if e1 != 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
+var libc_unveil_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_unveil unveil "libc.so"
+
+
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 477a7d5b2..da115f9a4 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
 DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
 
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_fcntl(SB)
+GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
 TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_ppoll(SB)
 GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
 GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
 DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
 
+TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_getfsstat(SB)
+GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
+DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
+
 TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
 	JMP	libc_utimensat(SB)
 GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
 DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
+
+TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_pledge(SB)
+GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
+DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
+
+TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
+	JMP	libc_unveil(SB)
+GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
+DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index b40189464..829b87feb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build solaris && amd64
-// +build solaris,amd64
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 1d8fe1d4b..94f011238 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
index 55e048471..3a58ae819 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
index d2243cf83..dcb7a0eb7 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
index 82dc51bd8..db5a7bf13 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
index cbdda1a4a..7be575a77 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
index f55eae1a8..d6e3174c6 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
index e44054470..ee97157d0 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
index a0db82fce..35c3b91d0 100644
--- a/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
index f8298ff9b..5edda7687 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
index 5eb433bbf..0dc9e8b4d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
index 703675c0c..308ddf3a1 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
index 4e0d96107..418664e3d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
index 01636b838..34d0b86d7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
index ad99bc106..b71cf45e2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
index 89dcc4274..e32df1c1e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
index ee37aaa0c..15ad6111f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 9862853d3..fcf3ecbdd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
@@ -448,4 +447,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index 8901f0f4e..f56dc2504 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
@@ -370,4 +369,6 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
+	SYS_MAP_SHADOW_STACK        = 453
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 6902c37ee..974bf2467 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
@@ -412,4 +411,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index a6d3dff81..39a2739e2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
@@ -315,4 +314,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index b18f3f710..cf9c9d77e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
@@ -309,4 +308,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 0302e5e3d..10b7362ef 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 6693ba4a0..cd4d8b4fd 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index fd93f4987..2c0efca81 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
@@ -362,4 +361,5 @@ const (
 	SYS_FUTEX_WAITV             = 5449
 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
 	SYS_CACHESTAT               = 5451
+	SYS_FCHMODAT2               = 5452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 760ddcadc..a72e31d39 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
@@ -432,4 +431,5 @@ const (
 	SYS_FUTEX_WAITV                  = 4449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
 	SYS_CACHESTAT                    = 4451
+	SYS_FCHMODAT2                    = 4452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index cff2b2555..c7d1e3747 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
@@ -439,4 +438,5 @@ const (
 	SYS_FUTEX_WAITV                  = 449
 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
 	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index a4b2405d0..f4d4838c8 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index aca54b4e3..b64f0e591 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
@@ -411,4 +410,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 9d1738d64..95711195a 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
@@ -316,4 +315,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 022878dc8..f94e943bc 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
@@ -377,4 +376,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 4100a761c..ba0c2bc51 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
@@ -390,4 +389,5 @@ const (
 	SYS_FUTEX_WAITV             = 449
 	SYS_SET_MEMPOLICY_HOME_NODE = 450
 	SYS_CACHESTAT               = 451
+	SYS_FCHMODAT2               = 452
 )
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
index 3a6699eba..b2aa8cd49 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
index 5677cd4f1..524a1b1c9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
index e784cb6db..d59b943ac 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
index bd4952efa..31e771d53 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
index 597733813..9fd77c6cb 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
index 16af29189..af10af28c 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
index f59b18a97..cc2028af4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
index 721ef5910..c06dd4415 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
index 01c43a01f..9ddbf3e08 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
index f258cfa24..19a6ee413 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
index 07919e0ec..05192a782 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index 073daad43..b2e308581 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
index 7a8161c1d..3e6d57cae 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && aix
-// +build ppc,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
index 07ed733c5..3a219bdce 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && aix
-// +build ppc64,aix
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 690cefc3d..091d107f3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && darwin
-// +build amd64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 5bffc10ea..28ff4ef74 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && darwin
-// +build arm64,darwin
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
index d0ba8e9b8..30e405bb4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && dragonfly
-// +build amd64,dragonfly
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 29dc48337..6cbd094a3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && freebsd
-// +build 386,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 0a89b2890..7c03b6ee7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && freebsd
-// +build amd64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index c8666bb15..422107ee8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && freebsd
-// +build arm,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 88fb48a88..505a12acf 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && freebsd
-// +build arm64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index 698dc975e..cc986c790 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && freebsd
-// +build riscv64,freebsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 18aa70b42..bbf8399ff 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -1,7 +1,6 @@
 // Code generated by mkmerge; DO NOT EDIT.
 
 //go:build linux
-// +build linux
 
 package unix
 
@@ -2672,6 +2671,7 @@ const (
 	BPF_PROG_TYPE_LSM                          = 0x1d
 	BPF_PROG_TYPE_SK_LOOKUP                    = 0x1e
 	BPF_PROG_TYPE_SYSCALL                      = 0x1f
+	BPF_PROG_TYPE_NETFILTER                    = 0x20
 	BPF_CGROUP_INET_INGRESS                    = 0x0
 	BPF_CGROUP_INET_EGRESS                     = 0x1
 	BPF_CGROUP_INET_SOCK_CREATE                = 0x2
@@ -2716,6 +2716,11 @@ const (
 	BPF_PERF_EVENT                             = 0x29
 	BPF_TRACE_KPROBE_MULTI                     = 0x2a
 	BPF_LSM_CGROUP                             = 0x2b
+	BPF_STRUCT_OPS                             = 0x2c
+	BPF_NETFILTER                              = 0x2d
+	BPF_TCX_INGRESS                            = 0x2e
+	BPF_TCX_EGRESS                             = 0x2f
+	BPF_TRACE_UPROBE_MULTI                     = 0x30
 	BPF_LINK_TYPE_UNSPEC                       = 0x0
 	BPF_LINK_TYPE_RAW_TRACEPOINT               = 0x1
 	BPF_LINK_TYPE_TRACING                      = 0x2
@@ -2726,6 +2731,18 @@ const (
 	BPF_LINK_TYPE_PERF_EVENT                   = 0x7
 	BPF_LINK_TYPE_KPROBE_MULTI                 = 0x8
 	BPF_LINK_TYPE_STRUCT_OPS                   = 0x9
+	BPF_LINK_TYPE_NETFILTER                    = 0xa
+	BPF_LINK_TYPE_TCX                          = 0xb
+	BPF_LINK_TYPE_UPROBE_MULTI                 = 0xc
+	BPF_PERF_EVENT_UNSPEC                      = 0x0
+	BPF_PERF_EVENT_UPROBE                      = 0x1
+	BPF_PERF_EVENT_URETPROBE                   = 0x2
+	BPF_PERF_EVENT_KPROBE                      = 0x3
+	BPF_PERF_EVENT_KRETPROBE                   = 0x4
+	BPF_PERF_EVENT_TRACEPOINT                  = 0x5
+	BPF_PERF_EVENT_EVENT                       = 0x6
+	BPF_F_KPROBE_MULTI_RETURN                  = 0x1
+	BPF_F_UPROBE_MULTI_RETURN                  = 0x1
 	BPF_ANY                                    = 0x0
 	BPF_NOEXIST                                = 0x1
 	BPF_EXIST                                  = 0x2
@@ -2743,6 +2760,8 @@ const (
 	BPF_F_MMAPABLE                             = 0x400
 	BPF_F_PRESERVE_ELEMS                       = 0x800
 	BPF_F_INNER_MAP                            = 0x1000
+	BPF_F_LINK                                 = 0x2000
+	BPF_F_PATH_FD                              = 0x4000
 	BPF_STATS_RUN_TIME                         = 0x0
 	BPF_STACK_BUILD_ID_EMPTY                   = 0x0
 	BPF_STACK_BUILD_ID_VALID                   = 0x1
@@ -2763,6 +2782,7 @@ const (
 	BPF_F_ZERO_CSUM_TX                         = 0x2
 	BPF_F_DONT_FRAGMENT                        = 0x4
 	BPF_F_SEQ_NUMBER                           = 0x8
+	BPF_F_NO_TUNNEL_KEY                        = 0x10
 	BPF_F_TUNINFO_FLAGS                        = 0x10
 	BPF_F_INDEX_MASK                           = 0xffffffff
 	BPF_F_CURRENT_CPU                          = 0xffffffff
@@ -2779,6 +2799,8 @@ const (
 	BPF_F_ADJ_ROOM_ENCAP_L4_UDP                = 0x10
 	BPF_F_ADJ_ROOM_NO_CSUM_RESET               = 0x20
 	BPF_F_ADJ_ROOM_ENCAP_L2_ETH                = 0x40
+	BPF_F_ADJ_ROOM_DECAP_L3_IPV4               = 0x80
+	BPF_F_ADJ_ROOM_DECAP_L3_IPV6               = 0x100
 	BPF_ADJ_ROOM_ENCAP_L2_MASK                 = 0xff
 	BPF_ADJ_ROOM_ENCAP_L2_SHIFT                = 0x38
 	BPF_F_SYSCTL_BASE_NAME                     = 0x1
@@ -2867,6 +2889,8 @@ const (
 	BPF_DEVCG_DEV_CHAR                         = 0x2
 	BPF_FIB_LOOKUP_DIRECT                      = 0x1
 	BPF_FIB_LOOKUP_OUTPUT                      = 0x2
+	BPF_FIB_LOOKUP_SKIP_NEIGH                  = 0x4
+	BPF_FIB_LOOKUP_TBID                        = 0x8
 	BPF_FIB_LKUP_RET_SUCCESS                   = 0x0
 	BPF_FIB_LKUP_RET_BLACKHOLE                 = 0x1
 	BPF_FIB_LKUP_RET_UNREACHABLE               = 0x2
@@ -2902,6 +2926,7 @@ const (
 	BPF_CORE_ENUMVAL_EXISTS                    = 0xa
 	BPF_CORE_ENUMVAL_VALUE                     = 0xb
 	BPF_CORE_TYPE_MATCHES                      = 0xc
+	BPF_F_TIMER_ABS                            = 0x1
 )
 
 const (
@@ -2980,6 +3005,12 @@ type LoopInfo64 struct {
 	Encrypt_key      [32]uint8
 	Init             [2]uint64
 }
+type LoopConfig struct {
+	Fd   uint32
+	Size uint32
+	Info LoopInfo64
+	_    [8]uint64
+}
 
 type TIPCSocketAddr struct {
 	Ref  uint32
@@ -5883,3 +5914,15 @@ type SchedAttr struct {
 }
 
 const SizeofSchedAttr = 0x38
+
+type Cachestat_t struct {
+	Cache            uint64
+	Dirty            uint64
+	Writeback        uint64
+	Evicted          uint64
+	Recently_evicted uint64
+}
+type CachestatRange struct {
+	Off uint64
+	Len uint64
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 6d8acbcc5..438a30aff 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && linux
-// +build 386,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index 59293c688..adceca355 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && linux
-// +build amd64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index 40cfa38c2..eeaa00a37 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && linux
-// +build arm,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 055bc4216..6739aa91d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && linux
-// +build arm64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index f28affbc6..9920ef631 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build loong64 && linux
-// +build loong64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 9d71e7ccd..2923b799a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips && linux
-// +build mips,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index fd5ccd332..ce2750ee4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && linux
-// +build mips64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 7704de77a..3038811d7 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64le && linux
-// +build mips64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index df00b8757..efc6fed18 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mipsle && linux
-// +build mipsle,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 0942840db..9a654b75a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc && linux
-// +build ppc,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 034874395..40d358e33 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && linux
-// +build ppc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index bad067047..148c6ceb8 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64le && linux
-// +build ppc64le,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 1b4c97c32..72ba81543 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && linux
-// +build riscv64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index aa268d025..71e765508 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build s390x && linux
-// +build s390x,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 444045b6c..4abbdb9de 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build sparc64 && linux
-// +build sparc64,linux
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
index 9bc4c8f9d..f22e7947d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && netbsd
-// +build 386,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
index bb05f655d..066a7d83d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && netbsd
-// +build amd64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
index db40e3a19..439548ec9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && netbsd
-// +build arm,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
index 11121151c..16085d3bb 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && netbsd
-// +build arm64,netbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
index 26eba23b7..afd13a3af 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build 386 && openbsd
-// +build 386,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
index 5a5479886..5d97f1f9b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && openbsd
-// +build amd64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
index be58c4e1f..34871cdc1 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm && openbsd
-// +build arm,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
index 52338266c..5911bceb3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build arm64 && openbsd
-// +build arm64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
index 605cfdb12..e4f24f3bc 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build mips64 && openbsd
-// +build mips64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
index d6724c010..ca50a7930 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build ppc64 && openbsd
-// +build ppc64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
index ddfd27a43..d7d7f7902 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build riscv64 && openbsd
-// +build riscv64,openbsd
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
index 0400747c6..14160576d 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
@@ -2,7 +2,6 @@
 // Code generated by the command above; see README.md. DO NOT EDIT.
 
 //go:build amd64 && solaris
-// +build amd64,solaris
 
 package unix
 
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index aec1efcb3..54f31be63 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build zos && s390x
-// +build zos,s390x
 
 // Hand edited based on ztypes_linux_s390x.go
 // TODO: auto-generate.
diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go
index a20ebea63..ce2d713d6 100644
--- a/vendor/golang.org/x/sys/windows/aliases.go
+++ b/vendor/golang.org/x/sys/windows/aliases.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && go1.9
-// +build windows,go1.9
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/empty.s b/vendor/golang.org/x/sys/windows/empty.s
index fdbbbcd31..ba64caca5 100644
--- a/vendor/golang.org/x/sys/windows/empty.s
+++ b/vendor/golang.org/x/sys/windows/empty.s
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.12
-// +build !go1.12
 
 // This file is here to allow bodyless functions with go:linkname for Go 1.11
 // and earlier (see https://golang.org/issue/23311).
diff --git a/vendor/golang.org/x/sys/windows/eventlog.go b/vendor/golang.org/x/sys/windows/eventlog.go
index 2cd60645e..6c366955d 100644
--- a/vendor/golang.org/x/sys/windows/eventlog.go
+++ b/vendor/golang.org/x/sys/windows/eventlog.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/mksyscall.go b/vendor/golang.org/x/sys/windows/mksyscall.go
index 8563f79c5..dbcdb090c 100644
--- a/vendor/golang.org/x/sys/windows/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race.go b/vendor/golang.org/x/sys/windows/race.go
index 9196b089c..0f1bdc386 100644
--- a/vendor/golang.org/x/sys/windows/race.go
+++ b/vendor/golang.org/x/sys/windows/race.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && race
-// +build windows,race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/race0.go b/vendor/golang.org/x/sys/windows/race0.go
index 7bae4817a..0c78da78b 100644
--- a/vendor/golang.org/x/sys/windows/race0.go
+++ b/vendor/golang.org/x/sys/windows/race0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows && !race
-// +build windows,!race
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go
index 6c8d97b6a..fd8632444 100644
--- a/vendor/golang.org/x/sys/windows/registry/key.go
+++ b/vendor/golang.org/x/sys/windows/registry/key.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package registry provides access to the Windows registry.
 //
diff --git a/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
index ee74927d3..bbf86ccf0 100644
--- a/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/mksyscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build generate
-// +build generate
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/syscall.go b/vendor/golang.org/x/sys/windows/registry/syscall.go
index 417335123..f533091c1 100644
--- a/vendor/golang.org/x/sys/windows/registry/syscall.go
+++ b/vendor/golang.org/x/sys/windows/registry/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/registry/value.go b/vendor/golang.org/x/sys/windows/registry/value.go
index 2789f6f18..74db26b94 100644
--- a/vendor/golang.org/x/sys/windows/registry/value.go
+++ b/vendor/golang.org/x/sys/windows/registry/value.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package registry
 
diff --git a/vendor/golang.org/x/sys/windows/service.go b/vendor/golang.org/x/sys/windows/service.go
index c44a1b963..a9dc6308d 100644
--- a/vendor/golang.org/x/sys/windows/service.go
+++ b/vendor/golang.org/x/sys/windows/service.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/str.go b/vendor/golang.org/x/sys/windows/str.go
index 4fc01434e..6a4f9ce6a 100644
--- a/vendor/golang.org/x/sys/windows/str.go
+++ b/vendor/golang.org/x/sys/windows/str.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 package windows
 
diff --git a/vendor/golang.org/x/sys/windows/syscall.go b/vendor/golang.org/x/sys/windows/syscall.go
index 8732cdb95..e85ed6b9c 100644
--- a/vendor/golang.org/x/sys/windows/syscall.go
+++ b/vendor/golang.org/x/sys/windows/syscall.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build windows
-// +build windows
 
 // Package windows contains an interface to the low-level operating system
 // primitives. OS details vary depending on the underlying system, and
diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go
index 35cfc57ca..47dc57967 100644
--- a/vendor/golang.org/x/sys/windows/syscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/syscall_windows.go
@@ -155,6 +155,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
 //sys	GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
 //sys	SetDefaultDllDirectories(directoryFlags uint32) (err error)
+//sys	AddDllDirectory(path *uint16) (cookie uintptr, err error) = kernel32.AddDllDirectory
+//sys	RemoveDllDirectory(cookie uintptr) (err error) = kernel32.RemoveDllDirectory
 //sys	SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW
 //sys	GetVersion() (ver uint32, err error)
 //sys	FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
@@ -233,6 +235,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
 //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
 //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
 //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
+//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
 //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
 //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
@@ -969,7 +972,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
 	if n > 0 {
 		sl += int32(n) + 1
 	}
-	if sa.raw.Path[0] == '@' {
+	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
+		// Check sl > 3 so we don't change unnamed socket behavior.
 		sa.raw.Path[0] = 0
 		// Don't count trailing NUL for abstract address.
 		sl--
diff --git a/vendor/golang.org/x/sys/windows/types_windows.go b/vendor/golang.org/x/sys/windows/types_windows.go
index b88dc7c85..359780f6a 100644
--- a/vendor/golang.org/x/sys/windows/types_windows.go
+++ b/vendor/golang.org/x/sys/windows/types_windows.go
@@ -1094,7 +1094,33 @@ const (
 
 	SOMAXCONN = 0x7fffffff
 
-	TCP_NODELAY = 1
+	TCP_NODELAY                    = 1
+	TCP_EXPEDITED_1122             = 2
+	TCP_KEEPALIVE                  = 3
+	TCP_MAXSEG                     = 4
+	TCP_MAXRT                      = 5
+	TCP_STDURG                     = 6
+	TCP_NOURG                      = 7
+	TCP_ATMARK                     = 8
+	TCP_NOSYNRETRIES               = 9
+	TCP_TIMESTAMPS                 = 10
+	TCP_OFFLOAD_PREFERENCE         = 11
+	TCP_CONGESTION_ALGORITHM       = 12
+	TCP_DELAY_FIN_ACK              = 13
+	TCP_MAXRTMS                    = 14
+	TCP_FASTOPEN                   = 15
+	TCP_KEEPCNT                    = 16
+	TCP_KEEPIDLE                   = TCP_KEEPALIVE
+	TCP_KEEPINTVL                  = 17
+	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
+	TCP_ICMP_ERROR_INFO            = 19
+
+	UDP_NOCHECKSUM              = 1
+	UDP_SEND_MSG_SIZE           = 2
+	UDP_RECV_MAX_COALESCED_SIZE = 3
+	UDP_CHECKSUM_COVERAGE       = 20
+
+	UDP_COALESCED_INFO = 3
 
 	SHUT_RD   = 0
 	SHUT_WR   = 1
diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
index 8b1688de4..146a1f019 100644
--- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go
@@ -184,6 +184,7 @@ var (
 	procGetAdaptersInfo                                      = modiphlpapi.NewProc("GetAdaptersInfo")
 	procGetBestInterfaceEx                                   = modiphlpapi.NewProc("GetBestInterfaceEx")
 	procGetIfEntry                                           = modiphlpapi.NewProc("GetIfEntry")
+	procAddDllDirectory                                      = modkernel32.NewProc("AddDllDirectory")
 	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
 	procCancelIo                                             = modkernel32.NewProc("CancelIo")
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
@@ -253,6 +254,7 @@ var (
 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
+	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
@@ -329,6 +331,7 @@ var (
 	procReadProcessMemory                                    = modkernel32.NewProc("ReadProcessMemory")
 	procReleaseMutex                                         = modkernel32.NewProc("ReleaseMutex")
 	procRemoveDirectoryW                                     = modkernel32.NewProc("RemoveDirectoryW")
+	procRemoveDllDirectory                                   = modkernel32.NewProc("RemoveDllDirectory")
 	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
 	procResizePseudoConsole                                  = modkernel32.NewProc("ResizePseudoConsole")
 	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
@@ -1604,6 +1607,15 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
 	return
 }
 
+func AddDllDirectory(path *uint16) (cookie uintptr, err error) {
+	r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
+	cookie = uintptr(r0)
+	if cookie == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func AssignProcessToJobObject(job Handle, process Handle) (err error) {
 	r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0)
 	if r1 == 0 {
@@ -2185,6 +2197,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
 	return
 }
 
+func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
+	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func GetFileType(filehandle Handle) (n uint32, err error) {
 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
 	n = uint32(r0)
@@ -2870,6 +2890,14 @@ func RemoveDirectory(path *uint16) (err error) {
 	return
 }
 
+func RemoveDllDirectory(cookie uintptr) (err error) {
+	r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0)
+	if r1 == 0 {
+		err = errnoErr(e1)
+	}
+	return
+}
+
 func ResetEvent(event Handle) (err error) {
 	r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
 	if r1 == 0 {
diff --git a/vendor/golang.org/x/term/term_unix.go b/vendor/golang.org/x/term/term_unix.go
index 62c2b3f41..1ad0ddfe3 100644
--- a/vendor/golang.org/x/term/term_unix.go
+++ b/vendor/golang.org/x/term/term_unix.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unix_bsd.go b/vendor/golang.org/x/term/term_unix_bsd.go
index 853b3d698..9dbf54629 100644
--- a/vendor/golang.org/x/term/term_unix_bsd.go
+++ b/vendor/golang.org/x/term/term_unix_bsd.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build darwin || dragonfly || freebsd || netbsd || openbsd
-// +build darwin dragonfly freebsd netbsd openbsd
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unix_other.go b/vendor/golang.org/x/term/term_unix_other.go
index 1e8955c93..1b36de799 100644
--- a/vendor/golang.org/x/term/term_unix_other.go
+++ b/vendor/golang.org/x/term/term_unix_other.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build aix || linux || solaris || zos
-// +build aix linux solaris zos
 
 package term
 
diff --git a/vendor/golang.org/x/term/term_unsupported.go b/vendor/golang.org/x/term/term_unsupported.go
index f1df85065..3c409e588 100644
--- a/vendor/golang.org/x/term/term_unsupported.go
+++ b/vendor/golang.org/x/term/term_unsupported.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !zos && !windows && !solaris && !plan9
-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!zos,!windows,!solaris,!plan9
 
 package term
 
diff --git a/vendor/golang.org/x/text/cases/icu.go b/vendor/golang.org/x/text/cases/icu.go
index 2dc84b39e..db7c237cc 100644
--- a/vendor/golang.org/x/text/cases/icu.go
+++ b/vendor/golang.org/x/text/cases/icu.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build icu
-// +build icu
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables10.0.0.go b/vendor/golang.org/x/text/cases/tables10.0.0.go
index ca9923105..bd28ae145 100644
--- a/vendor/golang.org/x/text/cases/tables10.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables11.0.0.go b/vendor/golang.org/x/text/cases/tables11.0.0.go
index b1106b417..ce00ce372 100644
--- a/vendor/golang.org/x/text/cases/tables11.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables12.0.0.go b/vendor/golang.org/x/text/cases/tables12.0.0.go
index ae7dc2407..84d841b14 100644
--- a/vendor/golang.org/x/text/cases/tables12.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables13.0.0.go b/vendor/golang.org/x/text/cases/tables13.0.0.go
index 68d2981d1..6187e6b46 100644
--- a/vendor/golang.org/x/text/cases/tables13.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables15.0.0.go b/vendor/golang.org/x/text/cases/tables15.0.0.go
index e431b9953..aee0f3108 100644
--- a/vendor/golang.org/x/text/cases/tables15.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package cases
 
diff --git a/vendor/golang.org/x/text/cases/tables9.0.0.go b/vendor/golang.org/x/text/cases/tables9.0.0.go
index 636d5d14d..3aeb7be6d 100644
--- a/vendor/golang.org/x/text/cases/tables9.0.0.go
+++ b/vendor/golang.org/x/text/cases/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package cases
 
diff --git a/vendor/golang.org/x/text/encoding/encoding.go b/vendor/golang.org/x/text/encoding/encoding.go
new file mode 100644
index 000000000..a0bd7cd4d
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/encoding.go
@@ -0,0 +1,335 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package encoding defines an interface for character encodings, such as Shift
+// JIS and Windows 1252, that can convert to and from UTF-8.
+//
+// Encoding implementations are provided in other packages, such as
+// golang.org/x/text/encoding/charmap and
+// golang.org/x/text/encoding/japanese.
+package encoding // import "golang.org/x/text/encoding"
+
+import (
+	"errors"
+	"io"
+	"strconv"
+	"unicode/utf8"
+
+	"golang.org/x/text/encoding/internal/identifier"
+	"golang.org/x/text/transform"
+)
+
+// TODO:
+// - There seems to be some inconsistency in when decoders return errors
+//   and when not. Also documentation seems to suggest they shouldn't return
+//   errors at all (except for UTF-16).
+// - Encoders seem to rely on or at least benefit from the input being in NFC
+//   normal form. Perhaps add an example how users could prepare their output.
+
+// Encoding is a character set encoding that can be transformed to and from
+// UTF-8.
+type Encoding interface {
+	// NewDecoder returns a Decoder.
+	NewDecoder() *Decoder
+
+	// NewEncoder returns an Encoder.
+	NewEncoder() *Encoder
+}
+
+// A Decoder converts bytes to UTF-8. It implements transform.Transformer.
+//
+// Transforming source bytes that are not of that encoding will not result in an
+// error per se. Each byte that cannot be transcoded will be represented in the
+// output by the UTF-8 encoding of '\uFFFD', the replacement rune.
+type Decoder struct {
+	transform.Transformer
+
+	// This forces external creators of Decoders to use names in struct
+	// initializers, allowing for future extendibility without having to break
+	// code.
+	_ struct{}
+}
+
+// Bytes converts the given encoded bytes to UTF-8. It returns the converted
+// bytes or nil, err if any error occurred.
+func (d *Decoder) Bytes(b []byte) ([]byte, error) {
+	b, _, err := transform.Bytes(d, b)
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}
+
+// String converts the given encoded string to UTF-8. It returns the converted
+// string or "", err if any error occurred.
+func (d *Decoder) String(s string) (string, error) {
+	s, _, err := transform.String(d, s)
+	if err != nil {
+		return "", err
+	}
+	return s, nil
+}
+
+// Reader wraps another Reader to decode its bytes.
+//
+// The Decoder may not be used for any other operation as long as the returned
+// Reader is in use.
+func (d *Decoder) Reader(r io.Reader) io.Reader {
+	return transform.NewReader(r, d)
+}
+
+// An Encoder converts bytes from UTF-8. It implements transform.Transformer.
+//
+// Each rune that cannot be transcoded will result in an error. In this case,
+// the transform will consume all source byte up to, not including the offending
+// rune. Transforming source bytes that are not valid UTF-8 will be replaced by
+// `\uFFFD`. To return early with an error instead, use transform.Chain to
+// preprocess the data with a UTF8Validator.
+type Encoder struct {
+	transform.Transformer
+
+	// This forces external creators of Encoders to use names in struct
+	// initializers, allowing for future extendibility without having to break
+	// code.
+	_ struct{}
+}
+
+// Bytes converts bytes from UTF-8. It returns the converted bytes or nil, err if
+// any error occurred.
+func (e *Encoder) Bytes(b []byte) ([]byte, error) {
+	b, _, err := transform.Bytes(e, b)
+	if err != nil {
+		return nil, err
+	}
+	return b, nil
+}
+
+// String converts a string from UTF-8. It returns the converted string or
+// "", err if any error occurred.
+func (e *Encoder) String(s string) (string, error) {
+	s, _, err := transform.String(e, s)
+	if err != nil {
+		return "", err
+	}
+	return s, nil
+}
+
+// Writer wraps another Writer to encode its UTF-8 output.
+//
+// The Encoder may not be used for any other operation as long as the returned
+// Writer is in use.
+func (e *Encoder) Writer(w io.Writer) io.Writer {
+	return transform.NewWriter(w, e)
+}
+
+// ASCIISub is the ASCII substitute character, as recommended by
+// https://unicode.org/reports/tr36/#Text_Comparison
+const ASCIISub = '\x1a'
+
+// Nop is the nop encoding. Its transformed bytes are the same as the source
+// bytes; it does not replace invalid UTF-8 sequences.
+var Nop Encoding = nop{}
+
+type nop struct{}
+
+func (nop) NewDecoder() *Decoder {
+	return &Decoder{Transformer: transform.Nop}
+}
+func (nop) NewEncoder() *Encoder {
+	return &Encoder{Transformer: transform.Nop}
+}
+
+// Replacement is the replacement encoding. Decoding from the replacement
+// encoding yields a single '\uFFFD' replacement rune. Encoding from UTF-8 to
+// the replacement encoding yields the same as the source bytes except that
+// invalid UTF-8 is converted to '\uFFFD'.
+//
+// It is defined at http://encoding.spec.whatwg.org/#replacement
+var Replacement Encoding = replacement{}
+
+type replacement struct{}
+
+func (replacement) NewDecoder() *Decoder {
+	return &Decoder{Transformer: replacementDecoder{}}
+}
+
+func (replacement) NewEncoder() *Encoder {
+	return &Encoder{Transformer: replacementEncoder{}}
+}
+
+func (replacement) ID() (mib identifier.MIB, other string) {
+	return identifier.Replacement, ""
+}
+
+type replacementDecoder struct{ transform.NopResetter }
+
+func (replacementDecoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if len(dst) < 3 {
+		return 0, 0, transform.ErrShortDst
+	}
+	if atEOF {
+		const fffd = "\ufffd"
+		dst[0] = fffd[0]
+		dst[1] = fffd[1]
+		dst[2] = fffd[2]
+		nDst = 3
+	}
+	return nDst, len(src), nil
+}
+
+type replacementEncoder struct{ transform.NopResetter }
+
+func (replacementEncoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	r, size := rune(0), 0
+
+	for ; nSrc < len(src); nSrc += size {
+		r = rune(src[nSrc])
+
+		// Decode a 1-byte rune.
+		if r < utf8.RuneSelf {
+			size = 1
+
+		} else {
+			// Decode a multi-byte rune.
+			r, size = utf8.DecodeRune(src[nSrc:])
+			if size == 1 {
+				// All valid runes of size 1 (those below utf8.RuneSelf) were
+				// handled above. We have invalid UTF-8 or we haven't seen the
+				// full character yet.
+				if !atEOF && !utf8.FullRune(src[nSrc:]) {
+					err = transform.ErrShortSrc
+					break
+				}
+				r = '\ufffd'
+			}
+		}
+
+		if nDst+utf8.RuneLen(r) > len(dst) {
+			err = transform.ErrShortDst
+			break
+		}
+		nDst += utf8.EncodeRune(dst[nDst:], r)
+	}
+	return nDst, nSrc, err
+}
+
+// HTMLEscapeUnsupported wraps encoders to replace source runes outside the
+// repertoire of the destination encoding with HTML escape sequences.
+//
+// This wrapper exists to comply to URL and HTML forms requiring a
+// non-terminating legacy encoder. The produced sequences may lead to data
+// loss as they are indistinguishable from legitimate input. To avoid this
+// issue, use UTF-8 encodings whenever possible.
+func HTMLEscapeUnsupported(e *Encoder) *Encoder {
+	return &Encoder{Transformer: &errorHandler{e, errorToHTML}}
+}
+
+// ReplaceUnsupported wraps encoders to replace source runes outside the
+// repertoire of the destination encoding with an encoding-specific
+// replacement.
+//
+// This wrapper is only provided for backwards compatibility and legacy
+// handling. Its use is strongly discouraged. Use UTF-8 whenever possible.
+func ReplaceUnsupported(e *Encoder) *Encoder {
+	return &Encoder{Transformer: &errorHandler{e, errorToReplacement}}
+}
+
+type errorHandler struct {
+	*Encoder
+	handler func(dst []byte, r rune, err repertoireError) (n int, ok bool)
+}
+
+// TODO: consider making this error public in some form.
+type repertoireError interface {
+	Replacement() byte
+}
+
+func (h errorHandler) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	nDst, nSrc, err = h.Transformer.Transform(dst, src, atEOF)
+	for err != nil {
+		rerr, ok := err.(repertoireError)
+		if !ok {
+			return nDst, nSrc, err
+		}
+		r, sz := utf8.DecodeRune(src[nSrc:])
+		n, ok := h.handler(dst[nDst:], r, rerr)
+		if !ok {
+			return nDst, nSrc, transform.ErrShortDst
+		}
+		err = nil
+		nDst += n
+		if nSrc += sz; nSrc < len(src) {
+			var dn, sn int
+			dn, sn, err = h.Transformer.Transform(dst[nDst:], src[nSrc:], atEOF)
+			nDst += dn
+			nSrc += sn
+		}
+	}
+	return nDst, nSrc, err
+}
+
+func errorToHTML(dst []byte, r rune, err repertoireError) (n int, ok bool) {
+	buf := [8]byte{}
+	b := strconv.AppendUint(buf[:0], uint64(r), 10)
+	if n = len(b) + len("&#;"); n >= len(dst) {
+		return 0, false
+	}
+	dst[0] = '&'
+	dst[1] = '#'
+	dst[copy(dst[2:], b)+2] = ';'
+	return n, true
+}
+
+func errorToReplacement(dst []byte, r rune, err repertoireError) (n int, ok bool) {
+	if len(dst) == 0 {
+		return 0, false
+	}
+	dst[0] = err.Replacement()
+	return 1, true
+}
+
+// ErrInvalidUTF8 means that a transformer encountered invalid UTF-8.
+var ErrInvalidUTF8 = errors.New("encoding: invalid UTF-8")
+
+// UTF8Validator is a transformer that returns ErrInvalidUTF8 on the first
+// input byte that is not valid UTF-8.
+var UTF8Validator transform.Transformer = utf8Validator{}
+
+type utf8Validator struct{ transform.NopResetter }
+
+func (utf8Validator) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	n := len(src)
+	if n > len(dst) {
+		n = len(dst)
+	}
+	for i := 0; i < n; {
+		if c := src[i]; c < utf8.RuneSelf {
+			dst[i] = c
+			i++
+			continue
+		}
+		_, size := utf8.DecodeRune(src[i:])
+		if size == 1 {
+			// All valid runes of size 1 (those below utf8.RuneSelf) were
+			// handled above. We have invalid UTF-8 or we haven't seen the
+			// full character yet.
+			err = ErrInvalidUTF8
+			if !atEOF && !utf8.FullRune(src[i:]) {
+				err = transform.ErrShortSrc
+			}
+			return i, i, err
+		}
+		if i+size > len(dst) {
+			return i, i, transform.ErrShortDst
+		}
+		for ; size > 0; size-- {
+			dst[i] = src[i]
+			i++
+		}
+	}
+	if len(src) > len(dst) {
+		err = transform.ErrShortDst
+	}
+	return n, n, err
+}
diff --git a/vendor/golang.org/x/text/encoding/internal/identifier/identifier.go b/vendor/golang.org/x/text/encoding/internal/identifier/identifier.go
new file mode 100644
index 000000000..5c9b85c28
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/internal/identifier/identifier.go
@@ -0,0 +1,81 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:generate go run gen.go
+
+// Package identifier defines the contract between implementations of Encoding
+// and Index by defining identifiers that uniquely identify standardized coded
+// character sets (CCS) and character encoding schemes (CES), which we will
+// together refer to as encodings, for which Encoding implementations provide
+// converters to and from UTF-8. This package is typically only of concern to
+// implementers of Indexes and Encodings.
+//
+// One part of the identifier is the MIB code, which is defined by IANA and
+// uniquely identifies a CCS or CES. Each code is associated with data that
+// references authorities, official documentation as well as aliases and MIME
+// names.
+//
+// Not all CESs are covered by the IANA registry. The "other" string that is
+// returned by ID can be used to identify other character sets or versions of
+// existing ones.
+//
+// It is recommended that each package that provides a set of Encodings provide
+// the All and Common variables to reference all supported encodings and
+// commonly used subset. This allows Index implementations to include all
+// available encodings without explicitly referencing or knowing about them.
+package identifier
+
+// Note: this package is internal, but could be made public if there is a need
+// for writing third-party Indexes and Encodings.
+
+// References:
+// - http://source.icu-project.org/repos/icu/icu/trunk/source/data/mappings/convrtrs.txt
+// - http://www.iana.org/assignments/character-sets/character-sets.xhtml
+// - http://www.iana.org/assignments/ianacharset-mib/ianacharset-mib
+// - http://www.ietf.org/rfc/rfc2978.txt
+// - https://www.unicode.org/reports/tr22/
+// - http://www.w3.org/TR/encoding/
+// - https://encoding.spec.whatwg.org/
+// - https://encoding.spec.whatwg.org/encodings.json
+// - https://tools.ietf.org/html/rfc6657#section-5
+
+// Interface can be implemented by Encodings to define the CCS or CES for which
+// it implements conversions.
+type Interface interface {
+	// ID returns an encoding identifier. Exactly one of the mib and other
+	// values should be non-zero.
+	//
+	// In the usual case it is only necessary to indicate the MIB code. The
+	// other string can be used to specify encodings for which there is no MIB,
+	// such as "x-mac-dingbat".
+	//
+	// The other string may only contain the characters a-z, A-Z, 0-9, - and _.
+	ID() (mib MIB, other string)
+
+	// NOTE: the restrictions on the encoding are to allow extending the syntax
+	// with additional information such as versions, vendors and other variants.
+}
+
+// A MIB identifies an encoding. It is derived from the IANA MIB codes and adds
+// some identifiers for some encodings that are not covered by the IANA
+// standard.
+//
+// See http://www.iana.org/assignments/ianacharset-mib.
+type MIB uint16
+
+// These additional MIB types are not defined in IANA. They are added because
+// they are common and defined within the text repo.
+const (
+	// Unofficial marks the start of encodings not registered by IANA.
+	Unofficial MIB = 10000 + iota
+
+	// Replacement is the WhatWG replacement encoding.
+	Replacement
+
+	// XUserDefined is the code for x-user-defined.
+	XUserDefined
+
+	// MacintoshCyrillic is the code for x-mac-cyrillic.
+	MacintoshCyrillic
+)
diff --git a/vendor/golang.org/x/text/encoding/internal/identifier/mib.go b/vendor/golang.org/x/text/encoding/internal/identifier/mib.go
new file mode 100644
index 000000000..351fb86e2
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/internal/identifier/mib.go
@@ -0,0 +1,1627 @@
+// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+package identifier
+
+const (
+	// ASCII is the MIB identifier with IANA name US-ASCII (MIME: US-ASCII).
+	//
+	// ANSI X3.4-1986
+	// Reference: RFC2046
+	ASCII MIB = 3
+
+	// ISOLatin1 is the MIB identifier with IANA name ISO_8859-1:1987 (MIME: ISO-8859-1).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin1 MIB = 4
+
+	// ISOLatin2 is the MIB identifier with IANA name ISO_8859-2:1987 (MIME: ISO-8859-2).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin2 MIB = 5
+
+	// ISOLatin3 is the MIB identifier with IANA name ISO_8859-3:1988 (MIME: ISO-8859-3).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin3 MIB = 6
+
+	// ISOLatin4 is the MIB identifier with IANA name ISO_8859-4:1988 (MIME: ISO-8859-4).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin4 MIB = 7
+
+	// ISOLatinCyrillic is the MIB identifier with IANA name ISO_8859-5:1988 (MIME: ISO-8859-5).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatinCyrillic MIB = 8
+
+	// ISOLatinArabic is the MIB identifier with IANA name ISO_8859-6:1987 (MIME: ISO-8859-6).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatinArabic MIB = 9
+
+	// ISOLatinGreek is the MIB identifier with IANA name ISO_8859-7:1987 (MIME: ISO-8859-7).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1947
+	// Reference: RFC1345
+	ISOLatinGreek MIB = 10
+
+	// ISOLatinHebrew is the MIB identifier with IANA name ISO_8859-8:1988 (MIME: ISO-8859-8).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatinHebrew MIB = 11
+
+	// ISOLatin5 is the MIB identifier with IANA name ISO_8859-9:1989 (MIME: ISO-8859-9).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin5 MIB = 12
+
+	// ISOLatin6 is the MIB identifier with IANA name ISO-8859-10 (MIME: ISO-8859-10).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOLatin6 MIB = 13
+
+	// ISOTextComm is the MIB identifier with IANA name ISO_6937-2-add.
+	//
+	// ISO-IR: International Register of Escape Sequences and ISO 6937-2:1983
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISOTextComm MIB = 14
+
+	// HalfWidthKatakana is the MIB identifier with IANA name JIS_X0201.
+	//
+	// JIS X 0201-1976.   One byte only, this is equivalent to
+	// JIS/Roman (similar to ASCII) plus eight-bit half-width
+	// Katakana
+	// Reference: RFC1345
+	HalfWidthKatakana MIB = 15
+
+	// JISEncoding is the MIB identifier with IANA name JIS_Encoding.
+	//
+	// JIS X 0202-1991.  Uses ISO 2022 escape sequences to
+	// shift code sets as documented in JIS X 0202-1991.
+	JISEncoding MIB = 16
+
+	// ShiftJIS is the MIB identifier with IANA name Shift_JIS (MIME: Shift_JIS).
+	//
+	// This charset is an extension of csHalfWidthKatakana by
+	// adding graphic characters in JIS X 0208.  The CCS's are
+	// JIS X0201:1997 and JIS X0208:1997.  The
+	// complete definition is shown in Appendix 1 of JIS
+	// X0208:1997.
+	// This charset can be used for the top-level media type "text".
+	ShiftJIS MIB = 17
+
+	// EUCPkdFmtJapanese is the MIB identifier with IANA name Extended_UNIX_Code_Packed_Format_for_Japanese (MIME: EUC-JP).
+	//
+	// Standardized by OSF, UNIX International, and UNIX Systems
+	// Laboratories Pacific.  Uses ISO 2022 rules to select
+	// code set 0: US-ASCII (a single 7-bit byte set)
+	// code set 1: JIS X0208-1990 (a double 8-bit byte set)
+	// restricted to A0-FF in both bytes
+	// code set 2: Half Width Katakana (a single 7-bit byte set)
+	// requiring SS2 as the character prefix
+	// code set 3: JIS X0212-1990 (a double 7-bit byte set)
+	// restricted to A0-FF in both bytes
+	// requiring SS3 as the character prefix
+	EUCPkdFmtJapanese MIB = 18
+
+	// EUCFixWidJapanese is the MIB identifier with IANA name Extended_UNIX_Code_Fixed_Width_for_Japanese.
+	//
+	// Used in Japan.  Each character is 2 octets.
+	// code set 0: US-ASCII (a single 7-bit byte set)
+	// 1st byte = 00
+	// 2nd byte = 20-7E
+	// code set 1: JIS X0208-1990 (a double 7-bit byte set)
+	// restricted  to A0-FF in both bytes
+	// code set 2: Half Width Katakana (a single 7-bit byte set)
+	// 1st byte = 00
+	// 2nd byte = A0-FF
+	// code set 3: JIS X0212-1990 (a double 7-bit byte set)
+	// restricted to A0-FF in
+	// the first byte
+	// and 21-7E in the second byte
+	EUCFixWidJapanese MIB = 19
+
+	// ISO4UnitedKingdom is the MIB identifier with IANA name BS_4730.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO4UnitedKingdom MIB = 20
+
+	// ISO11SwedishForNames is the MIB identifier with IANA name SEN_850200_C.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO11SwedishForNames MIB = 21
+
+	// ISO15Italian is the MIB identifier with IANA name IT.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO15Italian MIB = 22
+
+	// ISO17Spanish is the MIB identifier with IANA name ES.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO17Spanish MIB = 23
+
+	// ISO21German is the MIB identifier with IANA name DIN_66003.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO21German MIB = 24
+
+	// ISO60Norwegian1 is the MIB identifier with IANA name NS_4551-1.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO60Norwegian1 MIB = 25
+
+	// ISO69French is the MIB identifier with IANA name NF_Z_62-010.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO69French MIB = 26
+
+	// ISO10646UTF1 is the MIB identifier with IANA name ISO-10646-UTF-1.
+	//
+	// Universal Transfer Format (1), this is the multibyte
+	// encoding, that subsets ASCII-7. It does not have byte
+	// ordering issues.
+	ISO10646UTF1 MIB = 27
+
+	// ISO646basic1983 is the MIB identifier with IANA name ISO_646.basic:1983.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO646basic1983 MIB = 28
+
+	// INVARIANT is the MIB identifier with IANA name INVARIANT.
+	//
+	// Reference: RFC1345
+	INVARIANT MIB = 29
+
+	// ISO2IntlRefVersion is the MIB identifier with IANA name ISO_646.irv:1983.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO2IntlRefVersion MIB = 30
+
+	// NATSSEFI is the MIB identifier with IANA name NATS-SEFI.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	NATSSEFI MIB = 31
+
+	// NATSSEFIADD is the MIB identifier with IANA name NATS-SEFI-ADD.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	NATSSEFIADD MIB = 32
+
+	// NATSDANO is the MIB identifier with IANA name NATS-DANO.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	NATSDANO MIB = 33
+
+	// NATSDANOADD is the MIB identifier with IANA name NATS-DANO-ADD.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	NATSDANOADD MIB = 34
+
+	// ISO10Swedish is the MIB identifier with IANA name SEN_850200_B.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO10Swedish MIB = 35
+
+	// KSC56011987 is the MIB identifier with IANA name KS_C_5601-1987.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	KSC56011987 MIB = 36
+
+	// ISO2022KR is the MIB identifier with IANA name ISO-2022-KR (MIME: ISO-2022-KR).
+	//
+	// rfc1557 (see also KS_C_5601-1987)
+	// Reference: RFC1557
+	ISO2022KR MIB = 37
+
+	// EUCKR is the MIB identifier with IANA name EUC-KR (MIME: EUC-KR).
+	//
+	// rfc1557 (see also KS_C_5861-1992)
+	// Reference: RFC1557
+	EUCKR MIB = 38
+
+	// ISO2022JP is the MIB identifier with IANA name ISO-2022-JP (MIME: ISO-2022-JP).
+	//
+	// rfc1468 (see also rfc2237 )
+	// Reference: RFC1468
+	ISO2022JP MIB = 39
+
+	// ISO2022JP2 is the MIB identifier with IANA name ISO-2022-JP-2 (MIME: ISO-2022-JP-2).
+	//
+	// rfc1554
+	// Reference: RFC1554
+	ISO2022JP2 MIB = 40
+
+	// ISO13JISC6220jp is the MIB identifier with IANA name JIS_C6220-1969-jp.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO13JISC6220jp MIB = 41
+
+	// ISO14JISC6220ro is the MIB identifier with IANA name JIS_C6220-1969-ro.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO14JISC6220ro MIB = 42
+
+	// ISO16Portuguese is the MIB identifier with IANA name PT.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO16Portuguese MIB = 43
+
+	// ISO18Greek7Old is the MIB identifier with IANA name greek7-old.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO18Greek7Old MIB = 44
+
+	// ISO19LatinGreek is the MIB identifier with IANA name latin-greek.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO19LatinGreek MIB = 45
+
+	// ISO25French is the MIB identifier with IANA name NF_Z_62-010_(1973).
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO25French MIB = 46
+
+	// ISO27LatinGreek1 is the MIB identifier with IANA name Latin-greek-1.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO27LatinGreek1 MIB = 47
+
+	// ISO5427Cyrillic is the MIB identifier with IANA name ISO_5427.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO5427Cyrillic MIB = 48
+
+	// ISO42JISC62261978 is the MIB identifier with IANA name JIS_C6226-1978.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO42JISC62261978 MIB = 49
+
+	// ISO47BSViewdata is the MIB identifier with IANA name BS_viewdata.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO47BSViewdata MIB = 50
+
+	// ISO49INIS is the MIB identifier with IANA name INIS.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO49INIS MIB = 51
+
+	// ISO50INIS8 is the MIB identifier with IANA name INIS-8.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO50INIS8 MIB = 52
+
+	// ISO51INISCyrillic is the MIB identifier with IANA name INIS-cyrillic.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO51INISCyrillic MIB = 53
+
+	// ISO54271981 is the MIB identifier with IANA name ISO_5427:1981.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO54271981 MIB = 54
+
+	// ISO5428Greek is the MIB identifier with IANA name ISO_5428:1980.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO5428Greek MIB = 55
+
+	// ISO57GB1988 is the MIB identifier with IANA name GB_1988-80.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO57GB1988 MIB = 56
+
+	// ISO58GB231280 is the MIB identifier with IANA name GB_2312-80.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO58GB231280 MIB = 57
+
+	// ISO61Norwegian2 is the MIB identifier with IANA name NS_4551-2.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO61Norwegian2 MIB = 58
+
+	// ISO70VideotexSupp1 is the MIB identifier with IANA name videotex-suppl.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO70VideotexSupp1 MIB = 59
+
+	// ISO84Portuguese2 is the MIB identifier with IANA name PT2.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO84Portuguese2 MIB = 60
+
+	// ISO85Spanish2 is the MIB identifier with IANA name ES2.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO85Spanish2 MIB = 61
+
+	// ISO86Hungarian is the MIB identifier with IANA name MSZ_7795.3.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO86Hungarian MIB = 62
+
+	// ISO87JISX0208 is the MIB identifier with IANA name JIS_C6226-1983.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO87JISX0208 MIB = 63
+
+	// ISO88Greek7 is the MIB identifier with IANA name greek7.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO88Greek7 MIB = 64
+
+	// ISO89ASMO449 is the MIB identifier with IANA name ASMO_449.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO89ASMO449 MIB = 65
+
+	// ISO90 is the MIB identifier with IANA name iso-ir-90.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO90 MIB = 66
+
+	// ISO91JISC62291984a is the MIB identifier with IANA name JIS_C6229-1984-a.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO91JISC62291984a MIB = 67
+
+	// ISO92JISC62991984b is the MIB identifier with IANA name JIS_C6229-1984-b.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO92JISC62991984b MIB = 68
+
+	// ISO93JIS62291984badd is the MIB identifier with IANA name JIS_C6229-1984-b-add.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO93JIS62291984badd MIB = 69
+
+	// ISO94JIS62291984hand is the MIB identifier with IANA name JIS_C6229-1984-hand.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO94JIS62291984hand MIB = 70
+
+	// ISO95JIS62291984handadd is the MIB identifier with IANA name JIS_C6229-1984-hand-add.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO95JIS62291984handadd MIB = 71
+
+	// ISO96JISC62291984kana is the MIB identifier with IANA name JIS_C6229-1984-kana.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO96JISC62291984kana MIB = 72
+
+	// ISO2033 is the MIB identifier with IANA name ISO_2033-1983.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO2033 MIB = 73
+
+	// ISO99NAPLPS is the MIB identifier with IANA name ANSI_X3.110-1983.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO99NAPLPS MIB = 74
+
+	// ISO102T617bit is the MIB identifier with IANA name T.61-7bit.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO102T617bit MIB = 75
+
+	// ISO103T618bit is the MIB identifier with IANA name T.61-8bit.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO103T618bit MIB = 76
+
+	// ISO111ECMACyrillic is the MIB identifier with IANA name ECMA-cyrillic.
+	//
+	// ISO registry
+	ISO111ECMACyrillic MIB = 77
+
+	// ISO121Canadian1 is the MIB identifier with IANA name CSA_Z243.4-1985-1.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO121Canadian1 MIB = 78
+
+	// ISO122Canadian2 is the MIB identifier with IANA name CSA_Z243.4-1985-2.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO122Canadian2 MIB = 79
+
+	// ISO123CSAZ24341985gr is the MIB identifier with IANA name CSA_Z243.4-1985-gr.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO123CSAZ24341985gr MIB = 80
+
+	// ISO88596E is the MIB identifier with IANA name ISO_8859-6-E (MIME: ISO-8859-6-E).
+	//
+	// rfc1556
+	// Reference: RFC1556
+	ISO88596E MIB = 81
+
+	// ISO88596I is the MIB identifier with IANA name ISO_8859-6-I (MIME: ISO-8859-6-I).
+	//
+	// rfc1556
+	// Reference: RFC1556
+	ISO88596I MIB = 82
+
+	// ISO128T101G2 is the MIB identifier with IANA name T.101-G2.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO128T101G2 MIB = 83
+
+	// ISO88598E is the MIB identifier with IANA name ISO_8859-8-E (MIME: ISO-8859-8-E).
+	//
+	// rfc1556
+	// Reference: RFC1556
+	ISO88598E MIB = 84
+
+	// ISO88598I is the MIB identifier with IANA name ISO_8859-8-I (MIME: ISO-8859-8-I).
+	//
+	// rfc1556
+	// Reference: RFC1556
+	ISO88598I MIB = 85
+
+	// ISO139CSN369103 is the MIB identifier with IANA name CSN_369103.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO139CSN369103 MIB = 86
+
+	// ISO141JUSIB1002 is the MIB identifier with IANA name JUS_I.B1.002.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO141JUSIB1002 MIB = 87
+
+	// ISO143IECP271 is the MIB identifier with IANA name IEC_P27-1.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO143IECP271 MIB = 88
+
+	// ISO146Serbian is the MIB identifier with IANA name JUS_I.B1.003-serb.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO146Serbian MIB = 89
+
+	// ISO147Macedonian is the MIB identifier with IANA name JUS_I.B1.003-mac.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO147Macedonian MIB = 90
+
+	// ISO150GreekCCITT is the MIB identifier with IANA name greek-ccitt.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO150GreekCCITT MIB = 91
+
+	// ISO151Cuba is the MIB identifier with IANA name NC_NC00-10:81.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO151Cuba MIB = 92
+
+	// ISO6937Add is the MIB identifier with IANA name ISO_6937-2-25.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO6937Add MIB = 93
+
+	// ISO153GOST1976874 is the MIB identifier with IANA name GOST_19768-74.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO153GOST1976874 MIB = 94
+
+	// ISO8859Supp is the MIB identifier with IANA name ISO_8859-supp.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO8859Supp MIB = 95
+
+	// ISO10367Box is the MIB identifier with IANA name ISO_10367-box.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO10367Box MIB = 96
+
+	// ISO158Lap is the MIB identifier with IANA name latin-lap.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO158Lap MIB = 97
+
+	// ISO159JISX02121990 is the MIB identifier with IANA name JIS_X0212-1990.
+	//
+	// ISO-IR: International Register of Escape Sequences
+	// Note: The current registration authority is IPSJ/ITSCJ, Japan.
+	// Reference: RFC1345
+	ISO159JISX02121990 MIB = 98
+
+	// ISO646Danish is the MIB identifier with IANA name DS_2089.
+	//
+	// Danish Standard, DS 2089, February 1974
+	// Reference: RFC1345
+	ISO646Danish MIB = 99
+
+	// USDK is the MIB identifier with IANA name us-dk.
+	//
+	// Reference: RFC1345
+	USDK MIB = 100
+
+	// DKUS is the MIB identifier with IANA name dk-us.
+	//
+	// Reference: RFC1345
+	DKUS MIB = 101
+
+	// KSC5636 is the MIB identifier with IANA name KSC5636.
+	//
+	// Reference: RFC1345
+	KSC5636 MIB = 102
+
+	// Unicode11UTF7 is the MIB identifier with IANA name UNICODE-1-1-UTF-7.
+	//
+	// rfc1642
+	// Reference: RFC1642
+	Unicode11UTF7 MIB = 103
+
+	// ISO2022CN is the MIB identifier with IANA name ISO-2022-CN.
+	//
+	// rfc1922
+	// Reference: RFC1922
+	ISO2022CN MIB = 104
+
+	// ISO2022CNEXT is the MIB identifier with IANA name ISO-2022-CN-EXT.
+	//
+	// rfc1922
+	// Reference: RFC1922
+	ISO2022CNEXT MIB = 105
+
+	// UTF8 is the MIB identifier with IANA name UTF-8.
+	//
+	// rfc3629
+	// Reference: RFC3629
+	UTF8 MIB = 106
+
+	// ISO885913 is the MIB identifier with IANA name ISO-8859-13.
+	//
+	// ISO See https://www.iana.org/assignments/charset-reg/ISO-8859-13 https://www.iana.org/assignments/charset-reg/ISO-8859-13
+	ISO885913 MIB = 109
+
+	// ISO885914 is the MIB identifier with IANA name ISO-8859-14.
+	//
+	// ISO See https://www.iana.org/assignments/charset-reg/ISO-8859-14
+	ISO885914 MIB = 110
+
+	// ISO885915 is the MIB identifier with IANA name ISO-8859-15.
+	//
+	// ISO
+	// Please see: https://www.iana.org/assignments/charset-reg/ISO-8859-15
+	ISO885915 MIB = 111
+
+	// ISO885916 is the MIB identifier with IANA name ISO-8859-16.
+	//
+	// ISO
+	ISO885916 MIB = 112
+
+	// GBK is the MIB identifier with IANA name GBK.
+	//
+	// Chinese IT Standardization Technical Committee
+	// Please see: https://www.iana.org/assignments/charset-reg/GBK
+	GBK MIB = 113
+
+	// GB18030 is the MIB identifier with IANA name GB18030.
+	//
+	// Chinese IT Standardization Technical Committee
+	// Please see: https://www.iana.org/assignments/charset-reg/GB18030
+	GB18030 MIB = 114
+
+	// OSDEBCDICDF0415 is the MIB identifier with IANA name OSD_EBCDIC_DF04_15.
+	//
+	// Fujitsu-Siemens standard mainframe EBCDIC encoding
+	// Please see: https://www.iana.org/assignments/charset-reg/OSD-EBCDIC-DF04-15
+	OSDEBCDICDF0415 MIB = 115
+
+	// OSDEBCDICDF03IRV is the MIB identifier with IANA name OSD_EBCDIC_DF03_IRV.
+	//
+	// Fujitsu-Siemens standard mainframe EBCDIC encoding
+	// Please see: https://www.iana.org/assignments/charset-reg/OSD-EBCDIC-DF03-IRV
+	OSDEBCDICDF03IRV MIB = 116
+
+	// OSDEBCDICDF041 is the MIB identifier with IANA name OSD_EBCDIC_DF04_1.
+	//
+	// Fujitsu-Siemens standard mainframe EBCDIC encoding
+	// Please see: https://www.iana.org/assignments/charset-reg/OSD-EBCDIC-DF04-1
+	OSDEBCDICDF041 MIB = 117
+
+	// ISO115481 is the MIB identifier with IANA name ISO-11548-1.
+	//
+	// See https://www.iana.org/assignments/charset-reg/ISO-11548-1
+	ISO115481 MIB = 118
+
+	// KZ1048 is the MIB identifier with IANA name KZ-1048.
+	//
+	// See https://www.iana.org/assignments/charset-reg/KZ-1048
+	KZ1048 MIB = 119
+
+	// Unicode is the MIB identifier with IANA name ISO-10646-UCS-2.
+	//
+	// the 2-octet Basic Multilingual Plane, aka Unicode
+	// this needs to specify network byte order: the standard
+	// does not specify (it is a 16-bit integer space)
+	Unicode MIB = 1000
+
+	// UCS4 is the MIB identifier with IANA name ISO-10646-UCS-4.
+	//
+	// the full code space. (same comment about byte order,
+	// these are 31-bit numbers.
+	UCS4 MIB = 1001
+
+	// UnicodeASCII is the MIB identifier with IANA name ISO-10646-UCS-Basic.
+	//
+	// ASCII subset of Unicode.  Basic Latin = collection 1
+	// See ISO 10646, Appendix A
+	UnicodeASCII MIB = 1002
+
+	// UnicodeLatin1 is the MIB identifier with IANA name ISO-10646-Unicode-Latin1.
+	//
+	// ISO Latin-1 subset of Unicode. Basic Latin and Latin-1
+	// Supplement  = collections 1 and 2.  See ISO 10646,
+	// Appendix A.  See rfc1815 .
+	UnicodeLatin1 MIB = 1003
+
+	// UnicodeJapanese is the MIB identifier with IANA name ISO-10646-J-1.
+	//
+	// ISO 10646 Japanese, see rfc1815 .
+	UnicodeJapanese MIB = 1004
+
+	// UnicodeIBM1261 is the MIB identifier with IANA name ISO-Unicode-IBM-1261.
+	//
+	// IBM Latin-2, -3, -5, Extended Presentation Set, GCSGID: 1261
+	UnicodeIBM1261 MIB = 1005
+
+	// UnicodeIBM1268 is the MIB identifier with IANA name ISO-Unicode-IBM-1268.
+	//
+	// IBM Latin-4 Extended Presentation Set, GCSGID: 1268
+	UnicodeIBM1268 MIB = 1006
+
+	// UnicodeIBM1276 is the MIB identifier with IANA name ISO-Unicode-IBM-1276.
+	//
+	// IBM Cyrillic Greek Extended Presentation Set, GCSGID: 1276
+	UnicodeIBM1276 MIB = 1007
+
+	// UnicodeIBM1264 is the MIB identifier with IANA name ISO-Unicode-IBM-1264.
+	//
+	// IBM Arabic Presentation Set, GCSGID: 1264
+	UnicodeIBM1264 MIB = 1008
+
+	// UnicodeIBM1265 is the MIB identifier with IANA name ISO-Unicode-IBM-1265.
+	//
+	// IBM Hebrew Presentation Set, GCSGID: 1265
+	UnicodeIBM1265 MIB = 1009
+
+	// Unicode11 is the MIB identifier with IANA name UNICODE-1-1.
+	//
+	// rfc1641
+	// Reference: RFC1641
+	Unicode11 MIB = 1010
+
+	// SCSU is the MIB identifier with IANA name SCSU.
+	//
+	// SCSU See https://www.iana.org/assignments/charset-reg/SCSU
+	SCSU MIB = 1011
+
+	// UTF7 is the MIB identifier with IANA name UTF-7.
+	//
+	// rfc2152
+	// Reference: RFC2152
+	UTF7 MIB = 1012
+
+	// UTF16BE is the MIB identifier with IANA name UTF-16BE.
+	//
+	// rfc2781
+	// Reference: RFC2781
+	UTF16BE MIB = 1013
+
+	// UTF16LE is the MIB identifier with IANA name UTF-16LE.
+	//
+	// rfc2781
+	// Reference: RFC2781
+	UTF16LE MIB = 1014
+
+	// UTF16 is the MIB identifier with IANA name UTF-16.
+	//
+	// rfc2781
+	// Reference: RFC2781
+	UTF16 MIB = 1015
+
+	// CESU8 is the MIB identifier with IANA name CESU-8.
+	//
+	// https://www.unicode.org/reports/tr26
+	CESU8 MIB = 1016
+
+	// UTF32 is the MIB identifier with IANA name UTF-32.
+	//
+	// https://www.unicode.org/reports/tr19/
+	UTF32 MIB = 1017
+
+	// UTF32BE is the MIB identifier with IANA name UTF-32BE.
+	//
+	// https://www.unicode.org/reports/tr19/
+	UTF32BE MIB = 1018
+
+	// UTF32LE is the MIB identifier with IANA name UTF-32LE.
+	//
+	// https://www.unicode.org/reports/tr19/
+	UTF32LE MIB = 1019
+
+	// BOCU1 is the MIB identifier with IANA name BOCU-1.
+	//
+	// https://www.unicode.org/notes/tn6/
+	BOCU1 MIB = 1020
+
+	// UTF7IMAP is the MIB identifier with IANA name UTF-7-IMAP.
+	//
+	// Note: This charset is used to encode Unicode in IMAP mailbox names;
+	// see section 5.1.3 of rfc3501 . It should never be used
+	// outside this context. A name has been assigned so that charset processing
+	// implementations can refer to it in a consistent way.
+	UTF7IMAP MIB = 1021
+
+	// Windows30Latin1 is the MIB identifier with IANA name ISO-8859-1-Windows-3.0-Latin-1.
+	//
+	// Extended ISO 8859-1 Latin-1 for Windows 3.0.
+	// PCL Symbol Set id: 9U
+	Windows30Latin1 MIB = 2000
+
+	// Windows31Latin1 is the MIB identifier with IANA name ISO-8859-1-Windows-3.1-Latin-1.
+	//
+	// Extended ISO 8859-1 Latin-1 for Windows 3.1.
+	// PCL Symbol Set id: 19U
+	Windows31Latin1 MIB = 2001
+
+	// Windows31Latin2 is the MIB identifier with IANA name ISO-8859-2-Windows-Latin-2.
+	//
+	// Extended ISO 8859-2.  Latin-2 for Windows 3.1.
+	// PCL Symbol Set id: 9E
+	Windows31Latin2 MIB = 2002
+
+	// Windows31Latin5 is the MIB identifier with IANA name ISO-8859-9-Windows-Latin-5.
+	//
+	// Extended ISO 8859-9.  Latin-5 for Windows 3.1
+	// PCL Symbol Set id: 5T
+	Windows31Latin5 MIB = 2003
+
+	// HPRoman8 is the MIB identifier with IANA name hp-roman8.
+	//
+	// LaserJet IIP Printer User's Manual,
+	// HP part no 33471-90901, Hewlet-Packard, June 1989.
+	// Reference: RFC1345
+	HPRoman8 MIB = 2004
+
+	// AdobeStandardEncoding is the MIB identifier with IANA name Adobe-Standard-Encoding.
+	//
+	// PostScript Language Reference Manual
+	// PCL Symbol Set id: 10J
+	AdobeStandardEncoding MIB = 2005
+
+	// VenturaUS is the MIB identifier with IANA name Ventura-US.
+	//
+	// Ventura US.  ASCII plus characters typically used in
+	// publishing, like pilcrow, copyright, registered, trade mark,
+	// section, dagger, and double dagger in the range A0 (hex)
+	// to FF (hex).
+	// PCL Symbol Set id: 14J
+	VenturaUS MIB = 2006
+
+	// VenturaInternational is the MIB identifier with IANA name Ventura-International.
+	//
+	// Ventura International.  ASCII plus coded characters similar
+	// to Roman8.
+	// PCL Symbol Set id: 13J
+	VenturaInternational MIB = 2007
+
+	// DECMCS is the MIB identifier with IANA name DEC-MCS.
+	//
+	// VAX/VMS User's Manual,
+	// Order Number: AI-Y517A-TE, April 1986.
+	// Reference: RFC1345
+	DECMCS MIB = 2008
+
+	// PC850Multilingual is the MIB identifier with IANA name IBM850.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	PC850Multilingual MIB = 2009
+
+	// PC8DanishNorwegian is the MIB identifier with IANA name PC8-Danish-Norwegian.
+	//
+	// PC Danish Norwegian
+	// 8-bit PC set for Danish Norwegian
+	// PCL Symbol Set id: 11U
+	PC8DanishNorwegian MIB = 2012
+
+	// PC862LatinHebrew is the MIB identifier with IANA name IBM862.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	PC862LatinHebrew MIB = 2013
+
+	// PC8Turkish is the MIB identifier with IANA name PC8-Turkish.
+	//
+	// PC Latin Turkish.  PCL Symbol Set id: 9T
+	PC8Turkish MIB = 2014
+
+	// IBMSymbols is the MIB identifier with IANA name IBM-Symbols.
+	//
+	// Presentation Set, CPGID: 259
+	IBMSymbols MIB = 2015
+
+	// IBMThai is the MIB identifier with IANA name IBM-Thai.
+	//
+	// Presentation Set, CPGID: 838
+	IBMThai MIB = 2016
+
+	// HPLegal is the MIB identifier with IANA name HP-Legal.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 1U
+	HPLegal MIB = 2017
+
+	// HPPiFont is the MIB identifier with IANA name HP-Pi-font.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 15U
+	HPPiFont MIB = 2018
+
+	// HPMath8 is the MIB identifier with IANA name HP-Math8.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 8M
+	HPMath8 MIB = 2019
+
+	// HPPSMath is the MIB identifier with IANA name Adobe-Symbol-Encoding.
+	//
+	// PostScript Language Reference Manual
+	// PCL Symbol Set id: 5M
+	HPPSMath MIB = 2020
+
+	// HPDesktop is the MIB identifier with IANA name HP-DeskTop.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 7J
+	HPDesktop MIB = 2021
+
+	// VenturaMath is the MIB identifier with IANA name Ventura-Math.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 6M
+	VenturaMath MIB = 2022
+
+	// MicrosoftPublishing is the MIB identifier with IANA name Microsoft-Publishing.
+	//
+	// PCL 5 Comparison Guide, Hewlett-Packard,
+	// HP part number 5961-0510, October 1992
+	// PCL Symbol Set id: 6J
+	MicrosoftPublishing MIB = 2023
+
+	// Windows31J is the MIB identifier with IANA name Windows-31J.
+	//
+	// Windows Japanese.  A further extension of Shift_JIS
+	// to include NEC special characters (Row 13), NEC
+	// selection of IBM extensions (Rows 89 to 92), and IBM
+	// extensions (Rows 115 to 119).  The CCS's are
+	// JIS X0201:1997, JIS X0208:1997, and these extensions.
+	// This charset can be used for the top-level media type "text",
+	// but it is of limited or specialized use (see rfc2278 ).
+	// PCL Symbol Set id: 19K
+	Windows31J MIB = 2024
+
+	// GB2312 is the MIB identifier with IANA name GB2312 (MIME: GB2312).
+	//
+	// Chinese for People's Republic of China (PRC) mixed one byte,
+	// two byte set:
+	// 20-7E = one byte ASCII
+	// A1-FE = two byte PRC Kanji
+	// See GB 2312-80
+	// PCL Symbol Set Id: 18C
+	GB2312 MIB = 2025
+
+	// Big5 is the MIB identifier with IANA name Big5 (MIME: Big5).
+	//
+	// Chinese for Taiwan Multi-byte set.
+	// PCL Symbol Set Id: 18T
+	Big5 MIB = 2026
+
+	// Macintosh is the MIB identifier with IANA name macintosh.
+	//
+	// The Unicode Standard ver1.0, ISBN 0-201-56788-1, Oct 1991
+	// Reference: RFC1345
+	Macintosh MIB = 2027
+
+	// IBM037 is the MIB identifier with IANA name IBM037.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM037 MIB = 2028
+
+	// IBM038 is the MIB identifier with IANA name IBM038.
+	//
+	// IBM 3174 Character Set Ref, GA27-3831-02, March 1990
+	// Reference: RFC1345
+	IBM038 MIB = 2029
+
+	// IBM273 is the MIB identifier with IANA name IBM273.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM273 MIB = 2030
+
+	// IBM274 is the MIB identifier with IANA name IBM274.
+	//
+	// IBM 3174 Character Set Ref, GA27-3831-02, March 1990
+	// Reference: RFC1345
+	IBM274 MIB = 2031
+
+	// IBM275 is the MIB identifier with IANA name IBM275.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM275 MIB = 2032
+
+	// IBM277 is the MIB identifier with IANA name IBM277.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM277 MIB = 2033
+
+	// IBM278 is the MIB identifier with IANA name IBM278.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM278 MIB = 2034
+
+	// IBM280 is the MIB identifier with IANA name IBM280.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM280 MIB = 2035
+
+	// IBM281 is the MIB identifier with IANA name IBM281.
+	//
+	// IBM 3174 Character Set Ref, GA27-3831-02, March 1990
+	// Reference: RFC1345
+	IBM281 MIB = 2036
+
+	// IBM284 is the MIB identifier with IANA name IBM284.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM284 MIB = 2037
+
+	// IBM285 is the MIB identifier with IANA name IBM285.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM285 MIB = 2038
+
+	// IBM290 is the MIB identifier with IANA name IBM290.
+	//
+	// IBM 3174 Character Set Ref, GA27-3831-02, March 1990
+	// Reference: RFC1345
+	IBM290 MIB = 2039
+
+	// IBM297 is the MIB identifier with IANA name IBM297.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM297 MIB = 2040
+
+	// IBM420 is the MIB identifier with IANA name IBM420.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990,
+	// IBM NLS RM p 11-11
+	// Reference: RFC1345
+	IBM420 MIB = 2041
+
+	// IBM423 is the MIB identifier with IANA name IBM423.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM423 MIB = 2042
+
+	// IBM424 is the MIB identifier with IANA name IBM424.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM424 MIB = 2043
+
+	// PC8CodePage437 is the MIB identifier with IANA name IBM437.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	PC8CodePage437 MIB = 2011
+
+	// IBM500 is the MIB identifier with IANA name IBM500.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM500 MIB = 2044
+
+	// IBM851 is the MIB identifier with IANA name IBM851.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM851 MIB = 2045
+
+	// PCp852 is the MIB identifier with IANA name IBM852.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	PCp852 MIB = 2010
+
+	// IBM855 is the MIB identifier with IANA name IBM855.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM855 MIB = 2046
+
+	// IBM857 is the MIB identifier with IANA name IBM857.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM857 MIB = 2047
+
+	// IBM860 is the MIB identifier with IANA name IBM860.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM860 MIB = 2048
+
+	// IBM861 is the MIB identifier with IANA name IBM861.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM861 MIB = 2049
+
+	// IBM863 is the MIB identifier with IANA name IBM863.
+	//
+	// IBM Keyboard layouts and code pages, PN 07G4586 June 1991
+	// Reference: RFC1345
+	IBM863 MIB = 2050
+
+	// IBM864 is the MIB identifier with IANA name IBM864.
+	//
+	// IBM Keyboard layouts and code pages, PN 07G4586 June 1991
+	// Reference: RFC1345
+	IBM864 MIB = 2051
+
+	// IBM865 is the MIB identifier with IANA name IBM865.
+	//
+	// IBM DOS 3.3 Ref (Abridged), 94X9575 (Feb 1987)
+	// Reference: RFC1345
+	IBM865 MIB = 2052
+
+	// IBM868 is the MIB identifier with IANA name IBM868.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM868 MIB = 2053
+
+	// IBM869 is the MIB identifier with IANA name IBM869.
+	//
+	// IBM Keyboard layouts and code pages, PN 07G4586 June 1991
+	// Reference: RFC1345
+	IBM869 MIB = 2054
+
+	// IBM870 is the MIB identifier with IANA name IBM870.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM870 MIB = 2055
+
+	// IBM871 is the MIB identifier with IANA name IBM871.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM871 MIB = 2056
+
+	// IBM880 is the MIB identifier with IANA name IBM880.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM880 MIB = 2057
+
+	// IBM891 is the MIB identifier with IANA name IBM891.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM891 MIB = 2058
+
+	// IBM903 is the MIB identifier with IANA name IBM903.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM903 MIB = 2059
+
+	// IBBM904 is the MIB identifier with IANA name IBM904.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBBM904 MIB = 2060
+
+	// IBM905 is the MIB identifier with IANA name IBM905.
+	//
+	// IBM 3174 Character Set Ref, GA27-3831-02, March 1990
+	// Reference: RFC1345
+	IBM905 MIB = 2061
+
+	// IBM918 is the MIB identifier with IANA name IBM918.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM918 MIB = 2062
+
+	// IBM1026 is the MIB identifier with IANA name IBM1026.
+	//
+	// IBM NLS RM Vol2 SE09-8002-01, March 1990
+	// Reference: RFC1345
+	IBM1026 MIB = 2063
+
+	// IBMEBCDICATDE is the MIB identifier with IANA name EBCDIC-AT-DE.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	IBMEBCDICATDE MIB = 2064
+
+	// EBCDICATDEA is the MIB identifier with IANA name EBCDIC-AT-DE-A.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICATDEA MIB = 2065
+
+	// EBCDICCAFR is the MIB identifier with IANA name EBCDIC-CA-FR.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICCAFR MIB = 2066
+
+	// EBCDICDKNO is the MIB identifier with IANA name EBCDIC-DK-NO.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICDKNO MIB = 2067
+
+	// EBCDICDKNOA is the MIB identifier with IANA name EBCDIC-DK-NO-A.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICDKNOA MIB = 2068
+
+	// EBCDICFISE is the MIB identifier with IANA name EBCDIC-FI-SE.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICFISE MIB = 2069
+
+	// EBCDICFISEA is the MIB identifier with IANA name EBCDIC-FI-SE-A.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICFISEA MIB = 2070
+
+	// EBCDICFR is the MIB identifier with IANA name EBCDIC-FR.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICFR MIB = 2071
+
+	// EBCDICIT is the MIB identifier with IANA name EBCDIC-IT.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICIT MIB = 2072
+
+	// EBCDICPT is the MIB identifier with IANA name EBCDIC-PT.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICPT MIB = 2073
+
+	// EBCDICES is the MIB identifier with IANA name EBCDIC-ES.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICES MIB = 2074
+
+	// EBCDICESA is the MIB identifier with IANA name EBCDIC-ES-A.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICESA MIB = 2075
+
+	// EBCDICESS is the MIB identifier with IANA name EBCDIC-ES-S.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICESS MIB = 2076
+
+	// EBCDICUK is the MIB identifier with IANA name EBCDIC-UK.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICUK MIB = 2077
+
+	// EBCDICUS is the MIB identifier with IANA name EBCDIC-US.
+	//
+	// IBM 3270 Char Set Ref Ch 10, GA27-2837-9, April 1987
+	// Reference: RFC1345
+	EBCDICUS MIB = 2078
+
+	// Unknown8BiT is the MIB identifier with IANA name UNKNOWN-8BIT.
+	//
+	// Reference: RFC1428
+	Unknown8BiT MIB = 2079
+
+	// Mnemonic is the MIB identifier with IANA name MNEMONIC.
+	//
+	// rfc1345 , also known as "mnemonic+ascii+38"
+	// Reference: RFC1345
+	Mnemonic MIB = 2080
+
+	// Mnem is the MIB identifier with IANA name MNEM.
+	//
+	// rfc1345 , also known as "mnemonic+ascii+8200"
+	// Reference: RFC1345
+	Mnem MIB = 2081
+
+	// VISCII is the MIB identifier with IANA name VISCII.
+	//
+	// rfc1456
+	// Reference: RFC1456
+	VISCII MIB = 2082
+
+	// VIQR is the MIB identifier with IANA name VIQR.
+	//
+	// rfc1456
+	// Reference: RFC1456
+	VIQR MIB = 2083
+
+	// KOI8R is the MIB identifier with IANA name KOI8-R (MIME: KOI8-R).
+	//
+	// rfc1489 , based on GOST-19768-74, ISO-6937/8,
+	// INIS-Cyrillic, ISO-5427.
+	// Reference: RFC1489
+	KOI8R MIB = 2084
+
+	// HZGB2312 is the MIB identifier with IANA name HZ-GB-2312.
+	//
+	// rfc1842 , rfc1843 rfc1843 rfc1842
+	HZGB2312 MIB = 2085
+
+	// IBM866 is the MIB identifier with IANA name IBM866.
+	//
+	// IBM NLDG Volume 2 (SE09-8002-03) August 1994
+	IBM866 MIB = 2086
+
+	// PC775Baltic is the MIB identifier with IANA name IBM775.
+	//
+	// HP PCL 5 Comparison Guide (P/N 5021-0329) pp B-13, 1996
+	PC775Baltic MIB = 2087
+
+	// KOI8U is the MIB identifier with IANA name KOI8-U.
+	//
+	// rfc2319
+	// Reference: RFC2319
+	KOI8U MIB = 2088
+
+	// IBM00858 is the MIB identifier with IANA name IBM00858.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM00858
+	IBM00858 MIB = 2089
+
+	// IBM00924 is the MIB identifier with IANA name IBM00924.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM00924
+	IBM00924 MIB = 2090
+
+	// IBM01140 is the MIB identifier with IANA name IBM01140.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01140
+	IBM01140 MIB = 2091
+
+	// IBM01141 is the MIB identifier with IANA name IBM01141.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01141
+	IBM01141 MIB = 2092
+
+	// IBM01142 is the MIB identifier with IANA name IBM01142.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01142
+	IBM01142 MIB = 2093
+
+	// IBM01143 is the MIB identifier with IANA name IBM01143.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01143
+	IBM01143 MIB = 2094
+
+	// IBM01144 is the MIB identifier with IANA name IBM01144.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01144
+	IBM01144 MIB = 2095
+
+	// IBM01145 is the MIB identifier with IANA name IBM01145.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01145
+	IBM01145 MIB = 2096
+
+	// IBM01146 is the MIB identifier with IANA name IBM01146.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01146
+	IBM01146 MIB = 2097
+
+	// IBM01147 is the MIB identifier with IANA name IBM01147.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01147
+	IBM01147 MIB = 2098
+
+	// IBM01148 is the MIB identifier with IANA name IBM01148.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01148
+	IBM01148 MIB = 2099
+
+	// IBM01149 is the MIB identifier with IANA name IBM01149.
+	//
+	// IBM See https://www.iana.org/assignments/charset-reg/IBM01149
+	IBM01149 MIB = 2100
+
+	// Big5HKSCS is the MIB identifier with IANA name Big5-HKSCS.
+	//
+	// See https://www.iana.org/assignments/charset-reg/Big5-HKSCS
+	Big5HKSCS MIB = 2101
+
+	// IBM1047 is the MIB identifier with IANA name IBM1047.
+	//
+	// IBM1047 (EBCDIC Latin 1/Open Systems) https://www-1.ibm.com/servers/eserver/iseries/software/globalization/pdf/cp01047z.pdf
+	IBM1047 MIB = 2102
+
+	// PTCP154 is the MIB identifier with IANA name PTCP154.
+	//
+	// See https://www.iana.org/assignments/charset-reg/PTCP154
+	PTCP154 MIB = 2103
+
+	// Amiga1251 is the MIB identifier with IANA name Amiga-1251.
+	//
+	// See https://www.amiga.ultranet.ru/Amiga-1251.html
+	Amiga1251 MIB = 2104
+
+	// KOI7switched is the MIB identifier with IANA name KOI7-switched.
+	//
+	// See https://www.iana.org/assignments/charset-reg/KOI7-switched
+	KOI7switched MIB = 2105
+
+	// BRF is the MIB identifier with IANA name BRF.
+	//
+	// See https://www.iana.org/assignments/charset-reg/BRF
+	BRF MIB = 2106
+
+	// TSCII is the MIB identifier with IANA name TSCII.
+	//
+	// See https://www.iana.org/assignments/charset-reg/TSCII
+	TSCII MIB = 2107
+
+	// CP51932 is the MIB identifier with IANA name CP51932.
+	//
+	// See https://www.iana.org/assignments/charset-reg/CP51932
+	CP51932 MIB = 2108
+
+	// Windows874 is the MIB identifier with IANA name windows-874.
+	//
+	// See https://www.iana.org/assignments/charset-reg/windows-874
+	Windows874 MIB = 2109
+
+	// Windows1250 is the MIB identifier with IANA name windows-1250.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1250
+	Windows1250 MIB = 2250
+
+	// Windows1251 is the MIB identifier with IANA name windows-1251.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1251
+	Windows1251 MIB = 2251
+
+	// Windows1252 is the MIB identifier with IANA name windows-1252.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1252
+	Windows1252 MIB = 2252
+
+	// Windows1253 is the MIB identifier with IANA name windows-1253.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1253
+	Windows1253 MIB = 2253
+
+	// Windows1254 is the MIB identifier with IANA name windows-1254.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1254
+	Windows1254 MIB = 2254
+
+	// Windows1255 is the MIB identifier with IANA name windows-1255.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1255
+	Windows1255 MIB = 2255
+
+	// Windows1256 is the MIB identifier with IANA name windows-1256.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1256
+	Windows1256 MIB = 2256
+
+	// Windows1257 is the MIB identifier with IANA name windows-1257.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1257
+	Windows1257 MIB = 2257
+
+	// Windows1258 is the MIB identifier with IANA name windows-1258.
+	//
+	// Microsoft https://www.iana.org/assignments/charset-reg/windows-1258
+	Windows1258 MIB = 2258
+
+	// TIS620 is the MIB identifier with IANA name TIS-620.
+	//
+	// Thai Industrial Standards Institute (TISI)
+	TIS620 MIB = 2259
+
+	// CP50220 is the MIB identifier with IANA name CP50220.
+	//
+	// See https://www.iana.org/assignments/charset-reg/CP50220
+	CP50220 MIB = 2260
+)
diff --git a/vendor/golang.org/x/text/encoding/internal/internal.go b/vendor/golang.org/x/text/encoding/internal/internal.go
new file mode 100644
index 000000000..413e6fc6d
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/internal/internal.go
@@ -0,0 +1,75 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package internal contains code that is shared among encoding implementations.
+package internal
+
+import (
+	"golang.org/x/text/encoding"
+	"golang.org/x/text/encoding/internal/identifier"
+	"golang.org/x/text/transform"
+)
+
+// Encoding is an implementation of the Encoding interface that adds the String
+// and ID methods to an existing encoding.
+type Encoding struct {
+	encoding.Encoding
+	Name string
+	MIB  identifier.MIB
+}
+
+// _ verifies that Encoding implements identifier.Interface.
+var _ identifier.Interface = (*Encoding)(nil)
+
+func (e *Encoding) String() string {
+	return e.Name
+}
+
+func (e *Encoding) ID() (mib identifier.MIB, other string) {
+	return e.MIB, ""
+}
+
+// SimpleEncoding is an Encoding that combines two Transformers.
+type SimpleEncoding struct {
+	Decoder transform.Transformer
+	Encoder transform.Transformer
+}
+
+func (e *SimpleEncoding) NewDecoder() *encoding.Decoder {
+	return &encoding.Decoder{Transformer: e.Decoder}
+}
+
+func (e *SimpleEncoding) NewEncoder() *encoding.Encoder {
+	return &encoding.Encoder{Transformer: e.Encoder}
+}
+
+// FuncEncoding is an Encoding that combines two functions returning a new
+// Transformer.
+type FuncEncoding struct {
+	Decoder func() transform.Transformer
+	Encoder func() transform.Transformer
+}
+
+func (e FuncEncoding) NewDecoder() *encoding.Decoder {
+	return &encoding.Decoder{Transformer: e.Decoder()}
+}
+
+func (e FuncEncoding) NewEncoder() *encoding.Encoder {
+	return &encoding.Encoder{Transformer: e.Encoder()}
+}
+
+// A RepertoireError indicates a rune is not in the repertoire of a destination
+// encoding. It is associated with an encoding-specific suggested replacement
+// byte.
+type RepertoireError byte
+
+// Error implements the error interface.
+func (r RepertoireError) Error() string {
+	return "encoding: rune not supported by encoding."
+}
+
+// Replacement returns the replacement string associated with this error.
+func (r RepertoireError) Replacement() byte { return byte(r) }
+
+var ErrASCIIReplacement = RepertoireError(encoding.ASCIISub)
diff --git a/vendor/golang.org/x/text/encoding/unicode/override.go b/vendor/golang.org/x/text/encoding/unicode/override.go
new file mode 100644
index 000000000..35d62fcc9
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/unicode/override.go
@@ -0,0 +1,82 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unicode
+
+import (
+	"golang.org/x/text/transform"
+)
+
+// BOMOverride returns a new decoder transformer that is identical to fallback,
+// except that the presence of a Byte Order Mark at the start of the input
+// causes it to switch to the corresponding Unicode decoding. It will only
+// consider BOMs for UTF-8, UTF-16BE, and UTF-16LE.
+//
+// This differs from using ExpectBOM by allowing a BOM to switch to UTF-8, not
+// just UTF-16 variants, and allowing falling back to any encoding scheme.
+//
+// This technique is recommended by the W3C for use in HTML 5: "For
+// compatibility with deployed content, the byte order mark (also known as BOM)
+// is considered more authoritative than anything else."
+// http://www.w3.org/TR/encoding/#specification-hooks
+//
+// Using BOMOverride is mostly intended for use cases where the first characters
+// of a fallback encoding are known to not be a BOM, for example, for valid HTML
+// and most encodings.
+func BOMOverride(fallback transform.Transformer) transform.Transformer {
+	// TODO: possibly allow a variadic argument of unicode encodings to allow
+	// specifying details of which fallbacks are supported as well as
+	// specifying the details of the implementations. This would also allow for
+	// support for UTF-32, which should not be supported by default.
+	return &bomOverride{fallback: fallback}
+}
+
+type bomOverride struct {
+	fallback transform.Transformer
+	current  transform.Transformer
+}
+
+func (d *bomOverride) Reset() {
+	d.current = nil
+	d.fallback.Reset()
+}
+
+var (
+	// TODO: we could use decode functions here, instead of allocating a new
+	// decoder on every NewDecoder as IgnoreBOM decoders can be stateless.
+	utf16le = UTF16(LittleEndian, IgnoreBOM)
+	utf16be = UTF16(BigEndian, IgnoreBOM)
+)
+
+const utf8BOM = "\ufeff"
+
+func (d *bomOverride) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if d.current != nil {
+		return d.current.Transform(dst, src, atEOF)
+	}
+	if len(src) < 3 && !atEOF {
+		return 0, 0, transform.ErrShortSrc
+	}
+	d.current = d.fallback
+	bomSize := 0
+	if len(src) >= 2 {
+		if src[0] == 0xFF && src[1] == 0xFE {
+			d.current = utf16le.NewDecoder()
+			bomSize = 2
+		} else if src[0] == 0xFE && src[1] == 0xFF {
+			d.current = utf16be.NewDecoder()
+			bomSize = 2
+		} else if len(src) >= 3 &&
+			src[0] == utf8BOM[0] &&
+			src[1] == utf8BOM[1] &&
+			src[2] == utf8BOM[2] {
+			d.current = transform.Nop
+			bomSize = 3
+		}
+	}
+	if bomSize < len(src) {
+		nDst, nSrc, err = d.current.Transform(dst, src[bomSize:], atEOF)
+	}
+	return nDst, nSrc + bomSize, err
+}
diff --git a/vendor/golang.org/x/text/encoding/unicode/unicode.go b/vendor/golang.org/x/text/encoding/unicode/unicode.go
new file mode 100644
index 000000000..dd99ad14d
--- /dev/null
+++ b/vendor/golang.org/x/text/encoding/unicode/unicode.go
@@ -0,0 +1,512 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package unicode provides Unicode encodings such as UTF-16.
+package unicode // import "golang.org/x/text/encoding/unicode"
+
+import (
+	"bytes"
+	"errors"
+	"unicode/utf16"
+	"unicode/utf8"
+
+	"golang.org/x/text/encoding"
+	"golang.org/x/text/encoding/internal"
+	"golang.org/x/text/encoding/internal/identifier"
+	"golang.org/x/text/internal/utf8internal"
+	"golang.org/x/text/runes"
+	"golang.org/x/text/transform"
+)
+
+// TODO: I think the Transformers really should return errors on unmatched
+// surrogate pairs and odd numbers of bytes. This is not required by RFC 2781,
+// which leaves it open, but is suggested by WhatWG. It will allow for all error
+// modes as defined by WhatWG: fatal, HTML and Replacement. This would require
+// the introduction of some kind of error type for conveying the erroneous code
+// point.
+
+// UTF8 is the UTF-8 encoding. It neither removes nor adds byte order marks.
+var UTF8 encoding.Encoding = utf8enc
+
+// UTF8BOM is an UTF-8 encoding where the decoder strips a leading byte order
+// mark while the encoder adds one.
+//
+// Some editors add a byte order mark as a signature to UTF-8 files. Although
+// the byte order mark is not useful for detecting byte order in UTF-8, it is
+// sometimes used as a convention to mark UTF-8-encoded files. This relies on
+// the observation that the UTF-8 byte order mark is either an illegal or at
+// least very unlikely sequence in any other character encoding.
+var UTF8BOM encoding.Encoding = utf8bomEncoding{}
+
+type utf8bomEncoding struct{}
+
+func (utf8bomEncoding) String() string {
+	return "UTF-8-BOM"
+}
+
+func (utf8bomEncoding) ID() (identifier.MIB, string) {
+	return identifier.Unofficial, "x-utf8bom"
+}
+
+func (utf8bomEncoding) NewEncoder() *encoding.Encoder {
+	return &encoding.Encoder{
+		Transformer: &utf8bomEncoder{t: runes.ReplaceIllFormed()},
+	}
+}
+
+func (utf8bomEncoding) NewDecoder() *encoding.Decoder {
+	return &encoding.Decoder{Transformer: &utf8bomDecoder{}}
+}
+
+var utf8enc = &internal.Encoding{
+	&internal.SimpleEncoding{utf8Decoder{}, runes.ReplaceIllFormed()},
+	"UTF-8",
+	identifier.UTF8,
+}
+
+type utf8bomDecoder struct {
+	checked bool
+}
+
+func (t *utf8bomDecoder) Reset() {
+	t.checked = false
+}
+
+func (t *utf8bomDecoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if !t.checked {
+		if !atEOF && len(src) < len(utf8BOM) {
+			if len(src) == 0 {
+				return 0, 0, nil
+			}
+			return 0, 0, transform.ErrShortSrc
+		}
+		if bytes.HasPrefix(src, []byte(utf8BOM)) {
+			nSrc += len(utf8BOM)
+			src = src[len(utf8BOM):]
+		}
+		t.checked = true
+	}
+	nDst, n, err := utf8Decoder.Transform(utf8Decoder{}, dst[nDst:], src, atEOF)
+	nSrc += n
+	return nDst, nSrc, err
+}
+
+type utf8bomEncoder struct {
+	written bool
+	t       transform.Transformer
+}
+
+func (t *utf8bomEncoder) Reset() {
+	t.written = false
+	t.t.Reset()
+}
+
+func (t *utf8bomEncoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if !t.written {
+		if len(dst) < len(utf8BOM) {
+			return nDst, 0, transform.ErrShortDst
+		}
+		nDst = copy(dst, utf8BOM)
+		t.written = true
+	}
+	n, nSrc, err := utf8Decoder.Transform(utf8Decoder{}, dst[nDst:], src, atEOF)
+	nDst += n
+	return nDst, nSrc, err
+}
+
+type utf8Decoder struct{ transform.NopResetter }
+
+func (utf8Decoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	var pSrc int // point from which to start copy in src
+	var accept utf8internal.AcceptRange
+
+	// The decoder can only make the input larger, not smaller.
+	n := len(src)
+	if len(dst) < n {
+		err = transform.ErrShortDst
+		n = len(dst)
+		atEOF = false
+	}
+	for nSrc < n {
+		c := src[nSrc]
+		if c < utf8.RuneSelf {
+			nSrc++
+			continue
+		}
+		first := utf8internal.First[c]
+		size := int(first & utf8internal.SizeMask)
+		if first == utf8internal.FirstInvalid {
+			goto handleInvalid // invalid starter byte
+		}
+		accept = utf8internal.AcceptRanges[first>>utf8internal.AcceptShift]
+		if nSrc+size > n {
+			if !atEOF {
+				// We may stop earlier than necessary here if the short sequence
+				// has invalid bytes. Not checking for this simplifies the code
+				// and may avoid duplicate computations in certain conditions.
+				if err == nil {
+					err = transform.ErrShortSrc
+				}
+				break
+			}
+			// Determine the maximal subpart of an ill-formed subsequence.
+			switch {
+			case nSrc+1 >= n || src[nSrc+1] < accept.Lo || accept.Hi < src[nSrc+1]:
+				size = 1
+			case nSrc+2 >= n || src[nSrc+2] < utf8internal.LoCB || utf8internal.HiCB < src[nSrc+2]:
+				size = 2
+			default:
+				size = 3 // As we are short, the maximum is 3.
+			}
+			goto handleInvalid
+		}
+		if c = src[nSrc+1]; c < accept.Lo || accept.Hi < c {
+			size = 1
+			goto handleInvalid // invalid continuation byte
+		} else if size == 2 {
+		} else if c = src[nSrc+2]; c < utf8internal.LoCB || utf8internal.HiCB < c {
+			size = 2
+			goto handleInvalid // invalid continuation byte
+		} else if size == 3 {
+		} else if c = src[nSrc+3]; c < utf8internal.LoCB || utf8internal.HiCB < c {
+			size = 3
+			goto handleInvalid // invalid continuation byte
+		}
+		nSrc += size
+		continue
+
+	handleInvalid:
+		// Copy the scanned input so far.
+		nDst += copy(dst[nDst:], src[pSrc:nSrc])
+
+		// Append RuneError to the destination.
+		const runeError = "\ufffd"
+		if nDst+len(runeError) > len(dst) {
+			return nDst, nSrc, transform.ErrShortDst
+		}
+		nDst += copy(dst[nDst:], runeError)
+
+		// Skip the maximal subpart of an ill-formed subsequence according to
+		// the W3C standard way instead of the Go way. This Transform is
+		// probably the only place in the text repo where it is warranted.
+		nSrc += size
+		pSrc = nSrc
+
+		// Recompute the maximum source length.
+		if sz := len(dst) - nDst; sz < len(src)-nSrc {
+			err = transform.ErrShortDst
+			n = nSrc + sz
+			atEOF = false
+		}
+	}
+	return nDst + copy(dst[nDst:], src[pSrc:nSrc]), nSrc, err
+}
+
+// UTF16 returns a UTF-16 Encoding for the given default endianness and byte
+// order mark (BOM) policy.
+//
+// When decoding from UTF-16 to UTF-8, if the BOMPolicy is IgnoreBOM then
+// neither BOMs U+FEFF nor noncharacters U+FFFE in the input stream will affect
+// the endianness used for decoding, and will instead be output as their
+// standard UTF-8 encodings: "\xef\xbb\xbf" and "\xef\xbf\xbe". If the BOMPolicy
+// is UseBOM or ExpectBOM a staring BOM is not written to the UTF-8 output.
+// Instead, it overrides the default endianness e for the remainder of the
+// transformation. Any subsequent BOMs U+FEFF or noncharacters U+FFFE will not
+// affect the endianness used, and will instead be output as their standard
+// UTF-8 encodings. For UseBOM, if there is no starting BOM, it will proceed
+// with the default Endianness. For ExpectBOM, in that case, the transformation
+// will return early with an ErrMissingBOM error.
+//
+// When encoding from UTF-8 to UTF-16, a BOM will be inserted at the start of
+// the output if the BOMPolicy is UseBOM or ExpectBOM. Otherwise, a BOM will not
+// be inserted. The UTF-8 input does not need to contain a BOM.
+//
+// There is no concept of a 'native' endianness. If the UTF-16 data is produced
+// and consumed in a greater context that implies a certain endianness, use
+// IgnoreBOM. Otherwise, use ExpectBOM and always produce and consume a BOM.
+//
+// In the language of https://www.unicode.org/faq/utf_bom.html#bom10, IgnoreBOM
+// corresponds to "Where the precise type of the data stream is known... the
+// BOM should not be used" and ExpectBOM corresponds to "A particular
+// protocol... may require use of the BOM".
+func UTF16(e Endianness, b BOMPolicy) encoding.Encoding {
+	return utf16Encoding{config{e, b}, mibValue[e][b&bomMask]}
+}
+
+// mibValue maps Endianness and BOMPolicy settings to MIB constants. Note that
+// some configurations map to the same MIB identifier. RFC 2781 has requirements
+// and recommendations. Some of the "configurations" are merely recommendations,
+// so multiple configurations could match.
+var mibValue = map[Endianness][numBOMValues]identifier.MIB{
+	BigEndian: [numBOMValues]identifier.MIB{
+		IgnoreBOM: identifier.UTF16BE,
+		UseBOM:    identifier.UTF16, // BigEnding default is preferred by RFC 2781.
+		// TODO: acceptBOM | strictBOM would map to UTF16BE as well.
+	},
+	LittleEndian: [numBOMValues]identifier.MIB{
+		IgnoreBOM: identifier.UTF16LE,
+		UseBOM:    identifier.UTF16, // LittleEndian default is allowed and preferred on Windows.
+		// TODO: acceptBOM | strictBOM would map to UTF16LE as well.
+	},
+	// ExpectBOM is not widely used and has no valid MIB identifier.
+}
+
+// All lists a configuration for each IANA-defined UTF-16 variant.
+var All = []encoding.Encoding{
+	UTF8,
+	UTF16(BigEndian, UseBOM),
+	UTF16(BigEndian, IgnoreBOM),
+	UTF16(LittleEndian, IgnoreBOM),
+}
+
+// BOMPolicy is a UTF-16 encoding's byte order mark policy.
+type BOMPolicy uint8
+
+const (
+	writeBOM   BOMPolicy = 0x01
+	acceptBOM  BOMPolicy = 0x02
+	requireBOM BOMPolicy = 0x04
+	bomMask    BOMPolicy = 0x07
+
+	// HACK: numBOMValues == 8 triggers a bug in the 1.4 compiler (cannot have a
+	// map of an array of length 8 of a type that is also used as a key or value
+	// in another map). See golang.org/issue/11354.
+	// TODO: consider changing this value back to 8 if the use of 1.4.* has
+	// been minimized.
+	numBOMValues = 8 + 1
+
+	// IgnoreBOM means to ignore any byte order marks.
+	IgnoreBOM BOMPolicy = 0
+	// Common and RFC 2781-compliant interpretation for UTF-16BE/LE.
+
+	// UseBOM means that the UTF-16 form may start with a byte order mark, which
+	// will be used to override the default encoding.
+	UseBOM BOMPolicy = writeBOM | acceptBOM
+	// Common and RFC 2781-compliant interpretation for UTF-16.
+
+	// ExpectBOM means that the UTF-16 form must start with a byte order mark,
+	// which will be used to override the default encoding.
+	ExpectBOM BOMPolicy = writeBOM | acceptBOM | requireBOM
+	// Used in Java as Unicode (not to be confused with Java's UTF-16) and
+	// ICU's UTF-16,version=1. Not compliant with RFC 2781.
+
+	// TODO (maybe): strictBOM: BOM must match Endianness. This would allow:
+	// - UTF-16(B|L)E,version=1: writeBOM | acceptBOM | requireBOM | strictBOM
+	//    (UnicodeBig and UnicodeLittle in Java)
+	// - RFC 2781-compliant, but less common interpretation for UTF-16(B|L)E:
+	//    acceptBOM | strictBOM (e.g. assigned to CheckBOM).
+	// This addition would be consistent with supporting ExpectBOM.
+)
+
+// Endianness is a UTF-16 encoding's default endianness.
+type Endianness bool
+
+const (
+	// BigEndian is UTF-16BE.
+	BigEndian Endianness = false
+	// LittleEndian is UTF-16LE.
+	LittleEndian Endianness = true
+)
+
+// ErrMissingBOM means that decoding UTF-16 input with ExpectBOM did not find a
+// starting byte order mark.
+var ErrMissingBOM = errors.New("encoding: missing byte order mark")
+
+type utf16Encoding struct {
+	config
+	mib identifier.MIB
+}
+
+type config struct {
+	endianness Endianness
+	bomPolicy  BOMPolicy
+}
+
+func (u utf16Encoding) NewDecoder() *encoding.Decoder {
+	return &encoding.Decoder{Transformer: &utf16Decoder{
+		initial: u.config,
+		current: u.config,
+	}}
+}
+
+func (u utf16Encoding) NewEncoder() *encoding.Encoder {
+	return &encoding.Encoder{Transformer: &utf16Encoder{
+		endianness:       u.endianness,
+		initialBOMPolicy: u.bomPolicy,
+		currentBOMPolicy: u.bomPolicy,
+	}}
+}
+
+func (u utf16Encoding) ID() (mib identifier.MIB, other string) {
+	return u.mib, ""
+}
+
+func (u utf16Encoding) String() string {
+	e, b := "B", ""
+	if u.endianness == LittleEndian {
+		e = "L"
+	}
+	switch u.bomPolicy {
+	case ExpectBOM:
+		b = "Expect"
+	case UseBOM:
+		b = "Use"
+	case IgnoreBOM:
+		b = "Ignore"
+	}
+	return "UTF-16" + e + "E (" + b + " BOM)"
+}
+
+type utf16Decoder struct {
+	initial config
+	current config
+}
+
+func (u *utf16Decoder) Reset() {
+	u.current = u.initial
+}
+
+func (u *utf16Decoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if len(src) < 2 && atEOF && u.current.bomPolicy&requireBOM != 0 {
+		return 0, 0, ErrMissingBOM
+	}
+	if len(src) == 0 {
+		return 0, 0, nil
+	}
+	if len(src) >= 2 && u.current.bomPolicy&acceptBOM != 0 {
+		switch {
+		case src[0] == 0xfe && src[1] == 0xff:
+			u.current.endianness = BigEndian
+			nSrc = 2
+		case src[0] == 0xff && src[1] == 0xfe:
+			u.current.endianness = LittleEndian
+			nSrc = 2
+		default:
+			if u.current.bomPolicy&requireBOM != 0 {
+				return 0, 0, ErrMissingBOM
+			}
+		}
+		u.current.bomPolicy = IgnoreBOM
+	}
+
+	var r rune
+	var dSize, sSize int
+	for nSrc < len(src) {
+		if nSrc+1 < len(src) {
+			x := uint16(src[nSrc+0])<<8 | uint16(src[nSrc+1])
+			if u.current.endianness == LittleEndian {
+				x = x>>8 | x<<8
+			}
+			r, sSize = rune(x), 2
+			if utf16.IsSurrogate(r) {
+				if nSrc+3 < len(src) {
+					x = uint16(src[nSrc+2])<<8 | uint16(src[nSrc+3])
+					if u.current.endianness == LittleEndian {
+						x = x>>8 | x<<8
+					}
+					// Save for next iteration if it is not a high surrogate.
+					if isHighSurrogate(rune(x)) {
+						r, sSize = utf16.DecodeRune(r, rune(x)), 4
+					}
+				} else if !atEOF {
+					err = transform.ErrShortSrc
+					break
+				}
+			}
+			if dSize = utf8.RuneLen(r); dSize < 0 {
+				r, dSize = utf8.RuneError, 3
+			}
+		} else if atEOF {
+			// Single trailing byte.
+			r, dSize, sSize = utf8.RuneError, 3, 1
+		} else {
+			err = transform.ErrShortSrc
+			break
+		}
+		if nDst+dSize > len(dst) {
+			err = transform.ErrShortDst
+			break
+		}
+		nDst += utf8.EncodeRune(dst[nDst:], r)
+		nSrc += sSize
+	}
+	return nDst, nSrc, err
+}
+
+func isHighSurrogate(r rune) bool {
+	return 0xDC00 <= r && r <= 0xDFFF
+}
+
+type utf16Encoder struct {
+	endianness       Endianness
+	initialBOMPolicy BOMPolicy
+	currentBOMPolicy BOMPolicy
+}
+
+func (u *utf16Encoder) Reset() {
+	u.currentBOMPolicy = u.initialBOMPolicy
+}
+
+func (u *utf16Encoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error) {
+	if u.currentBOMPolicy&writeBOM != 0 {
+		if len(dst) < 2 {
+			return 0, 0, transform.ErrShortDst
+		}
+		dst[0], dst[1] = 0xfe, 0xff
+		u.currentBOMPolicy = IgnoreBOM
+		nDst = 2
+	}
+
+	r, size := rune(0), 0
+	for nSrc < len(src) {
+		r = rune(src[nSrc])
+
+		// Decode a 1-byte rune.
+		if r < utf8.RuneSelf {
+			size = 1
+
+		} else {
+			// Decode a multi-byte rune.
+			r, size = utf8.DecodeRune(src[nSrc:])
+			if size == 1 {
+				// All valid runes of size 1 (those below utf8.RuneSelf) were
+				// handled above. We have invalid UTF-8 or we haven't seen the
+				// full character yet.
+				if !atEOF && !utf8.FullRune(src[nSrc:]) {
+					err = transform.ErrShortSrc
+					break
+				}
+			}
+		}
+
+		if r <= 0xffff {
+			if nDst+2 > len(dst) {
+				err = transform.ErrShortDst
+				break
+			}
+			dst[nDst+0] = uint8(r >> 8)
+			dst[nDst+1] = uint8(r)
+			nDst += 2
+		} else {
+			if nDst+4 > len(dst) {
+				err = transform.ErrShortDst
+				break
+			}
+			r1, r2 := utf16.EncodeRune(r)
+			dst[nDst+0] = uint8(r1 >> 8)
+			dst[nDst+1] = uint8(r1)
+			dst[nDst+2] = uint8(r2 >> 8)
+			dst[nDst+3] = uint8(r2)
+			nDst += 4
+		}
+		nSrc += size
+	}
+
+	if u.endianness == LittleEndian {
+		for i := 0; i < nDst; i += 2 {
+			dst[i], dst[i+1] = dst[i+1], dst[i]
+		}
+	}
+	return nDst, nSrc, err
+}
diff --git a/vendor/golang.org/x/text/internal/utf8internal/utf8internal.go b/vendor/golang.org/x/text/internal/utf8internal/utf8internal.go
new file mode 100644
index 000000000..e5c53b1b3
--- /dev/null
+++ b/vendor/golang.org/x/text/internal/utf8internal/utf8internal.go
@@ -0,0 +1,87 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package utf8internal contains low-level utf8-related constants, tables, etc.
+// that are used internally by the text package.
+package utf8internal
+
+// The default lowest and highest continuation byte.
+const (
+	LoCB = 0x80 // 1000 0000
+	HiCB = 0xBF // 1011 1111
+)
+
+// Constants related to getting information of first bytes of UTF-8 sequences.
+const (
+	// ASCII identifies a UTF-8 byte as ASCII.
+	ASCII = as
+
+	// FirstInvalid indicates a byte is invalid as a first byte of a UTF-8
+	// sequence.
+	FirstInvalid = xx
+
+	// SizeMask is a mask for the size bits. Use use x&SizeMask to get the size.
+	SizeMask = 7
+
+	// AcceptShift is the right-shift count for the first byte info byte to get
+	// the index into the AcceptRanges table. See AcceptRanges.
+	AcceptShift = 4
+
+	// The names of these constants are chosen to give nice alignment in the
+	// table below. The first nibble is an index into acceptRanges or F for
+	// special one-byte cases. The second nibble is the Rune length or the
+	// Status for the special one-byte case.
+	xx = 0xF1 // invalid: size 1
+	as = 0xF0 // ASCII: size 1
+	s1 = 0x02 // accept 0, size 2
+	s2 = 0x13 // accept 1, size 3
+	s3 = 0x03 // accept 0, size 3
+	s4 = 0x23 // accept 2, size 3
+	s5 = 0x34 // accept 3, size 4
+	s6 = 0x04 // accept 0, size 4
+	s7 = 0x44 // accept 4, size 4
+)
+
+// First is information about the first byte in a UTF-8 sequence.
+var First = [256]uint8{
+	//   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x00-0x0F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x10-0x1F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x20-0x2F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x30-0x3F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x40-0x4F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x50-0x5F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x60-0x6F
+	as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, as, // 0x70-0x7F
+	//   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0x80-0x8F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0x90-0x9F
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xA0-0xAF
+	xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xB0-0xBF
+	xx, xx, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, // 0xC0-0xCF
+	s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, s1, // 0xD0-0xDF
+	s2, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s3, s4, s3, s3, // 0xE0-0xEF
+	s5, s6, s6, s6, s7, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, // 0xF0-0xFF
+}
+
+// AcceptRange gives the range of valid values for the second byte in a UTF-8
+// sequence for any value for First that is not ASCII or FirstInvalid.
+type AcceptRange struct {
+	Lo uint8 // lowest value for second byte.
+	Hi uint8 // highest value for second byte.
+}
+
+// AcceptRanges is a slice of AcceptRange values. For a given byte sequence b
+//
+//	AcceptRanges[First[b[0]]>>AcceptShift]
+//
+// will give the value of AcceptRange for the multi-byte UTF-8 sequence starting
+// at b[0].
+var AcceptRanges = [...]AcceptRange{
+	0: {LoCB, HiCB},
+	1: {0xA0, HiCB},
+	2: {LoCB, 0x9F},
+	3: {0x90, HiCB},
+	4: {LoCB, 0x8F},
+}
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
index 8a7392c4a..784bb8808 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.10
-// +build go1.10
 
 package bidirule
 
diff --git a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
index bb0a92001..8e1e94395 100644
--- a/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+++ b/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build !go1.10
-// +build !go1.10
 
 package bidirule
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
index 42fa8d72c..d2bd71181 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
index 56a0e1ea2..f76bdca27 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
index baacf32b4..3aa2c3bdf 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
index ffadb7beb..a71375790 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
index 92cce5802..f15746f7d 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
index f517fdb20..c164d3791 100644
--- a/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package bidi
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
index f5a078827..1af161c75 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
index cb7239c43..eb73ecc37 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
index 11b273300..276cb8d8c 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
index f65785e8a..0cceffd73 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
index e1858b879..b0819e42d 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package norm
 
diff --git a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
index 0175eae50..bf65457d9 100644
--- a/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+++ b/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package norm
 
diff --git a/vendor/golang.org/x/text/width/tables10.0.0.go b/vendor/golang.org/x/text/width/tables10.0.0.go
index cd9d91caf..07c1cb17a 100644
--- a/vendor/golang.org/x/text/width/tables10.0.0.go
+++ b/vendor/golang.org/x/text/width/tables10.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.10 && !go1.13
-// +build go1.10,!go1.13
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables11.0.0.go b/vendor/golang.org/x/text/width/tables11.0.0.go
index 327eaef9b..89288b3da 100644
--- a/vendor/golang.org/x/text/width/tables11.0.0.go
+++ b/vendor/golang.org/x/text/width/tables11.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.13 && !go1.14
-// +build go1.13,!go1.14
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables12.0.0.go b/vendor/golang.org/x/text/width/tables12.0.0.go
index 5c14ade6d..755ee9122 100644
--- a/vendor/golang.org/x/text/width/tables12.0.0.go
+++ b/vendor/golang.org/x/text/width/tables12.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.14 && !go1.16
-// +build go1.14,!go1.16
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables13.0.0.go b/vendor/golang.org/x/text/width/tables13.0.0.go
index b1fcb522c..40c169edf 100644
--- a/vendor/golang.org/x/text/width/tables13.0.0.go
+++ b/vendor/golang.org/x/text/width/tables13.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.16 && !go1.21
-// +build go1.16,!go1.21
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables15.0.0.go b/vendor/golang.org/x/text/width/tables15.0.0.go
index 4b91e3384..2b8528967 100644
--- a/vendor/golang.org/x/text/width/tables15.0.0.go
+++ b/vendor/golang.org/x/text/width/tables15.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build go1.21
-// +build go1.21
 
 package width
 
diff --git a/vendor/golang.org/x/text/width/tables9.0.0.go b/vendor/golang.org/x/text/width/tables9.0.0.go
index 6781f3d96..d981330a9 100644
--- a/vendor/golang.org/x/text/width/tables9.0.0.go
+++ b/vendor/golang.org/x/text/width/tables9.0.0.go
@@ -1,7 +1,6 @@
 // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
 
 //go:build !go1.10
-// +build !go1.10
 
 package width
 
diff --git a/vendor/golang.org/x/tools/cmd/stringer/stringer.go b/vendor/golang.org/x/tools/cmd/stringer/stringer.go
index 998d1a51b..2b19c93e8 100644
--- a/vendor/golang.org/x/tools/cmd/stringer/stringer.go
+++ b/vendor/golang.org/x/tools/cmd/stringer/stringer.go
@@ -188,6 +188,8 @@ type Generator struct {
 
 	trimPrefix  string
 	lineComment bool
+
+	logf func(format string, args ...interface{}) // test logging hook; nil when not testing
 }
 
 func (g *Generator) Printf(format string, args ...interface{}) {
@@ -221,13 +223,14 @@ func (g *Generator) parsePackage(patterns []string, tags []string) {
 		// in a separate pass? For later.
 		Tests:      false,
 		BuildFlags: []string{fmt.Sprintf("-tags=%s", strings.Join(tags, " "))},
+		Logf:       g.logf,
 	}
 	pkgs, err := packages.Load(cfg, patterns...)
 	if err != nil {
 		log.Fatal(err)
 	}
 	if len(pkgs) != 1 {
-		log.Fatalf("error: %d packages found", len(pkgs))
+		log.Fatalf("error: %d packages matching %v", len(pkgs), strings.Join(patterns, " "))
 	}
 	g.addPackage(pkgs[0])
 }
diff --git a/vendor/golang.org/x/tools/go/analysis/doc.go b/vendor/golang.org/x/tools/go/analysis/doc.go
index c5429c9e2..44867d599 100644
--- a/vendor/golang.org/x/tools/go/analysis/doc.go
+++ b/vendor/golang.org/x/tools/go/analysis/doc.go
@@ -191,7 +191,7 @@ and buildtag, inspect the raw text of Go source files or even non-Go
 files such as assembly. To report a diagnostic against a line of a
 raw text file, use the following sequence:
 
-	content, err := ioutil.ReadFile(filename)
+	content, err := os.ReadFile(filename)
 	if err != nil { ... }
 	tf := fset.AddFile(filename, -1, len(content))
 	tf.SetLinesForContent(content)
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go b/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go
new file mode 100644
index 000000000..6976f0d90
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/appends/appends.go
@@ -0,0 +1,47 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package appends defines an Analyzer that detects
+// if there is only one variable in append.
+package appends
+
+import (
+	_ "embed"
+	"go/ast"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
+)
+
+//go:embed doc.go
+var doc string
+
+var Analyzer = &analysis.Analyzer{
+	Name:     "appends",
+	Doc:      analysisutil.MustExtractDoc(doc, "appends"),
+	URL:      "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/appends",
+	Requires: []*analysis.Analyzer{inspect.Analyzer},
+	Run:      run,
+}
+
+func run(pass *analysis.Pass) (interface{}, error) {
+	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+
+	nodeFilter := []ast.Node{
+		(*ast.CallExpr)(nil),
+	}
+	inspect.Preorder(nodeFilter, func(n ast.Node) {
+		call := n.(*ast.CallExpr)
+		b, ok := typeutil.Callee(pass.TypesInfo, call).(*types.Builtin)
+		if ok && b.Name() == "append" && len(call.Args) == 1 {
+			pass.ReportRangef(call, "append with no values")
+		}
+	})
+
+	return nil, nil
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/appends/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/appends/doc.go
new file mode 100644
index 000000000..2e6a2e010
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/appends/doc.go
@@ -0,0 +1,20 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package appends defines an Analyzer that detects
+// if there is only one variable in append.
+//
+// # Analyzer appends
+//
+// appends: check for missing values after append
+//
+// This checker reports calls to append that pass
+// no values to be appended to the slice.
+//
+//	s := []string{"a", "b", "c"}
+//	_ = append(s)
+//
+// Such calls are always no-ops and often indicate an
+// underlying mistake.
+package appends
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go b/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go
index 10489bea1..3bfd50122 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/assign/assign.go
@@ -18,6 +18,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
 )
 
@@ -77,7 +78,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 // isMapIndex returns true if e is a map index expression.
 func isMapIndex(info *types.Info, e ast.Expr) bool {
-	if idx, ok := analysisutil.Unparen(e).(*ast.IndexExpr); ok {
+	if idx, ok := astutil.Unparen(e).(*ast.IndexExpr); ok {
 		if typ := info.Types[idx.X].Type; typ != nil {
 			_, ok := typ.Underlying().(*types.Map)
 			return ok
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go b/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go
index b40e081ec..931f9ca75 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/atomic/atomic.go
@@ -8,12 +8,12 @@ import (
 	_ "embed"
 	"go/ast"
 	"go/token"
-	"go/types"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
 	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
 )
 
 //go:embed doc.go
@@ -52,18 +52,8 @@ func run(pass *analysis.Pass) (interface{}, error) {
 			if !ok {
 				continue
 			}
-			sel, ok := call.Fun.(*ast.SelectorExpr)
-			if !ok {
-				continue
-			}
-			pkgIdent, _ := sel.X.(*ast.Ident)
-			pkgName, ok := pass.TypesInfo.Uses[pkgIdent].(*types.PkgName)
-			if !ok || pkgName.Imported().Path() != "sync/atomic" {
-				continue
-			}
-
-			switch sel.Sel.Name {
-			case "AddInt32", "AddInt64", "AddUint32", "AddUint64", "AddUintptr":
+			fn := typeutil.StaticCallee(pass.TypesInfo, call)
+			if analysisutil.IsFunctionNamed(fn, "sync/atomic", "AddInt32", "AddInt64", "AddUint32", "AddUint64", "AddUintptr") {
 				checkAtomicAddAssignment(pass, n.Lhs[i], call)
 			}
 		}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go b/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go
index 01683e45a..aff6d25b3 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/atomicalign/atomicalign.go
@@ -18,6 +18,7 @@ import (
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
 	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
 )
 
 const Doc = "check for non-64-bits-aligned arguments to sync/atomic functions"
@@ -42,31 +43,20 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	nodeFilter := []ast.Node{
 		(*ast.CallExpr)(nil),
 	}
+	funcNames := []string{
+		"AddInt64", "AddUint64",
+		"LoadInt64", "LoadUint64",
+		"StoreInt64", "StoreUint64",
+		"SwapInt64", "SwapUint64",
+		"CompareAndSwapInt64", "CompareAndSwapUint64",
+	}
 
 	inspect.Preorder(nodeFilter, func(node ast.Node) {
 		call := node.(*ast.CallExpr)
-		sel, ok := call.Fun.(*ast.SelectorExpr)
-		if !ok {
-			return
-		}
-		pkgIdent, ok := sel.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		pkgName, ok := pass.TypesInfo.Uses[pkgIdent].(*types.PkgName)
-		if !ok || pkgName.Imported().Path() != "sync/atomic" {
-			return
-		}
-
-		switch sel.Sel.Name {
-		case "AddInt64", "AddUint64",
-			"LoadInt64", "LoadUint64",
-			"StoreInt64", "StoreUint64",
-			"SwapInt64", "SwapUint64",
-			"CompareAndSwapInt64", "CompareAndSwapUint64":
-
+		fn := typeutil.StaticCallee(pass.TypesInfo, call)
+		if analysisutil.IsFunctionNamed(fn, "sync/atomic", funcNames...) {
 			// For all the listed functions, the expression to check is always the first function argument.
-			check64BitAlignment(pass, sel.Sel.Name, call.Args[0])
+			check64BitAlignment(pass, fn.Name(), call.Args[0])
 		}
 	})
 
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go b/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go
index 4219f087b..564329774 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/bools/bools.go
@@ -14,6 +14,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
 )
 
@@ -83,7 +84,7 @@ func (op boolOp) commutativeSets(info *types.Info, e *ast.BinaryExpr, seen map[*
 	i := 0
 	var sets [][]ast.Expr
 	for j := 0; j <= len(exprs); j++ {
-		if j == len(exprs) || hasSideEffects(info, exprs[j]) {
+		if j == len(exprs) || analysisutil.HasSideEffects(info, exprs[j]) {
 			if i < j {
 				sets = append(sets, exprs[i:j])
 			}
@@ -162,46 +163,13 @@ func (op boolOp) checkSuspect(pass *analysis.Pass, exprs []ast.Expr) {
 	}
 }
 
-// hasSideEffects reports whether evaluation of e has side effects.
-func hasSideEffects(info *types.Info, e ast.Expr) bool {
-	safe := true
-	ast.Inspect(e, func(node ast.Node) bool {
-		switch n := node.(type) {
-		case *ast.CallExpr:
-			typVal := info.Types[n.Fun]
-			switch {
-			case typVal.IsType():
-				// Type conversion, which is safe.
-			case typVal.IsBuiltin():
-				// Builtin func, conservatively assumed to not
-				// be safe for now.
-				safe = false
-				return false
-			default:
-				// A non-builtin func or method call.
-				// Conservatively assume that all of them have
-				// side effects for now.
-				safe = false
-				return false
-			}
-		case *ast.UnaryExpr:
-			if n.Op == token.ARROW {
-				safe = false
-				return false
-			}
-		}
-		return true
-	})
-	return !safe
-}
-
 // split returns a slice of all subexpressions in e that are connected by op.
 // For example, given 'a || (b || c) || d' with the or op,
 // split returns []{d, c, b, a}.
 // seen[e] is already true; any newly processed exprs are added to seen.
 func (op boolOp) split(e ast.Expr, seen map[*ast.BinaryExpr]bool) (exprs []ast.Expr) {
 	for {
-		e = unparen(e)
+		e = astutil.Unparen(e)
 		if b, ok := e.(*ast.BinaryExpr); ok && b.Op == op.tok {
 			seen[b] = true
 			exprs = append(exprs, op.split(b.Y, seen)...)
@@ -213,14 +181,3 @@ func (op boolOp) split(e ast.Expr, seen map[*ast.BinaryExpr]bool) (exprs []ast.E
 	}
 	return
 }
-
-// unparen returns e with any enclosing parentheses stripped.
-func unparen(e ast.Expr) ast.Expr {
-	for {
-		p, ok := e.(*ast.ParenExpr)
-		if !ok {
-			return e
-		}
-		e = p.X
-	}
-}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go
index 881b8fd67..f077ea282 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/buildssa/buildssa.go
@@ -26,15 +26,13 @@ var Analyzer = &analysis.Analyzer{
 }
 
 // SSA provides SSA-form intermediate representation for all the
-// non-blank source functions in the current package.
+// source functions in the current package.
 type SSA struct {
 	Pkg      *ssa.Package
 	SrcFuncs []*ssa.Function
 }
 
 func run(pass *analysis.Pass) (interface{}, error) {
-	// Plundered from ssautil.BuildPackage.
-
 	// We must create a new Program for each Package because the
 	// analysis API provides no place to hang a Program shared by
 	// all Packages. Consequently, SSA Packages and Functions do not
@@ -51,20 +49,10 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 	prog := ssa.NewProgram(pass.Fset, mode)
 
-	// Create SSA packages for all imports.
-	// Order is not significant.
-	created := make(map[*types.Package]bool)
-	var createAll func(pkgs []*types.Package)
-	createAll = func(pkgs []*types.Package) {
-		for _, p := range pkgs {
-			if !created[p] {
-				created[p] = true
-				prog.CreatePackage(p, nil, nil, true)
-				createAll(p.Imports())
-			}
-		}
+	// Create SSA packages for direct imports.
+	for _, p := range pass.Pkg.Imports() {
+		prog.CreatePackage(p, nil, nil, true)
 	}
-	createAll(pass.Pkg.Imports())
 
 	// Create and build the primary package.
 	ssapkg := prog.CreatePackage(pass.Pkg, pass.Files, pass.TypesInfo, false)
@@ -76,16 +64,6 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	for _, f := range pass.Files {
 		for _, decl := range f.Decls {
 			if fdecl, ok := decl.(*ast.FuncDecl); ok {
-
-				// SSA will not build a Function
-				// for a FuncDecl named blank.
-				// That's arguably too strict but
-				// relaxing it would break uniqueness of
-				// names of package members.
-				if fdecl.Name.Name == "_" {
-					continue
-				}
-
 				// (init functions have distinct Func
 				// objects named "init" and distinct
 				// ssa.Functions named "init#1", ...)
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go
index 98d9a777a..4e8643975 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/cgocall/cgocall.go
@@ -19,6 +19,7 @@ import (
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 )
 
 const debug = false
@@ -64,7 +65,7 @@ func checkCgo(fset *token.FileSet, f *ast.File, info *types.Info, reportf func(t
 
 		// Is this a C.f() call?
 		var name string
-		if sel, ok := analysisutil.Unparen(call.Fun).(*ast.SelectorExpr); ok {
+		if sel, ok := astutil.Unparen(call.Fun).(*ast.SelectorExpr); ok {
 			if id, ok := sel.X.(*ast.Ident); ok && id.Name == "C" {
 				name = sel.Sel.Name
 			}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go
index ff2b41ac4..2eeb0a330 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/copylock/copylock.go
@@ -16,6 +16,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
 	"golang.org/x/tools/internal/typeparams"
 )
@@ -223,6 +224,8 @@ func (path typePath) String() string {
 }
 
 func lockPathRhs(pass *analysis.Pass, x ast.Expr) typePath {
+	x = astutil.Unparen(x) // ignore parens on rhs
+
 	if _, ok := x.(*ast.CompositeLit); ok {
 		return nil
 	}
@@ -231,7 +234,7 @@ func lockPathRhs(pass *analysis.Pass, x ast.Expr) typePath {
 		return nil
 	}
 	if star, ok := x.(*ast.StarExpr); ok {
-		if _, ok := star.X.(*ast.CallExpr); ok {
+		if _, ok := astutil.Unparen(star.X).(*ast.CallExpr); ok {
 			// A call may return a pointer to a zero value.
 			return nil
 		}
@@ -317,9 +320,7 @@ func lockPath(tpkg *types.Package, typ types.Type, seen map[types.Type]bool) typ
 	// In go1.10, sync.noCopy did not implement Locker.
 	// (The Unlock method was added only in CL 121876.)
 	// TODO(adonovan): remove workaround when we drop go1.10.
-	if named, ok := typ.(*types.Named); ok &&
-		named.Obj().Name() == "noCopy" &&
-		named.Obj().Pkg().Path() == "sync" {
+	if analysisutil.IsNamedType(typ, "sync", "noCopy") {
 		return []string{typ.String()}
 	}
 
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go b/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go
index 3a1818764..1a83bddbc 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/deepequalerrors/deepequalerrors.go
@@ -46,11 +46,8 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	}
 	inspect.Preorder(nodeFilter, func(n ast.Node) {
 		call := n.(*ast.CallExpr)
-		fn, ok := typeutil.Callee(pass.TypesInfo, call).(*types.Func)
-		if !ok {
-			return
-		}
-		if fn.FullName() == "reflect.DeepEqual" && hasError(pass, call.Args[0]) && hasError(pass, call.Args[1]) {
+		fn, _ := typeutil.Callee(pass.TypesInfo, call).(*types.Func)
+		if analysisutil.IsFunctionNamed(fn, "reflect", "DeepEqual") && hasError(pass, call.Args[0]) && hasError(pass, call.Args[1]) {
 			pass.ReportRangef(call, "avoid using reflect.DeepEqual with errors")
 		}
 	})
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go b/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go
new file mode 100644
index 000000000..5e8e80a6a
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/defers/defers.go
@@ -0,0 +1,59 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package defers
+
+import (
+	_ "embed"
+	"go/ast"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
+)
+
+//go:embed doc.go
+var doc string
+
+// Analyzer is the defers analyzer.
+var Analyzer = &analysis.Analyzer{
+	Name:     "defers",
+	Requires: []*analysis.Analyzer{inspect.Analyzer},
+	URL:      "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/defers",
+	Doc:      analysisutil.MustExtractDoc(doc, "defers"),
+	Run:      run,
+}
+
+func run(pass *analysis.Pass) (interface{}, error) {
+	if !analysisutil.Imports(pass.Pkg, "time") {
+		return nil, nil
+	}
+
+	checkDeferCall := func(node ast.Node) bool {
+		switch v := node.(type) {
+		case *ast.CallExpr:
+			if analysisutil.IsFunctionNamed(typeutil.StaticCallee(pass.TypesInfo, v), "time", "Since") {
+				pass.Reportf(v.Pos(), "call to time.Since is not deferred")
+			}
+		case *ast.FuncLit:
+			return false // prune
+		}
+		return true
+	}
+
+	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+
+	nodeFilter := []ast.Node{
+		(*ast.DeferStmt)(nil),
+	}
+
+	inspect.Preorder(nodeFilter, func(n ast.Node) {
+		d := n.(*ast.DeferStmt)
+		ast.Inspect(d.Call, checkDeferCall)
+	})
+
+	return nil, nil
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/defers/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/defers/doc.go
new file mode 100644
index 000000000..bdb135162
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/defers/doc.go
@@ -0,0 +1,25 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package defers defines an Analyzer that checks for common mistakes in defer
+// statements.
+//
+// # Analyzer defers
+//
+// defers: report common mistakes in defer statements
+//
+// The defers analyzer reports a diagnostic when a defer statement would
+// result in a non-deferred call to time.Since, as experience has shown
+// that this is nearly always a mistake.
+//
+// For example:
+//
+//	start := time.Now()
+//	...
+//	defer recordLatency(time.Since(start)) // error: call to time.Since is not deferred
+//
+// The correct code is:
+//
+//	defer func() { recordLatency(time.Since(start)) }()
+package defers
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go b/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go
new file mode 100644
index 000000000..2691f189a
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/directive/directive.go
@@ -0,0 +1,209 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package directive defines an Analyzer that checks known Go toolchain directives.
+package directive
+
+import (
+	"go/ast"
+	"go/parser"
+	"go/token"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+)
+
+const Doc = `check Go toolchain directives such as //go:debug
+
+This analyzer checks for problems with known Go toolchain directives
+in all Go source files in a package directory, even those excluded by
+//go:build constraints, and all non-Go source files too.
+
+For //go:debug (see https://go.dev/doc/godebug), the analyzer checks
+that the directives are placed only in Go source files, only above the
+package comment, and only in package main or *_test.go files.
+
+Support for other known directives may be added in the future.
+
+This analyzer does not check //go:build, which is handled by the
+buildtag analyzer.
+`
+
+var Analyzer = &analysis.Analyzer{
+	Name: "directive",
+	Doc:  Doc,
+	URL:  "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/directive",
+	Run:  runDirective,
+}
+
+func runDirective(pass *analysis.Pass) (interface{}, error) {
+	for _, f := range pass.Files {
+		checkGoFile(pass, f)
+	}
+	for _, name := range pass.OtherFiles {
+		if err := checkOtherFile(pass, name); err != nil {
+			return nil, err
+		}
+	}
+	for _, name := range pass.IgnoredFiles {
+		if strings.HasSuffix(name, ".go") {
+			f, err := parser.ParseFile(pass.Fset, name, nil, parser.ParseComments)
+			if err != nil {
+				// Not valid Go source code - not our job to diagnose, so ignore.
+				continue
+			}
+			checkGoFile(pass, f)
+		} else {
+			if err := checkOtherFile(pass, name); err != nil {
+				return nil, err
+			}
+		}
+	}
+	return nil, nil
+}
+
+func checkGoFile(pass *analysis.Pass, f *ast.File) {
+	check := newChecker(pass, pass.Fset.File(f.Package).Name(), f)
+
+	for _, group := range f.Comments {
+		// A +build comment is ignored after or adjoining the package declaration.
+		if group.End()+1 >= f.Package {
+			check.inHeader = false
+		}
+		// A //go:build comment is ignored after the package declaration
+		// (but adjoining it is OK, in contrast to +build comments).
+		if group.Pos() >= f.Package {
+			check.inHeader = false
+		}
+
+		// Check each line of a //-comment.
+		for _, c := range group.List {
+			check.comment(c.Slash, c.Text)
+		}
+	}
+}
+
+func checkOtherFile(pass *analysis.Pass, filename string) error {
+	// We cannot use the Go parser, since is not a Go source file.
+	// Read the raw bytes instead.
+	content, tf, err := analysisutil.ReadFile(pass.Fset, filename)
+	if err != nil {
+		return err
+	}
+
+	check := newChecker(pass, filename, nil)
+	check.nonGoFile(token.Pos(tf.Base()), string(content))
+	return nil
+}
+
+type checker struct {
+	pass     *analysis.Pass
+	filename string
+	file     *ast.File // nil for non-Go file
+	inHeader bool      // in file header (before package declaration)
+	inStar   bool      // currently in a /* */ comment
+}
+
+func newChecker(pass *analysis.Pass, filename string, file *ast.File) *checker {
+	return &checker{
+		pass:     pass,
+		filename: filename,
+		file:     file,
+		inHeader: true,
+	}
+}
+
+func (check *checker) nonGoFile(pos token.Pos, fullText string) {
+	// Process each line.
+	text := fullText
+	inStar := false
+	for text != "" {
+		offset := len(fullText) - len(text)
+		var line string
+		line, text, _ = strings.Cut(text, "\n")
+
+		if !inStar && strings.HasPrefix(line, "//") {
+			check.comment(pos+token.Pos(offset), line)
+			continue
+		}
+
+		// Skip over, cut out any /* */ comments,
+		// to avoid being confused by a commented-out // comment.
+		for {
+			line = strings.TrimSpace(line)
+			if inStar {
+				var ok bool
+				_, line, ok = strings.Cut(line, "*/")
+				if !ok {
+					break
+				}
+				inStar = false
+				continue
+			}
+			line, inStar = stringsCutPrefix(line, "/*")
+			if !inStar {
+				break
+			}
+		}
+		if line != "" {
+			// Found non-comment non-blank line.
+			// Ends space for valid //go:build comments,
+			// but also ends the fraction of the file we can
+			// reliably parse. From this point on we might
+			// incorrectly flag "comments" inside multiline
+			// string constants or anything else (this might
+			// not even be a Go program). So stop.
+			break
+		}
+	}
+}
+
+func (check *checker) comment(pos token.Pos, line string) {
+	if !strings.HasPrefix(line, "//go:") {
+		return
+	}
+	// testing hack: stop at // ERROR
+	if i := strings.Index(line, " // ERROR "); i >= 0 {
+		line = line[:i]
+	}
+
+	verb := line
+	if i := strings.IndexFunc(verb, unicode.IsSpace); i >= 0 {
+		verb = verb[:i]
+		if line[i] != ' ' && line[i] != '\t' && line[i] != '\n' {
+			r, _ := utf8.DecodeRuneInString(line[i:])
+			check.pass.Reportf(pos, "invalid space %#q in %s directive", r, verb)
+		}
+	}
+
+	switch verb {
+	default:
+		// TODO: Use the go language version for the file.
+		// If that version is not newer than us, then we can
+		// report unknown directives.
+
+	case "//go:build":
+		// Ignore. The buildtag analyzer reports misplaced comments.
+
+	case "//go:debug":
+		if check.file == nil {
+			check.pass.Reportf(pos, "//go:debug directive only valid in Go source files")
+		} else if check.file.Name.Name != "main" && !strings.HasSuffix(check.filename, "_test.go") {
+			check.pass.Reportf(pos, "//go:debug directive only valid in package main or test")
+		} else if !check.inHeader {
+			check.pass.Reportf(pos, "//go:debug directive only valid before package declaration")
+		}
+	}
+}
+
+// Go 1.20 strings.CutPrefix.
+func stringsCutPrefix(s, prefix string) (after string, found bool) {
+	if !strings.HasPrefix(s, prefix) {
+		return s, false
+	}
+	return s[len(prefix):], true
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go b/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go
index 2fcbdfafb..7f62ad4c8 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/errorsas/errorsas.go
@@ -51,15 +51,12 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	inspect.Preorder(nodeFilter, func(n ast.Node) {
 		call := n.(*ast.CallExpr)
 		fn := typeutil.StaticCallee(pass.TypesInfo, call)
-		if fn == nil {
-			return // not a static call
+		if !analysisutil.IsFunctionNamed(fn, "errors", "As") {
+			return
 		}
 		if len(call.Args) < 2 {
 			return // not enough arguments, e.g. called with return values of another function
 		}
-		if fn.FullName() != "errors.As" {
-			return
-		}
 		if err := checkAsTarget(pass, call.Args[1]); err != nil {
 			pass.ReportRangef(call, "%v", err)
 		}
@@ -69,9 +66,6 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 var errorType = types.Universe.Lookup("error").Type()
 
-// pointerToInterfaceOrError reports whether the type of e is a pointer to an interface or a type implementing error,
-// or is the empty interface.
-
 // checkAsTarget reports an error if the second argument to errors.As is invalid.
 func checkAsTarget(pass *analysis.Pass, e ast.Expr) error {
 	t := pass.TypesInfo.Types[e].Type
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go b/vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go
index 61c3b764f..c6b6c81b4 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/httpresponse/httpresponse.go
@@ -116,7 +116,7 @@ func isHTTPFuncOrMethodOnClient(info *types.Info, expr *ast.CallExpr) bool {
 	if res.Len() != 2 {
 		return false // the function called does not return two values.
 	}
-	if ptr, ok := res.At(0).Type().(*types.Pointer); !ok || !isNamedType(ptr.Elem(), "net/http", "Response") {
+	if ptr, ok := res.At(0).Type().(*types.Pointer); !ok || !analysisutil.IsNamedType(ptr.Elem(), "net/http", "Response") {
 		return false // the first return type is not *http.Response.
 	}
 
@@ -131,11 +131,11 @@ func isHTTPFuncOrMethodOnClient(info *types.Info, expr *ast.CallExpr) bool {
 		return ok && id.Name == "http" // function in net/http package.
 	}
 
-	if isNamedType(typ, "net/http", "Client") {
+	if analysisutil.IsNamedType(typ, "net/http", "Client") {
 		return true // method on http.Client.
 	}
 	ptr, ok := typ.(*types.Pointer)
-	return ok && isNamedType(ptr.Elem(), "net/http", "Client") // method on *http.Client.
+	return ok && analysisutil.IsNamedType(ptr.Elem(), "net/http", "Client") // method on *http.Client.
 }
 
 // restOfBlock, given a traversal stack, finds the innermost containing
@@ -171,13 +171,3 @@ func rootIdent(n ast.Node) *ast.Ident {
 		return nil
 	}
 }
-
-// isNamedType reports whether t is the named type path.name.
-func isNamedType(t types.Type, path, name string) bool {
-	n, ok := t.(*types.Named)
-	if !ok {
-		return false
-	}
-	obj := n.Obj()
-	return obj.Name() == name && obj.Pkg() != nil && obj.Pkg().Path() == path
-}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go b/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go
index ac37e4784..c0060753f 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/internal/analysisutil/util.go
@@ -12,7 +12,7 @@ import (
 	"go/printer"
 	"go/token"
 	"go/types"
-	"io/ioutil"
+	"os"
 )
 
 // Format returns a string representation of the expression.
@@ -55,21 +55,10 @@ func HasSideEffects(info *types.Info, e ast.Expr) bool {
 	return !safe
 }
 
-// Unparen returns e with any enclosing parentheses stripped.
-func Unparen(e ast.Expr) ast.Expr {
-	for {
-		p, ok := e.(*ast.ParenExpr)
-		if !ok {
-			return e
-		}
-		e = p.X
-	}
-}
-
 // ReadFile reads a file and adds it to the FileSet
 // so that we can report errors against it using lineStart.
 func ReadFile(fset *token.FileSet, filename string) ([]byte, *token.File, error) {
-	content, err := ioutil.ReadFile(filename)
+	content, err := os.ReadFile(filename)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -118,3 +107,46 @@ func Imports(pkg *types.Package, path string) bool {
 	}
 	return false
 }
+
+// IsNamedType reports whether t is the named type with the given package path
+// and one of the given names.
+// This function avoids allocating the concatenation of "pkg.Name",
+// which is important for the performance of syntax matching.
+func IsNamedType(t types.Type, pkgPath string, names ...string) bool {
+	n, ok := t.(*types.Named)
+	if !ok {
+		return false
+	}
+	obj := n.Obj()
+	if obj == nil || obj.Pkg() == nil || obj.Pkg().Path() != pkgPath {
+		return false
+	}
+	name := obj.Name()
+	for _, n := range names {
+		if name == n {
+			return true
+		}
+	}
+	return false
+}
+
+// IsFunctionNamed reports whether f is a top-level function defined in the
+// given package and has one of the given names.
+// It returns false if f is nil or a method.
+func IsFunctionNamed(f *types.Func, pkgPath string, names ...string) bool {
+	if f == nil {
+		return false
+	}
+	if f.Pkg() == nil || f.Pkg().Path() != pkgPath {
+		return false
+	}
+	if f.Type().(*types.Signature).Recv() != nil {
+		return false
+	}
+	for _, n := range names {
+		if f.Name() == n {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/doc.go
index dc544df1b..c95b1c1c9 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/doc.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/doc.go
@@ -14,8 +14,12 @@
 // in such a way (e.g. with go or defer) that it may outlive the loop
 // iteration and possibly observe the wrong value of the variable.
 //
+// Note: An iteration variable can only outlive a loop iteration in Go versions <=1.21.
+// In Go 1.22 and later, the loop variable lifetimes changed to create a new
+// iteration variable per loop iteration. (See go.dev/issue/60078.)
+//
 // In this example, all the deferred functions run after the loop has
-// completed, so all observe the final value of v.
+// completed, so all observe the final value of v [<go1.22].
 //
 //	for _, v := range list {
 //	    defer func() {
@@ -32,7 +36,10 @@
 //	    }()
 //	}
 //
-// The next example uses a go statement and has a similar problem.
+// After Go version 1.22, the previous two for loops are equivalent
+// and both are correct.
+//
+// The next example uses a go statement and has a similar problem [<go1.22].
 // In addition, it has a data race because the loop updates v
 // concurrent with the goroutines accessing it.
 //
@@ -56,7 +63,7 @@
 //	}
 //
 // The t.Parallel() call causes the rest of the function to execute
-// concurrent with the loop.
+// concurrent with the loop [<go1.22].
 //
 // The analyzer reports references only in the last statement,
 // as it is not deep enough to understand the effects of subsequent
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go
index 5620c35fa..4724c9f3b 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/loopclosure/loopclosure.go
@@ -14,6 +14,7 @@ import (
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
 	"golang.org/x/tools/go/ast/inspector"
 	"golang.org/x/tools/go/types/typeutil"
+	"golang.org/x/tools/internal/versions"
 )
 
 //go:embed doc.go
@@ -31,10 +32,15 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
 
 	nodeFilter := []ast.Node{
+		(*ast.File)(nil),
 		(*ast.RangeStmt)(nil),
 		(*ast.ForStmt)(nil),
 	}
-	inspect.Preorder(nodeFilter, func(n ast.Node) {
+	inspect.Nodes(nodeFilter, func(n ast.Node, push bool) bool {
+		if !push {
+			// inspect.Nodes is slightly suboptimal as we only use push=true.
+			return true
+		}
 		// Find the variables updated by the loop statement.
 		var vars []types.Object
 		addVar := func(expr ast.Expr) {
@@ -46,6 +52,11 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		}
 		var body *ast.BlockStmt
 		switch n := n.(type) {
+		case *ast.File:
+			// Only traverse the file if its goversion is strictly before go1.22.
+			goversion := versions.Lang(versions.FileVersions(pass.TypesInfo, n))
+			// goversion is empty for older go versions (or the version is invalid).
+			return goversion == "" || versions.Compare(goversion, "go1.22") < 0
 		case *ast.RangeStmt:
 			body = n.Body
 			addVar(n.Key)
@@ -64,7 +75,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 			}
 		}
 		if vars == nil {
-			return
+			return true
 		}
 
 		// Inspect statements to find function literals that may be run outside of
@@ -113,6 +124,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 				}
 			}
 		}
+		return true
 	})
 	return nil, nil
 }
@@ -359,20 +371,5 @@ func isMethodCall(info *types.Info, expr ast.Expr, pkgPath, typeName, method str
 	if ptr, ok := recv.Type().(*types.Pointer); ok {
 		rtype = ptr.Elem()
 	}
-	named, ok := rtype.(*types.Named)
-	if !ok {
-		return false
-	}
-	if named.Obj().Name() != typeName {
-		return false
-	}
-	pkg := f.Pkg()
-	if pkg == nil {
-		return false
-	}
-	if pkg.Path() != pkgPath {
-		return false
-	}
-
-	return true
+	return analysisutil.IsNamedType(rtype, pkgPath, typeName)
 }
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go b/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go
index d1ca0748e..c4999f7a9 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/nilness/nilness.go
@@ -38,11 +38,15 @@ func run(pass *analysis.Pass) (interface{}, error) {
 
 func runFunc(pass *analysis.Pass, fn *ssa.Function) {
 	reportf := func(category string, pos token.Pos, format string, args ...interface{}) {
-		pass.Report(analysis.Diagnostic{
-			Pos:      pos,
-			Category: category,
-			Message:  fmt.Sprintf(format, args...),
-		})
+		// We ignore nil-checking ssa.Instructions
+		// that don't correspond to syntax.
+		if pos.IsValid() {
+			pass.Report(analysis.Diagnostic{
+				Pos:      pos,
+				Category: category,
+				Message:  fmt.Sprintf(format, args...),
+			})
+		}
 	}
 
 	// notNil reports an error if v is provably nil.
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go b/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go
index b2b8c67c7..070654f01 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/printf/printf.go
@@ -511,15 +511,10 @@ func isFormatter(typ types.Type) bool {
 	sig := fn.Type().(*types.Signature)
 	return sig.Params().Len() == 2 &&
 		sig.Results().Len() == 0 &&
-		isNamed(sig.Params().At(0).Type(), "fmt", "State") &&
+		analysisutil.IsNamedType(sig.Params().At(0).Type(), "fmt", "State") &&
 		types.Identical(sig.Params().At(1).Type(), types.Typ[types.Rune])
 }
 
-func isNamed(T types.Type, pkgpath, name string) bool {
-	named, ok := T.(*types.Named)
-	return ok && named.Obj().Pkg().Path() == pkgpath && named.Obj().Name() == name
-}
-
 // formatState holds the parsed representation of a printf directive such as "%3.*[4]d".
 // It is constructed by parsePrintfVerb.
 type formatState struct {
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go b/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go
index 27677139e..6789d7357 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/reflectvaluecompare/reflectvaluecompare.go
@@ -49,11 +49,8 @@ func run(pass *analysis.Pass) (interface{}, error) {
 				}
 			}
 		case *ast.CallExpr:
-			fn, ok := typeutil.Callee(pass.TypesInfo, n).(*types.Func)
-			if !ok {
-				return
-			}
-			if fn.FullName() == "reflect.DeepEqual" && (isReflectValue(pass, n.Args[0]) || isReflectValue(pass, n.Args[1])) {
+			fn, _ := typeutil.Callee(pass.TypesInfo, n).(*types.Func)
+			if analysisutil.IsFunctionNamed(fn, "reflect", "DeepEqual") && (isReflectValue(pass, n.Args[0]) || isReflectValue(pass, n.Args[1])) {
 				pass.ReportRangef(n, "avoid using reflect.DeepEqual with reflect.Value")
 			}
 		}
@@ -68,11 +65,7 @@ func isReflectValue(pass *analysis.Pass, e ast.Expr) bool {
 		return false
 	}
 	// See if the type is reflect.Value
-	named, ok := tv.Type.(*types.Named)
-	if !ok {
-		return false
-	}
-	if obj := named.Obj(); obj == nil || obj.Pkg() == nil || obj.Pkg().Path() != "reflect" || obj.Name() != "Value" {
+	if !analysisutil.IsNamedType(tv.Type, "reflect", "Value") {
 		return false
 	}
 	if _, ok := e.(*ast.CompositeLit); ok {
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/slog/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/slog/doc.go
new file mode 100644
index 000000000..ecb10e094
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/slog/doc.go
@@ -0,0 +1,23 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package slog defines an Analyzer that checks for
+// mismatched key-value pairs in log/slog calls.
+//
+// # Analyzer slog
+//
+// slog: check for invalid structured logging calls
+//
+// The slog checker looks for calls to functions from the log/slog
+// package that take alternating key-value pairs. It reports calls
+// where an argument in a key position is neither a string nor a
+// slog.Attr, and where a final key is missing its value.
+// For example,it would report
+//
+//	slog.Warn("message", 11, "k") // slog.Warn arg "11" should be a string or a slog.Attr
+//
+// and
+//
+//	slog.Info("message", "k1", v1, "k2") // call to slog.Info missing a final value
+package slog
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go b/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go
new file mode 100644
index 000000000..a1323c3e6
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/slog/slog.go
@@ -0,0 +1,234 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// TODO(jba) deduce which functions wrap the log/slog functions, and use the
+// fact mechanism to propagate this information, so we can provide diagnostics
+// for user-supplied wrappers.
+
+package slog
+
+import (
+	_ "embed"
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/inspector"
+	"golang.org/x/tools/go/types/typeutil"
+)
+
+//go:embed doc.go
+var doc string
+
+var Analyzer = &analysis.Analyzer{
+	Name:     "slog",
+	Doc:      analysisutil.MustExtractDoc(doc, "slog"),
+	URL:      "https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/slog",
+	Requires: []*analysis.Analyzer{inspect.Analyzer},
+	Run:      run,
+}
+
+var stringType = types.Universe.Lookup("string").Type()
+
+// A position describes what is expected to appear in an argument position.
+type position int
+
+const (
+	// key is an argument position that should hold a string key or an Attr.
+	key position = iota
+	// value is an argument position that should hold a value.
+	value
+	// unknown represents that we do not know if position should hold a key or a value.
+	unknown
+)
+
+func run(pass *analysis.Pass) (any, error) {
+	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
+	nodeFilter := []ast.Node{
+		(*ast.CallExpr)(nil),
+	}
+	inspect.Preorder(nodeFilter, func(node ast.Node) {
+		call := node.(*ast.CallExpr)
+		fn := typeutil.StaticCallee(pass.TypesInfo, call)
+		if fn == nil {
+			return // not a static call
+		}
+		if call.Ellipsis != token.NoPos {
+			return // skip calls with "..." args
+		}
+		skipArgs, ok := kvFuncSkipArgs(fn)
+		if !ok {
+			// Not a slog function that takes key-value pairs.
+			return
+		}
+		if isMethodExpr(pass.TypesInfo, call) {
+			// Call is to a method value. Skip the first argument.
+			skipArgs++
+		}
+		if len(call.Args) <= skipArgs {
+			// Too few args; perhaps there are no k-v pairs.
+			return
+		}
+
+		// Check this call.
+		// The first position should hold a key or Attr.
+		pos := key
+		var unknownArg ast.Expr // nil or the last unknown argument
+		for _, arg := range call.Args[skipArgs:] {
+			t := pass.TypesInfo.Types[arg].Type
+			switch pos {
+			case key:
+				// Expect a string or Attr.
+				switch {
+				case t == stringType:
+					pos = value
+				case isAttr(t):
+					pos = key
+				case types.IsInterface(t):
+					// As we do not do dataflow, we do not know what the dynamic type is.
+					// It could be a string or an Attr so we don't know what to expect next.
+					pos = unknown
+				default:
+					if unknownArg == nil {
+						pass.ReportRangef(arg, "%s arg %q should be a string or a slog.Attr (possible missing key or value)",
+							shortName(fn), analysisutil.Format(pass.Fset, arg))
+					} else {
+						pass.ReportRangef(arg, "%s arg %q should probably be a string or a slog.Attr (previous arg %q cannot be a key)",
+							shortName(fn), analysisutil.Format(pass.Fset, arg), analysisutil.Format(pass.Fset, unknownArg))
+					}
+					// Stop here so we report at most one missing key per call.
+					return
+				}
+
+			case value:
+				// Anything can appear in this position.
+				// The next position should be a key.
+				pos = key
+
+			case unknown:
+				// Once we encounter an unknown position, we can never be
+				// sure if a problem later or at the end of the call is due to a
+				// missing final value, or a non-key in key position.
+				// In both cases, unknownArg != nil.
+				unknownArg = arg
+
+				// We don't know what is expected about this position, but all hope is not lost.
+				if t != stringType && !isAttr(t) && !types.IsInterface(t) {
+					// This argument is definitely not a key.
+					//
+					// unknownArg cannot have been a key, in which case this is the
+					// corresponding value, and the next position should hold another key.
+					pos = key
+				}
+			}
+		}
+		if pos == value {
+			if unknownArg == nil {
+				pass.ReportRangef(call, "call to %s missing a final value", shortName(fn))
+			} else {
+				pass.ReportRangef(call, "call to %s has a missing or misplaced value", shortName(fn))
+			}
+		}
+	})
+	return nil, nil
+}
+
+func isAttr(t types.Type) bool {
+	return analysisutil.IsNamedType(t, "log/slog", "Attr")
+}
+
+// shortName returns a name for the function that is shorter than FullName.
+// Examples:
+//
+//	"slog.Info" (instead of "log/slog.Info")
+//	"slog.Logger.With" (instead of "(*log/slog.Logger).With")
+func shortName(fn *types.Func) string {
+	var r string
+	if recv := fn.Type().(*types.Signature).Recv(); recv != nil {
+		t := recv.Type()
+		if pt, ok := t.(*types.Pointer); ok {
+			t = pt.Elem()
+		}
+		if nt, ok := t.(*types.Named); ok {
+			r = nt.Obj().Name()
+		} else {
+			r = recv.Type().String()
+		}
+		r += "."
+	}
+	return fmt.Sprintf("%s.%s%s", fn.Pkg().Name(), r, fn.Name())
+}
+
+// If fn is a slog function that has a ...any parameter for key-value pairs,
+// kvFuncSkipArgs returns the number of arguments to skip over to reach the
+// corresponding arguments, and true.
+// Otherwise it returns (0, false).
+func kvFuncSkipArgs(fn *types.Func) (int, bool) {
+	if pkg := fn.Pkg(); pkg == nil || pkg.Path() != "log/slog" {
+		return 0, false
+	}
+	var recvName string // by default a slog package function
+	recv := fn.Type().(*types.Signature).Recv()
+	if recv != nil {
+		t := recv.Type()
+		if pt, ok := t.(*types.Pointer); ok {
+			t = pt.Elem()
+		}
+		if nt, ok := t.(*types.Named); !ok {
+			return 0, false
+		} else {
+			recvName = nt.Obj().Name()
+		}
+	}
+	skip, ok := kvFuncs[recvName][fn.Name()]
+	return skip, ok
+}
+
+// The names of functions and methods in log/slog that take
+// ...any for key-value pairs, mapped to the number of initial args to skip in
+// order to get to the ones that match the ...any parameter.
+// The first key is the dereferenced receiver type name, or "" for a function.
+var kvFuncs = map[string]map[string]int{
+	"": map[string]int{
+		"Debug":        1,
+		"Info":         1,
+		"Warn":         1,
+		"Error":        1,
+		"DebugContext": 2,
+		"InfoContext":  2,
+		"WarnContext":  2,
+		"ErrorContext": 2,
+		"Log":          3,
+		"Group":        1,
+	},
+	"Logger": map[string]int{
+		"Debug":        1,
+		"Info":         1,
+		"Warn":         1,
+		"Error":        1,
+		"DebugContext": 2,
+		"InfoContext":  2,
+		"WarnContext":  2,
+		"ErrorContext": 2,
+		"Log":          3,
+		"With":         0,
+	},
+	"Record": map[string]int{
+		"Add": 0,
+	},
+}
+
+// isMethodExpr reports whether a call is to a MethodExpr.
+func isMethodExpr(info *types.Info, c *ast.CallExpr) bool {
+	s, ok := c.Fun.(*ast.SelectorExpr)
+	if !ok {
+		return false
+	}
+	sel := info.Selections[s]
+	return sel != nil && sel.Kind() == types.MethodExpr
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go b/vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go
index 1fe206b0f..6c151a02c 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/sortslice/analyzer.go
@@ -47,12 +47,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 	inspect.Preorder(nodeFilter, func(n ast.Node) {
 		call := n.(*ast.CallExpr)
 		fn, _ := typeutil.Callee(pass.TypesInfo, call).(*types.Func)
-		if fn == nil {
-			return
-		}
-
-		fnName := fn.FullName()
-		if fnName != "sort.Slice" && fnName != "sort.SliceStable" && fnName != "sort.SliceIsSorted" {
+		if !analysisutil.IsFunctionNamed(fn, "sort", "Slice", "SliceStable", "SliceIsSorted") {
 			return
 		}
 
@@ -131,7 +126,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		pass.Report(analysis.Diagnostic{
 			Pos:            call.Pos(),
 			End:            call.End(),
-			Message:        fmt.Sprintf("%s's argument must be a slice; is called with %s", fnName, typ.String()),
+			Message:        fmt.Sprintf("%s's argument must be a slice; is called with %s", fn.FullName(), typ.String()),
 			SuggestedFixes: fixes,
 		})
 	})
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/doc.go b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/doc.go
index a68adb12b..4cd5b71e9 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/doc.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/doc.go
@@ -7,7 +7,7 @@
 //
 // # Analyzer testinggoroutine
 //
-// testinggoroutine: report calls to (*testing.T).Fatal from goroutines started by a test.
+// testinggoroutine: report calls to (*testing.T).Fatal from goroutines started by a test
 //
 // Functions that abruptly terminate a test, such as the Fatal, Fatalf, FailNow, and
 // Skip{,f,Now} methods of *testing.T, must be called from the test goroutine itself.
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go
index 907b71503..dc5307a15 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/testinggoroutine.go
@@ -6,18 +6,28 @@ package testinggoroutine
 
 import (
 	_ "embed"
+	"fmt"
 	"go/ast"
+	"go/token"
+	"go/types"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
-	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/go/types/typeutil"
 )
 
 //go:embed doc.go
 var doc string
 
+var reportSubtest bool
+
+func init() {
+	Analyzer.Flags.BoolVar(&reportSubtest, "subtest", false, "whether to check if t.Run subtest is terminated correctly; experimental")
+}
+
 var Analyzer = &analysis.Analyzer{
 	Name:     "testinggoroutine",
 	Doc:      analysisutil.MustExtractDoc(doc, "testinggoroutine"),
@@ -26,15 +36,6 @@ var Analyzer = &analysis.Analyzer{
 	Run:      run,
 }
 
-var forbidden = map[string]bool{
-	"FailNow": true,
-	"Fatal":   true,
-	"Fatalf":  true,
-	"Skip":    true,
-	"Skipf":   true,
-	"SkipNow": true,
-}
-
 func run(pass *analysis.Pass) (interface{}, error) {
 	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
 
@@ -42,38 +43,90 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		return nil, nil
 	}
 
-	// Filter out anything that isn't a function declaration.
-	onlyFuncs := []ast.Node{
-		(*ast.FuncDecl)(nil),
+	toDecl := localFunctionDecls(pass.TypesInfo, pass.Files)
+
+	// asyncs maps nodes whose statements will be executed concurrently
+	// with respect to some test function, to the call sites where they
+	// are invoked asynchronously. There may be multiple such call sites
+	// for e.g. test helpers.
+	asyncs := make(map[ast.Node][]*asyncCall)
+	var regions []ast.Node
+	addCall := func(c *asyncCall) {
+		if c != nil {
+			r := c.region
+			if asyncs[r] == nil {
+				regions = append(regions, r)
+			}
+			asyncs[r] = append(asyncs[r], c)
+		}
 	}
 
-	inspect.Nodes(onlyFuncs, func(node ast.Node, push bool) bool {
-		fnDecl, ok := node.(*ast.FuncDecl)
-		if !ok {
+	// Collect all of the go callee() and t.Run(name, callee) extents.
+	inspect.Nodes([]ast.Node{
+		(*ast.FuncDecl)(nil),
+		(*ast.GoStmt)(nil),
+		(*ast.CallExpr)(nil),
+	}, func(node ast.Node, push bool) bool {
+		if !push {
 			return false
 		}
+		switch node := node.(type) {
+		case *ast.FuncDecl:
+			return hasBenchmarkOrTestParams(node)
 
-		if !hasBenchmarkOrTestParams(fnDecl) {
-			return false
+		case *ast.GoStmt:
+			c := goAsyncCall(pass.TypesInfo, node, toDecl)
+			addCall(c)
+
+		case *ast.CallExpr:
+			c := tRunAsyncCall(pass.TypesInfo, node)
+			addCall(c)
 		}
+		return true
+	})
 
-		// Now traverse the benchmark/test's body and check that none of the
-		// forbidden methods are invoked in the goroutines within the body.
-		ast.Inspect(fnDecl, func(n ast.Node) bool {
-			goStmt, ok := n.(*ast.GoStmt)
+	// Check for t.Forbidden() calls within each region r that is a
+	// callee in some go r() or a t.Run("name", r).
+	//
+	// Also considers a special case when r is a go t.Forbidden() call.
+	for _, region := range regions {
+		ast.Inspect(region, func(n ast.Node) bool {
+			if n == region {
+				return true // always descend into the region itself.
+			} else if asyncs[n] != nil {
+				return false // will be visited by another region.
+			}
+
+			call, ok := n.(*ast.CallExpr)
 			if !ok {
 				return true
 			}
+			x, sel, fn := forbiddenMethod(pass.TypesInfo, call)
+			if x == nil {
+				return true
+			}
 
-			checkGoStmt(pass, goStmt)
+			for _, e := range asyncs[region] {
+				if !withinScope(e.scope, x) {
+					forbidden := formatMethod(sel, fn) // e.g. "(*testing.T).Forbidden
 
-			// No need to further traverse the GoStmt since right
-			// above we manually traversed it in the ast.Inspect(goStmt, ...)
-			return false
+					var context string
+					var where analysis.Range = e.async // Put the report at the go fun() or t.Run(name, fun).
+					if _, local := e.fun.(*ast.FuncLit); local {
+						where = call // Put the report at the t.Forbidden() call.
+					} else if id, ok := e.fun.(*ast.Ident); ok {
+						context = fmt.Sprintf(" (%s calls %s)", id.Name, forbidden)
+					}
+					if _, ok := e.async.(*ast.GoStmt); ok {
+						pass.ReportRangef(where, "call to %s from a non-test goroutine%s", forbidden, context)
+					} else if reportSubtest {
+						pass.ReportRangef(where, "call to %s on %s defined outside of the subtest%s", forbidden, x.Name(), context)
+					}
+				}
+			}
+			return true
 		})
-
-		return false
-	})
+	}
 
 	return nil, nil
 }
@@ -100,7 +153,6 @@ func typeIsTestingDotTOrB(expr ast.Expr) (string, bool) {
 	if !ok {
 		return "", false
 	}
-
 	varPkg := selExpr.X.(*ast.Ident)
 	if varPkg.Name != "testing" {
 		return "", false
@@ -111,73 +163,116 @@ func typeIsTestingDotTOrB(expr ast.Expr) (string, bool) {
 	return varTypeName, ok
 }
 
-// goStmtFunc returns the ast.Node of a call expression
-// that was invoked as a go statement. Currently, only
-// function literals declared in the same function, and
-// static calls within the same package are supported.
-func goStmtFun(goStmt *ast.GoStmt) ast.Node {
-	switch fun := goStmt.Call.Fun.(type) {
-	case *ast.IndexExpr, *typeparams.IndexListExpr:
-		x, _, _, _ := typeparams.UnpackIndexExpr(fun)
-		id, _ := x.(*ast.Ident)
-		if id == nil {
-			break
-		}
-		if id.Obj == nil {
-			break
-		}
-		if funDecl, ok := id.Obj.Decl.(ast.Node); ok {
-			return funDecl
-		}
-	case *ast.Ident:
-		// TODO(cuonglm): improve this once golang/go#48141 resolved.
-		if fun.Obj == nil {
-			break
-		}
-		if funDecl, ok := fun.Obj.Decl.(ast.Node); ok {
-			return funDecl
-		}
-	case *ast.FuncLit:
-		return goStmt.Call.Fun
+// asyncCall describes a region of code that needs to be checked for
+// t.Forbidden() calls as it is started asynchronously from an async
+// node go fun() or t.Run(name, fun).
+type asyncCall struct {
+	region ast.Node // region of code to check for t.Forbidden() calls.
+	async  ast.Node // *ast.GoStmt or *ast.CallExpr (for t.Run)
+	scope  ast.Node // Report t.Forbidden() if t is not declared within scope.
+	fun    ast.Expr // fun in go fun() or t.Run(name, fun)
+}
+
+// withinScope returns true if x.Pos() is in [scope.Pos(), scope.End()].
+func withinScope(scope ast.Node, x *types.Var) bool {
+	if scope != nil {
+		return x.Pos() != token.NoPos && scope.Pos() <= x.Pos() && x.Pos() <= scope.End()
 	}
-	return goStmt.Call
+	return false
 }
 
-// checkGoStmt traverses the goroutine and checks for the
-// use of the forbidden *testing.(B, T) methods.
-func checkGoStmt(pass *analysis.Pass, goStmt *ast.GoStmt) {
-	fn := goStmtFun(goStmt)
-	// Otherwise examine the goroutine to check for the forbidden methods.
-	ast.Inspect(fn, func(n ast.Node) bool {
-		selExpr, ok := n.(*ast.SelectorExpr)
-		if !ok {
-			return true
-		}
+// goAsyncCall returns the extent of a call from a go fun() statement.
+func goAsyncCall(info *types.Info, goStmt *ast.GoStmt, toDecl func(*types.Func) *ast.FuncDecl) *asyncCall {
+	call := goStmt.Call
 
-		_, bad := forbidden[selExpr.Sel.Name]
-		if !bad {
-			return true
+	fun := astutil.Unparen(call.Fun)
+	if id := funcIdent(fun); id != nil {
+		if lit := funcLitInScope(id); lit != nil {
+			return &asyncCall{region: lit, async: goStmt, scope: nil, fun: fun}
 		}
+	}
 
-		// Now filter out false positives by the import-path/type.
-		ident, ok := selExpr.X.(*ast.Ident)
-		if !ok {
-			return true
+	if fn := typeutil.StaticCallee(info, call); fn != nil { // static call or method in the package?
+		if decl := toDecl(fn); decl != nil {
+			return &asyncCall{region: decl, async: goStmt, scope: nil, fun: fun}
 		}
-		if ident.Obj == nil || ident.Obj.Decl == nil {
-			return true
-		}
-		field, ok := ident.Obj.Decl.(*ast.Field)
-		if !ok {
-			return true
-		}
-		if typeName, ok := typeIsTestingDotTOrB(field.Type); ok {
-			var fnRange analysis.Range = goStmt
-			if _, ok := fn.(*ast.FuncLit); ok {
-				fnRange = selExpr
-			}
-			pass.ReportRangef(fnRange, "call to (*%s).%s from a non-test goroutine", typeName, selExpr.Sel)
+	}
+
+	// Check go statement for go t.Forbidden() or go func(){t.Forbidden()}().
+	return &asyncCall{region: goStmt, async: goStmt, scope: nil, fun: fun}
+}
+
+// tRunAsyncCall returns the extent of a call from a t.Run("name", fun) expression.
+func tRunAsyncCall(info *types.Info, call *ast.CallExpr) *asyncCall {
+	if len(call.Args) != 2 {
+		return nil
+	}
+	run := typeutil.Callee(info, call)
+	if run, ok := run.(*types.Func); !ok || !isMethodNamed(run, "testing", "Run") {
+		return nil
+	}
+
+	fun := astutil.Unparen(call.Args[1])
+	if lit, ok := fun.(*ast.FuncLit); ok { // function lit?
+		return &asyncCall{region: lit, async: call, scope: lit, fun: fun}
+	}
+
+	if id := funcIdent(fun); id != nil {
+		if lit := funcLitInScope(id); lit != nil { // function lit in variable?
+			return &asyncCall{region: lit, async: call, scope: lit, fun: fun}
 		}
-		return true
-	})
+	}
+
+	// Check within t.Run(name, fun) for calls to t.Forbidden,
+	// e.g. t.Run(name, func(t *testing.T){ t.Forbidden() })
+	return &asyncCall{region: call, async: call, scope: fun, fun: fun}
+}
+
+var forbidden = []string{
+	"FailNow",
+	"Fatal",
+	"Fatalf",
+	"Skip",
+	"Skipf",
+	"SkipNow",
+}
+
+// forbiddenMethod decomposes a call x.m() into (x, x.m, m) where
+// x is a variable, x.m is a selection, and m is the static callee m.
+// Returns (nil, nil, nil) if call is not of this form.
+func forbiddenMethod(info *types.Info, call *ast.CallExpr) (*types.Var, *types.Selection, *types.Func) {
+	// Compare to typeutil.StaticCallee.
+	fun := astutil.Unparen(call.Fun)
+	selExpr, ok := fun.(*ast.SelectorExpr)
+	if !ok {
+		return nil, nil, nil
+	}
+	sel := info.Selections[selExpr]
+	if sel == nil {
+		return nil, nil, nil
+	}
+
+	var x *types.Var
+	if id, ok := astutil.Unparen(selExpr.X).(*ast.Ident); ok {
+		x, _ = info.Uses[id].(*types.Var)
+	}
+	if x == nil {
+		return nil, nil, nil
+	}
+
+	fn, _ := sel.Obj().(*types.Func)
+	if fn == nil || !isMethodNamed(fn, "testing", forbidden...) {
+		return nil, nil, nil
+	}
+	return x, sel, fn
+}
+
+func formatMethod(sel *types.Selection, fn *types.Func) string {
+	var ptr string
+	rtype := sel.Recv()
+	if p, ok := rtype.(*types.Pointer); ok {
+		ptr = "*"
+		rtype = p.Elem()
+	}
+	return fmt.Sprintf("(%s%s).%s", ptr, rtype.String(), fn.Name())
 }
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go
new file mode 100644
index 000000000..805ccf49e
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/analysis/passes/testinggoroutine/util.go
@@ -0,0 +1,96 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package testinggoroutine
+
+import (
+	"go/ast"
+	"go/types"
+
+	"golang.org/x/tools/go/ast/astutil"
+	"golang.org/x/tools/internal/typeparams"
+)
+
+// AST and types utilities that not specific to testinggoroutines.
+
+// localFunctionDecls returns a mapping from *types.Func to *ast.FuncDecl in files.
+func localFunctionDecls(info *types.Info, files []*ast.File) func(*types.Func) *ast.FuncDecl {
+	var fnDecls map[*types.Func]*ast.FuncDecl // computed lazily
+	return func(f *types.Func) *ast.FuncDecl {
+		if f != nil && fnDecls == nil {
+			fnDecls = make(map[*types.Func]*ast.FuncDecl)
+			for _, file := range files {
+				for _, decl := range file.Decls {
+					if fnDecl, ok := decl.(*ast.FuncDecl); ok {
+						if fn, ok := info.Defs[fnDecl.Name].(*types.Func); ok {
+							fnDecls[fn] = fnDecl
+						}
+					}
+				}
+			}
+		}
+		// TODO: once we only support go1.19+, set f = f.Origin() here.
+		return fnDecls[f]
+	}
+}
+
+// isMethodNamed returns true if f is a method defined
+// in package with the path pkgPath with a name in names.
+func isMethodNamed(f *types.Func, pkgPath string, names ...string) bool {
+	if f == nil {
+		return false
+	}
+	if f.Pkg() == nil || f.Pkg().Path() != pkgPath {
+		return false
+	}
+	if f.Type().(*types.Signature).Recv() == nil {
+		return false
+	}
+	for _, n := range names {
+		if f.Name() == n {
+			return true
+		}
+	}
+	return false
+}
+
+func funcIdent(fun ast.Expr) *ast.Ident {
+	switch fun := astutil.Unparen(fun).(type) {
+	case *ast.IndexExpr, *typeparams.IndexListExpr:
+		x, _, _, _ := typeparams.UnpackIndexExpr(fun) // necessary?
+		id, _ := x.(*ast.Ident)
+		return id
+	case *ast.Ident:
+		return fun
+	default:
+		return nil
+	}
+}
+
+// funcLitInScope returns a FuncLit that id is at least initially assigned to.
+//
+// TODO: This is closely tied to id.Obj which is deprecated.
+func funcLitInScope(id *ast.Ident) *ast.FuncLit {
+	// Compare to (*ast.Object).Pos().
+	if id.Obj == nil {
+		return nil
+	}
+	var rhs ast.Expr
+	switch d := id.Obj.Decl.(type) {
+	case *ast.AssignStmt:
+		for i, x := range d.Lhs {
+			if ident, isIdent := x.(*ast.Ident); isIdent && ident.Name == id.Name && i < len(d.Rhs) {
+				rhs = d.Rhs[i]
+			}
+		}
+	case *ast.ValueSpec:
+		for i, n := range d.Names {
+			if n.Name == id.Name && i < len(d.Values) {
+				rhs = d.Values[i]
+			}
+		}
+	}
+	lit, _ := rhs.(*ast.FuncLit)
+	return lit
+}
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go b/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go
index 9589a46a5..d0b0ebb10 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/tests/tests.go
@@ -257,13 +257,7 @@ func isTestingType(typ types.Type, testingType string) bool {
 	if !ok {
 		return false
 	}
-	named, ok := ptr.Elem().(*types.Named)
-	if !ok {
-		return false
-	}
-	obj := named.Obj()
-	// obj.Pkg is nil for the error type.
-	return obj != nil && obj.Pkg() != nil && obj.Pkg().Path() == "testing" && obj.Name() == testingType
+	return analysisutil.IsNamedType(ptr.Elem(), "testing", testingType)
 }
 
 // Validate that fuzz target function's arguments are of accepted types.
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go b/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go
index c45b9fa54..eb84502bd 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/timeformat/timeformat.go
@@ -88,29 +88,16 @@ func run(pass *analysis.Pass) (interface{}, error) {
 }
 
 func isTimeDotFormat(f *types.Func) bool {
-	if f.Name() != "Format" || f.Pkg().Path() != "time" {
-		return false
-	}
-	sig, ok := f.Type().(*types.Signature)
-	if !ok {
+	if f.Name() != "Format" || f.Pkg() == nil || f.Pkg().Path() != "time" {
 		return false
 	}
 	// Verify that the receiver is time.Time.
-	recv := sig.Recv()
-	if recv == nil {
-		return false
-	}
-	named, ok := recv.Type().(*types.Named)
-	return ok && named.Obj().Name() == "Time"
+	recv := f.Type().(*types.Signature).Recv()
+	return recv != nil && analysisutil.IsNamedType(recv.Type(), "time", "Time")
 }
 
 func isTimeDotParse(f *types.Func) bool {
-	if f.Name() != "Parse" || f.Pkg().Path() != "time" {
-		return false
-	}
-	// Verify that there is no receiver.
-	sig, ok := f.Type().(*types.Signature)
-	return ok && sig.Recv() == nil
+	return analysisutil.IsFunctionNamed(f, "time", "Parse")
 }
 
 // badFormatAt return the start of a bad format in e or -1 if no bad format is found.
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go b/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go
index e43ac2078..32e71ef97 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/unsafeptr/unsafeptr.go
@@ -15,6 +15,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
 )
 
@@ -68,7 +69,7 @@ func isSafeUintptr(info *types.Info, x ast.Expr) bool {
 	// Check unsafe.Pointer safety rules according to
 	// https://golang.org/pkg/unsafe/#Pointer.
 
-	switch x := analysisutil.Unparen(x).(type) {
+	switch x := astutil.Unparen(x).(type) {
 	case *ast.SelectorExpr:
 		// "(6) Conversion of a reflect.SliceHeader or
 		// reflect.StringHeader Data field to or from Pointer."
@@ -104,8 +105,7 @@ func isSafeUintptr(info *types.Info, x ast.Expr) bool {
 		}
 		switch sel.Sel.Name {
 		case "Pointer", "UnsafeAddr":
-			t, ok := info.Types[sel.X].Type.(*types.Named)
-			if ok && t.Obj().Pkg().Path() == "reflect" && t.Obj().Name() == "Value" {
+			if analysisutil.IsNamedType(info.Types[sel.X].Type, "reflect", "Value") {
 				return true
 			}
 		}
@@ -118,7 +118,7 @@ func isSafeUintptr(info *types.Info, x ast.Expr) bool {
 // isSafeArith reports whether x is a pointer arithmetic expression that is safe
 // to convert to unsafe.Pointer.
 func isSafeArith(info *types.Info, x ast.Expr) bool {
-	switch x := analysisutil.Unparen(x).(type) {
+	switch x := astutil.Unparen(x).(type) {
 	case *ast.CallExpr:
 		// Base case: initial conversion from unsafe.Pointer to uintptr.
 		return len(x.Args) == 1 &&
@@ -153,13 +153,5 @@ func hasBasicType(info *types.Info, x ast.Expr, kind types.BasicKind) bool {
 
 // isReflectHeader reports whether t is reflect.SliceHeader or reflect.StringHeader.
 func isReflectHeader(t types.Type) bool {
-	if named, ok := t.(*types.Named); ok {
-		if obj := named.Obj(); obj.Pkg() != nil && obj.Pkg().Path() == "reflect" {
-			switch obj.Name() {
-			case "SliceHeader", "StringHeader":
-				return true
-			}
-		}
-	}
-	return false
+	return analysisutil.IsNamedType(t, "reflect", "SliceHeader", "StringHeader")
 }
diff --git a/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go b/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go
index cb487a217..7f79b4a75 100644
--- a/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go
+++ b/vendor/golang.org/x/tools/go/analysis/passes/unusedresult/unusedresult.go
@@ -24,6 +24,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
+	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/ast/inspector"
 	"golang.org/x/tools/go/types/typeutil"
 )
@@ -82,7 +83,7 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		(*ast.ExprStmt)(nil),
 	}
 	inspect.Preorder(nodeFilter, func(n ast.Node) {
-		call, ok := analysisutil.Unparen(n.(*ast.ExprStmt).X).(*ast.CallExpr)
+		call, ok := astutil.Unparen(n.(*ast.ExprStmt).X).(*ast.CallExpr)
 		if !ok {
 			return // not a call statement
 		}
@@ -92,7 +93,6 @@ func run(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return // e.g. var or builtin
 		}
-
 		if sig := fn.Type().(*types.Signature); sig.Recv() != nil {
 			// method (e.g. foo.String())
 			if types.Identical(sig, sigNoArgsStringResult) {
diff --git a/vendor/golang.org/x/tools/go/analysis/validate.go b/vendor/golang.org/x/tools/go/analysis/validate.go
index 9da5692af..4f2c40456 100644
--- a/vendor/golang.org/x/tools/go/analysis/validate.go
+++ b/vendor/golang.org/x/tools/go/analysis/validate.go
@@ -19,6 +19,8 @@ import (
 // that the Requires graph is acyclic;
 // that analyzer fact types are unique;
 // that each fact type is a pointer.
+//
+// Analyzer names need not be unique, though this may be confusing.
 func Validate(analyzers []*Analyzer) error {
 	// Map each fact type to its sole generating analyzer.
 	factTypes := make(map[reflect.Type]*Analyzer)
diff --git a/vendor/golang.org/x/tools/go/buildutil/fakecontext.go b/vendor/golang.org/x/tools/go/buildutil/fakecontext.go
index 15025f645..763d18809 100644
--- a/vendor/golang.org/x/tools/go/buildutil/fakecontext.go
+++ b/vendor/golang.org/x/tools/go/buildutil/fakecontext.go
@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"go/build"
 	"io"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -76,7 +75,7 @@ func FakeContext(pkgs map[string]map[string]string) *build.Context {
 		if !ok {
 			return nil, fmt.Errorf("file not found: %s", filename)
 		}
-		return ioutil.NopCloser(strings.NewReader(content)), nil
+		return io.NopCloser(strings.NewReader(content)), nil
 	}
 	ctxt.IsAbsPath = func(path string) bool {
 		path = filepath.ToSlash(path)
diff --git a/vendor/golang.org/x/tools/go/buildutil/overlay.go b/vendor/golang.org/x/tools/go/buildutil/overlay.go
index bdbfd9314..7e371658d 100644
--- a/vendor/golang.org/x/tools/go/buildutil/overlay.go
+++ b/vendor/golang.org/x/tools/go/buildutil/overlay.go
@@ -10,7 +10,6 @@ import (
 	"fmt"
 	"go/build"
 	"io"
-	"io/ioutil"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -33,7 +32,7 @@ func OverlayContext(orig *build.Context, overlay map[string][]byte) *build.Conte
 	// TODO(dominikh): Implement IsDir, HasSubdir and ReadDir
 
 	rc := func(data []byte) (io.ReadCloser, error) {
-		return ioutil.NopCloser(bytes.NewBuffer(data)), nil
+		return io.NopCloser(bytes.NewBuffer(data)), nil
 	}
 
 	copy := *orig // make a copy
diff --git a/vendor/golang.org/x/tools/go/internal/cgo/cgo.go b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go
index 3fce48003..697974bb9 100644
--- a/vendor/golang.org/x/tools/go/internal/cgo/cgo.go
+++ b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go
@@ -57,20 +57,18 @@ import (
 	"go/build"
 	"go/parser"
 	"go/token"
-	"io/ioutil"
 	"log"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strings"
-
-	exec "golang.org/x/sys/execabs"
 )
 
 // ProcessFiles invokes the cgo preprocessor on bp.CgoFiles, parses
 // the output and returns the resulting ASTs.
 func ProcessFiles(bp *build.Package, fset *token.FileSet, DisplayPath func(path string) string, mode parser.Mode) ([]*ast.File, error) {
-	tmpdir, err := ioutil.TempDir("", strings.Replace(bp.ImportPath, "/", "_", -1)+"_C")
+	tmpdir, err := os.MkdirTemp("", strings.Replace(bp.ImportPath, "/", "_", -1)+"_C")
 	if err != nil {
 		return nil, err
 	}
diff --git a/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go b/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go
index 7d94bbc1e..b5bb95a63 100644
--- a/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go
+++ b/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go
@@ -8,7 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"go/build"
-	exec "golang.org/x/sys/execabs"
+	"os/exec"
 	"strings"
 )
 
diff --git a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
index 18a002f82..333676b7c 100644
--- a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
+++ b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
@@ -8,42 +8,46 @@ package packagesdriver
 import (
 	"context"
 	"fmt"
-	"go/types"
 	"strings"
 
 	"golang.org/x/tools/internal/gocommand"
 )
 
-var debug = false
-
-func GetSizesGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (types.Sizes, error) {
+func GetSizesForArgsGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (string, string, error) {
 	inv.Verb = "list"
 	inv.Args = []string{"-f", "{{context.GOARCH}} {{context.Compiler}}", "--", "unsafe"}
 	stdout, stderr, friendlyErr, rawErr := gocmdRunner.RunRaw(ctx, inv)
 	var goarch, compiler string
 	if rawErr != nil {
-		if rawErrMsg := rawErr.Error(); strings.Contains(rawErrMsg, "cannot find main module") || strings.Contains(rawErrMsg, "go.mod file not found") {
-			// User's running outside of a module. All bets are off. Get GOARCH and guess compiler is gc.
+		rawErrMsg := rawErr.Error()
+		if strings.Contains(rawErrMsg, "cannot find main module") ||
+			strings.Contains(rawErrMsg, "go.mod file not found") {
+			// User's running outside of a module.
+			// All bets are off. Get GOARCH and guess compiler is gc.
 			// TODO(matloob): Is this a problem in practice?
 			inv.Verb = "env"
 			inv.Args = []string{"GOARCH"}
 			envout, enverr := gocmdRunner.Run(ctx, inv)
 			if enverr != nil {
-				return nil, enverr
+				return "", "", enverr
 			}
 			goarch = strings.TrimSpace(envout.String())
 			compiler = "gc"
+		} else if friendlyErr != nil {
+			return "", "", friendlyErr
 		} else {
-			return nil, friendlyErr
+			// This should be unreachable, but be defensive
+			// in case RunRaw's error results are inconsistent.
+			return "", "", rawErr
 		}
 	} else {
 		fields := strings.Fields(stdout.String())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\":\nstdout: <<%s>>\nstderr: <<%s>>",
+			return "", "", fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\":\nstdout: <<%s>>\nstderr: <<%s>>",
 				stdout.String(), stderr.String())
 		}
 		goarch = fields[0]
 		compiler = fields[1]
 	}
-	return types.SizesFor(compiler, goarch), nil
+	return compiler, goarch, nil
 }
diff --git a/vendor/golang.org/x/tools/go/loader/loader.go b/vendor/golang.org/x/tools/go/loader/loader.go
index edf62c2cc..41ee08b9b 100644
--- a/vendor/golang.org/x/tools/go/loader/loader.go
+++ b/vendor/golang.org/x/tools/go/loader/loader.go
@@ -24,6 +24,7 @@ import (
 	"golang.org/x/tools/go/ast/astutil"
 	"golang.org/x/tools/go/internal/cgo"
 	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/internal/versions"
 )
 
 var ignoreVendor build.ImportMode
@@ -1040,6 +1041,7 @@ func (imp *importer) newPackageInfo(path, dir string) *PackageInfo {
 		dir:       dir,
 	}
 	typeparams.InitInstanceInfo(&info.Info)
+	versions.InitFileVersions(&info.Info)
 
 	// Copy the types.Config so we can vary it across PackageInfos.
 	tc := imp.conf.TypeChecker
diff --git a/vendor/golang.org/x/tools/go/packages/doc.go b/vendor/golang.org/x/tools/go/packages/doc.go
index da4ab89fe..a7a8f73e3 100644
--- a/vendor/golang.org/x/tools/go/packages/doc.go
+++ b/vendor/golang.org/x/tools/go/packages/doc.go
@@ -35,7 +35,7 @@ The Package struct provides basic information about the package, including
   - Imports, a map from source import strings to the Packages they name;
   - Types, the type information for the package's exported symbols;
   - Syntax, the parsed syntax trees for the package's source code; and
-  - TypeInfo, the result of a complete type-check of the package syntax trees.
+  - TypesInfo, the result of a complete type-check of the package syntax trees.
 
 (See the documentation for type Package for the complete list of fields
 and more detailed descriptions.)
diff --git a/vendor/golang.org/x/tools/go/packages/external.go b/vendor/golang.org/x/tools/go/packages/external.go
index 7242a0a7d..7db1d1293 100644
--- a/vendor/golang.org/x/tools/go/packages/external.go
+++ b/vendor/golang.org/x/tools/go/packages/external.go
@@ -12,8 +12,8 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	exec "golang.org/x/sys/execabs"
 	"os"
+	"os/exec"
 	"strings"
 )
 
diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go
index 58230038a..cd375fbc3 100644
--- a/vendor/golang.org/x/tools/go/packages/golist.go
+++ b/vendor/golang.org/x/tools/go/packages/golist.go
@@ -9,10 +9,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"go/types"
-	"io/ioutil"
 	"log"
 	"os"
+	"os/exec"
 	"path"
 	"path/filepath"
 	"reflect"
@@ -22,7 +21,6 @@ import (
 	"sync"
 	"unicode"
 
-	exec "golang.org/x/sys/execabs"
 	"golang.org/x/tools/go/internal/packagesdriver"
 	"golang.org/x/tools/internal/gocommand"
 	"golang.org/x/tools/internal/packagesinternal"
@@ -153,10 +151,10 @@ func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
 	if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 {
 		sizeswg.Add(1)
 		go func() {
-			var sizes types.Sizes
-			sizes, sizeserr = packagesdriver.GetSizesGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
-			// types.SizesFor always returns nil or a *types.StdSizes.
-			response.dr.Sizes, _ = sizes.(*types.StdSizes)
+			compiler, arch, err := packagesdriver.GetSizesForArgsGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
+			sizeserr = err
+			response.dr.Compiler = compiler
+			response.dr.Arch = arch
 			sizeswg.Done()
 		}()
 	}
@@ -210,62 +208,6 @@ extractQueries:
 		}
 	}
 
-	// Only use go/packages' overlay processing if we're using a Go version
-	// below 1.16. Otherwise, go list handles it.
-	if goVersion, err := state.getGoVersion(); err == nil && goVersion < 16 {
-		modifiedPkgs, needPkgs, err := state.processGolistOverlay(response)
-		if err != nil {
-			return nil, err
-		}
-
-		var containsCandidates []string
-		if len(containFiles) > 0 {
-			containsCandidates = append(containsCandidates, modifiedPkgs...)
-			containsCandidates = append(containsCandidates, needPkgs...)
-		}
-		if err := state.addNeededOverlayPackages(response, needPkgs); err != nil {
-			return nil, err
-		}
-		// Check candidate packages for containFiles.
-		if len(containFiles) > 0 {
-			for _, id := range containsCandidates {
-				pkg, ok := response.seenPackages[id]
-				if !ok {
-					response.addPackage(&Package{
-						ID: id,
-						Errors: []Error{{
-							Kind: ListError,
-							Msg:  fmt.Sprintf("package %s expected but not seen", id),
-						}},
-					})
-					continue
-				}
-				for _, f := range containFiles {
-					for _, g := range pkg.GoFiles {
-						if sameFile(f, g) {
-							response.addRoot(id)
-						}
-					}
-				}
-			}
-		}
-		// Add root for any package that matches a pattern. This applies only to
-		// packages that are modified by overlays, since they are not added as
-		// roots automatically.
-		for _, pattern := range restPatterns {
-			match := matchPattern(pattern)
-			for _, pkgID := range modifiedPkgs {
-				pkg, ok := response.seenPackages[pkgID]
-				if !ok {
-					continue
-				}
-				if match(pkg.PkgPath) {
-					response.addRoot(pkg.ID)
-				}
-			}
-		}
-	}
-
 	sizeswg.Wait()
 	if sizeserr != nil {
 		return nil, sizeserr
@@ -273,24 +215,6 @@ extractQueries:
 	return response.dr, nil
 }
 
-func (state *golistState) addNeededOverlayPackages(response *responseDeduper, pkgs []string) error {
-	if len(pkgs) == 0 {
-		return nil
-	}
-	dr, err := state.createDriverResponse(pkgs...)
-	if err != nil {
-		return err
-	}
-	for _, pkg := range dr.Packages {
-		response.addPackage(pkg)
-	}
-	_, needPkgs, err := state.processGolistOverlay(response)
-	if err != nil {
-		return err
-	}
-	return state.addNeededOverlayPackages(response, needPkgs)
-}
-
 func (state *golistState) runContainsQueries(response *responseDeduper, queries []string) error {
 	for _, query := range queries {
 		// TODO(matloob): Do only one query per directory.
@@ -1110,7 +1034,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 	if len(state.cfg.Overlay) == 0 {
 		return "", func() {}, nil
 	}
-	dir, err := ioutil.TempDir("", "gopackages-*")
+	dir, err := os.MkdirTemp("", "gopackages-*")
 	if err != nil {
 		return "", nil, err
 	}
@@ -1129,7 +1053,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 		// Create a unique filename for the overlaid files, to avoid
 		// creating nested directories.
 		noSeparator := strings.Join(strings.Split(filepath.ToSlash(k), "/"), "")
-		f, err := ioutil.TempFile(dir, fmt.Sprintf("*-%s", noSeparator))
+		f, err := os.CreateTemp(dir, fmt.Sprintf("*-%s", noSeparator))
 		if err != nil {
 			return "", func() {}, err
 		}
@@ -1147,7 +1071,7 @@ func (state *golistState) writeOverlays() (filename string, cleanup func(), err
 	}
 	// Write out the overlay file that contains the filepath mappings.
 	filename = filepath.Join(dir, "overlay.json")
-	if err := ioutil.WriteFile(filename, b, 0665); err != nil {
+	if err := os.WriteFile(filename, b, 0665); err != nil {
 		return "", func() {}, err
 	}
 	return filename, cleanup, nil
diff --git a/vendor/golang.org/x/tools/go/packages/golist_overlay.go b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
index 9576b472f..d823c474a 100644
--- a/vendor/golang.org/x/tools/go/packages/golist_overlay.go
+++ b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
@@ -6,314 +6,11 @@ package packages
 
 import (
 	"encoding/json"
-	"fmt"
-	"go/parser"
-	"go/token"
-	"os"
 	"path/filepath"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
 
 	"golang.org/x/tools/internal/gocommand"
 )
 
-// processGolistOverlay provides rudimentary support for adding
-// files that don't exist on disk to an overlay. The results can be
-// sometimes incorrect.
-// TODO(matloob): Handle unsupported cases, including the following:
-// - determining the correct package to add given a new import path
-func (state *golistState) processGolistOverlay(response *responseDeduper) (modifiedPkgs, needPkgs []string, err error) {
-	havePkgs := make(map[string]string) // importPath -> non-test package ID
-	needPkgsSet := make(map[string]bool)
-	modifiedPkgsSet := make(map[string]bool)
-
-	pkgOfDir := make(map[string][]*Package)
-	for _, pkg := range response.dr.Packages {
-		// This is an approximation of import path to id. This can be
-		// wrong for tests, vendored packages, and a number of other cases.
-		havePkgs[pkg.PkgPath] = pkg.ID
-		dir, err := commonDir(pkg.GoFiles)
-		if err != nil {
-			return nil, nil, err
-		}
-		if dir != "" {
-			pkgOfDir[dir] = append(pkgOfDir[dir], pkg)
-		}
-	}
-
-	// If no new imports are added, it is safe to avoid loading any needPkgs.
-	// Otherwise, it's hard to tell which package is actually being loaded
-	// (due to vendoring) and whether any modified package will show up
-	// in the transitive set of dependencies (because new imports are added,
-	// potentially modifying the transitive set of dependencies).
-	var overlayAddsImports bool
-
-	// If both a package and its test package are created by the overlay, we
-	// need the real package first. Process all non-test files before test
-	// files, and make the whole process deterministic while we're at it.
-	var overlayFiles []string
-	for opath := range state.cfg.Overlay {
-		overlayFiles = append(overlayFiles, opath)
-	}
-	sort.Slice(overlayFiles, func(i, j int) bool {
-		iTest := strings.HasSuffix(overlayFiles[i], "_test.go")
-		jTest := strings.HasSuffix(overlayFiles[j], "_test.go")
-		if iTest != jTest {
-			return !iTest // non-tests are before tests.
-		}
-		return overlayFiles[i] < overlayFiles[j]
-	})
-	for _, opath := range overlayFiles {
-		contents := state.cfg.Overlay[opath]
-		base := filepath.Base(opath)
-		dir := filepath.Dir(opath)
-		var pkg *Package           // if opath belongs to both a package and its test variant, this will be the test variant
-		var testVariantOf *Package // if opath is a test file, this is the package it is testing
-		var fileExists bool
-		isTestFile := strings.HasSuffix(opath, "_test.go")
-		pkgName, ok := extractPackageName(opath, contents)
-		if !ok {
-			// Don't bother adding a file that doesn't even have a parsable package statement
-			// to the overlay.
-			continue
-		}
-		// If all the overlay files belong to a different package, change the
-		// package name to that package.
-		maybeFixPackageName(pkgName, isTestFile, pkgOfDir[dir])
-	nextPackage:
-		for _, p := range response.dr.Packages {
-			if pkgName != p.Name && p.ID != "command-line-arguments" {
-				continue
-			}
-			for _, f := range p.GoFiles {
-				if !sameFile(filepath.Dir(f), dir) {
-					continue
-				}
-				// Make sure to capture information on the package's test variant, if needed.
-				if isTestFile && !hasTestFiles(p) {
-					// TODO(matloob): Are there packages other than the 'production' variant
-					// of a package that this can match? This shouldn't match the test main package
-					// because the file is generated in another directory.
-					testVariantOf = p
-					continue nextPackage
-				} else if !isTestFile && hasTestFiles(p) {
-					// We're examining a test variant, but the overlaid file is
-					// a non-test file. Because the overlay implementation
-					// (currently) only adds a file to one package, skip this
-					// package, so that we can add the file to the production
-					// variant of the package. (https://golang.org/issue/36857
-					// tracks handling overlays on both the production and test
-					// variant of a package).
-					continue nextPackage
-				}
-				if pkg != nil && p != pkg && pkg.PkgPath == p.PkgPath {
-					// We have already seen the production version of the
-					// for which p is a test variant.
-					if hasTestFiles(p) {
-						testVariantOf = pkg
-					}
-				}
-				pkg = p
-				if filepath.Base(f) == base {
-					fileExists = true
-				}
-			}
-		}
-		// The overlay could have included an entirely new package or an
-		// ad-hoc package. An ad-hoc package is one that we have manually
-		// constructed from inadequate `go list` results for a file= query.
-		// It will have the ID command-line-arguments.
-		if pkg == nil || pkg.ID == "command-line-arguments" {
-			// Try to find the module or gopath dir the file is contained in.
-			// Then for modules, add the module opath to the beginning.
-			pkgPath, ok, err := state.getPkgPath(dir)
-			if err != nil {
-				return nil, nil, err
-			}
-			if !ok {
-				break
-			}
-			var forTest string // only set for x tests
-			isXTest := strings.HasSuffix(pkgName, "_test")
-			if isXTest {
-				forTest = pkgPath
-				pkgPath += "_test"
-			}
-			id := pkgPath
-			if isTestFile {
-				if isXTest {
-					id = fmt.Sprintf("%s [%s.test]", pkgPath, forTest)
-				} else {
-					id = fmt.Sprintf("%s [%s.test]", pkgPath, pkgPath)
-				}
-			}
-			if pkg != nil {
-				// TODO(rstambler): We should change the package's path and ID
-				// here. The only issue is that this messes with the roots.
-			} else {
-				// Try to reclaim a package with the same ID, if it exists in the response.
-				for _, p := range response.dr.Packages {
-					if reclaimPackage(p, id, opath, contents) {
-						pkg = p
-						break
-					}
-				}
-				// Otherwise, create a new package.
-				if pkg == nil {
-					pkg = &Package{
-						PkgPath: pkgPath,
-						ID:      id,
-						Name:    pkgName,
-						Imports: make(map[string]*Package),
-					}
-					response.addPackage(pkg)
-					havePkgs[pkg.PkgPath] = id
-					// Add the production package's sources for a test variant.
-					if isTestFile && !isXTest && testVariantOf != nil {
-						pkg.GoFiles = append(pkg.GoFiles, testVariantOf.GoFiles...)
-						pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, testVariantOf.CompiledGoFiles...)
-						// Add the package under test and its imports to the test variant.
-						pkg.forTest = testVariantOf.PkgPath
-						for k, v := range testVariantOf.Imports {
-							pkg.Imports[k] = &Package{ID: v.ID}
-						}
-					}
-					if isXTest {
-						pkg.forTest = forTest
-					}
-				}
-			}
-		}
-		if !fileExists {
-			pkg.GoFiles = append(pkg.GoFiles, opath)
-			// TODO(matloob): Adding the file to CompiledGoFiles can exhibit the wrong behavior
-			// if the file will be ignored due to its build tags.
-			pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, opath)
-			modifiedPkgsSet[pkg.ID] = true
-		}
-		imports, err := extractImports(opath, contents)
-		if err != nil {
-			// Let the parser or type checker report errors later.
-			continue
-		}
-		for _, imp := range imports {
-			// TODO(rstambler): If the package is an x test and the import has
-			// a test variant, make sure to replace it.
-			if _, found := pkg.Imports[imp]; found {
-				continue
-			}
-			overlayAddsImports = true
-			id, ok := havePkgs[imp]
-			if !ok {
-				var err error
-				id, err = state.resolveImport(dir, imp)
-				if err != nil {
-					return nil, nil, err
-				}
-			}
-			pkg.Imports[imp] = &Package{ID: id}
-			// Add dependencies to the non-test variant version of this package as well.
-			if testVariantOf != nil {
-				testVariantOf.Imports[imp] = &Package{ID: id}
-			}
-		}
-	}
-
-	// toPkgPath guesses the package path given the id.
-	toPkgPath := func(sourceDir, id string) (string, error) {
-		if i := strings.IndexByte(id, ' '); i >= 0 {
-			return state.resolveImport(sourceDir, id[:i])
-		}
-		return state.resolveImport(sourceDir, id)
-	}
-
-	// Now that new packages have been created, do another pass to determine
-	// the new set of missing packages.
-	for _, pkg := range response.dr.Packages {
-		for _, imp := range pkg.Imports {
-			if len(pkg.GoFiles) == 0 {
-				return nil, nil, fmt.Errorf("cannot resolve imports for package %q with no Go files", pkg.PkgPath)
-			}
-			pkgPath, err := toPkgPath(filepath.Dir(pkg.GoFiles[0]), imp.ID)
-			if err != nil {
-				return nil, nil, err
-			}
-			if _, ok := havePkgs[pkgPath]; !ok {
-				needPkgsSet[pkgPath] = true
-			}
-		}
-	}
-
-	if overlayAddsImports {
-		needPkgs = make([]string, 0, len(needPkgsSet))
-		for pkg := range needPkgsSet {
-			needPkgs = append(needPkgs, pkg)
-		}
-	}
-	modifiedPkgs = make([]string, 0, len(modifiedPkgsSet))
-	for pkg := range modifiedPkgsSet {
-		modifiedPkgs = append(modifiedPkgs, pkg)
-	}
-	return modifiedPkgs, needPkgs, err
-}
-
-// resolveImport finds the ID of a package given its import path.
-// In particular, it will find the right vendored copy when in GOPATH mode.
-func (state *golistState) resolveImport(sourceDir, importPath string) (string, error) {
-	env, err := state.getEnv()
-	if err != nil {
-		return "", err
-	}
-	if env["GOMOD"] != "" {
-		return importPath, nil
-	}
-
-	searchDir := sourceDir
-	for {
-		vendorDir := filepath.Join(searchDir, "vendor")
-		exists, ok := state.vendorDirs[vendorDir]
-		if !ok {
-			info, err := os.Stat(vendorDir)
-			exists = err == nil && info.IsDir()
-			state.vendorDirs[vendorDir] = exists
-		}
-
-		if exists {
-			vendoredPath := filepath.Join(vendorDir, importPath)
-			if info, err := os.Stat(vendoredPath); err == nil && info.IsDir() {
-				// We should probably check for .go files here, but shame on anyone who fools us.
-				path, ok, err := state.getPkgPath(vendoredPath)
-				if err != nil {
-					return "", err
-				}
-				if ok {
-					return path, nil
-				}
-			}
-		}
-
-		// We know we've hit the top of the filesystem when we Dir / and get /,
-		// or C:\ and get C:\, etc.
-		next := filepath.Dir(searchDir)
-		if next == searchDir {
-			break
-		}
-		searchDir = next
-	}
-	return importPath, nil
-}
-
-func hasTestFiles(p *Package) bool {
-	for _, f := range p.GoFiles {
-		if strings.HasSuffix(f, "_test.go") {
-			return true
-		}
-	}
-	return false
-}
-
 // determineRootDirs returns a mapping from absolute directories that could
 // contain code to their corresponding import path prefixes.
 func (state *golistState) determineRootDirs() (map[string]string, error) {
@@ -384,192 +81,3 @@ func (state *golistState) determineRootDirsGOPATH() (map[string]string, error) {
 	}
 	return m, nil
 }
-
-func extractImports(filename string, contents []byte) ([]string, error) {
-	f, err := parser.ParseFile(token.NewFileSet(), filename, contents, parser.ImportsOnly) // TODO(matloob): reuse fileset?
-	if err != nil {
-		return nil, err
-	}
-	var res []string
-	for _, imp := range f.Imports {
-		quotedPath := imp.Path.Value
-		path, err := strconv.Unquote(quotedPath)
-		if err != nil {
-			return nil, err
-		}
-		res = append(res, path)
-	}
-	return res, nil
-}
-
-// reclaimPackage attempts to reuse a package that failed to load in an overlay.
-//
-// If the package has errors and has no Name, GoFiles, or Imports,
-// then it's possible that it doesn't yet exist on disk.
-func reclaimPackage(pkg *Package, id string, filename string, contents []byte) bool {
-	// TODO(rstambler): Check the message of the actual error?
-	// It differs between $GOPATH and module mode.
-	if pkg.ID != id {
-		return false
-	}
-	if len(pkg.Errors) != 1 {
-		return false
-	}
-	if pkg.Name != "" || pkg.ExportFile != "" {
-		return false
-	}
-	if len(pkg.GoFiles) > 0 || len(pkg.CompiledGoFiles) > 0 || len(pkg.OtherFiles) > 0 {
-		return false
-	}
-	if len(pkg.Imports) > 0 {
-		return false
-	}
-	pkgName, ok := extractPackageName(filename, contents)
-	if !ok {
-		return false
-	}
-	pkg.Name = pkgName
-	pkg.Errors = nil
-	return true
-}
-
-func extractPackageName(filename string, contents []byte) (string, bool) {
-	// TODO(rstambler): Check the message of the actual error?
-	// It differs between $GOPATH and module mode.
-	f, err := parser.ParseFile(token.NewFileSet(), filename, contents, parser.PackageClauseOnly) // TODO(matloob): reuse fileset?
-	if err != nil {
-		return "", false
-	}
-	return f.Name.Name, true
-}
-
-// commonDir returns the directory that all files are in, "" if files is empty,
-// or an error if they aren't in the same directory.
-func commonDir(files []string) (string, error) {
-	seen := make(map[string]bool)
-	for _, f := range files {
-		seen[filepath.Dir(f)] = true
-	}
-	if len(seen) > 1 {
-		return "", fmt.Errorf("files (%v) are in more than one directory: %v", files, seen)
-	}
-	for k := range seen {
-		// seen has only one element; return it.
-		return k, nil
-	}
-	return "", nil // no files
-}
-
-// It is possible that the files in the disk directory dir have a different package
-// name from newName, which is deduced from the overlays. If they all have a different
-// package name, and they all have the same package name, then that name becomes
-// the package name.
-// It returns true if it changes the package name, false otherwise.
-func maybeFixPackageName(newName string, isTestFile bool, pkgsOfDir []*Package) {
-	names := make(map[string]int)
-	for _, p := range pkgsOfDir {
-		names[p.Name]++
-	}
-	if len(names) != 1 {
-		// some files are in different packages
-		return
-	}
-	var oldName string
-	for k := range names {
-		oldName = k
-	}
-	if newName == oldName {
-		return
-	}
-	// We might have a case where all of the package names in the directory are
-	// the same, but the overlay file is for an x test, which belongs to its
-	// own package. If the x test does not yet exist on disk, we may not yet
-	// have its package name on disk, but we should not rename the packages.
-	//
-	// We use a heuristic to determine if this file belongs to an x test:
-	// The test file should have a package name whose package name has a _test
-	// suffix or looks like "newName_test".
-	maybeXTest := strings.HasPrefix(oldName+"_test", newName) || strings.HasSuffix(newName, "_test")
-	if isTestFile && maybeXTest {
-		return
-	}
-	for _, p := range pkgsOfDir {
-		p.Name = newName
-	}
-}
-
-// This function is copy-pasted from
-// https://github.com/golang/go/blob/9706f510a5e2754595d716bd64be8375997311fb/src/cmd/go/internal/search/search.go#L360.
-// It should be deleted when we remove support for overlays from go/packages.
-//
-// NOTE: This does not handle any ./... or ./ style queries, as this function
-// doesn't know the working directory.
-//
-// matchPattern(pattern)(name) reports whether
-// name matches pattern. Pattern is a limited glob
-// pattern in which '...' means 'any string' and there
-// is no other special syntax.
-// Unfortunately, there are two special cases. Quoting "go help packages":
-//
-// First, /... at the end of the pattern can match an empty string,
-// so that net/... matches both net and packages in its subdirectories, like net/http.
-// Second, any slash-separated pattern element containing a wildcard never
-// participates in a match of the "vendor" element in the path of a vendored
-// package, so that ./... does not match packages in subdirectories of
-// ./vendor or ./mycode/vendor, but ./vendor/... and ./mycode/vendor/... do.
-// Note, however, that a directory named vendor that itself contains code
-// is not a vendored package: cmd/vendor would be a command named vendor,
-// and the pattern cmd/... matches it.
-func matchPattern(pattern string) func(name string) bool {
-	// Convert pattern to regular expression.
-	// The strategy for the trailing /... is to nest it in an explicit ? expression.
-	// The strategy for the vendor exclusion is to change the unmatchable
-	// vendor strings to a disallowed code point (vendorChar) and to use
-	// "(anything but that codepoint)*" as the implementation of the ... wildcard.
-	// This is a bit complicated but the obvious alternative,
-	// namely a hand-written search like in most shell glob matchers,
-	// is too easy to make accidentally exponential.
-	// Using package regexp guarantees linear-time matching.
-
-	const vendorChar = "\x00"
-
-	if strings.Contains(pattern, vendorChar) {
-		return func(name string) bool { return false }
-	}
-
-	re := regexp.QuoteMeta(pattern)
-	re = replaceVendor(re, vendorChar)
-	switch {
-	case strings.HasSuffix(re, `/`+vendorChar+`/\.\.\.`):
-		re = strings.TrimSuffix(re, `/`+vendorChar+`/\.\.\.`) + `(/vendor|/` + vendorChar + `/\.\.\.)`
-	case re == vendorChar+`/\.\.\.`:
-		re = `(/vendor|/` + vendorChar + `/\.\.\.)`
-	case strings.HasSuffix(re, `/\.\.\.`):
-		re = strings.TrimSuffix(re, `/\.\.\.`) + `(/\.\.\.)?`
-	}
-	re = strings.ReplaceAll(re, `\.\.\.`, `[^`+vendorChar+`]*`)
-
-	reg := regexp.MustCompile(`^` + re + `$`)
-
-	return func(name string) bool {
-		if strings.Contains(name, vendorChar) {
-			return false
-		}
-		return reg.MatchString(replaceVendor(name, vendorChar))
-	}
-}
-
-// replaceVendor returns the result of replacing
-// non-trailing vendor path elements in x with repl.
-func replaceVendor(x, repl string) string {
-	if !strings.Contains(x, "vendor") {
-		return x
-	}
-	elem := strings.Split(x, "/")
-	for i := 0; i < len(elem)-1; i++ {
-		if elem[i] == "vendor" {
-			elem[i] = repl
-		}
-	}
-	return strings.Join(elem, "/")
-}
diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go
index da1a27eea..bd79efc1a 100644
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -16,7 +16,6 @@ import (
 	"go/token"
 	"go/types"
 	"io"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -30,6 +29,7 @@ import (
 	"golang.org/x/tools/internal/packagesinternal"
 	"golang.org/x/tools/internal/typeparams"
 	"golang.org/x/tools/internal/typesinternal"
+	"golang.org/x/tools/internal/versions"
 )
 
 // A LoadMode controls the amount of detail to return when loading.
@@ -220,8 +220,10 @@ type driverResponse struct {
 	// lists of multiple drivers, go/packages will fall back to the next driver.
 	NotHandled bool
 
-	// Sizes, if not nil, is the types.Sizes to use when type checking.
-	Sizes *types.StdSizes
+	// Compiler and Arch are the arguments pass of types.SizesFor
+	// to get a types.Sizes to use when type checking.
+	Compiler string
+	Arch     string
 
 	// Roots is the set of package IDs that make up the root packages.
 	// We have to encode this separately because when we encode a single package
@@ -257,31 +259,52 @@ type driverResponse struct {
 // proceeding with further analysis. The PrintErrors function is
 // provided for convenient display of all errors.
 func Load(cfg *Config, patterns ...string) ([]*Package, error) {
-	l := newLoader(cfg)
-	response, err := defaultDriver(&l.Config, patterns...)
+	ld := newLoader(cfg)
+	response, external, err := defaultDriver(&ld.Config, patterns...)
 	if err != nil {
 		return nil, err
 	}
-	l.sizes = response.Sizes
-	return l.refine(response)
+
+	ld.sizes = types.SizesFor(response.Compiler, response.Arch)
+	if ld.sizes == nil && ld.Config.Mode&(NeedTypes|NeedTypesSizes|NeedTypesInfo) != 0 {
+		// Type size information is needed but unavailable.
+		if external {
+			// An external driver may fail to populate the Compiler/GOARCH fields,
+			// especially since they are relatively new (see #63700).
+			// Provide a sensible fallback in this case.
+			ld.sizes = types.SizesFor("gc", runtime.GOARCH)
+			if ld.sizes == nil { // gccgo-only arch
+				ld.sizes = types.SizesFor("gc", "amd64")
+			}
+		} else {
+			// Go list should never fail to deliver accurate size information.
+			// Reject the whole Load since the error is the same for every package.
+			return nil, fmt.Errorf("can't determine type sizes for compiler %q on GOARCH %q",
+				response.Compiler, response.Arch)
+		}
+	}
+
+	return ld.refine(response)
 }
 
 // defaultDriver is a driver that implements go/packages' fallback behavior.
 // It will try to request to an external driver, if one exists. If there's
 // no external driver, or the driver returns a response with NotHandled set,
 // defaultDriver will fall back to the go list driver.
-func defaultDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
-	driver := findExternalDriver(cfg)
-	if driver == nil {
-		driver = goListDriver
-	}
-	response, err := driver(cfg, patterns...)
-	if err != nil {
-		return response, err
-	} else if response.NotHandled {
-		return goListDriver(cfg, patterns...)
+// The boolean result indicates that an external driver handled the request.
+func defaultDriver(cfg *Config, patterns ...string) (*driverResponse, bool, error) {
+	if driver := findExternalDriver(cfg); driver != nil {
+		response, err := driver(cfg, patterns...)
+		if err != nil {
+			return nil, false, err
+		} else if !response.NotHandled {
+			return response, true, nil
+		}
+		// (fall through)
 	}
-	return response, nil
+
+	response, err := goListDriver(cfg, patterns...)
+	return response, false, err
 }
 
 // A Package describes a loaded Go package.
@@ -410,12 +433,6 @@ func init() {
 	packagesinternal.GetDepsErrors = func(p interface{}) []*packagesinternal.PackageError {
 		return p.(*Package).depsErrors
 	}
-	packagesinternal.GetGoCmdRunner = func(config interface{}) *gocommand.Runner {
-		return config.(*Config).gocmdRunner
-	}
-	packagesinternal.SetGoCmdRunner = func(config interface{}, runner *gocommand.Runner) {
-		config.(*Config).gocmdRunner = runner
-	}
 	packagesinternal.SetModFile = func(config interface{}, value string) {
 		config.(*Config).modFile = value
 	}
@@ -552,7 +569,7 @@ type loaderPackage struct {
 type loader struct {
 	pkgs map[string]*loaderPackage
 	Config
-	sizes        types.Sizes
+	sizes        types.Sizes // non-nil if needed by mode
 	parseCache   map[string]*parseValue
 	parseCacheMu sync.Mutex
 	exportMu     sync.Mutex // enforces mutual exclusion of exportdata operations
@@ -677,39 +694,38 @@ func (ld *loader) refine(response *driverResponse) ([]*Package, error) {
 		}
 	}
 
-	// Materialize the import graph.
-
-	const (
-		white = 0 // new
-		grey  = 1 // in progress
-		black = 2 // complete
-	)
-
-	// visit traverses the import graph, depth-first,
-	// and materializes the graph as Packages.Imports.
-	//
-	// Valid imports are saved in the Packages.Import map.
-	// Invalid imports (cycles and missing nodes) are saved in the importErrors map.
-	// Thus, even in the presence of both kinds of errors, the Import graph remains a DAG.
-	//
-	// visit returns whether the package needs src or has a transitive
-	// dependency on a package that does. These are the only packages
-	// for which we load source code.
-	var stack []*loaderPackage
-	var visit func(lpkg *loaderPackage) bool
-	var srcPkgs []*loaderPackage
-	visit = func(lpkg *loaderPackage) bool {
-		switch lpkg.color {
-		case black:
-			return lpkg.needsrc
-		case grey:
-			panic("internal error: grey node")
-		}
-		lpkg.color = grey
-		stack = append(stack, lpkg) // push
-		stubs := lpkg.Imports       // the structure form has only stubs with the ID in the Imports
-		// If NeedImports isn't set, the imports fields will all be zeroed out.
-		if ld.Mode&NeedImports != 0 {
+	if ld.Mode&NeedImports != 0 {
+		// Materialize the import graph.
+
+		const (
+			white = 0 // new
+			grey  = 1 // in progress
+			black = 2 // complete
+		)
+
+		// visit traverses the import graph, depth-first,
+		// and materializes the graph as Packages.Imports.
+		//
+		// Valid imports are saved in the Packages.Import map.
+		// Invalid imports (cycles and missing nodes) are saved in the importErrors map.
+		// Thus, even in the presence of both kinds of errors,
+		// the Import graph remains a DAG.
+		//
+		// visit returns whether the package needs src or has a transitive
+		// dependency on a package that does. These are the only packages
+		// for which we load source code.
+		var stack []*loaderPackage
+		var visit func(lpkg *loaderPackage) bool
+		visit = func(lpkg *loaderPackage) bool {
+			switch lpkg.color {
+			case black:
+				return lpkg.needsrc
+			case grey:
+				panic("internal error: grey node")
+			}
+			lpkg.color = grey
+			stack = append(stack, lpkg) // push
+			stubs := lpkg.Imports       // the structure form has only stubs with the ID in the Imports
 			lpkg.Imports = make(map[string]*Package, len(stubs))
 			for importPath, ipkg := range stubs {
 				var importErr error
@@ -733,40 +749,39 @@ func (ld *loader) refine(response *driverResponse) ([]*Package, error) {
 				}
 				lpkg.Imports[importPath] = imp.Package
 			}
-		}
-		if lpkg.needsrc {
-			srcPkgs = append(srcPkgs, lpkg)
-		}
-		if ld.Mode&NeedTypesSizes != 0 {
-			lpkg.TypesSizes = ld.sizes
-		}
-		stack = stack[:len(stack)-1] // pop
-		lpkg.color = black
 
-		return lpkg.needsrc
-	}
+			// Complete type information is required for the
+			// immediate dependencies of each source package.
+			if lpkg.needsrc && ld.Mode&NeedTypes != 0 {
+				for _, ipkg := range lpkg.Imports {
+					ld.pkgs[ipkg.ID].needtypes = true
+				}
+			}
 
-	if ld.Mode&NeedImports == 0 {
-		// We do this to drop the stub import packages that we are not even going to try to resolve.
-		for _, lpkg := range initial {
-			lpkg.Imports = nil
+			// NeedTypeSizes causes TypeSizes to be set even
+			// on packages for which types aren't needed.
+			if ld.Mode&NeedTypesSizes != 0 {
+				lpkg.TypesSizes = ld.sizes
+			}
+			stack = stack[:len(stack)-1] // pop
+			lpkg.color = black
+
+			return lpkg.needsrc
 		}
-	} else {
+
 		// For each initial package, create its import DAG.
 		for _, lpkg := range initial {
 			visit(lpkg)
 		}
-	}
-	if ld.Mode&NeedImports != 0 && ld.Mode&NeedTypes != 0 {
-		for _, lpkg := range srcPkgs {
-			// Complete type information is required for the
-			// immediate dependencies of each source package.
-			for _, ipkg := range lpkg.Imports {
-				imp := ld.pkgs[ipkg.ID]
-				imp.needtypes = true
-			}
+
+	} else {
+		// !NeedImports: drop the stub (ID-only) import packages
+		// that we are not even going to try to resolve.
+		for _, lpkg := range initial {
+			lpkg.Imports = nil
 		}
 	}
+
 	// Load type data and syntax if needed, starting at
 	// the initial packages (roots of the import DAG).
 	if ld.Mode&NeedTypes != 0 || ld.Mode&NeedSyntax != 0 {
@@ -1004,6 +1019,7 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
 		Selections: make(map[*ast.SelectorExpr]*types.Selection),
 	}
 	typeparams.InitInstanceInfo(lpkg.TypesInfo)
+	versions.InitFileVersions(lpkg.TypesInfo)
 	lpkg.TypesSizes = ld.sizes
 
 	importer := importerFunc(func(path string) (*types.Package, error) {
@@ -1041,7 +1057,7 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
 		IgnoreFuncBodies: ld.Mode&NeedDeps == 0 && !lpkg.initial,
 
 		Error: appendError,
-		Sizes: ld.sizes,
+		Sizes: ld.sizes, // may be nil
 	}
 	if lpkg.Module != nil && lpkg.Module.GoVersion != "" {
 		typesinternal.SetGoVersion(tc, "go"+lpkg.Module.GoVersion)
@@ -1125,7 +1141,7 @@ func (ld *loader) parseFile(filename string) (*ast.File, error) {
 		var err error
 		if src == nil {
 			ioLimit <- true // wait
-			src, err = ioutil.ReadFile(filename)
+			src, err = os.ReadFile(filename)
 			<-ioLimit // signal
 		}
 		if err != nil {
diff --git a/vendor/golang.org/x/tools/go/ssa/builder.go b/vendor/golang.org/x/tools/go/ssa/builder.go
index 0e49537d0..92465b8dc 100644
--- a/vendor/golang.org/x/tools/go/ssa/builder.go
+++ b/vendor/golang.org/x/tools/go/ssa/builder.go
@@ -4,106 +4,73 @@
 
 package ssa
 
-// This file implements the BUILD phase of SSA construction.
+// This file defines the builder, which builds SSA-form IR for function bodies.
 //
-// SSA construction has two phases, CREATE and BUILD.  In the CREATE phase
-// (create.go), all packages are constructed and type-checked and
-// definitions of all package members are created, method-sets are
-// computed, and wrapper methods are synthesized.
-// ssa.Packages are created in arbitrary order.
+// SSA construction has two phases, "create" and "build". First, one
+// or more packages are created in any order by a sequence of calls to
+// CreatePackage, either from syntax or from mere type information.
+// Each created package has a complete set of Members (const, var,
+// type, func) that can be accessed through methods like
+// Program.FuncValue.
 //
-// In the BUILD phase (builder.go), the builder traverses the AST of
-// each Go source function and generates SSA instructions for the
-// function body.  Initializer expressions for package-level variables
-// are emitted to the package's init() function in the order specified
-// by go/types.Info.InitOrder, then code for each function in the
-// package is generated in lexical order.
-// The BUILD phases for distinct packages are independent and are
-// executed in parallel.
+// It is not necessary to call CreatePackage for all dependencies of
+// each syntax package, only for its direct imports. (In future
+// perhaps even this restriction may be lifted.)
 //
-// TODO(adonovan): indeed, building functions is now embarrassingly parallel.
-// Audit for concurrency then benchmark using more goroutines.
+// Second, packages created from syntax are built, by one or more
+// calls to Package.Build, which may be concurrent; or by a call to
+// Program.Build, which builds all packages in parallel. Building
+// traverses the type-annotated syntax tree of each function body and
+// creates SSA-form IR, a control-flow graph of instructions,
+// populating fields such as Function.Body, .Params, and others.
 //
-// State:
+// Building may create additional methods, including:
+// - wrapper methods (e.g. for embeddding, or implicit &recv)
+// - bound method closures (e.g. for use(recv.f))
+// - thunks (e.g. for use(I.f) or use(T.f))
+// - generic instances (e.g. to produce f[int] from f[any]).
+// As these methods are created, they are added to the build queue,
+// and then processed in turn, until a fixed point is reached,
+// Since these methods might belong to packages that were not
+// created (by a call to CreatePackage), their Pkg field is unset.
 //
-// The Package's and Program's indices (maps) are populated and
-// mutated during the CREATE phase, but during the BUILD phase they
-// remain constant.  The sole exception is Prog.methodSets and its
-// related maps, which are protected by a dedicated mutex.
+// Instances of generic functions may be either instantiated (f[int]
+// is a copy of f[T] with substitutions) or wrapped (f[int] delegates
+// to f[T]), depending on the availability of generic syntax and the
+// InstantiateGenerics mode flag.
 //
-// Generic functions declared in a package P can be instantiated from functions
-// outside of P. This happens independently of the CREATE and BUILD phase of P.
+// Each package has an initializer function named "init" that calls
+// the initializer functions of each direct import, computes and
+// assigns the initial value of each global variable, and calls each
+// source-level function named "init". (These generate SSA functions
+// named "init#1", "init#2", etc.)
 //
-// Locks:
+// Runtime types
 //
-// Mutexes are currently acquired according to the following order:
-//     Prog.methodsMu ⊃ canonizer.mu ⊃ printMu
-// where x ⊃ y denotes that y can be acquired while x is held
-// and x cannot be acquired while y is held.
+// Each MakeInterface operation is a conversion from a non-interface
+// type to an interface type. The semantics of this operation requires
+// a runtime type descriptor, which is the type portion of an
+// interface, and the value abstracted by reflect.Type.
 //
-// Synthetics:
+// The program accumulates all non-parameterized types that are
+// encountered as MakeInterface operands, along with all types that
+// may be derived from them using reflection. This set is available as
+// Program.RuntimeTypes, and the methods of these types may be
+// reachable via interface calls or reflection even if they are never
+// referenced from the SSA IR. (In practice, algorithms such as RTA
+// that compute reachability from package main perform their own
+// tracking of runtime types at a finer grain, so this feature is not
+// very useful.)
 //
-// During the BUILD phase new functions can be created and built. These include:
-// - wrappers (wrappers, bounds, thunks)
-// - generic function instantiations
-// These functions do not belong to a specific Pkg (Pkg==nil). Instead the
-// Package that led to them being CREATED is obligated to ensure these
-// are BUILT during the BUILD phase of the Package.
+// Function literals
 //
-// Runtime types:
+// Anonymous functions must be built as soon as they are encountered,
+// as it may affect locals of the enclosing function, but they are not
+// marked 'built' until the end of the outermost enclosing function.
+// (Among other things, this causes them to be logged in top-down order.)
 //
-// A concrete type is a type that is fully monomorphized with concrete types,
-// i.e. it cannot reach a TypeParam type.
-// Some concrete types require full runtime type information. Cases
-// include checking whether a type implements an interface or
-// interpretation by the reflect package. All such types that may require
-// this information will have all of their method sets built and will be added to Prog.methodSets.
-// A type T is considered to require runtime type information if it is
-// a runtime type and has a non-empty method set and either:
-// - T flows into a MakeInterface instructions,
-// - T appears in a concrete exported member, or
-// - T is a type reachable from a type S that has non-empty method set.
-// For any such type T, method sets must be created before the BUILD
-// phase of the package is done.
-//
-// Function literals:
-//
-// The BUILD phase of a function literal (anonymous function) is tied to the
-// BUILD phase of the enclosing parent function. The FreeVars of an anonymous
-// function are discovered by building the anonymous function. This in turn
-// changes which variables must be bound in a MakeClosure instruction in the
-// parent. Anonymous functions also track where they are referred to in their
-// parent function.
-//
-// Happens-before:
-//
-// The above discussion leads to the following happens-before relation for
-// the BUILD and CREATE phases.
-// The happens-before relation (with X<Y denoting X happens-before Y) are:
-// - CREATE fn < fn.startBody() < fn.finishBody() < fn.built
-//   for any function fn.
-// - anon.parent.startBody() < CREATE anon, and
-//   anon.finishBody() < anon.parent().finishBody() < anon.built < fn.built
-//   for an anonymous function anon (i.e. anon.parent() != nil).
-// - CREATE fn.Pkg < CREATE fn
-//   for a declared function fn (i.e. fn.Pkg != nil)
-// - fn.built < BUILD pkg done
-//   for any function fn created during the CREATE or BUILD phase of a package
-//   pkg. This includes declared and synthetic functions.
-//
-// Program.MethodValue:
-//
-// Program.MethodValue may trigger new wrapper and instantiation functions to
-// be created. It has the same obligation to BUILD created functions as a
-// Package.
-//
-// Program.NewFunction:
-//
-// This is a low level operation for creating functions that do not exist in
-// the source. Use with caution.
-//
-// TODO(taking): Use consistent terminology for "concrete".
-// TODO(taking): Use consistent terminology for "monomorphization"/"instantiate"/"expand".
+// The Function.build fields determines the algorithm for building the
+// function body. It is cleared to mark that building is complete.
 
 import (
 	"fmt"
@@ -115,6 +82,7 @@ import (
 	"sync"
 
 	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/internal/versions"
 )
 
 type opaqueType struct {
@@ -150,7 +118,6 @@ type builder struct {
 	// Invariant: 0 <= rtypes <= finished <= created.Len()
 	created  *creator // functions created during building
 	finished int      // Invariant: create[i].built holds for i in [0,finished)
-	rtypes   int      // Invariant: all of the runtime types for create[i] have been added for i in [0,rtypes)
 }
 
 // cond emits to fn code to evaluate boolean condition e and jump
@@ -323,10 +290,8 @@ func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ
 				// treat make([]T, n, m) as new([m]T)[:n]
 				cap := m.Int64()
 				at := types.NewArray(ct.Elem(), cap)
-				alloc := emitNew(fn, at, pos)
-				alloc.Comment = "makeslice"
 				v := &Slice{
-					X:    alloc,
+					X:    emitNew(fn, at, pos, "makeslice"),
 					High: n,
 				}
 				v.setPos(pos)
@@ -363,9 +328,7 @@ func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ
 		}
 
 	case "new":
-		alloc := emitNew(fn, mustDeref(typ), pos)
-		alloc.Comment = "new"
-		return alloc
+		return emitNew(fn, mustDeref(typ), pos, "new")
 
 	case "len", "cap":
 		// Special case: len or cap of an array or *array is
@@ -419,7 +382,7 @@ func (b *builder) addr(fn *Function, e ast.Expr, escaping bool) lvalue {
 		if isBlankIdent(e) {
 			return blank{}
 		}
-		obj := fn.objectOf(e)
+		obj := fn.objectOf(e).(*types.Var)
 		var v Value
 		if g := fn.Prog.packageLevelMember(obj); g != nil {
 			v = g.(*Global) // var (address)
@@ -432,11 +395,10 @@ func (b *builder) addr(fn *Function, e ast.Expr, escaping bool) lvalue {
 		typ, _ := deref(fn.typeOf(e))
 		var v *Alloc
 		if escaping {
-			v = emitNew(fn, typ, e.Lbrace)
+			v = emitNew(fn, typ, e.Lbrace, "complit")
 		} else {
-			v = fn.addLocal(typ, e.Lbrace)
+			v = emitLocal(fn, typ, e.Lbrace, "complit")
 		}
-		v.Comment = "complit"
 		var sb storebuf
 		b.compLit(fn, v, e, true, &sb)
 		sb.emit(fn)
@@ -634,7 +596,8 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		panic("non-constant BasicLit") // unreachable
 
 	case *ast.FuncLit:
-		fn2 := &Function{
+		/* function literal */
+		anon := &Function{
 			name:           fmt.Sprintf("%s$%d", fn.Name(), 1+len(fn.AnonFuncs)),
 			Signature:      fn.typeOf(e.Type).(*types.Signature),
 			pos:            e.Type.Func,
@@ -643,23 +606,24 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			Pkg:            fn.Pkg,
 			Prog:           fn.Prog,
 			syntax:         e,
+			info:           fn.info,
+			goversion:      fn.goversion,
+			build:          (*builder).buildFromSyntax,
 			topLevelOrigin: nil,           // use anonIdx to lookup an anon instance's origin.
 			typeparams:     fn.typeparams, // share the parent's type parameters.
 			typeargs:       fn.typeargs,   // share the parent's type arguments.
-			info:           fn.info,
-			subst:          fn.subst, // share the parent's type substitutions.
+			subst:          fn.subst,      // share the parent's type substitutions.
 		}
-		fn.AnonFuncs = append(fn.AnonFuncs, fn2)
-		b.created.Add(fn2)
-		b.buildFunctionBody(fn2)
-		// fn2 is not done BUILDing. fn2.referrers can still be updated.
-		// fn2 is done BUILDing after fn.finishBody().
-		if fn2.FreeVars == nil {
-			return fn2
+		fn.AnonFuncs = append(fn.AnonFuncs, anon)
+		// Build anon immediately, as it may cause fn's locals to escape.
+		// (It is not marked 'built' until the end of the enclosing FuncDecl.)
+		anon.build(b, anon)
+		if anon.FreeVars == nil {
+			return anon
 		}
-		v := &MakeClosure{Fn: fn2}
+		v := &MakeClosure{Fn: anon}
 		v.setType(fn.typ(tv.Type))
-		for _, fv := range fn2.FreeVars {
+		for _, fv := range anon.FreeVars {
 			v.Bindings = append(v.Bindings, fv.outer)
 			fv.outer = nil
 		}
@@ -792,7 +756,9 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		case *types.Nil:
 			return zeroConst(fn.instanceType(e))
 		}
+
 		// Package-level func or var?
+		// (obj must belong to same package or a direct import.)
 		if v := fn.Prog.packageLevelMember(obj); v != nil {
 			if g, ok := v.(*Global); ok {
 				return emitLoad(fn, g) // var (address)
@@ -800,12 +766,12 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			callee := v.(*Function) // (func)
 			if callee.typeparams.Len() > 0 {
 				targs := fn.subst.types(instanceArgs(fn.info, e))
-				callee = fn.Prog.needsInstance(callee, targs, b.created)
+				callee = callee.instance(targs, b.created)
 			}
 			return callee
 		}
 		// Local var.
-		return emitLoad(fn, fn.lookup(obj, false)) // var (address)
+		return emitLoad(fn, fn.lookup(obj.(*types.Var), false)) // var (address)
 
 	case *ast.SelectorExpr:
 		sel := fn.selection(e)
@@ -821,7 +787,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		case types.MethodExpr:
 			// (*T).f or T.f, the method f from the method-set of type T.
 			// The result is a "thunk".
-			thunk := makeThunk(fn.Prog, sel, b.created)
+			thunk := createThunk(fn.Prog, sel, b.created)
 			return emitConv(fn, thunk, fn.typ(tv.Type))
 
 		case types.MethodVal:
@@ -856,7 +822,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 				} else {
 					// non-type param interface
 					// Emit nil check: typeassert v.(I).
-					emitTypeAssert(fn, v, rt, token.NoPos)
+					emitTypeAssert(fn, v, rt, e.Sel.Pos())
 				}
 			}
 			if targs := receiverTypeArgs(obj); len(targs) > 0 {
@@ -864,7 +830,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 				obj = fn.Prog.canon.instantiateMethod(obj, fn.subst.types(targs), fn.Prog.ctxt)
 			}
 			c := &MakeClosure{
-				Fn:       makeBound(fn.Prog, obj, b.created),
+				Fn:       createBound(fn.Prog, obj, b.created),
 				Bindings: []Value{v},
 			}
 			c.setPos(e.Sel.Pos())
@@ -994,11 +960,7 @@ func (b *builder) setCallFunc(fn *Function, e *ast.CallExpr, c *CallCommon) {
 				c.Method = obj
 			} else {
 				// "Call"-mode call.
-				callee := fn.Prog.originFunc(obj)
-				if callee.typeparams.Len() > 0 {
-					callee = fn.Prog.needsInstance(callee, receiverTypeArgs(obj), b.created)
-				}
-				c.Value = callee
+				c.Value = fn.Prog.objectMethod(obj, b.created)
 				c.Args = append(c.Args, v)
 			}
 			return
@@ -1090,9 +1052,8 @@ func (b *builder) emitCallArgs(fn *Function, sig *types.Signature, e *ast.CallEx
 		} else {
 			// Replace a suffix of args with a slice containing it.
 			at := types.NewArray(vt, int64(len(varargs)))
-			a := emitNew(fn, at, token.NoPos)
+			a := emitNew(fn, at, token.NoPos, "varargs")
 			a.setPos(e.Rparen)
-			a.Comment = "varargs"
 			for i, arg := range varargs {
 				iaddr := &IndexAddr{
 					X:     a,
@@ -1139,7 +1100,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 		// 1:1 assignment
 		for i, id := range spec.Names {
 			if !isBlankIdent(id) {
-				fn.addLocalForIdent(id)
+				emitLocalVar(fn, identVar(fn, id))
 			}
 			lval := b.addr(fn, id, false) // non-escaping
 			b.assign(fn, lval, spec.Values[i], true, nil)
@@ -1150,7 +1111,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 		// Locals are implicitly zero-initialized.
 		for _, id := range spec.Names {
 			if !isBlankIdent(id) {
-				lhs := fn.addLocalForIdent(id)
+				lhs := emitLocalVar(fn, identVar(fn, id))
 				if fn.debugInfo() {
 					emitDebugRef(fn, id, lhs, true)
 				}
@@ -1162,7 +1123,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 		tuple := b.exprN(fn, spec.Values[0])
 		for i, id := range spec.Names {
 			if !isBlankIdent(id) {
-				fn.addLocalForIdent(id)
+				emitLocalVar(fn, identVar(fn, id))
 				lhs := b.addr(fn, id, false) // non-escaping
 				lhs.store(fn, emitExtract(fn, tuple, i))
 			}
@@ -1182,8 +1143,8 @@ func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool) {
 		var lval lvalue = blank{}
 		if !isBlankIdent(lhs) {
 			if isDef {
-				if obj := fn.info.Defs[lhs.(*ast.Ident)]; obj != nil {
-					fn.addNamedLocal(obj)
+				if obj, ok := fn.info.Defs[lhs.(*ast.Ident)].(*types.Var); ok {
+					emitLocalVar(fn, obj)
 					isZero[i] = true
 				}
 			}
@@ -1292,9 +1253,7 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 		switch t := t.(type) {
 		case *types.Slice:
 			at = types.NewArray(t.Elem(), b.arrayLen(fn, e.Elts))
-			alloc := emitNew(fn, at, e.Lbrace)
-			alloc.Comment = "slicelit"
-			array = alloc
+			array = emitNew(fn, at, e.Lbrace, "slicelit")
 		case *types.Array:
 			at = t
 			array = addr
@@ -1582,13 +1541,13 @@ func (b *builder) typeSwitchStmt(fn *Function, s *ast.TypeSwitchStmt, label *lbl
 }
 
 func (b *builder) typeCaseBody(fn *Function, cc *ast.CaseClause, x Value, done *BasicBlock) {
-	if obj := fn.info.Implicits[cc]; obj != nil {
+	if obj, ok := fn.info.Implicits[cc].(*types.Var); ok {
 		// In a switch y := x.(type), each case clause
 		// implicitly declares a distinct object y.
 		// In a single-type case, y has that type.
 		// In multi-type cases, 'case nil' and default,
 		// y has the same type as the interface operand.
-		emitStore(fn, fn.addNamedLocal(obj), x, obj.Pos())
+		emitStore(fn, emitLocalVar(fn, obj), x, obj.Pos())
 	}
 	fn.targets = &targets{
 		tail:   fn.targets,
@@ -1737,7 +1696,7 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 
 		case *ast.AssignStmt: // x := <-states[state].Chan
 			if comm.Tok == token.DEFINE {
-				fn.addLocalForIdent(comm.Lhs[0].(*ast.Ident))
+				emitLocalVar(fn, identVar(fn, comm.Lhs[0].(*ast.Ident)))
 			}
 			x := b.addr(fn, comm.Lhs[0], false) // non-escaping
 			v := emitExtract(fn, sel, r)
@@ -1748,7 +1707,7 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 
 			if len(comm.Lhs) == 2 { // x, ok := ...
 				if comm.Tok == token.DEFINE {
-					fn.addLocalForIdent(comm.Lhs[1].(*ast.Ident))
+					emitLocalVar(fn, identVar(fn, comm.Lhs[1].(*ast.Ident)))
 				}
 				ok := b.addr(fn, comm.Lhs[1], false) // non-escaping
 				ok.store(fn, emitExtract(fn, sel, 1))
@@ -1783,20 +1742,32 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 // forStmt emits to fn code for the for statement s, optionally
 // labelled by label.
 func (b *builder) forStmt(fn *Function, s *ast.ForStmt, label *lblock) {
-	//	...init...
-	//      jump loop
+	// Use forStmtGo122 instead if it applies.
+	if s.Init != nil {
+		if assign, ok := s.Init.(*ast.AssignStmt); ok && assign.Tok == token.DEFINE {
+			afterGo122 := versions.Compare(fn.goversion, "go1.21") > 0
+			if afterGo122 {
+				b.forStmtGo122(fn, s, label)
+				return
+			}
+		}
+	}
+
+	//     ...init...
+	//     jump loop
 	// loop:
-	//      if cond goto body else done
+	//     if cond goto body else done
 	// body:
-	//      ...body...
-	//      jump post
-	// post:				 (target of continue)
-	//      ...post...
-	//      jump loop
+	//     ...body...
+	//     jump post
+	// post:                                 (target of continue)
+	//     ...post...
+	//     jump loop
 	// done:                                 (target of break)
 	if s.Init != nil {
 		b.stmt(fn, s.Init)
 	}
+
 	body := fn.newBasicBlock("for.body")
 	done := fn.newBasicBlock("for.done") // target of 'break'
 	loop := body                         // target of back-edge
@@ -1834,23 +1805,188 @@ func (b *builder) forStmt(fn *Function, s *ast.ForStmt, label *lblock) {
 	fn.currentBlock = done
 }
 
+// forStmtGo122 emits to fn code for the for statement s, optionally
+// labelled by label. s must define its variables.
+//
+// This allocates once per loop iteration. This is only correct in
+// GoVersions >= go1.22.
+func (b *builder) forStmtGo122(fn *Function, s *ast.ForStmt, label *lblock) {
+	//     i_outer = alloc[T]
+	//     *i_outer = ...init...        // under objects[i] = i_outer
+	//     jump loop
+	// loop:
+	//     i = phi [head: i_outer, loop: i_next]
+	//     ...cond...                   // under objects[i] = i
+	//     if cond goto body else done
+	// body:
+	//     ...body...                   // under objects[i] = i (same as loop)
+	//     jump post
+	// post:
+	//     tmp = *i
+	//     i_next = alloc[T]
+	//     *i_next = tmp
+	//     ...post...                   // under objects[i] = i_next
+	//     goto loop
+	// done:
+
+	init := s.Init.(*ast.AssignStmt)
+	startingBlocks := len(fn.Blocks)
+
+	pre := fn.currentBlock               // current block before starting
+	loop := fn.newBasicBlock("for.loop") // target of back-edge
+	body := fn.newBasicBlock("for.body")
+	post := fn.newBasicBlock("for.post") // target of 'continue'
+	done := fn.newBasicBlock("for.done") // target of 'break'
+
+	// For each of the n loop variables, we create five SSA values,
+	// outer, phi, next, load, and store in pre, loop, and post.
+	// There is no limit on n.
+	type loopVar struct {
+		obj   *types.Var
+		outer *Alloc
+		phi   *Phi
+		load  *UnOp
+		next  *Alloc
+		store *Store
+	}
+	vars := make([]loopVar, len(init.Lhs))
+	for i, lhs := range init.Lhs {
+		v := identVar(fn, lhs.(*ast.Ident))
+		typ := fn.typ(v.Type())
+
+		fn.currentBlock = pre
+		outer := emitLocal(fn, typ, v.Pos(), v.Name())
+
+		fn.currentBlock = loop
+		phi := &Phi{Comment: v.Name()}
+		phi.pos = v.Pos()
+		phi.typ = outer.Type()
+		fn.emit(phi)
+
+		fn.currentBlock = post
+		// If next is is local, it reuses the address and zeroes the old value so
+		// load before allocating next.
+		load := emitLoad(fn, phi)
+		next := emitLocal(fn, typ, v.Pos(), v.Name())
+		store := emitStore(fn, next, load, token.NoPos)
+
+		phi.Edges = []Value{outer, next} // pre edge is emitted before post edge.
+
+		vars[i] = loopVar{v, outer, phi, load, next, store}
+	}
+
+	// ...init... under fn.objects[v] = i_outer
+	fn.currentBlock = pre
+	for _, v := range vars {
+		fn.vars[v.obj] = v.outer
+	}
+	const isDef = false // assign to already-allocated outers
+	b.assignStmt(fn, init.Lhs, init.Rhs, isDef)
+	if label != nil {
+		label._break = done
+		label._continue = post
+	}
+	emitJump(fn, loop)
+
+	// ...cond... under fn.objects[v] = i
+	fn.currentBlock = loop
+	for _, v := range vars {
+		fn.vars[v.obj] = v.phi
+	}
+	if s.Cond != nil {
+		b.cond(fn, s.Cond, body, done)
+	} else {
+		emitJump(fn, body)
+	}
+
+	// ...body... under fn.objects[v] = i
+	fn.currentBlock = body
+	fn.targets = &targets{
+		tail:      fn.targets,
+		_break:    done,
+		_continue: post,
+	}
+	b.stmt(fn, s.Body)
+	fn.targets = fn.targets.tail
+	emitJump(fn, post)
+
+	// ...post... under fn.objects[v] = i_next
+	for _, v := range vars {
+		fn.vars[v.obj] = v.next
+	}
+	fn.currentBlock = post
+	if s.Post != nil {
+		b.stmt(fn, s.Post)
+	}
+	emitJump(fn, loop) // back-edge
+	fn.currentBlock = done
+
+	// For each loop variable that does not escape,
+	// (the common case), fuse its next cells into its
+	// (local) outer cell as they have disjoint live ranges.
+	//
+	// It is sufficient to test whether i_next escapes,
+	// because its Heap flag will be marked true if either
+	// the cond or post expression causes i to escape
+	// (because escape distributes over phi).
+	var nlocals int
+	for _, v := range vars {
+		if !v.next.Heap {
+			nlocals++
+		}
+	}
+	if nlocals > 0 {
+		replace := make(map[Value]Value, 2*nlocals)
+		dead := make(map[Instruction]bool, 4*nlocals)
+		for _, v := range vars {
+			if !v.next.Heap {
+				replace[v.next] = v.outer
+				replace[v.phi] = v.outer
+				dead[v.phi], dead[v.next], dead[v.load], dead[v.store] = true, true, true, true
+			}
+		}
+
+		// Replace all uses of i_next and phi with i_outer.
+		// Referrers have not been built for fn yet so only update Instruction operands.
+		// We need only look within the blocks added by the loop.
+		var operands []*Value // recycle storage
+		for _, b := range fn.Blocks[startingBlocks:] {
+			for _, instr := range b.Instrs {
+				operands = instr.Operands(operands[:0])
+				for _, ptr := range operands {
+					k := *ptr
+					if v := replace[k]; v != nil {
+						*ptr = v
+					}
+				}
+			}
+		}
+
+		// Remove instructions for phi, load, and store.
+		// lift() will remove the unused i_next *Alloc.
+		isDead := func(i Instruction) bool { return dead[i] }
+		loop.Instrs = removeInstrsIf(loop.Instrs, isDead)
+		post.Instrs = removeInstrsIf(post.Instrs, isDead)
+	}
+}
+
 // rangeIndexed emits to fn the header for an integer-indexed loop
 // over array, *array or slice value x.
 // The v result is defined only if tv is non-nil.
 // forPos is the position of the "for" token.
 func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.Pos) (k, v Value, loop, done *BasicBlock) {
 	//
-	//      length = len(x)
-	//      index = -1
-	// loop:                                   (target of continue)
-	//      index++
-	// 	if index < length goto body else done
+	//     length = len(x)
+	//     index = -1
+	// loop:                                     (target of continue)
+	//     index++
+	//     if index < length goto body else done
 	// body:
-	//      k = index
-	//      v = x[index]
-	//      ...body...
-	// 	jump loop
-	// done:                                   (target of break)
+	//     k = index
+	//     v = x[index]
+	//     ...body...
+	//     jump loop
+	// done:                                     (target of break)
 
 	// Determine number of iterations.
 	var length Value
@@ -1872,7 +2008,7 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 		length = fn.emit(&c)
 	}
 
-	index := fn.addLocal(tInt, token.NoPos)
+	index := emitLocal(fn, tInt, token.NoPos, "rangeindex")
 	emitStore(fn, index, intConst(-1), pos)
 
 	loop = fn.newBasicBlock("rangeindex.loop")
@@ -1935,16 +2071,16 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 // if the respective component is not wanted.
 func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.Pos) (k, v Value, loop, done *BasicBlock) {
 	//
-	//	it = range x
+	//     it = range x
 	// loop:                                   (target of continue)
-	//	okv = next it                      (ok, key, value)
-	//  	ok = extract okv #0
-	// 	if ok goto body else done
+	//     okv = next it                       (ok, key, value)
+	//     ok = extract okv #0
+	//     if ok goto body else done
 	// body:
-	// 	k = extract okv #1
-	// 	v = extract okv #2
-	//      ...body...
-	// 	jump loop
+	//     k = extract okv #1
+	//     v = extract okv #2
+	//     ...body...
+	//     jump loop
 	// done:                                   (target of break)
 	//
 
@@ -1997,13 +2133,13 @@ func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.
 func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, pos token.Pos) (k Value, loop, done *BasicBlock) {
 	//
 	// loop:                                   (target of continue)
-	//      ko = <-x                           (key, ok)
-	//      ok = extract ko #1
-	//      if ok goto body else done
+	//     ko = <-x                            (key, ok)
+	//     ok = extract ko #1
+	//     if ok goto body else done
 	// body:
-	//      k = extract ko #0
-	//      ...
-	//      goto loop
+	//     k = extract ko #0
+	//     ...body...
+	//     goto loop
 	// done:                                   (target of break)
 
 	loop = fn.newBasicBlock("rangechan.loop")
@@ -2030,6 +2166,57 @@ func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, pos token.Pos)
 	return
 }
 
+// rangeInt emits to fn the header for a range loop with an integer operand.
+// tk is the key value's type, or nil if the k result is not wanted.
+// pos is the position of the "for" token.
+func (b *builder) rangeInt(fn *Function, x Value, tk types.Type, pos token.Pos) (k Value, loop, done *BasicBlock) {
+	//
+	//     iter = 0
+	//     if 0 < x goto body else done
+	// loop:                                   (target of continue)
+	//     iter++
+	//     if iter < x goto body else done
+	// body:
+	//     k = x
+	//     ...body...
+	//     jump loop
+	// done:                                   (target of break)
+
+	if isUntyped(x.Type()) {
+		x = emitConv(fn, x, tInt)
+	}
+
+	T := x.Type()
+	iter := emitLocal(fn, T, token.NoPos, "rangeint.iter")
+	// x may be unsigned. Avoid initializing x to -1.
+
+	body := fn.newBasicBlock("rangeint.body")
+	done = fn.newBasicBlock("rangeint.done")
+	emitIf(fn, emitCompare(fn, token.LSS, zeroConst(T), x, token.NoPos), body, done)
+
+	loop = fn.newBasicBlock("rangeint.loop")
+	fn.currentBlock = loop
+
+	incr := &BinOp{
+		Op: token.ADD,
+		X:  emitLoad(fn, iter),
+		Y:  emitConv(fn, vOne, T),
+	}
+	incr.setType(T)
+	emitStore(fn, iter, fn.emit(incr), pos)
+	emitIf(fn, emitCompare(fn, token.LSS, incr, x, token.NoPos), body, done)
+	fn.currentBlock = body
+
+	if tk != nil {
+		// Integer types (int, uint8, etc.) are named and
+		// we know that k is assignable to x when tk != nil.
+		// This implies tk and T are identical so no conversion is needed.
+		k = emitLoad(fn, iter)
+	}
+
+	return
+}
+
 // rangeStmt emits to fn code for the range statement s, optionally
 // labelled by label.
 func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
@@ -2041,21 +2228,26 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
 		tv = fn.typeOf(s.Value)
 	}
 
-	// If iteration variables are defined (:=), this
-	// occurs once outside the loop.
-	//
-	// Unlike a short variable declaration, a RangeStmt
-	// using := never redeclares an existing variable; it
-	// always creates a new one.
-	if s.Tok == token.DEFINE {
+	// create locals for s.Key and s.Value.
+	createVars := func() {
+		// Unlike a short variable declaration, a RangeStmt
+		// using := never redeclares an existing variable; it
+		// always creates a new one.
 		if tk != nil {
-			fn.addLocalForIdent(s.Key.(*ast.Ident))
+			emitLocalVar(fn, identVar(fn, s.Key.(*ast.Ident)))
 		}
 		if tv != nil {
-			fn.addLocalForIdent(s.Value.(*ast.Ident))
+			emitLocalVar(fn, identVar(fn, s.Value.(*ast.Ident)))
 		}
 	}
 
+	afterGo122 := versions.Compare(fn.goversion, "go1.21") > 0
+	if s.Tok == token.DEFINE && !afterGo122 {
+		// pre-go1.22: If iteration variables are defined (:=), this
+		// occurs once outside the loop.
+		createVars()
+	}
+
 	x := b.expr(fn, s.X)
 
 	var k, v Value
@@ -2067,13 +2259,30 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
 	case *types.Chan:
 		k, loop, done = b.rangeChan(fn, x, tk, s.For)
 
-	case *types.Map, *types.Basic: // string
+	case *types.Map:
 		k, v, loop, done = b.rangeIter(fn, x, tk, tv, s.For)
 
+	case *types.Basic:
+		switch {
+		case rt.Info()&types.IsString != 0:
+			k, v, loop, done = b.rangeIter(fn, x, tk, tv, s.For)
+
+		case rt.Info()&types.IsInteger != 0:
+			k, loop, done = b.rangeInt(fn, x, tk, s.For)
+
+		default:
+			panic("Cannot range over basic type: " + rt.String())
+		}
+
 	default:
 		panic("Cannot range over: " + rt.String())
 	}
 
+	if s.Tok == token.DEFINE && afterGo122 {
+		// go1.22: If iteration variables are defined (:=), this occurs inside the loop.
+		createVars()
+	}
+
 	// Evaluate both LHS expressions before we update either.
 	var kl, vl lvalue
 	if tk != nil {
@@ -2297,73 +2506,71 @@ start:
 	}
 }
 
+// A buildFunc is a strategy for building the SSA body for a function.
+type buildFunc = func(*builder, *Function)
+
+// iterate causes all created but unbuilt functions to be built. As
+// this may create new methods, the process is iterated until it
+// converges.
+func (b *builder) iterate() {
+	for ; b.finished < b.created.Len(); b.finished++ {
+		fn := b.created.At(b.finished)
+		b.buildFunction(fn)
+	}
+}
+
 // buildFunction builds SSA code for the body of function fn.  Idempotent.
 func (b *builder) buildFunction(fn *Function) {
-	if !fn.built {
+	if fn.build != nil {
 		assert(fn.parent == nil, "anonymous functions should not be built by buildFunction()")
-		b.buildFunctionBody(fn)
+
+		if fn.Prog.mode&LogSource != 0 {
+			defer logStack("build %s @ %s", fn, fn.Prog.Fset.Position(fn.pos))()
+		}
+		fn.build(b, fn)
 		fn.done()
 	}
 }
 
-// buildFunctionBody builds SSA code for the body of function fn.
-//
-// fn is not done building until fn.done() is called.
-func (b *builder) buildFunctionBody(fn *Function) {
-	// TODO(taking): see if this check is reachable.
-	if fn.Blocks != nil {
-		return // building already started
+// buildParamsOnly builds fn.Params from fn.Signature, but does not build fn.Body.
+func (b *builder) buildParamsOnly(fn *Function) {
+	// For external (C, asm) functions or functions loaded from
+	// export data, we must set fn.Params even though there is no
+	// body code to reference them.
+	if recv := fn.Signature.Recv(); recv != nil {
+		fn.addParamVar(recv)
 	}
+	params := fn.Signature.Params()
+	for i, n := 0, params.Len(); i < n; i++ {
+		fn.addParamVar(params.At(i))
+	}
+}
 
-	var recvField *ast.FieldList
-	var body *ast.BlockStmt
-	var functype *ast.FuncType
-	switch n := fn.syntax.(type) {
-	case nil:
-		if fn.Params != nil {
-			return // not a Go source function.  (Synthetic, or from object file.)
-		}
+// buildFromSyntax builds fn.Body from fn.syntax, which must be non-nil.
+func (b *builder) buildFromSyntax(fn *Function) {
+	var (
+		recvField *ast.FieldList
+		body      *ast.BlockStmt
+		functype  *ast.FuncType
+	)
+	switch syntax := fn.syntax.(type) {
 	case *ast.FuncDecl:
-		functype = n.Type
-		recvField = n.Recv
-		body = n.Body
+		functype = syntax.Type
+		recvField = syntax.Recv
+		body = syntax.Body
+		if body == nil {
+			b.buildParamsOnly(fn) // no body (non-Go function)
+			return
+		}
 	case *ast.FuncLit:
-		functype = n.Type
-		body = n.Body
+		functype = syntax.Type
+		body = syntax.Body
+	case nil:
+		panic("no syntax")
 	default:
-		panic(n)
+		panic(syntax) // unexpected syntax
 	}
 
-	if body == nil {
-		// External function.
-		if fn.Params == nil {
-			// This condition ensures we add a non-empty
-			// params list once only, but we may attempt
-			// the degenerate empty case repeatedly.
-			// TODO(adonovan): opt: don't do that.
-
-			// We set Function.Params even though there is no body
-			// code to reference them.  This simplifies clients.
-			if recv := fn.Signature.Recv(); recv != nil {
-				fn.addParamObj(recv)
-			}
-			params := fn.Signature.Params()
-			for i, n := 0, params.Len(); i < n; i++ {
-				fn.addParamObj(params.At(i))
-			}
-		}
-		return
-	}
-
-	// Build instantiation wrapper around generic body?
-	if fn.topLevelOrigin != nil && fn.subst == nil {
-		buildInstantiationWrapper(fn)
-		return
-	}
-
-	if fn.Prog.mode&LogSource != 0 {
-		defer logStack("build function %s @ %s", fn, fn.Prog.Fset.Position(fn.pos))()
-	}
 	fn.startBody()
 	fn.createSyntacticParams(recvField, functype)
 	b.stmt(fn, body)
@@ -2381,45 +2588,17 @@ func (b *builder) buildFunctionBody(fn *Function) {
 	fn.finishBody()
 }
 
-// buildCreated does the BUILD phase for each function created by builder that is not yet BUILT.
-// Functions are built using buildFunction.
-//
-// May add types that require runtime type information to builder.
-func (b *builder) buildCreated() {
-	for ; b.finished < b.created.Len(); b.finished++ {
-		fn := b.created.At(b.finished)
-		b.buildFunction(fn)
-	}
-}
-
-// Adds any needed runtime type information for the created functions.
+// addRuntimeType records t as a runtime type,
+// along with all types derivable from it using reflection.
 //
-// May add newly CREATEd functions that may need to be built or runtime type information.
-//
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodsMu)
-func (b *builder) needsRuntimeTypes() {
-	if b.created.Len() == 0 {
-		return
-	}
-	prog := b.created.At(0).Prog
-
-	var rtypes []types.Type
-	for ; b.rtypes < b.finished; b.rtypes++ {
-		fn := b.created.At(b.rtypes)
-		rtypes = append(rtypes, mayNeedRuntimeTypes(fn)...)
-	}
-
-	// Calling prog.needMethodsOf(T) on a basic type T is a no-op.
-	// Filter out the basic types to reduce acquiring prog.methodsMu.
-	rtypes = nonbasicTypes(rtypes)
-
-	for _, T := range rtypes {
-		prog.needMethodsOf(T, b.created)
-	}
-}
-
-func (b *builder) done() bool {
-	return b.rtypes >= b.created.Len()
+// Acquires prog.runtimeTypesMu.
+func addRuntimeType(prog *Program, t types.Type) {
+	prog.runtimeTypesMu.Lock()
+	defer prog.runtimeTypesMu.Unlock()
+	forEachReachable(&prog.MethodSets, t, func(t types.Type) bool {
+		prev, _ := prog.runtimeTypes.Set(t, true).(bool)
+		return !prev // already seen?
+	})
 }
 
 // Build calls Package.Build for each package in prog.
@@ -2447,9 +2626,11 @@ func (prog *Program) Build() {
 
 // Build builds SSA code for all functions and vars in package p.
 //
-// Precondition: CreatePackage must have been called for all of p's
-// direct imports (and hence its direct imports must have been
-// error-free).
+// CreatePackage must have been called for all of p's direct imports
+// (and hence its direct imports must have been error-free). It is not
+// necessary to call CreatePackage for indirect dependencies.
+// Functions will be created for all necessary methods in those
+// packages on demand.
 //
 // Build is idempotent and thread-safe.
 func (p *Package) Build() { p.buildOnce.Do(p.build) }
@@ -2458,45 +2639,39 @@ func (p *Package) build() {
 	if p.info == nil {
 		return // synthetic package, e.g. "testmain"
 	}
-
-	// Ensure we have runtime type info for all exported members.
-	// Additionally filter for just concrete types that can be runtime types.
-	//
-	// TODO(adonovan): ideally belongs in memberFromObject, but
-	// that would require package creation in topological order.
-	for name, mem := range p.Members {
-		isGround := func(m Member) bool {
-			switch m := m.(type) {
-			case *Type:
-				named, _ := m.Type().(*types.Named)
-				return named == nil || typeparams.ForNamed(named) == nil
-			case *Function:
-				return m.typeparams.Len() == 0
-			}
-			return true // *NamedConst, *Global
-		}
-		if ast.IsExported(name) && isGround(mem) {
-			p.Prog.needMethodsOf(mem.Type(), &p.created)
-		}
-	}
 	if p.Prog.mode&LogSource != 0 {
 		defer logStack("build %s", p)()
 	}
 
 	b := builder{created: &p.created}
-	init := p.init
-	init.startBody()
+	b.iterate()
+
+	// We no longer need transient information: ASTs or go/types deductions.
+	p.info = nil
+	p.created = nil
+	p.files = nil
+	p.initVersion = nil
+
+	if p.Prog.mode&SanityCheckFunctions != 0 {
+		sanityCheckPackage(p)
+	}
+}
+
+// buildPackageInit builds fn.Body for the synthetic package initializer.
+func (b *builder) buildPackageInit(fn *Function) {
+	p := fn.Pkg
+	fn.startBody()
 
 	var done *BasicBlock
 
 	if p.Prog.mode&BareInits == 0 {
 		// Make init() skip if package is already initialized.
 		initguard := p.Var("init$guard")
-		doinit := init.newBasicBlock("init.start")
-		done = init.newBasicBlock("init.done")
-		emitIf(init, emitLoad(init, initguard), done, doinit)
-		init.currentBlock = doinit
-		emitStore(init, initguard, vTrue, token.NoPos)
+		doinit := fn.newBasicBlock("init.start")
+		done = fn.newBasicBlock("init.done")
+		emitIf(fn, emitLoad(fn, initguard), done, doinit)
+		fn.currentBlock = doinit
+		emitStore(fn, initguard, vTrue, token.NoPos)
 
 		// Call the init() function of each package we import.
 		for _, pkg := range p.Pkg.Imports() {
@@ -2506,9 +2681,9 @@ func (p *Package) build() {
 			}
 			var v Call
 			v.Call.Value = prereq.init
-			v.Call.pos = init.pos
+			v.Call.pos = fn.pos
 			v.setType(types.NewTuple())
-			init.emit(&v)
+			fn.emit(&v)
 		}
 	}
 
@@ -2516,11 +2691,18 @@ func (p *Package) build() {
 	if len(p.info.InitOrder) > 0 && len(p.files) == 0 {
 		panic("no source files provided for package. cannot initialize globals")
 	}
+
 	for _, varinit := range p.info.InitOrder {
-		if init.Prog.mode&LogSource != 0 {
+		if fn.Prog.mode&LogSource != 0 {
 			fmt.Fprintf(os.Stderr, "build global initializer %v @ %s\n",
 				varinit.Lhs, p.Prog.Fset.Position(varinit.Rhs.Pos()))
 		}
+		// Initializers for global vars are evaluated in dependency
+		// order, but may come from arbitrary files of the package
+		// with different versions, so we transiently update
+		// fn.goversion for each one. (Since init is a synthetic
+		// function it has no syntax of its own that needs a version.)
+		fn.goversion = p.initVersion[varinit.Rhs]
 		if len(varinit.Lhs) == 1 {
 			// 1:1 initialization: var x, y = a(), b()
 			var lval lvalue
@@ -2529,28 +2711,33 @@ func (p *Package) build() {
 			} else {
 				lval = blank{}
 			}
-			b.assign(init, lval, varinit.Rhs, true, nil)
+			b.assign(fn, lval, varinit.Rhs, true, nil)
 		} else {
 			// n:1 initialization: var x, y :=  f()
-			tuple := b.exprN(init, varinit.Rhs)
+			tuple := b.exprN(fn, varinit.Rhs)
 			for i, v := range varinit.Lhs {
 				if v.Name() == "_" {
 					continue
 				}
-				emitStore(init, p.objects[v].(*Global), emitExtract(init, tuple, i), v.Pos())
+				emitStore(fn, p.objects[v].(*Global), emitExtract(fn, tuple, i), v.Pos())
 			}
 		}
 	}
 
+	// The rest of the init function is synthetic:
+	// no syntax, info, goversion.
+	fn.info = nil
+	fn.goversion = ""
+
 	// Call all of the declared init() functions in source order.
 	for _, file := range p.files {
 		for _, decl := range file.Decls {
 			if decl, ok := decl.(*ast.FuncDecl); ok {
 				id := decl.Name
 				if !isBlankIdent(id) && id.Name == "init" && decl.Recv == nil {
-					fn := p.objects[p.info.Defs[id]].(*Function)
+					declaredInit := p.objects[p.info.Defs[id]].(*Function)
 					var v Call
-					v.Call.Value = fn
+					v.Call.Value = declaredInit
 					v.setType(types.NewTuple())
 					p.init.emit(&v)
 				}
@@ -2560,35 +2747,9 @@ func (p *Package) build() {
 
 	// Finish up init().
 	if p.Prog.mode&BareInits == 0 {
-		emitJump(init, done)
-		init.currentBlock = done
-	}
-	init.emit(new(Return))
-	init.finishBody()
-	init.done()
-
-	// Build all CREATEd functions and add runtime types.
-	// These Functions include package-level functions, init functions, methods, and synthetic (including unreachable/blank ones).
-	// Builds any functions CREATEd while building this package.
-	//
-	// Initially the created functions for the package are:
-	//   [init, decl0, ... , declN]
-	// Where decl0, ..., declN are declared functions in source order, but it's not significant.
-	//
-	// As these are built, more functions (function literals, wrappers, etc.) can be CREATEd.
-	// Iterate until we reach a fixed point.
-	//
-	// Wait for init() to be BUILT as that cannot be built by buildFunction().
-	//
-	for !b.done() {
-		b.buildCreated()      // build any CREATEd and not BUILT function. May add runtime types.
-		b.needsRuntimeTypes() // Add all of the runtime type information. May CREATE Functions.
-	}
-
-	p.info = nil    // We no longer need ASTs or go/types deductions.
-	p.created = nil // We no longer need created functions.
-
-	if p.Prog.mode&SanityCheckFunctions != 0 {
-		sanityCheckPackage(p)
+		emitJump(fn, done)
+		fn.currentBlock = done
 	}
+	fn.emit(new(Return))
+	fn.finishBody()
 }
diff --git a/vendor/golang.org/x/tools/go/ssa/create.go b/vendor/golang.org/x/tools/go/ssa/create.go
index 1bf88c83e..653ce2e5c 100644
--- a/vendor/golang.org/x/tools/go/ssa/create.go
+++ b/vendor/golang.org/x/tools/go/ssa/create.go
@@ -15,41 +15,44 @@ import (
 	"os"
 	"sync"
 
-	"golang.org/x/tools/go/types/typeutil"
 	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/internal/versions"
 )
 
 // NewProgram returns a new SSA Program.
 //
 // mode controls diagnostics and checking during SSA construction.
+//
+// To construct an SSA program:
+//
+//   - Call NewProgram to create an empty Program.
+//   - Call CreatePackage providing typed syntax for each package
+//     you want to build, and call it with types but not
+//     syntax for each of those package's direct dependencies.
+//   - Call [Package.Build] on each syntax package you wish to build,
+//     or [Program.Build] to build all of them.
+//
+// See the Example tests for simple examples.
 func NewProgram(fset *token.FileSet, mode BuilderMode) *Program {
-	prog := &Program{
+	return &Program{
 		Fset:          fset,
 		imported:      make(map[string]*Package),
 		packages:      make(map[*types.Package]*Package),
-		thunks:        make(map[selectionKey]*Function),
-		bounds:        make(map[boundsKey]*Function),
 		mode:          mode,
 		canon:         newCanonizer(),
 		ctxt:          typeparams.NewContext(),
-		instances:     make(map[*Function]*instanceSet),
 		parameterized: tpWalker{seen: make(map[types.Type]bool)},
 	}
-
-	h := typeutil.MakeHasher() // protected by methodsMu, in effect
-	prog.methodSets.SetHasher(h)
-	prog.runtimeTypes.SetHasher(h)
-
-	return prog
 }
 
 // memberFromObject populates package pkg with a member for the
 // typechecker object obj.
 //
 // For objects from Go source code, syntax is the associated syntax
-// tree (for funcs and vars only); it will be used during the build
+// tree (for funcs and vars only) and goversion defines the
+// appropriate interpretation; they will be used during the build
 // phase.
-func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
+func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node, goversion string) {
 	name := obj.Name()
 	switch obj := obj.(type) {
 	case *types.Builtin:
@@ -58,9 +61,11 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 		}
 
 	case *types.TypeName:
-		pkg.Members[name] = &Type{
-			object: obj,
-			pkg:    pkg,
+		if name != "_" {
+			pkg.Members[name] = &Type{
+				object: obj,
+				pkg:    pkg,
+			}
 		}
 
 	case *types.Const:
@@ -70,7 +75,9 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 			pkg:    pkg,
 		}
 		pkg.objects[obj] = c
-		pkg.Members[name] = c
+		if name != "_" {
+			pkg.Members[name] = c
+		}
 
 	case *types.Var:
 		g := &Global{
@@ -81,7 +88,9 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 			pos:    obj.Pos(),
 		}
 		pkg.objects[obj] = g
-		pkg.Members[name] = g
+		if name != "_" {
+			pkg.Members[name] = g
+		}
 
 	case *types.Func:
 		sig := obj.Type().(*types.Signature)
@@ -89,36 +98,10 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 			pkg.ninit++
 			name = fmt.Sprintf("init#%d", pkg.ninit)
 		}
-
-		// Collect type parameters if this is a generic function/method.
-		var tparams *typeparams.TypeParamList
-		if rtparams := typeparams.RecvTypeParams(sig); rtparams.Len() > 0 {
-			tparams = rtparams
-		} else if sigparams := typeparams.ForSignature(sig); sigparams.Len() > 0 {
-			tparams = sigparams
-		}
-
-		fn := &Function{
-			name:       name,
-			object:     obj,
-			Signature:  sig,
-			syntax:     syntax,
-			pos:        obj.Pos(),
-			Pkg:        pkg,
-			Prog:       pkg.Prog,
-			typeparams: tparams,
-			info:       pkg.info,
-		}
-		pkg.created.Add(fn)
-		if syntax == nil {
-			fn.Synthetic = "loaded from gc object file"
-		}
-		if tparams.Len() > 0 {
-			fn.Prog.createInstanceSet(fn)
-		}
-
+		fn := createFunction(pkg.Prog, obj, name, syntax, pkg.info, goversion, &pkg.created)
+		fn.Pkg = pkg
 		pkg.objects[obj] = fn
-		if sig.Recv() == nil {
+		if name != "_" && sig.Recv() == nil {
 			pkg.Members[name] = fn // package-level function
 		}
 
@@ -127,45 +110,79 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 	}
 }
 
+// createFunction creates a function or method. It supports both
+// CreatePackage (with or without syntax) and the on-demand creation
+// of methods in non-created packages based on their types.Func.
+func createFunction(prog *Program, obj *types.Func, name string, syntax ast.Node, info *types.Info, goversion string, cr *creator) *Function {
+	sig := obj.Type().(*types.Signature)
+
+	// Collect type parameters.
+	var tparams *typeparams.TypeParamList
+	if rtparams := typeparams.RecvTypeParams(sig); rtparams.Len() > 0 {
+		tparams = rtparams // method of generic type
+	} else if sigparams := typeparams.ForSignature(sig); sigparams.Len() > 0 {
+		tparams = sigparams // generic function
+	}
+
+	/* declared function/method (from syntax or export data) */
+	fn := &Function{
+		name:       name,
+		object:     obj,
+		Signature:  sig,
+		build:      (*builder).buildFromSyntax,
+		syntax:     syntax,
+		info:       info,
+		goversion:  goversion,
+		pos:        obj.Pos(),
+		Pkg:        nil, // may be set by caller
+		Prog:       prog,
+		typeparams: tparams,
+	}
+	if fn.syntax == nil {
+		fn.Synthetic = "from type information"
+		fn.build = (*builder).buildParamsOnly
+	}
+	if tparams.Len() > 0 {
+		fn.generic = new(generic)
+	}
+	cr.Add(fn)
+	return fn
+}
+
 // membersFromDecl populates package pkg with members for each
 // typechecker object (var, func, const or type) associated with the
 // specified decl.
-func membersFromDecl(pkg *Package, decl ast.Decl) {
+func membersFromDecl(pkg *Package, decl ast.Decl, goversion string) {
 	switch decl := decl.(type) {
 	case *ast.GenDecl: // import, const, type or var
 		switch decl.Tok {
 		case token.CONST:
 			for _, spec := range decl.Specs {
 				for _, id := range spec.(*ast.ValueSpec).Names {
-					if !isBlankIdent(id) {
-						memberFromObject(pkg, pkg.info.Defs[id], nil)
-					}
+					memberFromObject(pkg, pkg.info.Defs[id], nil, "")
 				}
 			}
 
 		case token.VAR:
 			for _, spec := range decl.Specs {
+				for _, rhs := range spec.(*ast.ValueSpec).Values {
+					pkg.initVersion[rhs] = goversion
+				}
 				for _, id := range spec.(*ast.ValueSpec).Names {
-					if !isBlankIdent(id) {
-						memberFromObject(pkg, pkg.info.Defs[id], spec)
-					}
+					memberFromObject(pkg, pkg.info.Defs[id], spec, goversion)
 				}
 			}
 
 		case token.TYPE:
 			for _, spec := range decl.Specs {
 				id := spec.(*ast.TypeSpec).Name
-				if !isBlankIdent(id) {
-					memberFromObject(pkg, pkg.info.Defs[id], nil)
-				}
+				memberFromObject(pkg, pkg.info.Defs[id], nil, "")
 			}
 		}
 
 	case *ast.FuncDecl:
 		id := decl.Name
-		if !isBlankIdent(id) {
-			memberFromObject(pkg, pkg.info.Defs[id], decl)
-		}
+		memberFromObject(pkg, pkg.info.Defs[id], decl, goversion)
 	}
 }
 
@@ -182,7 +199,7 @@ func (c *creator) Add(fn *Function) {
 func (c *creator) At(i int) *Function { return (*c)[i] }
 func (c *creator) Len() int           { return len(*c) }
 
-// CreatePackage constructs and returns an SSA Package from the
+// CreatePackage creates and returns an SSA Package from the
 // specified type-checked, error-free file ASTs, and populates its
 // Members mapping.
 //
@@ -190,36 +207,48 @@ func (c *creator) Len() int           { return len(*c) }
 // subsequent call to ImportedPackage(pkg.Path()).
 //
 // The real work of building SSA form for each function is not done
-// until a subsequent call to Package.Build().
+// until a subsequent call to Package.Build.
+//
+// CreatePackage should not be called after building any package in
+// the program.
 func (prog *Program) CreatePackage(pkg *types.Package, files []*ast.File, info *types.Info, importable bool) *Package {
+	// TODO(adonovan): assert that no package has yet been built.
+	if pkg == nil {
+		panic("nil pkg") // otherwise pkg.Scope below returns types.Universe!
+	}
 	p := &Package{
 		Prog:    prog,
 		Members: make(map[string]Member),
 		objects: make(map[types.Object]Member),
 		Pkg:     pkg,
-		info:    info,  // transient (CREATE and BUILD phases)
-		files:   files, // transient (CREATE and BUILD phases)
+		syntax:  info != nil,
+		// transient values (cleared after Package.Build)
+		info:        info,
+		files:       files,
+		initVersion: make(map[ast.Expr]string),
 	}
 
-	// Add init() function.
+	/* synthesized package initializer */
 	p.init = &Function{
 		name:      "init",
 		Signature: new(types.Signature),
 		Synthetic: "package initializer",
 		Pkg:       p,
 		Prog:      prog,
+		build:     (*builder).buildPackageInit,
 		info:      p.info,
+		goversion: "", // See Package.build for details.
 	}
 	p.Members[p.init.name] = p.init
 	p.created.Add(p.init)
 
-	// CREATE phase.
 	// Allocate all package members: vars, funcs, consts and types.
 	if len(files) > 0 {
 		// Go source package.
 		for _, file := range files {
+			goversion := versions.Lang(versions.FileVersions(p.info, file))
 			for _, decl := range file.Decls {
-				membersFromDecl(p, decl)
+				membersFromDecl(p, decl, goversion)
 			}
 		}
 	} else {
@@ -229,11 +258,11 @@ func (prog *Program) CreatePackage(pkg *types.Package, files []*ast.File, info *
 		scope := p.Pkg.Scope()
 		for _, name := range scope.Names() {
 			obj := scope.Lookup(name)
-			memberFromObject(p, obj, nil)
+			memberFromObject(p, obj, nil, "")
 			if obj, ok := obj.(*types.TypeName); ok {
 				if named, ok := obj.Type().(*types.Named); ok {
 					for i, n := 0, named.NumMethods(); i < n; i++ {
-						memberFromObject(p, named.Method(i), nil)
+						memberFromObject(p, named.Method(i), nil, "")
 					}
 				}
 			}
@@ -271,8 +300,8 @@ func (prog *Program) CreatePackage(pkg *types.Package, files []*ast.File, info *
 // printMu serializes printing of Packages/Functions to stdout.
 var printMu sync.Mutex
 
-// AllPackages returns a new slice containing all packages in the
-// program prog in unspecified order.
+// AllPackages returns a new slice containing all packages created by
+// prog.CreatePackage in in unspecified order.
 func (prog *Program) AllPackages() []*Package {
 	pkgs := make([]*Package, 0, len(prog.packages))
 	for _, pkg := range prog.packages {
diff --git a/vendor/golang.org/x/tools/go/ssa/doc.go b/vendor/golang.org/x/tools/go/ssa/doc.go
index a687de45e..56bc2fbc1 100644
--- a/vendor/golang.org/x/tools/go/ssa/doc.go
+++ b/vendor/golang.org/x/tools/go/ssa/doc.go
@@ -116,9 +116,6 @@
 // The ssa/ssautil package provides various utilities that depend only
 // on the public API of this package.
 //
-// TODO(adonovan): Consider the exceptional control-flow implications
-// of defer and recover().
-//
 // TODO(adonovan): write a how-to document for all the various cases
 // of trying to determine corresponding elements across the four
 // domains of source locations, ast.Nodes, types.Objects,
diff --git a/vendor/golang.org/x/tools/go/ssa/emit.go b/vendor/golang.org/x/tools/go/ssa/emit.go
index abb617e6d..d77b4407a 100644
--- a/vendor/golang.org/x/tools/go/ssa/emit.go
+++ b/vendor/golang.org/x/tools/go/ssa/emit.go
@@ -13,16 +13,53 @@ import (
 	"go/types"
 )
 
-// emitNew emits to f a new (heap Alloc) instruction allocating an
-// object of type typ.  pos is the optional source location.
-func emitNew(f *Function, typ types.Type, pos token.Pos) *Alloc {
-	v := &Alloc{Heap: true}
+// emitAlloc emits to f a new Alloc instruction allocating a variable
+// of type typ.
+//
+// The caller must set Alloc.Heap=true (for an heap-allocated variable)
+// or add the Alloc to f.Locals (for a frame-allocated variable).
+//
+// During building, a variable in f.Locals may have its Heap flag
+// set when it is discovered that its address is taken.
+// These Allocs are removed from f.Locals at the end.
+//
+// The builder should generally call one of the emit{New,Local,LocalVar} wrappers instead.
+func emitAlloc(f *Function, typ types.Type, pos token.Pos, comment string) *Alloc {
+	v := &Alloc{Comment: comment}
 	v.setType(types.NewPointer(typ))
 	v.setPos(pos)
 	f.emit(v)
 	return v
 }
 
+// emitNew emits to f a new Alloc instruction heap-allocating a
+// variable of type typ. pos is the optional source location.
+func emitNew(f *Function, typ types.Type, pos token.Pos, comment string) *Alloc {
+	alloc := emitAlloc(f, typ, pos, comment)
+	alloc.Heap = true
+	return alloc
+}
+
+// emitLocal creates a local var for (t, pos, comment) and
+// emits an Alloc instruction for it.
+//
+// (Use this function or emitNew for synthetic variables;
+// for source-level variables, use emitLocalVar.)
+func emitLocal(f *Function, t types.Type, pos token.Pos, comment string) *Alloc {
+	local := emitAlloc(f, t, pos, comment)
+	f.Locals = append(f.Locals, local)
+	return local
+}
+
+// emitLocalVar creates a local var for v and emits an Alloc instruction for it.
+// Subsequent calls to f.lookup(v) return it.
+// It applies the appropriate generic instantiation to the type.
+func emitLocalVar(f *Function, v *types.Var) *Alloc {
+	alloc := emitLocal(f, f.typ(v.Type()), v.Pos(), v.Name())
+	f.vars[v] = alloc
+	return alloc
+}
+
 // emitLoad emits to f an instruction to load the address addr into a
 // new temporary, and returns the value so defined.
 func emitLoad(f *Function, addr Value) *UnOp {
@@ -148,7 +185,7 @@ func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value {
 // Precondition: neither argument is a named type.
 func isValuePreserving(ut_src, ut_dst types.Type) bool {
 	// Identical underlying types?
-	if structTypesIdentical(ut_dst, ut_src) {
+	if types.IdenticalIgnoreTags(ut_dst, ut_src) {
 		return true
 	}
 
@@ -206,6 +243,13 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 			val = emitConv(f, val, types.Default(ut_src))
 		}
 
+		// Record the types of operands to MakeInterface, if
+		// non-parameterized, as they are the set of runtime types.
+		t := val.Type()
+		if f.typeparams.Len() == 0 || !f.Prog.parameterized.isParameterized(t) {
+			addRuntimeType(f.Prog, t)
+		}
+
 		mi := &MakeInterface{X: val}
 		mi.setType(typ)
 		return f.emit(mi)
@@ -537,48 +581,6 @@ func emitFieldSelection(f *Function, v Value, index int, wantAddr bool, id *ast.
 	return v
 }
 
-// emitSliceToArray emits to f code to convert a slice value to an array value.
-//
-// Precondition: all types in type set of typ are arrays and convertible to all
-// types in the type set of val.Type().
-func emitSliceToArray(f *Function, val Value, typ types.Type) Value {
-	// Emit the following:
-	// if val == nil && len(typ) == 0 {
-	//    ptr = &[0]T{}
-	// } else {
-	//	  ptr = SliceToArrayPointer(val)
-	// }
-	// v = *ptr
-
-	ptype := types.NewPointer(typ)
-	p := &SliceToArrayPointer{X: val}
-	p.setType(ptype)
-	ptr := f.emit(p)
-
-	nilb := f.newBasicBlock("slicetoarray.nil")
-	nonnilb := f.newBasicBlock("slicetoarray.nonnil")
-	done := f.newBasicBlock("slicetoarray.done")
-
-	cond := emitCompare(f, token.EQL, ptr, zeroConst(ptype), token.NoPos)
-	emitIf(f, cond, nilb, nonnilb)
-	f.currentBlock = nilb
-
-	zero := f.addLocal(typ, token.NoPos)
-	emitJump(f, done)
-	f.currentBlock = nonnilb
-
-	emitJump(f, done)
-	f.currentBlock = done
-
-	phi := &Phi{Edges: []Value{zero, ptr}, Comment: "slicetoarray"}
-	phi.pos = val.Pos()
-	phi.setType(typ)
-	x := f.emit(phi)
-	unOp := &UnOp{Op: token.MUL, X: x}
-	unOp.setType(typ)
-	return f.emit(unOp)
-}
-
 // createRecoverBlock emits to f a block of code to return after a
 // recovered panic, and sets f.Recover to it.
 //
diff --git a/vendor/golang.org/x/tools/go/ssa/func.go b/vendor/golang.org/x/tools/go/ssa/func.go
index 38c3e31ba..65ed491ba 100644
--- a/vendor/golang.org/x/tools/go/ssa/func.go
+++ b/vendor/golang.org/x/tools/go/ssa/func.go
@@ -10,7 +10,6 @@ import (
 	"bytes"
 	"fmt"
 	"go/ast"
-	"go/token"
 	"go/types"
 	"io"
 	"os"
@@ -108,52 +107,40 @@ type lblock struct {
 // labelledBlock returns the branch target associated with the
 // specified label, creating it if needed.
 func (f *Function) labelledBlock(label *ast.Ident) *lblock {
-	obj := f.objectOf(label)
+	obj := f.objectOf(label).(*types.Label)
 	lb := f.lblocks[obj]
 	if lb == nil {
 		lb = &lblock{_goto: f.newBasicBlock(label.Name)}
 		if f.lblocks == nil {
-			f.lblocks = make(map[types.Object]*lblock)
+			f.lblocks = make(map[*types.Label]*lblock)
 		}
 		f.lblocks[obj] = lb
 	}
 	return lb
 }
 
-// addParam adds a (non-escaping) parameter to f.Params of the
-// specified name, type and source position.
-func (f *Function) addParam(name string, typ types.Type, pos token.Pos) *Parameter {
-	v := &Parameter{
-		name:   name,
-		typ:    typ,
-		pos:    pos,
-		parent: f,
-	}
-	f.Params = append(f.Params, v)
-	return v
-}
-
-func (f *Function) addParamObj(obj types.Object) *Parameter {
-	name := obj.Name()
+// addParamVar adds a parameter to f.Params.
+func (f *Function) addParamVar(v *types.Var) *Parameter {
+	name := v.Name()
 	if name == "" {
 		name = fmt.Sprintf("arg%d", len(f.Params))
 	}
-	param := f.addParam(name, f.typ(obj.Type()), obj.Pos())
-	param.object = obj
+	param := &Parameter{
+		name:   name,
+		object: v,
+		typ:    f.typ(v.Type()),
+		parent: f,
+	}
+	f.Params = append(f.Params, param)
 	return param
 }
 
 // addSpilledParam declares a parameter that is pre-spilled to the
 // stack; the function body will load/store the spilled location.
 // Subsequent lifting will eliminate spills where possible.
-func (f *Function) addSpilledParam(obj types.Object) {
-	param := f.addParamObj(obj)
-	spill := &Alloc{Comment: obj.Name()}
-	spill.setType(types.NewPointer(param.Type()))
-	spill.setPos(obj.Pos())
-	f.objects[obj] = spill
-	f.Locals = append(f.Locals, spill)
-	f.emit(spill)
+func (f *Function) addSpilledParam(obj *types.Var) {
+	param := f.addParamVar(obj)
+	spill := emitLocalVar(f, obj)
 	f.emit(&Store{Addr: spill, Val: param})
 }
 
@@ -161,7 +148,7 @@ func (f *Function) addSpilledParam(obj types.Object) {
 // Precondition: f.Type() already set.
 func (f *Function) startBody() {
 	f.currentBlock = f.newBasicBlock("entry")
-	f.objects = make(map[types.Object]Value) // needed for some synthetics, e.g. init
+	f.vars = make(map[*types.Var]Value) // needed for some synthetics, e.g. init
 }
 
 // createSyntacticParams populates f.Params and generates code (spills
@@ -177,11 +164,11 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 	if recv != nil {
 		for _, field := range recv.List {
 			for _, n := range field.Names {
-				f.addSpilledParam(f.info.Defs[n])
+				f.addSpilledParam(identVar(f, n))
 			}
 			// Anonymous receiver?  No need to spill.
 			if field.Names == nil {
-				f.addParamObj(f.Signature.Recv())
+				f.addParamVar(f.Signature.Recv())
 			}
 		}
 	}
@@ -191,11 +178,11 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 		n := len(f.Params) // 1 if has recv, 0 otherwise
 		for _, field := range functype.Params.List {
 			for _, n := range field.Names {
-				f.addSpilledParam(f.info.Defs[n])
+				f.addSpilledParam(identVar(f, n))
 			}
 			// Anonymous parameter?  No need to spill.
 			if field.Names == nil {
-				f.addParamObj(f.Signature.Params().At(len(f.Params) - n))
+				f.addParamVar(f.Signature.Params().At(len(f.Params) - n))
 			}
 		}
 	}
@@ -205,7 +192,8 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 		for _, field := range functype.Results.List {
 			// Implicit "var" decl of locals for named results.
 			for _, n := range field.Names {
-				f.namedResults = append(f.namedResults, f.addLocalForIdent(n))
+				namedResult := emitLocalVar(f, identVar(f, n))
+				f.namedResults = append(f.namedResults, namedResult)
 			}
 		}
 	}
@@ -250,49 +238,14 @@ func buildReferrers(f *Function) {
 	}
 }
 
-// mayNeedRuntimeTypes returns all of the types in the body of fn that might need runtime types.
-//
-// EXCLUSIVE_LOCKS_ACQUIRED(meth.Prog.methodsMu)
-func mayNeedRuntimeTypes(fn *Function) []types.Type {
-	// Collect all types that may need rtypes, i.e. those that flow into an interface.
-	var ts []types.Type
-	for _, bb := range fn.Blocks {
-		for _, instr := range bb.Instrs {
-			if mi, ok := instr.(*MakeInterface); ok {
-				ts = append(ts, mi.X.Type())
-			}
-		}
-	}
-
-	// Types that contain a parameterized type are considered to not be runtime types.
-	if fn.typeparams.Len() == 0 {
-		return ts // No potentially parameterized types.
-	}
-	// Filter parameterized types, in place.
-	fn.Prog.methodsMu.Lock()
-	defer fn.Prog.methodsMu.Unlock()
-	filtered := ts[:0]
-	for _, t := range ts {
-		if !fn.Prog.parameterized.isParameterized(t) {
-			filtered = append(filtered, t)
-		}
-	}
-	return filtered
-}
-
 // finishBody() finalizes the contents of the function after SSA code generation of its body.
 //
 // The function is not done being built until done() is called.
 func (f *Function) finishBody() {
-	f.objects = nil
+	f.vars = nil
 	f.currentBlock = nil
 	f.lblocks = nil
 
-	// Don't pin the AST in memory (except in debug mode).
-	if n := f.syntax; n != nil && !f.debugInfo() {
-		f.syntax = extentNode{n.Pos(), n.End()}
-	}
-
 	// Remove from f.Locals any Allocs that escape to the heap.
 	j := 0
 	for _, l := range f.Locals {
@@ -320,15 +273,15 @@ func (f *Function) finishBody() {
 		lift(f)
 	}
 
-	// clear remaining stateful variables
+	// clear remaining builder state
 	f.namedResults = nil // (used by lifting)
-	f.info = nil
 	f.subst = nil
 
 	numberRegisters(f) // uses f.namedRegisters
 }
 
-// After this, function is done with BUILD phase.
+// done marks the building of f's SSA body complete,
+// along with any nested functions, and optionally prints them.
 func (f *Function) done() {
 	assert(f.parent == nil, "done called on an anonymous function")
 
@@ -338,7 +291,7 @@ func (f *Function) done() {
 			visit(anon) // anon is done building before f.
 		}
 
-		f.built = true // function is done with BUILD phase
+		f.build = nil // function is built
 
 		if f.Prog.mode&PrintFunctions != 0 {
 			printMu.Lock()
@@ -376,7 +329,6 @@ func (f *Function) removeNilBlocks() {
 // size of the instruction stream, and causes Functions to depend upon
 // the ASTs, potentially keeping them live in memory for longer.
 func (pkg *Package) SetDebugMode(debug bool) {
-	// TODO(adonovan): do we want ast.File granularity?
 	pkg.debug = debug
 }
 
@@ -387,40 +339,25 @@ func (f *Function) debugInfo() bool {
 	return p != nil && p.debug
 }
 
-// addNamedLocal creates a local variable, adds it to function f and
-// returns it.  Its name and type are taken from obj.  Subsequent
-// calls to f.lookup(obj) will return the same local.
-func (f *Function) addNamedLocal(obj types.Object) *Alloc {
-	l := f.addLocal(obj.Type(), obj.Pos())
-	l.Comment = obj.Name()
-	f.objects[obj] = l
-	return l
-}
-
-func (f *Function) addLocalForIdent(id *ast.Ident) *Alloc {
-	return f.addNamedLocal(f.info.Defs[id])
-}
-
-// addLocal creates an anonymous local variable of type typ, adds it
-// to function f and returns it.  pos is the optional source location.
-func (f *Function) addLocal(typ types.Type, pos token.Pos) *Alloc {
-	typ = f.typ(typ)
-	v := &Alloc{}
-	v.setType(types.NewPointer(typ))
-	v.setPos(pos)
-	f.Locals = append(f.Locals, v)
-	f.emit(v)
-	return v
-}
-
 // lookup returns the address of the named variable identified by obj
 // that is local to function f or one of its enclosing functions.
 // If escaping, the reference comes from a potentially escaping pointer
 // expression and the referent must be heap-allocated.
-func (f *Function) lookup(obj types.Object, escaping bool) Value {
-	if v, ok := f.objects[obj]; ok {
-		if alloc, ok := v.(*Alloc); ok && escaping {
-			alloc.Heap = true
+// We assume the referent is a *Alloc or *Phi.
+// (The only Phis at this stage are those created directly by go1.22 "for" loops.)
+func (f *Function) lookup(obj *types.Var, escaping bool) Value {
+	if v, ok := f.vars[obj]; ok {
+		if escaping {
+			switch v := v.(type) {
+			case *Alloc:
+				v.Heap = true
+			case *Phi:
+				for _, edge := range v.Edges {
+					if alloc, ok := edge.(*Alloc); ok {
+						alloc.Heap = true
+					}
+				}
+			}
 		}
 		return v // function-local var (address)
 	}
@@ -438,7 +375,7 @@ func (f *Function) lookup(obj types.Object, escaping bool) Value {
 		outer:  outer,
 		parent: f,
 	}
-	f.objects[obj] = v
+	f.vars[obj] = v
 	f.FreeVars = append(f.FreeVars, v)
 	return v
 }
@@ -536,7 +473,7 @@ func writeSignature(buf *bytes.Buffer, from *types.Package, name string, sig *ty
 func (fn *Function) declaredPackage() *Package {
 	switch {
 	case fn.Pkg != nil:
-		return fn.Pkg // non-generic function
+		return fn.Pkg // non-generic function  (does that follow??)
 	case fn.topLevelOrigin != nil:
 		return fn.topLevelOrigin.Pkg // instance of a named generic function
 	case fn.parent != nil:
@@ -689,17 +626,11 @@ func (prog *Program) NewFunction(name string, sig *types.Signature, provenance s
 	return &Function{Prog: prog, name: name, Signature: sig, Synthetic: provenance}
 }
 
-type extentNode [2]token.Pos
-
-func (n extentNode) Pos() token.Pos { return n[0] }
-func (n extentNode) End() token.Pos { return n[1] }
-
-// Syntax returns an ast.Node whose Pos/End methods provide the
-// lexical extent of the function if it was defined by Go source code
-// (f.Synthetic==""), or nil otherwise.
-//
-// If f was built with debug information (see Package.SetDebugRef),
-// the result is the *ast.FuncDecl or *ast.FuncLit that declared the
-// function.  Otherwise, it is an opaque Node providing only position
-// information; this avoids pinning the AST in memory.
+// Syntax returns the function's syntax (*ast.Func{Decl,Lit)
+// if it was produced from syntax.
 func (f *Function) Syntax() ast.Node { return f.syntax }
+
+// identVar returns the variable defined by id.
+func identVar(fn *Function, id *ast.Ident) *types.Var {
+	return fn.info.Defs[id].(*types.Var)
+}
diff --git a/vendor/golang.org/x/tools/go/ssa/identical.go b/vendor/golang.org/x/tools/go/ssa/identical.go
deleted file mode 100644
index e8026967b..000000000
--- a/vendor/golang.org/x/tools/go/ssa/identical.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.8
-// +build go1.8
-
-package ssa
-
-import "go/types"
-
-var structTypesIdentical = types.IdenticalIgnoreTags
diff --git a/vendor/golang.org/x/tools/go/ssa/identical_17.go b/vendor/golang.org/x/tools/go/ssa/identical_17.go
deleted file mode 100644
index 575aa5dfc..000000000
--- a/vendor/golang.org/x/tools/go/ssa/identical_17.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.8
-// +build !go1.8
-
-package ssa
-
-import "go/types"
-
-var structTypesIdentical = types.Identical
diff --git a/vendor/golang.org/x/tools/go/ssa/instantiate.go b/vendor/golang.org/x/tools/go/ssa/instantiate.go
index 38249dea2..370284ab7 100644
--- a/vendor/golang.org/x/tools/go/ssa/instantiate.go
+++ b/vendor/golang.org/x/tools/go/ssa/instantiate.go
@@ -6,129 +6,59 @@ package ssa
 
 import (
 	"fmt"
-	"go/ast"
 	"go/types"
+	"sync"
 
 	"golang.org/x/tools/internal/typeparams"
 )
 
-// _Instances returns all of the instances generated by runtime types for this function in an unspecified order.
-//
-// Thread-safe.
-//
-// This is an experimental interface! It may change without warning.
-func (prog *Program) _Instances(fn *Function) []*Function {
-	if fn.typeparams.Len() == 0 || len(fn.typeargs) > 0 {
-		return nil
-	}
-
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-	return prog.instances[fn].list()
-}
-
-// A set of instantiations of a generic function fn.
-type instanceSet struct {
-	fn        *Function               // fn.typeparams.Len() > 0 and len(fn.typeargs) == 0.
-	instances map[*typeList]*Function // canonical type arguments to an instance.
-	syntax    *ast.FuncDecl           // fn.syntax copy for instantiating after fn is done. nil on synthetic packages.
-	info      *types.Info             // fn.pkg.info copy for building after fn is done.. nil on synthetic packages.
-
-	// TODO(taking): Consider ways to allow for clearing syntax and info when done building.
-	// May require a public API change as MethodValue can request these be built after prog.Build() is done.
-}
-
-func (insts *instanceSet) list() []*Function {
-	if insts == nil {
-		return nil
-	}
-
-	fns := make([]*Function, 0, len(insts.instances))
-	for _, fn := range insts.instances {
-		fns = append(fns, fn)
-	}
-	return fns
+// A generic records information about a generic origin function,
+// including a cache of existing instantiations.
+type generic struct {
+	instancesMu sync.Mutex
+	instances   map[*typeList]*Function // canonical type arguments to an instance.
 }
 
-// createInstanceSet adds a new instanceSet for a generic function fn if one does not exist.
+// instance returns a Function that is the instantiation of generic
+// origin function fn with the type arguments targs.
 //
-// Precondition: fn is a package level declaration (function or method).
+// Any created instance is added to cr.
 //
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodMu)
-func (prog *Program) createInstanceSet(fn *Function) {
-	assert(fn.typeparams.Len() > 0 && len(fn.typeargs) == 0, "Can only create instance sets for generic functions")
-
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-
-	syntax, _ := fn.syntax.(*ast.FuncDecl)
-	assert((syntax == nil) == (fn.syntax == nil), "fn.syntax is either nil or a *ast.FuncDecl")
-
-	if _, ok := prog.instances[fn]; !ok {
-		prog.instances[fn] = &instanceSet{
-			fn:     fn,
-			syntax: syntax,
-			info:   fn.info,
+// Acquires fn.generic.instancesMu.
+func (fn *Function) instance(targs []types.Type, cr *creator) *Function {
+	key := fn.Prog.canon.List(targs)
+
+	gen := fn.generic
+
+	gen.instancesMu.Lock()
+	defer gen.instancesMu.Unlock()
+	inst, ok := gen.instances[key]
+	if !ok {
+		inst = createInstance(fn, targs, cr)
+		if gen.instances == nil {
+			gen.instances = make(map[*typeList]*Function)
 		}
+		gen.instances[key] = inst
 	}
+	return inst
 }
 
-// needsInstance returns a Function that is the instantiation of fn with the type arguments targs.
-//
-// Any CREATEd instance is added to cr.
-//
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodMu)
-func (prog *Program) needsInstance(fn *Function, targs []types.Type, cr *creator) *Function {
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-
-	return prog.lookupOrCreateInstance(fn, targs, cr)
-}
-
-// lookupOrCreateInstance returns a Function that is the instantiation of fn with the type arguments targs.
-//
-// Any CREATEd instance is added to cr.
-//
-// EXCLUSIVE_LOCKS_REQUIRED(prog.methodMu)
-func (prog *Program) lookupOrCreateInstance(fn *Function, targs []types.Type, cr *creator) *Function {
-	return prog.instances[fn].lookupOrCreate(targs, &prog.parameterized, cr)
-}
-
-// lookupOrCreate returns the instantiation of insts.fn using targs.
+// createInstance returns the instantiation of generic function fn using targs.
 // If the instantiation is created, this is added to cr.
-func (insts *instanceSet) lookupOrCreate(targs []types.Type, parameterized *tpWalker, cr *creator) *Function {
-	if insts.instances == nil {
-		insts.instances = make(map[*typeList]*Function)
-	}
-
-	fn := insts.fn
+//
+// Requires fn.generic.instancesMu.
+func createInstance(fn *Function, targs []types.Type, cr *creator) *Function {
 	prog := fn.Prog
 
-	// canonicalize on a tuple of targs. Sig is not unique.
-	//
-	// func A[T any]() {
-	//   var x T
-	//   fmt.Println("%T", x)
-	// }
-	key := prog.canon.List(targs)
-	if inst, ok := insts.instances[key]; ok {
-		return inst
-	}
-
-	// CREATE instance/instantiation wrapper
-	var syntax ast.Node
-	if insts.syntax != nil {
-		syntax = insts.syntax
-	}
-
+	// Compute signature.
 	var sig *types.Signature
 	var obj *types.Func
 	if recv := fn.Signature.Recv(); recv != nil {
 		// method
-		m := fn.object.(*types.Func)
-		obj = prog.canon.instantiateMethod(m, targs, prog.ctxt)
+		obj = prog.canon.instantiateMethod(fn.object, targs, prog.ctxt)
 		sig = obj.Type().(*types.Signature)
 	} else {
+		// function
 		instSig, err := typeparams.Instantiate(prog.ctxt, fn.Signature, targs, false)
 		if err != nil {
 			panic(err)
@@ -137,41 +67,48 @@ func (insts *instanceSet) lookupOrCreate(targs []types.Type, parameterized *tpWa
 		if !ok {
 			panic("Instantiate of a Signature returned a non-signature")
 		}
-		obj = fn.object.(*types.Func) // instantiation does not exist yet
+		obj = fn.object // instantiation does not exist yet
 		sig = prog.canon.Type(instance).(*types.Signature)
 	}
 
-	var synthetic string
-	var subst *subster
-
-	concrete := !parameterized.anyParameterized(targs)
-
-	if prog.mode&InstantiateGenerics != 0 && concrete {
+	// Choose strategy (instance or wrapper).
+	var (
+		synthetic string
+		subst     *subster
+		build     buildFunc
+	)
+	if prog.mode&InstantiateGenerics != 0 && !prog.parameterized.anyParameterized(targs) {
 		synthetic = fmt.Sprintf("instance of %s", fn.Name())
-		scope := typeparams.OriginMethod(obj).Scope()
-		subst = makeSubster(prog.ctxt, scope, fn.typeparams, targs, false)
+		if fn.syntax != nil {
+			scope := typeparams.OriginMethod(obj).Scope()
+			subst = makeSubster(prog.ctxt, scope, fn.typeparams, targs, false)
+			build = (*builder).buildFromSyntax
+		} else {
+			build = (*builder).buildParamsOnly
+		}
 	} else {
 		synthetic = fmt.Sprintf("instantiation wrapper of %s", fn.Name())
+		build = (*builder).buildInstantiationWrapper
 	}
 
-	name := fmt.Sprintf("%s%s", fn.Name(), targs) // may not be unique
+	/* generic instance or instantiation wrapper */
 	instance := &Function{
-		name:           name,
+		name:           fmt.Sprintf("%s%s", fn.Name(), targs), // may not be unique
 		object:         obj,
 		Signature:      sig,
 		Synthetic:      synthetic,
-		syntax:         syntax,
+		syntax:         fn.syntax,    // \
+		info:           fn.info,      //  } empty for non-created packages
+		goversion:      fn.goversion, // /
+		build:          build,
 		topLevelOrigin: fn,
 		pos:            obj.Pos(),
 		Pkg:            nil,
 		Prog:           fn.Prog,
 		typeparams:     fn.typeparams, // share with origin
 		typeargs:       targs,
-		info:           insts.info, // on synthetic packages info is nil.
 		subst:          subst,
 	}
-
 	cr.Add(instance)
-	insts.instances[key] = instance
 	return instance
 }
diff --git a/vendor/golang.org/x/tools/go/ssa/lift.go b/vendor/golang.org/x/tools/go/ssa/lift.go
index dbd8790c6..da49fe9f1 100644
--- a/vendor/golang.org/x/tools/go/ssa/lift.go
+++ b/vendor/golang.org/x/tools/go/ssa/lift.go
@@ -103,9 +103,14 @@ func buildDomFrontier(fn *Function) domFrontier {
 }
 
 func removeInstr(refs []Instruction, instr Instruction) []Instruction {
+	return removeInstrsIf(refs, func(i Instruction) bool { return i == instr })
+}
+
+func removeInstrsIf(refs []Instruction, p func(Instruction) bool) []Instruction {
+	// TODO(taking): replace with go1.22 slices.DeleteFunc.
 	i := 0
 	for _, ref := range refs {
-		if ref == instr {
+		if p(ref) {
 			continue
 		}
 		refs[i] = ref
diff --git a/vendor/golang.org/x/tools/go/ssa/methods.go b/vendor/golang.org/x/tools/go/ssa/methods.go
index 294498371..03ef62521 100644
--- a/vendor/golang.org/x/tools/go/ssa/methods.go
+++ b/vendor/golang.org/x/tools/go/ssa/methods.go
@@ -10,54 +10,124 @@ import (
 	"fmt"
 	"go/types"
 
+	"golang.org/x/tools/go/types/typeutil"
 	"golang.org/x/tools/internal/typeparams"
 )
 
 // MethodValue returns the Function implementing method sel, building
-// wrapper methods on demand.  It returns nil if sel denotes an
-// abstract (interface or parameterized) method.
+// wrapper methods on demand. It returns nil if sel denotes an
+// interface or generic method.
 //
 // Precondition: sel.Kind() == MethodVal.
 //
 // Thread-safe.
 //
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodsMu)
+// Acquires prog.methodsMu.
 func (prog *Program) MethodValue(sel *types.Selection) *Function {
 	if sel.Kind() != types.MethodVal {
 		panic(fmt.Sprintf("MethodValue(%s) kind != MethodVal", sel))
 	}
 	T := sel.Recv()
 	if types.IsInterface(T) {
-		return nil // abstract method (interface, possibly type param)
+		return nil // interface method or type parameter
 	}
+
+	if prog.parameterized.isParameterized(T) {
+		return nil // generic method
+	}
+
 	if prog.mode&LogSource != 0 {
 		defer logStack("MethodValue %s %v", T, sel)()
 	}
 
-	var m *Function
-	b := builder{created: &creator{}}
+	var cr creator
 
-	prog.methodsMu.Lock()
-	// Checks whether a type param is reachable from T.
-	// This is an expensive check. May need to be optimized later.
-	if !prog.parameterized.isParameterized(T) {
-		m = prog.addMethod(prog.createMethodSet(T), sel, b.created)
+	m := func() *Function {
+		prog.methodsMu.Lock()
+		defer prog.methodsMu.Unlock()
+
+		// Get or create SSA method set.
+		mset, ok := prog.methodSets.At(T).(*methodSet)
+		if !ok {
+			mset = &methodSet{mapping: make(map[string]*Function)}
+			prog.methodSets.Set(T, mset)
+		}
+
+		// Get or create SSA method.
+		id := sel.Obj().Id()
+		fn, ok := mset.mapping[id]
+		if !ok {
+			obj := sel.Obj().(*types.Func)
+			_, ptrObj := deptr(recvType(obj))
+			_, ptrRecv := deptr(T)
+			needsPromotion := len(sel.Index()) > 1
+			needsIndirection := !ptrObj && ptrRecv
+			if needsPromotion || needsIndirection {
+				fn = createWrapper(prog, toSelection(sel), &cr)
+			} else {
+				fn = prog.objectMethod(obj, &cr)
+			}
+			if fn.Signature.Recv() == nil {
+				panic(fn)
+			}
+			mset.mapping[id] = fn
+		}
+
+		return fn
+	}()
+
+	b := builder{created: &cr}
+	b.iterate()
+
+	return m
+}
+
+// objectMethod returns the Function for a given method symbol.
+// The symbol may be an instance of a generic function. It need not
+// belong to an existing SSA package created by a call to
+// prog.CreatePackage.
+//
+// objectMethod panics if the function is not a method.
+//
+// Acquires prog.objectMethodsMu.
+func (prog *Program) objectMethod(obj *types.Func, cr *creator) *Function {
+	sig := obj.Type().(*types.Signature)
+	if sig.Recv() == nil {
+		panic("not a method: " + obj.String())
 	}
-	prog.methodsMu.Unlock()
 
-	if m == nil {
-		return nil // abstract method (generic)
+	// Belongs to a created package?
+	if fn := prog.FuncValue(obj); fn != nil {
+		return fn
 	}
-	for !b.done() {
-		b.buildCreated()
-		b.needsRuntimeTypes()
+
+	// Instantiation of generic?
+	if originObj := typeparams.OriginMethod(obj); originObj != obj {
+		origin := prog.objectMethod(originObj, cr)
+		assert(origin.typeparams.Len() > 0, "origin is not generic")
+		targs := receiverTypeArgs(obj)
+		return origin.instance(targs, cr)
 	}
-	return m
+
+	// Consult/update cache of methods created from types.Func.
+	prog.objectMethodsMu.Lock()
+	defer prog.objectMethodsMu.Unlock()
+	fn, ok := prog.objectMethods[obj]
+	if !ok {
+		fn = createFunction(prog, obj, obj.Name(), nil, nil, "", cr)
+		fn.Synthetic = "from type information (on demand)"
+
+		if prog.objectMethods == nil {
+			prog.objectMethods = make(map[*types.Func]*Function)
+		}
+		prog.objectMethods[obj] = fn
+	}
+	return fn
 }
 
 // LookupMethod returns the implementation of the method of type T
 // identified by (pkg, name).  It returns nil if the method exists but
-// is abstract, and panics if T has no such method.
+// is an interface method or generic method, and panics if T has no such method.
 func (prog *Program) LookupMethod(T types.Type, pkg *types.Package, name string) *Function {
 	sel := prog.MethodSets.MethodSet(T).Lookup(pkg, name)
 	if sel == nil {
@@ -68,208 +138,136 @@ func (prog *Program) LookupMethod(T types.Type, pkg *types.Package, name string)
 
 // methodSet contains the (concrete) methods of a concrete type (non-interface, non-parameterized).
 type methodSet struct {
-	mapping  map[string]*Function // populated lazily
-	complete bool                 // mapping contains all methods
-}
-
-// Precondition: T is a concrete type, e.g. !isInterface(T) and not parameterized.
-// EXCLUSIVE_LOCKS_REQUIRED(prog.methodsMu)
-func (prog *Program) createMethodSet(T types.Type) *methodSet {
-	if prog.mode&SanityCheckFunctions != 0 {
-		if types.IsInterface(T) || prog.parameterized.isParameterized(T) {
-			panic("type is interface or parameterized")
-		}
-	}
-	mset, ok := prog.methodSets.At(T).(*methodSet)
-	if !ok {
-		mset = &methodSet{mapping: make(map[string]*Function)}
-		prog.methodSets.Set(T, mset)
-	}
-	return mset
-}
-
-// Adds any created functions to cr.
-// Precondition: T is a concrete type, e.g. !isInterface(T) and not parameterized.
-// EXCLUSIVE_LOCKS_REQUIRED(prog.methodsMu)
-func (prog *Program) addMethod(mset *methodSet, sel *types.Selection, cr *creator) *Function {
-	if sel.Kind() == types.MethodExpr {
-		panic(sel)
-	}
-	id := sel.Obj().Id()
-	fn := mset.mapping[id]
-	if fn == nil {
-		sel := toSelection(sel)
-		obj := sel.obj.(*types.Func)
-
-		_, ptrObj := deptr(recvType(obj))
-		_, ptrRecv := deptr(sel.recv)
-
-		needsPromotion := len(sel.index) > 1
-		needsIndirection := !ptrObj && ptrRecv
-		if needsPromotion || needsIndirection {
-			fn = makeWrapper(prog, sel, cr)
-		} else {
-			fn = prog.originFunc(obj)
-			if fn.typeparams.Len() > 0 { // instantiate
-				targs := receiverTypeArgs(obj)
-				fn = prog.lookupOrCreateInstance(fn, targs, cr)
-			}
-		}
-		if fn.Signature.Recv() == nil {
-			panic(fn) // missing receiver
-		}
-		mset.mapping[id] = fn
-	}
-	return fn
+	mapping map[string]*Function // populated lazily
 }
 
-// RuntimeTypes returns a new unordered slice containing all
-// concrete types in the program for which a complete (non-empty)
-// method set is required at run-time.
+// RuntimeTypes returns a new unordered slice containing all types in
+// the program for which a runtime type is required.
+//
+// A runtime type is required for any non-parameterized, non-interface
+// type that is converted to an interface, or for any type (including
+// interface types) derivable from one through reflection.
+//
+// The methods of such types may be reachable through reflection or
+// interface calls even if they are never called directly.
 //
 // Thread-safe.
 //
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodsMu)
+// Acquires prog.runtimeTypesMu.
 func (prog *Program) RuntimeTypes() []types.Type {
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-
-	var res []types.Type
-	prog.methodSets.Iterate(func(T types.Type, v interface{}) {
-		if v.(*methodSet).complete {
-			res = append(res, T)
-		}
-	})
-	return res
-}
-
-// declaredFunc returns the concrete function/method denoted by obj.
-// Panic ensues if there is none.
-func (prog *Program) declaredFunc(obj *types.Func) *Function {
-	if v := prog.packageLevelMember(obj); v != nil {
-		return v.(*Function)
-	}
-	panic("no concrete method: " + obj.String())
+	prog.runtimeTypesMu.Lock()
+	defer prog.runtimeTypesMu.Unlock()
+	return prog.runtimeTypes.Keys()
 }
 
-// needMethodsOf ensures that runtime type information (including the
-// complete method set) is available for the specified type T and all
-// its subcomponents.
-//
-// needMethodsOf must be called for at least every type that is an
-// operand of some MakeInterface instruction, and for the type of
-// every exported package member.
-//
-// Adds any created functions to cr.
-//
-// Precondition: T is not a method signature (*Signature with Recv()!=nil).
-// Precondition: T is not parameterized.
-//
-// Thread-safe.  (Called via Package.build from multiple builder goroutines.)
+// forEachReachable calls f for type T and each type reachable from
+// its type through reflection.
 //
-// TODO(adonovan): make this faster.  It accounts for 20% of SSA build time.
+// The function f must use memoization to break cycles and
+// return false when the type has already been visited.
 //
-// EXCLUSIVE_LOCKS_ACQUIRED(prog.methodsMu)
-func (prog *Program) needMethodsOf(T types.Type, cr *creator) {
-	prog.methodsMu.Lock()
-	prog.needMethods(T, false, cr)
-	prog.methodsMu.Unlock()
-}
-
-// Precondition: T is not a method signature (*Signature with Recv()!=nil).
-// Precondition: T is not parameterized.
-// Recursive case: skip => don't create methods for T.
-//
-// EXCLUSIVE_LOCKS_REQUIRED(prog.methodsMu)
-func (prog *Program) needMethods(T types.Type, skip bool, cr *creator) {
-	// Each package maintains its own set of types it has visited.
-	if prevSkip, ok := prog.runtimeTypes.At(T).(bool); ok {
-		// needMethods(T) was previously called
-		if !prevSkip || skip {
-			return // already seen, with same or false 'skip' value
-		}
-	}
-	prog.runtimeTypes.Set(T, skip)
-
-	tmset := prog.MethodSets.MethodSet(T)
-
-	if !skip && !types.IsInterface(T) && tmset.Len() > 0 {
-		// Create methods of T.
-		mset := prog.createMethodSet(T)
-		if !mset.complete {
-			mset.complete = true
-			n := tmset.Len()
-			for i := 0; i < n; i++ {
-				prog.addMethod(mset, tmset.At(i), cr)
+// TODO(adonovan): publish in typeutil and share with go/callgraph/rta.
+func forEachReachable(msets *typeutil.MethodSetCache, T types.Type, f func(types.Type) bool) {
+	var visit func(T types.Type, skip bool)
+	visit = func(T types.Type, skip bool) {
+		if !skip {
+			if !f(T) {
+				return
 			}
 		}
-	}
-
-	// Recursion over signatures of each method.
-	for i := 0; i < tmset.Len(); i++ {
-		sig := tmset.At(i).Type().(*types.Signature)
-		prog.needMethods(sig.Params(), false, cr)
-		prog.needMethods(sig.Results(), false, cr)
-	}
 
-	switch t := T.(type) {
-	case *types.Basic:
-		// nop
+		// Recursion over signatures of each method.
+		tmset := msets.MethodSet(T)
+		for i := 0; i < tmset.Len(); i++ {
+			sig := tmset.At(i).Type().(*types.Signature)
+			// It is tempting to call visit(sig, false)
+			// but, as noted in golang.org/cl/65450043,
+			// the Signature.Recv field is ignored by
+			// types.Identical and typeutil.Map, which
+			// is confusing at best.
+			//
+			// More importantly, the true signature rtype
+			// reachable from a method using reflection
+			// has no receiver but an extra ordinary parameter.
+			// For the Read method of io.Reader we want:
+			//   func(Reader, []byte) (int, error)
+			// but here sig is:
+			//   func([]byte) (int, error)
+			// with .Recv = Reader (though it is hard to
+			// notice because it doesn't affect Signature.String
+			// or types.Identical).
+			//
+			// TODO(adonovan): construct and visit the correct
+			// non-method signature with an extra parameter
+			// (though since unnamed func types have no methods
+			// there is essentially no actual demand for this).
+			//
+			// TODO(adonovan): document whether or not it is
+			// safe to skip non-exported methods (as RTA does).
+			visit(sig.Params(), true)  // skip the Tuple
+			visit(sig.Results(), true) // skip the Tuple
+		}
 
-	case *types.Interface:
-		// nop---handled by recursion over method set.
+		switch T := T.(type) {
+		case *types.Basic:
+			// nop
 
-	case *types.Pointer:
-		prog.needMethods(t.Elem(), false, cr)
+		case *types.Interface:
+			// nop---handled by recursion over method set.
 
-	case *types.Slice:
-		prog.needMethods(t.Elem(), false, cr)
+		case *types.Pointer:
+			visit(T.Elem(), false)
 
-	case *types.Chan:
-		prog.needMethods(t.Elem(), false, cr)
+		case *types.Slice:
+			visit(T.Elem(), false)
 
-	case *types.Map:
-		prog.needMethods(t.Key(), false, cr)
-		prog.needMethods(t.Elem(), false, cr)
+		case *types.Chan:
+			visit(T.Elem(), false)
 
-	case *types.Signature:
-		if t.Recv() != nil {
-			panic(fmt.Sprintf("Signature %s has Recv %s", t, t.Recv()))
-		}
-		prog.needMethods(t.Params(), false, cr)
-		prog.needMethods(t.Results(), false, cr)
-
-	case *types.Named:
-		// A pointer-to-named type can be derived from a named
-		// type via reflection.  It may have methods too.
-		prog.needMethods(types.NewPointer(T), false, cr)
-
-		// Consider 'type T struct{S}' where S has methods.
-		// Reflection provides no way to get from T to struct{S},
-		// only to S, so the method set of struct{S} is unwanted,
-		// so set 'skip' flag during recursion.
-		prog.needMethods(t.Underlying(), true, cr)
-
-	case *types.Array:
-		prog.needMethods(t.Elem(), false, cr)
-
-	case *types.Struct:
-		for i, n := 0, t.NumFields(); i < n; i++ {
-			prog.needMethods(t.Field(i).Type(), false, cr)
-		}
+		case *types.Map:
+			visit(T.Key(), false)
+			visit(T.Elem(), false)
 
-	case *types.Tuple:
-		for i, n := 0, t.Len(); i < n; i++ {
-			prog.needMethods(t.At(i).Type(), false, cr)
-		}
+		case *types.Signature:
+			if T.Recv() != nil {
+				panic(fmt.Sprintf("Signature %s has Recv %s", T, T.Recv()))
+			}
+			visit(T.Params(), true)  // skip the Tuple
+			visit(T.Results(), true) // skip the Tuple
+
+		case *types.Named:
+			// A pointer-to-named type can be derived from a named
+			// type via reflection.  It may have methods too.
+			visit(types.NewPointer(T), false)
+
+			// Consider 'type T struct{S}' where S has methods.
+			// Reflection provides no way to get from T to struct{S},
+			// only to S, so the method set of struct{S} is unwanted,
+			// so set 'skip' flag during recursion.
+			visit(T.Underlying(), true) // skip the unnamed type
+
+		case *types.Array:
+			visit(T.Elem(), false)
+
+		case *types.Struct:
+			for i, n := 0, T.NumFields(); i < n; i++ {
+				// TODO(adonovan): document whether or not
+				// it is safe to skip non-exported fields.
+				visit(T.Field(i).Type(), false)
+			}
 
-	case *typeparams.TypeParam:
-		panic(T) // type parameters are always abstract.
+		case *types.Tuple:
+			for i, n := 0, T.Len(); i < n; i++ {
+				visit(T.At(i).Type(), false)
+			}
 
-	case *typeparams.Union:
-		// nop
+		case *typeparams.TypeParam, *typeparams.Union:
+			// forEachReachable must not be called on parameterized types.
+			panic(T)
 
-	default:
-		panic(T)
+		default:
+			panic(T)
+		}
 	}
+	visit(T, false)
 }
diff --git a/vendor/golang.org/x/tools/go/ssa/parameterized.go b/vendor/golang.org/x/tools/go/ssa/parameterized.go
index b90ee0e86..656417ac8 100644
--- a/vendor/golang.org/x/tools/go/ssa/parameterized.go
+++ b/vendor/golang.org/x/tools/go/ssa/parameterized.go
@@ -6,6 +6,7 @@ package ssa
 
 import (
 	"go/types"
+	"sync"
 
 	"golang.org/x/tools/internal/typeparams"
 )
@@ -14,11 +15,24 @@ import (
 //
 // NOTE: Adapted from go/types/infer.go. If that is exported in a future release remove this copy.
 type tpWalker struct {
+	mu   sync.Mutex
 	seen map[types.Type]bool
 }
 
-// isParameterized returns true when typ reaches any type parameter.
-func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
+// isParameterized reports whether t recursively contains a type parameter.
+// Thread-safe.
+func (w *tpWalker) isParameterized(t types.Type) bool {
+	// TODO(adonovan): profile. If this operation is expensive,
+	// handle the most common but shallow cases such as T, pkg.T,
+	// *T without consulting the cache under the lock.
+
+	w.mu.Lock()
+	defer w.mu.Unlock()
+	return w.isParameterizedLocked(t)
+}
+
+// Requires w.mu.
+func (w *tpWalker) isParameterizedLocked(typ types.Type) (res bool) {
 	// NOTE: Adapted from go/types/infer.go. Try to keep in sync.
 
 	// detect cycles
@@ -35,25 +49,25 @@ func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
 		break
 
 	case *types.Array:
-		return w.isParameterized(t.Elem())
+		return w.isParameterizedLocked(t.Elem())
 
 	case *types.Slice:
-		return w.isParameterized(t.Elem())
+		return w.isParameterizedLocked(t.Elem())
 
 	case *types.Struct:
 		for i, n := 0, t.NumFields(); i < n; i++ {
-			if w.isParameterized(t.Field(i).Type()) {
+			if w.isParameterizedLocked(t.Field(i).Type()) {
 				return true
 			}
 		}
 
 	case *types.Pointer:
-		return w.isParameterized(t.Elem())
+		return w.isParameterizedLocked(t.Elem())
 
 	case *types.Tuple:
 		n := t.Len()
 		for i := 0; i < n; i++ {
-			if w.isParameterized(t.At(i).Type()) {
+			if w.isParameterizedLocked(t.At(i).Type()) {
 				return true
 			}
 		}
@@ -66,11 +80,11 @@ func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
 		// Similarly, the receiver of a method may declare (rather than
 		// use) type parameters, we don't care about those either.
 		// Thus, we only need to look at the input and result parameters.
-		return w.isParameterized(t.Params()) || w.isParameterized(t.Results())
+		return w.isParameterizedLocked(t.Params()) || w.isParameterizedLocked(t.Results())
 
 	case *types.Interface:
 		for i, n := 0, t.NumMethods(); i < n; i++ {
-			if w.isParameterized(t.Method(i).Type()) {
+			if w.isParameterizedLocked(t.Method(i).Type()) {
 				return true
 			}
 		}
@@ -79,16 +93,16 @@ func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
 			panic(err)
 		}
 		for _, term := range terms {
-			if w.isParameterized(term.Type()) {
+			if w.isParameterizedLocked(term.Type()) {
 				return true
 			}
 		}
 
 	case *types.Map:
-		return w.isParameterized(t.Key()) || w.isParameterized(t.Elem())
+		return w.isParameterizedLocked(t.Key()) || w.isParameterizedLocked(t.Elem())
 
 	case *types.Chan:
-		return w.isParameterized(t.Elem())
+		return w.isParameterizedLocked(t.Elem())
 
 	case *types.Named:
 		args := typeparams.NamedTypeArgs(t)
@@ -97,11 +111,11 @@ func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
 			return true
 		}
 		for i, n := 0, args.Len(); i < n; i++ {
-			if w.isParameterized(args.At(i)) {
+			if w.isParameterizedLocked(args.At(i)) {
 				return true
 			}
 		}
-		return w.isParameterized(t.Underlying()) // recurse for types local to parameterized functions
+		return w.isParameterizedLocked(t.Underlying()) // recurse for types local to parameterized functions
 
 	case *typeparams.TypeParam:
 		return true
@@ -113,9 +127,13 @@ func (w *tpWalker) isParameterized(typ types.Type) (res bool) {
 	return false
 }
 
+// anyParameterized reports whether any element of ts is parameterized.
+// Thread-safe.
 func (w *tpWalker) anyParameterized(ts []types.Type) bool {
+	w.mu.Lock()
+	defer w.mu.Unlock()
 	for _, t := range ts {
-		if w.isParameterized(t) {
+		if w.isParameterizedLocked(t) {
 			return true
 		}
 	}
diff --git a/vendor/golang.org/x/tools/go/ssa/sanity.go b/vendor/golang.org/x/tools/go/ssa/sanity.go
index 886be0532..28ec131f8 100644
--- a/vendor/golang.org/x/tools/go/ssa/sanity.go
+++ b/vendor/golang.org/x/tools/go/ssa/sanity.go
@@ -422,7 +422,8 @@ func (s *sanity) checkFunction(fn *Function) bool {
 	// shared across packages, or duplicated as weak symbols in a
 	// separate-compilation model), and error.Error.
 	if fn.Pkg == nil {
-		if strings.HasPrefix(fn.Synthetic, "wrapper ") ||
+		if strings.HasPrefix(fn.Synthetic, "from type information (on demand)") ||
+			strings.HasPrefix(fn.Synthetic, "wrapper ") ||
 			strings.HasPrefix(fn.Synthetic, "bound ") ||
 			strings.HasPrefix(fn.Synthetic, "thunk ") ||
 			strings.HasSuffix(fn.name, "Error") ||
diff --git a/vendor/golang.org/x/tools/go/ssa/source.go b/vendor/golang.org/x/tools/go/ssa/source.go
index 9c900e3aa..6700305bd 100644
--- a/vendor/golang.org/x/tools/go/ssa/source.go
+++ b/vendor/golang.org/x/tools/go/ssa/source.go
@@ -172,16 +172,19 @@ func (f *Function) ValueForExpr(e ast.Expr) (value Value, isAddr bool) {
 // --- Lookup functions for source-level named entities (types.Objects) ---
 
 // Package returns the SSA Package corresponding to the specified
-// type-checker package object.
-// It returns nil if no such SSA package has been created.
-func (prog *Program) Package(obj *types.Package) *Package {
-	return prog.packages[obj]
+// type-checker package. It returns nil if no such Package was
+// created by a prior call to prog.CreatePackage.
+func (prog *Program) Package(pkg *types.Package) *Package {
+	return prog.packages[pkg]
 }
 
-// packageLevelMember returns the package-level member corresponding to
-// the specified named object, which may be a package-level const
-// (*NamedConst), var (*Global) or func (*Function) of some package in
-// prog.  It returns nil if the object is not found.
+// packageLevelMember returns the package-level member corresponding
+// to the specified symbol, which may be a package-level const
+// (*NamedConst), var (*Global) or func/method (*Function) of some
+// package in prog.
+//
+// It returns nil if the object belongs to a package that has not been
+// created by prog.CreatePackage.
 func (prog *Program) packageLevelMember(obj types.Object) Member {
 	if pkg, ok := prog.packages[obj.Pkg()]; ok {
 		return pkg.objects[obj]
@@ -189,24 +192,16 @@ func (prog *Program) packageLevelMember(obj types.Object) Member {
 	return nil
 }
 
-// originFunc returns the package-level generic function that is the
-// origin of obj. If returns nil if the generic function is not found.
-func (prog *Program) originFunc(obj *types.Func) *Function {
-	return prog.declaredFunc(typeparams.OriginMethod(obj))
-}
-
-// FuncValue returns the concrete Function denoted by the source-level
-// named function obj, or nil if obj denotes an interface method.
-//
-// TODO(adonovan): check the invariant that obj.Type() matches the
-// result's Signature, both in the params/results and in the receiver.
+// FuncValue returns the SSA function or (non-interface) method
+// denoted by the specified func symbol. It returns nil id the symbol
+// denotes an interface method, or belongs to a package that was not
+// created by prog.CreatePackage.
 func (prog *Program) FuncValue(obj *types.Func) *Function {
 	fn, _ := prog.packageLevelMember(obj).(*Function)
 	return fn
 }
 
-// ConstValue returns the SSA Value denoted by the source-level named
-// constant obj.
+// ConstValue returns the SSA constant denoted by the specified const symbol.
 func (prog *Program) ConstValue(obj *types.Const) *Const {
 	// TODO(adonovan): opt: share (don't reallocate)
 	// Consts for const objects and constant ast.Exprs.
@@ -223,7 +218,7 @@ func (prog *Program) ConstValue(obj *types.Const) *Const {
 }
 
 // VarValue returns the SSA Value that corresponds to a specific
-// identifier denoting the source-level named variable obj.
+// identifier denoting the specified var symbol.
 //
 // VarValue returns nil if a local variable was not found, perhaps
 // because its package was not built, the debug information was not
diff --git a/vendor/golang.org/x/tools/go/ssa/ssa.go b/vendor/golang.org/x/tools/go/ssa/ssa.go
index bd42f2e0a..58a641a1f 100644
--- a/vendor/golang.org/x/tools/go/ssa/ssa.go
+++ b/vendor/golang.org/x/tools/go/ssa/ssa.go
@@ -23,20 +23,25 @@ import (
 type Program struct {
 	Fset       *token.FileSet              // position information for the files of this Program
 	imported   map[string]*Package         // all importable Packages, keyed by import path
-	packages   map[*types.Package]*Package // all loaded Packages, keyed by object
+	packages   map[*types.Package]*Package // all created Packages
 	mode       BuilderMode                 // set of mode bits for SSA construction
 	MethodSets typeutil.MethodSetCache     // cache of type-checker's method-sets
 
 	canon *canonizer          // type canonicalization map
 	ctxt  *typeparams.Context // cache for type checking instantiations
 
-	methodsMu     sync.Mutex                 // guards the following maps:
-	methodSets    typeutil.Map               // maps type to its concrete methodSet
-	runtimeTypes  typeutil.Map               // types for which rtypes are needed
-	bounds        map[boundsKey]*Function    // bounds for curried x.Method closures
-	thunks        map[selectionKey]*Function // thunks for T.Method expressions
-	instances     map[*Function]*instanceSet // instances of generic functions
-	parameterized tpWalker                   // determines whether a type reaches a type parameter.
+	methodsMu  sync.Mutex
+	methodSets typeutil.Map // maps type to its concrete *methodSet
+
+	parameterized tpWalker // memoization of whether a type refers to type parameters
+
+	runtimeTypesMu sync.Mutex
+	runtimeTypes   typeutil.Map // set of runtime types (from MakeInterface)
+
+	// objectMethods is a memoization of objectMethod
+	// to avoid creation of duplicate methods from type information.
+	objectMethodsMu sync.Mutex
+	objectMethods   map[*types.Func]*Function
 }
 
 // A Package is a single analyzed Go package containing Members for
@@ -51,17 +56,19 @@ type Package struct {
 	Prog    *Program                // the owning program
 	Pkg     *types.Package          // the corresponding go/types.Package
 	Members map[string]Member       // all package members keyed by name (incl. init and init#%d)
-	objects map[types.Object]Member // mapping of package objects to members (incl. methods). Contains *NamedConst, *Global, *Function.
+	objects map[types.Object]Member // mapping of package objects to members (incl. methods). Contains *NamedConst, *Global, *Function (values but not types)
 	init    *Function               // Func("init"); the package's init function
 	debug   bool                    // include full debug info in this package
+	syntax  bool                    // package was loaded from syntax
 
 	// The following fields are set transiently, then cleared
 	// after building.
-	buildOnce sync.Once   // ensures package building occurs once
-	ninit     int32       // number of init functions
-	info      *types.Info // package type information
-	files     []*ast.File // package ASTs
-	created   creator     // members created as a result of building this package (includes declared functions, wrappers)
+	buildOnce   sync.Once           // ensures package building occurs once
+	ninit       int32               // number of init functions
+	info        *types.Info         // package type information
+	files       []*ast.File         // package ASTs
+	created     creator             // members created as a result of building this package (includes declared functions, wrappers)
+	initVersion map[ast.Expr]string // goversion to use for each global var init expr
 }
 
 // A Member is a member of a Go package, implemented by *NamedConst,
@@ -296,8 +303,8 @@ type Node interface {
 //
 // A generic function is a function or method that has uninstantiated type
 // parameters (TypeParams() != nil). Consider a hypothetical generic
-// method, (*Map[K,V]).Get. It may be instantiated with all ground
-// (non-parameterized) types as (*Map[string,int]).Get or with
+// method, (*Map[K,V]).Get. It may be instantiated with all
+// non-parameterized types as (*Map[string,int]).Get or with
 // parameterized types as (*Map[string,U]).Get, where U is a type parameter.
 // In both instantiations, Origin() refers to the instantiated generic
 // method, (*Map[K,V]).Get, TypeParams() refers to the parameters [K,V] of
@@ -305,39 +312,45 @@ type Node interface {
 // respectively, and is nil in the generic method.
 type Function struct {
 	name      string
-	object    types.Object // a declared *types.Func or one of its wrappers
-	method    *selection   // info about provenance of synthetic methods; thunk => non-nil
+	object    *types.Func // symbol for declared function (nil for FuncLit or synthetic init)
+	method    *selection  // info about provenance of synthetic methods; thunk => non-nil
 	Signature *types.Signature
 	pos       token.Pos
 
-	Synthetic string        // provenance of synthetic function; "" for true source functions
-	syntax    ast.Node      // *ast.Func{Decl,Lit}; replaced with simple ast.Node after build, unless debug mode
-	parent    *Function     // enclosing function if anon; nil if global
-	Pkg       *Package      // enclosing package; nil for shared funcs (wrappers and error.Error)
-	Prog      *Program      // enclosing program
+	// source information
+	Synthetic string      // provenance of synthetic function; "" for true source functions
+	syntax    ast.Node    // *ast.Func{Decl,Lit}, if from syntax (incl. generic instances)
+	info      *types.Info // type annotations (iff syntax != nil)
+	goversion string      // Go version of syntax (NB: init is special)
+
+	build  buildFunc // algorithm to build function body (nil => built)
+	parent *Function // enclosing function if anon; nil if global
+	Pkg    *Package  // enclosing package; nil for shared funcs (wrappers and error.Error)
+	Prog   *Program  // enclosing program
+
+	// These fields are populated only when the function body is built:
+
 	Params    []*Parameter  // function parameters; for methods, includes receiver
 	FreeVars  []*FreeVar    // free variables whose values must be supplied by closure
-	Locals    []*Alloc      // local variables of this function
+	Locals    []*Alloc      // frame-allocated variables of this function
 	Blocks    []*BasicBlock // basic blocks of the function; nil => external
 	Recover   *BasicBlock   // optional; control transfers here after recovered panic
 	AnonFuncs []*Function   // anonymous functions directly beneath this one
 	referrers []Instruction // referring instructions (iff Parent() != nil)
-	built     bool          // function has completed both CREATE and BUILD phase.
 	anonIdx   int32         // position of a nested function in parent's AnonFuncs. fn.Parent()!=nil => fn.Parent().AnonFunc[fn.anonIdx] == fn.
 
 	typeparams     *typeparams.TypeParamList // type parameters of this function. typeparams.Len() > 0 => generic or instance of generic function
 	typeargs       []types.Type              // type arguments that instantiated typeparams. len(typeargs) > 0 => instance of generic function
 	topLevelOrigin *Function                 // the origin function if this is an instance of a source function. nil if Parent()!=nil.
+	generic        *generic                  // instances of this function, if generic
 
-	// The following fields are set transiently during building,
-	// then cleared.
+	// The following fields are cleared after building.
 	currentBlock *BasicBlock              // where to emit code
-	objects      map[types.Object]Value   // addresses of local variables
+	vars         map[*types.Var]Value     // addresses of local variables
 	namedResults []*Alloc                 // tuple of named results
 	targets      *targets                 // linked stack of branch targets
-	lblocks      map[types.Object]*lblock // labelled blocks
-	info         *types.Info              // *types.Info to build from. nil for wrappers.
-	subst        *subster                 // non-nil => expand generic body using this type substitution of ground types
+	lblocks      map[*types.Label]*lblock // labelled blocks
+	subst        *subster                 // type parameter substitutions (if non-nil)
 }
 
 // BasicBlock represents an SSA basic block.
@@ -402,9 +415,8 @@ type FreeVar struct {
 // A Parameter represents an input parameter of a function.
 type Parameter struct {
 	name      string
-	object    types.Object // a *types.Var; nil for non-source locals
+	object    *types.Var // non-nil
 	typ       types.Type
-	pos       token.Pos
 	parent    *Function
 	referrers []Instruction
 }
@@ -482,15 +494,12 @@ type Builtin struct {
 // type of the allocated variable is actually
 // Type().Underlying().(*types.Pointer).Elem().
 //
-// If Heap is false, Alloc allocates space in the function's
-// activation record (frame); we refer to an Alloc(Heap=false) as a
-// "local" alloc.  Each local Alloc returns the same address each time
-// it is executed within the same activation; the space is
-// re-initialized to zero.
+// If Heap is false, Alloc zero-initializes the same local variable in
+// the call frame and returns its address; in this case the Alloc must
+// be present in Function.Locals. We call this a "local" alloc.
 //
-// If Heap is true, Alloc allocates space in the heap; we
-// refer to an Alloc(Heap=true) as a "new" alloc.  Each new Alloc
-// returns a different address each time it is executed.
+// If Heap is true, Alloc allocates a new zero-initialized variable
+// each time the instruction is executed. We call this a "new" alloc.
 //
 // When Alloc is applied to a channel, map or slice type, it returns
 // the address of an uninitialized (nil) reference of that kind; store
@@ -1068,11 +1077,12 @@ type Next struct {
 // Type() reflects the actual type of the result, possibly a
 // 2-types.Tuple; AssertedType is the asserted type.
 //
-// Pos() returns the ast.CallExpr.Lparen if the instruction arose from
-// an explicit T(e) conversion; the ast.TypeAssertExpr.Lparen if the
-// instruction arose from an explicit e.(T) operation; or the
-// ast.CaseClause.Case if the instruction arose from a case of a
-// type-switch statement.
+// Depending on the TypeAssert's purpose, Pos may return:
+//   - the ast.CallExpr.Lparen of an explicit T(e) conversion;
+//   - the ast.TypeAssertExpr.Lparen of an explicit e.(T) operation;
+//   - the ast.CaseClause.Case of a case of a type-switch statement;
+//   - the Ident(m).NamePos of an interface method value i.m
+//     (for which TypeAssert may be used to effect the nil check).
 //
 // Example printed form:
 //
@@ -1390,7 +1400,7 @@ type anInstruction struct {
 // represents a dynamically dispatched call to an interface method.
 // In this mode, Value is the interface value and Method is the
 // interface's abstract method. The interface value may be a type
-// parameter. Note: an abstract method may be shared by multiple
+// parameter. Note: an interface method may be shared by multiple
 // interfaces due to embedding; Value.Type() provides the specific
 // interface used for this call.
 //
@@ -1408,7 +1418,7 @@ type anInstruction struct {
 // the last element of Args is a slice.
 type CallCommon struct {
 	Value  Value       // receiver (invoke mode) or func value (call mode)
-	Method *types.Func // abstract method (invoke mode)
+	Method *types.Func // interface method (invoke mode)
 	Args   []Value     // actual parameters (in static method call, includes receiver)
 	pos    token.Pos   // position of CallExpr.Lparen, iff explicit in source
 }
@@ -1507,14 +1517,19 @@ func (v *Global) String() string                       { return v.RelString(nil)
 func (v *Global) Package() *Package                    { return v.Pkg }
 func (v *Global) RelString(from *types.Package) string { return relString(v, from) }
 
-func (v *Function) Name() string         { return v.name }
-func (v *Function) Type() types.Type     { return v.Signature }
-func (v *Function) Pos() token.Pos       { return v.pos }
-func (v *Function) Token() token.Token   { return token.FUNC }
-func (v *Function) Object() types.Object { return v.object }
-func (v *Function) String() string       { return v.RelString(nil) }
-func (v *Function) Package() *Package    { return v.Pkg }
-func (v *Function) Parent() *Function    { return v.parent }
+func (v *Function) Name() string       { return v.name }
+func (v *Function) Type() types.Type   { return v.Signature }
+func (v *Function) Pos() token.Pos     { return v.pos }
+func (v *Function) Token() token.Token { return token.FUNC }
+func (v *Function) Object() types.Object {
+	if v.object != nil {
+		return types.Object(v.object)
+	}
+	return nil
+}
+func (v *Function) String() string    { return v.RelString(nil) }
+func (v *Function) Package() *Package { return v.Pkg }
+func (v *Function) Parent() *Function { return v.parent }
 func (v *Function) Referrers() *[]Instruction {
 	if v.parent != nil {
 		return &v.referrers
@@ -1562,7 +1577,7 @@ func (v *Parameter) Type() types.Type          { return v.typ }
 func (v *Parameter) Name() string              { return v.name }
 func (v *Parameter) Object() types.Object      { return v.object }
 func (v *Parameter) Referrers() *[]Instruction { return &v.referrers }
-func (v *Parameter) Pos() token.Pos            { return v.pos }
+func (v *Parameter) Pos() token.Pos            { return v.object.Pos() }
 func (v *Parameter) Parent() *Function         { return v.parent }
 
 func (v *Alloc) Type() types.Type          { return v.typ }
diff --git a/vendor/golang.org/x/tools/go/ssa/ssautil/load.go b/vendor/golang.org/x/tools/go/ssa/ssautil/load.go
index 96d69a20a..fb62c2bd4 100644
--- a/vendor/golang.org/x/tools/go/ssa/ssautil/load.go
+++ b/vendor/golang.org/x/tools/go/ssa/ssautil/load.go
@@ -15,6 +15,7 @@ import (
 	"golang.org/x/tools/go/packages"
 	"golang.org/x/tools/go/ssa"
 	"golang.org/x/tools/internal/typeparams"
+	"golang.org/x/tools/internal/versions"
 )
 
 // Packages creates an SSA program for a set of packages.
@@ -35,6 +36,24 @@ import (
 //
 // The mode parameter controls diagnostics and checking during SSA construction.
 func Packages(initial []*packages.Package, mode ssa.BuilderMode) (*ssa.Program, []*ssa.Package) {
+	// TODO(adonovan): opt: this calls CreatePackage far more than
+	// necessary: for all dependencies, not just the (non-initial)
+	// direct dependencies of the initial packages.
+	//
+	// But can it reasonably be changed without breaking the
+	// spirit and/or letter of the law above? Clients may notice
+	// if we call CreatePackage less, as methods like
+	// Program.FuncValue will return nil. Or must we provide a new
+	// function (and perhaps deprecate this one)? Is it worth it?
+	//
+	// Tim King makes the interesting point that it would be
+	// possible to entirely alleviate the client from the burden
+	// of calling CreatePackage for non-syntax packages, if we
+	// were to treat vars and funcs lazily in the same way we now
+	// treat methods. (In essence, try to move away from the
+	// notion of ssa.Packages, and make the Program answer
+	// all reasonable questions about any types.Object.)
+
 	return doPackages(initial, mode, false)
 }
 
@@ -147,6 +166,7 @@ func BuildPackage(tc *types.Config, fset *token.FileSet, pkg *types.Package, fil
 		Selections: make(map[*ast.SelectorExpr]*types.Selection),
 	}
 	typeparams.InitInstanceInfo(info)
+	versions.InitFileVersions(info)
 	if err := types.NewChecker(tc, fset, pkg, info).Files(files); err != nil {
 		return nil, nil, err
 	}
@@ -168,6 +188,25 @@ func BuildPackage(tc *types.Config, fset *token.FileSet, pkg *types.Package, fil
 	}
 	createAll(pkg.Imports())
 
+	// TODO(adonovan): we could replace createAll with just:
+	//
+	// // Create SSA packages for all imports.
+	// for _, p := range pkg.Imports() {
+	// 	prog.CreatePackage(p, nil, nil, true)
+	// }
+	//
+	// (with minor changes to changes to ../builder_test.go as
+	// shown in CL 511715 PS 10.) But this would strictly violate
+	// the letter of the doc comment above, which says "all
+	// dependencies created".
+	//
+	// Tim makes the good point with some extra work we could
+	// remove the need for any CreatePackage calls except the
+	// ones with syntax (i.e. primary packages). Of course
+	// You wouldn't have ssa.Packages and Members for as
+	// many things but no-one really uses that anyway.
+	// I wish I had done this from the outset.
+
 	// Create and build the primary package.
 	ssapkg := prog.CreatePackage(pkg, files, info, false)
 	ssapkg.Build()
diff --git a/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go b/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go
index 5f27050b0..3cdd34622 100644
--- a/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go
+++ b/vendor/golang.org/x/tools/go/ssa/ssautil/visit.go
@@ -4,7 +4,15 @@
 
 package ssautil // import "golang.org/x/tools/go/ssa/ssautil"
 
-import "golang.org/x/tools/go/ssa"
+import (
+	"go/ast"
+	"go/types"
+
+	"golang.org/x/tools/go/ssa"
+	"golang.org/x/tools/internal/typeparams"
+
+	_ "unsafe" // for linkname hack
+)
 
 // This file defines utilities for visiting the SSA representation of
 // a Program.
@@ -18,50 +26,113 @@ import "golang.org/x/tools/go/ssa"
 // synthetic wrappers.
 //
 // Precondition: all packages are built.
+//
+// TODO(adonovan): this function is underspecified. It doesn't
+// actually work like a linker, which computes reachability from main
+// using something like go/callgraph/cha (without materializing the
+// call graph). In fact, it treats all public functions and all
+// methods of public non-parameterized types as roots, even though
+// they may be unreachable--but only in packages created from syntax.
+//
+// I think we should deprecate AllFunctions function in favor of two
+// clearly defined ones:
+//
+//  1. The first would efficiently compute CHA reachability from a set
+//     of main packages, making it suitable for a whole-program
+//     analysis context with InstantiateGenerics, in conjunction with
+//     Program.Build.
+//
+//  2. The second would return only the set of functions corresponding
+//     to source Func{Decl,Lit} syntax, like SrcFunctions in
+//     go/analysis/passes/buildssa; this is suitable for
+//     package-at-a-time (or handful of packages) context.
+//     ssa.Package could easily expose it as a field.
+//
+// We could add them unexported for now and use them via the linkname hack.
 func AllFunctions(prog *ssa.Program) map[*ssa.Function]bool {
-	visit := visitor{
-		prog: prog,
-		seen: make(map[*ssa.Function]bool),
+	seen := make(map[*ssa.Function]bool)
+
+	var function func(fn *ssa.Function)
+	function = func(fn *ssa.Function) {
+		if !seen[fn] {
+			seen[fn] = true
+			var buf [10]*ssa.Value // avoid alloc in common case
+			for _, b := range fn.Blocks {
+				for _, instr := range b.Instrs {
+					for _, op := range instr.Operands(buf[:0]) {
+						if fn, ok := (*op).(*ssa.Function); ok {
+							function(fn)
+						}
+					}
+				}
+			}
+		}
 	}
-	visit.program()
-	return visit.seen
-}
 
-type visitor struct {
-	prog *ssa.Program
-	seen map[*ssa.Function]bool
-}
+	// TODO(adonovan): opt: provide a way to share a builder
+	// across a sequence of MethodValue calls.
 
-func (visit *visitor) program() {
-	for _, pkg := range visit.prog.AllPackages() {
-		for _, mem := range pkg.Members {
-			if fn, ok := mem.(*ssa.Function); ok {
-				visit.function(fn)
+	methodsOf := func(T types.Type) {
+		if !types.IsInterface(T) {
+			mset := prog.MethodSets.MethodSet(T)
+			for i := 0; i < mset.Len(); i++ {
+				function(prog.MethodValue(mset.At(i)))
 			}
 		}
 	}
-	for _, T := range visit.prog.RuntimeTypes() {
-		mset := visit.prog.MethodSets.MethodSet(T)
-		for i, n := 0, mset.Len(); i < n; i++ {
-			visit.function(visit.prog.MethodValue(mset.At(i)))
+
+	// Historically, Program.RuntimeTypes used to include the type
+	// of any exported member of a package loaded from syntax that
+	// has a non-parameterized type, plus all types
+	// reachable from that type using reflection, even though
+	// these runtime types may not be required for them.
+	//
+	// Rather than break existing programs that rely on
+	// AllFunctions visiting extra methods that are unreferenced
+	// by IR and unreachable via reflection, we moved the logic
+	// here, unprincipled though it is.
+	// (See doc comment for better ideas.)
+	//
+	// Nonetheless, after the move, we no longer visit every
+	// method of any type recursively reachable from T, only the
+	// methods of T and *T themselves, and we only apply this to
+	// named types T, and not to the type of every exported
+	// package member.
+	exportedTypeHack := func(t *ssa.Type) {
+		if isSyntactic(t.Package()) &&
+			ast.IsExported(t.Name()) &&
+			!types.IsInterface(t.Type()) {
+			// Consider only named types.
+			// (Ignore aliases and unsafe.Pointer.)
+			if named, ok := t.Type().(*types.Named); ok {
+				if typeparams.ForNamed(named) == nil {
+					methodsOf(named)                   //  T
+					methodsOf(types.NewPointer(named)) // *T
+				}
+			}
 		}
 	}
-}
 
-func (visit *visitor) function(fn *ssa.Function) {
-	if !visit.seen[fn] {
-		visit.seen[fn] = true
-		var buf [10]*ssa.Value // avoid alloc in common case
-		for _, b := range fn.Blocks {
-			for _, instr := range b.Instrs {
-				for _, op := range instr.Operands(buf[:0]) {
-					if fn, ok := (*op).(*ssa.Function); ok {
-						visit.function(fn)
-					}
-				}
+	for _, pkg := range prog.AllPackages() {
+		for _, mem := range pkg.Members {
+			switch mem := mem.(type) {
+			case *ssa.Function:
+				// Visit all package-level declared functions.
+				function(mem)
+
+			case *ssa.Type:
+				exportedTypeHack(mem)
 			}
 		}
 	}
+
+	// Visit all methods of types for which runtime types were
+	// materialized, as they are reachable through reflection.
+	for _, T := range prog.RuntimeTypes() {
+		methodsOf(T)
+	}
+
+	return seen
 }
 
 // MainPackages returns the subset of the specified packages
@@ -76,3 +147,12 @@ func MainPackages(pkgs []*ssa.Package) []*ssa.Package {
 	}
 	return mains
 }
+
+// TODO(adonovan): propose a principled API for this. One possibility
+// is a new field, Package.SrcFunctions []*Function, which would
+// contain the list of SrcFunctions described in point 2 of the
+// AllFunctions doc comment, or nil if the package is not from syntax.
+// But perhaps overloading nil vs empty slice is too subtle.
+//
+//go:linkname isSyntactic golang.org/x/tools/go/ssa.isSyntactic
+func isSyntactic(pkg *ssa.Package) bool
diff --git a/vendor/golang.org/x/tools/go/ssa/util.go b/vendor/golang.org/x/tools/go/ssa/util.go
index 68cc971b3..63fbbc128 100644
--- a/vendor/golang.org/x/tools/go/ssa/util.go
+++ b/vendor/golang.org/x/tools/go/ssa/util.go
@@ -180,24 +180,6 @@ func makeLen(T types.Type) *Builtin {
 	}
 }
 
-// nonbasicTypes returns a list containing all of the types T in ts that are non-basic.
-func nonbasicTypes(ts []types.Type) []types.Type {
-	if len(ts) == 0 {
-		return nil
-	}
-	added := make(map[types.Type]bool) // additionally filter duplicates
-	var filtered []types.Type
-	for _, T := range ts {
-		if !isBasic(T) {
-			if !added[T] {
-				added[T] = true
-				filtered = append(filtered, T)
-			}
-		}
-	}
-	return filtered
-}
-
 // receiverTypeArgs returns the type arguments to a function's receiver.
 // Returns an empty list if obj does not have a receiver or its receiver does not have type arguments.
 func receiverTypeArgs(obj *types.Func) []types.Type {
@@ -384,3 +366,16 @@ func (canon *canonizer) instantiateMethod(m *types.Func, targs []types.Type, ctx
 	obj, _, _ := types.LookupFieldOrMethod(rep, true, m.Pkg(), m.Name())
 	return obj.(*types.Func)
 }
+
+// Exposed to ssautil using the linkname hack.
+func isSyntactic(pkg *Package) bool { return pkg.syntax }
+
+// mapValues returns a new unordered array of map values.
+func mapValues[K comparable, V any](m map[K]V) []V {
+	vals := make([]V, 0, len(m))
+	for _, fn := range m {
+		vals = append(vals, fn)
+	}
+	return vals
+
+}
diff --git a/vendor/golang.org/x/tools/go/ssa/wrappers.go b/vendor/golang.org/x/tools/go/ssa/wrappers.go
index 123ea6858..7c7ee4099 100644
--- a/vendor/golang.org/x/tools/go/ssa/wrappers.go
+++ b/vendor/golang.org/x/tools/go/ssa/wrappers.go
@@ -28,7 +28,7 @@ import (
 
 // -- wrappers -----------------------------------------------------------
 
-// makeWrapper returns a synthetic method that delegates to the
+// createWrapper returns a synthetic method that delegates to the
 // declared method denoted by meth.Obj(), first performing any
 // necessary pointer indirections or field selections implied by meth.
 //
@@ -40,21 +40,17 @@ import (
 //   - optional implicit field selections
 //   - meth.Obj() may denote a concrete or an interface method
 //   - the result may be a thunk or a wrapper.
-//
-// EXCLUSIVE_LOCKS_REQUIRED(prog.methodsMu)
-func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
+func createWrapper(prog *Program, sel *selection, cr *creator) *Function {
 	obj := sel.obj.(*types.Func)      // the declared function
 	sig := sel.typ.(*types.Signature) // type of this wrapper
 
 	var recv *types.Var // wrapper's receiver or thunk's params[0]
 	name := obj.Name()
 	var description string
-	var start int // first regular param
 	if sel.kind == types.MethodExpr {
 		name += "$thunk"
 		description = "thunk"
 		recv = sig.Params().At(0)
-		start = 1
 	} else {
 		description = "wrapper"
 		recv = sig.Recv()
@@ -62,8 +58,9 @@ func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
 
 	description = fmt.Sprintf("%s for %s", description, sel.obj)
 	if prog.mode&LogSource != 0 {
-		defer logStack("make %s to (%s)", description, recv.Type())()
+		defer logStack("create %s to (%s)", description, recv.Type())()
 	}
+	/* method wrapper */
 	fn := &Function{
 		name:      name,
 		method:    sel,
@@ -72,35 +69,53 @@ func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
 		Synthetic: description,
 		Prog:      prog,
 		pos:       obj.Pos(),
-		info:      nil, // info is not set on wrappers.
+		// wrappers have no syntax
+		build:     (*builder).buildWrapper,
+		syntax:    nil,
+		info:      nil,
+		goversion: "",
 	}
 	cr.Add(fn)
+	return fn
+}
+
+// buildWrapper builds fn.Body for a method wrapper.
+func (b *builder) buildWrapper(fn *Function) {
+	var recv *types.Var // wrapper's receiver or thunk's params[0]
+	var start int       // first regular param
+	if fn.method.kind == types.MethodExpr {
+		recv = fn.Signature.Params().At(0)
+		start = 1
+	} else {
+		recv = fn.Signature.Recv()
+	}
+
 	fn.startBody()
 	fn.addSpilledParam(recv)
 	createParams(fn, start)
 
-	indices := sel.index
+	indices := fn.method.index
 
 	var v Value = fn.Locals[0] // spilled receiver
-	srdt, ptrRecv := deptr(sel.recv)
+	srdt, ptrRecv := deptr(fn.method.recv)
 	if ptrRecv {
 		v = emitLoad(fn, v)
 
 		// For simple indirection wrappers, perform an informative nil-check:
 		// "value method (T).f called using nil *T pointer"
-		_, ptrObj := deptr(recvType(obj))
+		_, ptrObj := deptr(recvType(fn.object))
 		if len(indices) == 1 && !ptrObj {
 			var c Call
 			c.Call.Value = &Builtin{
 				name: "ssa:wrapnilchk",
 				sig: types.NewSignature(nil,
-					types.NewTuple(anonVar(sel.recv), anonVar(tString), anonVar(tString)),
-					types.NewTuple(anonVar(sel.recv)), false),
+					types.NewTuple(anonVar(fn.method.recv), anonVar(tString), anonVar(tString)),
+					types.NewTuple(anonVar(fn.method.recv)), false),
 			}
 			c.Call.Args = []Value{
 				v,
 				stringConst(srdt.String()),
-				stringConst(sel.obj.Name()),
+				stringConst(fn.method.obj.Name()),
 			}
 			c.setType(v.Type())
 			v = fn.emit(&c)
@@ -122,18 +137,14 @@ func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
 	// address of implicit  C field.
 
 	var c Call
-	if r := recvType(obj); !types.IsInterface(r) { // concrete method
+	if r := recvType(fn.object); !types.IsInterface(r) { // concrete method
 		if _, ptrObj := deptr(r); !ptrObj {
 			v = emitLoad(fn, v)
 		}
-		callee := prog.originFunc(obj)
-		if callee.typeparams.Len() > 0 {
-			callee = prog.lookupOrCreateInstance(callee, receiverTypeArgs(obj), cr)
-		}
-		c.Call.Value = callee
+		c.Call.Value = fn.Prog.objectMethod(fn.object, b.created)
 		c.Call.Args = append(c.Call.Args, v)
 	} else {
-		c.Call.Method = obj
+		c.Call.Method = fn.object
 		c.Call.Value = emitLoad(fn, v) // interface (possibly a typeparam)
 	}
 	for _, arg := range fn.Params[1:] {
@@ -141,8 +152,6 @@ func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
 	}
 	emitTailCall(fn, &c)
 	fn.finishBody()
-	fn.done()
-	return fn
 }
 
 // createParams creates parameters for wrapper method fn based on its
@@ -151,13 +160,13 @@ func makeWrapper(prog *Program, sel *selection, cr *creator) *Function {
 func createParams(fn *Function, start int) {
 	tparams := fn.Signature.Params()
 	for i, n := start, tparams.Len(); i < n; i++ {
-		fn.addParamObj(tparams.At(i))
+		fn.addParamVar(tparams.At(i))
 	}
 }
 
 // -- bounds -----------------------------------------------------------
 
-// makeBound returns a bound method wrapper (or "bound"), a synthetic
+// createBound returns a bound method wrapper (or "bound"), a synthetic
 // function that delegates to a concrete or interface method denoted
 // by obj.  The resulting function has no receiver, but has one free
 // variable which will be used as the method's receiver in the
@@ -176,66 +185,57 @@ func createParams(fn *Function, start int) {
 //
 //	f := func() { return t.meth() }
 //
-// Unlike makeWrapper, makeBound need perform no indirection or field
+// Unlike createWrapper, createBound need perform no indirection or field
 // selections because that can be done before the closure is
 // constructed.
-//
-// EXCLUSIVE_LOCKS_ACQUIRED(meth.Prog.methodsMu)
-func makeBound(prog *Program, obj *types.Func, cr *creator) *Function {
-	targs := receiverTypeArgs(obj)
-	key := boundsKey{obj, prog.canon.List(targs)}
-
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-	fn, ok := prog.bounds[key]
-	if !ok {
-		description := fmt.Sprintf("bound method wrapper for %s", obj)
-		if prog.mode&LogSource != 0 {
-			defer logStack("%s", description)()
-		}
-		fn = &Function{
-			name:      obj.Name() + "$bound",
-			object:    obj,
-			Signature: changeRecv(obj.Type().(*types.Signature), nil), // drop receiver
-			Synthetic: description,
-			Prog:      prog,
-			pos:       obj.Pos(),
-			info:      nil, // info is not set on wrappers.
-		}
-		cr.Add(fn)
-
-		fv := &FreeVar{name: "recv", typ: recvType(obj), parent: fn}
-		fn.FreeVars = []*FreeVar{fv}
-		fn.startBody()
-		createParams(fn, 0)
-		var c Call
-
-		if !types.IsInterface(recvType(obj)) { // concrete
-			callee := prog.originFunc(obj)
-			if callee.typeparams.Len() > 0 {
-				callee = prog.lookupOrCreateInstance(callee, targs, cr)
-			}
-			c.Call.Value = callee
-			c.Call.Args = []Value{fv}
-		} else {
-			c.Call.Method = obj
-			c.Call.Value = fv // interface (possibly a typeparam)
-		}
-		for _, arg := range fn.Params {
-			c.Call.Args = append(c.Call.Args, arg)
-		}
-		emitTailCall(fn, &c)
-		fn.finishBody()
-		fn.done()
-
-		prog.bounds[key] = fn
+func createBound(prog *Program, obj *types.Func, cr *creator) *Function {
+	description := fmt.Sprintf("bound method wrapper for %s", obj)
+	if prog.mode&LogSource != 0 {
+		defer logStack("%s", description)()
+	}
+	/* bound method wrapper */
+	fn := &Function{
+		name:      obj.Name() + "$bound",
+		object:    obj,
+		Signature: changeRecv(obj.Type().(*types.Signature), nil), // drop receiver
+		Synthetic: description,
+		Prog:      prog,
+		pos:       obj.Pos(),
+		// wrappers have no syntax
+		build:     (*builder).buildBound,
+		syntax:    nil,
+		info:      nil,
+		goversion: "",
 	}
+	fn.FreeVars = []*FreeVar{{name: "recv", typ: recvType(obj), parent: fn}} // (cyclic)
+	cr.Add(fn)
 	return fn
 }
 
+// buildBound builds fn.Body for a bound method closure.
+func (b *builder) buildBound(fn *Function) {
+	fn.startBody()
+	createParams(fn, 0)
+	var c Call
+
+	recv := fn.FreeVars[0]
+	if !types.IsInterface(recvType(fn.object)) { // concrete
+		c.Call.Value = fn.Prog.objectMethod(fn.object, b.created)
+		c.Call.Args = []Value{recv}
+	} else {
+		c.Call.Method = fn.object
+		c.Call.Value = recv // interface (possibly a typeparam)
+	}
+	for _, arg := range fn.Params {
+		c.Call.Args = append(c.Call.Args, arg)
+	}
+	emitTailCall(fn, &c)
+	fn.finishBody()
+}
+
 // -- thunks -----------------------------------------------------------
 
-// makeThunk returns a thunk, a synthetic function that delegates to a
+// createThunk returns a thunk, a synthetic function that delegates to a
 // concrete or interface method denoted by sel.obj.  The resulting
 // function has no receiver, but has an additional (first) regular
 // parameter.
@@ -251,38 +251,16 @@ func makeBound(prog *Program, obj *types.Func, cr *creator) *Function {
 // f is a synthetic wrapper defined as if by:
 //
 //	f := func(t T) { return t.meth() }
-//
-// TODO(adonovan): opt: currently the stub is created even when used
-// directly in a function call: C.f(i, 0).  This is less efficient
-// than inlining the stub.
-//
-// EXCLUSIVE_LOCKS_ACQUIRED(meth.Prog.methodsMu)
-func makeThunk(prog *Program, sel *selection, cr *creator) *Function {
+func createThunk(prog *Program, sel *selection, cr *creator) *Function {
 	if sel.kind != types.MethodExpr {
 		panic(sel)
 	}
 
-	// Canonicalize sel.recv to avoid constructing duplicate thunks.
-	canonRecv := prog.canon.Type(sel.recv)
-	key := selectionKey{
-		kind:     sel.kind,
-		recv:     canonRecv,
-		obj:      sel.obj,
-		index:    fmt.Sprint(sel.index),
-		indirect: sel.indirect,
+	fn := createWrapper(prog, sel, cr)
+	if fn.Signature.Recv() != nil {
+		panic(fn) // unexpected receiver
 	}
 
-	prog.methodsMu.Lock()
-	defer prog.methodsMu.Unlock()
-
-	fn, ok := prog.thunks[key]
-	if !ok {
-		fn = makeWrapper(prog, sel, cr)
-		if fn.Signature.Recv() != nil {
-			panic(fn) // unexpected receiver
-		}
-		prog.thunks[key] = fn
-	}
 	return fn
 }
 
@@ -290,21 +268,6 @@ func changeRecv(s *types.Signature, recv *types.Var) *types.Signature {
 	return types.NewSignature(recv, s.Params(), s.Results(), s.Variadic())
 }
 
-// selectionKey is like types.Selection but a usable map key.
-type selectionKey struct {
-	kind     types.SelectionKind
-	recv     types.Type // canonicalized via Program.canon
-	obj      types.Object
-	index    string
-	indirect bool
-}
-
-// boundsKey is a unique for the object and a type instantiation.
-type boundsKey struct {
-	obj  types.Object // t.meth
-	inst *typeList    // canonical type instantiation list.
-}
-
 // A local version of *types.Selection.
 // Needed for some additional control, such as creating a MethodExpr for an instantiation.
 type selection struct {
@@ -329,16 +292,16 @@ func toSelection(sel *types.Selection) *selection {
 
 // -- instantiations --------------------------------------------------
 
-// buildInstantiationWrapper creates a body for an instantiation
+// buildInstantiationWrapper builds the body of an instantiation
 // wrapper fn. The body calls the original generic function,
 // bracketed by ChangeType conversions on its arguments and results.
-func buildInstantiationWrapper(fn *Function) {
+func (b *builder) buildInstantiationWrapper(fn *Function) {
 	orig := fn.topLevelOrigin
 	sig := fn.Signature
 
 	fn.startBody()
 	if sig.Recv() != nil {
-		fn.addParamObj(sig.Recv())
+		fn.addParamVar(sig.Recv())
 	}
 	createParams(fn, 0)
 
diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
index c725d839b..e742ecc46 100644
--- a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
+++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
@@ -26,10 +26,8 @@ package objectpath
 import (
 	"fmt"
 	"go/types"
-	"sort"
 	"strconv"
 	"strings"
-	_ "unsafe"
 
 	"golang.org/x/tools/internal/typeparams"
 )
@@ -122,17 +120,7 @@ func For(obj types.Object) (Path, error) {
 // An Encoder amortizes the cost of encoding the paths of multiple objects.
 // The zero value of an Encoder is ready to use.
 type Encoder struct {
-	scopeMemo         map[*types.Scope][]types.Object // memoization of scopeObjects
-	namedMethodsMemo  map[*types.Named][]*types.Func  // memoization of namedMethods()
-	skipMethodSorting bool
-}
-
-// Exposed to gopls via golang.org/x/tools/internal/typesinternal
-// TODO(golang/go#61443): eliminate this parameter one way or the other.
-//
-//go:linkname skipMethodSorting
-func skipMethodSorting(enc *Encoder) {
-	enc.skipMethodSorting = true
+	scopeMemo map[*types.Scope][]types.Object // memoization of scopeObjects
 }
 
 // For returns the path to an object relative to its package,
@@ -324,31 +312,18 @@ func (enc *Encoder) For(obj types.Object) (Path, error) {
 		// Inspect declared methods of defined types.
 		if T, ok := o.Type().(*types.Named); ok {
 			path = append(path, opType)
-			if !enc.skipMethodSorting {
-				// Note that method index here is always with respect
-				// to canonical ordering of methods, regardless of how
-				// they appear in the underlying type.
-				for i, m := range enc.namedMethods(T) {
-					path2 := appendOpArg(path, opMethod, i)
-					if m == obj {
-						return Path(path2), nil // found declared method
-					}
-					if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
-						return Path(r), nil
-					}
+			// The method index here is always with respect
+			// to the underlying go/types data structures,
+			// which ultimately derives from source order
+			// and must be preserved by export data.
+			for i := 0; i < T.NumMethods(); i++ {
+				m := T.Method(i)
+				path2 := appendOpArg(path, opMethod, i)
+				if m == obj {
+					return Path(path2), nil // found declared method
 				}
-			} else {
-				// This branch must match the logic in the branch above, using go/types
-				// APIs without sorting.
-				for i := 0; i < T.NumMethods(); i++ {
-					m := T.Method(i)
-					path2 := appendOpArg(path, opMethod, i)
-					if m == obj {
-						return Path(path2), nil // found declared method
-					}
-					if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
-						return Path(r), nil
-					}
+				if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
+					return Path(r), nil
 				}
 			}
 		}
@@ -444,22 +419,13 @@ func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) {
 	path = append(path, name...)
 	path = append(path, opType)
 
-	if !enc.skipMethodSorting {
-		for i, m := range enc.namedMethods(named) {
-			if m == meth {
-				path = appendOpArg(path, opMethod, i)
-				return Path(path), true
-			}
-		}
-	} else {
-		// This branch must match the logic of the branch above, using go/types
-		// APIs without sorting.
-		for i := 0; i < named.NumMethods(); i++ {
-			m := named.Method(i)
-			if m == meth {
-				path = appendOpArg(path, opMethod, i)
-				return Path(path), true
-			}
+	// Method indices are w.r.t. the go/types data structures,
+	// ultimately deriving from source order,
+	// which is preserved by export data.
+	for i := 0; i < named.NumMethods(); i++ {
+		if named.Method(i) == meth {
+			path = appendOpArg(path, opMethod, i)
+			return Path(path), true
 		}
 	}
 
@@ -572,17 +538,11 @@ func findTypeParam(obj types.Object, list *typeparams.TypeParamList, path []byte
 
 // Object returns the object denoted by path p within the package pkg.
 func Object(pkg *types.Package, p Path) (types.Object, error) {
-	return object(pkg, p, false)
-}
-
-// Note: the skipMethodSorting parameter must match the value of
-// Encoder.skipMethodSorting used during encoding.
-func object(pkg *types.Package, p Path, skipMethodSorting bool) (types.Object, error) {
-	if p == "" {
+	pathstr := string(p)
+	if pathstr == "" {
 		return nil, fmt.Errorf("empty path")
 	}
 
-	pathstr := string(p)
 	var pkgobj, suffix string
 	if dot := strings.IndexByte(pathstr, opType); dot < 0 {
 		pkgobj = pathstr
@@ -744,12 +704,7 @@ func object(pkg *types.Package, p Path, skipMethodSorting bool) (types.Object, e
 				if index >= t.NumMethods() {
 					return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods())
 				}
-				if skipMethodSorting {
-					obj = t.Method(index)
-				} else {
-					methods := namedMethods(t) // (unmemoized)
-					obj = methods[index]       // Id-ordered
-				}
+				obj = t.Method(index)
 
 			default:
 				return nil, fmt.Errorf("cannot apply %q to %s (got %T, want interface or named)", code, t, t)
@@ -776,33 +731,6 @@ func object(pkg *types.Package, p Path, skipMethodSorting bool) (types.Object, e
 	return obj, nil // success
 }
 
-// namedMethods returns the methods of a Named type in ascending Id order.
-func namedMethods(named *types.Named) []*types.Func {
-	methods := make([]*types.Func, named.NumMethods())
-	for i := range methods {
-		methods[i] = named.Method(i)
-	}
-	sort.Slice(methods, func(i, j int) bool {
-		return methods[i].Id() < methods[j].Id()
-	})
-	return methods
-}
-
-// namedMethods is a memoization of the namedMethods function. Callers must not modify the result.
-func (enc *Encoder) namedMethods(named *types.Named) []*types.Func {
-	m := enc.namedMethodsMemo
-	if m == nil {
-		m = make(map[*types.Named][]*types.Func)
-		enc.namedMethodsMemo = m
-	}
-	methods, ok := m[named]
-	if !ok {
-		methods = namedMethods(named) // allocates and sorts
-		m[named] = methods
-	}
-	return methods
-}
-
 // scopeObjects is a memoization of scope objects.
 // Callers must not modify the result.
 func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object {
diff --git a/vendor/golang.org/x/tools/imports/forward.go b/vendor/golang.org/x/tools/imports/forward.go
index d2547c743..cb6db8893 100644
--- a/vendor/golang.org/x/tools/imports/forward.go
+++ b/vendor/golang.org/x/tools/imports/forward.go
@@ -7,8 +7,8 @@
 package imports // import "golang.org/x/tools/imports"
 
 import (
-	"io/ioutil"
 	"log"
+	"os"
 
 	"golang.org/x/tools/internal/gocommand"
 	intimp "golang.org/x/tools/internal/imports"
@@ -44,7 +44,7 @@ var LocalPrefix string
 func Process(filename string, src []byte, opt *Options) ([]byte, error) {
 	var err error
 	if src == nil {
-		src, err = ioutil.ReadFile(filename)
+		src, err = os.ReadFile(filename)
 		if err != nil {
 			return nil, err
 		}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
deleted file mode 100644
index c40c7e931..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
+++ /dev/null
@@ -1,196 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package fastwalk provides a faster version of [filepath.Walk] for file system
-// scanning tools.
-package fastwalk
-
-import (
-	"errors"
-	"os"
-	"path/filepath"
-	"runtime"
-	"sync"
-)
-
-// ErrTraverseLink is used as a return value from WalkFuncs to indicate that the
-// symlink named in the call may be traversed.
-var ErrTraverseLink = errors.New("fastwalk: traverse symlink, assuming target is a directory")
-
-// ErrSkipFiles is a used as a return value from WalkFuncs to indicate that the
-// callback should not be called for any other files in the current directory.
-// Child directories will still be traversed.
-var ErrSkipFiles = errors.New("fastwalk: skip remaining files in directory")
-
-// Walk is a faster implementation of [filepath.Walk].
-//
-// [filepath.Walk]'s design necessarily calls [os.Lstat] on each file,
-// even if the caller needs less info.
-// Many tools need only the type of each file.
-// On some platforms, this information is provided directly by the readdir
-// system call, avoiding the need to stat each file individually.
-// fastwalk_unix.go contains a fork of the syscall routines.
-//
-// See golang.org/issue/16399.
-//
-// Walk walks the file tree rooted at root, calling walkFn for
-// each file or directory in the tree, including root.
-//
-// If Walk returns [filepath.SkipDir], the directory is skipped.
-//
-// Unlike [filepath.Walk]:
-//   - file stat calls must be done by the user.
-//     The only provided metadata is the file type, which does not include
-//     any permission bits.
-//   - multiple goroutines stat the filesystem concurrently. The provided
-//     walkFn must be safe for concurrent use.
-//   - Walk can follow symlinks if walkFn returns the TraverseLink
-//     sentinel error. It is the walkFn's responsibility to prevent
-//     Walk from going into symlink cycles.
-func Walk(root string, walkFn func(path string, typ os.FileMode) error) error {
-	// TODO(bradfitz): make numWorkers configurable? We used a
-	// minimum of 4 to give the kernel more info about multiple
-	// things we want, in hopes its I/O scheduling can take
-	// advantage of that. Hopefully most are in cache. Maybe 4 is
-	// even too low of a minimum. Profile more.
-	numWorkers := 4
-	if n := runtime.NumCPU(); n > numWorkers {
-		numWorkers = n
-	}
-
-	// Make sure to wait for all workers to finish, otherwise
-	// walkFn could still be called after returning. This Wait call
-	// runs after close(e.donec) below.
-	var wg sync.WaitGroup
-	defer wg.Wait()
-
-	w := &walker{
-		fn:       walkFn,
-		enqueuec: make(chan walkItem, numWorkers), // buffered for performance
-		workc:    make(chan walkItem, numWorkers), // buffered for performance
-		donec:    make(chan struct{}),
-
-		// buffered for correctness & not leaking goroutines:
-		resc: make(chan error, numWorkers),
-	}
-	defer close(w.donec)
-
-	for i := 0; i < numWorkers; i++ {
-		wg.Add(1)
-		go w.doWork(&wg)
-	}
-	todo := []walkItem{{dir: root}}
-	out := 0
-	for {
-		workc := w.workc
-		var workItem walkItem
-		if len(todo) == 0 {
-			workc = nil
-		} else {
-			workItem = todo[len(todo)-1]
-		}
-		select {
-		case workc <- workItem:
-			todo = todo[:len(todo)-1]
-			out++
-		case it := <-w.enqueuec:
-			todo = append(todo, it)
-		case err := <-w.resc:
-			out--
-			if err != nil {
-				return err
-			}
-			if out == 0 && len(todo) == 0 {
-				// It's safe to quit here, as long as the buffered
-				// enqueue channel isn't also readable, which might
-				// happen if the worker sends both another unit of
-				// work and its result before the other select was
-				// scheduled and both w.resc and w.enqueuec were
-				// readable.
-				select {
-				case it := <-w.enqueuec:
-					todo = append(todo, it)
-				default:
-					return nil
-				}
-			}
-		}
-	}
-}
-
-// doWork reads directories as instructed (via workc) and runs the
-// user's callback function.
-func (w *walker) doWork(wg *sync.WaitGroup) {
-	defer wg.Done()
-	for {
-		select {
-		case <-w.donec:
-			return
-		case it := <-w.workc:
-			select {
-			case <-w.donec:
-				return
-			case w.resc <- w.walk(it.dir, !it.callbackDone):
-			}
-		}
-	}
-}
-
-type walker struct {
-	fn func(path string, typ os.FileMode) error
-
-	donec    chan struct{} // closed on fastWalk's return
-	workc    chan walkItem // to workers
-	enqueuec chan walkItem // from workers
-	resc     chan error    // from workers
-}
-
-type walkItem struct {
-	dir          string
-	callbackDone bool // callback already called; don't do it again
-}
-
-func (w *walker) enqueue(it walkItem) {
-	select {
-	case w.enqueuec <- it:
-	case <-w.donec:
-	}
-}
-
-func (w *walker) onDirEnt(dirName, baseName string, typ os.FileMode) error {
-	joined := dirName + string(os.PathSeparator) + baseName
-	if typ == os.ModeDir {
-		w.enqueue(walkItem{dir: joined})
-		return nil
-	}
-
-	err := w.fn(joined, typ)
-	if typ == os.ModeSymlink {
-		if err == ErrTraverseLink {
-			// Set callbackDone so we don't call it twice for both the
-			// symlink-as-symlink and the symlink-as-directory later:
-			w.enqueue(walkItem{dir: joined, callbackDone: true})
-			return nil
-		}
-		if err == filepath.SkipDir {
-			// Permit SkipDir on symlinks too.
-			return nil
-		}
-	}
-	return err
-}
-
-func (w *walker) walk(root string, runUserCallback bool) error {
-	if runUserCallback {
-		err := w.fn(root, os.ModeDir)
-		if err == filepath.SkipDir {
-			return nil
-		}
-		if err != nil {
-			return err
-		}
-	}
-
-	return readDir(root, w.onDirEnt)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
deleted file mode 100644
index 0ca55e0d5..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_darwin.go
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2022 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build darwin && cgo
-// +build darwin,cgo
-
-package fastwalk
-
-/*
-#include <dirent.h>
-
-// fastwalk_readdir_r wraps readdir_r so that we don't have to pass a dirent**
-// result pointer which triggers CGO's "Go pointer to Go pointer" check unless
-// we allocat the result dirent* with malloc.
-//
-// fastwalk_readdir_r returns 0 on success, -1 upon reaching the end of the
-// directory, or a positive error number to indicate failure.
-static int fastwalk_readdir_r(DIR *fd, struct dirent *entry) {
-	struct dirent *result;
-	int ret = readdir_r(fd, entry, &result);
-	if (ret == 0 && result == NULL) {
-		ret = -1; // EOF
-	}
-	return ret;
-}
-*/
-import "C"
-
-import (
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fd, err := openDir(dirName)
-	if err != nil {
-		return &os.PathError{Op: "opendir", Path: dirName, Err: err}
-	}
-	defer C.closedir(fd)
-
-	skipFiles := false
-	var dirent syscall.Dirent
-	for {
-		ret := int(C.fastwalk_readdir_r(fd, (*C.struct_dirent)(unsafe.Pointer(&dirent))))
-		if ret != 0 {
-			if ret == -1 {
-				break // EOF
-			}
-			if ret == int(syscall.EINTR) {
-				continue
-			}
-			return &os.PathError{Op: "readdir", Path: dirName, Err: syscall.Errno(ret)}
-		}
-		if dirent.Ino == 0 {
-			continue
-		}
-		typ := dtToType(dirent.Type)
-		if skipFiles && typ.IsRegular() {
-			continue
-		}
-		name := (*[len(syscall.Dirent{}.Name)]byte)(unsafe.Pointer(&dirent.Name))[:]
-		name = name[:dirent.Namlen]
-		for i, c := range name {
-			if c == 0 {
-				name = name[:i]
-				break
-			}
-		}
-		// Check for useless names before allocating a string.
-		if string(name) == "." || string(name) == ".." {
-			continue
-		}
-		if err := fn(dirName, string(name), typ); err != nil {
-			if err != ErrSkipFiles {
-				return err
-			}
-			skipFiles = true
-		}
-	}
-
-	return nil
-}
-
-func dtToType(typ uint8) os.FileMode {
-	switch typ {
-	case syscall.DT_BLK:
-		return os.ModeDevice
-	case syscall.DT_CHR:
-		return os.ModeDevice | os.ModeCharDevice
-	case syscall.DT_DIR:
-		return os.ModeDir
-	case syscall.DT_FIFO:
-		return os.ModeNamedPipe
-	case syscall.DT_LNK:
-		return os.ModeSymlink
-	case syscall.DT_REG:
-		return 0
-	case syscall.DT_SOCK:
-		return os.ModeSocket
-	}
-	return ^os.FileMode(0)
-}
-
-// openDir wraps opendir(3) and handles any EINTR errors. The returned *DIR
-// needs to be closed with closedir(3).
-func openDir(path string) (*C.DIR, error) {
-	name, err := syscall.BytePtrFromString(path)
-	if err != nil {
-		return nil, err
-	}
-	for {
-		fd, err := C.opendir((*C.char)(unsafe.Pointer(name)))
-		if err != syscall.EINTR {
-			return fd, err
-		}
-	}
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go
deleted file mode 100644
index d58595dbd..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build freebsd || openbsd || netbsd
-// +build freebsd openbsd netbsd
-
-package fastwalk
-
-import "syscall"
-
-func direntInode(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Fileno)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
deleted file mode 100644
index d3922890b..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (linux || (darwin && !cgo)) && !appengine
-// +build linux darwin,!cgo
-// +build !appengine
-
-package fastwalk
-
-import "syscall"
-
-func direntInode(dirent *syscall.Dirent) uint64 {
-	return dirent.Ino
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
deleted file mode 100644
index 38a4db6af..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (darwin && !cgo) || freebsd || openbsd || netbsd
-// +build darwin,!cgo freebsd openbsd netbsd
-
-package fastwalk
-
-import "syscall"
-
-func direntNamlen(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Namlen)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go
deleted file mode 100644
index c82e57df8..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build linux && !appengine
-// +build linux,!appengine
-
-package fastwalk
-
-import (
-	"bytes"
-	"syscall"
-	"unsafe"
-)
-
-func direntNamlen(dirent *syscall.Dirent) uint64 {
-	const fixedHdr = uint16(unsafe.Offsetof(syscall.Dirent{}.Name))
-	nameBuf := (*[unsafe.Sizeof(dirent.Name)]byte)(unsafe.Pointer(&dirent.Name[0]))
-	const nameBufLen = uint16(len(nameBuf))
-	limit := dirent.Reclen - fixedHdr
-	if limit > nameBufLen {
-		limit = nameBufLen
-	}
-	nameLen := bytes.IndexByte(nameBuf[:limit], 0)
-	if nameLen < 0 {
-		panic("failed to find terminating 0 byte in dirent")
-	}
-	return uint64(nameLen)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
deleted file mode 100644
index 085d31160..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build appengine || (!linux && !darwin && !freebsd && !openbsd && !netbsd)
-// +build appengine !linux,!darwin,!freebsd,!openbsd,!netbsd
-
-package fastwalk
-
-import (
-	"io/ioutil"
-	"os"
-)
-
-// readDir calls fn for each directory entry in dirName.
-// It does not descend into directories or follow symlinks.
-// If fn returns a non-nil error, readDir returns with that error
-// immediately.
-func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fis, err := ioutil.ReadDir(dirName)
-	if err != nil {
-		return err
-	}
-	skipFiles := false
-	for _, fi := range fis {
-		if fi.Mode().IsRegular() && skipFiles {
-			continue
-		}
-		if err := fn(dirName, fi.Name(), fi.Mode()&os.ModeType); err != nil {
-			if err == ErrSkipFiles {
-				skipFiles = true
-				continue
-			}
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
deleted file mode 100644
index f12f1a734..000000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
+++ /dev/null
@@ -1,153 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build (linux || freebsd || openbsd || netbsd || (darwin && !cgo)) && !appengine
-// +build linux freebsd openbsd netbsd darwin,!cgo
-// +build !appengine
-
-package fastwalk
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-const blockSize = 8 << 10
-
-// unknownFileMode is a sentinel (and bogus) os.FileMode
-// value used to represent a syscall.DT_UNKNOWN Dirent.Type.
-const unknownFileMode os.FileMode = os.ModeNamedPipe | os.ModeSocket | os.ModeDevice
-
-func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fd, err := open(dirName, 0, 0)
-	if err != nil {
-		return &os.PathError{Op: "open", Path: dirName, Err: err}
-	}
-	defer syscall.Close(fd)
-
-	// The buffer must be at least a block long.
-	buf := make([]byte, blockSize) // stack-allocated; doesn't escape
-	bufp := 0                      // starting read position in buf
-	nbuf := 0                      // end valid data in buf
-	skipFiles := false
-	for {
-		if bufp >= nbuf {
-			bufp = 0
-			nbuf, err = readDirent(fd, buf)
-			if err != nil {
-				return os.NewSyscallError("readdirent", err)
-			}
-			if nbuf <= 0 {
-				return nil
-			}
-		}
-		consumed, name, typ := parseDirEnt(buf[bufp:nbuf])
-		bufp += consumed
-		if name == "" || name == "." || name == ".." {
-			continue
-		}
-		// Fallback for filesystems (like old XFS) that don't
-		// support Dirent.Type and have DT_UNKNOWN (0) there
-		// instead.
-		if typ == unknownFileMode {
-			fi, err := os.Lstat(dirName + "/" + name)
-			if err != nil {
-				// It got deleted in the meantime.
-				if os.IsNotExist(err) {
-					continue
-				}
-				return err
-			}
-			typ = fi.Mode() & os.ModeType
-		}
-		if skipFiles && typ.IsRegular() {
-			continue
-		}
-		if err := fn(dirName, name, typ); err != nil {
-			if err == ErrSkipFiles {
-				skipFiles = true
-				continue
-			}
-			return err
-		}
-	}
-}
-
-func parseDirEnt(buf []byte) (consumed int, name string, typ os.FileMode) {
-	// golang.org/issue/37269
-	dirent := &syscall.Dirent{}
-	copy((*[unsafe.Sizeof(syscall.Dirent{})]byte)(unsafe.Pointer(dirent))[:], buf)
-	if v := unsafe.Offsetof(dirent.Reclen) + unsafe.Sizeof(dirent.Reclen); uintptr(len(buf)) < v {
-		panic(fmt.Sprintf("buf size of %d smaller than dirent header size %d", len(buf), v))
-	}
-	if len(buf) < int(dirent.Reclen) {
-		panic(fmt.Sprintf("buf size %d < record length %d", len(buf), dirent.Reclen))
-	}
-	consumed = int(dirent.Reclen)
-	if direntInode(dirent) == 0 { // File absent in directory.
-		return
-	}
-	switch dirent.Type {
-	case syscall.DT_REG:
-		typ = 0
-	case syscall.DT_DIR:
-		typ = os.ModeDir
-	case syscall.DT_LNK:
-		typ = os.ModeSymlink
-	case syscall.DT_BLK:
-		typ = os.ModeDevice
-	case syscall.DT_FIFO:
-		typ = os.ModeNamedPipe
-	case syscall.DT_SOCK:
-		typ = os.ModeSocket
-	case syscall.DT_UNKNOWN:
-		typ = unknownFileMode
-	default:
-		// Skip weird things.
-		// It's probably a DT_WHT (http://lwn.net/Articles/325369/)
-		// or something. Revisit if/when this package is moved outside
-		// of goimports. goimports only cares about regular files,
-		// symlinks, and directories.
-		return
-	}
-
-	nameBuf := (*[unsafe.Sizeof(dirent.Name)]byte)(unsafe.Pointer(&dirent.Name[0]))
-	nameLen := direntNamlen(dirent)
-
-	// Special cases for common things:
-	if nameLen == 1 && nameBuf[0] == '.' {
-		name = "."
-	} else if nameLen == 2 && nameBuf[0] == '.' && nameBuf[1] == '.' {
-		name = ".."
-	} else {
-		name = string(nameBuf[:nameLen])
-	}
-	return
-}
-
-// According to https://golang.org/doc/go1.14#runtime
-// A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS
-// systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases.
-//
-// This causes syscall.Open and syscall.ReadDirent sometimes fail with EINTR errors.
-// We need to retry in this case.
-func open(path string, mode int, perm uint32) (fd int, err error) {
-	for {
-		fd, err := syscall.Open(path, mode, perm)
-		if err != syscall.EINTR {
-			return fd, err
-		}
-	}
-}
-
-func readDirent(fd int, buf []byte) (n int, err error) {
-	for {
-		nbuf, err := syscall.ReadDirent(fd, buf)
-		if err != syscall.EINTR {
-			return nbuf, err
-		}
-	}
-}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
index b1223713b..2d078ccb1 100644
--- a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
+++ b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
@@ -29,7 +29,6 @@ import (
 	"go/token"
 	"go/types"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -221,7 +220,7 @@ func Import(packages map[string]*types.Package, path, srcDir string, lookup func
 	switch hdr {
 	case "$$B\n":
 		var data []byte
-		data, err = ioutil.ReadAll(buf)
+		data, err = io.ReadAll(buf)
 		if err != nil {
 			break
 		}
diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
index 53cf66da0..55312522d 100644
--- a/vendor/golang.org/x/tools/internal/gocommand/invoke.go
+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
@@ -13,6 +13,7 @@ import (
 	"io"
 	"log"
 	"os"
+	"os/exec"
 	"reflect"
 	"regexp"
 	"runtime"
@@ -21,8 +22,6 @@ import (
 	"sync"
 	"time"
 
-	exec "golang.org/x/sys/execabs"
-
 	"golang.org/x/tools/internal/event"
 	"golang.org/x/tools/internal/event/keys"
 	"golang.org/x/tools/internal/event/label"
@@ -85,6 +84,7 @@ func (runner *Runner) RunPiped(ctx context.Context, inv Invocation, stdout, stde
 
 // RunRaw runs the invocation, serializing requests only if they fight over
 // go.mod changes.
+// Postcondition: both error results have same nilness.
 func (runner *Runner) RunRaw(ctx context.Context, inv Invocation) (*bytes.Buffer, *bytes.Buffer, error, error) {
 	ctx, done := event.Start(ctx, "gocommand.Runner.RunRaw", invLabels(inv)...)
 	defer done()
@@ -95,23 +95,24 @@ func (runner *Runner) RunRaw(ctx context.Context, inv Invocation) (*bytes.Buffer
 	stdout, stderr, friendlyErr, err := runner.runConcurrent(ctx, inv)
 
 	// If we encounter a load concurrency error, we need to retry serially.
-	if friendlyErr == nil || !modConcurrencyError.MatchString(friendlyErr.Error()) {
-		return stdout, stderr, friendlyErr, err
+	if friendlyErr != nil && modConcurrencyError.MatchString(friendlyErr.Error()) {
+		event.Error(ctx, "Load concurrency error, will retry serially", err)
+
+		// Run serially by calling runPiped.
+		stdout.Reset()
+		stderr.Reset()
+		friendlyErr, err = runner.runPiped(ctx, inv, stdout, stderr)
 	}
-	event.Error(ctx, "Load concurrency error, will retry serially", err)
 
-	// Run serially by calling runPiped.
-	stdout.Reset()
-	stderr.Reset()
-	friendlyErr, err = runner.runPiped(ctx, inv, stdout, stderr)
 	return stdout, stderr, friendlyErr, err
 }
 
+// Postcondition: both error results have same nilness.
 func (runner *Runner) runConcurrent(ctx context.Context, inv Invocation) (*bytes.Buffer, *bytes.Buffer, error, error) {
 	// Wait for 1 worker to become available.
 	select {
 	case <-ctx.Done():
-		return nil, nil, nil, ctx.Err()
+		return nil, nil, ctx.Err(), ctx.Err()
 	case runner.inFlight <- struct{}{}:
 		defer func() { <-runner.inFlight }()
 	}
@@ -121,6 +122,7 @@ func (runner *Runner) runConcurrent(ctx context.Context, inv Invocation) (*bytes
 	return stdout, stderr, friendlyErr, err
 }
 
+// Postcondition: both error results have same nilness.
 func (runner *Runner) runPiped(ctx context.Context, inv Invocation, stdout, stderr io.Writer) (error, error) {
 	// Make sure the runner is always initialized.
 	runner.initialize()
@@ -129,7 +131,7 @@ func (runner *Runner) runPiped(ctx context.Context, inv Invocation, stdout, stde
 	// runPiped commands.
 	select {
 	case <-ctx.Done():
-		return nil, ctx.Err()
+		return ctx.Err(), ctx.Err()
 	case runner.serialized <- struct{}{}:
 		defer func() { <-runner.serialized }()
 	}
@@ -139,7 +141,7 @@ func (runner *Runner) runPiped(ctx context.Context, inv Invocation, stdout, stde
 	for i := 0; i < maxInFlight; i++ {
 		select {
 		case <-ctx.Done():
-			return nil, ctx.Err()
+			return ctx.Err(), ctx.Err()
 		case runner.inFlight <- struct{}{}:
 			// Make sure we always "return" any workers we took.
 			defer func() { <-runner.inFlight }()
@@ -172,6 +174,7 @@ type Invocation struct {
 	Logf       func(format string, args ...interface{})
 }
 
+// Postcondition: both error results have same nilness.
 func (i *Invocation) runWithFriendlyError(ctx context.Context, stdout, stderr io.Writer) (friendlyError error, rawError error) {
 	rawError = i.run(ctx, stdout, stderr)
 	if rawError != nil {
diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
index 452e342c5..52f74e643 100644
--- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
+++ b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
@@ -9,13 +9,12 @@ package gopathwalk
 import (
 	"bufio"
 	"bytes"
+	"io/fs"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
-
-	"golang.org/x/tools/internal/fastwalk"
 )
 
 // Options controls the behavior of a Walk call.
@@ -45,21 +44,18 @@ type Root struct {
 }
 
 // Walk walks Go source directories ($GOROOT, $GOPATH, etc) to find packages.
-// For each package found, add will be called (concurrently) with the absolute
+// For each package found, add will be called with the absolute
 // paths of the containing source directory and the package directory.
-// add will be called concurrently.
 func Walk(roots []Root, add func(root Root, dir string), opts Options) {
 	WalkSkip(roots, add, func(Root, string) bool { return false }, opts)
 }
 
 // WalkSkip walks Go source directories ($GOROOT, $GOPATH, etc) to find packages.
-// For each package found, add will be called (concurrently) with the absolute
+// For each package found, add will be called with the absolute
 // paths of the containing source directory and the package directory.
-// For each directory that will be scanned, skip will be called (concurrently)
+// For each directory that will be scanned, skip will be called
 // with the absolute paths of the containing source directory and the directory.
 // If skip returns false on a directory it will be processed.
-// add will be called concurrently.
-// skip will be called concurrently.
 func WalkSkip(roots []Root, add func(root Root, dir string), skip func(root Root, dir string) bool, opts Options) {
 	for _, root := range roots {
 		walkDir(root, add, skip, opts)
@@ -78,14 +74,25 @@ func walkDir(root Root, add func(Root, string), skip func(root Root, dir string)
 	if opts.Logf != nil {
 		opts.Logf("scanning %s", root.Path)
 	}
+
 	w := &walker{
-		root: root,
-		add:  add,
-		skip: skip,
-		opts: opts,
+		root:  root,
+		add:   add,
+		skip:  skip,
+		opts:  opts,
+		added: make(map[string]bool),
 	}
 	w.init()
-	if err := fastwalk.Walk(root.Path, w.walk); err != nil {
+
+	// Add a trailing path separator to cause filepath.WalkDir to traverse symlinks.
+	path := root.Path
+	if len(path) == 0 {
+		path = "." + string(filepath.Separator)
+	} else if !os.IsPathSeparator(path[len(path)-1]) {
+		path = path + string(filepath.Separator)
+	}
+
+	if err := filepath.WalkDir(path, w.walk); err != nil {
 		logf := opts.Logf
 		if logf == nil {
 			logf = log.Printf
@@ -105,7 +112,10 @@ type walker struct {
 	skip func(Root, string) bool // The callback that will be invoked for every dir. dir is skipped if it returns true.
 	opts Options                 // Options passed to Walk by the user.
 
-	ignoredDirs []os.FileInfo // The ignored directories, loaded from .goimportsignore files.
+	pathSymlinks []os.FileInfo
+	ignoredDirs  []string
+
+	added map[string]bool
 }
 
 // init initializes the walker based on its Options
@@ -121,13 +131,9 @@ func (w *walker) init() {
 
 	for _, p := range ignoredPaths {
 		full := filepath.Join(w.root.Path, p)
-		if fi, err := os.Stat(full); err == nil {
-			w.ignoredDirs = append(w.ignoredDirs, fi)
-			if w.opts.Logf != nil {
-				w.opts.Logf("Directory added to ignore list: %s", full)
-			}
-		} else if w.opts.Logf != nil {
-			w.opts.Logf("Error statting ignored directory: %v", err)
+		w.ignoredDirs = append(w.ignoredDirs, full)
+		if w.opts.Logf != nil {
+			w.opts.Logf("Directory added to ignore list: %s", full)
 		}
 	}
 }
@@ -162,9 +168,9 @@ func (w *walker) getIgnoredDirs(path string) []string {
 }
 
 // shouldSkipDir reports whether the file should be skipped or not.
-func (w *walker) shouldSkipDir(fi os.FileInfo, dir string) bool {
+func (w *walker) shouldSkipDir(dir string) bool {
 	for _, ignoredDir := range w.ignoredDirs {
-		if os.SameFile(fi, ignoredDir) {
+		if dir == ignoredDir {
 			return true
 		}
 	}
@@ -176,85 +182,150 @@ func (w *walker) shouldSkipDir(fi os.FileInfo, dir string) bool {
 }
 
 // walk walks through the given path.
-func (w *walker) walk(path string, typ os.FileMode) error {
-	if typ.IsRegular() {
+//
+// Errors are logged if w.opts.Logf is non-nil, but otherwise ignored:
+// walk returns only nil or fs.SkipDir.
+func (w *walker) walk(path string, d fs.DirEntry, err error) error {
+	if err != nil {
+		// We have no way to report errors back through Walk or WalkSkip,
+		// so just log and ignore them.
+		if w.opts.Logf != nil {
+			w.opts.Logf("%v", err)
+		}
+		if d == nil {
+			// Nothing more to do: the error prevents us from knowing
+			// what path even represents.
+			return nil
+		}
+	}
+
+	if d.Type().IsRegular() {
+		if !strings.HasSuffix(path, ".go") {
+			return nil
+		}
+
 		dir := filepath.Dir(path)
 		if dir == w.root.Path && (w.root.Type == RootGOROOT || w.root.Type == RootGOPATH) {
 			// Doesn't make sense to have regular files
 			// directly in your $GOPATH/src or $GOROOT/src.
-			return fastwalk.ErrSkipFiles
-		}
-		if !strings.HasSuffix(path, ".go") {
 			return nil
 		}
 
-		w.add(w.root, dir)
-		return fastwalk.ErrSkipFiles
+		if !w.added[dir] {
+			w.add(w.root, dir)
+			w.added[dir] = true
+		}
+		return nil
 	}
-	if typ == os.ModeDir {
+
+	if d.IsDir() {
 		base := filepath.Base(path)
 		if base == "" || base[0] == '.' || base[0] == '_' ||
 			base == "testdata" ||
 			(w.root.Type == RootGOROOT && w.opts.ModulesEnabled && base == "vendor") ||
 			(!w.opts.ModulesEnabled && base == "node_modules") {
-			return filepath.SkipDir
+			return fs.SkipDir
 		}
-		fi, err := os.Lstat(path)
-		if err == nil && w.shouldSkipDir(fi, path) {
-			return filepath.SkipDir
+		if w.shouldSkipDir(path) {
+			return fs.SkipDir
 		}
 		return nil
 	}
-	if typ == os.ModeSymlink {
-		base := filepath.Base(path)
-		if strings.HasPrefix(base, ".#") {
-			// Emacs noise.
-			return nil
-		}
-		if w.shouldTraverse(path) {
-			return fastwalk.ErrTraverseLink
+
+	if d.Type()&os.ModeSymlink != 0 {
+		// TODO(bcmills): 'go list all' itself ignores symlinks within GOROOT/src
+		// and GOPATH/src. Do we really need to traverse them here? If so, why?
+
+		fi, err := os.Stat(path)
+		if err != nil || !fi.IsDir() {
+			// Not a directory. Just walk the file (or broken link) and be done.
+			return w.walk(path, fs.FileInfoToDirEntry(fi), err)
 		}
-	}
-	return nil
-}
 
-// shouldTraverse reports whether the symlink fi, found in dir,
-// should be followed.  It makes sure symlinks were never visited
-// before to avoid symlink loops.
-func (w *walker) shouldTraverse(path string) bool {
-	ts, err := os.Stat(path)
-	if err != nil {
-		logf := w.opts.Logf
-		if logf == nil {
-			logf = log.Printf
+		// Avoid walking symlink cycles: if we have already followed a symlink to
+		// this directory as a parent of itself, don't follow it again.
+		//
+		// This doesn't catch the first time through a cycle, but it also minimizes
+		// the number of extra stat calls we make if we *don't* encounter a cycle.
+		// Since we don't actually expect to encounter symlink cycles in practice,
+		// this seems like the right tradeoff.
+		for _, parent := range w.pathSymlinks {
+			if os.SameFile(fi, parent) {
+				return nil
+			}
 		}
-		logf("%v", err)
-		return false
-	}
-	if !ts.IsDir() {
-		return false
-	}
-	if w.shouldSkipDir(ts, filepath.Dir(path)) {
-		return false
-	}
-	// Check for symlink loops by statting each directory component
-	// and seeing if any are the same file as ts.
-	for {
-		parent := filepath.Dir(path)
-		if parent == path {
-			// Made it to the root without seeing a cycle.
-			// Use this symlink.
-			return true
+
+		w.pathSymlinks = append(w.pathSymlinks, fi)
+		defer func() {
+			w.pathSymlinks = w.pathSymlinks[:len(w.pathSymlinks)-1]
+		}()
+
+		// On some platforms the OS (or the Go os package) sometimes fails to
+		// resolve directory symlinks before a trailing slash
+		// (even though POSIX requires it to do so).
+		//
+		// On macOS that failure may be caused by a known libc/kernel bug;
+		// see https://go.dev/issue/59586.
+		//
+		// On Windows before Go 1.21, it may be caused by a bug in
+		// os.Lstat (fixed in https://go.dev/cl/463177).
+		//
+		// Since we need to handle this explicitly on broken platforms anyway,
+		// it is simplest to just always do that and not rely on POSIX pathname
+		// resolution to walk the directory (such as by calling WalkDir with
+		// a trailing slash appended to the path).
+		//
+		// Instead, we make a sequence of walk calls — directly and through
+		// recursive calls to filepath.WalkDir — simulating what WalkDir would do
+		// if the symlink were a regular directory.
+
+		// First we call walk on the path as a directory
+		// (instead of a symlink).
+		err = w.walk(path, fs.FileInfoToDirEntry(fi), nil)
+		if err == fs.SkipDir {
+			return nil
+		} else if err != nil {
+			// This should be impossible, but handle it anyway in case
+			// walk is changed to return other errors.
+			return err
 		}
-		parentInfo, err := os.Stat(parent)
+
+		// Now read the directory and walk its entries.
+		ents, err := os.ReadDir(path)
 		if err != nil {
-			return false
+			// Report the ReadDir error, as filepath.WalkDir would do.
+			err = w.walk(path, fs.FileInfoToDirEntry(fi), err)
+			if err == fs.SkipDir {
+				return nil
+			} else if err != nil {
+				return err // Again, should be impossible.
+			}
+			// Fall through and iterate over whatever entries we did manage to get.
 		}
-		if os.SameFile(ts, parentInfo) {
-			// Cycle. Don't traverse.
-			return false
+
+		for _, d := range ents {
+			nextPath := filepath.Join(path, d.Name())
+			if d.IsDir() {
+				// We want to walk the whole directory tree rooted at nextPath,
+				// not just the single entry for the directory.
+				err := filepath.WalkDir(nextPath, w.walk)
+				if err != nil && w.opts.Logf != nil {
+					w.opts.Logf("%v", err)
+				}
+			} else {
+				err := w.walk(nextPath, d, nil)
+				if err == fs.SkipDir {
+					// Skip the rest of the entries in the parent directory of nextPath
+					// (that is, path itself).
+					break
+				} else if err != nil {
+					return err // Again, should be impossible.
+				}
+			}
 		}
-		path = parent
+		return nil
 	}
 
+	// Not a file, regular directory, or symlink; skip.
+	return nil
 }
diff --git a/vendor/golang.org/x/tools/internal/imports/fix.go b/vendor/golang.org/x/tools/internal/imports/fix.go
index d4f1b4e8a..01e8ba5fa 100644
--- a/vendor/golang.org/x/tools/internal/imports/fix.go
+++ b/vendor/golang.org/x/tools/internal/imports/fix.go
@@ -13,6 +13,7 @@ import (
 	"go/build"
 	"go/parser"
 	"go/token"
+	"io/fs"
 	"io/ioutil"
 	"os"
 	"path"
@@ -107,7 +108,7 @@ func parseOtherFiles(fset *token.FileSet, srcDir, filename string) []*ast.File {
 	considerTests := strings.HasSuffix(filename, "_test.go")
 
 	fileBase := filepath.Base(filename)
-	packageFileInfos, err := ioutil.ReadDir(srcDir)
+	packageFileInfos, err := os.ReadDir(srcDir)
 	if err != nil {
 		return nil
 	}
@@ -1469,11 +1470,11 @@ func VendorlessPath(ipath string) string {
 
 func loadExportsFromFiles(ctx context.Context, env *ProcessEnv, dir string, includeTest bool) (string, []string, error) {
 	// Look for non-test, buildable .go files which could provide exports.
-	all, err := ioutil.ReadDir(dir)
+	all, err := os.ReadDir(dir)
 	if err != nil {
 		return "", nil, err
 	}
-	var files []os.FileInfo
+	var files []fs.DirEntry
 	for _, fi := range all {
 		name := fi.Name()
 		if !strings.HasSuffix(name, ".go") || (!includeTest && strings.HasSuffix(name, "_test.go")) {
diff --git a/vendor/golang.org/x/tools/internal/imports/mod.go b/vendor/golang.org/x/tools/internal/imports/mod.go
index 977d2389d..5f4d435d3 100644
--- a/vendor/golang.org/x/tools/internal/imports/mod.go
+++ b/vendor/golang.org/x/tools/internal/imports/mod.go
@@ -9,7 +9,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -265,7 +264,7 @@ func (r *ModuleResolver) findPackage(importPath string) (*gocommand.ModuleJSON,
 		}
 
 		// Not cached. Read the filesystem.
-		pkgFiles, err := ioutil.ReadDir(pkgDir)
+		pkgFiles, err := os.ReadDir(pkgDir)
 		if err != nil {
 			continue
 		}
@@ -370,7 +369,7 @@ func (r *ModuleResolver) dirIsNestedModule(dir string, mod *gocommand.ModuleJSON
 
 func (r *ModuleResolver) modInfo(dir string) (modDir string, modName string) {
 	readModName := func(modFile string) string {
-		modBytes, err := ioutil.ReadFile(modFile)
+		modBytes, err := os.ReadFile(modFile)
 		if err != nil {
 			return ""
 		}
diff --git a/vendor/golang.org/x/tools/internal/imports/zstdlib.go b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
index 31a75949c..9f992c2be 100644
--- a/vendor/golang.org/x/tools/internal/imports/zstdlib.go
+++ b/vendor/golang.org/x/tools/internal/imports/zstdlib.go
@@ -93,6 +93,7 @@ var stdlib = map[string][]string{
 		"Compare",
 		"Contains",
 		"ContainsAny",
+		"ContainsFunc",
 		"ContainsRune",
 		"Count",
 		"Cut",
@@ -147,6 +148,11 @@ var stdlib = map[string][]string{
 		"TrimSpace",
 		"TrimSuffix",
 	},
+	"cmp": {
+		"Compare",
+		"Less",
+		"Ordered",
+	},
 	"compress/bzip2": {
 		"NewReader",
 		"StructuralError",
@@ -228,6 +234,7 @@ var stdlib = map[string][]string{
 		"Ring",
 	},
 	"context": {
+		"AfterFunc",
 		"Background",
 		"CancelCauseFunc",
 		"CancelFunc",
@@ -239,8 +246,11 @@ var stdlib = map[string][]string{
 		"WithCancel",
 		"WithCancelCause",
 		"WithDeadline",
+		"WithDeadlineCause",
 		"WithTimeout",
+		"WithTimeoutCause",
 		"WithValue",
+		"WithoutCancel",
 	},
 	"crypto": {
 		"BLAKE2b_256",
@@ -445,6 +455,7 @@ var stdlib = map[string][]string{
 		"XORBytes",
 	},
 	"crypto/tls": {
+		"AlertError",
 		"Certificate",
 		"CertificateRequestInfo",
 		"CertificateVerificationError",
@@ -476,6 +487,7 @@ var stdlib = map[string][]string{
 		"LoadX509KeyPair",
 		"NewLRUClientSessionCache",
 		"NewListener",
+		"NewResumptionState",
 		"NoClientCert",
 		"PKCS1WithSHA1",
 		"PKCS1WithSHA256",
@@ -484,6 +496,27 @@ var stdlib = map[string][]string{
 		"PSSWithSHA256",
 		"PSSWithSHA384",
 		"PSSWithSHA512",
+		"ParseSessionState",
+		"QUICClient",
+		"QUICConfig",
+		"QUICConn",
+		"QUICEncryptionLevel",
+		"QUICEncryptionLevelApplication",
+		"QUICEncryptionLevelEarly",
+		"QUICEncryptionLevelHandshake",
+		"QUICEncryptionLevelInitial",
+		"QUICEvent",
+		"QUICEventKind",
+		"QUICHandshakeDone",
+		"QUICNoEvent",
+		"QUICRejectedEarlyData",
+		"QUICServer",
+		"QUICSessionTicketOptions",
+		"QUICSetReadSecret",
+		"QUICSetWriteSecret",
+		"QUICTransportParameters",
+		"QUICTransportParametersRequired",
+		"QUICWriteData",
 		"RecordHeaderError",
 		"RenegotiateFreelyAsClient",
 		"RenegotiateNever",
@@ -493,6 +526,7 @@ var stdlib = map[string][]string{
 		"RequireAndVerifyClientCert",
 		"RequireAnyClientCert",
 		"Server",
+		"SessionState",
 		"SignatureScheme",
 		"TLS_AES_128_GCM_SHA256",
 		"TLS_AES_256_GCM_SHA384",
@@ -523,6 +557,7 @@ var stdlib = map[string][]string{
 		"TLS_RSA_WITH_AES_256_GCM_SHA384",
 		"TLS_RSA_WITH_RC4_128_SHA",
 		"VerifyClientCertIfGiven",
+		"VersionName",
 		"VersionSSL30",
 		"VersionTLS10",
 		"VersionTLS11",
@@ -618,6 +653,7 @@ var stdlib = map[string][]string{
 		"PureEd25519",
 		"RSA",
 		"RevocationList",
+		"RevocationListEntry",
 		"SHA1WithRSA",
 		"SHA256WithRSA",
 		"SHA256WithRSAPSS",
@@ -1002,10 +1038,42 @@ var stdlib = map[string][]string{
 		"COMPRESS_LOOS",
 		"COMPRESS_LOPROC",
 		"COMPRESS_ZLIB",
+		"COMPRESS_ZSTD",
 		"Chdr32",
 		"Chdr64",
 		"Class",
 		"CompressionType",
+		"DF_1_CONFALT",
+		"DF_1_DIRECT",
+		"DF_1_DISPRELDNE",
+		"DF_1_DISPRELPND",
+		"DF_1_EDITED",
+		"DF_1_ENDFILTEE",
+		"DF_1_GLOBAL",
+		"DF_1_GLOBAUDIT",
+		"DF_1_GROUP",
+		"DF_1_IGNMULDEF",
+		"DF_1_INITFIRST",
+		"DF_1_INTERPOSE",
+		"DF_1_KMOD",
+		"DF_1_LOADFLTR",
+		"DF_1_NOCOMMON",
+		"DF_1_NODEFLIB",
+		"DF_1_NODELETE",
+		"DF_1_NODIRECT",
+		"DF_1_NODUMP",
+		"DF_1_NOHDR",
+		"DF_1_NOKSYMS",
+		"DF_1_NOOPEN",
+		"DF_1_NORELOC",
+		"DF_1_NOW",
+		"DF_1_ORIGIN",
+		"DF_1_PIE",
+		"DF_1_SINGLETON",
+		"DF_1_STUB",
+		"DF_1_SYMINTPOSE",
+		"DF_1_TRANS",
+		"DF_1_WEAKFILTER",
 		"DF_BIND_NOW",
 		"DF_ORIGIN",
 		"DF_STATIC_TLS",
@@ -1144,6 +1212,7 @@ var stdlib = map[string][]string{
 		"Dyn32",
 		"Dyn64",
 		"DynFlag",
+		"DynFlag1",
 		"DynTag",
 		"EI_ABIVERSION",
 		"EI_CLASS",
@@ -2111,6 +2180,7 @@ var stdlib = map[string][]string{
 		"R_PPC64_REL16_LO",
 		"R_PPC64_REL24",
 		"R_PPC64_REL24_NOTOC",
+		"R_PPC64_REL24_P9NOTOC",
 		"R_PPC64_REL30",
 		"R_PPC64_REL32",
 		"R_PPC64_REL64",
@@ -2848,6 +2918,7 @@ var stdlib = map[string][]string{
 		"MaxVarintLen16",
 		"MaxVarintLen32",
 		"MaxVarintLen64",
+		"NativeEndian",
 		"PutUvarint",
 		"PutVarint",
 		"Read",
@@ -2963,6 +3034,7 @@ var stdlib = map[string][]string{
 	},
 	"errors": {
 		"As",
+		"ErrUnsupported",
 		"Is",
 		"Join",
 		"New",
@@ -2989,6 +3061,7 @@ var stdlib = map[string][]string{
 		"Arg",
 		"Args",
 		"Bool",
+		"BoolFunc",
 		"BoolVar",
 		"CommandLine",
 		"ContinueOnError",
@@ -3119,6 +3192,7 @@ var stdlib = map[string][]string{
 		"Inspect",
 		"InterfaceType",
 		"IsExported",
+		"IsGenerated",
 		"KeyValueExpr",
 		"LabeledStmt",
 		"Lbl",
@@ -3169,6 +3243,7 @@ var stdlib = map[string][]string{
 		"ArchChar",
 		"Context",
 		"Default",
+		"Directive",
 		"FindOnly",
 		"IgnoreVendor",
 		"Import",
@@ -3184,6 +3259,7 @@ var stdlib = map[string][]string{
 	"go/build/constraint": {
 		"AndExpr",
 		"Expr",
+		"GoVersion",
 		"IsGoBuild",
 		"IsPlusBuild",
 		"NotExpr",
@@ -3626,6 +3702,7 @@ var stdlib = map[string][]string{
 		"ErrBadHTML",
 		"ErrBranchEnd",
 		"ErrEndContext",
+		"ErrJSTemplate",
 		"ErrNoSuchTemplate",
 		"ErrOutputContext",
 		"ErrPartialCharset",
@@ -3870,6 +3947,8 @@ var stdlib = map[string][]string{
 		"FileInfo",
 		"FileInfoToDirEntry",
 		"FileMode",
+		"FormatDirEntry",
+		"FormatFileInfo",
 		"Glob",
 		"GlobFS",
 		"ModeAppend",
@@ -3942,6 +4021,78 @@ var stdlib = map[string][]string{
 		"SetPrefix",
 		"Writer",
 	},
+	"log/slog": {
+		"Any",
+		"AnyValue",
+		"Attr",
+		"Bool",
+		"BoolValue",
+		"Debug",
+		"DebugContext",
+		"Default",
+		"Duration",
+		"DurationValue",
+		"Error",
+		"ErrorContext",
+		"Float64",
+		"Float64Value",
+		"Group",
+		"GroupValue",
+		"Handler",
+		"HandlerOptions",
+		"Info",
+		"InfoContext",
+		"Int",
+		"Int64",
+		"Int64Value",
+		"IntValue",
+		"JSONHandler",
+		"Kind",
+		"KindAny",
+		"KindBool",
+		"KindDuration",
+		"KindFloat64",
+		"KindGroup",
+		"KindInt64",
+		"KindLogValuer",
+		"KindString",
+		"KindTime",
+		"KindUint64",
+		"Level",
+		"LevelDebug",
+		"LevelError",
+		"LevelInfo",
+		"LevelKey",
+		"LevelVar",
+		"LevelWarn",
+		"Leveler",
+		"Log",
+		"LogAttrs",
+		"LogValuer",
+		"Logger",
+		"MessageKey",
+		"New",
+		"NewJSONHandler",
+		"NewLogLogger",
+		"NewRecord",
+		"NewTextHandler",
+		"Record",
+		"SetDefault",
+		"Source",
+		"SourceKey",
+		"String",
+		"StringValue",
+		"TextHandler",
+		"Time",
+		"TimeKey",
+		"TimeValue",
+		"Uint64",
+		"Uint64Value",
+		"Value",
+		"Warn",
+		"WarnContext",
+		"With",
+	},
 	"log/syslog": {
 		"Dial",
 		"LOG_ALERT",
@@ -3977,6 +4128,13 @@ var stdlib = map[string][]string{
 		"Priority",
 		"Writer",
 	},
+	"maps": {
+		"Clone",
+		"Copy",
+		"DeleteFunc",
+		"Equal",
+		"EqualFunc",
+	},
 	"math": {
 		"Abs",
 		"Acos",
@@ -4371,6 +4529,7 @@ var stdlib = map[string][]string{
 		"ErrNoLocation",
 		"ErrNotMultipart",
 		"ErrNotSupported",
+		"ErrSchemeMismatch",
 		"ErrServerClosed",
 		"ErrShortBody",
 		"ErrSkipAltProtocol",
@@ -5084,6 +5243,8 @@ var stdlib = map[string][]string{
 		"NumCPU",
 		"NumCgoCall",
 		"NumGoroutine",
+		"PanicNilError",
+		"Pinner",
 		"ReadMemStats",
 		"ReadTrace",
 		"SetBlockProfileRate",
@@ -5172,6 +5333,37 @@ var stdlib = map[string][]string{
 		"Task",
 		"WithRegion",
 	},
+	"slices": {
+		"BinarySearch",
+		"BinarySearchFunc",
+		"Clip",
+		"Clone",
+		"Compact",
+		"CompactFunc",
+		"Compare",
+		"CompareFunc",
+		"Contains",
+		"ContainsFunc",
+		"Delete",
+		"DeleteFunc",
+		"Equal",
+		"EqualFunc",
+		"Grow",
+		"Index",
+		"IndexFunc",
+		"Insert",
+		"IsSorted",
+		"IsSortedFunc",
+		"Max",
+		"MaxFunc",
+		"Min",
+		"MinFunc",
+		"Replace",
+		"Reverse",
+		"Sort",
+		"SortFunc",
+		"SortStableFunc",
+	},
 	"sort": {
 		"Find",
 		"Float64Slice",
@@ -5242,6 +5434,7 @@ var stdlib = map[string][]string{
 		"Compare",
 		"Contains",
 		"ContainsAny",
+		"ContainsFunc",
 		"ContainsRune",
 		"Count",
 		"Cut",
@@ -5299,6 +5492,9 @@ var stdlib = map[string][]string{
 		"Mutex",
 		"NewCond",
 		"Once",
+		"OnceFunc",
+		"OnceValue",
+		"OnceValues",
 		"Pool",
 		"RWMutex",
 		"WaitGroup",
@@ -9135,10 +9331,12 @@ var stdlib = map[string][]string{
 		"SYS_AIO_CANCEL",
 		"SYS_AIO_ERROR",
 		"SYS_AIO_FSYNC",
+		"SYS_AIO_MLOCK",
 		"SYS_AIO_READ",
 		"SYS_AIO_RETURN",
 		"SYS_AIO_SUSPEND",
 		"SYS_AIO_SUSPEND_NOCANCEL",
+		"SYS_AIO_WAITCOMPLETE",
 		"SYS_AIO_WRITE",
 		"SYS_ALARM",
 		"SYS_ARCH_PRCTL",
@@ -9368,6 +9566,7 @@ var stdlib = map[string][]string{
 		"SYS_GET_MEMPOLICY",
 		"SYS_GET_ROBUST_LIST",
 		"SYS_GET_THREAD_AREA",
+		"SYS_GSSD_SYSCALL",
 		"SYS_GTTY",
 		"SYS_IDENTITYSVC",
 		"SYS_IDLE",
@@ -9411,8 +9610,24 @@ var stdlib = map[string][]string{
 		"SYS_KLDSYM",
 		"SYS_KLDUNLOAD",
 		"SYS_KLDUNLOADF",
+		"SYS_KMQ_NOTIFY",
+		"SYS_KMQ_OPEN",
+		"SYS_KMQ_SETATTR",
+		"SYS_KMQ_TIMEDRECEIVE",
+		"SYS_KMQ_TIMEDSEND",
+		"SYS_KMQ_UNLINK",
 		"SYS_KQUEUE",
 		"SYS_KQUEUE1",
+		"SYS_KSEM_CLOSE",
+		"SYS_KSEM_DESTROY",
+		"SYS_KSEM_GETVALUE",
+		"SYS_KSEM_INIT",
+		"SYS_KSEM_OPEN",
+		"SYS_KSEM_POST",
+		"SYS_KSEM_TIMEDWAIT",
+		"SYS_KSEM_TRYWAIT",
+		"SYS_KSEM_UNLINK",
+		"SYS_KSEM_WAIT",
 		"SYS_KTIMER_CREATE",
 		"SYS_KTIMER_DELETE",
 		"SYS_KTIMER_GETOVERRUN",
@@ -9504,11 +9719,14 @@ var stdlib = map[string][]string{
 		"SYS_NFSSVC",
 		"SYS_NFSTAT",
 		"SYS_NICE",
+		"SYS_NLM_SYSCALL",
 		"SYS_NLSTAT",
 		"SYS_NMOUNT",
 		"SYS_NSTAT",
 		"SYS_NTP_ADJTIME",
 		"SYS_NTP_GETTIME",
+		"SYS_NUMA_GETAFFINITY",
+		"SYS_NUMA_SETAFFINITY",
 		"SYS_OABI_SYSCALL_BASE",
 		"SYS_OBREAK",
 		"SYS_OLDFSTAT",
@@ -9891,6 +10109,7 @@ var stdlib = map[string][]string{
 		"SYS___ACL_SET_FD",
 		"SYS___ACL_SET_FILE",
 		"SYS___ACL_SET_LINK",
+		"SYS___CAP_RIGHTS_GET",
 		"SYS___CLONE",
 		"SYS___DISABLE_THREADSIGNAL",
 		"SYS___GETCWD",
@@ -10574,6 +10793,7 @@ var stdlib = map[string][]string{
 		"Short",
 		"T",
 		"TB",
+		"Testing",
 		"Verbose",
 	},
 	"testing/fstest": {
@@ -10603,6 +10823,9 @@ var stdlib = map[string][]string{
 		"SetupError",
 		"Value",
 	},
+	"testing/slogtest": {
+		"TestHandler",
+	},
 	"text/scanner": {
 		"Char",
 		"Comment",
@@ -10826,6 +11049,7 @@ var stdlib = map[string][]string{
 		"Cs",
 		"Cuneiform",
 		"Cypriot",
+		"Cypro_Minoan",
 		"Cyrillic",
 		"Dash",
 		"Deprecated",
@@ -10889,6 +11113,7 @@ var stdlib = map[string][]string{
 		"Kaithi",
 		"Kannada",
 		"Katakana",
+		"Kawi",
 		"Kayah_Li",
 		"Kharoshthi",
 		"Khitan_Small_Script",
@@ -10943,6 +11168,7 @@ var stdlib = map[string][]string{
 		"Myanmar",
 		"N",
 		"Nabataean",
+		"Nag_Mundari",
 		"Nandinagari",
 		"Nd",
 		"New_Tai_Lue",
@@ -10964,6 +11190,7 @@ var stdlib = map[string][]string{
 		"Old_Sogdian",
 		"Old_South_Arabian",
 		"Old_Turkic",
+		"Old_Uyghur",
 		"Oriya",
 		"Osage",
 		"Osmanya",
@@ -11038,6 +11265,7 @@ var stdlib = map[string][]string{
 		"Tai_Viet",
 		"Takri",
 		"Tamil",
+		"Tangsa",
 		"Tangut",
 		"Telugu",
 		"Terminal_Punctuation",
@@ -11052,6 +11280,7 @@ var stdlib = map[string][]string{
 		"ToLower",
 		"ToTitle",
 		"ToUpper",
+		"Toto",
 		"TurkishCase",
 		"Ugaritic",
 		"Unified_Ideograph",
@@ -11061,6 +11290,7 @@ var stdlib = map[string][]string{
 		"Vai",
 		"Variation_Selector",
 		"Version",
+		"Vithkuqi",
 		"Wancho",
 		"Warang_Citi",
 		"White_Space",
diff --git a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
index d9950b1f0..44719de17 100644
--- a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
+++ b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
@@ -5,10 +5,6 @@
 // Package packagesinternal exposes internal-only fields from go/packages.
 package packagesinternal
 
-import (
-	"golang.org/x/tools/internal/gocommand"
-)
-
 var GetForTest = func(p interface{}) string { return "" }
 var GetDepsErrors = func(p interface{}) []*PackageError { return nil }
 
@@ -18,10 +14,6 @@ type PackageError struct {
 	Err         string   // the error itself
 }
 
-var GetGoCmdRunner = func(config interface{}) *gocommand.Runner { return nil }
-
-var SetGoCmdRunner = func(config interface{}, runner *gocommand.Runner) {}
-
 var TypecheckCgo int
 var DepsErrors int // must be set as a LoadMode to call GetDepsErrors
 var ForTest int    // must be set as a LoadMode to call GetForTest
diff --git a/vendor/golang.org/x/tools/internal/typeparams/coretype.go b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
index 993135ec9..71248209e 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/coretype.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/coretype.go
@@ -81,13 +81,13 @@ func CoreType(T types.Type) types.Type {
 // restrictions may be arbitrarily complex. For example, consider the
 // following:
 //
-//  type A interface{ ~string|~[]byte }
+//	type A interface{ ~string|~[]byte }
 //
-//  type B interface{ int|string }
+//	type B interface{ int|string }
 //
-//  type C interface { ~string|~int }
+//	type C interface { ~string|~int }
 //
-//  type T[P interface{ A|B; C }] int
+//	type T[P interface{ A|B; C }] int
 //
 // In this example, the structural type restriction of P is ~string|int: A|B
 // expands to ~string|~[]byte|int|string, which reduces to ~string|~[]byte|int,
diff --git a/vendor/golang.org/x/tools/internal/typeparams/termlist.go b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
index 933106a23..cbd12f801 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/termlist.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/termlist.go
@@ -30,7 +30,7 @@ func (xl termlist) String() string {
 	var buf bytes.Buffer
 	for i, x := range xl {
 		if i > 0 {
-			buf.WriteString(" ∪ ")
+			buf.WriteString(" | ")
 		}
 		buf.WriteString(x.String())
 	}
diff --git a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
index 7ddee28d9..7350bb702 100644
--- a/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
+++ b/vendor/golang.org/x/tools/internal/typeparams/typeterm.go
@@ -10,11 +10,10 @@ import "go/types"
 
 // A term describes elementary type sets:
 //
-//   ∅:  (*term)(nil)     == ∅                      // set of no types (empty set)
-//   𝓤:  &term{}          == 𝓤                      // set of all types (𝓤niverse)
-//   T:  &term{false, T}  == {T}                    // set of type T
-//  ~t:  &term{true, t}   == {t' | under(t') == t}  // set of types with underlying type t
-//
+//	 ∅:  (*term)(nil)     == ∅                      // set of no types (empty set)
+//	 𝓤:  &term{}          == 𝓤                      // set of all types (𝓤niverse)
+//	 T:  &term{false, T}  == {T}                    // set of type T
+//	~t:  &term{true, t}   == {t' | under(t') == t}  // set of types with underlying type t
 type term struct {
 	tilde bool // valid if typ != nil
 	typ   types.Type
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go
index 66e8b099b..ce7d4351b 100644
--- a/vendor/golang.org/x/tools/internal/typesinternal/types.go
+++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go
@@ -11,8 +11,6 @@ import (
 	"go/types"
 	"reflect"
 	"unsafe"
-
-	"golang.org/x/tools/go/types/objectpath"
 )
 
 func SetUsesCgo(conf *types.Config) bool {
@@ -52,17 +50,3 @@ func ReadGo116ErrorData(err types.Error) (code ErrorCode, start, end token.Pos,
 }
 
 var SetGoVersion = func(conf *types.Config, version string) bool { return false }
-
-// SkipEncoderMethodSorting marks the encoder as not requiring sorted methods,
-// as an optimization for gopls (which guarantees the order of parsed source files).
-//
-// TODO(golang/go#61443): eliminate this parameter one way or the other.
-//
-//go:linkname SkipEncoderMethodSorting golang.org/x/tools/go/types/objectpath.skipMethodSorting
-func SkipEncoderMethodSorting(enc *objectpath.Encoder)
-
-// ObjectpathObject is like objectpath.Object, but allows suppressing method
-// sorting (which is not necessary for gopls).
-//
-//go:linkname ObjectpathObject golang.org/x/tools/go/types/objectpath.object
-func ObjectpathObject(pkg *types.Package, p objectpath.Path, skipMethodSorting bool) (types.Object, error)
diff --git a/vendor/golang.org/x/tools/internal/versions/gover.go b/vendor/golang.org/x/tools/internal/versions/gover.go
new file mode 100644
index 000000000..bbabcd22e
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/gover.go
@@ -0,0 +1,172 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This is a fork of internal/gover for use by x/tools until
+// go1.21 and earlier are no longer supported by x/tools.
+
+package versions
+
+import "strings"
+
+// A gover is a parsed Go gover: major[.Minor[.Patch]][kind[pre]]
+// The numbers are the original decimal strings to avoid integer overflows
+// and since there is very little actual math. (Probably overflow doesn't matter in practice,
+// but at the time this code was written, there was an existing test that used
+// go1.99999999999, which does not fit in an int on 32-bit platforms.
+// The "big decimal" representation avoids the problem entirely.)
+type gover struct {
+	major string // decimal
+	minor string // decimal or ""
+	patch string // decimal or ""
+	kind  string // "", "alpha", "beta", "rc"
+	pre   string // decimal or ""
+}
+
+// compare returns -1, 0, or +1 depending on whether
+// x < y, x == y, or x > y, interpreted as toolchain versions.
+// The versions x and y must not begin with a "go" prefix: just "1.21" not "go1.21".
+// Malformed versions compare less than well-formed versions and equal to each other.
+// The language version "1.21" compares less than the release candidate and eventual releases "1.21rc1" and "1.21.0".
+func compare(x, y string) int {
+	vx := parse(x)
+	vy := parse(y)
+
+	if c := cmpInt(vx.major, vy.major); c != 0 {
+		return c
+	}
+	if c := cmpInt(vx.minor, vy.minor); c != 0 {
+		return c
+	}
+	if c := cmpInt(vx.patch, vy.patch); c != 0 {
+		return c
+	}
+	if c := strings.Compare(vx.kind, vy.kind); c != 0 { // "" < alpha < beta < rc
+		return c
+	}
+	if c := cmpInt(vx.pre, vy.pre); c != 0 {
+		return c
+	}
+	return 0
+}
+
+// lang returns the Go language version. For example, lang("1.2.3") == "1.2".
+func lang(x string) string {
+	v := parse(x)
+	if v.minor == "" || v.major == "1" && v.minor == "0" {
+		return v.major
+	}
+	return v.major + "." + v.minor
+}
+
+// isValid reports whether the version x is valid.
+func isValid(x string) bool {
+	return parse(x) != gover{}
+}
+
+// parse parses the Go version string x into a version.
+// It returns the zero version if x is malformed.
+func parse(x string) gover {
+	var v gover
+
+	// Parse major version.
+	var ok bool
+	v.major, x, ok = cutInt(x)
+	if !ok {
+		return gover{}
+	}
+	if x == "" {
+		// Interpret "1" as "1.0.0".
+		v.minor = "0"
+		v.patch = "0"
+		return v
+	}
+
+	// Parse . before minor version.
+	if x[0] != '.' {
+		return gover{}
+	}
+
+	// Parse minor version.
+	v.minor, x, ok = cutInt(x[1:])
+	if !ok {
+		return gover{}
+	}
+	if x == "" {
+		// Patch missing is same as "0" for older versions.
+		// Starting in Go 1.21, patch missing is different from explicit .0.
+		if cmpInt(v.minor, "21") < 0 {
+			v.patch = "0"
+		}
+		return v
+	}
+
+	// Parse patch if present.
+	if x[0] == '.' {
+		v.patch, x, ok = cutInt(x[1:])
+		if !ok || x != "" {
+			// Note that we are disallowing prereleases (alpha, beta, rc) for patch releases here (x != "").
+			// Allowing them would be a bit confusing because we already have:
+			//	1.21 < 1.21rc1
+			// But a prerelease of a patch would have the opposite effect:
+			//	1.21.3rc1 < 1.21.3
+			// We've never needed them before, so let's not start now.
+			return gover{}
+		}
+		return v
+	}
+
+	// Parse prerelease.
+	i := 0
+	for i < len(x) && (x[i] < '0' || '9' < x[i]) {
+		if x[i] < 'a' || 'z' < x[i] {
+			return gover{}
+		}
+		i++
+	}
+	if i == 0 {
+		return gover{}
+	}
+	v.kind, x = x[:i], x[i:]
+	if x == "" {
+		return v
+	}
+	v.pre, x, ok = cutInt(x)
+	if !ok || x != "" {
+		return gover{}
+	}
+
+	return v
+}
+
+// cutInt scans the leading decimal number at the start of x to an integer
+// and returns that value and the rest of the string.
+func cutInt(x string) (n, rest string, ok bool) {
+	i := 0
+	for i < len(x) && '0' <= x[i] && x[i] <= '9' {
+		i++
+	}
+	if i == 0 || x[0] == '0' && i != 1 { // no digits or unnecessary leading zero
+		return "", "", false
+	}
+	return x[:i], x[i:], true
+}
+
+// cmpInt returns cmp.Compare(x, y) interpreting x and y as decimal numbers.
+// (Copied from golang.org/x/mod/semver's compareInt.)
+func cmpInt(x, y string) int {
+	if x == y {
+		return 0
+	}
+	if len(x) < len(y) {
+		return -1
+	}
+	if len(x) > len(y) {
+		return +1
+	}
+	if x < y {
+		return -1
+	} else {
+		return +1
+	}
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/types.go b/vendor/golang.org/x/tools/internal/versions/types.go
new file mode 100644
index 000000000..562eef21f
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package versions
+
+import (
+	"go/types"
+)
+
+// GoVersion returns the Go version of the type package.
+// It returns zero if no version can be determined.
+func GoVersion(pkg *types.Package) string {
+	// TODO(taking): x/tools can call GoVersion() [from 1.21] after 1.25.
+	if pkg, ok := any(pkg).(interface{ GoVersion() string }); ok {
+		return pkg.GoVersion()
+	}
+	return ""
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/types_go121.go b/vendor/golang.org/x/tools/internal/versions/types_go121.go
new file mode 100644
index 000000000..a7b79207a
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types_go121.go
@@ -0,0 +1,20 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.22
+// +build !go1.22
+
+package versions
+
+import (
+	"go/ast"
+	"go/types"
+)
+
+// FileVersions always reports the a file's Go version as the
+// zero version at this Go version.
+func FileVersions(info *types.Info, file *ast.File) string { return "" }
+
+// InitFileVersions is a noop at this Go version.
+func InitFileVersions(*types.Info) {}
diff --git a/vendor/golang.org/x/tools/internal/versions/types_go122.go b/vendor/golang.org/x/tools/internal/versions/types_go122.go
new file mode 100644
index 000000000..7b9ba89a8
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types_go122.go
@@ -0,0 +1,24 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.22
+// +build go1.22
+
+package versions
+
+import (
+	"go/ast"
+	"go/types"
+)
+
+// FileVersions maps a file to the file's semantic Go version.
+// The reported version is the zero version if a version cannot be determined.
+func FileVersions(info *types.Info, file *ast.File) string {
+	return info.FileVersions[file]
+}
+
+// InitFileVersions initializes info to record Go versions for Go files.
+func InitFileVersions(info *types.Info) {
+	info.FileVersions = make(map[*ast.File]string)
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/versions_go121.go b/vendor/golang.org/x/tools/internal/versions/versions_go121.go
new file mode 100644
index 000000000..cf4a7d036
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/versions_go121.go
@@ -0,0 +1,49 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.22
+// +build !go1.22
+
+package versions
+
+// Lang returns the Go language version for version x.
+// If x is not a valid version, Lang returns the empty string.
+// For example:
+//
+//	Lang("go1.21rc2") = "go1.21"
+//	Lang("go1.21.2") = "go1.21"
+//	Lang("go1.21") = "go1.21"
+//	Lang("go1") = "go1"
+//	Lang("bad") = ""
+//	Lang("1.21") = ""
+func Lang(x string) string {
+	v := lang(stripGo(x))
+	if v == "" {
+		return ""
+	}
+	return x[:2+len(v)] // "go"+v without allocation
+}
+
+// Compare returns -1, 0, or +1 depending on whether
+// x < y, x == y, or x > y, interpreted as Go versions.
+// The versions x and y must begin with a "go" prefix: "go1.21" not "1.21".
+// Invalid versions, including the empty string, compare less than
+// valid versions and equal to each other.
+// The language version "go1.21" compares less than the
+// release candidate and eventual releases "go1.21rc1" and "go1.21.0".
+// Custom toolchain suffixes are ignored during comparison:
+// "go1.21.0" and "go1.21.0-bigcorp" are equal.
+func Compare(x, y string) int { return compare(stripGo(x), stripGo(y)) }
+
+// IsValid reports whether the version x is valid.
+func IsValid(x string) bool { return isValid(stripGo(x)) }
+
+// stripGo converts from a "go1.21" version to a "1.21" version.
+// If v does not start with "go", stripGo returns the empty string (a known invalid version).
+func stripGo(v string) string {
+	if len(v) < 2 || v[:2] != "go" {
+		return ""
+	}
+	return v[2:]
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/versions_go122.go b/vendor/golang.org/x/tools/internal/versions/versions_go122.go
new file mode 100644
index 000000000..c1c1814b2
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/versions_go122.go
@@ -0,0 +1,38 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.22
+// +build go1.22
+
+package versions
+
+import (
+	"go/version"
+)
+
+// Lang returns the Go language version for version x.
+// If x is not a valid version, Lang returns the empty string.
+// For example:
+//
+//	Lang("go1.21rc2") = "go1.21"
+//	Lang("go1.21.2") = "go1.21"
+//	Lang("go1.21") = "go1.21"
+//	Lang("go1") = "go1"
+//	Lang("bad") = ""
+//	Lang("1.21") = ""
+func Lang(x string) string { return version.Lang(x) }
+
+// Compare returns -1, 0, or +1 depending on whether
+// x < y, x == y, or x > y, interpreted as Go versions.
+// The versions x and y must begin with a "go" prefix: "go1.21" not "1.21".
+// Invalid versions, including the empty string, compare less than
+// valid versions and equal to each other.
+// The language version "go1.21" compares less than the
+// release candidate and eventual releases "go1.21rc1" and "go1.21.0".
+// Custom toolchain suffixes are ignored during comparison:
+// "go1.21.0" and "go1.21.0-bigcorp" are equal.
+func Compare(x, y string) int { return version.Compare(x, y) }
+
+// IsValid reports whether the version x is valid.
+func IsValid(x string) bool { return version.IsValid(x) }
diff --git a/vendor/google.golang.org/appengine/.travis.yml b/vendor/google.golang.org/appengine/.travis.yml
deleted file mode 100644
index 6d03f4d36..000000000
--- a/vendor/google.golang.org/appengine/.travis.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-language: go
-
-go_import_path: google.golang.org/appengine
-
-install:
-  - ./travis_install.sh
-
-script:
-  - ./travis_test.sh
-
-matrix:
-  include:
-    - go: 1.9.x
-      env: GOAPP=true
-    - go: 1.10.x
-      env: GOAPP=false
-    - go: 1.11.x
-      env: GO111MODULE=on
diff --git a/vendor/google.golang.org/appengine/CONTRIBUTING.md b/vendor/google.golang.org/appengine/CONTRIBUTING.md
index ffc298520..289693613 100644
--- a/vendor/google.golang.org/appengine/CONTRIBUTING.md
+++ b/vendor/google.golang.org/appengine/CONTRIBUTING.md
@@ -19,14 +19,12 @@
 
 ## Running system tests
 
-Download and install the [Go App Engine SDK](https://cloud.google.com/appengine/docs/go/download). Make sure the `go_appengine` dir is in your `PATH`.
-
 Set the `APPENGINE_DEV_APPSERVER` environment variable to `/path/to/go_appengine/dev_appserver.py`.
 
-Run tests with `goapp test`:
+Run tests with `go test`:
 
 ```
-goapp test -v google.golang.org/appengine/...
+go test -v google.golang.org/appengine/...
 ```
 
 ## Contributor License Agreements
diff --git a/vendor/google.golang.org/appengine/README.md b/vendor/google.golang.org/appengine/README.md
index 9fdbacd3c..5ccddd999 100644
--- a/vendor/google.golang.org/appengine/README.md
+++ b/vendor/google.golang.org/appengine/README.md
@@ -1,6 +1,6 @@
 # Go App Engine packages
 
-[![Build Status](https://travis-ci.org/golang/appengine.svg)](https://travis-ci.org/golang/appengine)
+[![CI Status](https://github.com/golang/appengine/actions/workflows/ci.yml/badge.svg)](https://github.com/golang/appengine/actions/workflows/ci.yml)
 
 This repository supports the Go runtime on *App Engine standard*.
 It provides APIs for interacting with App Engine services.
@@ -51,7 +51,7 @@ code importing `appengine/datastore` will now need to import `google.golang.org/
 Most App Engine services are available with exactly the same API.
 A few APIs were cleaned up, and there are some differences:
 
-* `appengine.Context` has been replaced with the `Context` type from `golang.org/x/net/context`.
+* `appengine.Context` has been replaced with the `Context` type from `context`.
 * Logging methods that were on `appengine.Context` are now functions in `google.golang.org/appengine/log`.
 * `appengine.Timeout` has been removed. Use `context.WithTimeout` instead.
 * `appengine.Datacenter` now takes a `context.Context` argument.
@@ -72,7 +72,7 @@ A few APIs were cleaned up, and there are some differences:
 * `appengine/socket` is not required on App Engine flexible environment / Managed VMs.
   Use the standard `net` package instead.
 
-## Key Encode/Decode compatibiltiy to help with datastore library migrations
+## Key Encode/Decode compatibility to help with datastore library migrations
 
 Key compatibility updates have been added to help customers transition from google.golang.org/appengine/datastore to cloud.google.com/go/datastore.
 The `EnableKeyConversion` enables automatic conversion from a key encoded with cloud.google.com/go/datastore to google.golang.org/appengine/datastore key type.
diff --git a/vendor/google.golang.org/appengine/appengine.go b/vendor/google.golang.org/appengine/appengine.go
index 8c9697674..35ba9c896 100644
--- a/vendor/google.golang.org/appengine/appengine.go
+++ b/vendor/google.golang.org/appengine/appengine.go
@@ -9,10 +9,10 @@
 package appengine // import "google.golang.org/appengine"
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 )
@@ -35,18 +35,18 @@ import (
 //
 // Main is designed so that the app's main package looks like this:
 //
-//      package main
+//	package main
 //
-//      import (
-//              "google.golang.org/appengine"
+//	import (
+//	        "google.golang.org/appengine"
 //
-//              _ "myapp/package0"
-//              _ "myapp/package1"
-//      )
+//	        _ "myapp/package0"
+//	        _ "myapp/package1"
+//	)
 //
-//      func main() {
-//              appengine.Main()
-//      }
+//	func main() {
+//	        appengine.Main()
+//	}
 //
 // The "myapp/packageX" packages are expected to register HTTP handlers
 // in their init functions.
@@ -54,6 +54,9 @@ func Main() {
 	internal.Main()
 }
 
+// Middleware wraps an http handler so that it can make GAE API calls
+var Middleware func(http.Handler) http.Handler = internal.Middleware
+
 // IsDevAppServer reports whether the App Engine app is running in the
 // development App Server.
 func IsDevAppServer() bool {
diff --git a/vendor/google.golang.org/appengine/appengine_vm.go b/vendor/google.golang.org/appengine/appengine_vm.go
index f4b645aad..6e1d041cd 100644
--- a/vendor/google.golang.org/appengine/appengine_vm.go
+++ b/vendor/google.golang.org/appengine/appengine_vm.go
@@ -2,19 +2,19 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package appengine
 
 import (
-	"golang.org/x/net/context"
-
-	"google.golang.org/appengine/internal"
+	"context"
 )
 
 // BackgroundContext returns a context not associated with a request.
-// This should only be used when not servicing a request.
-// This only works in App Engine "flexible environment".
+//
+// Deprecated: App Engine no longer has a special background context.
+// Just use context.Background().
 func BackgroundContext() context.Context {
-	return internal.BackgroundContext()
+	return context.Background()
 }
diff --git a/vendor/google.golang.org/appengine/datastore/datastore.go b/vendor/google.golang.org/appengine/datastore/datastore.go
index 576bc5013..790fca771 100644
--- a/vendor/google.golang.org/appengine/datastore/datastore.go
+++ b/vendor/google.golang.org/appengine/datastore/datastore.go
@@ -5,12 +5,12 @@
 package datastore
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"reflect"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine"
 	"google.golang.org/appengine/internal"
diff --git a/vendor/google.golang.org/appengine/datastore/doc.go b/vendor/google.golang.org/appengine/datastore/doc.go
index 85616cf27..1ecf51885 100644
--- a/vendor/google.golang.org/appengine/datastore/doc.go
+++ b/vendor/google.golang.org/appengine/datastore/doc.go
@@ -5,8 +5,7 @@
 /*
 Package datastore provides a client for App Engine's datastore service.
 
-
-Basic Operations
+# Basic Operations
 
 Entities are the unit of storage and are associated with a key. A key
 consists of an optional parent key, a string application ID, a string kind
@@ -74,8 +73,7 @@ GetMulti, PutMulti and DeleteMulti are batch versions of the Get, Put and
 Delete functions. They take a []*Key instead of a *Key, and may return an
 appengine.MultiError when encountering partial failure.
 
-
-Properties
+# Properties
 
 An entity's contents can be represented by a variety of types. These are
 typically struct pointers, but can also be any type that implements the
@@ -137,8 +135,7 @@ Example code:
 		J int `datastore:",noindex" json:"j"`
 	}
 
-
-Structured Properties
+# Structured Properties
 
 If the struct pointed to contains other structs, then the nested or embedded
 structs are flattened. For example, given these definitions:
@@ -179,8 +176,7 @@ equivalent field would instead be: FooDotZ bool `datastore:"Foo.Z"`.
 If an outer struct is tagged "noindex" then all of its implicit flattened
 fields are effectively "noindex".
 
-
-The PropertyLoadSaver Interface
+# The PropertyLoadSaver Interface
 
 An entity's contents can also be represented by any type that implements the
 PropertyLoadSaver interface. This type may be a struct pointer, but it does
@@ -230,8 +226,7 @@ Example code:
 The *PropertyList type implements PropertyLoadSaver, and can therefore hold an
 arbitrary entity's contents.
 
-
-Queries
+# Queries
 
 Queries retrieve entities based on their properties or key's ancestry. Running
 a query yields an iterator of results: either keys or (key, entity) pairs.
@@ -284,8 +279,7 @@ Example code:
 		io.Copy(w, b)
 	}
 
-
-Transactions
+# Transactions
 
 RunInTransaction runs a function in a transaction.
 
@@ -323,8 +317,7 @@ Example code:
 		fmt.Fprintf(w, "Count=%d", count)
 	}
 
-
-Metadata
+# Metadata
 
 The datastore package provides access to some of App Engine's datastore
 metadata. This metadata includes information about the entity groups,
diff --git a/vendor/google.golang.org/appengine/datastore/key.go b/vendor/google.golang.org/appengine/datastore/key.go
index fd598dc96..e312df519 100644
--- a/vendor/google.golang.org/appengine/datastore/key.go
+++ b/vendor/google.golang.org/appengine/datastore/key.go
@@ -6,6 +6,7 @@ package datastore
 
 import (
 	"bytes"
+	"context"
 	"encoding/base64"
 	"encoding/gob"
 	"errors"
@@ -14,7 +15,6 @@ import (
 	"strings"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/datastore"
diff --git a/vendor/google.golang.org/appengine/datastore/keycompat.go b/vendor/google.golang.org/appengine/datastore/keycompat.go
index 371a64eee..e852f29cf 100644
--- a/vendor/google.golang.org/appengine/datastore/keycompat.go
+++ b/vendor/google.golang.org/appengine/datastore/keycompat.go
@@ -5,10 +5,9 @@
 package datastore
 
 import (
+	"context"
 	"sync"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/datastore/internal/cloudkey"
 	"google.golang.org/appengine/internal"
 )
diff --git a/vendor/google.golang.org/appengine/datastore/metadata.go b/vendor/google.golang.org/appengine/datastore/metadata.go
index 6acacc3db..e1b2d2259 100644
--- a/vendor/google.golang.org/appengine/datastore/metadata.go
+++ b/vendor/google.golang.org/appengine/datastore/metadata.go
@@ -4,7 +4,7 @@
 
 package datastore
 
-import "golang.org/x/net/context"
+import "context"
 
 // Datastore kinds for the metadata entities.
 const (
@@ -50,13 +50,14 @@ func keyNames(keys []*Key) []string {
 // The properties are returned as a map of property names to a slice of the
 // representation types. The representation types for the supported Go property
 // types are:
-//   "INT64":     signed integers and time.Time
-//   "DOUBLE":    float32 and float64
-//   "BOOLEAN":   bool
-//   "STRING":    string, []byte and ByteString
-//   "POINT":     appengine.GeoPoint
-//   "REFERENCE": *Key
-//   "USER":      (not used in the Go runtime)
+//
+//	"INT64":     signed integers and time.Time
+//	"DOUBLE":    float32 and float64
+//	"BOOLEAN":   bool
+//	"STRING":    string, []byte and ByteString
+//	"POINT":     appengine.GeoPoint
+//	"REFERENCE": *Key
+//	"USER":      (not used in the Go runtime)
 func KindProperties(ctx context.Context, kind string) (map[string][]string, error) {
 	// TODO(djd): Support range queries.
 	kindKey := NewKey(ctx, kindKind, kind, 0, nil)
diff --git a/vendor/google.golang.org/appengine/datastore/query.go b/vendor/google.golang.org/appengine/datastore/query.go
index 4124534b2..b1b80bf7b 100644
--- a/vendor/google.golang.org/appengine/datastore/query.go
+++ b/vendor/google.golang.org/appengine/datastore/query.go
@@ -5,6 +5,7 @@
 package datastore
 
 import (
+	"context"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -13,7 +14,6 @@ import (
 	"strings"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/datastore"
@@ -476,7 +476,7 @@ func callNext(c context.Context, res *pb.QueryResult, offset, count int32) error
 // The keys returned by GetAll will be in a 1-1 correspondence with the entities
 // added to dst.
 //
-// If q is a ``keys-only'' query, GetAll ignores dst and only returns the keys.
+// If q is a “keys-only” query, GetAll ignores dst and only returns the keys.
 //
 // The running time and number of API calls made by GetAll scale linearly with
 // the sum of the query's offset and limit. Unless the result count is
@@ -754,7 +754,7 @@ func (c Cursor) String() string {
 	return strings.TrimRight(base64.URLEncoding.EncodeToString(b), "=")
 }
 
-// Decode decodes a cursor from its base-64 string representation.
+// DecodeCursor decodes a cursor from its base-64 string representation.
 func DecodeCursor(s string) (Cursor, error) {
 	if s == "" {
 		return Cursor{&zeroCC}, nil
diff --git a/vendor/google.golang.org/appengine/datastore/transaction.go b/vendor/google.golang.org/appengine/datastore/transaction.go
index 2ae8428f8..06deeb43e 100644
--- a/vendor/google.golang.org/appengine/datastore/transaction.go
+++ b/vendor/google.golang.org/appengine/datastore/transaction.go
@@ -5,10 +5,9 @@
 package datastore
 
 import (
+	"context"
 	"errors"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/datastore"
 )
diff --git a/vendor/google.golang.org/appengine/identity.go b/vendor/google.golang.org/appengine/identity.go
index b8dcf8f36..1202fc1a5 100644
--- a/vendor/google.golang.org/appengine/identity.go
+++ b/vendor/google.golang.org/appengine/identity.go
@@ -5,10 +5,9 @@
 package appengine
 
 import (
+	"context"
 	"time"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/app_identity"
 	modpb "google.golang.org/appengine/internal/modules"
diff --git a/vendor/google.golang.org/appengine/internal/api.go b/vendor/google.golang.org/appengine/internal/api.go
index 721053c20..0569f5dd4 100644
--- a/vendor/google.golang.org/appengine/internal/api.go
+++ b/vendor/google.golang.org/appengine/internal/api.go
@@ -2,12 +2,14 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
 
 import (
 	"bytes"
+	"context"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -24,7 +26,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 
 	basepb "google.golang.org/appengine/internal/base"
 	logpb "google.golang.org/appengine/internal/log"
@@ -32,8 +33,7 @@ import (
 )
 
 const (
-	apiPath             = "/rpc_http"
-	defaultTicketSuffix = "/default.20150612t184001.0"
+	apiPath = "/rpc_http"
 )
 
 var (
@@ -65,21 +65,22 @@ var (
 			IdleConnTimeout:     90 * time.Second,
 		},
 	}
-
-	defaultTicketOnce     sync.Once
-	defaultTicket         string
-	backgroundContextOnce sync.Once
-	backgroundContext     netcontext.Context
 )
 
-func apiURL() *url.URL {
+func apiURL(ctx context.Context) *url.URL {
 	host, port := "appengine.googleapis.internal", "10001"
 	if h := os.Getenv("API_HOST"); h != "" {
 		host = h
 	}
+	if hostOverride := ctx.Value(apiHostOverrideKey); hostOverride != nil {
+		host = hostOverride.(string)
+	}
 	if p := os.Getenv("API_PORT"); p != "" {
 		port = p
 	}
+	if portOverride := ctx.Value(apiPortOverrideKey); portOverride != nil {
+		port = portOverride.(string)
+	}
 	return &url.URL{
 		Scheme: "http",
 		Host:   host + ":" + port,
@@ -87,82 +88,97 @@ func apiURL() *url.URL {
 	}
 }
 
-func handleHTTP(w http.ResponseWriter, r *http.Request) {
-	c := &context{
-		req:       r,
-		outHeader: w.Header(),
-		apiURL:    apiURL(),
-	}
-	r = r.WithContext(withContext(r.Context(), c))
-	c.req = r
-
-	stopFlushing := make(chan int)
+// Middleware wraps an http handler so that it can make GAE API calls
+func Middleware(next http.Handler) http.Handler {
+	return handleHTTPMiddleware(executeRequestSafelyMiddleware(next))
+}
 
-	// Patch up RemoteAddr so it looks reasonable.
-	if addr := r.Header.Get(userIPHeader); addr != "" {
-		r.RemoteAddr = addr
-	} else if addr = r.Header.Get(remoteAddrHeader); addr != "" {
-		r.RemoteAddr = addr
-	} else {
-		// Should not normally reach here, but pick a sensible default anyway.
-		r.RemoteAddr = "127.0.0.1"
-	}
-	// The address in the headers will most likely be of these forms:
-	//	123.123.123.123
-	//	2001:db8::1
-	// net/http.Request.RemoteAddr is specified to be in "IP:port" form.
-	if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil {
-		// Assume the remote address is only a host; add a default port.
-		r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80")
-	}
+func handleHTTPMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		c := &aeContext{
+			req:       r,
+			outHeader: w.Header(),
+		}
+		r = r.WithContext(withContext(r.Context(), c))
+		c.req = r
+
+		stopFlushing := make(chan int)
+
+		// Patch up RemoteAddr so it looks reasonable.
+		if addr := r.Header.Get(userIPHeader); addr != "" {
+			r.RemoteAddr = addr
+		} else if addr = r.Header.Get(remoteAddrHeader); addr != "" {
+			r.RemoteAddr = addr
+		} else {
+			// Should not normally reach here, but pick a sensible default anyway.
+			r.RemoteAddr = "127.0.0.1"
+		}
+		// The address in the headers will most likely be of these forms:
+		//	123.123.123.123
+		//	2001:db8::1
+		// net/http.Request.RemoteAddr is specified to be in "IP:port" form.
+		if _, _, err := net.SplitHostPort(r.RemoteAddr); err != nil {
+			// Assume the remote address is only a host; add a default port.
+			r.RemoteAddr = net.JoinHostPort(r.RemoteAddr, "80")
+		}
 
-	// Start goroutine responsible for flushing app logs.
-	// This is done after adding c to ctx.m (and stopped before removing it)
-	// because flushing logs requires making an API call.
-	go c.logFlusher(stopFlushing)
+		if logToLogservice() {
+			// Start goroutine responsible for flushing app logs.
+			// This is done after adding c to ctx.m (and stopped before removing it)
+			// because flushing logs requires making an API call.
+			go c.logFlusher(stopFlushing)
+		}
 
-	executeRequestSafely(c, r)
-	c.outHeader = nil // make sure header changes aren't respected any more
+		next.ServeHTTP(c, r)
+		c.outHeader = nil // make sure header changes aren't respected any more
 
-	stopFlushing <- 1 // any logging beyond this point will be dropped
+		flushed := make(chan struct{})
+		if logToLogservice() {
+			stopFlushing <- 1 // any logging beyond this point will be dropped
 
-	// Flush any pending logs asynchronously.
-	c.pendingLogs.Lock()
-	flushes := c.pendingLogs.flushes
-	if len(c.pendingLogs.lines) > 0 {
-		flushes++
-	}
-	c.pendingLogs.Unlock()
-	flushed := make(chan struct{})
-	go func() {
-		defer close(flushed)
-		// Force a log flush, because with very short requests we
-		// may not ever flush logs.
-		c.flushLog(true)
-	}()
-	w.Header().Set(logFlushHeader, strconv.Itoa(flushes))
+			// Flush any pending logs asynchronously.
+			c.pendingLogs.Lock()
+			flushes := c.pendingLogs.flushes
+			if len(c.pendingLogs.lines) > 0 {
+				flushes++
+			}
+			c.pendingLogs.Unlock()
+			go func() {
+				defer close(flushed)
+				// Force a log flush, because with very short requests we
+				// may not ever flush logs.
+				c.flushLog(true)
+			}()
+			w.Header().Set(logFlushHeader, strconv.Itoa(flushes))
+		}
 
-	// Avoid nil Write call if c.Write is never called.
-	if c.outCode != 0 {
-		w.WriteHeader(c.outCode)
-	}
-	if c.outBody != nil {
-		w.Write(c.outBody)
-	}
-	// Wait for the last flush to complete before returning,
-	// otherwise the security ticket will not be valid.
-	<-flushed
+		// Avoid nil Write call if c.Write is never called.
+		if c.outCode != 0 {
+			w.WriteHeader(c.outCode)
+		}
+		if c.outBody != nil {
+			w.Write(c.outBody)
+		}
+		if logToLogservice() {
+			// Wait for the last flush to complete before returning,
+			// otherwise the security ticket will not be valid.
+			<-flushed
+		}
+	})
 }
 
-func executeRequestSafely(c *context, r *http.Request) {
-	defer func() {
-		if x := recover(); x != nil {
-			logf(c, 4, "%s", renderPanic(x)) // 4 == critical
-			c.outCode = 500
-		}
-	}()
+func executeRequestSafelyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		defer func() {
+			if x := recover(); x != nil {
+				c := w.(*aeContext)
+				logf(c, 4, "%s", renderPanic(x)) // 4 == critical
+				c.outCode = 500
+			}
+		}()
 
-	http.DefaultServeMux.ServeHTTP(c, r)
+		next.ServeHTTP(w, r)
+	})
 }
 
 func renderPanic(x interface{}) string {
@@ -204,9 +220,9 @@ func renderPanic(x interface{}) string {
 	return string(buf)
 }
 
-// context represents the context of an in-flight HTTP request.
+// aeContext represents the aeContext of an in-flight HTTP request.
 // It implements the appengine.Context and http.ResponseWriter interfaces.
-type context struct {
+type aeContext struct {
 	req *http.Request
 
 	outCode   int
@@ -218,8 +234,6 @@ type context struct {
 		lines   []*logpb.UserAppLogLine
 		flushes int
 	}
-
-	apiURL *url.URL
 }
 
 var contextKey = "holds a *context"
@@ -227,8 +241,8 @@ var contextKey = "holds a *context"
 // jointContext joins two contexts in a superficial way.
 // It takes values and timeouts from a base context, and only values from another context.
 type jointContext struct {
-	base       netcontext.Context
-	valuesOnly netcontext.Context
+	base       context.Context
+	valuesOnly context.Context
 }
 
 func (c jointContext) Deadline() (time.Time, bool) {
@@ -252,94 +266,54 @@ func (c jointContext) Value(key interface{}) interface{} {
 
 // fromContext returns the App Engine context or nil if ctx is not
 // derived from an App Engine context.
-func fromContext(ctx netcontext.Context) *context {
-	c, _ := ctx.Value(&contextKey).(*context)
+func fromContext(ctx context.Context) *aeContext {
+	c, _ := ctx.Value(&contextKey).(*aeContext)
 	return c
 }
 
-func withContext(parent netcontext.Context, c *context) netcontext.Context {
-	ctx := netcontext.WithValue(parent, &contextKey, c)
+func withContext(parent context.Context, c *aeContext) context.Context {
+	ctx := context.WithValue(parent, &contextKey, c)
 	if ns := c.req.Header.Get(curNamespaceHeader); ns != "" {
 		ctx = withNamespace(ctx, ns)
 	}
 	return ctx
 }
 
-func toContext(c *context) netcontext.Context {
-	return withContext(netcontext.Background(), c)
+func toContext(c *aeContext) context.Context {
+	return withContext(context.Background(), c)
 }
 
-func IncomingHeaders(ctx netcontext.Context) http.Header {
+func IncomingHeaders(ctx context.Context) http.Header {
 	if c := fromContext(ctx); c != nil {
 		return c.req.Header
 	}
 	return nil
 }
 
-func ReqContext(req *http.Request) netcontext.Context {
+func ReqContext(req *http.Request) context.Context {
 	return req.Context()
 }
 
-func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context {
+func WithContext(parent context.Context, req *http.Request) context.Context {
 	return jointContext{
 		base:       parent,
 		valuesOnly: req.Context(),
 	}
 }
 
-// DefaultTicket returns a ticket used for background context or dev_appserver.
-func DefaultTicket() string {
-	defaultTicketOnce.Do(func() {
-		if IsDevAppServer() {
-			defaultTicket = "testapp" + defaultTicketSuffix
-			return
-		}
-		appID := partitionlessAppID()
-		escAppID := strings.Replace(strings.Replace(appID, ":", "_", -1), ".", "_", -1)
-		majVersion := VersionID(nil)
-		if i := strings.Index(majVersion, "."); i > 0 {
-			majVersion = majVersion[:i]
-		}
-		defaultTicket = fmt.Sprintf("%s/%s.%s.%s", escAppID, ModuleName(nil), majVersion, InstanceID())
-	})
-	return defaultTicket
-}
-
-func BackgroundContext() netcontext.Context {
-	backgroundContextOnce.Do(func() {
-		// Compute background security ticket.
-		ticket := DefaultTicket()
-
-		c := &context{
-			req: &http.Request{
-				Header: http.Header{
-					ticketHeader: []string{ticket},
-				},
-			},
-			apiURL: apiURL(),
-		}
-		backgroundContext = toContext(c)
-
-		// TODO(dsymonds): Wire up the shutdown handler to do a final flush.
-		go c.logFlusher(make(chan int))
-	})
-
-	return backgroundContext
-}
-
 // RegisterTestRequest registers the HTTP request req for testing, such that
-// any API calls are sent to the provided URL. It returns a closure to delete
-// the registration.
+// any API calls are sent to the provided URL.
 // It should only be used by aetest package.
-func RegisterTestRequest(req *http.Request, apiURL *url.URL, decorate func(netcontext.Context) netcontext.Context) (*http.Request, func()) {
-	c := &context{
-		req:    req,
-		apiURL: apiURL,
-	}
-	ctx := withContext(decorate(req.Context()), c)
-	req = req.WithContext(ctx)
-	c.req = req
-	return req, func() {}
+func RegisterTestRequest(req *http.Request, apiURL *url.URL, appID string) *http.Request {
+	ctx := req.Context()
+	ctx = withAPIHostOverride(ctx, apiURL.Hostname())
+	ctx = withAPIPortOverride(ctx, apiURL.Port())
+	ctx = WithAppIDOverride(ctx, appID)
+
+	// use the unregistered request as a placeholder so that withContext can read the headers
+	c := &aeContext{req: req}
+	c.req = req.WithContext(withContext(ctx, c))
+	return c.req
 }
 
 var errTimeout = &CallError{
@@ -348,7 +322,7 @@ var errTimeout = &CallError{
 	Timeout: true,
 }
 
-func (c *context) Header() http.Header { return c.outHeader }
+func (c *aeContext) Header() http.Header { return c.outHeader }
 
 // Copied from $GOROOT/src/pkg/net/http/transfer.go. Some response status
 // codes do not permit a response body (nor response entity headers such as
@@ -365,7 +339,7 @@ func bodyAllowedForStatus(status int) bool {
 	return true
 }
 
-func (c *context) Write(b []byte) (int, error) {
+func (c *aeContext) Write(b []byte) (int, error) {
 	if c.outCode == 0 {
 		c.WriteHeader(http.StatusOK)
 	}
@@ -376,7 +350,7 @@ func (c *context) Write(b []byte) (int, error) {
 	return len(b), nil
 }
 
-func (c *context) WriteHeader(code int) {
+func (c *aeContext) WriteHeader(code int) {
 	if c.outCode != 0 {
 		logf(c, 3, "WriteHeader called multiple times on request.") // error level
 		return
@@ -384,10 +358,11 @@ func (c *context) WriteHeader(code int) {
 	c.outCode = code
 }
 
-func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error) {
+func post(ctx context.Context, body []byte, timeout time.Duration) (b []byte, err error) {
+	apiURL := apiURL(ctx)
 	hreq := &http.Request{
 		Method: "POST",
-		URL:    c.apiURL,
+		URL:    apiURL,
 		Header: http.Header{
 			apiEndpointHeader: apiEndpointHeaderValue,
 			apiMethodHeader:   apiMethodHeaderValue,
@@ -396,13 +371,16 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error)
 		},
 		Body:          ioutil.NopCloser(bytes.NewReader(body)),
 		ContentLength: int64(len(body)),
-		Host:          c.apiURL.Host,
-	}
-	if info := c.req.Header.Get(dapperHeader); info != "" {
-		hreq.Header.Set(dapperHeader, info)
+		Host:          apiURL.Host,
 	}
-	if info := c.req.Header.Get(traceHeader); info != "" {
-		hreq.Header.Set(traceHeader, info)
+	c := fromContext(ctx)
+	if c != nil {
+		if info := c.req.Header.Get(dapperHeader); info != "" {
+			hreq.Header.Set(dapperHeader, info)
+		}
+		if info := c.req.Header.Get(traceHeader); info != "" {
+			hreq.Header.Set(traceHeader, info)
+		}
 	}
 
 	tr := apiHTTPClient.Transport.(*http.Transport)
@@ -444,7 +422,7 @@ func (c *context) post(body []byte, timeout time.Duration) (b []byte, err error)
 	return hrespBody, nil
 }
 
-func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error {
+func Call(ctx context.Context, service, method string, in, out proto.Message) error {
 	if ns := NamespaceFromContext(ctx); ns != "" {
 		if fn, ok := NamespaceMods[service]; ok {
 			fn(in, ns)
@@ -463,15 +441,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	}
 
 	c := fromContext(ctx)
-	if c == nil {
-		// Give a good error message rather than a panic lower down.
-		return errNotAppEngineContext
-	}
 
 	// Apply transaction modifications if we're in a transaction.
 	if t := transactionFromContext(ctx); t != nil {
 		if t.finished {
-			return errors.New("transaction context has expired")
+			return errors.New("transaction aeContext has expired")
 		}
 		applyTransaction(in, &t.transaction)
 	}
@@ -487,20 +461,13 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 		return err
 	}
 
-	ticket := c.req.Header.Get(ticketHeader)
-	// Use a test ticket under test environment.
-	if ticket == "" {
-		if appid := ctx.Value(&appIDOverrideKey); appid != nil {
-			ticket = appid.(string) + defaultTicketSuffix
+	ticket := ""
+	if c != nil {
+		ticket = c.req.Header.Get(ticketHeader)
+		if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" {
+			ticket = dri
 		}
 	}
-	// Fall back to use background ticket when the request ticket is not available in Flex or dev_appserver.
-	if ticket == "" {
-		ticket = DefaultTicket()
-	}
-	if dri := c.req.Header.Get(devRequestIdHeader); IsDevAppServer() && dri != "" {
-		ticket = dri
-	}
 	req := &remotepb.Request{
 		ServiceName: &service,
 		Method:      &method,
@@ -512,7 +479,7 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 		return err
 	}
 
-	hrespBody, err := c.post(hreqBody, timeout)
+	hrespBody, err := post(ctx, hreqBody, timeout)
 	if err != nil {
 		return err
 	}
@@ -549,11 +516,11 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	return proto.Unmarshal(res.Response, out)
 }
 
-func (c *context) Request() *http.Request {
+func (c *aeContext) Request() *http.Request {
 	return c.req
 }
 
-func (c *context) addLogLine(ll *logpb.UserAppLogLine) {
+func (c *aeContext) addLogLine(ll *logpb.UserAppLogLine) {
 	// Truncate long log lines.
 	// TODO(dsymonds): Check if this is still necessary.
 	const lim = 8 << 10
@@ -575,18 +542,20 @@ var logLevelName = map[int64]string{
 	4: "CRITICAL",
 }
 
-func logf(c *context, level int64, format string, args ...interface{}) {
+func logf(c *aeContext, level int64, format string, args ...interface{}) {
 	if c == nil {
-		panic("not an App Engine context")
+		panic("not an App Engine aeContext")
 	}
 	s := fmt.Sprintf(format, args...)
 	s = strings.TrimRight(s, "\n") // Remove any trailing newline characters.
-	c.addLogLine(&logpb.UserAppLogLine{
-		TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3),
-		Level:         &level,
-		Message:       &s,
-	})
-	// Only duplicate log to stderr if not running on App Engine second generation
+	if logToLogservice() {
+		c.addLogLine(&logpb.UserAppLogLine{
+			TimestampUsec: proto.Int64(time.Now().UnixNano() / 1e3),
+			Level:         &level,
+			Message:       &s,
+		})
+	}
+	// Log to stdout if not deployed
 	if !IsSecondGen() {
 		log.Print(logLevelName[level] + ": " + s)
 	}
@@ -594,7 +563,7 @@ func logf(c *context, level int64, format string, args ...interface{}) {
 
 // flushLog attempts to flush any pending logs to the appserver.
 // It should not be called concurrently.
-func (c *context) flushLog(force bool) (flushed bool) {
+func (c *aeContext) flushLog(force bool) (flushed bool) {
 	c.pendingLogs.Lock()
 	// Grab up to 30 MB. We can get away with up to 32 MB, but let's be cautious.
 	n, rem := 0, 30<<20
@@ -655,7 +624,7 @@ const (
 	forceFlushInterval = 60 * time.Second
 )
 
-func (c *context) logFlusher(stop <-chan int) {
+func (c *aeContext) logFlusher(stop <-chan int) {
 	lastFlush := time.Now()
 	tick := time.NewTicker(flushInterval)
 	for {
@@ -673,6 +642,12 @@ func (c *context) logFlusher(stop <-chan int) {
 	}
 }
 
-func ContextForTesting(req *http.Request) netcontext.Context {
-	return toContext(&context{req: req})
+func ContextForTesting(req *http.Request) context.Context {
+	return toContext(&aeContext{req: req})
+}
+
+func logToLogservice() bool {
+	// TODO: replace logservice with json structured logs to $LOG_DIR/app.log.json
+	// where $LOG_DIR is /var/log in prod and some tmpdir in dev
+	return os.Getenv("LOG_TO_LOGSERVICE") != "0"
 }
diff --git a/vendor/google.golang.org/appengine/internal/api_classic.go b/vendor/google.golang.org/appengine/internal/api_classic.go
index f0f40b2e3..87c33c798 100644
--- a/vendor/google.golang.org/appengine/internal/api_classic.go
+++ b/vendor/google.golang.org/appengine/internal/api_classic.go
@@ -2,11 +2,13 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
@@ -17,20 +19,19 @@ import (
 	basepb "appengine_internal/base"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 )
 
 var contextKey = "holds an appengine.Context"
 
 // fromContext returns the App Engine context or nil if ctx is not
 // derived from an App Engine context.
-func fromContext(ctx netcontext.Context) appengine.Context {
+func fromContext(ctx context.Context) appengine.Context {
 	c, _ := ctx.Value(&contextKey).(appengine.Context)
 	return c
 }
 
 // This is only for classic App Engine adapters.
-func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error) {
+func ClassicContextFromContext(ctx context.Context) (appengine.Context, error) {
 	c := fromContext(ctx)
 	if c == nil {
 		return nil, errNotAppEngineContext
@@ -38,8 +39,8 @@ func ClassicContextFromContext(ctx netcontext.Context) (appengine.Context, error
 	return c, nil
 }
 
-func withContext(parent netcontext.Context, c appengine.Context) netcontext.Context {
-	ctx := netcontext.WithValue(parent, &contextKey, c)
+func withContext(parent context.Context, c appengine.Context) context.Context {
+	ctx := context.WithValue(parent, &contextKey, c)
 
 	s := &basepb.StringProto{}
 	c.Call("__go__", "GetNamespace", &basepb.VoidProto{}, s, nil)
@@ -50,7 +51,7 @@ func withContext(parent netcontext.Context, c appengine.Context) netcontext.Cont
 	return ctx
 }
 
-func IncomingHeaders(ctx netcontext.Context) http.Header {
+func IncomingHeaders(ctx context.Context) http.Header {
 	if c := fromContext(ctx); c != nil {
 		if req, ok := c.Request().(*http.Request); ok {
 			return req.Header
@@ -59,11 +60,11 @@ func IncomingHeaders(ctx netcontext.Context) http.Header {
 	return nil
 }
 
-func ReqContext(req *http.Request) netcontext.Context {
-	return WithContext(netcontext.Background(), req)
+func ReqContext(req *http.Request) context.Context {
+	return WithContext(context.Background(), req)
 }
 
-func WithContext(parent netcontext.Context, req *http.Request) netcontext.Context {
+func WithContext(parent context.Context, req *http.Request) context.Context {
 	c := appengine.NewContext(req)
 	return withContext(parent, c)
 }
@@ -83,11 +84,11 @@ func (t *testingContext) Call(service, method string, _, _ appengine_internal.Pr
 }
 func (t *testingContext) Request() interface{} { return t.req }
 
-func ContextForTesting(req *http.Request) netcontext.Context {
-	return withContext(netcontext.Background(), &testingContext{req: req})
+func ContextForTesting(req *http.Request) context.Context {
+	return withContext(context.Background(), &testingContext{req: req})
 }
 
-func Call(ctx netcontext.Context, service, method string, in, out proto.Message) error {
+func Call(ctx context.Context, service, method string, in, out proto.Message) error {
 	if ns := NamespaceFromContext(ctx); ns != "" {
 		if fn, ok := NamespaceMods[service]; ok {
 			fn(in, ns)
@@ -144,8 +145,8 @@ func Call(ctx netcontext.Context, service, method string, in, out proto.Message)
 	return err
 }
 
-func handleHTTP(w http.ResponseWriter, r *http.Request) {
-	panic("handleHTTP called; this should be impossible")
+func Middleware(next http.Handler) http.Handler {
+	panic("Middleware called; this should be impossible")
 }
 
 func logf(c appengine.Context, level int64, format string, args ...interface{}) {
diff --git a/vendor/google.golang.org/appengine/internal/api_common.go b/vendor/google.golang.org/appengine/internal/api_common.go
index e0c0b214b..5b95c13d9 100644
--- a/vendor/google.golang.org/appengine/internal/api_common.go
+++ b/vendor/google.golang.org/appengine/internal/api_common.go
@@ -5,20 +5,26 @@
 package internal
 
 import (
+	"context"
 	"errors"
 	"os"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 )
 
+type ctxKey string
+
+func (c ctxKey) String() string {
+	return "appengine context key: " + string(c)
+}
+
 var errNotAppEngineContext = errors.New("not an App Engine context")
 
-type CallOverrideFunc func(ctx netcontext.Context, service, method string, in, out proto.Message) error
+type CallOverrideFunc func(ctx context.Context, service, method string, in, out proto.Message) error
 
 var callOverrideKey = "holds []CallOverrideFunc"
 
-func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Context {
+func WithCallOverride(ctx context.Context, f CallOverrideFunc) context.Context {
 	// We avoid appending to any existing call override
 	// so we don't risk overwriting a popped stack below.
 	var cofs []CallOverrideFunc
@@ -26,10 +32,10 @@ func WithCallOverride(ctx netcontext.Context, f CallOverrideFunc) netcontext.Con
 		cofs = append(cofs, uf...)
 	}
 	cofs = append(cofs, f)
-	return netcontext.WithValue(ctx, &callOverrideKey, cofs)
+	return context.WithValue(ctx, &callOverrideKey, cofs)
 }
 
-func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netcontext.Context, bool) {
+func callOverrideFromContext(ctx context.Context) (CallOverrideFunc, context.Context, bool) {
 	cofs, _ := ctx.Value(&callOverrideKey).([]CallOverrideFunc)
 	if len(cofs) == 0 {
 		return nil, nil, false
@@ -37,7 +43,7 @@ func callOverrideFromContext(ctx netcontext.Context) (CallOverrideFunc, netconte
 	// We found a list of overrides; grab the last, and reconstitute a
 	// context that will hide it.
 	f := cofs[len(cofs)-1]
-	ctx = netcontext.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1])
+	ctx = context.WithValue(ctx, &callOverrideKey, cofs[:len(cofs)-1])
 	return f, ctx, true
 }
 
@@ -45,23 +51,35 @@ type logOverrideFunc func(level int64, format string, args ...interface{})
 
 var logOverrideKey = "holds a logOverrideFunc"
 
-func WithLogOverride(ctx netcontext.Context, f logOverrideFunc) netcontext.Context {
-	return netcontext.WithValue(ctx, &logOverrideKey, f)
+func WithLogOverride(ctx context.Context, f logOverrideFunc) context.Context {
+	return context.WithValue(ctx, &logOverrideKey, f)
 }
 
 var appIDOverrideKey = "holds a string, being the full app ID"
 
-func WithAppIDOverride(ctx netcontext.Context, appID string) netcontext.Context {
-	return netcontext.WithValue(ctx, &appIDOverrideKey, appID)
+func WithAppIDOverride(ctx context.Context, appID string) context.Context {
+	return context.WithValue(ctx, &appIDOverrideKey, appID)
+}
+
+var apiHostOverrideKey = ctxKey("holds a string, being the alternate API_HOST")
+
+func withAPIHostOverride(ctx context.Context, apiHost string) context.Context {
+	return context.WithValue(ctx, apiHostOverrideKey, apiHost)
+}
+
+var apiPortOverrideKey = ctxKey("holds a string, being the alternate API_PORT")
+
+func withAPIPortOverride(ctx context.Context, apiPort string) context.Context {
+	return context.WithValue(ctx, apiPortOverrideKey, apiPort)
 }
 
 var namespaceKey = "holds the namespace string"
 
-func withNamespace(ctx netcontext.Context, ns string) netcontext.Context {
-	return netcontext.WithValue(ctx, &namespaceKey, ns)
+func withNamespace(ctx context.Context, ns string) context.Context {
+	return context.WithValue(ctx, &namespaceKey, ns)
 }
 
-func NamespaceFromContext(ctx netcontext.Context) string {
+func NamespaceFromContext(ctx context.Context) string {
 	// If there's no namespace, return the empty string.
 	ns, _ := ctx.Value(&namespaceKey).(string)
 	return ns
@@ -70,14 +88,14 @@ func NamespaceFromContext(ctx netcontext.Context) string {
 // FullyQualifiedAppID returns the fully-qualified application ID.
 // This may contain a partition prefix (e.g. "s~" for High Replication apps),
 // or a domain prefix (e.g. "example.com:").
-func FullyQualifiedAppID(ctx netcontext.Context) string {
+func FullyQualifiedAppID(ctx context.Context) string {
 	if id, ok := ctx.Value(&appIDOverrideKey).(string); ok {
 		return id
 	}
 	return fullyQualifiedAppID(ctx)
 }
 
-func Logf(ctx netcontext.Context, level int64, format string, args ...interface{}) {
+func Logf(ctx context.Context, level int64, format string, args ...interface{}) {
 	if f, ok := ctx.Value(&logOverrideKey).(logOverrideFunc); ok {
 		f(level, format, args...)
 		return
@@ -90,7 +108,7 @@ func Logf(ctx netcontext.Context, level int64, format string, args ...interface{
 }
 
 // NamespacedContext wraps a Context to support namespaces.
-func NamespacedContext(ctx netcontext.Context, namespace string) netcontext.Context {
+func NamespacedContext(ctx context.Context, namespace string) context.Context {
 	return withNamespace(ctx, namespace)
 }
 
diff --git a/vendor/google.golang.org/appengine/internal/identity.go b/vendor/google.golang.org/appengine/internal/identity.go
index 9b4134e42..0f95aa91d 100644
--- a/vendor/google.golang.org/appengine/internal/identity.go
+++ b/vendor/google.golang.org/appengine/internal/identity.go
@@ -5,9 +5,8 @@
 package internal
 
 import (
+	"context"
 	"os"
-
-	netcontext "golang.org/x/net/context"
 )
 
 var (
@@ -23,7 +22,7 @@ var (
 
 // AppID is the implementation of the wrapper function of the same name in
 // ../identity.go. See that file for commentary.
-func AppID(c netcontext.Context) string {
+func AppID(c context.Context) string {
 	return appID(FullyQualifiedAppID(c))
 }
 
@@ -35,7 +34,7 @@ func IsStandard() bool {
 	return appengineStandard || IsSecondGen()
 }
 
-// IsStandard is the implementation of the wrapper function of the same name in
+// IsSecondGen is the implementation of the wrapper function of the same name in
 // ../appengine.go. See that file for commentary.
 func IsSecondGen() bool {
 	// Second-gen runtimes set $GAE_ENV so we use that to check if we're on a second-gen runtime.
diff --git a/vendor/google.golang.org/appengine/internal/identity_classic.go b/vendor/google.golang.org/appengine/internal/identity_classic.go
index 4e979f45e..5ad3548bf 100644
--- a/vendor/google.golang.org/appengine/internal/identity_classic.go
+++ b/vendor/google.golang.org/appengine/internal/identity_classic.go
@@ -2,21 +2,22 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
 
 import (
-	"appengine"
+	"context"
 
-	netcontext "golang.org/x/net/context"
+	"appengine"
 )
 
 func init() {
 	appengineStandard = true
 }
 
-func DefaultVersionHostname(ctx netcontext.Context) string {
+func DefaultVersionHostname(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -24,12 +25,12 @@ func DefaultVersionHostname(ctx netcontext.Context) string {
 	return appengine.DefaultVersionHostname(c)
 }
 
-func Datacenter(_ netcontext.Context) string { return appengine.Datacenter() }
-func ServerSoftware() string                 { return appengine.ServerSoftware() }
-func InstanceID() string                     { return appengine.InstanceID() }
-func IsDevAppServer() bool                   { return appengine.IsDevAppServer() }
+func Datacenter(_ context.Context) string { return appengine.Datacenter() }
+func ServerSoftware() string              { return appengine.ServerSoftware() }
+func InstanceID() string                  { return appengine.InstanceID() }
+func IsDevAppServer() bool                { return appengine.IsDevAppServer() }
 
-func RequestID(ctx netcontext.Context) string {
+func RequestID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -37,14 +38,14 @@ func RequestID(ctx netcontext.Context) string {
 	return appengine.RequestID(c)
 }
 
-func ModuleName(ctx netcontext.Context) string {
+func ModuleName(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
 	}
 	return appengine.ModuleName(c)
 }
-func VersionID(ctx netcontext.Context) string {
+func VersionID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
@@ -52,7 +53,7 @@ func VersionID(ctx netcontext.Context) string {
 	return appengine.VersionID(c)
 }
 
-func fullyQualifiedAppID(ctx netcontext.Context) string {
+func fullyQualifiedAppID(ctx context.Context) string {
 	c := fromContext(ctx)
 	if c == nil {
 		panic(errNotAppEngineContext)
diff --git a/vendor/google.golang.org/appengine/internal/identity_flex.go b/vendor/google.golang.org/appengine/internal/identity_flex.go
index d5e2e7b5e..4201b6b58 100644
--- a/vendor/google.golang.org/appengine/internal/identity_flex.go
+++ b/vendor/google.golang.org/appengine/internal/identity_flex.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appenginevm
 // +build appenginevm
 
 package internal
diff --git a/vendor/google.golang.org/appengine/internal/identity_vm.go b/vendor/google.golang.org/appengine/internal/identity_vm.go
index 5d8067263..18ddda3a4 100644
--- a/vendor/google.golang.org/appengine/internal/identity_vm.go
+++ b/vendor/google.golang.org/appengine/internal/identity_vm.go
@@ -2,17 +2,17 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
 
 import (
+	"context"
 	"log"
 	"net/http"
 	"os"
 	"strings"
-
-	netcontext "golang.org/x/net/context"
 )
 
 // These functions are implementations of the wrapper functions
@@ -24,7 +24,7 @@ const (
 	hDatacenter             = "X-AppEngine-Datacenter"
 )
 
-func ctxHeaders(ctx netcontext.Context) http.Header {
+func ctxHeaders(ctx context.Context) http.Header {
 	c := fromContext(ctx)
 	if c == nil {
 		return nil
@@ -32,15 +32,15 @@ func ctxHeaders(ctx netcontext.Context) http.Header {
 	return c.Request().Header
 }
 
-func DefaultVersionHostname(ctx netcontext.Context) string {
+func DefaultVersionHostname(ctx context.Context) string {
 	return ctxHeaders(ctx).Get(hDefaultVersionHostname)
 }
 
-func RequestID(ctx netcontext.Context) string {
+func RequestID(ctx context.Context) string {
 	return ctxHeaders(ctx).Get(hRequestLogId)
 }
 
-func Datacenter(ctx netcontext.Context) string {
+func Datacenter(ctx context.Context) string {
 	if dc := ctxHeaders(ctx).Get(hDatacenter); dc != "" {
 		return dc
 	}
@@ -71,7 +71,7 @@ func ServerSoftware() string {
 
 // TODO(dsymonds): Remove the metadata fetches.
 
-func ModuleName(_ netcontext.Context) string {
+func ModuleName(_ context.Context) string {
 	if s := os.Getenv("GAE_MODULE_NAME"); s != "" {
 		return s
 	}
@@ -81,7 +81,7 @@ func ModuleName(_ netcontext.Context) string {
 	return string(mustGetMetadata("instance/attributes/gae_backend_name"))
 }
 
-func VersionID(_ netcontext.Context) string {
+func VersionID(_ context.Context) string {
 	if s1, s2 := os.Getenv("GAE_MODULE_VERSION"), os.Getenv("GAE_MINOR_VERSION"); s1 != "" && s2 != "" {
 		return s1 + "." + s2
 	}
@@ -112,7 +112,7 @@ func partitionlessAppID() string {
 	return string(mustGetMetadata("instance/attributes/gae_project"))
 }
 
-func fullyQualifiedAppID(_ netcontext.Context) string {
+func fullyQualifiedAppID(_ context.Context) string {
 	if s := os.Getenv("GAE_APPLICATION"); s != "" {
 		return s
 	}
@@ -130,5 +130,5 @@ func fullyQualifiedAppID(_ netcontext.Context) string {
 }
 
 func IsDevAppServer() bool {
-	return os.Getenv("RUN_WITH_DEVAPPSERVER") != ""
+	return os.Getenv("RUN_WITH_DEVAPPSERVER") != "" || os.Getenv("GAE_ENV") == "localdev"
 }
diff --git a/vendor/google.golang.org/appengine/internal/main.go b/vendor/google.golang.org/appengine/internal/main.go
index 1e765312f..afd0ae84f 100644
--- a/vendor/google.golang.org/appengine/internal/main.go
+++ b/vendor/google.golang.org/appengine/internal/main.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build appengine
 // +build appengine
 
 package internal
diff --git a/vendor/google.golang.org/appengine/internal/main_vm.go b/vendor/google.golang.org/appengine/internal/main_vm.go
index ddb79a333..86a8caf06 100644
--- a/vendor/google.golang.org/appengine/internal/main_vm.go
+++ b/vendor/google.golang.org/appengine/internal/main_vm.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
+//go:build !appengine
 // +build !appengine
 
 package internal
@@ -29,7 +30,7 @@ func Main() {
 	if IsDevAppServer() {
 		host = "127.0.0.1"
 	}
-	if err := http.ListenAndServe(host+":"+port, http.HandlerFunc(handleHTTP)); err != nil {
+	if err := http.ListenAndServe(host+":"+port, Middleware(http.DefaultServeMux)); err != nil {
 		log.Fatalf("http.ListenAndServe: %v", err)
 	}
 }
diff --git a/vendor/google.golang.org/appengine/internal/transaction.go b/vendor/google.golang.org/appengine/internal/transaction.go
index 9006ae653..2ae8ab9fa 100644
--- a/vendor/google.golang.org/appengine/internal/transaction.go
+++ b/vendor/google.golang.org/appengine/internal/transaction.go
@@ -7,11 +7,11 @@ package internal
 // This file implements hooks for applying datastore transactions.
 
 import (
+	"context"
 	"errors"
 	"reflect"
 
 	"github.com/golang/protobuf/proto"
-	netcontext "golang.org/x/net/context"
 
 	basepb "google.golang.org/appengine/internal/base"
 	pb "google.golang.org/appengine/internal/datastore"
@@ -38,13 +38,13 @@ func applyTransaction(pb proto.Message, t *pb.Transaction) {
 
 var transactionKey = "used for *Transaction"
 
-func transactionFromContext(ctx netcontext.Context) *transaction {
+func transactionFromContext(ctx context.Context) *transaction {
 	t, _ := ctx.Value(&transactionKey).(*transaction)
 	return t
 }
 
-func withTransaction(ctx netcontext.Context, t *transaction) netcontext.Context {
-	return netcontext.WithValue(ctx, &transactionKey, t)
+func withTransaction(ctx context.Context, t *transaction) context.Context {
+	return context.WithValue(ctx, &transactionKey, t)
 }
 
 type transaction struct {
@@ -54,7 +54,7 @@ type transaction struct {
 
 var ErrConcurrentTransaction = errors.New("internal: concurrent transaction")
 
-func RunTransactionOnce(c netcontext.Context, f func(netcontext.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) {
+func RunTransactionOnce(c context.Context, f func(context.Context) error, xg bool, readOnly bool, previousTransaction *pb.Transaction) (*pb.Transaction, error) {
 	if transactionFromContext(c) != nil {
 		return nil, errors.New("nested transactions are not supported")
 	}
diff --git a/vendor/google.golang.org/appengine/namespace.go b/vendor/google.golang.org/appengine/namespace.go
index 21860ca08..6f169be48 100644
--- a/vendor/google.golang.org/appengine/namespace.go
+++ b/vendor/google.golang.org/appengine/namespace.go
@@ -5,11 +5,10 @@
 package appengine
 
 import (
+	"context"
 	"fmt"
 	"regexp"
 
-	"golang.org/x/net/context"
-
 	"google.golang.org/appengine/internal"
 )
 
diff --git a/vendor/google.golang.org/appengine/timeout.go b/vendor/google.golang.org/appengine/timeout.go
index 05642a992..fcf3ad0a5 100644
--- a/vendor/google.golang.org/appengine/timeout.go
+++ b/vendor/google.golang.org/appengine/timeout.go
@@ -4,7 +4,7 @@
 
 package appengine
 
-import "golang.org/x/net/context"
+import "context"
 
 // IsTimeoutError reports whether err is a timeout error.
 func IsTimeoutError(err error) bool {
diff --git a/vendor/google.golang.org/appengine/travis_install.sh b/vendor/google.golang.org/appengine/travis_install.sh
deleted file mode 100644
index 785b62f46..000000000
--- a/vendor/google.golang.org/appengine/travis_install.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-set -e
-
-if [[ $GO111MODULE == "on" ]]; then
-  go get .
-else
-  go get -u -v $(go list -f '{{join .Imports "\n"}}{{"\n"}}{{join .TestImports "\n"}}' ./... | sort | uniq | grep -v appengine)
-fi
-
-if [[ $GOAPP == "true" ]]; then
-  mkdir /tmp/sdk
-  curl -o /tmp/sdk.zip "https://storage.googleapis.com/appengine-sdks/featured/go_appengine_sdk_linux_amd64-1.9.68.zip"
-  unzip -q /tmp/sdk.zip -d /tmp/sdk
-  # NOTE: Set the following env vars in the test script:
-  # export PATH="$PATH:/tmp/sdk/go_appengine"
-  # export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py
-fi
-
diff --git a/vendor/google.golang.org/appengine/travis_test.sh b/vendor/google.golang.org/appengine/travis_test.sh
deleted file mode 100644
index d4390f045..000000000
--- a/vendor/google.golang.org/appengine/travis_test.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-go version
-go test -v google.golang.org/appengine/...
-go test -v -race google.golang.org/appengine/...
-if [[ $GOAPP == "true" ]]; then
-  export PATH="$PATH:/tmp/sdk/go_appengine"
-  export APPENGINE_DEV_APPSERVER=/tmp/sdk/go_appengine/dev_appserver.py
-  goapp version
-  goapp test -v google.golang.org/appengine/...
-fi
diff --git a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
index 6ffe1e6d9..6c0d72418 100644
--- a/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
+++ b/vendor/google.golang.org/appengine/urlfetch/urlfetch.go
@@ -7,6 +7,7 @@
 package urlfetch // import "google.golang.org/appengine/urlfetch"
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -18,7 +19,6 @@ import (
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	"golang.org/x/net/context"
 
 	"google.golang.org/appengine/internal"
 	pb "google.golang.org/appengine/internal/urlfetch"
@@ -44,11 +44,10 @@ type Transport struct {
 var _ http.RoundTripper = (*Transport)(nil)
 
 // Client returns an *http.Client using a default urlfetch Transport. This
-// client will have the default deadline of 5 seconds, and will check the
-// validity of SSL certificates.
+// client will check the validity of SSL certificates.
 //
-// Any deadline of the provided context will be used for requests through this client;
-// if the client does not have a deadline then a 5 second default is used.
+// Any deadline of the provided context will be used for requests through this client.
+// If the client does not have a deadline, then an App Engine default of 60 second is used.
 func Client(ctx context.Context) *http.Client {
 	return &http.Client{
 		Transport: &Transport{
diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md
index 0e6ae69a5..ab0fbb79b 100644
--- a/vendor/google.golang.org/grpc/README.md
+++ b/vendor/google.golang.org/grpc/README.md
@@ -1,8 +1,8 @@
 # gRPC-Go
 
-[![Build Status](https://travis-ci.org/grpc/grpc-go.svg)](https://travis-ci.org/grpc/grpc-go)
 [![GoDoc](https://pkg.go.dev/badge/google.golang.org/grpc)][API]
 [![GoReportCard](https://goreportcard.com/badge/grpc/grpc-go)](https://goreportcard.com/report/github.com/grpc/grpc-go)
+[![codecov](https://codecov.io/gh/grpc/grpc-go/graph/badge.svg)](https://codecov.io/gh/grpc/grpc-go)
 
 The [Go][] implementation of [gRPC][]: A high performance, open source, general
 RPC framework that puts mobile and HTTP/2 first. For more information see the
@@ -14,21 +14,14 @@ RPC framework that puts mobile and HTTP/2 first. For more information see the
 
 ## Installation
 
-With [Go module][] support (Go 1.11+), simply add the following import
+Simply add the following import to your code, and then `go [build|run|test]`
+will automatically fetch the necessary dependencies:
+
 
 ```go
 import "google.golang.org/grpc"
 ```
 
-to your code, and then `go [build|run|test]` will automatically fetch the
-necessary dependencies.
-
-Otherwise, to install the `grpc-go` package, run the following command:
-
-```console
-$ go get -u google.golang.org/grpc
-```
-
 > **Note:** If you are trying to access `grpc-go` from **China**, see the
 > [FAQ](#FAQ) below.
 
@@ -56,15 +49,6 @@ To build Go code, there are several options:
 
 - Set up a VPN and access google.golang.org through that.
 
-- Without Go module support: `git clone` the repo manually:
-
-  ```sh
-  git clone https://github.com/grpc/grpc-go.git $GOPATH/src/google.golang.org/grpc
-  ```
-
-  You will need to do the same for all of grpc's dependencies in `golang.org`,
-  e.g. `golang.org/x/net`.
-
 - With Go module support: it is possible to use the `replace` feature of `go
   mod` to create aliases for golang.org packages.  In your project's directory:
 
@@ -76,33 +60,13 @@ To build Go code, there are several options:
   ```
 
   Again, this will need to be done for all transitive dependencies hosted on
-  golang.org as well. For details, refer to [golang/go issue #28652](https://github.com/golang/go/issues/28652).
+  golang.org as well. For details, refer to [golang/go issue
+  #28652](https://github.com/golang/go/issues/28652).
 
 ### Compiling error, undefined: grpc.SupportPackageIsVersion
 
-#### If you are using Go modules:
-
-Ensure your gRPC-Go version is `require`d at the appropriate version in
-the same module containing the generated `.pb.go` files.  For example,
-`SupportPackageIsVersion6` needs `v1.27.0`, so in your `go.mod` file:
-
-```go
-module <your module name>
-
-require (
-    google.golang.org/grpc v1.27.0
-)
-```
-
-#### If you are *not* using Go modules:
-
-Update the `proto` package, gRPC package, and rebuild the `.proto` files:
-
-```sh
-go get -u github.com/golang/protobuf/{proto,protoc-gen-go}
-go get -u google.golang.org/grpc
-protoc --go_out=plugins=grpc:. *.proto
-```
+Please update to the latest version of gRPC-Go using
+`go get google.golang.org/grpc`.
 
 ### How to turn on logging
 
@@ -121,9 +85,11 @@ possible reasons, including:
  1. mis-configured transport credentials, connection failed on handshaking
  1. bytes disrupted, possibly by a proxy in between
  1. server shutdown
- 1. Keepalive parameters caused connection shutdown, for example if you have configured
-    your server to terminate connections regularly to [trigger DNS lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
-    If this is the case, you may want to increase your [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
+ 1. Keepalive parameters caused connection shutdown, for example if you have
+    configured your server to terminate connections regularly to [trigger DNS
+    lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779).
+    If this is the case, you may want to increase your
+    [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters),
     to allow longer RPC calls to finish.
 
 It can be tricky to debug this because the error happens on the client side but
diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go
index 49712aca3..52d530d7a 100644
--- a/vendor/google.golang.org/grpc/attributes/attributes.go
+++ b/vendor/google.golang.org/grpc/attributes/attributes.go
@@ -34,26 +34,26 @@ import (
 // key/value pairs.  Keys must be hashable, and users should define their own
 // types for keys.  Values should not be modified after they are added to an
 // Attributes or if they were received from one.  If values implement 'Equal(o
-// interface{}) bool', it will be called by (*Attributes).Equal to determine
-// whether two values with the same key should be considered equal.
+// any) bool', it will be called by (*Attributes).Equal to determine whether
+// two values with the same key should be considered equal.
 type Attributes struct {
-	m map[interface{}]interface{}
+	m map[any]any
 }
 
 // New returns a new Attributes containing the key/value pair.
-func New(key, value interface{}) *Attributes {
-	return &Attributes{m: map[interface{}]interface{}{key: value}}
+func New(key, value any) *Attributes {
+	return &Attributes{m: map[any]any{key: value}}
 }
 
 // WithValue returns a new Attributes containing the previous keys and values
 // and the new key/value pair.  If the same key appears multiple times, the
 // last value overwrites all previous values for that key.  To remove an
 // existing key, use a nil value.  value should not be modified later.
-func (a *Attributes) WithValue(key, value interface{}) *Attributes {
+func (a *Attributes) WithValue(key, value any) *Attributes {
 	if a == nil {
 		return New(key, value)
 	}
-	n := &Attributes{m: make(map[interface{}]interface{}, len(a.m)+1)}
+	n := &Attributes{m: make(map[any]any, len(a.m)+1)}
 	for k, v := range a.m {
 		n.m[k] = v
 	}
@@ -63,20 +63,19 @@ func (a *Attributes) WithValue(key, value interface{}) *Attributes {
 
 // Value returns the value associated with these attributes for key, or nil if
 // no value is associated with key.  The returned value should not be modified.
-func (a *Attributes) Value(key interface{}) interface{} {
+func (a *Attributes) Value(key any) any {
 	if a == nil {
 		return nil
 	}
 	return a.m[key]
 }
 
-// Equal returns whether a and o are equivalent.  If 'Equal(o interface{})
-// bool' is implemented for a value in the attributes, it is called to
-// determine if the value matches the one stored in the other attributes.  If
-// Equal is not implemented, standard equality is used to determine if the two
-// values are equal. Note that some types (e.g. maps) aren't comparable by
-// default, so they must be wrapped in a struct, or in an alias type, with Equal
-// defined.
+// Equal returns whether a and o are equivalent.  If 'Equal(o any) bool' is
+// implemented for a value in the attributes, it is called to determine if the
+// value matches the one stored in the other attributes.  If Equal is not
+// implemented, standard equality is used to determine if the two values are
+// equal. Note that some types (e.g. maps) aren't comparable by default, so
+// they must be wrapped in a struct, or in an alias type, with Equal defined.
 func (a *Attributes) Equal(o *Attributes) bool {
 	if a == nil && o == nil {
 		return true
@@ -93,7 +92,7 @@ func (a *Attributes) Equal(o *Attributes) bool {
 			// o missing element of a
 			return false
 		}
-		if eq, ok := v.(interface{ Equal(o interface{}) bool }); ok {
+		if eq, ok := v.(interface{ Equal(o any) bool }); ok {
 			if !eq.Equal(ov) {
 				return false
 			}
@@ -122,9 +121,9 @@ func (a *Attributes) String() string {
 	return sb.String()
 }
 
-func str(x interface{}) string {
+func str(x any) (s string) {
 	if v, ok := x.(fmt.Stringer); ok {
-		return v.String()
+		return fmt.Sprint(v)
 	} else if v, ok := x.(string); ok {
 		return v
 	}
diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go
index 8f00523c0..d79560a2e 100644
--- a/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -30,6 +30,7 @@ import (
 	"google.golang.org/grpc/channelz"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/grpclog"
 	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/resolver"
@@ -39,6 +40,8 @@ import (
 var (
 	// m is a map from name to balancer builder.
 	m = make(map[string]Builder)
+
+	logger = grpclog.Component("balancer")
 )
 
 // Register registers the balancer builder to the balancer map. b.Name
@@ -51,6 +54,12 @@ var (
 // an init() function), and is not thread-safe. If multiple Balancers are
 // registered with the same name, the one registered last will take effect.
 func Register(b Builder) {
+	if strings.ToLower(b.Name()) != b.Name() {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer registered with name %q. grpc-go will be switching to case sensitive balancer registries soon", b.Name())
+	}
 	m[strings.ToLower(b.Name())] = b
 }
 
@@ -70,6 +79,12 @@ func init() {
 // Note that the compare is done in a case-insensitive fashion.
 // If no builder is register with the name, nil will be returned.
 func Get(name string) Builder {
+	if strings.ToLower(name) != name {
+		// TODO: Skip the use of strings.ToLower() to index the map after v1.59
+		// is released to switch to case sensitive balancer registry. Also,
+		// remove this warning and update the docstrings for Register and Get.
+		logger.Warningf("Balancer retrieved for name %q. grpc-go will be switching to case sensitive balancer registries soon", name)
+	}
 	if b, ok := m[strings.ToLower(name)]; ok {
 		return b
 	}
@@ -105,8 +120,8 @@ type SubConn interface {
 	//
 	// This will trigger a state transition for the SubConn.
 	//
-	// Deprecated: This method is now part of the ClientConn interface and will
-	// eventually be removed from here.
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses([]resolver.Address)
 	// Connect starts the connecting for this SubConn.
 	Connect()
@@ -115,6 +130,13 @@ type SubConn interface {
 	// creates a new one and returns it.  Returns a close function which must
 	// be called when the Producer is no longer needed.
 	GetOrBuildProducer(ProducerBuilder) (p Producer, close func())
+	// Shutdown shuts down the SubConn gracefully.  Any started RPCs will be
+	// allowed to complete.  No future calls should be made on the SubConn.
+	// One final state update will be delivered to the StateListener (or
+	// UpdateSubConnState; deprecated) with ConnectivityState of Shutdown to
+	// indicate the shutdown operation.  This may be delivered before
+	// in-progress RPCs are complete and the actual connection is closed.
+	Shutdown()
 }
 
 // NewSubConnOptions contains options to create new SubConn.
@@ -129,6 +151,11 @@ type NewSubConnOptions struct {
 	// HealthCheckEnabled indicates whether health check service should be
 	// enabled on this SubConn
 	HealthCheckEnabled bool
+	// StateListener is called when the state of the subconn changes.  If nil,
+	// Balancer.UpdateSubConnState will be called instead.  Will never be
+	// invoked until after Connect() is called on the SubConn created with
+	// these options.
+	StateListener func(SubConnState)
 }
 
 // State contains the balancer's state relevant to the gRPC ClientConn.
@@ -150,16 +177,24 @@ type ClientConn interface {
 	// NewSubConn is called by balancer to create a new SubConn.
 	// It doesn't block and wait for the connections to be established.
 	// Behaviors of the SubConn can be controlled by options.
+	//
+	// Deprecated: please be aware that in a future version, SubConns will only
+	// support one address per SubConn.
 	NewSubConn([]resolver.Address, NewSubConnOptions) (SubConn, error)
 	// RemoveSubConn removes the SubConn from ClientConn.
 	// The SubConn will be shutdown.
+	//
+	// Deprecated: use SubConn.Shutdown instead.
 	RemoveSubConn(SubConn)
 	// UpdateAddresses updates the addresses used in the passed in SubConn.
 	// gRPC checks if the currently connected address is still in the new list.
 	// If so, the connection will be kept. Else, the connection will be
 	// gracefully closed, and a new connection will be created.
 	//
-	// This will trigger a state transition for the SubConn.
+	// This may trigger a state transition for the SubConn.
+	//
+	// Deprecated: this method will be removed.  Create new SubConns for new
+	// addresses instead.
 	UpdateAddresses(SubConn, []resolver.Address)
 
 	// UpdateState notifies gRPC that the balancer's internal state has
@@ -250,7 +285,7 @@ type DoneInfo struct {
 	// trailing metadata.
 	//
 	// The only supported type now is *orca_v3.LoadReport.
-	ServerLoad interface{}
+	ServerLoad any
 }
 
 var (
@@ -343,9 +378,13 @@ type Balancer interface {
 	ResolverError(error)
 	// UpdateSubConnState is called by gRPC when the state of a SubConn
 	// changes.
+	//
+	// Deprecated: Use NewSubConnOptions.StateListener when creating the
+	// SubConn instead.
 	UpdateSubConnState(SubConn, SubConnState)
-	// Close closes the balancer. The balancer is not required to call
-	// ClientConn.RemoveSubConn for its existing SubConns.
+	// Close closes the balancer. The balancer is not currently required to
+	// call SubConn.Shutdown for its existing SubConns; however, this will be
+	// required in a future release, so it is recommended.
 	Close()
 }
 
@@ -390,15 +429,14 @@ var ErrBadResolverState = errors.New("bad resolver state")
 type ProducerBuilder interface {
 	// Build creates a Producer.  The first parameter is always a
 	// grpc.ClientConnInterface (a type to allow creating RPCs/streams on the
-	// associated SubConn), but is declared as interface{} to avoid a
-	// dependency cycle.  Should also return a close function that will be
-	// called when all references to the Producer have been given up.
-	Build(grpcClientConnInterface interface{}) (p Producer, close func())
+	// associated SubConn), but is declared as `any` to avoid a dependency
+	// cycle.  Should also return a close function that will be called when all
+	// references to the Producer have been given up.
+	Build(grpcClientConnInterface any) (p Producer, close func())
 }
 
 // A Producer is a type shared among potentially many consumers.  It is
 // associated with a SubConn, and an implementation will typically contain
 // other methods to provide additional functionality, e.g. configuration or
 // subscription registration.
-type Producer interface {
-}
+type Producer any
diff --git a/vendor/google.golang.org/grpc/balancer/base/balancer.go b/vendor/google.golang.org/grpc/balancer/base/balancer.go
index 3929c26d3..a7f1eeec8 100644
--- a/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -105,7 +105,12 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		addrsSet.Set(a, nil)
 		if _, ok := b.subConns.Get(a); !ok {
 			// a is a new address (not existing in b.subConns).
-			sc, err := b.cc.NewSubConn([]resolver.Address{a}, balancer.NewSubConnOptions{HealthCheckEnabled: b.config.HealthCheck})
+			var sc balancer.SubConn
+			opts := balancer.NewSubConnOptions{
+				HealthCheckEnabled: b.config.HealthCheck,
+				StateListener:      func(scs balancer.SubConnState) { b.updateSubConnState(sc, scs) },
+			}
+			sc, err := b.cc.NewSubConn([]resolver.Address{a}, opts)
 			if err != nil {
 				logger.Warningf("base.baseBalancer: failed to create new SubConn: %v", err)
 				continue
@@ -121,10 +126,10 @@ func (b *baseBalancer) UpdateClientConnState(s balancer.ClientConnState) error {
 		sc := sci.(balancer.SubConn)
 		// a was removed by resolver.
 		if _, ok := addrsSet.Get(a); !ok {
-			b.cc.RemoveSubConn(sc)
+			sc.Shutdown()
 			b.subConns.Delete(a)
 			// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
-			// The entry will be deleted in UpdateSubConnState.
+			// The entry will be deleted in updateSubConnState.
 		}
 	}
 	// If resolver state contains no addresses, return an error so ClientConn
@@ -177,7 +182,12 @@ func (b *baseBalancer) regeneratePicker() {
 	b.picker = b.pickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs})
 }
 
+// UpdateSubConnState is a nop because a StateListener is always set in NewSubConn.
 func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	logger.Errorf("base.baseBalancer: UpdateSubConnState(%v, %+v) called unexpectedly", sc, state)
+}
+
+func (b *baseBalancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
 	s := state.ConnectivityState
 	if logger.V(2) {
 		logger.Infof("base.baseBalancer: handle SubConn state change: %p, %v", sc, s)
@@ -204,8 +214,8 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 	case connectivity.Idle:
 		sc.Connect()
 	case connectivity.Shutdown:
-		// When an address was removed by resolver, b called RemoveSubConn but
-		// kept the sc's state in scStates. Remove state for this sc here.
+		// When an address was removed by resolver, b called Shutdown but kept
+		// the sc's state in scStates. Remove state for this sc here.
 		delete(b.scStates, sc)
 	case connectivity.TransientFailure:
 		// Save error to be reported via picker.
@@ -226,7 +236,7 @@ func (b *baseBalancer) UpdateSubConnState(sc balancer.SubConn, state balancer.Su
 }
 
 // Close is a nop because base balancer doesn't have internal state to clean up,
-// and it doesn't need to call RemoveSubConn for the SubConns.
+// and it doesn't need to call Shutdown for the SubConns.
 func (b *baseBalancer) Close() {
 }
 
diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index 04b9ad411..a4411c22b 100644
--- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -99,20 +99,6 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 	// lock held. But the lock guards only the scheduling part. The actual
 	// callback is called asynchronously without the lock being held.
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
-		// If the addresses specified in the update contain addresses of type
-		// "grpclb" and the selected LB policy is not "grpclb", these addresses
-		// will be filtered out and ccs will be modified with the updated
-		// address list.
-		if ccb.curBalancerName != grpclbName {
-			var addrs []resolver.Address
-			for _, addr := range ccs.ResolverState.Addresses {
-				if addr.Type == resolver.GRPCLB {
-					continue
-				}
-				addrs = append(addrs, addr)
-			}
-			ccs.ResolverState.Addresses = addrs
-		}
 		errCh <- ccb.balancer.UpdateClientConnState(*ccs)
 	})
 	if !ok {
@@ -139,7 +125,9 @@ func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnStat
 func (ccb *ccBalancerWrapper) updateSubConnState(sc balancer.SubConn, s connectivity.State, err error) {
 	ccb.mu.Lock()
 	ccb.serializer.Schedule(func(_ context.Context) {
-		ccb.balancer.UpdateSubConnState(sc, balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
+		// Even though it is optional for balancers, gracefulswitch ensures
+		// opts.StateListener is set, so this cannot ever be nil.
+		sc.(*acBalancerWrapper).stateListener(balancer.SubConnState{ConnectivityState: s, ConnectionError: err})
 	})
 	ccb.mu.Unlock()
 }
@@ -221,7 +209,7 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 
 	ccb.mode = m
-	done := ccb.serializer.Done
+	done := ccb.serializer.Done()
 	b := ccb.balancer
 	ok := ccb.serializer.Schedule(func(_ context.Context) {
 		// Close the serializer to ensure that no more calls from gRPC are sent
@@ -238,11 +226,9 @@ func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) {
 	}
 	ccb.mu.Unlock()
 
-	// Give enqueued callbacks a chance to finish.
+	// Give enqueued callbacks a chance to finish before closing the balancer.
 	<-done
-	// Spawn a goroutine to close the balancer (since it may block trying to
-	// cleanup all allocated resources) and return early.
-	go b.Close()
+	b.Close()
 }
 
 // exitIdleMode is invoked by grpc when the channel exits idle mode either
@@ -314,29 +300,19 @@ func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer
 		channelz.Warningf(logger, ccb.cc.channelzID, "acBalancerWrapper: NewSubConn: failed to newAddrConn: %v", err)
 		return nil, err
 	}
-	acbw := &acBalancerWrapper{ac: ac, producers: make(map[balancer.ProducerBuilder]*refCountedProducer)}
+	acbw := &acBalancerWrapper{
+		ccb:           ccb,
+		ac:            ac,
+		producers:     make(map[balancer.ProducerBuilder]*refCountedProducer),
+		stateListener: opts.StateListener,
+	}
 	ac.acbw = acbw
 	return acbw, nil
 }
 
 func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	if ccb.isIdleOrClosed() {
-		// It it safe to ignore this call when the balancer is closed or in idle
-		// because the ClientConn takes care of closing the connections.
-		//
-		// Not returning early from here when the balancer is closed or in idle
-		// leads to a deadlock though, because of the following sequence of
-		// calls when holding cc.mu:
-		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
-		// ccb.RemoveAddrConn --> cc.removeAddrConn
-		return
-	}
-
-	acbw, ok := sc.(*acBalancerWrapper)
-	if !ok {
-		return
-	}
-	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+	// The graceful switch balancer will never call this.
+	logger.Errorf("ccb RemoveSubConn(%v) called unexpectedly, sc")
 }
 
 func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
@@ -380,7 +356,9 @@ func (ccb *ccBalancerWrapper) Target() string {
 // acBalancerWrapper is a wrapper on top of ac for balancers.
 // It implements balancer.SubConn interface.
 type acBalancerWrapper struct {
-	ac *addrConn // read-only
+	ac            *addrConn          // read-only
+	ccb           *ccBalancerWrapper // read-only
+	stateListener func(balancer.SubConnState)
 
 	mu        sync.Mutex
 	producers map[balancer.ProducerBuilder]*refCountedProducer
@@ -398,6 +376,23 @@ func (acbw *acBalancerWrapper) Connect() {
 	go acbw.ac.connect()
 }
 
+func (acbw *acBalancerWrapper) Shutdown() {
+	ccb := acbw.ccb
+	if ccb.isIdleOrClosed() {
+		// It it safe to ignore this call when the balancer is closed or in idle
+		// because the ClientConn takes care of closing the connections.
+		//
+		// Not returning early from here when the balancer is closed or in idle
+		// leads to a deadlock though, because of the following sequence of
+		// calls when holding cc.mu:
+		// cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close -->
+		// ccb.RemoveAddrConn --> cc.removeAddrConn
+		return
+	}
+
+	ccb.cc.removeAddrConn(acbw.ac, errConnDrain)
+}
+
 // NewStream begins a streaming RPC on the addrConn.  If the addrConn is not
 // ready, blocks until it is or ctx expires.  Returns an error when the context
 // expires or the addrConn is shut down.
@@ -411,7 +406,7 @@ func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc,
 
 // Invoke performs a unary RPC.  If the addrConn is not ready, returns
 // errSubConnNotReady.
-func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error {
+func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error {
 	cs, err := acbw.NewStream(ctx, unaryStreamDesc, method, opts...)
 	if err != nil {
 		return err
diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
index ec2c2fa14..595480112 100644
--- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
+++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
@@ -18,7 +18,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // source: grpc/binlog/v1/binarylog.proto
 
diff --git a/vendor/google.golang.org/grpc/call.go b/vendor/google.golang.org/grpc/call.go
index e6a1dc5d7..788c89c16 100644
--- a/vendor/google.golang.org/grpc/call.go
+++ b/vendor/google.golang.org/grpc/call.go
@@ -26,12 +26,7 @@ import (
 // received.  This is typically called by generated code.
 //
 // All errors returned by Invoke are compatible with the status package.
-func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply interface{}, opts ...CallOption) error {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
+func (cc *ClientConn) Invoke(ctx context.Context, method string, args, reply any, opts ...CallOption) error {
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -61,13 +56,13 @@ func combine(o1 []CallOption, o2 []CallOption) []CallOption {
 // received.  This is typically called by generated code.
 //
 // DEPRECATED: Use ClientConn.Invoke instead.
-func Invoke(ctx context.Context, method string, args, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func Invoke(ctx context.Context, method string, args, reply any, cc *ClientConn, opts ...CallOption) error {
 	return cc.Invoke(ctx, method, args, reply, opts...)
 }
 
 var unaryStreamDesc = &StreamDesc{ServerStreams: false, ClientStreams: false}
 
-func invoke(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+func invoke(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 	cs, err := newClientStream(ctx, unaryStreamDesc, cc, method, opts...)
 	if err != nil {
 		return err
diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go
index bfd7555a8..429c389e4 100644
--- a/vendor/google.golang.org/grpc/clientconn.go
+++ b/vendor/google.golang.org/grpc/clientconn.go
@@ -34,9 +34,11 @@ import (
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/backoff"
 	"google.golang.org/grpc/internal/channelz"
 	"google.golang.org/grpc/internal/grpcsync"
+	"google.golang.org/grpc/internal/idle"
 	"google.golang.org/grpc/internal/pretty"
 	iresolver "google.golang.org/grpc/internal/resolver"
 	"google.golang.org/grpc/internal/transport"
@@ -54,8 +56,6 @@ import (
 const (
 	// minimum time to give a connection to complete
 	minConnectTimeout = 20 * time.Second
-	// must match grpclbName in grpclb/grpclb.go
-	grpclbName = "grpclb"
 )
 
 var (
@@ -138,7 +138,6 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires
 func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) {
 	cc := &ClientConn{
 		target: target,
-		csMgr:  &connectivityStateManager{},
 		conns:  make(map[*addrConn]struct{}),
 		dopts:  defaultDialOptions(),
 		czData: new(channelzData),
@@ -191,6 +190,8 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Register ClientConn with channelz.
 	cc.channelzRegistration(target)
 
+	cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelzID)
+
 	if err := cc.validateTransportCredentials(); err != nil {
 		return nil, err
 	}
@@ -266,7 +267,7 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *
 	// Configure idleness support with configured idle timeout or default idle
 	// timeout duration. Idleness can be explicitly disabled by the user, by
 	// setting the dial option to 0.
-	cc.idlenessMgr = newIdlenessManager(cc, cc.dopts.idleTimeout)
+	cc.idlenessMgr = idle.NewManager(idle.ManagerOptions{Enforcer: (*idler)(cc), Timeout: cc.dopts.idleTimeout, Logger: logger})
 
 	// Return early for non-blocking dials.
 	if !cc.dopts.block {
@@ -317,6 +318,16 @@ func (cc *ClientConn) addTraceEvent(msg string) {
 	channelz.AddTraceEvent(logger, cc.channelzID, 0, ted)
 }
 
+type idler ClientConn
+
+func (i *idler) EnterIdleMode() error {
+	return (*ClientConn)(i).enterIdleMode()
+}
+
+func (i *idler) ExitIdleMode() error {
+	return (*ClientConn)(i).exitIdleMode()
+}
+
 // exitIdleMode moves the channel out of idle mode by recreating the name
 // resolver and load balancer.
 func (cc *ClientConn) exitIdleMode() error {
@@ -326,8 +337,8 @@ func (cc *ClientConn) exitIdleMode() error {
 		return errConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateIdle {
+		channelz.Infof(logger, cc.channelzID, "ClientConn asked to exit idle mode, current mode is %v", cc.idlenessState)
 		cc.mu.Unlock()
-		logger.Info("ClientConn asked to exit idle mode when not in idle mode")
 		return nil
 	}
 
@@ -350,7 +361,7 @@ func (cc *ClientConn) exitIdleMode() error {
 	cc.idlenessState = ccIdlenessStateExitingIdle
 	exitedIdle := false
 	if cc.blockingpicker == nil {
-		cc.blockingpicker = newPickerWrapper()
+		cc.blockingpicker = newPickerWrapper(cc.dopts.copts.StatsHandlers)
 	} else {
 		cc.blockingpicker.exitIdleMode()
 		exitedIdle = true
@@ -393,12 +404,13 @@ func (cc *ClientConn) exitIdleMode() error {
 // name resolver, load balancer and any subchannels.
 func (cc *ClientConn) enterIdleMode() error {
 	cc.mu.Lock()
+	defer cc.mu.Unlock()
+
 	if cc.conns == nil {
-		cc.mu.Unlock()
 		return ErrClientConnClosing
 	}
 	if cc.idlenessState != ccIdlenessStateActive {
-		logger.Error("ClientConn asked to enter idle mode when not active")
+		channelz.Warningf(logger, cc.channelzID, "ClientConn asked to enter idle mode, current mode is %v", cc.idlenessState)
 		return nil
 	}
 
@@ -419,14 +431,14 @@ func (cc *ClientConn) enterIdleMode() error {
 	cc.balancerWrapper.enterIdleMode()
 	cc.csMgr.updateState(connectivity.Idle)
 	cc.idlenessState = ccIdlenessStateIdle
-	cc.mu.Unlock()
+	cc.addTraceEvent("entering idle mode")
 
 	go func() {
-		cc.addTraceEvent("entering idle mode")
 		for ac := range conns {
 			ac.tearDown(errConnIdling)
 		}
 	}()
+
 	return nil
 }
 
@@ -475,7 +487,6 @@ func (cc *ClientConn) validateTransportCredentials() error {
 func (cc *ClientConn) channelzRegistration(target string) {
 	cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target)
 	cc.addTraceEvent("created")
-	cc.csMgr.channelzID = cc.channelzID
 }
 
 // chainUnaryClientInterceptors chains all unary client interceptors into one.
@@ -492,7 +503,7 @@ func chainUnaryClientInterceptors(cc *ClientConn) {
 	} else if len(interceptors) == 1 {
 		chainedInt = interceptors[0]
 	} else {
-		chainedInt = func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
+		chainedInt = func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error {
 			return interceptors[0](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, 0, invoker), opts...)
 		}
 	}
@@ -504,7 +515,7 @@ func getChainUnaryInvoker(interceptors []UnaryClientInterceptor, curr int, final
 	if curr == len(interceptors)-1 {
 		return finalInvoker
 	}
-	return func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error {
+	return func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error {
 		return interceptors[curr+1](ctx, method, req, reply, cc, getChainUnaryInvoker(interceptors, curr+1, finalInvoker), opts...)
 	}
 }
@@ -540,13 +551,27 @@ func getChainStreamer(interceptors []StreamClientInterceptor, curr int, finalStr
 	}
 }
 
+// newConnectivityStateManager creates an connectivityStateManager with
+// the specified id.
+func newConnectivityStateManager(ctx context.Context, id *channelz.Identifier) *connectivityStateManager {
+	return &connectivityStateManager{
+		channelzID: id,
+		pubSub:     grpcsync.NewPubSub(ctx),
+	}
+}
+
 // connectivityStateManager keeps the connectivity.State of ClientConn.
 // This struct will eventually be exported so the balancers can access it.
+//
+// TODO: If possible, get rid of the `connectivityStateManager` type, and
+// provide this functionality using the `PubSub`, to avoid keeping track of
+// the connectivity state at two places.
 type connectivityStateManager struct {
 	mu         sync.Mutex
 	state      connectivity.State
 	notifyChan chan struct{}
 	channelzID *channelz.Identifier
+	pubSub     *grpcsync.PubSub
 }
 
 // updateState updates the connectivity.State of ClientConn.
@@ -562,6 +587,8 @@ func (csm *connectivityStateManager) updateState(state connectivity.State) {
 		return
 	}
 	csm.state = state
+	csm.pubSub.Publish(state)
+
 	channelz.Infof(logger, csm.channelzID, "Channel Connectivity change to %v", state)
 	if csm.notifyChan != nil {
 		// There are other goroutines waiting on this channel.
@@ -591,7 +618,7 @@ func (csm *connectivityStateManager) getNotifyChan() <-chan struct{} {
 type ClientConnInterface interface {
 	// Invoke performs a unary RPC and returns after the response is received
 	// into reply.
-	Invoke(ctx context.Context, method string, args interface{}, reply interface{}, opts ...CallOption) error
+	Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error
 	// NewStream begins a streaming RPC.
 	NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error)
 }
@@ -623,7 +650,7 @@ type ClientConn struct {
 	channelzID      *channelz.Identifier // Channelz identifier for the channel.
 	resolverBuilder resolver.Builder     // See parseTargetAndFindResolver().
 	balancerWrapper *ccBalancerWrapper   // Uses gracefulswitch.balancer underneath.
-	idlenessMgr     idlenessManager
+	idlenessMgr     idle.Manager
 
 	// The following provide their own synchronization, and therefore don't
 	// require cc.mu to be held to access them.
@@ -669,6 +696,19 @@ const (
 	ccIdlenessStateExitingIdle
 )
 
+func (s ccIdlenessState) String() string {
+	switch s {
+	case ccIdlenessStateActive:
+		return "active"
+	case ccIdlenessStateIdle:
+		return "idle"
+	case ccIdlenessStateExitingIdle:
+		return "exitingIdle"
+	default:
+		return "unknown"
+	}
+}
+
 // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or
 // ctx expires. A true value is returned in former case and false in latter.
 //
@@ -760,6 +800,16 @@ func init() {
 		panic(fmt.Sprintf("impossible error parsing empty service config: %v", cfg.Err))
 	}
 	emptyServiceConfig = cfg.Config.(*ServiceConfig)
+
+	internal.SubscribeToConnectivityStateChanges = func(cc *ClientConn, s grpcsync.Subscriber) func() {
+		return cc.csMgr.pubSub.Subscribe(s)
+	}
+	internal.EnterIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.enterIdleMode()
+	}
+	internal.ExitIdleModeForTesting = func(cc *ClientConn) error {
+		return cc.exitIdleMode()
+	}
 }
 
 func (cc *ClientConn) maybeApplyDefaultServiceConfig(addrs []resolver.Address) {
@@ -1047,8 +1097,8 @@ func (ac *addrConn) updateAddrs(addrs []resolver.Address) {
 	ac.cancel()
 	ac.ctx, ac.cancel = context.WithCancel(ac.cc.ctx)
 
-	// We have to defer here because GracefulClose => Close => onClose, which
-	// requires locking ac.mu.
+	// We have to defer here because GracefulClose => onClose, which requires
+	// locking ac.mu.
 	if ac.transport != nil {
 		defer ac.transport.GracefulClose()
 		ac.transport = nil
@@ -1153,23 +1203,13 @@ func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSel
 	}
 
 	var newBalancerName string
-	if cc.sc != nil && cc.sc.lbConfig != nil {
+	if cc.sc == nil || (cc.sc.lbConfig == nil && cc.sc.LB == nil) {
+		// No service config or no LB policy specified in config.
+		newBalancerName = PickFirstBalancerName
+	} else if cc.sc.lbConfig != nil {
 		newBalancerName = cc.sc.lbConfig.name
-	} else {
-		var isGRPCLB bool
-		for _, a := range addrs {
-			if a.Type == resolver.GRPCLB {
-				isGRPCLB = true
-				break
-			}
-		}
-		if isGRPCLB {
-			newBalancerName = grpclbName
-		} else if cc.sc != nil && cc.sc.LB != nil {
-			newBalancerName = *cc.sc.LB
-		} else {
-			newBalancerName = PickFirstBalancerName
-		}
+	} else { // cc.sc.LB != nil
+		newBalancerName = *cc.sc.LB
 	}
 	cc.balancerWrapper.switchTo(newBalancerName)
 }
@@ -1208,7 +1248,10 @@ func (cc *ClientConn) ResetConnectBackoff() {
 
 // Close tears down the ClientConn and all underlying connections.
 func (cc *ClientConn) Close() error {
-	defer cc.cancel()
+	defer func() {
+		cc.cancel()
+		<-cc.csMgr.pubSub.Done()
+	}()
 
 	cc.mu.Lock()
 	if cc.conns == nil {
@@ -1242,7 +1285,7 @@ func (cc *ClientConn) Close() error {
 		rWrapper.close()
 	}
 	if idlenessMgr != nil {
-		idlenessMgr.close()
+		idlenessMgr.Close()
 	}
 
 	for ac := range conns {
@@ -1352,12 +1395,14 @@ func (ac *addrConn) resetTransport() {
 
 	if err := ac.tryAllAddrs(acCtx, addrs, connectDeadline); err != nil {
 		ac.cc.resolveNow(resolver.ResolveNowOptions{})
-		// After exhausting all addresses, the addrConn enters
-		// TRANSIENT_FAILURE.
+		ac.mu.Lock()
 		if acCtx.Err() != nil {
+			// addrConn was torn down.
+			ac.mu.Unlock()
 			return
 		}
-		ac.mu.Lock()
+		// After exhausting all addresses, the addrConn enters
+		// TRANSIENT_FAILURE.
 		ac.updateConnectivityState(connectivity.TransientFailure, err)
 
 		// Backoff.
@@ -1553,7 +1598,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) {
 
 	// Set up the health check helper functions.
 	currentTr := ac.transport
-	newStream := func(method string) (interface{}, error) {
+	newStream := func(method string) (any, error) {
 		ac.mu.Lock()
 		if ac.transport != currentTr {
 			ac.mu.Unlock()
@@ -1641,16 +1686,7 @@ func (ac *addrConn) tearDown(err error) {
 	ac.updateConnectivityState(connectivity.Shutdown, nil)
 	ac.cancel()
 	ac.curAddr = resolver.Address{}
-	if err == errConnDrain && curTr != nil {
-		// GracefulClose(...) may be executed multiple times when
-		// i) receiving multiple GoAway frames from the server; or
-		// ii) there are concurrent name resolver/Balancer triggered
-		// address removal and GoAway.
-		// We have to unlock and re-lock here because GracefulClose => Close => onClose, which requires locking ac.mu.
-		ac.mu.Unlock()
-		curTr.GracefulClose()
-		ac.mu.Lock()
-	}
+
 	channelz.AddTraceEvent(logger, ac.channelzID, 0, &channelz.TraceEventDesc{
 		Desc:     "Subchannel deleted",
 		Severity: channelz.CtInfo,
@@ -1664,6 +1700,29 @@ func (ac *addrConn) tearDown(err error) {
 	// being deleted right away.
 	channelz.RemoveEntry(ac.channelzID)
 	ac.mu.Unlock()
+
+	// We have to release the lock before the call to GracefulClose/Close here
+	// because both of them call onClose(), which requires locking ac.mu.
+	if curTr != nil {
+		if err == errConnDrain {
+			// Close the transport gracefully when the subConn is being shutdown.
+			//
+			// GracefulClose() may be executed multiple times if:
+			// - multiple GoAway frames are received from the server
+			// - there are concurrent name resolver or balancer triggered
+			//   address removal and GoAway
+			curTr.GracefulClose()
+		} else {
+			// Hard close the transport when the channel is entering idle or is
+			// being shutdown. In the case where the channel is being shutdown,
+			// closing of transports is also taken care of by cancelation of cc.ctx.
+			// But in the case where the channel is entering idle, we need to
+			// explicitly close the transports here. Instead of distinguishing
+			// between these two cases, it is simpler to close the transport
+			// unconditionally here.
+			curTr.Close(err)
+		}
+	}
 }
 
 func (ac *addrConn) getState() connectivity.State {
diff --git a/vendor/google.golang.org/grpc/codec.go b/vendor/google.golang.org/grpc/codec.go
index 129776547..411e3dfd4 100644
--- a/vendor/google.golang.org/grpc/codec.go
+++ b/vendor/google.golang.org/grpc/codec.go
@@ -27,8 +27,8 @@ import (
 // omits the name/string, which vary between the two and are not needed for
 // anything besides the registry in the encoding package.
 type baseCodec interface {
-	Marshal(v interface{}) ([]byte, error)
-	Unmarshal(data []byte, v interface{}) error
+	Marshal(v any) ([]byte, error)
+	Unmarshal(data []byte, v any) error
 }
 
 var _ baseCodec = Codec(nil)
@@ -41,9 +41,9 @@ var _ baseCodec = encoding.Codec(nil)
 // Deprecated: use encoding.Codec instead.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// String returns the name of the Codec implementation.  This is unused by
 	// gRPC.
 	String() string
diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go
index 23ea95237..cfc9fd85e 100644
--- a/vendor/google.golang.org/grpc/dialoptions.go
+++ b/vendor/google.golang.org/grpc/dialoptions.go
@@ -139,6 +139,20 @@ func newJoinDialOption(opts ...DialOption) DialOption {
 	return &joinDialOption{opts: opts}
 }
 
+// WithSharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func WithSharedWriteBuffer(val bool) DialOption {
+	return newFuncDialOption(func(o *dialOptions) {
+		o.copts.SharedWriteBuffer = val
+	})
+}
+
 // WithWriteBufferSize determines how much data can be batched before doing a
 // write on the wire. The corresponding memory allocation for this buffer will
 // be twice the size to keep syscalls low. The default value for this buffer is
@@ -630,6 +644,7 @@ func defaultDialOptions() dialOptions {
 			UseProxy:        true,
 		},
 		recvBufferPool: nopBufferPool{},
+		idleTimeout:    30 * time.Minute,
 	}
 }
 
@@ -666,8 +681,8 @@ func WithResolvers(rs ...resolver.Builder) DialOption {
 // channel will exit idle mode when the Connect() method is called or when an
 // RPC is initiated.
 //
-// By default this feature is disabled, which can also be explicitly configured
-// by passing zero to this function.
+// A default timeout of 30 minutes will be used if this dial option is not set
+// at dial time and idleness can be disabled by passing a timeout of zero.
 //
 // # Experimental
 //
diff --git a/vendor/google.golang.org/grpc/encoding/encoding.go b/vendor/google.golang.org/grpc/encoding/encoding.go
index 07a586135..5ebf88d71 100644
--- a/vendor/google.golang.org/grpc/encoding/encoding.go
+++ b/vendor/google.golang.org/grpc/encoding/encoding.go
@@ -38,6 +38,10 @@ const Identity = "identity"
 
 // Compressor is used for compressing and decompressing when sending or
 // receiving messages.
+//
+// If a Compressor implements `DecompressedSize(compressedBytes []byte) int`,
+// gRPC will invoke it to determine the size of the buffer allocated for the
+// result of decompression.  A return value of -1 indicates unknown size.
 type Compressor interface {
 	// Compress writes the data written to wc to w after compressing it.  If an
 	// error occurs while initializing the compressor, that error is returned
@@ -51,15 +55,6 @@ type Compressor interface {
 	// coding header.  The result must be static; the result cannot change
 	// between calls.
 	Name() string
-	// If a Compressor implements
-	// DecompressedSize(compressedBytes []byte) int, gRPC will call it
-	// to determine the size of the buffer allocated for the result of decompression.
-	// Return -1 to indicate unknown size.
-	//
-	// Experimental
-	//
-	// Notice: This API is EXPERIMENTAL and may be changed or removed in a
-	// later release.
 }
 
 var registeredCompressor = make(map[string]Compressor)
@@ -90,9 +85,9 @@ func GetCompressor(name string) Compressor {
 // methods can be called from concurrent goroutines.
 type Codec interface {
 	// Marshal returns the wire format of v.
-	Marshal(v interface{}) ([]byte, error)
+	Marshal(v any) ([]byte, error)
 	// Unmarshal parses the wire format into v.
-	Unmarshal(data []byte, v interface{}) error
+	Unmarshal(data []byte, v any) error
 	// Name returns the name of the Codec implementation. The returned string
 	// will be used as part of content type in transmission.  The result must be
 	// static; the result cannot change between calls.
diff --git a/vendor/google.golang.org/grpc/encoding/gzip/gzip.go b/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
index a3bb173c2..6306e8bb0 100644
--- a/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
+++ b/vendor/google.golang.org/grpc/encoding/gzip/gzip.go
@@ -40,7 +40,7 @@ const Name = "gzip"
 
 func init() {
 	c := &compressor{}
-	c.poolCompressor.New = func() interface{} {
+	c.poolCompressor.New = func() any {
 		return &writer{Writer: gzip.NewWriter(io.Discard), pool: &c.poolCompressor}
 	}
 	encoding.RegisterCompressor(c)
@@ -61,7 +61,7 @@ func SetLevel(level int) error {
 		return fmt.Errorf("grpc: invalid gzip compression level: %d", level)
 	}
 	c := encoding.GetCompressor(Name).(*compressor)
-	c.poolCompressor.New = func() interface{} {
+	c.poolCompressor.New = func() any {
 		w, err := gzip.NewWriterLevel(io.Discard, level)
 		if err != nil {
 			panic(err)
diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go
index 3009b35af..0ee3d3bae 100644
--- a/vendor/google.golang.org/grpc/encoding/proto/proto.go
+++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go
@@ -37,7 +37,7 @@ func init() {
 // codec is a Codec implementation with protobuf. It is the default codec for gRPC.
 type codec struct{}
 
-func (codec) Marshal(v interface{}) ([]byte, error) {
+func (codec) Marshal(v any) ([]byte, error) {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v)
@@ -45,7 +45,7 @@ func (codec) Marshal(v interface{}) ([]byte, error) {
 	return proto.Marshal(vv)
 }
 
-func (codec) Unmarshal(data []byte, v interface{}) error {
+func (codec) Unmarshal(data []byte, v any) error {
 	vv, ok := v.(proto.Message)
 	if !ok {
 		return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v)
diff --git a/vendor/google.golang.org/grpc/grpclog/component.go b/vendor/google.golang.org/grpc/grpclog/component.go
index 8358dd6e2..ac73c9ced 100644
--- a/vendor/google.golang.org/grpc/grpclog/component.go
+++ b/vendor/google.golang.org/grpc/grpclog/component.go
@@ -31,71 +31,71 @@ type componentData struct {
 
 var cache = map[string]*componentData{}
 
-func (c *componentData) InfoDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) InfoDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.InfoDepth(depth+1, args...)
 }
 
-func (c *componentData) WarningDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) WarningDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.WarningDepth(depth+1, args...)
 }
 
-func (c *componentData) ErrorDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) ErrorDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.ErrorDepth(depth+1, args...)
 }
 
-func (c *componentData) FatalDepth(depth int, args ...interface{}) {
-	args = append([]interface{}{"[" + string(c.name) + "]"}, args...)
+func (c *componentData) FatalDepth(depth int, args ...any) {
+	args = append([]any{"[" + string(c.name) + "]"}, args...)
 	grpclog.FatalDepth(depth+1, args...)
 }
 
-func (c *componentData) Info(args ...interface{}) {
+func (c *componentData) Info(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warning(args ...interface{}) {
+func (c *componentData) Warning(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Error(args ...interface{}) {
+func (c *componentData) Error(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatal(args ...interface{}) {
+func (c *componentData) Fatal(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
-func (c *componentData) Infof(format string, args ...interface{}) {
+func (c *componentData) Infof(format string, args ...any) {
 	c.InfoDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Warningf(format string, args ...interface{}) {
+func (c *componentData) Warningf(format string, args ...any) {
 	c.WarningDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Errorf(format string, args ...interface{}) {
+func (c *componentData) Errorf(format string, args ...any) {
 	c.ErrorDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Fatalf(format string, args ...interface{}) {
+func (c *componentData) Fatalf(format string, args ...any) {
 	c.FatalDepth(1, fmt.Sprintf(format, args...))
 }
 
-func (c *componentData) Infoln(args ...interface{}) {
+func (c *componentData) Infoln(args ...any) {
 	c.InfoDepth(1, args...)
 }
 
-func (c *componentData) Warningln(args ...interface{}) {
+func (c *componentData) Warningln(args ...any) {
 	c.WarningDepth(1, args...)
 }
 
-func (c *componentData) Errorln(args ...interface{}) {
+func (c *componentData) Errorln(args ...any) {
 	c.ErrorDepth(1, args...)
 }
 
-func (c *componentData) Fatalln(args ...interface{}) {
+func (c *componentData) Fatalln(args ...any) {
 	c.FatalDepth(1, args...)
 }
 
diff --git a/vendor/google.golang.org/grpc/grpclog/grpclog.go b/vendor/google.golang.org/grpc/grpclog/grpclog.go
index c8bb2be34..16928c9cb 100644
--- a/vendor/google.golang.org/grpc/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/grpclog/grpclog.go
@@ -42,53 +42,53 @@ func V(l int) bool {
 }
 
 // Info logs to the INFO log.
-func Info(args ...interface{}) {
+func Info(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Infof logs to the INFO log. Arguments are handled in the manner of fmt.Printf.
-func Infof(format string, args ...interface{}) {
+func Infof(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Infoln logs to the INFO log. Arguments are handled in the manner of fmt.Println.
-func Infoln(args ...interface{}) {
+func Infoln(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
 
 // Warning logs to the WARNING log.
-func Warning(args ...interface{}) {
+func Warning(args ...any) {
 	grpclog.Logger.Warning(args...)
 }
 
 // Warningf logs to the WARNING log. Arguments are handled in the manner of fmt.Printf.
-func Warningf(format string, args ...interface{}) {
+func Warningf(format string, args ...any) {
 	grpclog.Logger.Warningf(format, args...)
 }
 
 // Warningln logs to the WARNING log. Arguments are handled in the manner of fmt.Println.
-func Warningln(args ...interface{}) {
+func Warningln(args ...any) {
 	grpclog.Logger.Warningln(args...)
 }
 
 // Error logs to the ERROR log.
-func Error(args ...interface{}) {
+func Error(args ...any) {
 	grpclog.Logger.Error(args...)
 }
 
 // Errorf logs to the ERROR log. Arguments are handled in the manner of fmt.Printf.
-func Errorf(format string, args ...interface{}) {
+func Errorf(format string, args ...any) {
 	grpclog.Logger.Errorf(format, args...)
 }
 
 // Errorln logs to the ERROR log. Arguments are handled in the manner of fmt.Println.
-func Errorln(args ...interface{}) {
+func Errorln(args ...any) {
 	grpclog.Logger.Errorln(args...)
 }
 
 // Fatal logs to the FATAL log. Arguments are handled in the manner of fmt.Print.
 // It calls os.Exit() with exit code 1.
-func Fatal(args ...interface{}) {
+func Fatal(args ...any) {
 	grpclog.Logger.Fatal(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -96,7 +96,7 @@ func Fatal(args ...interface{}) {
 
 // Fatalf logs to the FATAL log. Arguments are handled in the manner of fmt.Printf.
 // It calls os.Exit() with exit code 1.
-func Fatalf(format string, args ...interface{}) {
+func Fatalf(format string, args ...any) {
 	grpclog.Logger.Fatalf(format, args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -104,7 +104,7 @@ func Fatalf(format string, args ...interface{}) {
 
 // Fatalln logs to the FATAL log. Arguments are handled in the manner of fmt.Println.
 // It calle os.Exit()) with exit code 1.
-func Fatalln(args ...interface{}) {
+func Fatalln(args ...any) {
 	grpclog.Logger.Fatalln(args...)
 	// Make sure fatal logs will exit.
 	os.Exit(1)
@@ -113,20 +113,20 @@ func Fatalln(args ...interface{}) {
 // Print prints to the logger. Arguments are handled in the manner of fmt.Print.
 //
 // Deprecated: use Info.
-func Print(args ...interface{}) {
+func Print(args ...any) {
 	grpclog.Logger.Info(args...)
 }
 
 // Printf prints to the logger. Arguments are handled in the manner of fmt.Printf.
 //
 // Deprecated: use Infof.
-func Printf(format string, args ...interface{}) {
+func Printf(format string, args ...any) {
 	grpclog.Logger.Infof(format, args...)
 }
 
 // Println prints to the logger. Arguments are handled in the manner of fmt.Println.
 //
 // Deprecated: use Infoln.
-func Println(args ...interface{}) {
+func Println(args ...any) {
 	grpclog.Logger.Infoln(args...)
 }
diff --git a/vendor/google.golang.org/grpc/grpclog/logger.go b/vendor/google.golang.org/grpc/grpclog/logger.go
index ef06a4822..b1674d826 100644
--- a/vendor/google.golang.org/grpc/grpclog/logger.go
+++ b/vendor/google.golang.org/grpc/grpclog/logger.go
@@ -24,12 +24,12 @@ import "google.golang.org/grpc/internal/grpclog"
 //
 // Deprecated: use LoggerV2.
 type Logger interface {
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Fatalln(args ...interface{})
-	Print(args ...interface{})
-	Printf(format string, args ...interface{})
-	Println(args ...interface{})
+	Fatal(args ...any)
+	Fatalf(format string, args ...any)
+	Fatalln(args ...any)
+	Print(args ...any)
+	Printf(format string, args ...any)
+	Println(args ...any)
 }
 
 // SetLogger sets the logger that is used in grpc. Call only from
@@ -45,39 +45,39 @@ type loggerWrapper struct {
 	Logger
 }
 
-func (g *loggerWrapper) Info(args ...interface{}) {
+func (g *loggerWrapper) Info(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Infoln(args ...interface{}) {
+func (g *loggerWrapper) Infoln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Infof(format string, args ...interface{}) {
+func (g *loggerWrapper) Infof(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Warning(args ...interface{}) {
+func (g *loggerWrapper) Warning(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Warningln(args ...interface{}) {
+func (g *loggerWrapper) Warningln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Warningf(format string, args ...interface{}) {
+func (g *loggerWrapper) Warningf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
-func (g *loggerWrapper) Error(args ...interface{}) {
+func (g *loggerWrapper) Error(args ...any) {
 	g.Logger.Print(args...)
 }
 
-func (g *loggerWrapper) Errorln(args ...interface{}) {
+func (g *loggerWrapper) Errorln(args ...any) {
 	g.Logger.Println(args...)
 }
 
-func (g *loggerWrapper) Errorf(format string, args ...interface{}) {
+func (g *loggerWrapper) Errorf(format string, args ...any) {
 	g.Logger.Printf(format, args...)
 }
 
diff --git a/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
index 5de66e40d..ecfd36d71 100644
--- a/vendor/google.golang.org/grpc/grpclog/loggerv2.go
+++ b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
@@ -33,35 +33,35 @@ import (
 // LoggerV2 does underlying logging work for grpclog.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -182,53 +182,53 @@ func (g *loggerT) output(severity int, s string) {
 	g.m[severity].Output(2, string(b))
 }
 
-func (g *loggerT) Info(args ...interface{}) {
+func (g *loggerT) Info(args ...any) {
 	g.output(infoLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Infoln(args ...interface{}) {
+func (g *loggerT) Infoln(args ...any) {
 	g.output(infoLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Infof(format string, args ...interface{}) {
+func (g *loggerT) Infof(format string, args ...any) {
 	g.output(infoLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Warning(args ...interface{}) {
+func (g *loggerT) Warning(args ...any) {
 	g.output(warningLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Warningln(args ...interface{}) {
+func (g *loggerT) Warningln(args ...any) {
 	g.output(warningLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Warningf(format string, args ...interface{}) {
+func (g *loggerT) Warningf(format string, args ...any) {
 	g.output(warningLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Error(args ...interface{}) {
+func (g *loggerT) Error(args ...any) {
 	g.output(errorLog, fmt.Sprint(args...))
 }
 
-func (g *loggerT) Errorln(args ...interface{}) {
+func (g *loggerT) Errorln(args ...any) {
 	g.output(errorLog, fmt.Sprintln(args...))
 }
 
-func (g *loggerT) Errorf(format string, args ...interface{}) {
+func (g *loggerT) Errorf(format string, args ...any) {
 	g.output(errorLog, fmt.Sprintf(format, args...))
 }
 
-func (g *loggerT) Fatal(args ...interface{}) {
+func (g *loggerT) Fatal(args ...any) {
 	g.output(fatalLog, fmt.Sprint(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalln(args ...interface{}) {
+func (g *loggerT) Fatalln(args ...any) {
 	g.output(fatalLog, fmt.Sprintln(args...))
 	os.Exit(1)
 }
 
-func (g *loggerT) Fatalf(format string, args ...interface{}) {
+func (g *loggerT) Fatalf(format string, args ...any) {
 	g.output(fatalLog, fmt.Sprintf(format, args...))
 	os.Exit(1)
 }
@@ -248,11 +248,11 @@ func (g *loggerT) V(l int) bool {
 type DepthLoggerV2 interface {
 	LoggerV2
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/vendor/google.golang.org/grpc/health/client.go b/vendor/google.golang.org/grpc/health/client.go
index b5bee4838..740745c45 100644
--- a/vendor/google.golang.org/grpc/health/client.go
+++ b/vendor/google.golang.org/grpc/health/client.go
@@ -56,7 +56,7 @@ const healthCheckMethod = "/grpc.health.v1.Health/Watch"
 
 // This function implements the protocol defined at:
 // https://github.com/grpc/grpc/blob/master/doc/health-checking.md
-func clientHealthCheck(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), service string) error {
+func clientHealthCheck(ctx context.Context, newStream func(string) (any, error), setConnectivityState func(connectivity.State, error), service string) error {
 	tryCnt := 0
 
 retryConnection:
diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
index 142d35f75..24299efd6 100644
--- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
+++ b/vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
@@ -17,7 +17,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // source: grpc/health/v1/health.proto
 
diff --git a/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go b/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
index a01a1b4d5..4439cda0f 100644
--- a/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
+++ b/vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go
@@ -44,8 +44,15 @@ const (
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type HealthClient interface {
-	// If the requested service is unknown, the call will fail with status
-	// NOT_FOUND.
+	// Check gets the health of the specified service. If the requested service
+	// is unknown, the call will fail with status NOT_FOUND. If the caller does
+	// not specify a service name, the server should respond with its overall
+	// health status.
+	//
+	// Clients should set a deadline when calling Check, and can declare the
+	// server unhealthy if they do not receive a timely response.
+	//
+	// Check implementations should be idempotent and side effect free.
 	Check(ctx context.Context, in *HealthCheckRequest, opts ...grpc.CallOption) (*HealthCheckResponse, error)
 	// Performs a watch for the serving status of the requested service.
 	// The server will immediately send back a message indicating the current
@@ -118,8 +125,15 @@ func (x *healthWatchClient) Recv() (*HealthCheckResponse, error) {
 // All implementations should embed UnimplementedHealthServer
 // for forward compatibility
 type HealthServer interface {
-	// If the requested service is unknown, the call will fail with status
-	// NOT_FOUND.
+	// Check gets the health of the specified service. If the requested service
+	// is unknown, the call will fail with status NOT_FOUND. If the caller does
+	// not specify a service name, the server should respond with its overall
+	// health status.
+	//
+	// Clients should set a deadline when calling Check, and can declare the
+	// server unhealthy if they do not receive a timely response.
+	//
+	// Check implementations should be idempotent and side effect free.
 	Check(context.Context, *HealthCheckRequest) (*HealthCheckResponse, error)
 	// Performs a watch for the serving status of the requested service.
 	// The server will immediately send back a message indicating the current
diff --git a/vendor/google.golang.org/grpc/interceptor.go b/vendor/google.golang.org/grpc/interceptor.go
index bb96ef57b..877d78fc3 100644
--- a/vendor/google.golang.org/grpc/interceptor.go
+++ b/vendor/google.golang.org/grpc/interceptor.go
@@ -23,7 +23,7 @@ import (
 )
 
 // UnaryInvoker is called by UnaryClientInterceptor to complete RPCs.
-type UnaryInvoker func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, opts ...CallOption) error
+type UnaryInvoker func(ctx context.Context, method string, req, reply any, cc *ClientConn, opts ...CallOption) error
 
 // UnaryClientInterceptor intercepts the execution of a unary RPC on the client.
 // Unary interceptors can be specified as a DialOption, using
@@ -40,7 +40,7 @@ type UnaryInvoker func(ctx context.Context, method string, req, reply interface{
 // defaults from the ClientConn as well as per-call options.
 //
 // The returned error must be compatible with the status package.
-type UnaryClientInterceptor func(ctx context.Context, method string, req, reply interface{}, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
+type UnaryClientInterceptor func(ctx context.Context, method string, req, reply any, cc *ClientConn, invoker UnaryInvoker, opts ...CallOption) error
 
 // Streamer is called by StreamClientInterceptor to create a ClientStream.
 type Streamer func(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (ClientStream, error)
@@ -66,7 +66,7 @@ type StreamClientInterceptor func(ctx context.Context, desc *StreamDesc, cc *Cli
 // server side. All per-rpc information may be mutated by the interceptor.
 type UnaryServerInfo struct {
 	// Server is the service implementation the user provides. This is read-only.
-	Server interface{}
+	Server any
 	// FullMethod is the full RPC method string, i.e., /package.service/method.
 	FullMethod string
 }
@@ -78,13 +78,13 @@ type UnaryServerInfo struct {
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type UnaryHandler func(ctx context.Context, req interface{}) (interface{}, error)
+type UnaryHandler func(ctx context.Context, req any) (any, error)
 
 // UnaryServerInterceptor provides a hook to intercept the execution of a unary RPC on the server. info
 // contains all the information of this RPC the interceptor can operate on. And handler is the wrapper
 // of the service method implementation. It is the responsibility of the interceptor to invoke handler
 // to complete the RPC.
-type UnaryServerInterceptor func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (resp interface{}, err error)
+type UnaryServerInterceptor func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (resp any, err error)
 
 // StreamServerInfo consists of various information about a streaming RPC on
 // server side. All per-rpc information may be mutated by the interceptor.
@@ -101,4 +101,4 @@ type StreamServerInfo struct {
 // info contains all the information of this RPC the interceptor can operate on. And handler is the
 // service method implementation. It is the responsibility of the interceptor to invoke handler to
 // complete the RPC.
-type StreamServerInterceptor func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
+type StreamServerInterceptor func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error
diff --git a/vendor/google.golang.org/grpc/internal/backoff/backoff.go b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
index 5fc0ee3da..fed1c011a 100644
--- a/vendor/google.golang.org/grpc/internal/backoff/backoff.go
+++ b/vendor/google.golang.org/grpc/internal/backoff/backoff.go
@@ -23,6 +23,8 @@
 package backoff
 
 import (
+	"context"
+	"errors"
 	"time"
 
 	grpcbackoff "google.golang.org/grpc/backoff"
@@ -71,3 +73,37 @@ func (bc Exponential) Backoff(retries int) time.Duration {
 	}
 	return time.Duration(backoff)
 }
+
+// ErrResetBackoff is the error to be returned by the function executed by RunF,
+// to instruct the latter to reset its backoff state.
+var ErrResetBackoff = errors.New("reset backoff state")
+
+// RunF provides a convenient way to run a function f repeatedly until the
+// context expires or f returns a non-nil error that is not ErrResetBackoff.
+// When f returns ErrResetBackoff, RunF continues to run f, but resets its
+// backoff state before doing so. backoff accepts an integer representing the
+// number of retries, and returns the amount of time to backoff.
+func RunF(ctx context.Context, f func() error, backoff func(int) time.Duration) {
+	attempt := 0
+	timer := time.NewTimer(0)
+	for ctx.Err() == nil {
+		select {
+		case <-timer.C:
+		case <-ctx.Done():
+			timer.Stop()
+			return
+		}
+
+		err := f()
+		if errors.Is(err, ErrResetBackoff) {
+			timer.Reset(0)
+			attempt = 0
+			continue
+		}
+		if err != nil {
+			return
+		}
+		timer.Reset(backoff(attempt))
+		attempt++
+	}
+}
diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
index 08666f62a..3c594e6e4 100644
--- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
+++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go
@@ -200,8 +200,8 @@ func (gsb *Balancer) ExitIdle() {
 	}
 }
 
-// UpdateSubConnState forwards the update to the appropriate child.
-func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+// updateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) updateSubConnState(sc balancer.SubConn, state balancer.SubConnState, cb func(balancer.SubConnState)) {
 	gsb.currentMu.Lock()
 	defer gsb.currentMu.Unlock()
 	gsb.mu.Lock()
@@ -214,13 +214,26 @@ func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubC
 	} else if gsb.balancerPending != nil && gsb.balancerPending.subconns[sc] {
 		balToUpdate = gsb.balancerPending
 	}
-	gsb.mu.Unlock()
 	if balToUpdate == nil {
 		// SubConn belonged to a stale lb policy that has not yet fully closed,
 		// or the balancer was already closed.
+		gsb.mu.Unlock()
 		return
 	}
-	balToUpdate.UpdateSubConnState(sc, state)
+	if state.ConnectivityState == connectivity.Shutdown {
+		delete(balToUpdate.subconns, sc)
+	}
+	gsb.mu.Unlock()
+	if cb != nil {
+		cb(state)
+	} else {
+		balToUpdate.UpdateSubConnState(sc, state)
+	}
+}
+
+// UpdateSubConnState forwards the update to the appropriate child.
+func (gsb *Balancer) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
+	gsb.updateSubConnState(sc, state, nil)
 }
 
 // Close closes any active child balancers.
@@ -242,7 +255,7 @@ func (gsb *Balancer) Close() {
 //
 // It implements the balancer.ClientConn interface and is passed down in that
 // capacity to the wrapped balancer. It maintains a set of subConns created by
-// the wrapped balancer and calls from the latter to create/update/remove
+// the wrapped balancer and calls from the latter to create/update/shutdown
 // SubConns update this set before being forwarded to the parent ClientConn.
 // State updates from the wrapped balancer can result in invocation of the
 // graceful switch logic.
@@ -254,21 +267,10 @@ type balancerWrapper struct {
 	subconns  map[balancer.SubConn]bool // subconns created by this balancer
 }
 
-func (bw *balancerWrapper) UpdateSubConnState(sc balancer.SubConn, state balancer.SubConnState) {
-	if state.ConnectivityState == connectivity.Shutdown {
-		bw.gsb.mu.Lock()
-		delete(bw.subconns, sc)
-		bw.gsb.mu.Unlock()
-	}
-	// There is no need to protect this read with a mutex, as the write to the
-	// Balancer field happens in SwitchTo, which completes before this can be
-	// called.
-	bw.Balancer.UpdateSubConnState(sc, state)
-}
-
-// Close closes the underlying LB policy and removes the subconns it created. bw
-// must not be referenced via balancerCurrent or balancerPending in gsb when
-// called. gsb.mu must not be held.  Does not panic with a nil receiver.
+// Close closes the underlying LB policy and shuts down the subconns it
+// created. bw must not be referenced via balancerCurrent or balancerPending in
+// gsb when called. gsb.mu must not be held.  Does not panic with a nil
+// receiver.
 func (bw *balancerWrapper) Close() {
 	// before Close is called.
 	if bw == nil {
@@ -281,7 +283,7 @@ func (bw *balancerWrapper) Close() {
 	bw.Balancer.Close()
 	bw.gsb.mu.Lock()
 	for sc := range bw.subconns {
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 	}
 	bw.gsb.mu.Unlock()
 }
@@ -335,13 +337,16 @@ func (bw *balancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.Ne
 	}
 	bw.gsb.mu.Unlock()
 
+	var sc balancer.SubConn
+	oldListener := opts.StateListener
+	opts.StateListener = func(state balancer.SubConnState) { bw.gsb.updateSubConnState(sc, state, oldListener) }
 	sc, err := bw.gsb.cc.NewSubConn(addrs, opts)
 	if err != nil {
 		return nil, err
 	}
 	bw.gsb.mu.Lock()
 	if !bw.gsb.balancerCurrentOrPending(bw) { // balancer was closed during this call
-		bw.gsb.cc.RemoveSubConn(sc)
+		sc.Shutdown()
 		bw.gsb.mu.Unlock()
 		return nil, fmt.Errorf("%T at address %p that called NewSubConn is deleted", bw, bw)
 	}
@@ -360,13 +365,9 @@ func (bw *balancerWrapper) ResolveNow(opts resolver.ResolveNowOptions) {
 }
 
 func (bw *balancerWrapper) RemoveSubConn(sc balancer.SubConn) {
-	bw.gsb.mu.Lock()
-	if !bw.gsb.balancerCurrentOrPending(bw) {
-		bw.gsb.mu.Unlock()
-		return
-	}
-	bw.gsb.mu.Unlock()
-	bw.gsb.cc.RemoveSubConn(sc)
+	// Note: existing third party balancers may call this, so it must remain
+	// until RemoveSubConn is fully removed.
+	sc.Shutdown()
 }
 
 func (bw *balancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
diff --git a/vendor/google.golang.org/grpc/internal/balancerload/load.go b/vendor/google.golang.org/grpc/internal/balancerload/load.go
index 3a905d966..94a08d687 100644
--- a/vendor/google.golang.org/grpc/internal/balancerload/load.go
+++ b/vendor/google.golang.org/grpc/internal/balancerload/load.go
@@ -25,7 +25,7 @@ import (
 // Parser converts loads from metadata into a concrete type.
 type Parser interface {
 	// Parse parses loads from metadata.
-	Parse(md metadata.MD) interface{}
+	Parse(md metadata.MD) any
 }
 
 var parser Parser
@@ -38,7 +38,7 @@ func SetParser(lr Parser) {
 }
 
 // Parse calls parser.Read().
-func Parse(md metadata.MD) interface{} {
+func Parse(md metadata.MD) any {
 	if parser == nil {
 		return nil
 	}
diff --git a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
index 6c3f63221..0f31274a3 100644
--- a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
+++ b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
@@ -230,7 +230,7 @@ type ClientMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ClientMessage) toProto() *binlogpb.GrpcLogEntry {
@@ -270,7 +270,7 @@ type ServerMessage struct {
 	OnClientSide bool
 	// Message can be a proto.Message or []byte. Other messages formats are not
 	// supported.
-	Message interface{}
+	Message any
 }
 
 func (c *ServerMessage) toProto() *binlogpb.GrpcLogEntry {
diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
index 81c2f5fd7..4399c3df4 100644
--- a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
+++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go
@@ -28,25 +28,25 @@ import "sync"
 // the underlying mutex used for synchronization.
 //
 // Unbounded supports values of any type to be stored in it by using a channel
-// of `interface{}`. This means that a call to Put() incurs an extra memory
-// allocation, and also that users need a type assertion while reading. For
-// performance critical code paths, using Unbounded is strongly discouraged and
-// defining a new type specific implementation of this buffer is preferred. See
+// of `any`. This means that a call to Put() incurs an extra memory allocation,
+// and also that users need a type assertion while reading. For performance
+// critical code paths, using Unbounded is strongly discouraged and defining a
+// new type specific implementation of this buffer is preferred. See
 // internal/transport/transport.go for an example of this.
 type Unbounded struct {
-	c       chan interface{}
+	c       chan any
 	closed  bool
 	mu      sync.Mutex
-	backlog []interface{}
+	backlog []any
 }
 
 // NewUnbounded returns a new instance of Unbounded.
 func NewUnbounded() *Unbounded {
-	return &Unbounded{c: make(chan interface{}, 1)}
+	return &Unbounded{c: make(chan any, 1)}
 }
 
 // Put adds t to the unbounded buffer.
-func (b *Unbounded) Put(t interface{}) {
+func (b *Unbounded) Put(t any) {
 	b.mu.Lock()
 	defer b.mu.Unlock()
 	if b.closed {
@@ -89,7 +89,7 @@ func (b *Unbounded) Load() {
 //
 // If the unbounded buffer is closed, the read channel returned by this method
 // is closed.
-func (b *Unbounded) Get() <-chan interface{} {
+func (b *Unbounded) Get() <-chan any {
 	return b.c
 }
 
diff --git a/vendor/google.golang.org/grpc/internal/channelz/funcs.go b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
index 777cbcd79..5395e7752 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/funcs.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/funcs.go
@@ -24,9 +24,7 @@
 package channelz
 
 import (
-	"context"
 	"errors"
-	"fmt"
 	"sort"
 	"sync"
 	"sync/atomic"
@@ -40,8 +38,11 @@ const (
 )
 
 var (
-	db    dbWrapper
-	idGen idGenerator
+	// IDGen is the global channelz entity ID generator.  It should not be used
+	// outside this package except by tests.
+	IDGen IDGenerator
+
+	db dbWrapper
 	// EntryPerPage defines the number of channelz entries to be shown on a web page.
 	EntryPerPage  = int64(50)
 	curState      int32
@@ -52,14 +53,14 @@ var (
 func TurnOn() {
 	if !IsOn() {
 		db.set(newChannelMap())
-		idGen.reset()
+		IDGen.Reset()
 		atomic.StoreInt32(&curState, 1)
 	}
 }
 
 // IsOn returns whether channelz data collection is on.
 func IsOn() bool {
-	return atomic.CompareAndSwapInt32(&curState, 1, 1)
+	return atomic.LoadInt32(&curState) == 1
 }
 
 // SetMaxTraceEntry sets maximum number of trace entry per entity (i.e. channel/subchannel).
@@ -97,43 +98,6 @@ func (d *dbWrapper) get() *channelMap {
 	return d.DB
 }
 
-// NewChannelzStorageForTesting initializes channelz data storage and id
-// generator for testing purposes.
-//
-// Returns a cleanup function to be invoked by the test, which waits for up to
-// 10s for all channelz state to be reset by the grpc goroutines when those
-// entities get closed. This cleanup function helps with ensuring that tests
-// don't mess up each other.
-func NewChannelzStorageForTesting() (cleanup func() error) {
-	db.set(newChannelMap())
-	idGen.reset()
-
-	return func() error {
-		cm := db.get()
-		if cm == nil {
-			return nil
-		}
-
-		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-		defer cancel()
-		ticker := time.NewTicker(10 * time.Millisecond)
-		defer ticker.Stop()
-		for {
-			cm.mu.RLock()
-			topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets := len(cm.topLevelChannels), len(cm.servers), len(cm.channels), len(cm.subChannels), len(cm.listenSockets), len(cm.normalSockets)
-			cm.mu.RUnlock()
-
-			if err := ctx.Err(); err != nil {
-				return fmt.Errorf("after 10s the channelz map has not been cleaned up yet, topchannels: %d, servers: %d, channels: %d, subchannels: %d, listen sockets: %d, normal sockets: %d", topLevelChannels, servers, channels, subChannels, listenSockets, normalSockets)
-			}
-			if topLevelChannels == 0 && servers == 0 && channels == 0 && subChannels == 0 && listenSockets == 0 && normalSockets == 0 {
-				return nil
-			}
-			<-ticker.C
-		}
-	}
-}
-
 // GetTopChannels returns a slice of top channel's ChannelMetric, along with a
 // boolean indicating whether there's more top channels to be queried for.
 //
@@ -193,7 +157,7 @@ func GetServer(id int64) *ServerMetric {
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterChannel(c Channel, pid *Identifier, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	var parent int64
 	isTopChannel := true
 	if pid != nil {
@@ -229,7 +193,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 	if pid == nil {
 		return nil, errors.New("a SubChannel's parent id cannot be nil")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefSubChannel, id, pid), nil
 	}
@@ -251,7 +215,7 @@ func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, er
 //
 // If channelz is not turned ON, the channelz database is not mutated.
 func RegisterServer(s Server, ref string) *Identifier {
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefServer, id, nil)
 	}
@@ -277,7 +241,7 @@ func RegisterListenSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a ListenSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefListenSocket, id, pid), nil
 	}
@@ -297,7 +261,7 @@ func RegisterNormalSocket(s Socket, pid *Identifier, ref string) (*Identifier, e
 	if pid == nil {
 		return nil, errors.New("a NormalSocket's parent id cannot be 0")
 	}
-	id := idGen.genID()
+	id := IDGen.genID()
 	if !IsOn() {
 		return newIdentifer(RefNormalSocket, id, pid), nil
 	}
@@ -776,14 +740,17 @@ func (c *channelMap) GetServer(id int64) *ServerMetric {
 	return sm
 }
 
-type idGenerator struct {
+// IDGenerator is an incrementing atomic that tracks IDs for channelz entities.
+type IDGenerator struct {
 	id int64
 }
 
-func (i *idGenerator) reset() {
+// Reset resets the generated ID back to zero.  Should only be used at
+// initialization or by tests sensitive to the ID number.
+func (i *IDGenerator) Reset() {
 	atomic.StoreInt64(&i.id, 0)
 }
 
-func (i *idGenerator) genID() int64 {
+func (i *IDGenerator) genID() int64 {
 	return atomic.AddInt64(&i.id, 1)
 }
diff --git a/vendor/google.golang.org/grpc/internal/channelz/logging.go b/vendor/google.golang.org/grpc/internal/channelz/logging.go
index 8e13a3d2c..f89e6f77b 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/logging.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/logging.go
@@ -31,7 +31,7 @@ func withParens(id *Identifier) string {
 }
 
 // Info logs and adds a trace event if channelz is on.
-func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtInfo,
@@ -39,7 +39,7 @@ func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Infof logs and adds a trace event if channelz is on.
-func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtInfo,
@@ -47,7 +47,7 @@ func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...inter
 }
 
 // Warning logs and adds a trace event if channelz is on.
-func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtWarning,
@@ -55,7 +55,7 @@ func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Warningf logs and adds a trace event if channelz is on.
-func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtWarning,
@@ -63,7 +63,7 @@ func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...in
 }
 
 // Error logs and adds a trace event if channelz is on.
-func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
+func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprint(args...),
 		Severity: CtError,
@@ -71,7 +71,7 @@ func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...interface{}) {
 }
 
 // Errorf logs and adds a trace event if channelz is on.
-func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...interface{}) {
+func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) {
 	AddTraceEvent(l, id, 1, &TraceEventDesc{
 		Desc:     fmt.Sprintf(format, args...),
 		Severity: CtError,
diff --git a/vendor/google.golang.org/grpc/internal/channelz/types.go b/vendor/google.golang.org/grpc/internal/channelz/types.go
index 7b2f350e2..1d4020f53 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/types.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/types.go
@@ -628,6 +628,7 @@ type tracedChannel interface {
 
 type channelTrace struct {
 	cm          *channelMap
+	clearCalled bool
 	createdTime time.Time
 	eventCount  int64
 	mu          sync.Mutex
@@ -656,6 +657,10 @@ func (c *channelTrace) append(e *TraceEvent) {
 }
 
 func (c *channelTrace) clear() {
+	if c.clearCalled {
+		return
+	}
+	c.clearCalled = true
 	c.mu.Lock()
 	for _, e := range c.events {
 		if e.RefID != 0 {
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
index 8d194e44e..98288c3f8 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_linux.go
@@ -23,7 +23,7 @@ import (
 )
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(socket interface{}) *SocketOptionData {
+func GetSocketOption(socket any) *SocketOptionData {
 	c, ok := socket.(syscall.Conn)
 	if !ok {
 		return nil
diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
index 837ddc402..b5568b22e 100644
--- a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
+++ b/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
@@ -22,6 +22,6 @@
 package channelz
 
 // GetSocketOption gets the socket option info of the conn.
-func GetSocketOption(c interface{}) *SocketOptionData {
+func GetSocketOption(c any) *SocketOptionData {
 	return nil
 }
diff --git a/vendor/google.golang.org/grpc/internal/credentials/credentials.go b/vendor/google.golang.org/grpc/internal/credentials/credentials.go
index 32c9b5903..9deee7f65 100644
--- a/vendor/google.golang.org/grpc/internal/credentials/credentials.go
+++ b/vendor/google.golang.org/grpc/internal/credentials/credentials.go
@@ -25,12 +25,12 @@ import (
 type requestInfoKey struct{}
 
 // NewRequestInfoContext creates a context with ri.
-func NewRequestInfoContext(ctx context.Context, ri interface{}) context.Context {
+func NewRequestInfoContext(ctx context.Context, ri any) context.Context {
 	return context.WithValue(ctx, requestInfoKey{}, ri)
 }
 
 // RequestInfoFromContext extracts the RequestInfo from ctx.
-func RequestInfoFromContext(ctx context.Context) interface{} {
+func RequestInfoFromContext(ctx context.Context) any {
 	return ctx.Value(requestInfoKey{})
 }
 
@@ -39,11 +39,11 @@ func RequestInfoFromContext(ctx context.Context) interface{} {
 type clientHandshakeInfoKey struct{}
 
 // ClientHandshakeInfoFromContext extracts the ClientHandshakeInfo from ctx.
-func ClientHandshakeInfoFromContext(ctx context.Context) interface{} {
+func ClientHandshakeInfoFromContext(ctx context.Context) any {
 	return ctx.Value(clientHandshakeInfoKey{})
 }
 
 // NewClientHandshakeInfoContext creates a context with chi.
-func NewClientHandshakeInfoContext(ctx context.Context, chi interface{}) context.Context {
+func NewClientHandshakeInfoContext(ctx context.Context, chi any) context.Context {
 	return context.WithValue(ctx, clientHandshakeInfoKey{}, chi)
 }
diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
index 77c2c0b89..3cf10ddfb 100644
--- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
+++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go
@@ -37,9 +37,12 @@ var (
 	// checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M).
 	RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024)
 	// PickFirstLBConfig is set if we should support configuration of the
-	// pick_first LB policy, which can be enabled by setting the environment
-	// variable "GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG" to "true".
-	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", false)
+	// pick_first LB policy.
+	PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", true)
+	// LeastRequestLB is set if we should support the least_request_experimental
+	// LB policy, which can be enabled by setting the environment variable
+	// "GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST" to "true".
+	LeastRequestLB = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST", false)
 	// ALTSMaxConcurrentHandshakes is the maximum number of concurrent ALTS
 	// handshakes that can be performed.
 	ALTSMaxConcurrentHandshakes = uint64FromEnv("GRPC_ALTS_MAX_CONCURRENT_HANDSHAKES", 100, 1, 100)
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
index b68e26a36..bfc45102a 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go
@@ -30,7 +30,7 @@ var Logger LoggerV2
 var DepthLogger DepthLoggerV2
 
 // InfoDepth logs to the INFO log at the specified depth.
-func InfoDepth(depth int, args ...interface{}) {
+func InfoDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.InfoDepth(depth, args...)
 	} else {
@@ -39,7 +39,7 @@ func InfoDepth(depth int, args ...interface{}) {
 }
 
 // WarningDepth logs to the WARNING log at the specified depth.
-func WarningDepth(depth int, args ...interface{}) {
+func WarningDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.WarningDepth(depth, args...)
 	} else {
@@ -48,7 +48,7 @@ func WarningDepth(depth int, args ...interface{}) {
 }
 
 // ErrorDepth logs to the ERROR log at the specified depth.
-func ErrorDepth(depth int, args ...interface{}) {
+func ErrorDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.ErrorDepth(depth, args...)
 	} else {
@@ -57,7 +57,7 @@ func ErrorDepth(depth int, args ...interface{}) {
 }
 
 // FatalDepth logs to the FATAL log at the specified depth.
-func FatalDepth(depth int, args ...interface{}) {
+func FatalDepth(depth int, args ...any) {
 	if DepthLogger != nil {
 		DepthLogger.FatalDepth(depth, args...)
 	} else {
@@ -71,35 +71,35 @@ func FatalDepth(depth int, args ...interface{}) {
 // is defined here to avoid a circular dependency.
 type LoggerV2 interface {
 	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
+	Info(args ...any)
 	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
+	Infoln(args ...any)
 	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
+	Infof(format string, args ...any)
 	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
+	Warning(args ...any)
 	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
+	Warningln(args ...any)
 	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
+	Warningf(format string, args ...any)
 	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
+	Error(args ...any)
 	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
+	Errorln(args ...any)
 	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
+	Errorf(format string, args ...any)
 	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
+	Fatal(args ...any)
 	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
+	Fatalln(args ...any)
 	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
 	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
 	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
+	Fatalf(format string, args ...any)
 	// V reports whether verbosity level l is at least the requested verbose level.
 	V(l int) bool
 }
@@ -116,11 +116,11 @@ type LoggerV2 interface {
 // later release.
 type DepthLoggerV2 interface {
 	// InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	InfoDepth(depth int, args ...interface{})
+	InfoDepth(depth int, args ...any)
 	// WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	WarningDepth(depth int, args ...interface{})
+	WarningDepth(depth int, args ...any)
 	// ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	ErrorDepth(depth int, args ...interface{})
+	ErrorDepth(depth int, args ...any)
 	// FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println.
-	FatalDepth(depth int, args ...interface{})
+	FatalDepth(depth int, args ...any)
 }
diff --git a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
index 02224b42c..faa998de7 100644
--- a/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
+++ b/vendor/google.golang.org/grpc/internal/grpclog/prefixLogger.go
@@ -31,7 +31,7 @@ type PrefixLogger struct {
 }
 
 // Infof does info logging.
-func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
+func (pl *PrefixLogger) Infof(format string, args ...any) {
 	if pl != nil {
 		// Handle nil, so the tests can pass in a nil logger.
 		format = pl.prefix + format
@@ -42,7 +42,7 @@ func (pl *PrefixLogger) Infof(format string, args ...interface{}) {
 }
 
 // Warningf does warning logging.
-func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Warningf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.WarningDepth(1, fmt.Sprintf(format, args...))
@@ -52,7 +52,7 @@ func (pl *PrefixLogger) Warningf(format string, args ...interface{}) {
 }
 
 // Errorf does error logging.
-func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Errorf(format string, args ...any) {
 	if pl != nil {
 		format = pl.prefix + format
 		pl.logger.ErrorDepth(1, fmt.Sprintf(format, args...))
@@ -62,7 +62,7 @@ func (pl *PrefixLogger) Errorf(format string, args ...interface{}) {
 }
 
 // Debugf does info logging at verbose level 2.
-func (pl *PrefixLogger) Debugf(format string, args ...interface{}) {
+func (pl *PrefixLogger) Debugf(format string, args ...any) {
 	// TODO(6044): Refactor interfaces LoggerV2 and DepthLogger, and maybe
 	// rewrite PrefixLogger a little to ensure that we don't use the global
 	// `Logger` here, and instead use the `logger` field.
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
index 37b8d4117..900917dbe 100644
--- a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go
@@ -32,10 +32,10 @@ import (
 //
 // This type is safe for concurrent access.
 type CallbackSerializer struct {
-	// Done is closed once the serializer is shut down completely, i.e all
+	// done is closed once the serializer is shut down completely, i.e all
 	// scheduled callbacks are executed and the serializer has deallocated all
 	// its resources.
-	Done chan struct{}
+	done chan struct{}
 
 	callbacks *buffer.Unbounded
 	closedMu  sync.Mutex
@@ -48,12 +48,12 @@ type CallbackSerializer struct {
 // callbacks will be added once this context is canceled, and any pending un-run
 // callbacks will be executed before the serializer is shut down.
 func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
-	t := &CallbackSerializer{
-		Done:      make(chan struct{}),
+	cs := &CallbackSerializer{
+		done:      make(chan struct{}),
 		callbacks: buffer.NewUnbounded(),
 	}
-	go t.run(ctx)
-	return t
+	go cs.run(ctx)
+	return cs
 }
 
 // Schedule adds a callback to be scheduled after existing callbacks are run.
@@ -64,56 +64,62 @@ func NewCallbackSerializer(ctx context.Context) *CallbackSerializer {
 // Return value indicates if the callback was successfully added to the list of
 // callbacks to be executed by the serializer. It is not possible to add
 // callbacks once the context passed to NewCallbackSerializer is cancelled.
-func (t *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
-	t.closedMu.Lock()
-	defer t.closedMu.Unlock()
+func (cs *CallbackSerializer) Schedule(f func(ctx context.Context)) bool {
+	cs.closedMu.Lock()
+	defer cs.closedMu.Unlock()
 
-	if t.closed {
+	if cs.closed {
 		return false
 	}
-	t.callbacks.Put(f)
+	cs.callbacks.Put(f)
 	return true
 }
 
-func (t *CallbackSerializer) run(ctx context.Context) {
+func (cs *CallbackSerializer) run(ctx context.Context) {
 	var backlog []func(context.Context)
 
-	defer close(t.Done)
+	defer close(cs.done)
 	for ctx.Err() == nil {
 		select {
 		case <-ctx.Done():
 			// Do nothing here. Next iteration of the for loop will not happen,
 			// since ctx.Err() would be non-nil.
-		case callback, ok := <-t.callbacks.Get():
+		case callback, ok := <-cs.callbacks.Get():
 			if !ok {
 				return
 			}
-			t.callbacks.Load()
+			cs.callbacks.Load()
 			callback.(func(ctx context.Context))(ctx)
 		}
 	}
 
 	// Fetch pending callbacks if any, and execute them before returning from
-	// this method and closing t.Done.
-	t.closedMu.Lock()
-	t.closed = true
-	backlog = t.fetchPendingCallbacks()
-	t.callbacks.Close()
-	t.closedMu.Unlock()
+	// this method and closing cs.done.
+	cs.closedMu.Lock()
+	cs.closed = true
+	backlog = cs.fetchPendingCallbacks()
+	cs.callbacks.Close()
+	cs.closedMu.Unlock()
 	for _, b := range backlog {
 		b(ctx)
 	}
 }
 
-func (t *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
+func (cs *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) {
 	var backlog []func(context.Context)
 	for {
 		select {
-		case b := <-t.callbacks.Get():
+		case b := <-cs.callbacks.Get():
 			backlog = append(backlog, b.(func(context.Context)))
-			t.callbacks.Load()
+			cs.callbacks.Load()
 		default:
 			return backlog
 		}
 	}
 }
+
+// Done returns a channel that is closed after the context passed to
+// NewCallbackSerializer is canceled and all callbacks have been executed.
+func (cs *CallbackSerializer) Done() <-chan struct{} {
+	return cs.done
+}
diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go b/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
index f58b5ffa6..aef8cec1a 100644
--- a/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
+++ b/vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go
@@ -29,7 +29,7 @@ import (
 type Subscriber interface {
 	// OnMessage is invoked when a new message is published. Implementations
 	// must not block in this method.
-	OnMessage(msg interface{})
+	OnMessage(msg any)
 }
 
 // PubSub is a simple one-to-many publish-subscribe system that supports
@@ -40,25 +40,23 @@ type Subscriber interface {
 // subscribers interested in receiving these messages register a callback
 // via the Subscribe() method.
 //
-// Once a PubSub is stopped, no more messages can be published, and
-// it is guaranteed that no more subscriber callback will be invoked.
+// Once a PubSub is stopped, no more messages can be published, but any pending
+// published messages will be delivered to the subscribers.  Done may be used
+// to determine when all published messages have been delivered.
 type PubSub struct {
-	cs     *CallbackSerializer
-	cancel context.CancelFunc
+	cs *CallbackSerializer
 
 	// Access to the below fields are guarded by this mutex.
 	mu          sync.Mutex
-	msg         interface{}
+	msg         any
 	subscribers map[Subscriber]bool
-	stopped     bool
 }
 
-// NewPubSub returns a new PubSub instance.
-func NewPubSub() *PubSub {
-	ctx, cancel := context.WithCancel(context.Background())
+// NewPubSub returns a new PubSub instance.  Users should cancel the
+// provided context to shutdown the PubSub.
+func NewPubSub(ctx context.Context) *PubSub {
 	return &PubSub{
 		cs:          NewCallbackSerializer(ctx),
-		cancel:      cancel,
 		subscribers: map[Subscriber]bool{},
 	}
 }
@@ -75,10 +73,6 @@ func (ps *PubSub) Subscribe(sub Subscriber) (cancel func()) {
 	ps.mu.Lock()
 	defer ps.mu.Unlock()
 
-	if ps.stopped {
-		return func() {}
-	}
-
 	ps.subscribers[sub] = true
 
 	if ps.msg != nil {
@@ -102,14 +96,10 @@ func (ps *PubSub) Subscribe(sub Subscriber) (cancel func()) {
 
 // Publish publishes the provided message to the PubSub, and invokes
 // callbacks registered by subscribers asynchronously.
-func (ps *PubSub) Publish(msg interface{}) {
+func (ps *PubSub) Publish(msg any) {
 	ps.mu.Lock()
 	defer ps.mu.Unlock()
 
-	if ps.stopped {
-		return
-	}
-
 	ps.msg = msg
 	for sub := range ps.subscribers {
 		s := sub
@@ -124,13 +114,8 @@ func (ps *PubSub) Publish(msg interface{}) {
 	}
 }
 
-// Stop shuts down the PubSub and releases any resources allocated by it.
-// It is guaranteed that no subscriber callbacks would be invoked once this
-// method returns.
-func (ps *PubSub) Stop() {
-	ps.mu.Lock()
-	defer ps.mu.Unlock()
-	ps.stopped = true
-
-	ps.cancel()
+// Done returns a channel that is closed after the context passed to NewPubSub
+// is canceled and all updates have been sent to subscribers.
+func (ps *PubSub) Done() <-chan struct{} {
+	return ps.cs.Done()
 }
diff --git a/vendor/google.golang.org/grpc/idle.go b/vendor/google.golang.org/grpc/internal/idle/idle.go
similarity index 61%
rename from vendor/google.golang.org/grpc/idle.go
rename to vendor/google.golang.org/grpc/internal/idle/idle.go
index dc3dc72f6..6c272476e 100644
--- a/vendor/google.golang.org/grpc/idle.go
+++ b/vendor/google.golang.org/grpc/internal/idle/idle.go
@@ -16,7 +16,9 @@
  *
  */
 
-package grpc
+// Package idle contains a component for managing idleness (entering and exiting)
+// based on RPC activity.
+package idle
 
 import (
 	"fmt"
@@ -24,6 +26,8 @@ import (
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"google.golang.org/grpc/grpclog"
 )
 
 // For overriding in unit tests.
@@ -31,31 +35,31 @@ var timeAfterFunc = func(d time.Duration, f func()) *time.Timer {
 	return time.AfterFunc(d, f)
 }
 
-// idlenessEnforcer is the functionality provided by grpc.ClientConn to enter
+// Enforcer is the functionality provided by grpc.ClientConn to enter
 // and exit from idle mode.
-type idlenessEnforcer interface {
-	exitIdleMode() error
-	enterIdleMode() error
+type Enforcer interface {
+	ExitIdleMode() error
+	EnterIdleMode() error
 }
 
-// idlenessManager defines the functionality required to track RPC activity on a
+// Manager defines the functionality required to track RPC activity on a
 // channel.
-type idlenessManager interface {
-	onCallBegin() error
-	onCallEnd()
-	close()
+type Manager interface {
+	OnCallBegin() error
+	OnCallEnd()
+	Close()
 }
 
-type noopIdlenessManager struct{}
+type noopManager struct{}
 
-func (noopIdlenessManager) onCallBegin() error { return nil }
-func (noopIdlenessManager) onCallEnd()         {}
-func (noopIdlenessManager) close()             {}
+func (noopManager) OnCallBegin() error { return nil }
+func (noopManager) OnCallEnd()         {}
+func (noopManager) Close()             {}
 
-// idlenessManagerImpl implements the idlenessManager interface. It uses atomic
-// operations to synchronize access to shared state and a mutex to guarantee
-// mutual exclusion in a critical section.
-type idlenessManagerImpl struct {
+// manager implements the Manager interface. It uses atomic operations to
+// synchronize access to shared state and a mutex to guarantee mutual exclusion
+// in a critical section.
+type manager struct {
 	// State accessed atomically.
 	lastCallEndTime           int64 // Unix timestamp in nanos; time when the most recent RPC completed.
 	activeCallsCount          int32 // Count of active RPCs; -math.MaxInt32 means channel is idle or is trying to get there.
@@ -64,14 +68,15 @@ type idlenessManagerImpl struct {
 
 	// Can be accessed without atomics or mutex since these are set at creation
 	// time and read-only after that.
-	enforcer idlenessEnforcer // Functionality provided by grpc.ClientConn.
-	timeout  int64            // Idle timeout duration nanos stored as an int64.
+	enforcer Enforcer // Functionality provided by grpc.ClientConn.
+	timeout  int64    // Idle timeout duration nanos stored as an int64.
+	logger   grpclog.LoggerV2
 
 	// idleMu is used to guarantee mutual exclusion in two scenarios:
 	// - Opposing intentions:
 	//   - a: Idle timeout has fired and handleIdleTimeout() is trying to put
 	//     the channel in idle mode because the channel has been inactive.
-	//   - b: At the same time an RPC is made on the channel, and onCallBegin()
+	//   - b: At the same time an RPC is made on the channel, and OnCallBegin()
 	//     is trying to prevent the channel from going idle.
 	// - Competing intentions:
 	//   - The channel is in idle mode and there are multiple RPCs starting at
@@ -83,28 +88,37 @@ type idlenessManagerImpl struct {
 	timer        *time.Timer
 }
 
-// newIdlenessManager creates a new idleness manager implementation for the
+// ManagerOptions is a collection of options used by
+// NewManager.
+type ManagerOptions struct {
+	Enforcer Enforcer
+	Timeout  time.Duration
+	Logger   grpclog.LoggerV2
+}
+
+// NewManager creates a new idleness manager implementation for the
 // given idle timeout.
-func newIdlenessManager(enforcer idlenessEnforcer, idleTimeout time.Duration) idlenessManager {
-	if idleTimeout == 0 {
-		return noopIdlenessManager{}
+func NewManager(opts ManagerOptions) Manager {
+	if opts.Timeout == 0 {
+		return noopManager{}
 	}
 
-	i := &idlenessManagerImpl{
-		enforcer: enforcer,
-		timeout:  int64(idleTimeout),
+	m := &manager{
+		enforcer: opts.Enforcer,
+		timeout:  int64(opts.Timeout),
+		logger:   opts.Logger,
 	}
-	i.timer = timeAfterFunc(idleTimeout, i.handleIdleTimeout)
-	return i
+	m.timer = timeAfterFunc(opts.Timeout, m.handleIdleTimeout)
+	return m
 }
 
 // resetIdleTimer resets the idle timer to the given duration. This method
 // should only be called from the timer callback.
-func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) resetIdleTimer(d time.Duration) {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if i.timer == nil {
+	if m.timer == nil {
 		// Only close sets timer to nil. We are done.
 		return
 	}
@@ -112,47 +126,47 @@ func (i *idlenessManagerImpl) resetIdleTimer(d time.Duration) {
 	// It is safe to ignore the return value from Reset() because this method is
 	// only ever called from the timer callback, which means the timer has
 	// already fired.
-	i.timer.Reset(d)
+	m.timer.Reset(d)
 }
 
 // handleIdleTimeout is the timer callback that is invoked upon expiry of the
 // configured idle timeout. The channel is considered inactive if there are no
 // ongoing calls and no RPC activity since the last time the timer fired.
-func (i *idlenessManagerImpl) handleIdleTimeout() {
-	if i.isClosed() {
+func (m *manager) handleIdleTimeout() {
+	if m.isClosed() {
 		return
 	}
 
-	if atomic.LoadInt32(&i.activeCallsCount) > 0 {
-		i.resetIdleTimer(time.Duration(i.timeout))
+	if atomic.LoadInt32(&m.activeCallsCount) > 0 {
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// There has been activity on the channel since we last got here. Reset the
 	// timer and return.
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// Set the timer to fire after a duration of idle timeout, calculated
 		// from the time the most recent RPC completed.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 0)
-		i.resetIdleTimer(time.Duration(atomic.LoadInt64(&i.lastCallEndTime) + i.timeout - time.Now().UnixNano()))
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 0)
+		m.resetIdleTimer(time.Duration(atomic.LoadInt64(&m.lastCallEndTime) + m.timeout - time.Now().UnixNano()))
 		return
 	}
 
 	// This CAS operation is extremely likely to succeed given that there has
 	// been no activity since the last time we were here.  Setting the
-	// activeCallsCount to -math.MaxInt32 indicates to onCallBegin() that the
+	// activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() that the
 	// channel is either in idle mode or is trying to get there.
-	if !atomic.CompareAndSwapInt32(&i.activeCallsCount, 0, -math.MaxInt32) {
+	if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) {
 		// This CAS operation can fail if an RPC started after we checked for
 		// activity at the top of this method, or one was ongoing from before
 		// the last time we were here. In both case, reset the timer and return.
-		i.resetIdleTimer(time.Duration(i.timeout))
+		m.resetIdleTimer(time.Duration(m.timeout))
 		return
 	}
 
 	// Now that we've set the active calls count to -math.MaxInt32, it's time to
 	// actually move to idle mode.
-	if i.tryEnterIdleMode() {
+	if m.tryEnterIdleMode() {
 		// Successfully entered idle mode. No timer needed until we exit idle.
 		return
 	}
@@ -160,8 +174,8 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 	// Failed to enter idle mode due to a concurrent RPC that kept the channel
 	// active, or because of an error from the channel. Undo the attempt to
 	// enter idle, and reset the timer to try again later.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.resetIdleTimer(time.Duration(i.timeout))
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.resetIdleTimer(time.Duration(m.timeout))
 }
 
 // tryEnterIdleMode instructs the channel to enter idle mode. But before
@@ -171,15 +185,15 @@ func (i *idlenessManagerImpl) handleIdleTimeout() {
 // Return value indicates whether or not the channel moved to idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with exitIdleMode.
-func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) tryEnterIdleMode() bool {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if atomic.LoadInt32(&i.activeCallsCount) != -math.MaxInt32 {
+	if atomic.LoadInt32(&m.activeCallsCount) != -math.MaxInt32 {
 		// We raced and lost to a new RPC. Very rare, but stop entering idle.
 		return false
 	}
-	if atomic.LoadInt32(&i.activeSinceLastTimerCheck) == 1 {
+	if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 {
 		// An very short RPC could have come in (and also finished) after we
 		// checked for calls count and activity in handleIdleTimeout(), but
 		// before the CAS operation. So, we need to check for activity again.
@@ -189,99 +203,99 @@ func (i *idlenessManagerImpl) tryEnterIdleMode() bool {
 	// No new RPCs have come in since we last set the active calls count value
 	// -math.MaxInt32 in the timer callback. And since we have the lock, it is
 	// safe to enter idle mode now.
-	if err := i.enforcer.enterIdleMode(); err != nil {
-		logger.Errorf("Failed to enter idle mode: %v", err)
+	if err := m.enforcer.EnterIdleMode(); err != nil {
+		m.logger.Errorf("Failed to enter idle mode: %v", err)
 		return false
 	}
 
 	// Successfully entered idle mode.
-	i.actuallyIdle = true
+	m.actuallyIdle = true
 	return true
 }
 
-// onCallBegin is invoked at the start of every RPC.
-func (i *idlenessManagerImpl) onCallBegin() error {
-	if i.isClosed() {
+// OnCallBegin is invoked at the start of every RPC.
+func (m *manager) OnCallBegin() error {
+	if m.isClosed() {
 		return nil
 	}
 
-	if atomic.AddInt32(&i.activeCallsCount, 1) > 0 {
+	if atomic.AddInt32(&m.activeCallsCount, 1) > 0 {
 		// Channel is not idle now. Set the activity bit and allow the call.
-		atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+		atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 		return nil
 	}
 
 	// Channel is either in idle mode or is in the process of moving to idle
 	// mode. Attempt to exit idle mode to allow this RPC.
-	if err := i.exitIdleMode(); err != nil {
+	if err := m.exitIdleMode(); err != nil {
 		// Undo the increment to calls count, and return an error causing the
 		// RPC to fail.
-		atomic.AddInt32(&i.activeCallsCount, -1)
+		atomic.AddInt32(&m.activeCallsCount, -1)
 		return err
 	}
 
-	atomic.StoreInt32(&i.activeSinceLastTimerCheck, 1)
+	atomic.StoreInt32(&m.activeSinceLastTimerCheck, 1)
 	return nil
 }
 
 // exitIdleMode instructs the channel to exit idle mode.
 //
 // Holds idleMu which ensures mutual exclusion with tryEnterIdleMode.
-func (i *idlenessManagerImpl) exitIdleMode() error {
-	i.idleMu.Lock()
-	defer i.idleMu.Unlock()
+func (m *manager) exitIdleMode() error {
+	m.idleMu.Lock()
+	defer m.idleMu.Unlock()
 
-	if !i.actuallyIdle {
+	if !m.actuallyIdle {
 		// This can happen in two scenarios:
 		// - handleIdleTimeout() set the calls count to -math.MaxInt32 and called
 		//   tryEnterIdleMode(). But before the latter could grab the lock, an RPC
-		//   came in and onCallBegin() noticed that the calls count is negative.
+		//   came in and OnCallBegin() noticed that the calls count is negative.
 		// - Channel is in idle mode, and multiple new RPCs come in at the same
-		//   time, all of them notice a negative calls count in onCallBegin and get
+		//   time, all of them notice a negative calls count in OnCallBegin and get
 		//   here. The first one to get the lock would got the channel to exit idle.
 		//
 		// Either way, nothing to do here.
 		return nil
 	}
 
-	if err := i.enforcer.exitIdleMode(); err != nil {
+	if err := m.enforcer.ExitIdleMode(); err != nil {
 		return fmt.Errorf("channel failed to exit idle mode: %v", err)
 	}
 
 	// Undo the idle entry process. This also respects any new RPC attempts.
-	atomic.AddInt32(&i.activeCallsCount, math.MaxInt32)
-	i.actuallyIdle = false
+	atomic.AddInt32(&m.activeCallsCount, math.MaxInt32)
+	m.actuallyIdle = false
 
 	// Start a new timer to fire after the configured idle timeout.
-	i.timer = timeAfterFunc(time.Duration(i.timeout), i.handleIdleTimeout)
+	m.timer = timeAfterFunc(time.Duration(m.timeout), m.handleIdleTimeout)
 	return nil
 }
 
-// onCallEnd is invoked at the end of every RPC.
-func (i *idlenessManagerImpl) onCallEnd() {
-	if i.isClosed() {
+// OnCallEnd is invoked at the end of every RPC.
+func (m *manager) OnCallEnd() {
+	if m.isClosed() {
 		return
 	}
 
 	// Record the time at which the most recent call finished.
-	atomic.StoreInt64(&i.lastCallEndTime, time.Now().UnixNano())
+	atomic.StoreInt64(&m.lastCallEndTime, time.Now().UnixNano())
 
 	// Decrement the active calls count. This count can temporarily go negative
 	// when the timer callback is in the process of moving the channel to idle
 	// mode, but one or more RPCs come in and complete before the timer callback
 	// can get done with the process of moving to idle mode.
-	atomic.AddInt32(&i.activeCallsCount, -1)
+	atomic.AddInt32(&m.activeCallsCount, -1)
 }
 
-func (i *idlenessManagerImpl) isClosed() bool {
-	return atomic.LoadInt32(&i.closed) == 1
+func (m *manager) isClosed() bool {
+	return atomic.LoadInt32(&m.closed) == 1
 }
 
-func (i *idlenessManagerImpl) close() {
-	atomic.StoreInt32(&i.closed, 1)
+func (m *manager) Close() {
+	atomic.StoreInt32(&m.closed, 1)
 
-	i.idleMu.Lock()
-	i.timer.Stop()
-	i.timer = nil
-	i.idleMu.Unlock()
+	m.idleMu.Lock()
+	m.timer.Stop()
+	m.timer = nil
+	m.idleMu.Unlock()
 }
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
index 42ff39c84..0d94c63e0 100644
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ b/vendor/google.golang.org/grpc/internal/internal.go
@@ -30,7 +30,7 @@ import (
 
 var (
 	// WithHealthCheckFunc is set by dialoptions.go
-	WithHealthCheckFunc interface{} // func (HealthChecker) DialOption
+	WithHealthCheckFunc any // func (HealthChecker) DialOption
 	// HealthCheckFunc is used to provide client-side LB channel health checking
 	HealthCheckFunc HealthChecker
 	// BalancerUnregister is exported by package balancer to unregister a balancer.
@@ -38,8 +38,12 @@ var (
 	// KeepaliveMinPingTime is the minimum ping interval.  This must be 10s by
 	// default, but tests may wish to set it lower for convenience.
 	KeepaliveMinPingTime = 10 * time.Second
+	// KeepaliveMinServerPingTime is the minimum ping interval for servers.
+	// This must be 1s by default, but tests may wish to set it lower for
+	// convenience.
+	KeepaliveMinServerPingTime = time.Second
 	// ParseServiceConfig parses a JSON representation of the service config.
-	ParseServiceConfig interface{} // func(string) *serviceconfig.ParseResult
+	ParseServiceConfig any // func(string) *serviceconfig.ParseResult
 	// EqualServiceConfigForTesting is for testing service config generation and
 	// parsing. Both a and b should be returned by ParseServiceConfig.
 	// This function compares the config without rawJSON stripped, in case the
@@ -49,33 +53,33 @@ var (
 	// given name. This is set by package certprovider for use from xDS
 	// bootstrap code while parsing certificate provider configs in the
 	// bootstrap file.
-	GetCertificateProviderBuilder interface{} // func(string) certprovider.Builder
+	GetCertificateProviderBuilder any // func(string) certprovider.Builder
 	// GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo
 	// stored in the passed in attributes. This is set by
 	// credentials/xds/xds.go.
-	GetXDSHandshakeInfoForTesting interface{} // func (*attributes.Attributes) *xds.HandshakeInfo
+	GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo
 	// GetServerCredentials returns the transport credentials configured on a
 	// gRPC server. An xDS-enabled server needs to know what type of credentials
 	// is configured on the underlying gRPC server. This is set by server.go.
-	GetServerCredentials interface{} // func (*grpc.Server) credentials.TransportCredentials
+	GetServerCredentials any // func (*grpc.Server) credentials.TransportCredentials
 	// CanonicalString returns the canonical string of the code defined here:
 	// https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	CanonicalString interface{} // func (codes.Code) string
+	CanonicalString any // func (codes.Code) string
 	// DrainServerTransports initiates a graceful close of existing connections
 	// on a gRPC server accepted on the provided listener address. An
 	// xDS-enabled server invokes this method on a grpc.Server when a particular
 	// listener moves to "not-serving" mode.
-	DrainServerTransports interface{} // func(*grpc.Server, string)
+	DrainServerTransports any // func(*grpc.Server, string)
 	// AddGlobalServerOptions adds an array of ServerOption that will be
 	// effective globally for newly created servers. The priority will be: 1.
 	// user-provided; 2. this method; 3. default values.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalServerOptions interface{} // func(opt ...ServerOption)
+	AddGlobalServerOptions any // func(opt ...ServerOption)
 	// ClearGlobalServerOptions clears the array of extra ServerOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -88,14 +92,14 @@ var (
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	AddGlobalDialOptions interface{} // func(opt ...DialOption)
+	AddGlobalDialOptions any // func(opt ...DialOption)
 	// DisableGlobalDialOptions returns a DialOption that prevents the
 	// ClientConn from applying the global DialOptions (set via
 	// AddGlobalDialOptions).
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	DisableGlobalDialOptions interface{} // func() grpc.DialOption
+	DisableGlobalDialOptions any // func() grpc.DialOption
 	// ClearGlobalDialOptions clears the array of extra DialOption. This
 	// method is useful in testing and benchmarking.
 	//
@@ -104,23 +108,26 @@ var (
 	ClearGlobalDialOptions func()
 	// JoinDialOptions combines the dial options passed as arguments into a
 	// single dial option.
-	JoinDialOptions interface{} // func(...grpc.DialOption) grpc.DialOption
+	JoinDialOptions any // func(...grpc.DialOption) grpc.DialOption
 	// JoinServerOptions combines the server options passed as arguments into a
 	// single server option.
-	JoinServerOptions interface{} // func(...grpc.ServerOption) grpc.ServerOption
+	JoinServerOptions any // func(...grpc.ServerOption) grpc.ServerOption
 
 	// WithBinaryLogger returns a DialOption that specifies the binary logger
 	// for a ClientConn.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	WithBinaryLogger interface{} // func(binarylog.Logger) grpc.DialOption
+	WithBinaryLogger any // func(binarylog.Logger) grpc.DialOption
 	// BinaryLogger returns a ServerOption that can set the binary logger for a
 	// server.
 	//
 	// This is used in the 1.0 release of gcp/observability, and thus must not be
 	// deleted or changed.
-	BinaryLogger interface{} // func(binarylog.Logger) grpc.ServerOption
+	BinaryLogger any // func(binarylog.Logger) grpc.ServerOption
+
+	// SubscribeToConnectivityStateChanges adds a grpcsync.Subscriber to a provided grpc.ClientConn
+	SubscribeToConnectivityStateChanges any // func(*grpc.ClientConn, grpcsync.Subscriber)
 
 	// NewXDSResolverWithConfigForTesting creates a new xds resolver builder using
 	// the provided xds bootstrap config instead of the global configuration from
@@ -131,7 +138,7 @@ var (
 	//
 	// This function should ONLY be used for testing and may not work with some
 	// other features, including the CSDS service.
-	NewXDSResolverWithConfigForTesting interface{} // func([]byte) (resolver.Builder, error)
+	NewXDSResolverWithConfigForTesting any // func([]byte) (resolver.Builder, error)
 
 	// RegisterRLSClusterSpecifierPluginForTesting registers the RLS Cluster
 	// Specifier Plugin for testing purposes, regardless of the XDSRLS environment
@@ -163,7 +170,17 @@ var (
 	UnregisterRBACHTTPFilterForTesting func()
 
 	// ORCAAllowAnyMinReportingInterval is for examples/orca use ONLY.
-	ORCAAllowAnyMinReportingInterval interface{} // func(so *orca.ServiceOptions)
+	ORCAAllowAnyMinReportingInterval any // func(so *orca.ServiceOptions)
+
+	// GRPCResolverSchemeExtraMetadata determines when gRPC will add extra
+	// metadata to RPCs.
+	GRPCResolverSchemeExtraMetadata string = "xds"
+
+	// EnterIdleModeForTesting gets the ClientConn to enter IDLE mode.
+	EnterIdleModeForTesting any // func(*grpc.ClientConn) error
+
+	// ExitIdleModeForTesting gets the ClientConn to exit IDLE mode.
+	ExitIdleModeForTesting any // func(*grpc.ClientConn) error
 )
 
 // HealthChecker defines the signature of the client-side LB channel health checking function.
@@ -174,7 +191,7 @@ var (
 //
 // The health checking protocol is defined at:
 // https://github.com/grpc/grpc/blob/master/doc/health-checking.md
-type HealthChecker func(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), serviceName string) error
+type HealthChecker func(ctx context.Context, newStream func(string) (any, error), setConnectivityState func(connectivity.State, error), serviceName string) error
 
 const (
 	// CredsBundleModeFallback switches GoogleDefaultCreds to fallback mode.
diff --git a/vendor/google.golang.org/grpc/internal/metadata/metadata.go b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
index c82e608e0..900bfb716 100644
--- a/vendor/google.golang.org/grpc/internal/metadata/metadata.go
+++ b/vendor/google.golang.org/grpc/internal/metadata/metadata.go
@@ -35,7 +35,7 @@ const mdKey = mdKeyType("grpc.internal.address.metadata")
 
 type mdValue metadata.MD
 
-func (m mdValue) Equal(o interface{}) bool {
+func (m mdValue) Equal(o any) bool {
 	om, ok := o.(mdValue)
 	if !ok {
 		return false
diff --git a/vendor/google.golang.org/grpc/internal/pretty/pretty.go b/vendor/google.golang.org/grpc/internal/pretty/pretty.go
index 0177af4b5..703319137 100644
--- a/vendor/google.golang.org/grpc/internal/pretty/pretty.go
+++ b/vendor/google.golang.org/grpc/internal/pretty/pretty.go
@@ -35,7 +35,7 @@ const jsonIndent = "  "
 // ToJSON marshals the input into a json string.
 //
 // If marshal fails, it falls back to fmt.Sprintf("%+v").
-func ToJSON(e interface{}) string {
+func ToJSON(e any) string {
 	switch ee := e.(type) {
 	case protov1.Message:
 		mm := jsonpb.Marshaler{Indent: jsonIndent}
diff --git a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
index c7a18a948..f0603871c 100644
--- a/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
+++ b/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
@@ -92,7 +92,7 @@ type ClientStream interface {
 	// calling RecvMsg on the same stream at the same time, but it is not safe
 	// to call SendMsg on the same stream in different goroutines. It is also
 	// not safe to call CloseSend concurrently with SendMsg.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -101,7 +101,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientInterceptor is an interceptor for gRPC client streams.
diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go
index b0ead4f54..03ef2fedd 100644
--- a/vendor/google.golang.org/grpc/internal/status/status.go
+++ b/vendor/google.golang.org/grpc/internal/status/status.go
@@ -43,13 +43,41 @@ type Status struct {
 	s *spb.Status
 }
 
+// NewWithProto returns a new status including details from statusProto.  This
+// is meant to be used by the gRPC library only.
+func NewWithProto(code codes.Code, message string, statusProto []string) *Status {
+	if len(statusProto) != 1 {
+		// No grpc-status-details bin header, or multiple; just ignore.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	st := &spb.Status{}
+	if err := proto.Unmarshal([]byte(statusProto[0]), st); err != nil {
+		// Probably not a google.rpc.Status proto; do not provide details.
+		return &Status{s: &spb.Status{Code: int32(code), Message: message}}
+	}
+	if st.Code == int32(code) {
+		// The codes match between the grpc-status header and the
+		// grpc-status-details-bin header; use the full details proto.
+		return &Status{s: st}
+	}
+	return &Status{
+		s: &spb.Status{
+			Code: int32(codes.Internal),
+			Message: fmt.Sprintf(
+				"grpc-status-details-bin mismatch: grpc-status=%v, grpc-message=%q, grpc-status-details-bin=%+v",
+				code, message, st,
+			),
+		},
+	}
+}
+
 // New returns a Status representing c and msg.
 func New(c codes.Code, msg string) *Status {
 	return &Status{s: &spb.Status{Code: int32(c), Message: msg}}
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -64,7 +92,7 @@ func Err(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Err(c, fmt.Sprintf(format, a...))
 }
 
@@ -120,11 +148,11 @@ func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
 
 // Details returns a slice of details messages attached to the status.
 // If a detail cannot be decoded, the error is returned in place of the detail.
-func (s *Status) Details() []interface{} {
+func (s *Status) Details() []any {
 	if s == nil || s.s == nil {
 		return nil
 	}
-	details := make([]interface{}, 0, len(s.s.Details))
+	details := make([]any, 0, len(s.s.Details))
 	for _, any := range s.s.Details {
 		detail := &ptypes.DynamicAny{}
 		if err := ptypes.UnmarshalAny(any, detail); err != nil {
diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
index be5a9c81e..b330ccedc 100644
--- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
+++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go
@@ -40,7 +40,7 @@ var updateHeaderTblSize = func(e *hpack.Encoder, v uint32) {
 }
 
 type itemNode struct {
-	it   interface{}
+	it   any
 	next *itemNode
 }
 
@@ -49,7 +49,7 @@ type itemList struct {
 	tail *itemNode
 }
 
-func (il *itemList) enqueue(i interface{}) {
+func (il *itemList) enqueue(i any) {
 	n := &itemNode{it: i}
 	if il.tail == nil {
 		il.head, il.tail = n, n
@@ -61,11 +61,11 @@ func (il *itemList) enqueue(i interface{}) {
 
 // peek returns the first item in the list without removing it from the
 // list.
-func (il *itemList) peek() interface{} {
+func (il *itemList) peek() any {
 	return il.head.it
 }
 
-func (il *itemList) dequeue() interface{} {
+func (il *itemList) dequeue() any {
 	if il.head == nil {
 		return nil
 	}
@@ -336,7 +336,7 @@ func (c *controlBuffer) put(it cbItem) error {
 	return err
 }
 
-func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (bool, error) {
+func (c *controlBuffer) executeAndPut(f func(it any) bool, it cbItem) (bool, error) {
 	var wakeUp bool
 	c.mu.Lock()
 	if c.err != nil {
@@ -373,7 +373,7 @@ func (c *controlBuffer) executeAndPut(f func(it interface{}) bool, it cbItem) (b
 }
 
 // Note argument f should never be nil.
-func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bool, error) {
+func (c *controlBuffer) execute(f func(it any) bool, it any) (bool, error) {
 	c.mu.Lock()
 	if c.err != nil {
 		c.mu.Unlock()
@@ -387,7 +387,7 @@ func (c *controlBuffer) execute(f func(it interface{}) bool, it interface{}) (bo
 	return true, nil
 }
 
-func (c *controlBuffer) get(block bool) (interface{}, error) {
+func (c *controlBuffer) get(block bool) (any, error) {
 	for {
 		c.mu.Lock()
 		if c.err != nil {
@@ -830,7 +830,7 @@ func (l *loopyWriter) goAwayHandler(g *goAway) error {
 	return nil
 }
 
-func (l *loopyWriter) handle(i interface{}) error {
+func (l *loopyWriter) handle(i any) error {
 	switch i := i.(type) {
 	case *incomingWindowUpdate:
 		l.incomingWindowUpdateHandler(i)
diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
index 98f80e3fa..17f7a21b5 100644
--- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go
@@ -220,18 +220,20 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 			h.Set("Grpc-Message", encodeGrpcMessage(m))
 		}
 
+		s.hdrMu.Lock()
 		if p := st.Proto(); p != nil && len(p.Details) > 0 {
+			delete(s.trailer, grpcStatusDetailsBinHeader)
 			stBytes, err := proto.Marshal(p)
 			if err != nil {
 				// TODO: return error instead, when callers are able to handle it.
 				panic(err)
 			}
 
-			h.Set("Grpc-Status-Details-Bin", encodeBinHeader(stBytes))
+			h.Set(grpcStatusDetailsBinHeader, encodeBinHeader(stBytes))
 		}
 
-		if md := s.Trailer(); len(md) > 0 {
-			for k, vv := range md {
+		if len(s.trailer) > 0 {
+			for k, vv := range s.trailer {
 				// Clients don't tolerate reading restricted headers after some non restricted ones were sent.
 				if isReservedHeader(k) {
 					continue
@@ -243,6 +245,7 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro
 				}
 			}
 		}
+		s.hdrMu.Unlock()
 	})
 
 	if err == nil { // transport has not been closed
@@ -287,7 +290,7 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) {
 }
 
 // writeCustomHeaders sets custom headers set on the stream via SetHeader
-// on the first write call (Write, WriteHeader, or WriteStatus).
+// on the first write call (Write, WriteHeader, or WriteStatus)
 func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) {
 	h := ht.rw.Header()
 
@@ -344,7 +347,7 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error {
 	return err
 }
 
-func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) {
 	// With this transport type there will be exactly 1 stream: this HTTP request.
 
 	ctx := ht.req.Context()
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 326bf0848..d6f5c4935 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -330,7 +330,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts
 		readerDone:            make(chan struct{}),
 		writerDone:            make(chan struct{}),
 		goAway:                make(chan struct{}),
-		framer:                newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize),
+		framer:                newFramer(conn, writeBufSize, readBufSize, opts.SharedWriteBuffer, maxHeaderListSize),
 		fc:                    &trInFlow{limit: uint32(icwz)},
 		scheme:                scheme,
 		activeStreams:         make(map[uint32]*Stream),
@@ -762,7 +762,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 	firstTry := true
 	var ch chan struct{}
 	transportDrainRequired := false
-	checkForStreamQuota := func(it interface{}) bool {
+	checkForStreamQuota := func(it any) bool {
 		if t.streamQuota <= 0 { // Can go negative if server decreases it.
 			if firstTry {
 				t.waitingStreams++
@@ -800,7 +800,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	var hdrListSizeErr error
-	checkForHeaderListSize := func(it interface{}) bool {
+	checkForHeaderListSize := func(it any) bool {
 		if t.maxSendHeaderListSize == nil {
 			return true
 		}
@@ -815,7 +815,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream,
 		return true
 	}
 	for {
-		success, err := t.controlBuf.executeAndPut(func(it interface{}) bool {
+		success, err := t.controlBuf.executeAndPut(func(it any) bool {
 			return checkForHeaderListSize(it) && checkForStreamQuota(it)
 		}, hdr)
 		if err != nil {
@@ -927,7 +927,7 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2.
 		rst:     rst,
 		rstCode: rstCode,
 	}
-	addBackStreamQuota := func(interface{}) bool {
+	addBackStreamQuota := func(any) bool {
 		t.streamQuota++
 		if t.streamQuota > 0 && t.waitingStreams > 0 {
 			select {
@@ -1080,7 +1080,7 @@ func (t *http2Client) updateWindow(s *Stream, n uint32) {
 // for the transport and the stream based on the current bdp
 // estimation.
 func (t *http2Client) updateFlowControl(n uint32) {
-	updateIWS := func(interface{}) bool {
+	updateIWS := func(any) bool {
 		t.initialWindowSize = int32(n)
 		t.mu.Lock()
 		for _, s := range t.activeStreams {
@@ -1233,7 +1233,7 @@ func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) {
 		}
 		updateFuncs = append(updateFuncs, updateStreamQuota)
 	}
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -1399,7 +1399,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		mdata          = make(map[string][]string)
 		contentTypeErr = "malformed header: missing HTTP content-type"
 		grpcMessage    string
-		statusGen      *status.Status
 		recvCompress   string
 		httpStatusCode *int
 		httpStatusErr  string
@@ -1434,12 +1433,6 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			rawStatusCode = codes.Code(uint32(code))
 		case "grpc-message":
 			grpcMessage = decodeGrpcMessage(hf.Value)
-		case "grpc-status-details-bin":
-			var err error
-			statusGen, err = decodeGRPCStatusDetails(hf.Value)
-			if err != nil {
-				headerError = fmt.Sprintf("transport: malformed grpc-status-details-bin: %v", err)
-			}
 		case ":status":
 			if hf.Value == "200" {
 				httpStatusErr = ""
@@ -1505,14 +1498,15 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	isHeader := false
-
-	// If headerChan hasn't been closed yet
-	if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
-		s.headerValid = true
-		if !endStream {
-			// HEADERS frame block carries a Response-Headers.
-			isHeader = true
+	// For headers, set them in s.header and close headerChan.  For trailers or
+	// trailers-only, closeStream will set the trailers and close headerChan as
+	// needed.
+	if !endStream {
+		// If headerChan hasn't been closed yet (expected, given we checked it
+		// above, but something else could have potentially closed the whole
+		// stream).
+		if atomic.CompareAndSwapUint32(&s.headerChanClosed, 0, 1) {
+			s.headerValid = true
 			// These values can be set without any synchronization because
 			// stream goroutine will read it only after seeing a closed
 			// headerChan which we'll close after setting this.
@@ -1520,15 +1514,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 			if len(mdata) > 0 {
 				s.header = mdata
 			}
-		} else {
-			// HEADERS frame block carries a Trailers-Only.
-			s.noHeaders = true
+			close(s.headerChan)
 		}
-		close(s.headerChan)
 	}
 
 	for _, sh := range t.statsHandlers {
-		if isHeader {
+		if !endStream {
 			inHeader := &stats.InHeader{
 				Client:      true,
 				WireLength:  int(frame.Header().Length),
@@ -1550,13 +1541,12 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) {
 		return
 	}
 
-	if statusGen == nil {
-		statusGen = status.New(rawStatusCode, grpcMessage)
-	}
+	status := istatus.NewWithProto(rawStatusCode, grpcMessage, mdata[grpcStatusDetailsBinHeader])
 
-	// if client received END_STREAM from server while stream was still active, send RST_STREAM
-	rst := s.getState() == streamActive
-	t.closeStream(s, io.EOF, rst, http2.ErrCodeNo, statusGen, mdata, true)
+	// If client received END_STREAM from server while stream was still active,
+	// send RST_STREAM.
+	rstStream := s.getState() == streamActive
+	t.closeStream(s, io.EOF, rstStream, http2.ErrCodeNo, status, mdata, true)
 }
 
 // readServerPreface reads and handles the initial settings frame from the
diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index 0bc7a7d57..6fa1eb419 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -165,7 +165,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 	if config.MaxHeaderListSize != nil {
 		maxHeaderListSize = *config.MaxHeaderListSize
 	}
-	framer := newFramer(conn, writeBufSize, readBufSize, maxHeaderListSize)
+	framer := newFramer(conn, writeBufSize, readBufSize, config.SharedWriteBuffer, maxHeaderListSize)
 	// Send initial settings as connection preface to client.
 	isettings := []http2.Setting{{
 		ID:  http2.SettingMaxFrameSize,
@@ -342,7 +342,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport,
 
 // operateHeaders takes action on the decoded headers. Returns an error if fatal
 // error encountered and transport needs to close, otherwise returns nil.
-func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream), traceCtx func(context.Context, string) context.Context) error {
+func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream)) error {
 	// Acquire max stream ID lock for entire duration
 	t.maxStreamMu.Lock()
 	defer t.maxStreamMu.Unlock()
@@ -561,7 +561,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	}
 	if t.inTapHandle != nil {
 		var err error
-		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method}); err != nil {
+		if s.ctx, err = t.inTapHandle(s.ctx, &tap.Info{FullMethodName: s.method, Header: mdata}); err != nil {
 			t.mu.Unlock()
 			if t.logger.V(logLevel) {
 				t.logger.Infof("Aborting the stream early due to InTapHandle failure: %v", err)
@@ -592,7 +592,6 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 	s.requestRead = func(n int) {
 		t.adjustWindow(s, uint32(n))
 	}
-	s.ctx = traceCtx(s.ctx, s.method)
 	for _, sh := range t.stats {
 		s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method})
 		inHeader := &stats.InHeader{
@@ -630,7 +629,7 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(
 // HandleStreams receives incoming streams using the given handler. This is
 // typically run in a separate goroutine.
 // traceCtx attaches trace to ctx and returns the new context.
-func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.Context, string) context.Context) {
+func (t *http2Server) HandleStreams(handle func(*Stream)) {
 	defer close(t.readerDone)
 	for {
 		t.controlBuf.throttle()
@@ -665,7 +664,7 @@ func (t *http2Server) HandleStreams(handle func(*Stream), traceCtx func(context.
 		}
 		switch frame := frame.(type) {
 		case *http2.MetaHeadersFrame:
-			if err := t.operateHeaders(frame, handle, traceCtx); err != nil {
+			if err := t.operateHeaders(frame, handle); err != nil {
 				t.Close(err)
 				break
 			}
@@ -850,7 +849,7 @@ func (t *http2Server) handleSettings(f *http2.SettingsFrame) {
 		}
 		return nil
 	})
-	t.controlBuf.executeAndPut(func(interface{}) bool {
+	t.controlBuf.executeAndPut(func(any) bool {
 		for _, f := range updateFuncs {
 			f()
 		}
@@ -934,7 +933,7 @@ func appendHeaderFieldsFromMD(headerFields []hpack.HeaderField, md metadata.MD)
 	return headerFields
 }
 
-func (t *http2Server) checkForHeaderListSize(it interface{}) bool {
+func (t *http2Server) checkForHeaderListSize(it any) bool {
 	if t.maxSendHeaderListSize == nil {
 		return true
 	}
@@ -1053,12 +1052,15 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error {
 	headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())})
 
 	if p := st.Proto(); p != nil && len(p.Details) > 0 {
+		// Do not use the user's grpc-status-details-bin (if present) if we are
+		// even attempting to set our own.
+		delete(s.trailer, grpcStatusDetailsBinHeader)
 		stBytes, err := proto.Marshal(p)
 		if err != nil {
 			// TODO: return error instead, when callers are able to handle it.
 			t.logger.Errorf("Failed to marshal rpc status: %s, error: %v", pretty.ToJSON(p), err)
 		} else {
-			headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status-details-bin", Value: encodeBinHeader(stBytes)})
+			headerFields = append(headerFields, hpack.HeaderField{Name: grpcStatusDetailsBinHeader, Value: encodeBinHeader(stBytes)})
 		}
 	}
 
diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 19cbb18f5..dc29d590e 100644
--- a/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -30,15 +30,13 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 	"unicode/utf8"
 
-	"github.com/golang/protobuf/proto"
 	"golang.org/x/net/http2"
 	"golang.org/x/net/http2/hpack"
-	spb "google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 )
 
 const (
@@ -87,6 +85,8 @@ var (
 	}
 )
 
+var grpcStatusDetailsBinHeader = "grpc-status-details-bin"
+
 // isReservedHeader checks whether hdr belongs to HTTP2 headers
 // reserved by gRPC protocol. Any other headers are classified as the
 // user-specified metadata.
@@ -102,7 +102,6 @@ func isReservedHeader(hdr string) bool {
 		"grpc-message",
 		"grpc-status",
 		"grpc-timeout",
-		"grpc-status-details-bin",
 		// Intentionally exclude grpc-previous-rpc-attempts and
 		// grpc-retry-pushback-ms, which are "reserved", but their API
 		// intentionally works via metadata.
@@ -153,18 +152,6 @@ func decodeMetadataHeader(k, v string) (string, error) {
 	return v, nil
 }
 
-func decodeGRPCStatusDetails(rawDetails string) (*status.Status, error) {
-	v, err := decodeBinHeader(rawDetails)
-	if err != nil {
-		return nil, err
-	}
-	st := &spb.Status{}
-	if err = proto.Unmarshal(v, st); err != nil {
-		return nil, err
-	}
-	return status.FromProto(st), nil
-}
-
 type timeoutUnit uint8
 
 const (
@@ -309,6 +296,7 @@ func decodeGrpcMessageUnchecked(msg string) string {
 }
 
 type bufWriter struct {
+	pool      *sync.Pool
 	buf       []byte
 	offset    int
 	batchSize int
@@ -316,12 +304,17 @@ type bufWriter struct {
 	err       error
 }
 
-func newBufWriter(conn net.Conn, batchSize int) *bufWriter {
-	return &bufWriter{
-		buf:       make([]byte, batchSize*2),
+func newBufWriter(conn net.Conn, batchSize int, pool *sync.Pool) *bufWriter {
+	w := &bufWriter{
 		batchSize: batchSize,
 		conn:      conn,
+		pool:      pool,
+	}
+	// this indicates that we should use non shared buf
+	if pool == nil {
+		w.buf = make([]byte, batchSize)
 	}
+	return w
 }
 
 func (w *bufWriter) Write(b []byte) (n int, err error) {
@@ -332,19 +325,34 @@ func (w *bufWriter) Write(b []byte) (n int, err error) {
 		n, err = w.conn.Write(b)
 		return n, toIOError(err)
 	}
+	if w.buf == nil {
+		b := w.pool.Get().(*[]byte)
+		w.buf = *b
+	}
 	for len(b) > 0 {
 		nn := copy(w.buf[w.offset:], b)
 		b = b[nn:]
 		w.offset += nn
 		n += nn
 		if w.offset >= w.batchSize {
-			err = w.Flush()
+			err = w.flushKeepBuffer()
 		}
 	}
 	return n, err
 }
 
 func (w *bufWriter) Flush() error {
+	err := w.flushKeepBuffer()
+	// Only release the buffer if we are in a "shared" mode
+	if w.buf != nil && w.pool != nil {
+		b := w.buf
+		w.pool.Put(&b)
+		w.buf = nil
+	}
+	return err
+}
+
+func (w *bufWriter) flushKeepBuffer() error {
 	if w.err != nil {
 		return w.err
 	}
@@ -381,7 +389,10 @@ type framer struct {
 	fr     *http2.Framer
 }
 
-func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderListSize uint32) *framer {
+var writeBufferPoolMap map[int]*sync.Pool = make(map[int]*sync.Pool)
+var writeBufferMutex sync.Mutex
+
+func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBuffer bool, maxHeaderListSize uint32) *framer {
 	if writeBufferSize < 0 {
 		writeBufferSize = 0
 	}
@@ -389,7 +400,11 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	if readBufferSize > 0 {
 		r = bufio.NewReaderSize(r, readBufferSize)
 	}
-	w := newBufWriter(conn, writeBufferSize)
+	var pool *sync.Pool
+	if sharedWriteBuffer {
+		pool = getWriteBufferPool(writeBufferSize)
+	}
+	w := newBufWriter(conn, writeBufferSize, pool)
 	f := &framer{
 		writer: w,
 		fr:     http2.NewFramer(w, r),
@@ -403,6 +418,24 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, maxHeaderList
 	return f
 }
 
+func getWriteBufferPool(writeBufferSize int) *sync.Pool {
+	writeBufferMutex.Lock()
+	defer writeBufferMutex.Unlock()
+	size := writeBufferSize * 2
+	pool, ok := writeBufferPoolMap[size]
+	if ok {
+		return pool
+	}
+	pool = &sync.Pool{
+		New: func() any {
+			b := make([]byte, size)
+			return &b
+		},
+	}
+	writeBufferPoolMap[size] = pool
+	return pool
+}
+
 // parseDialTarget returns the network and address to pass to dialer.
 func parseDialTarget(target string) (string, string) {
 	net := "tcp"
diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go
index aa1c89659..aac056e72 100644
--- a/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -43,10 +43,6 @@ import (
 	"google.golang.org/grpc/tap"
 )
 
-// ErrNoHeaders is used as a signal that a trailers only response was received,
-// and is not a real error.
-var ErrNoHeaders = errors.New("stream has no headers")
-
 const logLevel = 2
 
 type bufferPool struct {
@@ -56,7 +52,7 @@ type bufferPool struct {
 func newBufferPool() *bufferPool {
 	return &bufferPool{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				return new(bytes.Buffer)
 			},
 		},
@@ -390,14 +386,10 @@ func (s *Stream) Header() (metadata.MD, error) {
 	}
 	s.waitOnHeader()
 
-	if !s.headerValid {
+	if !s.headerValid || s.noHeaders {
 		return nil, s.status.Err()
 	}
 
-	if s.noHeaders {
-		return nil, ErrNoHeaders
-	}
-
 	return s.header.Copy(), nil
 }
 
@@ -559,6 +551,7 @@ type ServerConfig struct {
 	InitialConnWindowSize int32
 	WriteBufferSize       int
 	ReadBufferSize        int
+	SharedWriteBuffer     bool
 	ChannelzParentID      *channelz.Identifier
 	MaxHeaderListSize     *uint32
 	HeaderTableSize       *uint32
@@ -592,6 +585,8 @@ type ConnectOptions struct {
 	WriteBufferSize int
 	// ReadBufferSize sets the size of read buffer, which in turn determines how much data can be read at most for one read syscall.
 	ReadBufferSize int
+	// SharedWriteBuffer indicates whether connections should reuse write buffer
+	SharedWriteBuffer bool
 	// ChannelzParentID sets the addrConn id which initiate the creation of this client transport.
 	ChannelzParentID *channelz.Identifier
 	// MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received.
@@ -703,7 +698,7 @@ type ClientTransport interface {
 // Write methods for a given Stream will be called serially.
 type ServerTransport interface {
 	// HandleStreams receives incoming streams using the given handler.
-	HandleStreams(func(*Stream), func(context.Context, string) context.Context)
+	HandleStreams(func(*Stream))
 
 	// WriteHeader sends the header metadata for the given stream.
 	// WriteHeader may not be called on all streams.
@@ -736,7 +731,7 @@ type ServerTransport interface {
 }
 
 // connectionErrorf creates an ConnectionError with the specified error description.
-func connectionErrorf(temp bool, e error, format string, a ...interface{}) ConnectionError {
+func connectionErrorf(temp bool, e error, format string, a ...any) ConnectionError {
 	return ConnectionError{
 		Desc: fmt.Sprintf(format, a...),
 		temp: temp,
diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go
index 02f975951..236837f41 100644
--- a/vendor/google.golang.org/grpc/picker_wrapper.go
+++ b/vendor/google.golang.org/grpc/picker_wrapper.go
@@ -28,21 +28,26 @@ import (
 	"google.golang.org/grpc/internal/channelz"
 	istatus "google.golang.org/grpc/internal/status"
 	"google.golang.org/grpc/internal/transport"
+	"google.golang.org/grpc/stats"
 	"google.golang.org/grpc/status"
 )
 
 // pickerWrapper is a wrapper of balancer.Picker. It blocks on certain pick
 // actions and unblock when there's a picker update.
 type pickerWrapper struct {
-	mu         sync.Mutex
-	done       bool
-	idle       bool
-	blockingCh chan struct{}
-	picker     balancer.Picker
+	mu            sync.Mutex
+	done          bool
+	idle          bool
+	blockingCh    chan struct{}
+	picker        balancer.Picker
+	statsHandlers []stats.Handler // to record blocking picker calls
 }
 
-func newPickerWrapper() *pickerWrapper {
-	return &pickerWrapper{blockingCh: make(chan struct{})}
+func newPickerWrapper(statsHandlers []stats.Handler) *pickerWrapper {
+	return &pickerWrapper{
+		blockingCh:    make(chan struct{}),
+		statsHandlers: statsHandlers,
+	}
 }
 
 // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick.
@@ -95,6 +100,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 	var ch chan struct{}
 
 	var lastPickErr error
+
 	for {
 		pw.mu.Lock()
 		if pw.done {
@@ -129,6 +135,20 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer.
 			continue
 		}
 
+		// If the channel is set, it means that the pick call had to wait for a
+		// new picker at some point. Either it's the first iteration and this
+		// function received the first picker, or a picker errored with
+		// ErrNoSubConnAvailable or errored with failfast set to false, which
+		// will trigger a continue to the next iteration. In the first case this
+		// conditional will hit if this call had to block (the channel is set).
+		// In the second case, the only way it will get to this conditional is
+		// if there is a new picker.
+		if ch != nil {
+			for _, sh := range pw.statsHandlers {
+				sh.HandleRPC(ctx, &stats.PickerUpdated{})
+			}
+		}
+
 		ch = pw.blockingCh
 		p := pw.picker
 		pw.mu.Unlock()
diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go
index abe266b02..2e9cf66b4 100644
--- a/vendor/google.golang.org/grpc/pickfirst.go
+++ b/vendor/google.golang.org/grpc/pickfirst.go
@@ -26,12 +26,18 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/connectivity"
 	"google.golang.org/grpc/internal/envconfig"
+	internalgrpclog "google.golang.org/grpc/internal/grpclog"
 	"google.golang.org/grpc/internal/grpcrand"
+	"google.golang.org/grpc/internal/pretty"
+	"google.golang.org/grpc/resolver"
 	"google.golang.org/grpc/serviceconfig"
 )
 
-// PickFirstBalancerName is the name of the pick_first balancer.
-const PickFirstBalancerName = "pick_first"
+const (
+	// PickFirstBalancerName is the name of the pick_first balancer.
+	PickFirstBalancerName = "pick_first"
+	logPrefix             = "[pick-first-lb %p] "
+)
 
 func newPickfirstBuilder() balancer.Builder {
 	return &pickfirstBuilder{}
@@ -40,7 +46,9 @@ func newPickfirstBuilder() balancer.Builder {
 type pickfirstBuilder struct{}
 
 func (*pickfirstBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer {
-	return &pickfirstBalancer{cc: cc}
+	b := &pickfirstBalancer{cc: cc}
+	b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b))
+	return b
 }
 
 func (*pickfirstBuilder) Name() string {
@@ -57,23 +65,36 @@ type pfConfig struct {
 }
 
 func (*pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) {
-	cfg := &pfConfig{}
-	if err := json.Unmarshal(js, cfg); err != nil {
+	if !envconfig.PickFirstLBConfig {
+		// Prior to supporting loadbalancing configuration, the pick_first LB
+		// policy did not implement the balancer.ConfigParser interface. This
+		// meant that if a non-empty configuration was passed to it, the service
+		// config unmarshaling code would throw a warning log, but would
+		// continue using the pick_first LB policy. The code below ensures the
+		// same behavior is retained if the env var is not set.
+		if string(js) != "{}" {
+			logger.Warningf("Ignoring non-empty balancer configuration %q for the pick_first LB policy", string(js))
+		}
+		return nil, nil
+	}
+
+	var cfg pfConfig
+	if err := json.Unmarshal(js, &cfg); err != nil {
 		return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err)
 	}
 	return cfg, nil
 }
 
 type pickfirstBalancer struct {
+	logger  *internalgrpclog.PrefixLogger
 	state   connectivity.State
 	cc      balancer.ClientConn
 	subConn balancer.SubConn
-	cfg     *pfConfig
 }
 
 func (b *pickfirstBalancer) ResolverError(err error) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: ResolverError called with error: %v", err)
+	if b.logger.V(2) {
+		b.logger.Infof("Received error from the name resolver: %v", err)
 	}
 	if b.subConn == nil {
 		b.state = connectivity.TransientFailure
@@ -96,35 +117,44 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 		// The resolver reported an empty address list. Treat it like an error by
 		// calling b.ResolverError.
 		if b.subConn != nil {
-			// Remove the old subConn. All addresses were removed, so it is no longer
-			// valid.
-			b.cc.RemoveSubConn(b.subConn)
+			// Shut down the old subConn. All addresses were removed, so it is
+			// no longer valid.
+			b.subConn.Shutdown()
 			b.subConn = nil
 		}
 		b.ResolverError(errors.New("produced zero addresses"))
 		return balancer.ErrBadResolverState
 	}
 
-	if state.BalancerConfig != nil {
-		cfg, ok := state.BalancerConfig.(*pfConfig)
-		if !ok {
-			return fmt.Errorf("pickfirstBalancer: received nil or illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
-		}
-		b.cfg = cfg
+	// We don't have to guard this block with the env var because ParseConfig
+	// already does so.
+	cfg, ok := state.BalancerConfig.(pfConfig)
+	if state.BalancerConfig != nil && !ok {
+		return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig)
 	}
-
-	if envconfig.PickFirstLBConfig && b.cfg != nil && b.cfg.ShuffleAddressList {
+	if cfg.ShuffleAddressList {
+		addrs = append([]resolver.Address{}, addrs...)
 		grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] })
 	}
+
+	if b.logger.V(2) {
+		b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState))
+	}
+
 	if b.subConn != nil {
 		b.cc.UpdateAddresses(b.subConn, addrs)
 		return nil
 	}
 
-	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{})
+	var subConn balancer.SubConn
+	subConn, err := b.cc.NewSubConn(addrs, balancer.NewSubConnOptions{
+		StateListener: func(state balancer.SubConnState) {
+			b.updateSubConnState(subConn, state)
+		},
+	})
 	if err != nil {
-		if logger.V(2) {
-			logger.Errorf("pickfirstBalancer: failed to NewSubConn: %v", err)
+		if b.logger.V(2) {
+			b.logger.Infof("Failed to create new SubConn: %v", err)
 		}
 		b.state = connectivity.TransientFailure
 		b.cc.UpdateState(balancer.State{
@@ -143,13 +173,19 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState
 	return nil
 }
 
+// UpdateSubConnState is unused as a StateListener is always registered when
+// creating SubConns.
 func (b *pickfirstBalancer) UpdateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
-	if logger.V(2) {
-		logger.Infof("pickfirstBalancer: UpdateSubConnState: %p, %v", subConn, state)
+	b.logger.Errorf("UpdateSubConnState(%v, %+v) called unexpectedly", subConn, state)
+}
+
+func (b *pickfirstBalancer) updateSubConnState(subConn balancer.SubConn, state balancer.SubConnState) {
+	if b.logger.V(2) {
+		b.logger.Infof("Received SubConn state update: %p, %+v", subConn, state)
 	}
 	if b.subConn != subConn {
-		if logger.V(2) {
-			logger.Infof("pickfirstBalancer: ignored state change because subConn is not recognized")
+		if b.logger.V(2) {
+			b.logger.Infof("Ignored state change because subConn is not recognized")
 		}
 		return
 	}
diff --git a/vendor/google.golang.org/grpc/preloader.go b/vendor/google.golang.org/grpc/preloader.go
index cd4554785..73bd63364 100644
--- a/vendor/google.golang.org/grpc/preloader.go
+++ b/vendor/google.golang.org/grpc/preloader.go
@@ -37,7 +37,7 @@ type PreparedMsg struct {
 }
 
 // Encode marshalls and compresses the message using the codec and compressor for the stream.
-func (p *PreparedMsg) Encode(s Stream, msg interface{}) error {
+func (p *PreparedMsg) Encode(s Stream, msg any) error {
 	ctx := s.Context()
 	rpcInfo, ok := rpcInfoFromContext(ctx)
 	if !ok {
diff --git a/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection.pb.go b/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection.pb.go
index ececdb89c..6f5c786b2 100644
--- a/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection.pb.go
+++ b/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection.pb.go
@@ -21,7 +21,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // source: grpc/reflection/v1/reflection.proto
 
diff --git a/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.pb.go b/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.pb.go
index d54c07676..69fbfb621 100644
--- a/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.pb.go
+++ b/vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.pb.go
@@ -18,7 +18,7 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.30.0
+// 	protoc-gen-go v1.31.0
 // 	protoc        v4.22.0
 // grpc/reflection/v1alpha/reflection.proto is a deprecated file.
 
diff --git a/vendor/google.golang.org/grpc/resolver/map.go b/vendor/google.golang.org/grpc/resolver/map.go
index efcb7f3ef..804be887d 100644
--- a/vendor/google.golang.org/grpc/resolver/map.go
+++ b/vendor/google.golang.org/grpc/resolver/map.go
@@ -20,7 +20,7 @@ package resolver
 
 type addressMapEntry struct {
 	addr  Address
-	value interface{}
+	value any
 }
 
 // AddressMap is a map of addresses to arbitrary values taking into account
@@ -69,7 +69,7 @@ func (l addressMapEntryList) find(addr Address) int {
 }
 
 // Get returns the value for the address in the map, if present.
-func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
+func (a *AddressMap) Get(addr Address) (value any, ok bool) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -79,7 +79,7 @@ func (a *AddressMap) Get(addr Address) (value interface{}, ok bool) {
 }
 
 // Set updates or adds the value to the address in the map.
-func (a *AddressMap) Set(addr Address, value interface{}) {
+func (a *AddressMap) Set(addr Address, value any) {
 	addrKey := toMapKey(&addr)
 	entryList := a.m[addrKey]
 	if entry := entryList.find(addr); entry != -1 {
@@ -127,8 +127,8 @@ func (a *AddressMap) Keys() []Address {
 }
 
 // Values returns a slice of all current map values.
-func (a *AddressMap) Values() []interface{} {
-	ret := make([]interface{}, 0, a.Len())
+func (a *AddressMap) Values() []any {
+	ret := make([]any, 0, a.Len())
 	for _, entryList := range a.m {
 		for _, entry := range entryList {
 			ret = append(ret, entry.value)
diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go
index d8db6f5d3..11384e228 100644
--- a/vendor/google.golang.org/grpc/resolver/resolver.go
+++ b/vendor/google.golang.org/grpc/resolver/resolver.go
@@ -77,25 +77,6 @@ func GetDefaultScheme() string {
 	return defaultScheme
 }
 
-// AddressType indicates the address type returned by name resolution.
-//
-// Deprecated: use Attributes in Address instead.
-type AddressType uint8
-
-const (
-	// Backend indicates the address is for a backend server.
-	//
-	// Deprecated: use Attributes in Address instead.
-	Backend AddressType = iota
-	// GRPCLB indicates the address is for a grpclb load balancer.
-	//
-	// Deprecated: to select the GRPCLB load balancing policy, use a service
-	// config with a corresponding loadBalancingConfig.  To supply balancer
-	// addresses to the GRPCLB load balancing policy, set State.Attributes
-	// using balancer/grpclb/state.Set.
-	GRPCLB
-)
-
 // Address represents a server the client connects to.
 //
 // # Experimental
@@ -111,9 +92,6 @@ type Address struct {
 	// the address, instead of the hostname from the Dial target string. In most cases,
 	// this should not be set.
 	//
-	// If Type is GRPCLB, ServerName should be the name of the remote load
-	// balancer, not the name of the backend.
-	//
 	// WARNING: ServerName must only be populated with trusted values. It
 	// is insecure to populate it with data from untrusted inputs since untrusted
 	// values could be used to bypass the authority checks performed by TLS.
@@ -126,18 +104,16 @@ type Address struct {
 	// BalancerAttributes contains arbitrary data about this address intended
 	// for consumption by the LB policy.  These attributes do not affect SubConn
 	// creation, connection establishment, handshaking, etc.
-	BalancerAttributes *attributes.Attributes
-
-	// Type is the type of this address.
 	//
-	// Deprecated: use Attributes instead.
-	Type AddressType
+	// Deprecated: when an Address is inside an Endpoint, this field should not
+	// be used, and it will eventually be removed entirely.
+	BalancerAttributes *attributes.Attributes
 
 	// Metadata is the information associated with Addr, which may be used
 	// to make load balancing decision.
 	//
 	// Deprecated: use Attributes instead.
-	Metadata interface{}
+	Metadata any
 }
 
 // Equal returns whether a and o are identical.  Metadata is compared directly,
@@ -150,7 +126,7 @@ func (a Address) Equal(o Address) bool {
 	return a.Addr == o.Addr && a.ServerName == o.ServerName &&
 		a.Attributes.Equal(o.Attributes) &&
 		a.BalancerAttributes.Equal(o.BalancerAttributes) &&
-		a.Type == o.Type && a.Metadata == o.Metadata
+		a.Metadata == o.Metadata
 }
 
 // String returns JSON formatted string representation of the address.
@@ -194,11 +170,37 @@ type BuildOptions struct {
 	Dialer func(context.Context, string) (net.Conn, error)
 }
 
+// An Endpoint is one network endpoint, or server, which may have multiple
+// addresses with which it can be accessed.
+type Endpoint struct {
+	// Addresses contains a list of addresses used to access this endpoint.
+	Addresses []Address
+
+	// Attributes contains arbitrary data about this endpoint intended for
+	// consumption by the LB policy.
+	Attributes *attributes.Attributes
+}
+
 // State contains the current Resolver state relevant to the ClientConn.
 type State struct {
 	// Addresses is the latest set of resolved addresses for the target.
+	//
+	// If a resolver sets Addresses but does not set Endpoints, one Endpoint
+	// will be created for each Address before the State is passed to the LB
+	// policy.  The BalancerAttributes of each entry in Addresses will be set
+	// in Endpoints.Attributes, and be cleared in the Endpoint's Address's
+	// BalancerAttributes.
+	//
+	// Soon, Addresses will be deprecated and replaced fully by Endpoints.
 	Addresses []Address
 
+	// Endpoints is the latest set of resolved endpoints for the target.
+	//
+	// If a resolver produces a State containing Endpoints but not Addresses,
+	// it must take care to ensure the LB policies it selects will support
+	// Endpoints.
+	Endpoints []Endpoint
+
 	// ServiceConfig contains the result from parsing the latest service
 	// config.  If it is nil, it indicates no service config is present or the
 	// resolver does not provide service configs.
@@ -258,15 +260,6 @@ type ClientConn interface {
 // target does not contain a scheme or if the parsed scheme is not registered
 // (i.e. no corresponding resolver available to resolve the endpoint), we will
 // apply the default scheme, and will attempt to reparse it.
-//
-// Examples:
-//
-//   - "dns://some_authority/foo.bar"
-//     Target{Scheme: "dns", Authority: "some_authority", Endpoint: "foo.bar"}
-//   - "foo.bar"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "foo.bar"}
-//   - "unknown_scheme://authority/endpoint"
-//     Target{Scheme: resolver.GetDefaultScheme(), Endpoint: "unknown_scheme://authority/endpoint"}
 type Target struct {
 	// URL contains the parsed dial target with an optional default scheme added
 	// to it if the original dial target contained no scheme or contained an
@@ -321,10 +314,3 @@ type Resolver interface {
 	// Close closes the resolver.
 	Close()
 }
-
-// UnregisterForTesting removes the resolver builder with the given scheme from the
-// resolver map.
-// This function is for testing only.
-func UnregisterForTesting(scheme string) {
-	delete(m, scheme)
-}
diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
index b408b3688..d68330560 100644
--- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
+++ b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go
@@ -133,7 +133,7 @@ func (ccr *ccResolverWrapper) close() {
 	ccr.mu.Unlock()
 
 	// Give enqueued callbacks a chance to finish.
-	<-ccr.serializer.Done
+	<-ccr.serializer.Done()
 
 	// Spawn a goroutine to close the resolver (since it may block trying to
 	// cleanup all allocated resources) and return early.
@@ -152,6 +152,14 @@ func (ccr *ccResolverWrapper) serializerScheduleLocked(f func(context.Context))
 // which includes addresses and service config.
 func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error {
 	errCh := make(chan error, 1)
+	if s.Endpoints == nil {
+		s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses))
+		for _, a := range s.Addresses {
+			ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes}
+			ep.Addresses[0].BalancerAttributes = nil
+			s.Endpoints = append(s.Endpoints, ep)
+		}
+	}
 	ok := ccr.serializer.Schedule(func(context.Context) {
 		ccr.addChannelzTraceEvent(s)
 		ccr.curState = s
diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go
index a844d28f4..b7723aa09 100644
--- a/vendor/google.golang.org/grpc/rpc_util.go
+++ b/vendor/google.golang.org/grpc/rpc_util.go
@@ -75,7 +75,7 @@ func NewGZIPCompressorWithLevel(level int) (Compressor, error) {
 	}
 	return &gzipCompressor{
 		pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				w, err := gzip.NewWriterLevel(io.Discard, level)
 				if err != nil {
 					panic(err)
@@ -626,7 +626,7 @@ func (p *parser) recvMsg(maxReceiveMessageSize int) (pf payloadFormat, msg []byt
 // encode serializes msg and returns a buffer containing the message, or an
 // error if it is too large to be transmitted by grpc.  If msg is nil, it
 // generates an empty message.
-func encode(c baseCodec, msg interface{}) ([]byte, error) {
+func encode(c baseCodec, msg any) ([]byte, error) {
 	if msg == nil { // NOTE: typed nils will not be caught by this check
 		return nil, nil
 	}
@@ -693,7 +693,7 @@ func msgHeader(data, compData []byte) (hdr []byte, payload []byte) {
 	return hdr, data
 }
 
-func outPayload(client bool, msg interface{}, data, payload []byte, t time.Time) *stats.OutPayload {
+func outPayload(client bool, msg any, data, payload []byte, t time.Time) *stats.OutPayload {
 	return &stats.OutPayload{
 		Client:           client,
 		Payload:          msg,
@@ -792,7 +792,7 @@ func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize
 // For the two compressor parameters, both should not be set, but if they are,
 // dc takes precedence over compressor.
 // TODO(dfawley): wrap the old compressor/decompressor using the new API?
-func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m interface{}, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
+func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error {
 	buf, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor)
 	if err != nil {
 		return err
@@ -863,19 +863,22 @@ func ErrorDesc(err error) string {
 // Errorf returns nil if c is OK.
 //
 // Deprecated: use status.Errorf instead.
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return status.Errorf(c, format, a...)
 }
 
+var errContextCanceled = status.Error(codes.Canceled, context.Canceled.Error())
+var errContextDeadline = status.Error(codes.DeadlineExceeded, context.DeadlineExceeded.Error())
+
 // toRPCErr converts an error into an error from the status package.
 func toRPCErr(err error) error {
 	switch err {
 	case nil, io.EOF:
 		return err
 	case context.DeadlineExceeded:
-		return status.Error(codes.DeadlineExceeded, err.Error())
+		return errContextDeadline
 	case context.Canceled:
-		return status.Error(codes.Canceled, err.Error())
+		return errContextCanceled
 	case io.ErrUnexpectedEOF:
 		return status.Error(codes.Internal, err.Error())
 	}
diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go
index b44c7e86c..8f60d4214 100644
--- a/vendor/google.golang.org/grpc/server.go
+++ b/vendor/google.golang.org/grpc/server.go
@@ -86,7 +86,7 @@ func init() {
 var statusOK = status.New(codes.OK, "")
 var logger = grpclog.Component("core")
 
-type methodHandler func(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor UnaryServerInterceptor) (interface{}, error)
+type methodHandler func(srv any, ctx context.Context, dec func(any) error, interceptor UnaryServerInterceptor) (any, error)
 
 // MethodDesc represents an RPC service's method specification.
 type MethodDesc struct {
@@ -99,20 +99,20 @@ type ServiceDesc struct {
 	ServiceName string
 	// The pointer to the service interface. Used to check whether the user
 	// provided implementation satisfies the interface requirements.
-	HandlerType interface{}
+	HandlerType any
 	Methods     []MethodDesc
 	Streams     []StreamDesc
-	Metadata    interface{}
+	Metadata    any
 }
 
 // serviceInfo wraps information about a service. It is very similar to
 // ServiceDesc and is constructed from it for internal purposes.
 type serviceInfo struct {
 	// Contains the implementation for the methods in this service.
-	serviceImpl interface{}
+	serviceImpl any
 	methods     map[string]*MethodDesc
 	streams     map[string]*StreamDesc
-	mdata       interface{}
+	mdata       any
 }
 
 // Server is a gRPC server to serve RPC requests.
@@ -164,6 +164,7 @@ type serverOptions struct {
 	initialConnWindowSize int32
 	writeBufferSize       int
 	readBufferSize        int
+	sharedWriteBuffer     bool
 	connectionTimeout     time.Duration
 	maxHeaderListSize     *uint32
 	headerTableSize       *uint32
@@ -230,6 +231,20 @@ func newJoinServerOption(opts ...ServerOption) ServerOption {
 	return &joinServerOption{opts: opts}
 }
 
+// SharedWriteBuffer allows reusing per-connection transport write buffer.
+// If this option is set to true every connection will release the buffer after
+// flushing the data on the wire.
+//
+// # Experimental
+//
+// Notice: This API is EXPERIMENTAL and may be changed or removed in a
+// later release.
+func SharedWriteBuffer(val bool) ServerOption {
+	return newFuncServerOption(func(o *serverOptions) {
+		o.sharedWriteBuffer = val
+	})
+}
+
 // WriteBufferSize determines how much data can be batched before doing a write
 // on the wire. The corresponding memory allocation for this buffer will be
 // twice the size to keep syscalls low. The default value for this buffer is
@@ -270,9 +285,9 @@ func InitialConnWindowSize(s int32) ServerOption {
 
 // KeepaliveParams returns a ServerOption that sets keepalive and max-age parameters for the server.
 func KeepaliveParams(kp keepalive.ServerParameters) ServerOption {
-	if kp.Time > 0 && kp.Time < time.Second {
+	if kp.Time > 0 && kp.Time < internal.KeepaliveMinServerPingTime {
 		logger.Warning("Adjusting keepalive ping interval to minimum period of 1s")
-		kp.Time = time.Second
+		kp.Time = internal.KeepaliveMinServerPingTime
 	}
 
 	return newFuncServerOption(func(o *serverOptions) {
@@ -648,7 +663,7 @@ func NewServer(opt ...ServerOption) *Server {
 
 // printf records an event in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) printf(format string, a ...interface{}) {
+func (s *Server) printf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Printf(format, a...)
 	}
@@ -656,7 +671,7 @@ func (s *Server) printf(format string, a ...interface{}) {
 
 // errorf records an error in s's event log, unless s has been stopped.
 // REQUIRES s.mu is held.
-func (s *Server) errorf(format string, a ...interface{}) {
+func (s *Server) errorf(format string, a ...any) {
 	if s.events != nil {
 		s.events.Errorf(format, a...)
 	}
@@ -671,14 +686,14 @@ type ServiceRegistrar interface {
 	// once the server has started serving.
 	// desc describes the service and its methods and handlers. impl is the
 	// service implementation which is passed to the method handlers.
-	RegisterService(desc *ServiceDesc, impl interface{})
+	RegisterService(desc *ServiceDesc, impl any)
 }
 
 // RegisterService registers a service and its implementation to the gRPC
 // server. It is called from the IDL generated code. This must be called before
 // invoking Serve. If ss is non-nil (for legacy code), its type is checked to
 // ensure it implements sd.HandlerType.
-func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
+func (s *Server) RegisterService(sd *ServiceDesc, ss any) {
 	if ss != nil {
 		ht := reflect.TypeOf(sd.HandlerType).Elem()
 		st := reflect.TypeOf(ss)
@@ -689,7 +704,7 @@ func (s *Server) RegisterService(sd *ServiceDesc, ss interface{}) {
 	s.register(sd, ss)
 }
 
-func (s *Server) register(sd *ServiceDesc, ss interface{}) {
+func (s *Server) register(sd *ServiceDesc, ss any) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	s.printf("RegisterService(%q)", sd.ServiceName)
@@ -730,7 +745,7 @@ type MethodInfo struct {
 type ServiceInfo struct {
 	Methods []MethodInfo
 	// Metadata is the metadata specified in ServiceDesc when registering service.
-	Metadata interface{}
+	Metadata any
 }
 
 // GetServiceInfo returns a map from service names to ServiceInfo.
@@ -931,6 +946,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport {
 		InitialConnWindowSize: s.opts.initialConnWindowSize,
 		WriteBufferSize:       s.opts.writeBufferSize,
 		ReadBufferSize:        s.opts.readBufferSize,
+		SharedWriteBuffer:     s.opts.sharedWriteBuffer,
 		ChannelzParentID:      s.channelzID,
 		MaxHeaderListSize:     s.opts.maxHeaderListSize,
 		HeaderTableSize:       s.opts.headerTableSize,
@@ -967,7 +983,7 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 		f := func() {
 			defer streamQuota.release()
 			defer wg.Done()
-			s.handleStream(st, stream, s.traceInfo(st, stream))
+			s.handleStream(st, stream)
 		}
 
 		if s.opts.numServerWorkers > 0 {
@@ -979,12 +995,6 @@ func (s *Server) serveStreams(st transport.ServerTransport) {
 			}
 		}
 		go f()
-	}, func(ctx context.Context, method string) context.Context {
-		if !EnableTracing {
-			return ctx
-		}
-		tr := trace.New("grpc.Recv."+methodFamily(method), method)
-		return trace.NewContext(ctx, tr)
 	})
 	wg.Wait()
 }
@@ -1033,30 +1043,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	s.serveStreams(st)
 }
 
-// traceInfo returns a traceInfo and associates it with stream, if tracing is enabled.
-// If tracing is not enabled, it returns nil.
-func (s *Server) traceInfo(st transport.ServerTransport, stream *transport.Stream) (trInfo *traceInfo) {
-	if !EnableTracing {
-		return nil
-	}
-	tr, ok := trace.FromContext(stream.Context())
-	if !ok {
-		return nil
-	}
-
-	trInfo = &traceInfo{
-		tr: tr,
-		firstLine: firstLine{
-			client:     false,
-			remoteAddr: st.RemoteAddr(),
-		},
-	}
-	if dl, ok := stream.Context().Deadline(); ok {
-		trInfo.firstLine.deadline = time.Until(dl)
-	}
-	return trInfo
-}
-
 func (s *Server) addConn(addr string, st transport.ServerTransport) bool {
 	s.mu.Lock()
 	defer s.mu.Unlock()
@@ -1117,7 +1103,7 @@ func (s *Server) incrCallsFailed() {
 	atomic.AddInt64(&s.czData.callsFailed, 1)
 }
 
-func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Stream, msg interface{}, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
+func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, msg any, cp Compressor, opts *transport.Options, comp encoding.Compressor) error {
 	data, err := encode(s.getCodec(stream.ContentSubtype()), msg)
 	if err != nil {
 		channelz.Error(logger, s.channelzID, "grpc: server failed to encode response: ", err)
@@ -1136,7 +1122,7 @@ func (s *Server) sendResponse(t transport.ServerTransport, stream *transport.Str
 	err = t.Write(stream, hdr, payload, opts)
 	if err == nil {
 		for _, sh := range s.opts.statsHandlers {
-			sh.HandleRPC(stream.Context(), outPayload(false, msg, data, payload, time.Now()))
+			sh.HandleRPC(ctx, outPayload(false, msg, data, payload, time.Now()))
 		}
 	}
 	return err
@@ -1164,7 +1150,7 @@ func chainUnaryServerInterceptors(s *Server) {
 }
 
 func chainUnaryInterceptors(interceptors []UnaryServerInterceptor) UnaryServerInterceptor {
-	return func(ctx context.Context, req interface{}, info *UnaryServerInfo, handler UnaryHandler) (interface{}, error) {
+	return func(ctx context.Context, req any, info *UnaryServerInfo, handler UnaryHandler) (any, error) {
 		return interceptors[0](ctx, req, info, getChainUnaryHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1173,12 +1159,12 @@ func getChainUnaryHandler(interceptors []UnaryServerInterceptor, curr int, info
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(ctx context.Context, req interface{}) (interface{}, error) {
+	return func(ctx context.Context, req any) (any, error) {
 		return interceptors[curr+1](ctx, req, info, getChainUnaryHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, md *MethodDesc, trInfo *traceInfo) (err error) {
 	shs := s.opts.statsHandlers
 	if len(shs) != 0 || trInfo != nil || channelz.IsOn() {
 		if channelz.IsOn() {
@@ -1192,7 +1178,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				IsClientStream: false,
 				IsServerStream: false,
 			}
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 		if trInfo != nil {
 			trInfo.tr.LazyLog(&trInfo.firstLine, false)
@@ -1210,7 +1196,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		defer func() {
 			if trInfo != nil {
 				if err != nil && err != io.EOF {
-					trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					trInfo.tr.SetError()
 				}
 				trInfo.tr.Finish()
@@ -1224,7 +1210,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				if err != nil && err != io.EOF {
 					end.Error = toRPCErr(err)
 				}
-				sh.HandleRPC(stream.Context(), end)
+				sh.HandleRPC(ctx, end)
 			}
 
 			if channelz.IsOn() {
@@ -1246,7 +1232,6 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 	}
 	if len(binlogs) != 0 {
-		ctx := stream.Context()
 		md, _ := metadata.FromIncomingContext(ctx)
 		logEntry := &binarylog.ClientHeader{
 			Header:     md,
@@ -1327,12 +1312,12 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if channelz.IsOn() {
 		t.IncrMsgRecv()
 	}
-	df := func(v interface{}) error {
+	df := func(v any) error {
 		if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil {
 			return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err)
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), &stats.InPayload{
+			sh.HandleRPC(ctx, &stats.InPayload{
 				RecvTime:         time.Now(),
 				Payload:          v,
 				Length:           len(d),
@@ -1346,7 +1331,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Message: d,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), cm)
+				binlog.Log(ctx, cm)
 			}
 		}
 		if trInfo != nil {
@@ -1354,7 +1339,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 		}
 		return nil
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	reply, appErr := md.Handler(info.serviceImpl, ctx, df, s.opts.unaryInt)
 	if appErr != nil {
 		appStatus, ok := status.FromError(appErr)
@@ -1379,7 +1364,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 					Header: h,
 				}
 				for _, binlog := range binlogs {
-					binlog.Log(stream.Context(), sh)
+					binlog.Log(ctx, sh)
 				}
 			}
 			st := &binarylog.ServerTrailer{
@@ -1387,7 +1372,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		return appErr
@@ -1402,7 +1387,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 	if stream.SendCompress() != sendCompressorName {
 		comp = encoding.GetCompressor(stream.SendCompress())
 	}
-	if err := s.sendResponse(t, stream, reply, cp, opts, comp); err != nil {
+	if err := s.sendResponse(ctx, t, stream, reply, cp, opts, comp); err != nil {
 		if err == io.EOF {
 			// The entire stream is done (for unary RPC only).
 			return err
@@ -1429,8 +1414,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 				Err:     appErr,
 			}
 			for _, binlog := range binlogs {
-				binlog.Log(stream.Context(), sh)
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, sh)
+				binlog.Log(ctx, st)
 			}
 		}
 		return err
@@ -1444,8 +1429,8 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Message: reply,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), sh)
-			binlog.Log(stream.Context(), sm)
+			binlog.Log(ctx, sh)
+			binlog.Log(ctx, sm)
 		}
 	}
 	if channelz.IsOn() {
@@ -1463,7 +1448,7 @@ func (s *Server) processUnaryRPC(t transport.ServerTransport, stream *transport.
 			Err:     appErr,
 		}
 		for _, binlog := range binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(stream, statusOK)
@@ -1491,7 +1476,7 @@ func chainStreamServerInterceptors(s *Server) {
 }
 
 func chainStreamInterceptors(interceptors []StreamServerInterceptor) StreamServerInterceptor {
-	return func(srv interface{}, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
+	return func(srv any, ss ServerStream, info *StreamServerInfo, handler StreamHandler) error {
 		return interceptors[0](srv, ss, info, getChainStreamHandler(interceptors, 0, info, handler))
 	}
 }
@@ -1500,12 +1485,12 @@ func getChainStreamHandler(interceptors []StreamServerInterceptor, curr int, inf
 	if curr == len(interceptors)-1 {
 		return finalHandler
 	}
-	return func(srv interface{}, stream ServerStream) error {
+	return func(srv any, stream ServerStream) error {
 		return interceptors[curr+1](srv, stream, info, getChainStreamHandler(interceptors, curr+1, info, finalHandler))
 	}
 }
 
-func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
+func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, info *serviceInfo, sd *StreamDesc, trInfo *traceInfo) (err error) {
 	if channelz.IsOn() {
 		s.incrCallsStarted()
 	}
@@ -1519,10 +1504,10 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			IsServerStream: sd.ServerStreams,
 		}
 		for _, sh := range shs {
-			sh.HandleRPC(stream.Context(), statsBegin)
+			sh.HandleRPC(ctx, statsBegin)
 		}
 	}
-	ctx := NewContextWithServerTransportStream(stream.Context(), stream)
+	ctx = NewContextWithServerTransportStream(ctx, stream)
 	ss := &serverStream{
 		ctx:                   ctx,
 		t:                     t,
@@ -1541,7 +1526,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			if trInfo != nil {
 				ss.mu.Lock()
 				if err != nil && err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 				ss.trInfo.tr.Finish()
@@ -1558,7 +1543,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 					end.Error = toRPCErr(err)
 				}
 				for _, sh := range shs {
-					sh.HandleRPC(stream.Context(), end)
+					sh.HandleRPC(ctx, end)
 				}
 			}
 
@@ -1600,7 +1585,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			logEntry.PeerAddr = peer.Addr
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), logEntry)
+			binlog.Log(ctx, logEntry)
 		}
 	}
 
@@ -1644,7 +1629,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 		trInfo.tr.LazyLog(&trInfo.firstLine, false)
 	}
 	var appErr error
-	var server interface{}
+	var server any
 	if info != nil {
 		server = info.serviceImpl
 	}
@@ -1678,7 +1663,7 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 				Err:     appErr,
 			}
 			for _, binlog := range ss.binlogs {
-				binlog.Log(stream.Context(), st)
+				binlog.Log(ctx, st)
 			}
 		}
 		t.WriteStatus(ss.s, appStatus)
@@ -1696,33 +1681,50 @@ func (s *Server) processStreamingRPC(t transport.ServerTransport, stream *transp
 			Err:     appErr,
 		}
 		for _, binlog := range ss.binlogs {
-			binlog.Log(stream.Context(), st)
+			binlog.Log(ctx, st)
 		}
 	}
 	return t.WriteStatus(ss.s, statusOK)
 }
 
-func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream, trInfo *traceInfo) {
+func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream) {
+	ctx := stream.Context()
+	var ti *traceInfo
+	if EnableTracing {
+		tr := trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method())
+		ctx = trace.NewContext(ctx, tr)
+		ti = &traceInfo{
+			tr: tr,
+			firstLine: firstLine{
+				client:     false,
+				remoteAddr: t.RemoteAddr(),
+			},
+		}
+		if dl, ok := ctx.Deadline(); ok {
+			ti.firstLine.deadline = time.Until(dl)
+		}
+	}
+
 	sm := stream.Method()
 	if sm != "" && sm[0] == '/' {
 		sm = sm[1:]
 	}
 	pos := strings.LastIndex(sm, "/")
 	if pos == -1 {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"Malformed method name %q", []interface{}{sm}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"Malformed method name %q", []any{sm}}, true)
+			ti.tr.SetError()
 		}
 		errDesc := fmt.Sprintf("malformed method name: %q", stream.Method())
 		if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-			if trInfo != nil {
-				trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-				trInfo.tr.SetError()
+			if ti != nil {
+				ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+				ti.tr.SetError()
 			}
 			channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 		}
-		if trInfo != nil {
-			trInfo.tr.Finish()
+		if ti != nil {
+			ti.tr.Finish()
 		}
 		return
 	}
@@ -1732,17 +1734,17 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	srv, knownService := s.services[service]
 	if knownService {
 		if md, ok := srv.methods[method]; ok {
-			s.processUnaryRPC(t, stream, srv, md, trInfo)
+			s.processUnaryRPC(ctx, t, stream, srv, md, ti)
 			return
 		}
 		if sd, ok := srv.streams[method]; ok {
-			s.processStreamingRPC(t, stream, srv, sd, trInfo)
+			s.processStreamingRPC(ctx, t, stream, srv, sd, ti)
 			return
 		}
 	}
 	// Unknown service, or known server unknown method.
 	if unknownDesc := s.opts.unknownStreamDesc; unknownDesc != nil {
-		s.processStreamingRPC(t, stream, nil, unknownDesc, trInfo)
+		s.processStreamingRPC(ctx, t, stream, nil, unknownDesc, ti)
 		return
 	}
 	var errDesc string
@@ -1751,19 +1753,19 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str
 	} else {
 		errDesc = fmt.Sprintf("unknown method %v for service %v", method, service)
 	}
-	if trInfo != nil {
-		trInfo.tr.LazyPrintf("%s", errDesc)
-		trInfo.tr.SetError()
+	if ti != nil {
+		ti.tr.LazyPrintf("%s", errDesc)
+		ti.tr.SetError()
 	}
 	if err := t.WriteStatus(stream, status.New(codes.Unimplemented, errDesc)); err != nil {
-		if trInfo != nil {
-			trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
-			trInfo.tr.SetError()
+		if ti != nil {
+			ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
+			ti.tr.SetError()
 		}
 		channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err)
 	}
-	if trInfo != nil {
-		trInfo.tr.Finish()
+	if ti != nil {
+		ti.tr.Finish()
 	}
 }
 
@@ -2077,12 +2079,12 @@ func validateSendCompressor(name, clientCompressors string) error {
 // atomicSemaphore implements a blocking, counting semaphore. acquire should be
 // called synchronously; release may be called asynchronously.
 type atomicSemaphore struct {
-	n    int64 // accessed atomically
+	n    atomic.Int64
 	wait chan struct{}
 }
 
 func (q *atomicSemaphore) acquire() {
-	if atomic.AddInt64(&q.n, -1) < 0 {
+	if q.n.Add(-1) < 0 {
 		// We ran out of quota.  Block until a release happens.
 		<-q.wait
 	}
@@ -2093,12 +2095,14 @@ func (q *atomicSemaphore) release() {
 	// concurrent calls to acquire, but also note that with synchronous calls to
 	// acquire, as our system does, n will never be less than -1.  There are
 	// fairness issues (queuing) to consider if this was to be generalized.
-	if atomic.AddInt64(&q.n, -1) <= 0 {
+	if q.n.Add(1) <= 0 {
 		// An acquire was waiting on us.  Unblock it.
 		q.wait <- struct{}{}
 	}
 }
 
 func newHandlerQuota(n uint32) *atomicSemaphore {
-	return &atomicSemaphore{n: int64(n), wait: make(chan struct{}, 1)}
+	a := &atomicSemaphore{wait: make(chan struct{}, 1)}
+	a.n.Store(int64(n))
+	return a
 }
diff --git a/vendor/google.golang.org/grpc/shared_buffer_pool.go b/vendor/google.golang.org/grpc/shared_buffer_pool.go
index c3a5a9ac1..48a64cfe8 100644
--- a/vendor/google.golang.org/grpc/shared_buffer_pool.go
+++ b/vendor/google.golang.org/grpc/shared_buffer_pool.go
@@ -109,7 +109,7 @@ const (
 
 type simpleSharedBufferChildPool interface {
 	Get(size int) []byte
-	Put(interface{})
+	Put(any)
 }
 
 type bufferPool struct {
@@ -133,7 +133,7 @@ func (p *bufferPool) Get(size int) []byte {
 func newBytesPool(size int) simpleSharedBufferChildPool {
 	return &bufferPool{
 		Pool: sync.Pool{
-			New: func() interface{} {
+			New: func() any {
 				bs := make([]byte, size)
 				return &bs
 			},
diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go
index 7a552a9b7..4ab70e2d4 100644
--- a/vendor/google.golang.org/grpc/stats/stats.go
+++ b/vendor/google.golang.org/grpc/stats/stats.go
@@ -59,12 +59,22 @@ func (s *Begin) IsClient() bool { return s.Client }
 
 func (s *Begin) isRPCStats() {}
 
+// PickerUpdated indicates that the LB policy provided a new picker while the
+// RPC was waiting for one.
+type PickerUpdated struct{}
+
+// IsClient indicates if the stats information is from client side. Only Client
+// Side interfaces with a Picker, thus always returns true.
+func (*PickerUpdated) IsClient() bool { return true }
+
+func (*PickerUpdated) isRPCStats() {}
+
 // InPayload contains the information for an incoming payload.
 type InPayload struct {
 	// Client is true if this InPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 
@@ -134,7 +144,7 @@ type OutPayload struct {
 	// Client is true if this OutPayload is from client side.
 	Client bool
 	// Payload is the payload with original type.
-	Payload interface{}
+	Payload any
 	// Data is the serialized message payload.
 	Data []byte
 	// Length is the size of the uncompressed payload data. Does not include any
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index bcf2e4d81..a93360efb 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -50,7 +50,7 @@ func New(c codes.Code, msg string) *Status {
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
-func Newf(c codes.Code, format string, a ...interface{}) *Status {
+func Newf(c codes.Code, format string, a ...any) *Status {
 	return New(c, fmt.Sprintf(format, a...))
 }
 
@@ -60,7 +60,7 @@ func Error(c codes.Code, msg string) error {
 }
 
 // Errorf returns Error(c, fmt.Sprintf(format, a...)).
-func Errorf(c codes.Code, format string, a ...interface{}) error {
+func Errorf(c codes.Code, format string, a ...any) error {
 	return Error(c, fmt.Sprintf(format, a...))
 }
 
@@ -99,25 +99,27 @@ func FromError(err error) (s *Status, ok bool) {
 	}
 	type grpcstatus interface{ GRPCStatus() *Status }
 	if gs, ok := err.(grpcstatus); ok {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error has status nil, which maps to codes.OK. There
 			// is no sensible behavior for this, so we turn it into
 			// an error with codes.Unknown and discard the existing
 			// status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		return gs.GRPCStatus(), true
+		return grpcStatus, true
 	}
 	var gs grpcstatus
 	if errors.As(err, &gs) {
-		if gs.GRPCStatus() == nil {
+		grpcStatus := gs.GRPCStatus()
+		if grpcStatus == nil {
 			// Error wraps an error that has status nil, which maps
 			// to codes.OK.  There is no sensible behavior for this,
 			// so we turn it into an error with codes.Unknown and
 			// discard the existing status.
 			return New(codes.Unknown, err.Error()), false
 		}
-		p := gs.GRPCStatus().Proto()
+		p := grpcStatus.Proto()
 		p.Message = err.Error()
 		return status.FromProto(p), true
 	}
diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go
index de32a7597..b14b2fbea 100644
--- a/vendor/google.golang.org/grpc/stream.go
+++ b/vendor/google.golang.org/grpc/stream.go
@@ -31,6 +31,7 @@ import (
 	"google.golang.org/grpc/balancer"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/encoding"
+	"google.golang.org/grpc/internal"
 	"google.golang.org/grpc/internal/balancerload"
 	"google.golang.org/grpc/internal/binarylog"
 	"google.golang.org/grpc/internal/channelz"
@@ -54,7 +55,7 @@ import (
 // status package, or be one of the context errors. Otherwise, gRPC will use
 // codes.Unknown as the status code and err.Error() as the status message of the
 // RPC.
-type StreamHandler func(srv interface{}, stream ServerStream) error
+type StreamHandler func(srv any, stream ServerStream) error
 
 // StreamDesc represents a streaming RPC service's method specification.  Used
 // on the server when registering services and on the client when initiating
@@ -79,9 +80,9 @@ type Stream interface {
 	// Deprecated: See ClientStream and ServerStream documentation instead.
 	Context() context.Context
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// Deprecated: See ClientStream and ServerStream documentation instead.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // ClientStream defines the client-side behavior of a streaming RPC.
@@ -90,7 +91,9 @@ type Stream interface {
 // status package.
 type ClientStream interface {
 	// Header returns the header metadata received from the server if there
-	// is any. It blocks if the metadata is not ready to read.
+	// is any. It blocks if the metadata is not ready to read.  If the metadata
+	// is nil and the error is also nil, then the stream was terminated without
+	// headers, and the status can be discovered by calling RecvMsg.
 	Header() (metadata.MD, error)
 	// Trailer returns the trailer metadata from the server, if there is any.
 	// It must only be called after stream.CloseAndRecv has returned, or
@@ -126,7 +129,7 @@ type ClientStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the stream completes successfully. On
 	// any other error, the stream is aborted and the error contains the RPC
@@ -135,7 +138,7 @@ type ClientStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // NewStream creates a new Stream for the client side. This is typically
@@ -155,11 +158,6 @@ type ClientStream interface {
 // If none of the above happen, a goroutine and a context will be leaked, and grpc
 // will not call the optionally-configured stats handler with a stats.End message.
 func (cc *ClientConn) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) {
-	if err := cc.idlenessMgr.onCallBegin(); err != nil {
-		return nil, err
-	}
-	defer cc.idlenessMgr.onCallEnd()
-
 	// allow interceptor to see all applicable call options, which means those
 	// configured as defaults from dial option as well as per-call options
 	opts = combine(cc.dopts.callOptions, opts)
@@ -176,6 +174,16 @@ func NewClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth
 }
 
 func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, opts ...CallOption) (_ ClientStream, err error) {
+	// Start tracking the RPC for idleness purposes. This is where a stream is
+	// created for both streaming and unary RPCs, and hence is a good place to
+	// track active RPC count.
+	if err := cc.idlenessMgr.OnCallBegin(); err != nil {
+		return nil, err
+	}
+	// Add a calloption, to decrement the active call count, that gets executed
+	// when the RPC completes.
+	opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...)
+
 	if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok {
 		// validate md
 		if err := imetadata.Validate(md); err != nil {
@@ -433,7 +441,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error)
 		ctx = trace.NewContext(ctx, trInfo.tr)
 	}
 
-	if cs.cc.parsedTarget.URL.Scheme == "xds" {
+	if cs.cc.parsedTarget.URL.Scheme == internal.GRPCResolverSchemeExtraMetadata {
 		// Add extra metadata (metadata that will be added by transport) to context
 		// so the balancer can see them.
 		ctx = grpcutil.WithExtraMetadata(ctx, metadata.Pairs(
@@ -788,23 +796,24 @@ func (cs *clientStream) withRetry(op func(a *csAttempt) error, onSuccess func())
 
 func (cs *clientStream) Header() (metadata.MD, error) {
 	var m metadata.MD
-	noHeader := false
 	err := cs.withRetry(func(a *csAttempt) error {
 		var err error
 		m, err = a.s.Header()
-		if err == transport.ErrNoHeaders {
-			noHeader = true
-			return nil
-		}
 		return toRPCErr(err)
 	}, cs.commitAttemptLocked)
 
+	if m == nil && err == nil {
+		// The stream ended with success.  Finish the clientStream.
+		err = io.EOF
+	}
+
 	if err != nil {
 		cs.finish(err)
-		return nil, err
+		// Do not return the error.  The user should get it by calling Recv().
+		return nil, nil
 	}
 
-	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && !noHeader {
+	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged && m != nil {
 		// Only log if binary log is on and header has not been logged, and
 		// there is actually headers to log.
 		logEntry := &binarylog.ServerHeader{
@@ -820,6 +829,7 @@ func (cs *clientStream) Header() (metadata.MD, error) {
 			binlog.Log(cs.ctx, logEntry)
 		}
 	}
+
 	return m, nil
 }
 
@@ -860,7 +870,7 @@ func (cs *clientStream) bufferForRetryLocked(sz int, op func(a *csAttempt) error
 	cs.buffer = append(cs.buffer, op)
 }
 
-func (cs *clientStream) SendMsg(m interface{}) (err error) {
+func (cs *clientStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -904,7 +914,7 @@ func (cs *clientStream) SendMsg(m interface{}) (err error) {
 	return err
 }
 
-func (cs *clientStream) RecvMsg(m interface{}) error {
+func (cs *clientStream) RecvMsg(m any) error {
 	if len(cs.binlogs) != 0 && !cs.serverHeaderBinlogged {
 		// Call Header() to binary log header if it's not already logged.
 		cs.Header()
@@ -928,24 +938,6 @@ func (cs *clientStream) RecvMsg(m interface{}) error {
 	if err != nil || !cs.desc.ServerStreams {
 		// err != nil or non-server-streaming indicates end of stream.
 		cs.finish(err)
-
-		if len(cs.binlogs) != 0 {
-			// finish will not log Trailer. Log Trailer here.
-			logEntry := &binarylog.ServerTrailer{
-				OnClientSide: true,
-				Trailer:      cs.Trailer(),
-				Err:          err,
-			}
-			if logEntry.Err == io.EOF {
-				logEntry.Err = nil
-			}
-			if peer, ok := peer.FromContext(cs.Context()); ok {
-				logEntry.PeerAddr = peer.Addr
-			}
-			for _, binlog := range cs.binlogs {
-				binlog.Log(cs.ctx, logEntry)
-			}
-		}
 	}
 	return err
 }
@@ -1001,18 +993,30 @@ func (cs *clientStream) finish(err error) {
 			}
 		}
 	}
+
 	cs.mu.Unlock()
-	// For binary logging. only log cancel in finish (could be caused by RPC ctx
-	// canceled or ClientConn closed). Trailer will be logged in RecvMsg.
-	//
-	// Only one of cancel or trailer needs to be logged. In the cases where
-	// users don't call RecvMsg, users must have already canceled the RPC.
-	if len(cs.binlogs) != 0 && status.Code(err) == codes.Canceled {
-		c := &binarylog.Cancel{
-			OnClientSide: true,
-		}
-		for _, binlog := range cs.binlogs {
-			binlog.Log(cs.ctx, c)
+	// Only one of cancel or trailer needs to be logged.
+	if len(cs.binlogs) != 0 {
+		switch err {
+		case errContextCanceled, errContextDeadline, ErrClientConnClosing:
+			c := &binarylog.Cancel{
+				OnClientSide: true,
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, c)
+			}
+		default:
+			logEntry := &binarylog.ServerTrailer{
+				OnClientSide: true,
+				Trailer:      cs.Trailer(),
+				Err:          err,
+			}
+			if peer, ok := peer.FromContext(cs.Context()); ok {
+				logEntry.PeerAddr = peer.Addr
+			}
+			for _, binlog := range cs.binlogs {
+				binlog.Log(cs.ctx, logEntry)
+			}
 		}
 	}
 	if err == nil {
@@ -1028,7 +1032,7 @@ func (cs *clientStream) finish(err error) {
 	cs.cancel()
 }
 
-func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
+func (a *csAttempt) sendMsg(m any, hdr, payld, data []byte) error {
 	cs := a.cs
 	if a.trInfo != nil {
 		a.mu.Lock()
@@ -1055,7 +1059,7 @@ func (a *csAttempt) sendMsg(m interface{}, hdr, payld, data []byte) error {
 	return nil
 }
 
-func (a *csAttempt) recvMsg(m interface{}, payInfo *payloadInfo) (err error) {
+func (a *csAttempt) recvMsg(m any, payInfo *payloadInfo) (err error) {
 	cs := a.cs
 	if len(a.statsHandlers) != 0 && payInfo == nil {
 		payInfo = &payloadInfo{}
@@ -1348,7 +1352,7 @@ func (as *addrConnStream) Context() context.Context {
 	return as.s.Context()
 }
 
-func (as *addrConnStream) SendMsg(m interface{}) (err error) {
+func (as *addrConnStream) SendMsg(m any) (err error) {
 	defer func() {
 		if err != nil && err != io.EOF {
 			// Call finish on the client stream for errors generated by this SendMsg
@@ -1393,7 +1397,7 @@ func (as *addrConnStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (as *addrConnStream) RecvMsg(m interface{}) (err error) {
+func (as *addrConnStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if err != nil || !as.desc.ServerStreams {
 			// err != nil or non-server-streaming indicates end of stream.
@@ -1512,7 +1516,7 @@ type ServerStream interface {
 	//
 	// It is not safe to modify the message after calling SendMsg. Tracing
 	// libraries and stats handlers may use the message lazily.
-	SendMsg(m interface{}) error
+	SendMsg(m any) error
 	// RecvMsg blocks until it receives a message into m or the stream is
 	// done. It returns io.EOF when the client has performed a CloseSend. On
 	// any non-EOF error, the stream is aborted and the error contains the
@@ -1521,7 +1525,7 @@ type ServerStream interface {
 	// It is safe to have a goroutine calling SendMsg and another goroutine
 	// calling RecvMsg on the same stream at the same time, but it is not
 	// safe to call RecvMsg on the same stream in different goroutines.
-	RecvMsg(m interface{}) error
+	RecvMsg(m any) error
 }
 
 // serverStream implements a server side Stream.
@@ -1602,7 +1606,7 @@ func (ss *serverStream) SetTrailer(md metadata.MD) {
 	ss.s.SetTrailer(md)
 }
 
-func (ss *serverStream) SendMsg(m interface{}) (err error) {
+func (ss *serverStream) SendMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1610,7 +1614,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: true, msg: m}, true)
 				} else {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1677,7 +1681,7 @@ func (ss *serverStream) SendMsg(m interface{}) (err error) {
 	return nil
 }
 
-func (ss *serverStream) RecvMsg(m interface{}) (err error) {
+func (ss *serverStream) RecvMsg(m any) (err error) {
 	defer func() {
 		if ss.trInfo != nil {
 			ss.mu.Lock()
@@ -1685,7 +1689,7 @@ func (ss *serverStream) RecvMsg(m interface{}) (err error) {
 				if err == nil {
 					ss.trInfo.tr.LazyLog(&payload{sent: false, msg: m}, true)
 				} else if err != io.EOF {
-					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []interface{}{err}}, true)
+					ss.trInfo.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true)
 					ss.trInfo.tr.SetError()
 				}
 			}
@@ -1757,7 +1761,7 @@ func MethodFromServerStream(stream ServerStream) (string, bool) {
 // prepareMsg returns the hdr, payload and data
 // using the compressors passed or using the
 // passed preparedmsg
-func prepareMsg(m interface{}, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
+func prepareMsg(m any, codec baseCodec, cp Compressor, comp encoding.Compressor) (hdr, payload, data []byte, err error) {
 	if preparedMsg, ok := m.(*PreparedMsg); ok {
 		return preparedMsg.hdr, preparedMsg.payload, preparedMsg.encodedData, nil
 	}
diff --git a/vendor/google.golang.org/grpc/tap/tap.go b/vendor/google.golang.org/grpc/tap/tap.go
index bfa5dfa40..07f012576 100644
--- a/vendor/google.golang.org/grpc/tap/tap.go
+++ b/vendor/google.golang.org/grpc/tap/tap.go
@@ -27,6 +27,8 @@ package tap
 
 import (
 	"context"
+
+	"google.golang.org/grpc/metadata"
 )
 
 // Info defines the relevant information needed by the handles.
@@ -34,6 +36,10 @@ type Info struct {
 	// FullMethodName is the string of grpc method (in the format of
 	// /package.service/method).
 	FullMethodName string
+
+	// Header contains the header metadata received.
+	Header metadata.MD
+
 	// TODO: More to be added.
 }
 
diff --git a/vendor/google.golang.org/grpc/trace.go b/vendor/google.golang.org/grpc/trace.go
index 07a2d26b3..9ded79321 100644
--- a/vendor/google.golang.org/grpc/trace.go
+++ b/vendor/google.golang.org/grpc/trace.go
@@ -97,8 +97,8 @@ func truncate(x string, l int) string {
 
 // payload represents an RPC request or response payload.
 type payload struct {
-	sent bool        // whether this is an outgoing payload
-	msg  interface{} // e.g. a proto.Message
+	sent bool // whether this is an outgoing payload
+	msg  any  // e.g. a proto.Message
 	// TODO(dsymonds): add stringifying info to codec, and limit how much we hold here?
 }
 
@@ -111,7 +111,7 @@ func (p payload) String() string {
 
 type fmtStringer struct {
 	format string
-	a      []interface{}
+	a      []any
 }
 
 func (f *fmtStringer) String() string {
diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go
index 12a5a9d00..6d2cadd79 100644
--- a/vendor/google.golang.org/grpc/version.go
+++ b/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
 package grpc
 
 // Version is the current grpc version.
-const Version = "1.57.1"
+const Version = "1.59.0"
diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh
index a8e4732b3..bb480f1f9 100644
--- a/vendor/google.golang.org/grpc/vet.sh
+++ b/vendor/google.golang.org/grpc/vet.sh
@@ -84,12 +84,18 @@ not git grep -l 'x/net/context' -- "*.go"
 #   thread safety.
 git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test'
 
+# - Do not use "interface{}"; use "any" instead.
+git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc'
+
 # - Do not call grpclog directly. Use grpclog.Component instead.
 git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go'
 
 # - Ensure all ptypes proto packages are renamed when importing.
 not git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go"
 
+# - Ensure all usages of grpc_testing package are renamed when importing.
+not git grep "\(import \|^\s*\)\"google.golang.org/grpc/interop/grpc_testing" -- "*.go" 
+
 # - Ensure all xds proto imports are renamed to *pb or *grpc.
 git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*.pb.go' | not grep -v 'pb "\|grpc "'
 
@@ -106,7 +112,7 @@ for MOD_FILE in $(find . -name 'go.mod'); do
   goimports -l . 2>&1 | not grep -vE "\.pb\.go"
   golint ./... 2>&1 | not grep -vE "/grpc_testing_not_regenerate/.*\.pb\.go:"
 
-  go mod tidy -compat=1.17
+  go mod tidy -compat=1.19
   git status --porcelain 2>&1 | fail_on_output || \
     (git status; git --no-pager diff; exit 1)
   popd
@@ -168,8 +174,6 @@ proto.RegisteredExtension is deprecated
 proto.RegisteredExtensions is deprecated
 proto.RegisterMapType is deprecated
 proto.Unmarshaler is deprecated
-resolver.Backend
-resolver.GRPCLB
 Target is deprecated: Use the Target field in the BuildOptions instead.
 xxx_messageInfo_
 ' "${SC_OUT}"
diff --git a/vendor/honnef.co/go/tools/analysis/lint/lint.go b/vendor/honnef.co/go/tools/analysis/lint/lint.go
index b4e37d6f4..7d116a23d 100644
--- a/vendor/honnef.co/go/tools/analysis/lint/lint.go
+++ b/vendor/honnef.co/go/tools/analysis/lint/lint.go
@@ -8,6 +8,7 @@ import (
 	"go/ast"
 	"go/build"
 	"go/token"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -206,21 +207,28 @@ func (v *VersionFlag) String() string {
 	return fmt.Sprintf("1.%d", *v)
 }
 
-func (v *VersionFlag) Set(s string) error {
-	if len(s) < 3 {
-		return fmt.Errorf("invalid Go version: %q", s)
-	}
-	if s[0] != '1' {
-		return fmt.Errorf("invalid Go version: %q", s)
-	}
-	if s[1] != '.' {
-		return fmt.Errorf("invalid Go version: %q", s)
+var goVersionRE = regexp.MustCompile(`^(?:go)?1.(\d+).*$`)
+
+// ParseGoVersion parses Go versions of the form 1.M, 1.M.N, or 1.M.NrcR, with an optional "go" prefix. It assumes that
+// versions have already been verified and are valid.
+func ParseGoVersion(s string) (int, bool) {
+	m := goVersionRE.FindStringSubmatch(s)
+	if m == nil {
+		return 0, false
 	}
-	i, err := strconv.Atoi(s[2:])
+	n, err := strconv.Atoi(m[1])
 	if err != nil {
+		return 0, false
+	}
+	return n, true
+}
+
+func (v *VersionFlag) Set(s string) error {
+	n, ok := ParseGoVersion(s)
+	if !ok {
 		return fmt.Errorf("invalid Go version: %q", s)
 	}
-	*v = VersionFlag(i)
+	*v = VersionFlag(n)
 	return nil
 }
 
diff --git a/vendor/honnef.co/go/tools/go/ir/builder.go b/vendor/honnef.co/go/tools/go/ir/builder.go
index d56975b72..1a77ed042 100644
--- a/vendor/honnef.co/go/tools/go/ir/builder.go
+++ b/vendor/honnef.co/go/tools/go/ir/builder.go
@@ -1145,16 +1145,13 @@ func (b *builder) arrayLen(fn *Function, elts []ast.Expr) int64 {
 //	x = T{a: x.a}
 //
 // all the reads must occur before all the writes. This is implicitly handled by the write buffering effected by
-// compositeElement.
+// compositeElement and explicitly by the storebuf for when we don't use CompositeValue.
 //
 // A CompositeLit may have pointer type only in the recursive (nested)
 // case when the type name is implicit.  e.g. in []*T{{}}, the inner
 // literal has type *T behaves like &T{}.
 // In that case, addr must hold a T, not a *T.
 func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero bool, sb *storebuf) {
-	// Even though we no longer need storebuf for nested composite literals (because compositeElements act as buffers
-	// themselves), we still need storebuf for things like multiple assignment, e.g. 't.F1, t.F2 = T2{1}, T2{t.F1.X}'
-
 	typ := deref(fn.Pkg.typeOf(e))
 	switch t := typeutil.CoreType(typ).(type) {
 	case *types.Struct:
@@ -1220,41 +1217,77 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 				final = zc
 			}
 		} else {
-			v := &CompositeValue{
-				Values: make([]Value, at.Len()),
-			}
-			zc := emitConst(fn, zeroConst(at.Elem()))
-			for i := range v.Values {
-				v.Values[i] = zc
-			}
-			v.setType(at)
+			if at.Len() == int64(len(e.Elts)) {
+				// The literal specifies all elements, so we can use a composite value
+				v := &CompositeValue{
+					Values: make([]Value, at.Len()),
+				}
+				zc := emitConst(fn, zeroConst(at.Elem()))
+				for i := range v.Values {
+					v.Values[i] = zc
+				}
+				v.setType(at)
 
-			var idx *Const
-			for _, e := range e.Elts {
-				if kv, ok := e.(*ast.KeyValueExpr); ok {
-					idx = b.expr(fn, kv.Key).(*Const)
-					e = kv.Value
-				} else {
-					var idxval int64
-					if idx != nil {
-						idxval = idx.Int64() + 1
+				var idx *Const
+				for _, e := range e.Elts {
+					if kv, ok := e.(*ast.KeyValueExpr); ok {
+						idx = b.expr(fn, kv.Key).(*Const)
+						e = kv.Value
+					} else {
+						var idxval int64
+						if idx != nil {
+							idxval = idx.Int64() + 1
+						}
+						idx = emitConst(fn, intConst(idxval)).(*Const)
 					}
-					idx = emitConst(fn, intConst(idxval)).(*Const)
-				}
 
-				iaddr := &compositeElement{
-					cv:   v,
-					idx:  int(idx.Int64()),
-					t:    at.Elem(),
-					expr: e,
+					iaddr := &compositeElement{
+						cv:   v,
+						idx:  int(idx.Int64()),
+						t:    at.Elem(),
+						expr: e,
+					}
+
+					b.assign(fn, iaddr, e, true, sb, e)
+					v.Bitmap.SetBit(&v.Bitmap, int(idx.Int64()), 1)
+					v.NumSet++
+				}
+				final = v
+				fn.emit(v, e)
+			} else {
+				// Not all elements are specified. Populate the array with a series of stores, to guard against literals
+				// like []int{1<<62: 1}.
+				if !isZero {
+					// memclear
+					sb.store(&address{array, nil}, zeroValue(fn, deref(array.Type()), e), e)
 				}
 
-				b.assign(fn, iaddr, e, true, sb, e)
-				v.Bitmap.SetBit(&v.Bitmap, int(idx.Int64()), 1)
-				v.NumSet++
+				var idx *Const
+				for _, e := range e.Elts {
+					if kv, ok := e.(*ast.KeyValueExpr); ok {
+						idx = b.expr(fn, kv.Key).(*Const)
+						e = kv.Value
+					} else {
+						var idxval int64
+						if idx != nil {
+							idxval = idx.Int64() + 1
+						}
+						idx = emitConst(fn, intConst(idxval)).(*Const)
+					}
+					iaddr := &IndexAddr{
+						X:     array,
+						Index: idx,
+					}
+					iaddr.setType(types.NewPointer(at.Elem()))
+					fn.emit(iaddr, e)
+					if t != at { // slice
+						// backing array is unaliased => storebuf not needed.
+						b.assign(fn, &address{addr: iaddr, expr: e}, e, true, nil, e)
+					} else {
+						b.assign(fn, &address{addr: iaddr, expr: e}, e, true, sb, e)
+					}
+				}
 			}
-			final = v
-			fn.emit(v, e)
 		}
 		if t != at { // slice
 			if final != nil {
diff --git a/vendor/honnef.co/go/tools/go/ir/methods.go b/vendor/honnef.co/go/tools/go/ir/methods.go
index eb247a936..b7903c847 100644
--- a/vendor/honnef.co/go/tools/go/ir/methods.go
+++ b/vendor/honnef.co/go/tools/go/ir/methods.go
@@ -11,8 +11,6 @@ import (
 	"go/types"
 
 	"honnef.co/go/tools/analysis/lint"
-
-	"golang.org/x/exp/typeparams"
 )
 
 // MethodValue returns the Function implementing method sel, building
@@ -118,7 +116,7 @@ func (prog *Program) RuntimeTypes() []types.Type {
 // declaredFunc returns the concrete function/method denoted by obj.
 // Panic ensues if there is none.
 func (prog *Program) declaredFunc(obj *types.Func) *Function {
-	if origin := typeparams.OriginMethod(obj); origin != obj {
+	if origin := obj.Origin(); origin != obj {
 		// Calling method on instantiated type, create a wrapper that calls the generic type's method
 		base := prog.packageLevelValue(origin)
 		return makeInstance(prog, base.(*Function), obj.Type().(*types.Signature), nil)
diff --git a/vendor/honnef.co/go/tools/go/ir/source.go b/vendor/honnef.co/go/tools/go/ir/source.go
index 0aa8ef303..155c5f733 100644
--- a/vendor/honnef.co/go/tools/go/ir/source.go
+++ b/vendor/honnef.co/go/tools/go/ir/source.go
@@ -14,8 +14,6 @@ import (
 	"go/ast"
 	"go/token"
 	"go/types"
-
-	"golang.org/x/exp/typeparams"
 )
 
 // EnclosingFunction returns the function that contains the syntax
@@ -170,7 +168,7 @@ func (prog *Program) packageLevelValue(obj types.Object) Value {
 // TODO(adonovan): check the invariant that obj.Type() matches the
 // result's Signature, both in the params/results and in the receiver.
 func (prog *Program) FuncValue(obj *types.Func) *Function {
-	obj = typeparams.OriginMethod(obj)
+	obj = obj.Origin()
 	fn, _ := prog.packageLevelValue(obj).(*Function)
 	return fn
 }
diff --git a/vendor/honnef.co/go/tools/go/types/typeutil/util.go b/vendor/honnef.co/go/tools/go/types/typeutil/util.go
index b0aca16bd..3a2ad973b 100644
--- a/vendor/honnef.co/go/tools/go/types/typeutil/util.go
+++ b/vendor/honnef.co/go/tools/go/types/typeutil/util.go
@@ -122,6 +122,8 @@ func flattenFields(T *types.Struct, path []int, seen map[types.Type]bool) []Fiel
 		if field.Anonymous() {
 			if s, ok := Dereference(field.Type()).Underlying().(*types.Struct); ok {
 				out = append(out, flattenFields(s, np, seen)...)
+			} else {
+				out = append(out, Field{field, tag, np})
 			}
 		} else {
 			out = append(out, Field{field, tag, np})
diff --git a/vendor/honnef.co/go/tools/knowledge/deprecated.go b/vendor/honnef.co/go/tools/knowledge/deprecated.go
index 343d5deb7..caeb49975 100644
--- a/vendor/honnef.co/go/tools/knowledge/deprecated.go
+++ b/vendor/honnef.co/go/tools/knowledge/deprecated.go
@@ -187,54 +187,44 @@ var StdlibDeprecations = map[string]Deprecation{
 	"syscall.Syscall18": {18, 18},
 	"syscall.Syscall6":  {18, 18},
 	"syscall.Syscall9":  {18, 18},
+
+	"reflect.SliceHeader":                              {21, 17},
+	"reflect.StringHeader":                             {21, 20},
+	"crypto/elliptic.GenerateKey":                      {21, 21},
+	"crypto/elliptic.Marshal":                          {21, 21},
+	"crypto/elliptic.Unmarshal":                        {21, 21},
+	"(*crypto/elliptic.CurveParams).Add":               {21, 21},
+	"(*crypto/elliptic.CurveParams).Double":            {21, 21},
+	"(*crypto/elliptic.CurveParams).IsOnCurve":         {21, 21},
+	"(*crypto/elliptic.CurveParams).ScalarBaseMult":    {21, 21},
+	"(*crypto/elliptic.CurveParams).ScalarMult":        {21, 21},
+	"crypto/rsa.GenerateMultiPrimeKey":                 {21, DeprecatedNeverUse},
+	"(crypto/rsa.PrecomputedValues).CRTValues":         {21, DeprecatedNeverUse},
+	"(crypto/x509.RevocationList).RevokedCertificates": {21, 21},
 }
 
-// Last imported from Go at 9f0234214473dfb785a5ad84a8fc62a6a395cbc3 with the following numbers of deprecations:
+// Last imported from Go at c19c4c566c63818dfd059b352e52c4710eecf14d with the following numbers of deprecations:
 //
 // archive/tar/common.go:2
 // archive/zip/struct.go:6
 // bytes/bytes.go:1
-// cmd/api/testdata/src/pkg/p1/p1.go:8
-// cmd/api/testdata/src/pkg/p2/p2.go:2
-// cmd/api/testdata/src/pkg/p4/p4.go:1
-// cmd/compile/internal/noder/quirks.go:1
-// cmd/compile/internal/reflectdata/reflect.go:2
-// cmd/compile/internal/syntax/walk.go:1
-// cmd/compile/internal/types/sym.go:3
-// cmd/go/internal/modcmd/edit.go:1
-// cmd/go/testdata/mod/example.com_deprecated_a_v1.9.0.txt:2
-// cmd/go/testdata/mod/example.com_deprecated_b_v1.9.0.txt:2
-// cmd/go/testdata/mod/example.com_undeprecated_v1.0.0.txt:2
-// cmd/go/testdata/script/mod_deprecate_message.txt:4
-// cmd/go/testdata/script/mod_edit.txt:1
-// cmd/go/testdata/script/mod_list_deprecated.txt:2
-// cmd/go/testdata/script/mod_list_deprecated_replace.txt:1
-// cmd/internal/obj/link.go:5
-// cmd/internal/obj/textflag.go:1
-// cmd/vendor/golang.org/x/mod/modfile/rule.go:2
-// cmd/vendor/golang.org/x/mod/semver/semver.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go:1
-// cmd/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go:1
-// cmd/vendor/golang.org/x/sys/windows/security_windows.go:1
-// cmd/vendor/golang.org/x/sys/windows/syscall_windows.go:2
 // compress/flate/inflate.go:2
 // crypto/dsa/dsa.go:1
+// crypto/elliptic/elliptic.go:8
+// crypto/elliptic/params.go:5
 // crypto/rc4/rc4.go:1
-// crypto/tls/common.go:7
+// crypto/rsa/rsa.go:2
+// crypto/tls/common.go:6
 // crypto/x509/cert_pool.go:1
 // crypto/x509/pem_decrypt.go:3
 // crypto/x509/pkix/pkix.go:2
-// crypto/x509/x509.go:5
+// crypto/x509/x509.go:6
 // database/sql/driver/driver.go:6
 // debug/gosym/pclntab.go:2
 // encoding/csv/reader.go:2
 // encoding/json/decode.go:1
 // encoding/json/encode.go:1
+// go/build/build.go:1
 // go/doc/comment.go:2
 // go/doc/doc.go:1
 // go/doc/synopsis.go:1
@@ -260,7 +250,7 @@ var StdlibDeprecations = map[string]Deprecation{
 // path/filepath/path_plan9.go:1
 // path/filepath/path_unix.go:1
 // path/filepath/path_windows.go:1
-// reflect/value.go:1
+// reflect/value.go:3
 // regexp/regexp.go:1
 // runtime/cpuprof.go:1
 // strings/strings.go:1
diff --git a/vendor/honnef.co/go/tools/pattern/match.go b/vendor/honnef.co/go/tools/pattern/match.go
index 32eb9d696..3eae3bd63 100644
--- a/vendor/honnef.co/go/tools/pattern/match.go
+++ b/vendor/honnef.co/go/tools/pattern/match.go
@@ -6,6 +6,8 @@ import (
 	"go/token"
 	"go/types"
 	"reflect"
+
+	"golang.org/x/tools/go/ast/astutil"
 )
 
 var tokensByString = map[string]Token{
@@ -560,13 +562,14 @@ func (fn Symbol) Match(m *Matcher, node interface{}) (interface{}, bool) {
 		return nil, false
 	}
 
-	fun := r
+	fun := r.(ast.Expr)
 	switch idx := fun.(type) {
 	case *ast.IndexExpr:
 		fun = idx.X
 	case *ast.IndexListExpr:
 		fun = idx.X
 	}
+	fun = astutil.Unparen(fun)
 
 	switch fun := fun.(type) {
 	case *ast.Ident:
diff --git a/vendor/honnef.co/go/tools/simple/lint.go b/vendor/honnef.co/go/tools/simple/lint.go
index 084264367..8458f7be6 100644
--- a/vendor/honnef.co/go/tools/simple/lint.go
+++ b/vendor/honnef.co/go/tools/simple/lint.go
@@ -778,13 +778,13 @@ var checkLoopAppendQ = pattern.MustParse(`
 		x
 		[(AssignStmt [lhs] "=" [(CallExpr (Builtin "append") [lhs val])])])
 	(RangeStmt
-		idx@(Ident _)
+		idx@(Object _)
 		nil
 		_
 		x
 		[(AssignStmt [lhs] "=" [(CallExpr (Builtin "append") [lhs (IndexExpr x idx)])])])
 	(RangeStmt
-		idx@(Ident _)
+		idx@(Object _)
 		nil
 		_
 		x
@@ -800,8 +800,7 @@ func CheckLoopAppend(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 
-		val, ok := m.State["val"].(types.Object)
-		if ok && refersTo(pass, m.State["lhs"].(ast.Expr), val) {
+		if val, ok := m.State["val"].(types.Object); ok && refersTo(pass, m.State["lhs"].(ast.Expr), val) {
 			return
 		}
 
@@ -811,6 +810,26 @@ func CheckLoopAppend(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 
+		if idx, ok := m.State["idx"].(types.Object); ok && refersTo(pass, m.State["lhs"].(ast.Expr), idx) {
+			// The lhs mustn't refer to the index loop variable.
+			return
+		}
+
+		if code.MayHaveSideEffects(pass, m.State["lhs"].(ast.Expr), pure) {
+			// The lhs may be dynamic and return different values on each iteration. For example:
+			//
+			// 	func bar() map[int][]int { /* return one of several maps */ }
+			//
+			// 	func foo(x []int, y [][]int) {
+			// 		for i := range x {
+			// 			bar()[0] = append(bar()[0], x[i])
+			// 		}
+			// 	}
+			//
+			// The dynamic nature of the lhs might also affect the value of the index.
+			return
+		}
+
 		src := pass.TypesInfo.TypeOf(m.State["x"].(ast.Expr))
 		dst := pass.TypesInfo.TypeOf(m.State["lhs"].(ast.Expr))
 		if !types.Identical(src, dst) {
diff --git a/vendor/honnef.co/go/tools/staticcheck/lint.go b/vendor/honnef.co/go/tools/staticcheck/lint.go
index fb911f337..b7c0f9137 100644
--- a/vendor/honnef.co/go/tools/staticcheck/lint.go
+++ b/vendor/honnef.co/go/tools/staticcheck/lint.go
@@ -1144,17 +1144,31 @@ func CheckDubiousDeferInChannelRangeLoop(pass *analysis.Pass) (interface{}, erro
 		if !ok {
 			return
 		}
+
+		stmts := []*ast.DeferStmt{}
+		exits := false
 		fn2 := func(node ast.Node) bool {
 			switch stmt := node.(type) {
 			case *ast.DeferStmt:
-				report.Report(pass, stmt, "defers in this range loop won't run unless the channel gets closed")
+				stmts = append(stmts, stmt)
 			case *ast.FuncLit:
 				// Don't look into function bodies
 				return false
+			case *ast.ReturnStmt:
+				exits = true
+			case *ast.BranchStmt:
+				exits = node.(*ast.BranchStmt).Tok == token.BREAK
 			}
 			return true
 		}
 		ast.Inspect(loop.Body, fn2)
+
+		if exits {
+			return
+		}
+		for _, stmt := range stmts {
+			report.Report(pass, stmt, "defers in this range loop won't run unless the channel gets closed")
+		}
 	}
 	code.Preorder(pass, fn, (*ast.RangeStmt)(nil))
 	return nil, nil
@@ -1598,7 +1612,7 @@ func CheckEmptyCriticalSection(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return nil, "", false
 		}
-		call, ok := expr.X.(*ast.CallExpr)
+		call, ok := astutil.Unparen(expr.X).(*ast.CallExpr)
 		if !ok {
 			return nil, "", false
 		}
@@ -3168,7 +3182,7 @@ func CheckDeprecated(pass *analysis.Pass) (interface{}, error) {
 
 		obj := pass.TypesInfo.ObjectOf(sel.Sel)
 		if obj_, ok := obj.(*types.Func); ok {
-			obj = typeparams.OriginMethod(obj_)
+			obj = obj_.Origin()
 		}
 		if obj.Pkg() == nil {
 			return true
diff --git a/vendor/honnef.co/go/tools/stylecheck/names.go b/vendor/honnef.co/go/tools/stylecheck/names.go
index f038d0632..d37bf6baf 100644
--- a/vendor/honnef.co/go/tools/stylecheck/names.go
+++ b/vendor/honnef.co/go/tools/stylecheck/names.go
@@ -114,7 +114,11 @@ func CheckNames(pass *analysis.Pass) (interface{}, error) {
 				return
 			}
 
-			if code.IsInTest(pass, v) && (strings.HasPrefix(v.Name.Name, "Example") || strings.HasPrefix(v.Name.Name, "Test") || strings.HasPrefix(v.Name.Name, "Benchmark")) {
+			if code.IsInTest(pass, v) &&
+				(strings.HasPrefix(v.Name.Name, "Example") ||
+					strings.HasPrefix(v.Name.Name, "Test") ||
+					strings.HasPrefix(v.Name.Name, "Benchmark") ||
+					strings.HasPrefix(v.Name.Name, "Fuzz")) {
 				return
 			}
 
diff --git a/vendor/honnef.co/go/tools/unused/unused.go b/vendor/honnef.co/go/tools/unused/unused.go
index fdf6d32cb..edd263075 100644
--- a/vendor/honnef.co/go/tools/unused/unused.go
+++ b/vendor/honnef.co/go/tools/unused/unused.go
@@ -17,7 +17,6 @@ import (
 	"honnef.co/go/tools/go/ast/astutil"
 	"honnef.co/go/tools/go/types/typeutil"
 
-	"golang.org/x/exp/typeparams"
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/types/objectpath"
 )
@@ -1151,8 +1150,7 @@ func (g *graph) decl(decl ast.Decl, by types.Object) {
 		}
 
 	case *ast.FuncDecl:
-		// XXX calling OriginMethod is unnecessary if we use types.Func.Origin
-		obj := typeparams.OriginMethod(g.info.ObjectOf(decl.Name).(*types.Func))
+		obj := g.info.ObjectOf(decl.Name).(*types.Func).Origin()
 		g.see(obj, nil)
 
 		if token.IsExported(decl.Name.Name) && g.opts.ExportedIsUsed {
@@ -1332,7 +1330,7 @@ func (g *graph) stmt(stmt ast.Stmt, by types.Object) {
 				g.read(comm.Chan, by)
 				g.read(comm.Value, by)
 			case *ast.ExprStmt:
-				g.read(comm.X.(*ast.UnaryExpr).X, by)
+				g.read(astutil.Unparen(comm.X).(*ast.UnaryExpr).X, by)
 			case *ast.AssignStmt:
 				for _, lhs := range comm.Lhs {
 					g.write(lhs, by)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index df03ee8dc..31255aa10 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -7,10 +7,10 @@
 # dario.cat/mergo v1.0.0
 ## explicit; go 1.13
 dario.cat/mergo
-# github.com/4meepo/tagalign v1.2.2
+# github.com/4meepo/tagalign v1.3.3
 ## explicit; go 1.19
 github.com/4meepo/tagalign
-# github.com/Abirdcfly/dupword v0.0.11
+# github.com/Abirdcfly/dupword v0.0.13
 ## explicit; go 1.20
 github.com/Abirdcfly/dupword
 # github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
@@ -21,12 +21,19 @@ github.com/AdaLogics/go-fuzz-headers
 github.com/AlecAivazis/survey/v2
 github.com/AlecAivazis/survey/v2/core
 github.com/AlecAivazis/survey/v2/terminal
-# github.com/Antonboom/errname v0.1.10
+# github.com/Antonboom/errname v0.1.12
 ## explicit; go 1.20
 github.com/Antonboom/errname/pkg/analyzer
-# github.com/Antonboom/nilnil v0.1.5
+# github.com/Antonboom/nilnil v0.1.7
 ## explicit; go 1.20
 github.com/Antonboom/nilnil/pkg/analyzer
+# github.com/Antonboom/testifylint v0.2.3
+## explicit; go 1.20
+github.com/Antonboom/testifylint/analyzer
+github.com/Antonboom/testifylint/internal/analysisutil
+github.com/Antonboom/testifylint/internal/checkers
+github.com/Antonboom/testifylint/internal/config
+github.com/Antonboom/testifylint/internal/testify
 # github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
 ## explicit; go 1.16
 github.com/Azure/go-ansiterm
@@ -38,9 +45,11 @@ github.com/BurntSushi/toml/internal
 # github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24
 ## explicit; go 1.13
 github.com/Djarvur/go-err113
-# github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0
-## explicit; go 1.19
-github.com/GaijinEntertainment/go-exhaustruct/v2/pkg/analyzer
+# github.com/GaijinEntertainment/go-exhaustruct/v3 v3.1.0
+## explicit; go 1.20
+github.com/GaijinEntertainment/go-exhaustruct/v3/analyzer
+github.com/GaijinEntertainment/go-exhaustruct/v3/internal/fields
+github.com/GaijinEntertainment/go-exhaustruct/v3/internal/pattern
 # github.com/Masterminds/goutils v1.1.1
 ## explicit
 github.com/Masterminds/goutils
@@ -50,7 +59,7 @@ github.com/Masterminds/semver
 # github.com/Masterminds/semver/v3 v3.2.1
 ## explicit; go 1.18
 github.com/Masterminds/semver/v3
-# github.com/Masterminds/sprig/v3 v3.2.2
+# github.com/Masterminds/sprig/v3 v3.2.3
 ## explicit; go 1.13
 github.com/Masterminds/sprig/v3
 # github.com/Microsoft/go-winio v0.6.1
@@ -64,7 +73,7 @@ github.com/Microsoft/go-winio/pkg/guid
 ## explicit; go 1.20
 github.com/OpenPeeDeeP/depguard/v2
 github.com/OpenPeeDeeP/depguard/v2/internal/utils
-# github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95
+# github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c
 ## explicit; go 1.13
 github.com/ProtonMail/go-crypto/bitcurves
 github.com/ProtonMail/go-crypto/brainpool
@@ -87,6 +96,9 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
 # github.com/agext/levenshtein v1.2.3
 ## explicit
 github.com/agext/levenshtein
+# github.com/alecthomas/go-check-sumtype v0.1.3
+## explicit; go 1.18
+github.com/alecthomas/go-check-sumtype
 # github.com/alexkohler/nakedret/v2 v2.0.2
 ## explicit; go 1.18
 github.com/alexkohler/nakedret/v2
@@ -105,13 +117,13 @@ github.com/apparentlymart/go-textseg/v15/textseg
 # github.com/armon/go-radix v1.0.0
 ## explicit
 github.com/armon/go-radix
-# github.com/ashanbrown/forbidigo v1.5.3
+# github.com/ashanbrown/forbidigo v1.6.0
 ## explicit; go 1.13
 github.com/ashanbrown/forbidigo/forbidigo
 # github.com/ashanbrown/makezero v1.1.1
 ## explicit; go 1.12
 github.com/ashanbrown/makezero/makezero
-# github.com/aws/aws-sdk-go-v2 v1.20.1
+# github.com/aws/aws-sdk-go-v2 v1.21.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2
 github.com/aws/aws-sdk-go-v2/aws
@@ -134,10 +146,10 @@ github.com/aws/aws-sdk-go-v2/internal/shareddefaults
 github.com/aws/aws-sdk-go-v2/internal/strings
 github.com/aws/aws-sdk-go-v2/internal/sync/singleflight
 github.com/aws/aws-sdk-go-v2/internal/timeconv
-# github.com/aws/aws-sdk-go-v2/config v1.18.33
+# github.com/aws/aws-sdk-go-v2/config v1.19.1
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/config
-# github.com/aws/aws-sdk-go-v2/credentials v1.13.32
+# github.com/aws/aws-sdk-go-v2/credentials v1.13.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/credentials
 github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds
@@ -146,38 +158,38 @@ github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client
 github.com/aws/aws-sdk-go-v2/credentials/processcreds
 github.com/aws/aws-sdk-go-v2/credentials/ssocreds
 github.com/aws/aws-sdk-go-v2/credentials/stscreds
-# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.8
+# github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config
-# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.38
+# github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/configsources
-# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.32
+# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2
-# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.39
+# github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/internal/ini
-# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.32
+# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url
-# github.com/aws/aws-sdk-go-v2/service/sso v1.13.2
+# github.com/aws/aws-sdk-go-v2/service/sso v1.15.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sso
 github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sso/types
-# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.2
+# github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/ssooidc
 github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/ssooidc/types
-# github.com/aws/aws-sdk-go-v2/service/sts v1.21.2
+# github.com/aws/aws-sdk-go-v2/service/sts v1.23.2
 ## explicit; go 1.15
 github.com/aws/aws-sdk-go-v2/service/sts
 github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints
 github.com/aws/aws-sdk-go-v2/service/sts/types
-# github.com/aws/smithy-go v1.14.1
+# github.com/aws/smithy-go v1.15.0
 ## explicit; go 1.15
 github.com/aws/smithy-go
 github.com/aws/smithy-go/auth/bearer
@@ -212,17 +224,17 @@ github.com/blizzy78/varnamelen
 # github.com/bombsimon/wsl/v3 v3.4.0
 ## explicit; go 1.19
 github.com/bombsimon/wsl/v3
-# github.com/breml/bidichk v0.2.4
-## explicit; go 1.19
+# github.com/breml/bidichk v0.2.7
+## explicit; go 1.20
 github.com/breml/bidichk/pkg/bidichk
-# github.com/breml/errchkjson v0.3.1
-## explicit; go 1.17
+# github.com/breml/errchkjson v0.3.6
+## explicit; go 1.20
 github.com/breml/errchkjson
 # github.com/buger/goterm v1.0.4
 ## explicit; go 1.15
 github.com/buger/goterm
-# github.com/butuzov/ireturn v0.2.0
-## explicit; go 1.15
+# github.com/butuzov/ireturn v0.2.2
+## explicit; go 1.18
 github.com/butuzov/ireturn/analyzer
 github.com/butuzov/ireturn/analyzer/internal/config
 github.com/butuzov/ireturn/analyzer/internal/types
@@ -230,6 +242,20 @@ github.com/butuzov/ireturn/analyzer/internal/types
 ## explicit; go 1.19
 github.com/butuzov/mirror
 github.com/butuzov/mirror/internal/checker
+# github.com/catenacyber/perfsprint v0.2.0
+## explicit; go 1.20
+github.com/catenacyber/perfsprint/analyzer
+# github.com/ccojocar/zxcvbn-go v1.0.1
+## explicit; go 1.20
+github.com/ccojocar/zxcvbn-go
+github.com/ccojocar/zxcvbn-go/adjacency
+github.com/ccojocar/zxcvbn-go/data
+github.com/ccojocar/zxcvbn-go/entropy
+github.com/ccojocar/zxcvbn-go/frequency
+github.com/ccojocar/zxcvbn-go/match
+github.com/ccojocar/zxcvbn-go/matching
+github.com/ccojocar/zxcvbn-go/scoring
+github.com/ccojocar/zxcvbn-go/utils/math
 # github.com/cenkalti/backoff/v4 v4.2.1
 ## explicit; go 1.18
 github.com/cenkalti/backoff/v4
@@ -239,10 +265,10 @@ github.com/cespare/xxhash/v2
 # github.com/charithe/durationcheck v0.0.10
 ## explicit; go 1.14
 github.com/charithe/durationcheck
-# github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8
+# github.com/chavacava/garif v0.1.0
 ## explicit; go 1.16
 github.com/chavacava/garif
-# github.com/cloudflare/circl v1.3.3
+# github.com/cloudflare/circl v1.3.5
 ## explicit; go 1.19
 github.com/cloudflare/circl/dh/x25519
 github.com/cloudflare/circl/dh/x448
@@ -314,7 +340,7 @@ github.com/cpuguy83/dockercfg
 ## explicit; go 1.18
 github.com/curioswitch/go-reassign
 github.com/curioswitch/go-reassign/internal/analyzer
-# github.com/daixiang0/gci v0.10.1
+# github.com/daixiang0/gci v0.11.2
 ## explicit; go 1.18
 github.com/daixiang0/gci/pkg/config
 github.com/daixiang0/gci/pkg/format
@@ -325,7 +351,7 @@ github.com/daixiang0/gci/pkg/parse
 github.com/daixiang0/gci/pkg/section
 github.com/daixiang0/gci/pkg/specificity
 github.com/daixiang0/gci/pkg/utils
-# github.com/davecgh/go-spew v1.1.1
+# github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
 ## explicit
 github.com/davecgh/go-spew/spew
 # github.com/deckarep/golang-set/v2 v2.3.1
@@ -338,6 +364,9 @@ github.com/denis-tingaikin/go-header
 ## explicit; go 1.18
 github.com/distribution/distribution/v3/reference
 github.com/distribution/distribution/v3/uuid
+# github.com/distribution/reference v0.5.0
+## explicit; go 1.20
+github.com/distribution/reference
 # github.com/docker/buildx v0.11.2
 ## explicit; go 1.20
 github.com/docker/buildx/build
@@ -368,7 +397,7 @@ github.com/docker/buildx/util/platformutil
 github.com/docker/buildx/util/progress
 github.com/docker/buildx/util/resolver
 github.com/docker/buildx/util/waitmap
-# github.com/docker/cli v24.0.5+incompatible
+# github.com/docker/cli v24.0.7+incompatible
 ## explicit
 github.com/docker/cli/cli
 github.com/docker/cli/cli-plugins/manager
@@ -397,6 +426,7 @@ github.com/docker/cli/cli/context/docker
 github.com/docker/cli/cli/context/store
 github.com/docker/cli/cli/debug
 github.com/docker/cli/cli/flags
+github.com/docker/cli/cli/hints
 github.com/docker/cli/cli/manifest/store
 github.com/docker/cli/cli/manifest/types
 github.com/docker/cli/cli/registry/client
@@ -416,10 +446,9 @@ github.com/docker/compose/v2/pkg/progress
 github.com/docker/compose/v2/pkg/prompt
 github.com/docker/compose/v2/pkg/utils
 github.com/docker/compose/v2/pkg/watch
-# github.com/docker/distribution v2.8.2+incompatible
+# github.com/docker/distribution v2.8.3+incompatible
 ## explicit
 github.com/docker/distribution
-github.com/docker/distribution/digestset
 github.com/docker/distribution/manifest
 github.com/docker/distribution/manifest/manifestlist
 github.com/docker/distribution/manifest/ocischema
@@ -435,7 +464,7 @@ github.com/docker/distribution/registry/client/transport
 github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
-# github.com/docker/docker v24.0.5+incompatible
+# github.com/docker/docker v24.0.7+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types
@@ -516,8 +545,8 @@ github.com/firefart/nonamedreturns/analyzer
 # github.com/fsnotify/fsevents v0.1.1
 ## explicit
 github.com/fsnotify/fsevents
-# github.com/fsnotify/fsnotify v1.6.0
-## explicit; go 1.16
+# github.com/fsnotify/fsnotify v1.7.0
+## explicit; go 1.17
 github.com/fsnotify/fsnotify
 # github.com/fvbommel/sortorder v1.1.0
 ## explicit; go 1.13
@@ -525,7 +554,10 @@ github.com/fvbommel/sortorder
 # github.com/fzipp/gocyclo v0.6.0
 ## explicit; go 1.18
 github.com/fzipp/gocyclo
-# github.com/go-critic/go-critic v0.8.1
+# github.com/ghostiam/protogetter v0.2.3
+## explicit; go 1.19
+github.com/ghostiam/protogetter
+# github.com/go-critic/go-critic v0.9.0
 ## explicit; go 1.18
 github.com/go-critic/go-critic/checkers
 github.com/go-critic/go-critic/checkers/internal/astwalk
@@ -625,14 +657,13 @@ github.com/golangci/dupl/syntax/golang
 # github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe
 ## explicit; go 1.17
 github.com/golangci/go-misc/deadcode
-# github.com/golangci/gofmt v0.0.0-20220901101216-f2edd75033f2
-## explicit; go 1.18
+# github.com/golangci/gofmt v0.0.0-20231018234816-f50ced29576e
+## explicit; go 1.20
 github.com/golangci/gofmt/gofmt
 github.com/golangci/gofmt/gofmt/internal/diff
-github.com/golangci/gofmt/gofmt/internal/execabs
 github.com/golangci/gofmt/goimports
-# github.com/golangci/golangci-lint v1.53.3
-## explicit; go 1.19
+# github.com/golangci/golangci-lint v1.55.2
+## explicit; go 1.20
 github.com/golangci/golangci-lint/cmd/golangci-lint
 github.com/golangci/golangci-lint/internal/cache
 github.com/golangci/golangci-lint/internal/errorutil
@@ -664,11 +695,11 @@ github.com/golangci/lint-1
 # github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca
 ## explicit
 github.com/golangci/maligned
-# github.com/golangci/misspell v0.4.0
-## explicit; go 1.18
+# github.com/golangci/misspell v0.4.1
+## explicit; go 1.19
 github.com/golangci/misspell
-# github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6
-## explicit; go 1.17
+# github.com/golangci/revgrep v0.5.2
+## explicit; go 1.19
 github.com/golangci/revgrep
 # github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4
 ## explicit
@@ -680,7 +711,7 @@ github.com/google/gnostic/extensions
 github.com/google/gnostic/jsonschema
 github.com/google/gnostic/openapiv2
 github.com/google/gnostic/openapiv3
-# github.com/google/go-cmp v0.5.9
+# github.com/google/go-cmp v0.6.0
 ## explicit; go 1.13
 github.com/google/go-cmp/cmp
 github.com/google/go-cmp/cmp/internal/diff
@@ -694,7 +725,7 @@ github.com/google/gofuzz/bytesource
 # github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 ## explicit; go 1.13
 github.com/google/shlex
-# github.com/google/uuid v1.3.0
+# github.com/google/uuid v1.4.0
 ## explicit
 github.com/google/uuid
 # github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601
@@ -775,8 +806,8 @@ github.com/hashicorp/hc-install/product
 github.com/hashicorp/hc-install/releases
 github.com/hashicorp/hc-install/src
 github.com/hashicorp/hc-install/version
-# github.com/hashicorp/hcl v1.0.0
-## explicit
+# github.com/hashicorp/hcl v1.0.1-vault-5
+## explicit; go 1.15
 github.com/hashicorp/hcl
 github.com/hashicorp/hcl/hcl/ast
 github.com/hashicorp/hcl/hcl/parser
@@ -883,7 +914,7 @@ github.com/hashicorp/yamux
 github.com/hexops/gotextdiff
 github.com/hexops/gotextdiff/myers
 github.com/hexops/gotextdiff/span
-# github.com/huandu/xstrings v1.3.2
+# github.com/huandu/xstrings v1.3.3
 ## explicit; go 1.12
 github.com/huandu/xstrings
 # github.com/imdario/mergo v0.3.16
@@ -899,7 +930,7 @@ github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1
 # github.com/inconshreveable/mousetrap v1.1.0
 ## explicit; go 1.18
 github.com/inconshreveable/mousetrap
-# github.com/jgautheron/goconst v1.5.1
+# github.com/jgautheron/goconst v1.6.0
 ## explicit; go 1.13
 github.com/jgautheron/goconst
 # github.com/jingyugao/rowserrcheck v1.1.1
@@ -933,7 +964,7 @@ github.com/kisielk/gotool/internal/load
 # github.com/kkHAIKE/contextcheck v1.1.4
 ## explicit; go 1.20
 github.com/kkHAIKE/contextcheck
-# github.com/klauspost/compress v1.16.7
+# github.com/klauspost/compress v1.17.2
 ## explicit; go 1.18
 github.com/klauspost/compress
 github.com/klauspost/compress/fse
@@ -945,7 +976,7 @@ github.com/klauspost/compress/zstd/internal/xxhash
 # github.com/kulti/thelper v0.6.3
 ## explicit; go 1.18
 github.com/kulti/thelper/pkg/analyzer
-# github.com/kunwardeep/paralleltest v1.0.7
+# github.com/kunwardeep/paralleltest v1.0.8
 ## explicit; go 1.17
 github.com/kunwardeep/paralleltest/pkg/paralleltest
 # github.com/kyoh86/exportloopref v0.1.11
@@ -968,6 +999,9 @@ github.com/leonklingele/grouper/pkg/analyzer/vars
 # github.com/lufeee/execinquery v1.2.1
 ## explicit; go 1.17
 github.com/lufeee/execinquery
+# github.com/macabu/inamedparam v0.1.2
+## explicit; go 1.19
+github.com/macabu/inamedparam
 # github.com/magiconair/properties v1.8.7
 ## explicit; go 1.19
 github.com/magiconair/properties
@@ -997,16 +1031,17 @@ github.com/mattn/go-runewidth
 # github.com/mattn/go-shellwords v1.0.12
 ## explicit; go 1.13
 github.com/mattn/go-shellwords
-# github.com/matttproud/golang_protobuf_extensions v1.0.4
-## explicit; go 1.9
-github.com/matttproud/golang_protobuf_extensions/pbutil
+# github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0
+## explicit; go 1.19
+github.com/matttproud/golang_protobuf_extensions/v2/pbutil
 # github.com/mbilski/exhaustivestruct v1.2.0
 ## explicit; go 1.15
 github.com/mbilski/exhaustivestruct/pkg/analyzer
-# github.com/mgechev/revive v1.3.2
-## explicit; go 1.19
+# github.com/mgechev/revive v1.3.4
+## explicit; go 1.20
 github.com/mgechev/revive/config
 github.com/mgechev/revive/formatter
+github.com/mgechev/revive/internal/ifelse
 github.com/mgechev/revive/internal/typeparams
 github.com/mgechev/revive/lint
 github.com/mgechev/revive/rule
@@ -1101,9 +1136,10 @@ github.com/moby/buildkit/version
 # github.com/moby/locker v1.0.1
 ## explicit; go 1.13
 github.com/moby/locker
-# github.com/moby/patternmatcher v0.5.0
+# github.com/moby/patternmatcher v0.6.0
 ## explicit; go 1.19
 github.com/moby/patternmatcher
+github.com/moby/patternmatcher/ignorefile
 # github.com/moby/spdystream v0.2.0
 ## explicit; go 1.13
 github.com/moby/spdystream
@@ -1144,26 +1180,16 @@ github.com/munnerz/goautoneg
 # github.com/nakabonne/nestif v0.3.1
 ## explicit; go 1.15
 github.com/nakabonne/nestif
-# github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354
-## explicit; go 1.14
-github.com/nbutton23/zxcvbn-go
-github.com/nbutton23/zxcvbn-go/adjacency
-github.com/nbutton23/zxcvbn-go/data
-github.com/nbutton23/zxcvbn-go/entropy
-github.com/nbutton23/zxcvbn-go/frequency
-github.com/nbutton23/zxcvbn-go/match
-github.com/nbutton23/zxcvbn-go/matching
-github.com/nbutton23/zxcvbn-go/scoring
-github.com/nbutton23/zxcvbn-go/utils/math
 # github.com/nishanths/exhaustive v0.11.0
 ## explicit; go 1.18
 github.com/nishanths/exhaustive
 # github.com/nishanths/predeclared v0.2.2
 ## explicit; go 1.14
 github.com/nishanths/predeclared/passes/predeclared
-# github.com/nunnatsa/ginkgolinter v0.12.1
-## explicit; go 1.19
+# github.com/nunnatsa/ginkgolinter v0.14.1
+## explicit; go 1.20
 github.com/nunnatsa/ginkgolinter
+github.com/nunnatsa/ginkgolinter/ginkgohandler
 github.com/nunnatsa/ginkgolinter/gomegahandler
 github.com/nunnatsa/ginkgolinter/reverseassertion
 github.com/nunnatsa/ginkgolinter/types
@@ -1177,20 +1203,21 @@ github.com/olekukonko/tablewriter
 # github.com/opencontainers/go-digest v1.0.0
 ## explicit; go 1.13
 github.com/opencontainers/go-digest
-# github.com/opencontainers/image-spec v1.1.0-rc4
+github.com/opencontainers/go-digest/digestset
+# github.com/opencontainers/image-spec v1.1.0-rc5
 ## explicit; go 1.18
 github.com/opencontainers/image-spec/specs-go
 github.com/opencontainers/image-spec/specs-go/v1
 # github.com/opencontainers/runc v1.1.9
 ## explicit; go 1.17
 github.com/opencontainers/runc/libcontainer/user
-# github.com/paultyng/go-unifi v1.33.0
+# github.com/paultyng/go-unifi v1.33.0 => github.com/akerl/go-unifi v0.0.0-20231130040649-72458fa2bc15
 ## explicit; go 1.18
 github.com/paultyng/go-unifi/unifi
 # github.com/pelletier/go-toml v1.9.5
 ## explicit; go 1.12
 github.com/pelletier/go-toml
-# github.com/pelletier/go-toml/v2 v2.0.6
+# github.com/pelletier/go-toml/v2 v2.1.0
 ## explicit; go 1.16
 github.com/pelletier/go-toml/v2
 github.com/pelletier/go-toml/v2/internal/characters
@@ -1200,10 +1227,10 @@ github.com/pelletier/go-toml/v2/unstable
 # github.com/pkg/errors v0.9.1
 ## explicit
 github.com/pkg/errors
-# github.com/pmezard/go-difflib v1.0.0
+# github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
 ## explicit
 github.com/pmezard/go-difflib/difflib
-# github.com/polyfloyd/go-errorlint v1.4.2
+# github.com/polyfloyd/go-errorlint v1.4.5
 ## explicit; go 1.20
 github.com/polyfloyd/go-errorlint/errorlint
 # github.com/posener/complete v1.2.3
@@ -1211,27 +1238,27 @@ github.com/polyfloyd/go-errorlint/errorlint
 github.com/posener/complete
 github.com/posener/complete/cmd
 github.com/posener/complete/cmd/install
-# github.com/prometheus/client_golang v1.16.0
-## explicit; go 1.17
+# github.com/prometheus/client_golang v1.17.0
+## explicit; go 1.19
 github.com/prometheus/client_golang/prometheus
 github.com/prometheus/client_golang/prometheus/internal
 github.com/prometheus/client_golang/prometheus/promhttp
 github.com/prometheus/client_golang/prometheus/testutil/promlint
-# github.com/prometheus/client_model v0.4.0
-## explicit; go 1.18
+# github.com/prometheus/client_model v0.5.0
+## explicit; go 1.19
 github.com/prometheus/client_model/go
-# github.com/prometheus/common v0.44.0
-## explicit; go 1.18
+# github.com/prometheus/common v0.45.0
+## explicit; go 1.20
 github.com/prometheus/common/expfmt
 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg
 github.com/prometheus/common/model
-# github.com/prometheus/procfs v0.11.1
+# github.com/prometheus/procfs v0.12.0
 ## explicit; go 1.19
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/quasilyte/go-ruleguard v0.3.19
-## explicit; go 1.17
+# github.com/quasilyte/go-ruleguard v0.4.0
+## explicit; go 1.19
 github.com/quasilyte/go-ruleguard/internal/goenv
 github.com/quasilyte/go-ruleguard/internal/golist
 github.com/quasilyte/go-ruleguard/internal/xsrcimporter
@@ -1267,17 +1294,23 @@ github.com/russross/blackfriday
 # github.com/ryancurrah/gomodguard v1.3.0
 ## explicit; go 1.19
 github.com/ryancurrah/gomodguard
-# github.com/ryanrolds/sqlclosecheck v0.4.0
-## explicit; go 1.19
+# github.com/ryanrolds/sqlclosecheck v0.5.1
+## explicit; go 1.20
 github.com/ryanrolds/sqlclosecheck/pkg/analyzer
+# github.com/sagikazarmark/locafero v0.3.0
+## explicit; go 1.20
+github.com/sagikazarmark/locafero
+# github.com/sagikazarmark/slog-shim v0.1.0
+## explicit; go 1.20
+github.com/sagikazarmark/slog-shim
 # github.com/sanposhiho/wastedassign/v2 v2.0.7
 ## explicit; go 1.14
 github.com/sanposhiho/wastedassign/v2
 # github.com/sashamelentyev/interfacebloat v1.1.0
 ## explicit; go 1.18
 github.com/sashamelentyev/interfacebloat/pkg/analyzer
-# github.com/sashamelentyev/usestdlibvars v1.23.0
-## explicit; go 1.19
+# github.com/sashamelentyev/usestdlibvars v1.24.0
+## explicit; go 1.20
 github.com/sashamelentyev/usestdlibvars/pkg/analyzer
 github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping
 # github.com/secure-systems-lab/go-securesystemslib v0.7.0
@@ -1285,8 +1318,8 @@ github.com/sashamelentyev/usestdlibvars/pkg/analyzer/internal/mapping
 github.com/secure-systems-lab/go-securesystemslib/cjson
 github.com/secure-systems-lab/go-securesystemslib/dsse
 github.com/secure-systems-lab/go-securesystemslib/signerverifier
-# github.com/securego/gosec/v2 v2.16.0
-## explicit; go 1.19
+# github.com/securego/gosec/v2 v2.18.2
+## explicit; go 1.20
 github.com/securego/gosec/v2
 github.com/securego/gosec/v2/analyzers
 github.com/securego/gosec/v2/cwe
@@ -1321,28 +1354,31 @@ github.com/sivchari/tenv
 github.com/sonatard/noctx
 github.com/sonatard/noctx/ngfunc
 github.com/sonatard/noctx/reqwithoutctx
+# github.com/sourcegraph/conc v0.3.0
+## explicit; go 1.19
+github.com/sourcegraph/conc
+github.com/sourcegraph/conc/internal/multierror
+github.com/sourcegraph/conc/iter
+github.com/sourcegraph/conc/panics
 # github.com/sourcegraph/go-diff v0.7.0
 ## explicit; go 1.14
 github.com/sourcegraph/go-diff/diff
-# github.com/spf13/afero v1.9.3
+# github.com/spf13/afero v1.10.0
 ## explicit; go 1.16
 github.com/spf13/afero
 github.com/spf13/afero/internal/common
 github.com/spf13/afero/mem
-# github.com/spf13/cast v1.5.0
+# github.com/spf13/cast v1.5.1
 ## explicit; go 1.18
 github.com/spf13/cast
-# github.com/spf13/cobra v1.7.0
+# github.com/spf13/cobra v1.8.0
 ## explicit; go 1.15
 github.com/spf13/cobra
-# github.com/spf13/jwalterweatherman v1.1.0
-## explicit
-github.com/spf13/jwalterweatherman
 # github.com/spf13/pflag v1.0.5
 ## explicit; go 1.12
 github.com/spf13/pflag
-# github.com/spf13/viper v1.15.0
-## explicit; go 1.17
+# github.com/spf13/viper v1.17.0
+## explicit; go 1.18
 github.com/spf13/viper
 github.com/spf13/viper/internal/encoding
 github.com/spf13/viper/internal/encoding/dotenv
@@ -1366,7 +1402,7 @@ github.com/stretchr/objx
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/mock
 github.com/stretchr/testify/require
-# github.com/subosito/gotenv v1.4.2
+# github.com/subosito/gotenv v1.6.0
 ## explicit; go 1.18
 github.com/subosito/gotenv
 # github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c
@@ -1387,8 +1423,8 @@ github.com/testcontainers/testcontainers-go/wait
 # github.com/testcontainers/testcontainers-go/modules/compose v0.23.0
 ## explicit; go 1.20
 github.com/testcontainers/testcontainers-go/modules/compose
-# github.com/tetafro/godot v1.4.11
-## explicit; go 1.16
+# github.com/tetafro/godot v1.4.15
+## explicit; go 1.20
 github.com/tetafro/godot
 # github.com/theupdateframework/notary v0.7.0
 ## explicit; go 1.12
@@ -1439,13 +1475,13 @@ github.com/tonistiigi/units
 # github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531
 ## explicit; go 1.12
 github.com/tonistiigi/vt100
-# github.com/ultraware/funlen v0.0.3
-## explicit
+# github.com/ultraware/funlen v0.1.0
+## explicit; go 1.20
 github.com/ultraware/funlen
 # github.com/ultraware/whitespace v0.0.5
 ## explicit
 github.com/ultraware/whitespace
-# github.com/uudashr/gocognit v1.0.6
+# github.com/uudashr/gocognit v1.1.2
 ## explicit; go 1.16
 github.com/uudashr/gocognit
 # github.com/vmihailenco/msgpack v4.0.4+incompatible
@@ -1472,7 +1508,7 @@ github.com/xeipuuv/gojsonreference
 # github.com/xeipuuv/gojsonschema v1.2.0
 ## explicit
 github.com/xeipuuv/gojsonschema
-# github.com/xen0n/gosmopolitan v1.2.1
+# github.com/xen0n/gosmopolitan v1.2.2
 ## explicit; go 1.19
 github.com/xen0n/gosmopolitan
 # github.com/yagipy/maintidx v1.0.0
@@ -1483,7 +1519,7 @@ github.com/yagipy/maintidx/pkg/halstvol
 # github.com/yeya24/promlinter v0.2.0
 ## explicit; go 1.16
 github.com/yeya24/promlinter
-# github.com/ykadowak/zerologlint v0.1.2
+# github.com/ykadowak/zerologlint v0.1.3
 ## explicit; go 1.19
 github.com/ykadowak/zerologlint
 # github.com/zclconf/go-cty v1.14.0
@@ -1496,9 +1532,12 @@ github.com/zclconf/go-cty/cty/function/stdlib
 github.com/zclconf/go-cty/cty/gocty
 github.com/zclconf/go-cty/cty/json
 github.com/zclconf/go-cty/cty/set
-# gitlab.com/bosi/decorder v0.2.3
-## explicit; go 1.17
+# gitlab.com/bosi/decorder v0.4.1
+## explicit; go 1.20
 gitlab.com/bosi/decorder
+# go-simpler.org/sloglint v0.1.2
+## explicit; go 1.20
+go-simpler.org/sloglint
 # go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0
 ## explicit; go 1.19
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
@@ -1564,16 +1603,13 @@ go.opentelemetry.io/proto/otlp/collector/trace/v1
 go.opentelemetry.io/proto/otlp/common/v1
 go.opentelemetry.io/proto/otlp/resource/v1
 go.opentelemetry.io/proto/otlp/trace/v1
-# go.tmz.dev/musttag v0.7.0
+# go.tmz.dev/musttag v0.7.2
 ## explicit; go 1.19
 go.tmz.dev/musttag
-# go.uber.org/atomic v1.10.0
-## explicit; go 1.18
-go.uber.org/atomic
-# go.uber.org/multierr v1.9.0
+# go.uber.org/multierr v1.11.0
 ## explicit; go 1.19
 go.uber.org/multierr
-# go.uber.org/zap v1.24.0
+# go.uber.org/zap v1.26.0
 ## explicit; go 1.19
 go.uber.org/zap
 go.uber.org/zap/buffer
@@ -1581,9 +1617,11 @@ go.uber.org/zap/internal
 go.uber.org/zap/internal/bufferpool
 go.uber.org/zap/internal/color
 go.uber.org/zap/internal/exit
+go.uber.org/zap/internal/pool
+go.uber.org/zap/internal/stacktrace
 go.uber.org/zap/zapcore
-# golang.org/x/crypto v0.14.0
-## explicit; go 1.17
+# golang.org/x/crypto v0.16.0
+## explicit; go 1.18
 golang.org/x/crypto/argon2
 golang.org/x/crypto/bcrypt
 golang.org/x/crypto/blake2b
@@ -1603,22 +1641,24 @@ golang.org/x/crypto/sha3
 golang.org/x/crypto/ssh
 golang.org/x/crypto/ssh/agent
 golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
-# golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+# golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 ## explicit; go 1.20
 golang.org/x/exp/constraints
 golang.org/x/exp/slices
-# golang.org/x/exp/typeparams v0.0.0-20230224173230-c95f2b4c22f2
+golang.org/x/exp/slog
+golang.org/x/exp/slog/internal
+golang.org/x/exp/slog/internal/buffer
+# golang.org/x/exp/typeparams v0.0.0-20230307190834-24139beb5833
 ## explicit; go 1.18
 golang.org/x/exp/typeparams
-# golang.org/x/mod v0.12.0
-## explicit; go 1.17
+# golang.org/x/mod v0.14.0
+## explicit; go 1.18
 golang.org/x/mod/internal/lazyregexp
 golang.org/x/mod/modfile
 golang.org/x/mod/module
 golang.org/x/mod/semver
-# golang.org/x/net v0.17.0
-## explicit; go 1.17
-golang.org/x/net/context
+# golang.org/x/net v0.19.0
+## explicit; go 1.18
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2
 golang.org/x/net/http2/hpack
@@ -1627,32 +1667,37 @@ golang.org/x/net/internal/socks
 golang.org/x/net/internal/timeseries
 golang.org/x/net/proxy
 golang.org/x/net/trace
-# golang.org/x/oauth2 v0.11.0
+# golang.org/x/oauth2 v0.13.0
 ## explicit; go 1.18
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.3.0
-## explicit; go 1.17
+# golang.org/x/sync v0.5.0
+## explicit; go 1.18
 golang.org/x/sync/errgroup
 golang.org/x/sync/semaphore
-# golang.org/x/sys v0.13.0
-## explicit; go 1.17
+# golang.org/x/sys v0.15.0
+## explicit; go 1.18
 golang.org/x/sys/cpu
 golang.org/x/sys/execabs
 golang.org/x/sys/plan9
 golang.org/x/sys/unix
 golang.org/x/sys/windows
 golang.org/x/sys/windows/registry
-# golang.org/x/term v0.13.0
-## explicit; go 1.17
+# golang.org/x/term v0.15.0
+## explicit; go 1.18
 golang.org/x/term
-# golang.org/x/text v0.13.0
-## explicit; go 1.17
+# golang.org/x/text v0.14.0
+## explicit; go 1.18
 golang.org/x/text/cases
+golang.org/x/text/encoding
+golang.org/x/text/encoding/internal
+golang.org/x/text/encoding/internal/identifier
+golang.org/x/text/encoding/unicode
 golang.org/x/text/internal
 golang.org/x/text/internal/language
 golang.org/x/text/internal/language/compact
 golang.org/x/text/internal/tag
+golang.org/x/text/internal/utf8internal
 golang.org/x/text/language
 golang.org/x/text/runes
 golang.org/x/text/secure/bidirule
@@ -1663,10 +1708,11 @@ golang.org/x/text/width
 # golang.org/x/time v0.3.0
 ## explicit
 golang.org/x/time/rate
-# golang.org/x/tools v0.12.0
+# golang.org/x/tools v0.16.0
 ## explicit; go 1.18
 golang.org/x/tools/cmd/stringer
 golang.org/x/tools/go/analysis
+golang.org/x/tools/go/analysis/passes/appends
 golang.org/x/tools/go/analysis/passes/asmdecl
 golang.org/x/tools/go/analysis/passes/assign
 golang.org/x/tools/go/analysis/passes/atomic
@@ -1679,6 +1725,8 @@ golang.org/x/tools/go/analysis/passes/composite
 golang.org/x/tools/go/analysis/passes/copylock
 golang.org/x/tools/go/analysis/passes/ctrlflow
 golang.org/x/tools/go/analysis/passes/deepequalerrors
+golang.org/x/tools/go/analysis/passes/defers
+golang.org/x/tools/go/analysis/passes/directive
 golang.org/x/tools/go/analysis/passes/errorsas
 golang.org/x/tools/go/analysis/passes/fieldalignment
 golang.org/x/tools/go/analysis/passes/findcall
@@ -1697,6 +1745,7 @@ golang.org/x/tools/go/analysis/passes/reflectvaluecompare
 golang.org/x/tools/go/analysis/passes/shadow
 golang.org/x/tools/go/analysis/passes/shift
 golang.org/x/tools/go/analysis/passes/sigchanyzer
+golang.org/x/tools/go/analysis/passes/slog
 golang.org/x/tools/go/analysis/passes/sortslice
 golang.org/x/tools/go/analysis/passes/stdmethods
 golang.org/x/tools/go/analysis/passes/stringintconv
@@ -1728,7 +1777,6 @@ golang.org/x/tools/internal/event/core
 golang.org/x/tools/internal/event/keys
 golang.org/x/tools/internal/event/label
 golang.org/x/tools/internal/event/tag
-golang.org/x/tools/internal/fastwalk
 golang.org/x/tools/internal/gcimporter
 golang.org/x/tools/internal/gocommand
 golang.org/x/tools/internal/gopathwalk
@@ -1738,7 +1786,8 @@ golang.org/x/tools/internal/pkgbits
 golang.org/x/tools/internal/tokeninternal
 golang.org/x/tools/internal/typeparams
 golang.org/x/tools/internal/typesinternal
-# google.golang.org/appengine v1.6.7
+golang.org/x/tools/internal/versions
+# google.golang.org/appengine v1.6.8
 ## explicit; go 1.11
 google.golang.org/appengine
 google.golang.org/appengine/datastore
@@ -1753,18 +1802,18 @@ google.golang.org/appengine/internal/modules
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20230814215434-ca7cfce7776a
+# google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
 google.golang.org/genproto/protobuf/field_mask
-# google.golang.org/genproto/googleapis/api v0.0.0-20230814215434-ca7cfce7776a
+# google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20230814215434-ca7cfce7776a
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b
 ## explicit; go 1.19
 google.golang.org/genproto/googleapis/rpc/errdetails
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.57.1
-## explicit; go 1.17
+# google.golang.org/grpc v1.59.0
+## explicit; go 1.19
 google.golang.org/grpc
 google.golang.org/grpc/attributes
 google.golang.org/grpc/backoff
@@ -1797,6 +1846,7 @@ google.golang.org/grpc/internal/grpclog
 google.golang.org/grpc/internal/grpcrand
 google.golang.org/grpc/internal/grpcsync
 google.golang.org/grpc/internal/grpcutil
+google.golang.org/grpc/internal/idle
 google.golang.org/grpc/internal/metadata
 google.golang.org/grpc/internal/pretty
 google.golang.org/grpc/internal/resolver
@@ -1869,7 +1919,7 @@ gopkg.in/yaml.v2
 # gopkg.in/yaml.v3 v3.0.1
 ## explicit
 gopkg.in/yaml.v3
-# honnef.co/go/tools v0.4.3
+# honnef.co/go/tools v0.4.6
 ## explicit; go 1.19
 honnef.co/go/tools/analysis/code
 honnef.co/go/tools/analysis/edit
@@ -2177,10 +2227,12 @@ sigs.k8s.io/structured-merge-diff/v4/fieldpath
 sigs.k8s.io/structured-merge-diff/v4/schema
 sigs.k8s.io/structured-merge-diff/v4/typed
 sigs.k8s.io/structured-merge-diff/v4/value
-# sigs.k8s.io/yaml v1.3.0
+# sigs.k8s.io/yaml v1.4.0
 ## explicit; go 1.12
 sigs.k8s.io/yaml
+sigs.k8s.io/yaml/goyaml.v2
 # github.com/cucumber/godog => github.com/laurazard/godog v0.0.0-20220922095256-4c4b17abdae7
+# github.com/paultyng/go-unifi => github.com/akerl/go-unifi v0.0.0-20231130040649-72458fa2bc15
 # k8s.io/api => k8s.io/api v0.26.7
 # k8s.io/apimachinery => k8s.io/apimachinery v0.26.7
 # k8s.io/client-go => k8s.io/client-go v0.26.7
diff --git a/vendor/sigs.k8s.io/yaml/LICENSE b/vendor/sigs.k8s.io/yaml/LICENSE
index 7805d36de..093d6d3ed 100644
--- a/vendor/sigs.k8s.io/yaml/LICENSE
+++ b/vendor/sigs.k8s.io/yaml/LICENSE
@@ -48,3 +48,259 @@ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# The forked go-yaml.v3 library under this project is covered by two
+different licenses (MIT and Apache):
+
+#### MIT License ####
+
+The following files were ported to Go from C files of libyaml, and thus
+are still covered by their original MIT license, with the additional
+copyright staring in 2011 when the project was ported over:
+
+    apic.go emitterc.go parserc.go readerc.go scannerc.go
+    writerc.go yamlh.go yamlprivateh.go
+
+Copyright (c) 2006-2010 Kirill Simonov
+Copyright (c) 2006-2011 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+### Apache License ###
+
+All the remaining project files are covered by the Apache license:
+
+Copyright (c) 2011-2019 Canonical Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+# The forked go-yaml.v2 library under the project is covered by an
+Apache license:
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/OWNERS b/vendor/sigs.k8s.io/yaml/OWNERS
index 325b40b07..003a149e1 100644
--- a/vendor/sigs.k8s.io/yaml/OWNERS
+++ b/vendor/sigs.k8s.io/yaml/OWNERS
@@ -2,26 +2,22 @@
 
 approvers:
 - dims
-- lavalamp
+- jpbetz
 - smarterclayton
 - deads2k
 - sttts
 - liggitt
-- caesarxuchao
 reviewers:
 - dims
 - thockin
-- lavalamp
+- jpbetz
 - smarterclayton
 - wojtek-t
 - deads2k
 - derekwaynecarr
-- caesarxuchao
 - mikedanese
 - liggitt
-- gmarek
 - sttts
-- ncdc
 - tallclair
 labels:
 - sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/fields.go b/vendor/sigs.k8s.io/yaml/fields.go
index 235b7f2cf..0ea28bd03 100644
--- a/vendor/sigs.k8s.io/yaml/fields.go
+++ b/vendor/sigs.k8s.io/yaml/fields.go
@@ -16,53 +16,53 @@ import (
 	"unicode/utf8"
 )
 
-// indirect walks down v allocating pointers as needed,
+// indirect walks down 'value' allocating pointers as needed,
 // until it gets to a non-pointer.
 // if it encounters an Unmarshaler, indirect stops and returns that.
 // if decodingNull is true, indirect stops at the last pointer so it can be set to nil.
-func indirect(v reflect.Value, decodingNull bool) (json.Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
-	// If v is a named type and is addressable,
+func indirect(value reflect.Value, decodingNull bool) (json.Unmarshaler, encoding.TextUnmarshaler, reflect.Value) {
+	// If 'value' is a named type and is addressable,
 	// start with its address, so that if the type has pointer methods,
 	// we find them.
-	if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() {
-		v = v.Addr()
+	if value.Kind() != reflect.Ptr && value.Type().Name() != "" && value.CanAddr() {
+		value = value.Addr()
 	}
 	for {
 		// Load value from interface, but only if the result will be
 		// usefully addressable.
-		if v.Kind() == reflect.Interface && !v.IsNil() {
-			e := v.Elem()
-			if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) {
-				v = e
+		if value.Kind() == reflect.Interface && !value.IsNil() {
+			element := value.Elem()
+			if element.Kind() == reflect.Ptr && !element.IsNil() && (!decodingNull || element.Elem().Kind() == reflect.Ptr) {
+				value = element
 				continue
 			}
 		}
 
-		if v.Kind() != reflect.Ptr {
+		if value.Kind() != reflect.Ptr {
 			break
 		}
 
-		if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() {
+		if value.Elem().Kind() != reflect.Ptr && decodingNull && value.CanSet() {
 			break
 		}
-		if v.IsNil() {
-			if v.CanSet() {
-				v.Set(reflect.New(v.Type().Elem()))
+		if value.IsNil() {
+			if value.CanSet() {
+				value.Set(reflect.New(value.Type().Elem()))
 			} else {
-				v = reflect.New(v.Type().Elem())
+				value = reflect.New(value.Type().Elem())
 			}
 		}
-		if v.Type().NumMethod() > 0 {
-			if u, ok := v.Interface().(json.Unmarshaler); ok {
+		if value.Type().NumMethod() > 0 {
+			if u, ok := value.Interface().(json.Unmarshaler); ok {
 				return u, nil, reflect.Value{}
 			}
-			if u, ok := v.Interface().(encoding.TextUnmarshaler); ok {
+			if u, ok := value.Interface().(encoding.TextUnmarshaler); ok {
 				return nil, u, reflect.Value{}
 			}
 		}
-		v = v.Elem()
+		value = value.Elem()
 	}
-	return nil, nil, v
+	return nil, nil, value
 }
 
 // A field represents a single field found in a struct.
@@ -134,8 +134,8 @@ func typeFields(t reflect.Type) []field {
 	next := []field{{typ: t}}
 
 	// Count of queued names for current level and the next.
-	count := map[reflect.Type]int{}
-	nextCount := map[reflect.Type]int{}
+	var count map[reflect.Type]int
+	var nextCount map[reflect.Type]int
 
 	// Types already visited at an earlier level.
 	visited := map[reflect.Type]bool{}
@@ -348,8 +348,9 @@ const (
 // 4) simpleLetterEqualFold, no specials, no non-letters.
 //
 // The letters S and K are special because they map to 3 runes, not just 2:
-//  * S maps to s and to U+017F 'ſ' Latin small letter long s
-//  * k maps to K and to U+212A 'K' Kelvin sign
+//   - S maps to s and to U+017F 'ſ' Latin small letter long s
+//   - k maps to K and to U+212A 'K' Kelvin sign
+//
 // See http://play.golang.org/p/tTxjOc0OGo
 //
 // The returned function is specialized for matching against s and
@@ -420,10 +421,8 @@ func equalFoldRight(s, t []byte) bool {
 		t = t[size:]
 
 	}
-	if len(t) > 0 {
-		return false
-	}
-	return true
+
+	return len(t) <= 0
 }
 
 // asciiEqualFold is a specialization of bytes.EqualFold for use when
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
new file mode 100644
index 000000000..8dada3eda
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
new file mode 100644
index 000000000..8da58fbf6
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/LICENSE.libyaml
@@ -0,0 +1,31 @@
+The following files were ported to Go from C files of libyaml, and thus
+are still covered by their original copyright and license:
+
+    apic.go
+    emitterc.go
+    parserc.go
+    readerc.go
+    scannerc.go
+    writerc.go
+    yamlh.go
+    yamlprivateh.go
+
+Copyright (c) 2006 Kirill Simonov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE b/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
new file mode 100644
index 000000000..866d74a7a
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/NOTICE
@@ -0,0 +1,13 @@
+Copyright 2011-2016 Canonical Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
new file mode 100644
index 000000000..73be0a3a9
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/OWNERS
@@ -0,0 +1,24 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- dims
+- jpbetz
+- smarterclayton
+- deads2k
+- sttts
+- liggitt
+- natasha41575
+- knverey
+reviewers:
+- dims
+- thockin
+- jpbetz
+- smarterclayton
+- deads2k
+- derekwaynecarr
+- mikedanese
+- liggitt
+- sttts
+- tallclair
+labels:
+- sig/api-machinery
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md b/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
new file mode 100644
index 000000000..53f4139dc
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/README.md
@@ -0,0 +1,143 @@
+# go-yaml fork
+
+This package is a fork of the go-yaml library and is intended solely for consumption
+by kubernetes projects. In this fork, we plan to support only critical changes required for
+kubernetes, such as small bug fixes and regressions. Larger, general-purpose feature requests
+should be made in the upstream go-yaml library, and we will reject such changes in this fork
+unless we are pulling them from upstream.
+
+This fork is based on v2.4.0: https://github.com/go-yaml/yaml/releases/tag/v2.4.0
+
+# YAML support for the Go language
+
+Introduction
+------------
+
+The yaml package enables Go programs to comfortably encode and decode YAML
+values. It was developed within [Canonical](https://www.canonical.com) as
+part of the [juju](https://juju.ubuntu.com) project, and is based on a
+pure Go port of the well-known [libyaml](http://pyyaml.org/wiki/LibYAML)
+C library to parse and generate YAML data quickly and reliably.
+
+Compatibility
+-------------
+
+The yaml package supports most of YAML 1.1 and 1.2, including support for
+anchors, tags, map merging, etc. Multi-document unmarshalling is not yet
+implemented, and base-60 floats from YAML 1.1 are purposefully not
+supported since they're a poor design and are gone in YAML 1.2.
+
+Installation and usage
+----------------------
+
+The import path for the package is *gopkg.in/yaml.v2*.
+
+To install it, run:
+
+    go get gopkg.in/yaml.v2
+
+API documentation
+-----------------
+
+If opened in a browser, the import path itself leads to the API documentation:
+
+  * [https://gopkg.in/yaml.v2](https://gopkg.in/yaml.v2)
+
+API stability
+-------------
+
+The package API for yaml v2 will remain stable as described in [gopkg.in](https://gopkg.in).
+
+
+License
+-------
+
+The yaml package is licensed under the Apache License 2.0. Please see the LICENSE file for details.
+
+
+Example
+-------
+
+```Go
+package main
+
+import (
+        "fmt"
+        "log"
+
+        "gopkg.in/yaml.v2"
+)
+
+var data = `
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+`
+
+// Note: struct fields must be public in order for unmarshal to
+// correctly populate the data.
+type T struct {
+        A string
+        B struct {
+                RenamedC int   `yaml:"c"`
+                D        []int `yaml:",flow"`
+        }
+}
+
+func main() {
+        t := T{}
+    
+        err := yaml.Unmarshal([]byte(data), &t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t:\n%v\n\n", t)
+    
+        d, err := yaml.Marshal(&t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t dump:\n%s\n\n", string(d))
+    
+        m := make(map[interface{}]interface{})
+    
+        err = yaml.Unmarshal([]byte(data), &m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m:\n%v\n\n", m)
+    
+        d, err = yaml.Marshal(&m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m dump:\n%s\n\n", string(d))
+}
+```
+
+This example will generate the following output:
+
+```
+--- t:
+{Easy! {2 [3 4]}}
+
+--- t dump:
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+
+
+--- m:
+map[a:Easy! b:map[c:2 d:[3 4]]]
+
+--- m dump:
+a: Easy!
+b:
+  c: 2
+  d:
+  - 3
+  - 4
+```
+
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
new file mode 100644
index 000000000..acf71402c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/apic.go
@@ -0,0 +1,744 @@
+package yaml
+
+import (
+	"io"
+)
+
+func yaml_insert_token(parser *yaml_parser_t, pos int, token *yaml_token_t) {
+	//fmt.Println("yaml_insert_token", "pos:", pos, "typ:", token.typ, "head:", parser.tokens_head, "len:", len(parser.tokens))
+
+	// Check if we can move the queue at the beginning of the buffer.
+	if parser.tokens_head > 0 && len(parser.tokens) == cap(parser.tokens) {
+		if parser.tokens_head != len(parser.tokens) {
+			copy(parser.tokens, parser.tokens[parser.tokens_head:])
+		}
+		parser.tokens = parser.tokens[:len(parser.tokens)-parser.tokens_head]
+		parser.tokens_head = 0
+	}
+	parser.tokens = append(parser.tokens, *token)
+	if pos < 0 {
+		return
+	}
+	copy(parser.tokens[parser.tokens_head+pos+1:], parser.tokens[parser.tokens_head+pos:])
+	parser.tokens[parser.tokens_head+pos] = *token
+}
+
+// Create a new parser object.
+func yaml_parser_initialize(parser *yaml_parser_t) bool {
+	*parser = yaml_parser_t{
+		raw_buffer: make([]byte, 0, input_raw_buffer_size),
+		buffer:     make([]byte, 0, input_buffer_size),
+	}
+	return true
+}
+
+// Destroy a parser object.
+func yaml_parser_delete(parser *yaml_parser_t) {
+	*parser = yaml_parser_t{}
+}
+
+// String read handler.
+func yaml_string_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) {
+	if parser.input_pos == len(parser.input) {
+		return 0, io.EOF
+	}
+	n = copy(buffer, parser.input[parser.input_pos:])
+	parser.input_pos += n
+	return n, nil
+}
+
+// Reader read handler.
+func yaml_reader_read_handler(parser *yaml_parser_t, buffer []byte) (n int, err error) {
+	return parser.input_reader.Read(buffer)
+}
+
+// Set a string input.
+func yaml_parser_set_input_string(parser *yaml_parser_t, input []byte) {
+	if parser.read_handler != nil {
+		panic("must set the input source only once")
+	}
+	parser.read_handler = yaml_string_read_handler
+	parser.input = input
+	parser.input_pos = 0
+}
+
+// Set a file input.
+func yaml_parser_set_input_reader(parser *yaml_parser_t, r io.Reader) {
+	if parser.read_handler != nil {
+		panic("must set the input source only once")
+	}
+	parser.read_handler = yaml_reader_read_handler
+	parser.input_reader = r
+}
+
+// Set the source encoding.
+func yaml_parser_set_encoding(parser *yaml_parser_t, encoding yaml_encoding_t) {
+	if parser.encoding != yaml_ANY_ENCODING {
+		panic("must set the encoding only once")
+	}
+	parser.encoding = encoding
+}
+
+var disableLineWrapping = false
+
+// Create a new emitter object.
+func yaml_emitter_initialize(emitter *yaml_emitter_t) {
+	*emitter = yaml_emitter_t{
+		buffer:     make([]byte, output_buffer_size),
+		raw_buffer: make([]byte, 0, output_raw_buffer_size),
+		states:     make([]yaml_emitter_state_t, 0, initial_stack_size),
+		events:     make([]yaml_event_t, 0, initial_queue_size),
+	}
+	if disableLineWrapping {
+		emitter.best_width = -1
+	}
+}
+
+// Destroy an emitter object.
+func yaml_emitter_delete(emitter *yaml_emitter_t) {
+	*emitter = yaml_emitter_t{}
+}
+
+// String write handler.
+func yaml_string_write_handler(emitter *yaml_emitter_t, buffer []byte) error {
+	*emitter.output_buffer = append(*emitter.output_buffer, buffer...)
+	return nil
+}
+
+// yaml_writer_write_handler uses emitter.output_writer to write the
+// emitted text.
+func yaml_writer_write_handler(emitter *yaml_emitter_t, buffer []byte) error {
+	_, err := emitter.output_writer.Write(buffer)
+	return err
+}
+
+// Set a string output.
+func yaml_emitter_set_output_string(emitter *yaml_emitter_t, output_buffer *[]byte) {
+	if emitter.write_handler != nil {
+		panic("must set the output target only once")
+	}
+	emitter.write_handler = yaml_string_write_handler
+	emitter.output_buffer = output_buffer
+}
+
+// Set a file output.
+func yaml_emitter_set_output_writer(emitter *yaml_emitter_t, w io.Writer) {
+	if emitter.write_handler != nil {
+		panic("must set the output target only once")
+	}
+	emitter.write_handler = yaml_writer_write_handler
+	emitter.output_writer = w
+}
+
+// Set the output encoding.
+func yaml_emitter_set_encoding(emitter *yaml_emitter_t, encoding yaml_encoding_t) {
+	if emitter.encoding != yaml_ANY_ENCODING {
+		panic("must set the output encoding only once")
+	}
+	emitter.encoding = encoding
+}
+
+// Set the canonical output style.
+func yaml_emitter_set_canonical(emitter *yaml_emitter_t, canonical bool) {
+	emitter.canonical = canonical
+}
+
+//// Set the indentation increment.
+func yaml_emitter_set_indent(emitter *yaml_emitter_t, indent int) {
+	if indent < 2 || indent > 9 {
+		indent = 2
+	}
+	emitter.best_indent = indent
+}
+
+// Set the preferred line width.
+func yaml_emitter_set_width(emitter *yaml_emitter_t, width int) {
+	if width < 0 {
+		width = -1
+	}
+	emitter.best_width = width
+}
+
+// Set if unescaped non-ASCII characters are allowed.
+func yaml_emitter_set_unicode(emitter *yaml_emitter_t, unicode bool) {
+	emitter.unicode = unicode
+}
+
+// Set the preferred line break character.
+func yaml_emitter_set_break(emitter *yaml_emitter_t, line_break yaml_break_t) {
+	emitter.line_break = line_break
+}
+
+///*
+// * Destroy a token object.
+// */
+//
+//YAML_DECLARE(void)
+//yaml_token_delete(yaml_token_t *token)
+//{
+//    assert(token);  // Non-NULL token object expected.
+//
+//    switch (token.type)
+//    {
+//        case YAML_TAG_DIRECTIVE_TOKEN:
+//            yaml_free(token.data.tag_directive.handle);
+//            yaml_free(token.data.tag_directive.prefix);
+//            break;
+//
+//        case YAML_ALIAS_TOKEN:
+//            yaml_free(token.data.alias.value);
+//            break;
+//
+//        case YAML_ANCHOR_TOKEN:
+//            yaml_free(token.data.anchor.value);
+//            break;
+//
+//        case YAML_TAG_TOKEN:
+//            yaml_free(token.data.tag.handle);
+//            yaml_free(token.data.tag.suffix);
+//            break;
+//
+//        case YAML_SCALAR_TOKEN:
+//            yaml_free(token.data.scalar.value);
+//            break;
+//
+//        default:
+//            break;
+//    }
+//
+//    memset(token, 0, sizeof(yaml_token_t));
+//}
+//
+///*
+// * Check if a string is a valid UTF-8 sequence.
+// *
+// * Check 'reader.c' for more details on UTF-8 encoding.
+// */
+//
+//static int
+//yaml_check_utf8(yaml_char_t *start, size_t length)
+//{
+//    yaml_char_t *end = start+length;
+//    yaml_char_t *pointer = start;
+//
+//    while (pointer < end) {
+//        unsigned char octet;
+//        unsigned int width;
+//        unsigned int value;
+//        size_t k;
+//
+//        octet = pointer[0];
+//        width = (octet & 0x80) == 0x00 ? 1 :
+//                (octet & 0xE0) == 0xC0 ? 2 :
+//                (octet & 0xF0) == 0xE0 ? 3 :
+//                (octet & 0xF8) == 0xF0 ? 4 : 0;
+//        value = (octet & 0x80) == 0x00 ? octet & 0x7F :
+//                (octet & 0xE0) == 0xC0 ? octet & 0x1F :
+//                (octet & 0xF0) == 0xE0 ? octet & 0x0F :
+//                (octet & 0xF8) == 0xF0 ? octet & 0x07 : 0;
+//        if (!width) return 0;
+//        if (pointer+width > end) return 0;
+//        for (k = 1; k < width; k ++) {
+//            octet = pointer[k];
+//            if ((octet & 0xC0) != 0x80) return 0;
+//            value = (value << 6) + (octet & 0x3F);
+//        }
+//        if (!((width == 1) ||
+//            (width == 2 && value >= 0x80) ||
+//            (width == 3 && value >= 0x800) ||
+//            (width == 4 && value >= 0x10000))) return 0;
+//
+//        pointer += width;
+//    }
+//
+//    return 1;
+//}
+//
+
+// Create STREAM-START.
+func yaml_stream_start_event_initialize(event *yaml_event_t, encoding yaml_encoding_t) {
+	*event = yaml_event_t{
+		typ:      yaml_STREAM_START_EVENT,
+		encoding: encoding,
+	}
+}
+
+// Create STREAM-END.
+func yaml_stream_end_event_initialize(event *yaml_event_t) {
+	*event = yaml_event_t{
+		typ: yaml_STREAM_END_EVENT,
+	}
+}
+
+// Create DOCUMENT-START.
+func yaml_document_start_event_initialize(
+	event *yaml_event_t,
+	version_directive *yaml_version_directive_t,
+	tag_directives []yaml_tag_directive_t,
+	implicit bool,
+) {
+	*event = yaml_event_t{
+		typ:               yaml_DOCUMENT_START_EVENT,
+		version_directive: version_directive,
+		tag_directives:    tag_directives,
+		implicit:          implicit,
+	}
+}
+
+// Create DOCUMENT-END.
+func yaml_document_end_event_initialize(event *yaml_event_t, implicit bool) {
+	*event = yaml_event_t{
+		typ:      yaml_DOCUMENT_END_EVENT,
+		implicit: implicit,
+	}
+}
+
+///*
+// * Create ALIAS.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_alias_event_initialize(event *yaml_event_t, anchor *yaml_char_t)
+//{
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    anchor_copy *yaml_char_t = NULL
+//
+//    assert(event) // Non-NULL event object is expected.
+//    assert(anchor) // Non-NULL anchor is expected.
+//
+//    if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0
+//
+//    anchor_copy = yaml_strdup(anchor)
+//    if (!anchor_copy)
+//        return 0
+//
+//    ALIAS_EVENT_INIT(*event, anchor_copy, mark, mark)
+//
+//    return 1
+//}
+
+// Create SCALAR.
+func yaml_scalar_event_initialize(event *yaml_event_t, anchor, tag, value []byte, plain_implicit, quoted_implicit bool, style yaml_scalar_style_t) bool {
+	*event = yaml_event_t{
+		typ:             yaml_SCALAR_EVENT,
+		anchor:          anchor,
+		tag:             tag,
+		value:           value,
+		implicit:        plain_implicit,
+		quoted_implicit: quoted_implicit,
+		style:           yaml_style_t(style),
+	}
+	return true
+}
+
+// Create SEQUENCE-START.
+func yaml_sequence_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_sequence_style_t) bool {
+	*event = yaml_event_t{
+		typ:      yaml_SEQUENCE_START_EVENT,
+		anchor:   anchor,
+		tag:      tag,
+		implicit: implicit,
+		style:    yaml_style_t(style),
+	}
+	return true
+}
+
+// Create SEQUENCE-END.
+func yaml_sequence_end_event_initialize(event *yaml_event_t) bool {
+	*event = yaml_event_t{
+		typ: yaml_SEQUENCE_END_EVENT,
+	}
+	return true
+}
+
+// Create MAPPING-START.
+func yaml_mapping_start_event_initialize(event *yaml_event_t, anchor, tag []byte, implicit bool, style yaml_mapping_style_t) {
+	*event = yaml_event_t{
+		typ:      yaml_MAPPING_START_EVENT,
+		anchor:   anchor,
+		tag:      tag,
+		implicit: implicit,
+		style:    yaml_style_t(style),
+	}
+}
+
+// Create MAPPING-END.
+func yaml_mapping_end_event_initialize(event *yaml_event_t) {
+	*event = yaml_event_t{
+		typ: yaml_MAPPING_END_EVENT,
+	}
+}
+
+// Destroy an event object.
+func yaml_event_delete(event *yaml_event_t) {
+	*event = yaml_event_t{}
+}
+
+///*
+// * Create a document object.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_initialize(document *yaml_document_t,
+//        version_directive *yaml_version_directive_t,
+//        tag_directives_start *yaml_tag_directive_t,
+//        tag_directives_end *yaml_tag_directive_t,
+//        start_implicit int, end_implicit int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    struct {
+//        start *yaml_node_t
+//        end *yaml_node_t
+//        top *yaml_node_t
+//    } nodes = { NULL, NULL, NULL }
+//    version_directive_copy *yaml_version_directive_t = NULL
+//    struct {
+//        start *yaml_tag_directive_t
+//        end *yaml_tag_directive_t
+//        top *yaml_tag_directive_t
+//    } tag_directives_copy = { NULL, NULL, NULL }
+//    value yaml_tag_directive_t = { NULL, NULL }
+//    mark yaml_mark_t = { 0, 0, 0 }
+//
+//    assert(document) // Non-NULL document object is expected.
+//    assert((tag_directives_start && tag_directives_end) ||
+//            (tag_directives_start == tag_directives_end))
+//                            // Valid tag directives are expected.
+//
+//    if (!STACK_INIT(&context, nodes, INITIAL_STACK_SIZE)) goto error
+//
+//    if (version_directive) {
+//        version_directive_copy = yaml_malloc(sizeof(yaml_version_directive_t))
+//        if (!version_directive_copy) goto error
+//        version_directive_copy.major = version_directive.major
+//        version_directive_copy.minor = version_directive.minor
+//    }
+//
+//    if (tag_directives_start != tag_directives_end) {
+//        tag_directive *yaml_tag_directive_t
+//        if (!STACK_INIT(&context, tag_directives_copy, INITIAL_STACK_SIZE))
+//            goto error
+//        for (tag_directive = tag_directives_start
+//                tag_directive != tag_directives_end; tag_directive ++) {
+//            assert(tag_directive.handle)
+//            assert(tag_directive.prefix)
+//            if (!yaml_check_utf8(tag_directive.handle,
+//                        strlen((char *)tag_directive.handle)))
+//                goto error
+//            if (!yaml_check_utf8(tag_directive.prefix,
+//                        strlen((char *)tag_directive.prefix)))
+//                goto error
+//            value.handle = yaml_strdup(tag_directive.handle)
+//            value.prefix = yaml_strdup(tag_directive.prefix)
+//            if (!value.handle || !value.prefix) goto error
+//            if (!PUSH(&context, tag_directives_copy, value))
+//                goto error
+//            value.handle = NULL
+//            value.prefix = NULL
+//        }
+//    }
+//
+//    DOCUMENT_INIT(*document, nodes.start, nodes.end, version_directive_copy,
+//            tag_directives_copy.start, tag_directives_copy.top,
+//            start_implicit, end_implicit, mark, mark)
+//
+//    return 1
+//
+//error:
+//    STACK_DEL(&context, nodes)
+//    yaml_free(version_directive_copy)
+//    while (!STACK_EMPTY(&context, tag_directives_copy)) {
+//        value yaml_tag_directive_t = POP(&context, tag_directives_copy)
+//        yaml_free(value.handle)
+//        yaml_free(value.prefix)
+//    }
+//    STACK_DEL(&context, tag_directives_copy)
+//    yaml_free(value.handle)
+//    yaml_free(value.prefix)
+//
+//    return 0
+//}
+//
+///*
+// * Destroy a document object.
+// */
+//
+//YAML_DECLARE(void)
+//yaml_document_delete(document *yaml_document_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    tag_directive *yaml_tag_directive_t
+//
+//    context.error = YAML_NO_ERROR // Eliminate a compiler warning.
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    while (!STACK_EMPTY(&context, document.nodes)) {
+//        node yaml_node_t = POP(&context, document.nodes)
+//        yaml_free(node.tag)
+//        switch (node.type) {
+//            case YAML_SCALAR_NODE:
+//                yaml_free(node.data.scalar.value)
+//                break
+//            case YAML_SEQUENCE_NODE:
+//                STACK_DEL(&context, node.data.sequence.items)
+//                break
+//            case YAML_MAPPING_NODE:
+//                STACK_DEL(&context, node.data.mapping.pairs)
+//                break
+//            default:
+//                assert(0) // Should not happen.
+//        }
+//    }
+//    STACK_DEL(&context, document.nodes)
+//
+//    yaml_free(document.version_directive)
+//    for (tag_directive = document.tag_directives.start
+//            tag_directive != document.tag_directives.end
+//            tag_directive++) {
+//        yaml_free(tag_directive.handle)
+//        yaml_free(tag_directive.prefix)
+//    }
+//    yaml_free(document.tag_directives.start)
+//
+//    memset(document, 0, sizeof(yaml_document_t))
+//}
+//
+///**
+// * Get a document node.
+// */
+//
+//YAML_DECLARE(yaml_node_t *)
+//yaml_document_get_node(document *yaml_document_t, index int)
+//{
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (index > 0 && document.nodes.start + index <= document.nodes.top) {
+//        return document.nodes.start + index - 1
+//    }
+//    return NULL
+//}
+//
+///**
+// * Get the root object.
+// */
+//
+//YAML_DECLARE(yaml_node_t *)
+//yaml_document_get_root_node(document *yaml_document_t)
+//{
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (document.nodes.top != document.nodes.start) {
+//        return document.nodes.start
+//    }
+//    return NULL
+//}
+//
+///*
+// * Add a scalar node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_scalar(document *yaml_document_t,
+//        tag *yaml_char_t, value *yaml_char_t, length int,
+//        style yaml_scalar_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    value_copy *yaml_char_t = NULL
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//    assert(value) // Non-NULL value is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_SCALAR_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (length < 0) {
+//        length = strlen((char *)value)
+//    }
+//
+//    if (!yaml_check_utf8(value, length)) goto error
+//    value_copy = yaml_malloc(length+1)
+//    if (!value_copy) goto error
+//    memcpy(value_copy, value, length)
+//    value_copy[length] = '\0'
+//
+//    SCALAR_NODE_INIT(node, tag_copy, value_copy, length, style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    yaml_free(tag_copy)
+//    yaml_free(value_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Add a sequence node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_sequence(document *yaml_document_t,
+//        tag *yaml_char_t, style yaml_sequence_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    struct {
+//        start *yaml_node_item_t
+//        end *yaml_node_item_t
+//        top *yaml_node_item_t
+//    } items = { NULL, NULL, NULL }
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_SEQUENCE_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (!STACK_INIT(&context, items, INITIAL_STACK_SIZE)) goto error
+//
+//    SEQUENCE_NODE_INIT(node, tag_copy, items.start, items.end,
+//            style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    STACK_DEL(&context, items)
+//    yaml_free(tag_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Add a mapping node to a document.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_add_mapping(document *yaml_document_t,
+//        tag *yaml_char_t, style yaml_mapping_style_t)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//    mark yaml_mark_t = { 0, 0, 0 }
+//    tag_copy *yaml_char_t = NULL
+//    struct {
+//        start *yaml_node_pair_t
+//        end *yaml_node_pair_t
+//        top *yaml_node_pair_t
+//    } pairs = { NULL, NULL, NULL }
+//    node yaml_node_t
+//
+//    assert(document) // Non-NULL document object is expected.
+//
+//    if (!tag) {
+//        tag = (yaml_char_t *)YAML_DEFAULT_MAPPING_TAG
+//    }
+//
+//    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error
+//    tag_copy = yaml_strdup(tag)
+//    if (!tag_copy) goto error
+//
+//    if (!STACK_INIT(&context, pairs, INITIAL_STACK_SIZE)) goto error
+//
+//    MAPPING_NODE_INIT(node, tag_copy, pairs.start, pairs.end,
+//            style, mark, mark)
+//    if (!PUSH(&context, document.nodes, node)) goto error
+//
+//    return document.nodes.top - document.nodes.start
+//
+//error:
+//    STACK_DEL(&context, pairs)
+//    yaml_free(tag_copy)
+//
+//    return 0
+//}
+//
+///*
+// * Append an item to a sequence node.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_append_sequence_item(document *yaml_document_t,
+//        sequence int, item int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//
+//    assert(document) // Non-NULL document is required.
+//    assert(sequence > 0
+//            && document.nodes.start + sequence <= document.nodes.top)
+//                            // Valid sequence id is required.
+//    assert(document.nodes.start[sequence-1].type == YAML_SEQUENCE_NODE)
+//                            // A sequence node is required.
+//    assert(item > 0 && document.nodes.start + item <= document.nodes.top)
+//                            // Valid item id is required.
+//
+//    if (!PUSH(&context,
+//                document.nodes.start[sequence-1].data.sequence.items, item))
+//        return 0
+//
+//    return 1
+//}
+//
+///*
+// * Append a pair of a key and a value to a mapping node.
+// */
+//
+//YAML_DECLARE(int)
+//yaml_document_append_mapping_pair(document *yaml_document_t,
+//        mapping int, key int, value int)
+//{
+//    struct {
+//        error yaml_error_type_t
+//    } context
+//
+//    pair yaml_node_pair_t
+//
+//    assert(document) // Non-NULL document is required.
+//    assert(mapping > 0
+//            && document.nodes.start + mapping <= document.nodes.top)
+//                            // Valid mapping id is required.
+//    assert(document.nodes.start[mapping-1].type == YAML_MAPPING_NODE)
+//                            // A mapping node is required.
+//    assert(key > 0 && document.nodes.start + key <= document.nodes.top)
+//                            // Valid key id is required.
+//    assert(value > 0 && document.nodes.start + value <= document.nodes.top)
+//                            // Valid value id is required.
+//
+//    pair.key = key
+//    pair.value = value
+//
+//    if (!PUSH(&context,
+//                document.nodes.start[mapping-1].data.mapping.pairs, pair))
+//        return 0
+//
+//    return 1
+//}
+//
+//
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
new file mode 100644
index 000000000..129bc2a97
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/decode.go
@@ -0,0 +1,815 @@
+package yaml
+
+import (
+	"encoding"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"math"
+	"reflect"
+	"strconv"
+	"time"
+)
+
+const (
+	documentNode = 1 << iota
+	mappingNode
+	sequenceNode
+	scalarNode
+	aliasNode
+)
+
+type node struct {
+	kind         int
+	line, column int
+	tag          string
+	// For an alias node, alias holds the resolved alias.
+	alias    *node
+	value    string
+	implicit bool
+	children []*node
+	anchors  map[string]*node
+}
+
+// ----------------------------------------------------------------------------
+// Parser, produces a node tree out of a libyaml event stream.
+
+type parser struct {
+	parser   yaml_parser_t
+	event    yaml_event_t
+	doc      *node
+	doneInit bool
+}
+
+func newParser(b []byte) *parser {
+	p := parser{}
+	if !yaml_parser_initialize(&p.parser) {
+		panic("failed to initialize YAML emitter")
+	}
+	if len(b) == 0 {
+		b = []byte{'\n'}
+	}
+	yaml_parser_set_input_string(&p.parser, b)
+	return &p
+}
+
+func newParserFromReader(r io.Reader) *parser {
+	p := parser{}
+	if !yaml_parser_initialize(&p.parser) {
+		panic("failed to initialize YAML emitter")
+	}
+	yaml_parser_set_input_reader(&p.parser, r)
+	return &p
+}
+
+func (p *parser) init() {
+	if p.doneInit {
+		return
+	}
+	p.expect(yaml_STREAM_START_EVENT)
+	p.doneInit = true
+}
+
+func (p *parser) destroy() {
+	if p.event.typ != yaml_NO_EVENT {
+		yaml_event_delete(&p.event)
+	}
+	yaml_parser_delete(&p.parser)
+}
+
+// expect consumes an event from the event stream and
+// checks that it's of the expected type.
+func (p *parser) expect(e yaml_event_type_t) {
+	if p.event.typ == yaml_NO_EVENT {
+		if !yaml_parser_parse(&p.parser, &p.event) {
+			p.fail()
+		}
+	}
+	if p.event.typ == yaml_STREAM_END_EVENT {
+		failf("attempted to go past the end of stream; corrupted value?")
+	}
+	if p.event.typ != e {
+		p.parser.problem = fmt.Sprintf("expected %s event but got %s", e, p.event.typ)
+		p.fail()
+	}
+	yaml_event_delete(&p.event)
+	p.event.typ = yaml_NO_EVENT
+}
+
+// peek peeks at the next event in the event stream,
+// puts the results into p.event and returns the event type.
+func (p *parser) peek() yaml_event_type_t {
+	if p.event.typ != yaml_NO_EVENT {
+		return p.event.typ
+	}
+	if !yaml_parser_parse(&p.parser, &p.event) {
+		p.fail()
+	}
+	return p.event.typ
+}
+
+func (p *parser) fail() {
+	var where string
+	var line int
+	if p.parser.problem_mark.line != 0 {
+		line = p.parser.problem_mark.line
+		// Scanner errors don't iterate line before returning error
+		if p.parser.error == yaml_SCANNER_ERROR {
+			line++
+		}
+	} else if p.parser.context_mark.line != 0 {
+		line = p.parser.context_mark.line
+	}
+	if line != 0 {
+		where = "line " + strconv.Itoa(line) + ": "
+	}
+	var msg string
+	if len(p.parser.problem) > 0 {
+		msg = p.parser.problem
+	} else {
+		msg = "unknown problem parsing YAML content"
+	}
+	failf("%s%s", where, msg)
+}
+
+func (p *parser) anchor(n *node, anchor []byte) {
+	if anchor != nil {
+		p.doc.anchors[string(anchor)] = n
+	}
+}
+
+func (p *parser) parse() *node {
+	p.init()
+	switch p.peek() {
+	case yaml_SCALAR_EVENT:
+		return p.scalar()
+	case yaml_ALIAS_EVENT:
+		return p.alias()
+	case yaml_MAPPING_START_EVENT:
+		return p.mapping()
+	case yaml_SEQUENCE_START_EVENT:
+		return p.sequence()
+	case yaml_DOCUMENT_START_EVENT:
+		return p.document()
+	case yaml_STREAM_END_EVENT:
+		// Happens when attempting to decode an empty buffer.
+		return nil
+	default:
+		panic("attempted to parse unknown event: " + p.event.typ.String())
+	}
+}
+
+func (p *parser) node(kind int) *node {
+	return &node{
+		kind:   kind,
+		line:   p.event.start_mark.line,
+		column: p.event.start_mark.column,
+	}
+}
+
+func (p *parser) document() *node {
+	n := p.node(documentNode)
+	n.anchors = make(map[string]*node)
+	p.doc = n
+	p.expect(yaml_DOCUMENT_START_EVENT)
+	n.children = append(n.children, p.parse())
+	p.expect(yaml_DOCUMENT_END_EVENT)
+	return n
+}
+
+func (p *parser) alias() *node {
+	n := p.node(aliasNode)
+	n.value = string(p.event.anchor)
+	n.alias = p.doc.anchors[n.value]
+	if n.alias == nil {
+		failf("unknown anchor '%s' referenced", n.value)
+	}
+	p.expect(yaml_ALIAS_EVENT)
+	return n
+}
+
+func (p *parser) scalar() *node {
+	n := p.node(scalarNode)
+	n.value = string(p.event.value)
+	n.tag = string(p.event.tag)
+	n.implicit = p.event.implicit
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_SCALAR_EVENT)
+	return n
+}
+
+func (p *parser) sequence() *node {
+	n := p.node(sequenceNode)
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_SEQUENCE_START_EVENT)
+	for p.peek() != yaml_SEQUENCE_END_EVENT {
+		n.children = append(n.children, p.parse())
+	}
+	p.expect(yaml_SEQUENCE_END_EVENT)
+	return n
+}
+
+func (p *parser) mapping() *node {
+	n := p.node(mappingNode)
+	p.anchor(n, p.event.anchor)
+	p.expect(yaml_MAPPING_START_EVENT)
+	for p.peek() != yaml_MAPPING_END_EVENT {
+		n.children = append(n.children, p.parse(), p.parse())
+	}
+	p.expect(yaml_MAPPING_END_EVENT)
+	return n
+}
+
+// ----------------------------------------------------------------------------
+// Decoder, unmarshals a node into a provided value.
+
+type decoder struct {
+	doc     *node
+	aliases map[*node]bool
+	mapType reflect.Type
+	terrors []string
+	strict  bool
+
+	decodeCount int
+	aliasCount  int
+	aliasDepth  int
+}
+
+var (
+	mapItemType    = reflect.TypeOf(MapItem{})
+	durationType   = reflect.TypeOf(time.Duration(0))
+	defaultMapType = reflect.TypeOf(map[interface{}]interface{}{})
+	ifaceType      = defaultMapType.Elem()
+	timeType       = reflect.TypeOf(time.Time{})
+	ptrTimeType    = reflect.TypeOf(&time.Time{})
+)
+
+func newDecoder(strict bool) *decoder {
+	d := &decoder{mapType: defaultMapType, strict: strict}
+	d.aliases = make(map[*node]bool)
+	return d
+}
+
+func (d *decoder) terror(n *node, tag string, out reflect.Value) {
+	if n.tag != "" {
+		tag = n.tag
+	}
+	value := n.value
+	if tag != yaml_SEQ_TAG && tag != yaml_MAP_TAG {
+		if len(value) > 10 {
+			value = " `" + value[:7] + "...`"
+		} else {
+			value = " `" + value + "`"
+		}
+	}
+	d.terrors = append(d.terrors, fmt.Sprintf("line %d: cannot unmarshal %s%s into %s", n.line+1, shortTag(tag), value, out.Type()))
+}
+
+func (d *decoder) callUnmarshaler(n *node, u Unmarshaler) (good bool) {
+	terrlen := len(d.terrors)
+	err := u.UnmarshalYAML(func(v interface{}) (err error) {
+		defer handleErr(&err)
+		d.unmarshal(n, reflect.ValueOf(v))
+		if len(d.terrors) > terrlen {
+			issues := d.terrors[terrlen:]
+			d.terrors = d.terrors[:terrlen]
+			return &TypeError{issues}
+		}
+		return nil
+	})
+	if e, ok := err.(*TypeError); ok {
+		d.terrors = append(d.terrors, e.Errors...)
+		return false
+	}
+	if err != nil {
+		fail(err)
+	}
+	return true
+}
+
+// d.prepare initializes and dereferences pointers and calls UnmarshalYAML
+// if a value is found to implement it.
+// It returns the initialized and dereferenced out value, whether
+// unmarshalling was already done by UnmarshalYAML, and if so whether
+// its types unmarshalled appropriately.
+//
+// If n holds a null value, prepare returns before doing anything.
+func (d *decoder) prepare(n *node, out reflect.Value) (newout reflect.Value, unmarshaled, good bool) {
+	if n.tag == yaml_NULL_TAG || n.kind == scalarNode && n.tag == "" && (n.value == "null" || n.value == "~" || n.value == "" && n.implicit) {
+		return out, false, false
+	}
+	again := true
+	for again {
+		again = false
+		if out.Kind() == reflect.Ptr {
+			if out.IsNil() {
+				out.Set(reflect.New(out.Type().Elem()))
+			}
+			out = out.Elem()
+			again = true
+		}
+		if out.CanAddr() {
+			if u, ok := out.Addr().Interface().(Unmarshaler); ok {
+				good = d.callUnmarshaler(n, u)
+				return out, true, good
+			}
+		}
+	}
+	return out, false, false
+}
+
+const (
+	// 400,000 decode operations is ~500kb of dense object declarations, or
+	// ~5kb of dense object declarations with 10000% alias expansion
+	alias_ratio_range_low = 400000
+
+	// 4,000,000 decode operations is ~5MB of dense object declarations, or
+	// ~4.5MB of dense object declarations with 10% alias expansion
+	alias_ratio_range_high = 4000000
+
+	// alias_ratio_range is the range over which we scale allowed alias ratios
+	alias_ratio_range = float64(alias_ratio_range_high - alias_ratio_range_low)
+)
+
+func allowedAliasRatio(decodeCount int) float64 {
+	switch {
+	case decodeCount <= alias_ratio_range_low:
+		// allow 99% to come from alias expansion for small-to-medium documents
+		return 0.99
+	case decodeCount >= alias_ratio_range_high:
+		// allow 10% to come from alias expansion for very large documents
+		return 0.10
+	default:
+		// scale smoothly from 99% down to 10% over the range.
+		// this maps to 396,000 - 400,000 allowed alias-driven decodes over the range.
+		// 400,000 decode operations is ~100MB of allocations in worst-case scenarios (single-item maps).
+		return 0.99 - 0.89*(float64(decodeCount-alias_ratio_range_low)/alias_ratio_range)
+	}
+}
+
+func (d *decoder) unmarshal(n *node, out reflect.Value) (good bool) {
+	d.decodeCount++
+	if d.aliasDepth > 0 {
+		d.aliasCount++
+	}
+	if d.aliasCount > 100 && d.decodeCount > 1000 && float64(d.aliasCount)/float64(d.decodeCount) > allowedAliasRatio(d.decodeCount) {
+		failf("document contains excessive aliasing")
+	}
+	switch n.kind {
+	case documentNode:
+		return d.document(n, out)
+	case aliasNode:
+		return d.alias(n, out)
+	}
+	out, unmarshaled, good := d.prepare(n, out)
+	if unmarshaled {
+		return good
+	}
+	switch n.kind {
+	case scalarNode:
+		good = d.scalar(n, out)
+	case mappingNode:
+		good = d.mapping(n, out)
+	case sequenceNode:
+		good = d.sequence(n, out)
+	default:
+		panic("internal error: unknown node kind: " + strconv.Itoa(n.kind))
+	}
+	return good
+}
+
+func (d *decoder) document(n *node, out reflect.Value) (good bool) {
+	if len(n.children) == 1 {
+		d.doc = n
+		d.unmarshal(n.children[0], out)
+		return true
+	}
+	return false
+}
+
+func (d *decoder) alias(n *node, out reflect.Value) (good bool) {
+	if d.aliases[n] {
+		// TODO this could actually be allowed in some circumstances.
+		failf("anchor '%s' value contains itself", n.value)
+	}
+	d.aliases[n] = true
+	d.aliasDepth++
+	good = d.unmarshal(n.alias, out)
+	d.aliasDepth--
+	delete(d.aliases, n)
+	return good
+}
+
+var zeroValue reflect.Value
+
+func resetMap(out reflect.Value) {
+	for _, k := range out.MapKeys() {
+		out.SetMapIndex(k, zeroValue)
+	}
+}
+
+func (d *decoder) scalar(n *node, out reflect.Value) bool {
+	var tag string
+	var resolved interface{}
+	if n.tag == "" && !n.implicit {
+		tag = yaml_STR_TAG
+		resolved = n.value
+	} else {
+		tag, resolved = resolve(n.tag, n.value)
+		if tag == yaml_BINARY_TAG {
+			data, err := base64.StdEncoding.DecodeString(resolved.(string))
+			if err != nil {
+				failf("!!binary value contains invalid base64 data")
+			}
+			resolved = string(data)
+		}
+	}
+	if resolved == nil {
+		if out.Kind() == reflect.Map && !out.CanAddr() {
+			resetMap(out)
+		} else {
+			out.Set(reflect.Zero(out.Type()))
+		}
+		return true
+	}
+	if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() {
+		// We've resolved to exactly the type we want, so use that.
+		out.Set(resolvedv)
+		return true
+	}
+	// Perhaps we can use the value as a TextUnmarshaler to
+	// set its value.
+	if out.CanAddr() {
+		u, ok := out.Addr().Interface().(encoding.TextUnmarshaler)
+		if ok {
+			var text []byte
+			if tag == yaml_BINARY_TAG {
+				text = []byte(resolved.(string))
+			} else {
+				// We let any value be unmarshaled into TextUnmarshaler.
+				// That might be more lax than we'd like, but the
+				// TextUnmarshaler itself should bowl out any dubious values.
+				text = []byte(n.value)
+			}
+			err := u.UnmarshalText(text)
+			if err != nil {
+				fail(err)
+			}
+			return true
+		}
+	}
+	switch out.Kind() {
+	case reflect.String:
+		if tag == yaml_BINARY_TAG {
+			out.SetString(resolved.(string))
+			return true
+		}
+		if resolved != nil {
+			out.SetString(n.value)
+			return true
+		}
+	case reflect.Interface:
+		if resolved == nil {
+			out.Set(reflect.Zero(out.Type()))
+		} else if tag == yaml_TIMESTAMP_TAG {
+			// It looks like a timestamp but for backward compatibility
+			// reasons we set it as a string, so that code that unmarshals
+			// timestamp-like values into interface{} will continue to
+			// see a string and not a time.Time.
+			// TODO(v3) Drop this.
+			out.Set(reflect.ValueOf(n.value))
+		} else {
+			out.Set(reflect.ValueOf(resolved))
+		}
+		return true
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		switch resolved := resolved.(type) {
+		case int:
+			if !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case int64:
+			if !out.OverflowInt(resolved) {
+				out.SetInt(resolved)
+				return true
+			}
+		case uint64:
+			if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case float64:
+			if resolved <= math.MaxInt64 && !out.OverflowInt(int64(resolved)) {
+				out.SetInt(int64(resolved))
+				return true
+			}
+		case string:
+			if out.Type() == durationType {
+				d, err := time.ParseDuration(resolved)
+				if err == nil {
+					out.SetInt(int64(d))
+					return true
+				}
+			}
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		switch resolved := resolved.(type) {
+		case int:
+			if resolved >= 0 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case int64:
+			if resolved >= 0 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case uint64:
+			if !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		case float64:
+			if resolved <= math.MaxUint64 && !out.OverflowUint(uint64(resolved)) {
+				out.SetUint(uint64(resolved))
+				return true
+			}
+		}
+	case reflect.Bool:
+		switch resolved := resolved.(type) {
+		case bool:
+			out.SetBool(resolved)
+			return true
+		}
+	case reflect.Float32, reflect.Float64:
+		switch resolved := resolved.(type) {
+		case int:
+			out.SetFloat(float64(resolved))
+			return true
+		case int64:
+			out.SetFloat(float64(resolved))
+			return true
+		case uint64:
+			out.SetFloat(float64(resolved))
+			return true
+		case float64:
+			out.SetFloat(resolved)
+			return true
+		}
+	case reflect.Struct:
+		if resolvedv := reflect.ValueOf(resolved); out.Type() == resolvedv.Type() {
+			out.Set(resolvedv)
+			return true
+		}
+	case reflect.Ptr:
+		if out.Type().Elem() == reflect.TypeOf(resolved) {
+			// TODO DOes this make sense? When is out a Ptr except when decoding a nil value?
+			elem := reflect.New(out.Type().Elem())
+			elem.Elem().Set(reflect.ValueOf(resolved))
+			out.Set(elem)
+			return true
+		}
+	}
+	d.terror(n, tag, out)
+	return false
+}
+
+func settableValueOf(i interface{}) reflect.Value {
+	v := reflect.ValueOf(i)
+	sv := reflect.New(v.Type()).Elem()
+	sv.Set(v)
+	return sv
+}
+
+func (d *decoder) sequence(n *node, out reflect.Value) (good bool) {
+	l := len(n.children)
+
+	var iface reflect.Value
+	switch out.Kind() {
+	case reflect.Slice:
+		out.Set(reflect.MakeSlice(out.Type(), l, l))
+	case reflect.Array:
+		if l != out.Len() {
+			failf("invalid array: want %d elements but got %d", out.Len(), l)
+		}
+	case reflect.Interface:
+		// No type hints. Will have to use a generic sequence.
+		iface = out
+		out = settableValueOf(make([]interface{}, l))
+	default:
+		d.terror(n, yaml_SEQ_TAG, out)
+		return false
+	}
+	et := out.Type().Elem()
+
+	j := 0
+	for i := 0; i < l; i++ {
+		e := reflect.New(et).Elem()
+		if ok := d.unmarshal(n.children[i], e); ok {
+			out.Index(j).Set(e)
+			j++
+		}
+	}
+	if out.Kind() != reflect.Array {
+		out.Set(out.Slice(0, j))
+	}
+	if iface.IsValid() {
+		iface.Set(out)
+	}
+	return true
+}
+
+func (d *decoder) mapping(n *node, out reflect.Value) (good bool) {
+	switch out.Kind() {
+	case reflect.Struct:
+		return d.mappingStruct(n, out)
+	case reflect.Slice:
+		return d.mappingSlice(n, out)
+	case reflect.Map:
+		// okay
+	case reflect.Interface:
+		if d.mapType.Kind() == reflect.Map {
+			iface := out
+			out = reflect.MakeMap(d.mapType)
+			iface.Set(out)
+		} else {
+			slicev := reflect.New(d.mapType).Elem()
+			if !d.mappingSlice(n, slicev) {
+				return false
+			}
+			out.Set(slicev)
+			return true
+		}
+	default:
+		d.terror(n, yaml_MAP_TAG, out)
+		return false
+	}
+	outt := out.Type()
+	kt := outt.Key()
+	et := outt.Elem()
+
+	mapType := d.mapType
+	if outt.Key() == ifaceType && outt.Elem() == ifaceType {
+		d.mapType = outt
+	}
+
+	if out.IsNil() {
+		out.Set(reflect.MakeMap(outt))
+	}
+	l := len(n.children)
+	for i := 0; i < l; i += 2 {
+		if isMerge(n.children[i]) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		k := reflect.New(kt).Elem()
+		if d.unmarshal(n.children[i], k) {
+			kkind := k.Kind()
+			if kkind == reflect.Interface {
+				kkind = k.Elem().Kind()
+			}
+			if kkind == reflect.Map || kkind == reflect.Slice {
+				failf("invalid map key: %#v", k.Interface())
+			}
+			e := reflect.New(et).Elem()
+			if d.unmarshal(n.children[i+1], e) {
+				d.setMapIndex(n.children[i+1], out, k, e)
+			}
+		}
+	}
+	d.mapType = mapType
+	return true
+}
+
+func (d *decoder) setMapIndex(n *node, out, k, v reflect.Value) {
+	if d.strict && out.MapIndex(k) != zeroValue {
+		d.terrors = append(d.terrors, fmt.Sprintf("line %d: key %#v already set in map", n.line+1, k.Interface()))
+		return
+	}
+	out.SetMapIndex(k, v)
+}
+
+func (d *decoder) mappingSlice(n *node, out reflect.Value) (good bool) {
+	outt := out.Type()
+	if outt.Elem() != mapItemType {
+		d.terror(n, yaml_MAP_TAG, out)
+		return false
+	}
+
+	mapType := d.mapType
+	d.mapType = outt
+
+	var slice []MapItem
+	var l = len(n.children)
+	for i := 0; i < l; i += 2 {
+		if isMerge(n.children[i]) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		item := MapItem{}
+		k := reflect.ValueOf(&item.Key).Elem()
+		if d.unmarshal(n.children[i], k) {
+			v := reflect.ValueOf(&item.Value).Elem()
+			if d.unmarshal(n.children[i+1], v) {
+				slice = append(slice, item)
+			}
+		}
+	}
+	out.Set(reflect.ValueOf(slice))
+	d.mapType = mapType
+	return true
+}
+
+func (d *decoder) mappingStruct(n *node, out reflect.Value) (good bool) {
+	sinfo, err := getStructInfo(out.Type())
+	if err != nil {
+		panic(err)
+	}
+	name := settableValueOf("")
+	l := len(n.children)
+
+	var inlineMap reflect.Value
+	var elemType reflect.Type
+	if sinfo.InlineMap != -1 {
+		inlineMap = out.Field(sinfo.InlineMap)
+		inlineMap.Set(reflect.New(inlineMap.Type()).Elem())
+		elemType = inlineMap.Type().Elem()
+	}
+
+	var doneFields []bool
+	if d.strict {
+		doneFields = make([]bool, len(sinfo.FieldsList))
+	}
+	for i := 0; i < l; i += 2 {
+		ni := n.children[i]
+		if isMerge(ni) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		if !d.unmarshal(ni, name) {
+			continue
+		}
+		if info, ok := sinfo.FieldsMap[name.String()]; ok {
+			if d.strict {
+				if doneFields[info.Id] {
+					d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s already set in type %s", ni.line+1, name.String(), out.Type()))
+					continue
+				}
+				doneFields[info.Id] = true
+			}
+			var field reflect.Value
+			if info.Inline == nil {
+				field = out.Field(info.Num)
+			} else {
+				field = out.FieldByIndex(info.Inline)
+			}
+			d.unmarshal(n.children[i+1], field)
+		} else if sinfo.InlineMap != -1 {
+			if inlineMap.IsNil() {
+				inlineMap.Set(reflect.MakeMap(inlineMap.Type()))
+			}
+			value := reflect.New(elemType).Elem()
+			d.unmarshal(n.children[i+1], value)
+			d.setMapIndex(n.children[i+1], inlineMap, name, value)
+		} else if d.strict {
+			d.terrors = append(d.terrors, fmt.Sprintf("line %d: field %s not found in type %s", ni.line+1, name.String(), out.Type()))
+		}
+	}
+	return true
+}
+
+func failWantMap() {
+	failf("map merge requires map or sequence of maps as the value")
+}
+
+func (d *decoder) merge(n *node, out reflect.Value) {
+	switch n.kind {
+	case mappingNode:
+		d.unmarshal(n, out)
+	case aliasNode:
+		if n.alias != nil && n.alias.kind != mappingNode {
+			failWantMap()
+		}
+		d.unmarshal(n, out)
+	case sequenceNode:
+		// Step backwards as earlier nodes take precedence.
+		for i := len(n.children) - 1; i >= 0; i-- {
+			ni := n.children[i]
+			if ni.kind == aliasNode {
+				if ni.alias != nil && ni.alias.kind != mappingNode {
+					failWantMap()
+				}
+			} else if ni.kind != mappingNode {
+				failWantMap()
+			}
+			d.unmarshal(ni, out)
+		}
+	default:
+		failWantMap()
+	}
+}
+
+func isMerge(n *node) bool {
+	return n.kind == scalarNode && n.value == "<<" && (n.implicit == true || n.tag == yaml_MERGE_TAG)
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
new file mode 100644
index 000000000..a1c2cc526
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/emitterc.go
@@ -0,0 +1,1685 @@
+package yaml
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// Flush the buffer if needed.
+func flush(emitter *yaml_emitter_t) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) {
+		return yaml_emitter_flush(emitter)
+	}
+	return true
+}
+
+// Put a character to the output buffer.
+func put(emitter *yaml_emitter_t, value byte) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	emitter.buffer[emitter.buffer_pos] = value
+	emitter.buffer_pos++
+	emitter.column++
+	return true
+}
+
+// Put a line break to the output buffer.
+func put_break(emitter *yaml_emitter_t) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	switch emitter.line_break {
+	case yaml_CR_BREAK:
+		emitter.buffer[emitter.buffer_pos] = '\r'
+		emitter.buffer_pos += 1
+	case yaml_LN_BREAK:
+		emitter.buffer[emitter.buffer_pos] = '\n'
+		emitter.buffer_pos += 1
+	case yaml_CRLN_BREAK:
+		emitter.buffer[emitter.buffer_pos+0] = '\r'
+		emitter.buffer[emitter.buffer_pos+1] = '\n'
+		emitter.buffer_pos += 2
+	default:
+		panic("unknown line break setting")
+	}
+	emitter.column = 0
+	emitter.line++
+	return true
+}
+
+// Copy a character from a string into buffer.
+func write(emitter *yaml_emitter_t, s []byte, i *int) bool {
+	if emitter.buffer_pos+5 >= len(emitter.buffer) && !yaml_emitter_flush(emitter) {
+		return false
+	}
+	p := emitter.buffer_pos
+	w := width(s[*i])
+	switch w {
+	case 4:
+		emitter.buffer[p+3] = s[*i+3]
+		fallthrough
+	case 3:
+		emitter.buffer[p+2] = s[*i+2]
+		fallthrough
+	case 2:
+		emitter.buffer[p+1] = s[*i+1]
+		fallthrough
+	case 1:
+		emitter.buffer[p+0] = s[*i+0]
+	default:
+		panic("unknown character width")
+	}
+	emitter.column++
+	emitter.buffer_pos += w
+	*i += w
+	return true
+}
+
+// Write a whole string into buffer.
+func write_all(emitter *yaml_emitter_t, s []byte) bool {
+	for i := 0; i < len(s); {
+		if !write(emitter, s, &i) {
+			return false
+		}
+	}
+	return true
+}
+
+// Copy a line break character from a string into buffer.
+func write_break(emitter *yaml_emitter_t, s []byte, i *int) bool {
+	if s[*i] == '\n' {
+		if !put_break(emitter) {
+			return false
+		}
+		*i++
+	} else {
+		if !write(emitter, s, i) {
+			return false
+		}
+		emitter.column = 0
+		emitter.line++
+	}
+	return true
+}
+
+// Set an emitter error and return false.
+func yaml_emitter_set_emitter_error(emitter *yaml_emitter_t, problem string) bool {
+	emitter.error = yaml_EMITTER_ERROR
+	emitter.problem = problem
+	return false
+}
+
+// Emit an event.
+func yaml_emitter_emit(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	emitter.events = append(emitter.events, *event)
+	for !yaml_emitter_need_more_events(emitter) {
+		event := &emitter.events[emitter.events_head]
+		if !yaml_emitter_analyze_event(emitter, event) {
+			return false
+		}
+		if !yaml_emitter_state_machine(emitter, event) {
+			return false
+		}
+		yaml_event_delete(event)
+		emitter.events_head++
+	}
+	return true
+}
+
+// Check if we need to accumulate more events before emitting.
+//
+// We accumulate extra
+//  - 1 event for DOCUMENT-START
+//  - 2 events for SEQUENCE-START
+//  - 3 events for MAPPING-START
+//
+func yaml_emitter_need_more_events(emitter *yaml_emitter_t) bool {
+	if emitter.events_head == len(emitter.events) {
+		return true
+	}
+	var accumulate int
+	switch emitter.events[emitter.events_head].typ {
+	case yaml_DOCUMENT_START_EVENT:
+		accumulate = 1
+		break
+	case yaml_SEQUENCE_START_EVENT:
+		accumulate = 2
+		break
+	case yaml_MAPPING_START_EVENT:
+		accumulate = 3
+		break
+	default:
+		return false
+	}
+	if len(emitter.events)-emitter.events_head > accumulate {
+		return false
+	}
+	var level int
+	for i := emitter.events_head; i < len(emitter.events); i++ {
+		switch emitter.events[i].typ {
+		case yaml_STREAM_START_EVENT, yaml_DOCUMENT_START_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT:
+			level++
+		case yaml_STREAM_END_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_END_EVENT, yaml_MAPPING_END_EVENT:
+			level--
+		}
+		if level == 0 {
+			return false
+		}
+	}
+	return true
+}
+
+// Append a directive to the directives stack.
+func yaml_emitter_append_tag_directive(emitter *yaml_emitter_t, value *yaml_tag_directive_t, allow_duplicates bool) bool {
+	for i := 0; i < len(emitter.tag_directives); i++ {
+		if bytes.Equal(value.handle, emitter.tag_directives[i].handle) {
+			if allow_duplicates {
+				return true
+			}
+			return yaml_emitter_set_emitter_error(emitter, "duplicate %TAG directive")
+		}
+	}
+
+	// [Go] Do we actually need to copy this given garbage collection
+	// and the lack of deallocating destructors?
+	tag_copy := yaml_tag_directive_t{
+		handle: make([]byte, len(value.handle)),
+		prefix: make([]byte, len(value.prefix)),
+	}
+	copy(tag_copy.handle, value.handle)
+	copy(tag_copy.prefix, value.prefix)
+	emitter.tag_directives = append(emitter.tag_directives, tag_copy)
+	return true
+}
+
+// Increase the indentation level.
+func yaml_emitter_increase_indent(emitter *yaml_emitter_t, flow, indentless bool) bool {
+	emitter.indents = append(emitter.indents, emitter.indent)
+	if emitter.indent < 0 {
+		if flow {
+			emitter.indent = emitter.best_indent
+		} else {
+			emitter.indent = 0
+		}
+	} else if !indentless {
+		emitter.indent += emitter.best_indent
+	}
+	return true
+}
+
+// State dispatcher.
+func yaml_emitter_state_machine(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	switch emitter.state {
+	default:
+	case yaml_EMIT_STREAM_START_STATE:
+		return yaml_emitter_emit_stream_start(emitter, event)
+
+	case yaml_EMIT_FIRST_DOCUMENT_START_STATE:
+		return yaml_emitter_emit_document_start(emitter, event, true)
+
+	case yaml_EMIT_DOCUMENT_START_STATE:
+		return yaml_emitter_emit_document_start(emitter, event, false)
+
+	case yaml_EMIT_DOCUMENT_CONTENT_STATE:
+		return yaml_emitter_emit_document_content(emitter, event)
+
+	case yaml_EMIT_DOCUMENT_END_STATE:
+		return yaml_emitter_emit_document_end(emitter, event)
+
+	case yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE:
+		return yaml_emitter_emit_flow_sequence_item(emitter, event, true)
+
+	case yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE:
+		return yaml_emitter_emit_flow_sequence_item(emitter, event, false)
+
+	case yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE:
+		return yaml_emitter_emit_flow_mapping_key(emitter, event, true)
+
+	case yaml_EMIT_FLOW_MAPPING_KEY_STATE:
+		return yaml_emitter_emit_flow_mapping_key(emitter, event, false)
+
+	case yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE:
+		return yaml_emitter_emit_flow_mapping_value(emitter, event, true)
+
+	case yaml_EMIT_FLOW_MAPPING_VALUE_STATE:
+		return yaml_emitter_emit_flow_mapping_value(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE:
+		return yaml_emitter_emit_block_sequence_item(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE:
+		return yaml_emitter_emit_block_sequence_item(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return yaml_emitter_emit_block_mapping_key(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_MAPPING_KEY_STATE:
+		return yaml_emitter_emit_block_mapping_key(emitter, event, false)
+
+	case yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE:
+		return yaml_emitter_emit_block_mapping_value(emitter, event, true)
+
+	case yaml_EMIT_BLOCK_MAPPING_VALUE_STATE:
+		return yaml_emitter_emit_block_mapping_value(emitter, event, false)
+
+	case yaml_EMIT_END_STATE:
+		return yaml_emitter_set_emitter_error(emitter, "expected nothing after STREAM-END")
+	}
+	panic("invalid emitter state")
+}
+
+// Expect STREAM-START.
+func yaml_emitter_emit_stream_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if event.typ != yaml_STREAM_START_EVENT {
+		return yaml_emitter_set_emitter_error(emitter, "expected STREAM-START")
+	}
+	if emitter.encoding == yaml_ANY_ENCODING {
+		emitter.encoding = event.encoding
+		if emitter.encoding == yaml_ANY_ENCODING {
+			emitter.encoding = yaml_UTF8_ENCODING
+		}
+	}
+	if emitter.best_indent < 2 || emitter.best_indent > 9 {
+		emitter.best_indent = 2
+	}
+	if emitter.best_width >= 0 && emitter.best_width <= emitter.best_indent*2 {
+		emitter.best_width = 80
+	}
+	if emitter.best_width < 0 {
+		emitter.best_width = 1<<31 - 1
+	}
+	if emitter.line_break == yaml_ANY_BREAK {
+		emitter.line_break = yaml_LN_BREAK
+	}
+
+	emitter.indent = -1
+	emitter.line = 0
+	emitter.column = 0
+	emitter.whitespace = true
+	emitter.indention = true
+
+	if emitter.encoding != yaml_UTF8_ENCODING {
+		if !yaml_emitter_write_bom(emitter) {
+			return false
+		}
+	}
+	emitter.state = yaml_EMIT_FIRST_DOCUMENT_START_STATE
+	return true
+}
+
+// Expect DOCUMENT-START or STREAM-END.
+func yaml_emitter_emit_document_start(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+
+	if event.typ == yaml_DOCUMENT_START_EVENT {
+
+		if event.version_directive != nil {
+			if !yaml_emitter_analyze_version_directive(emitter, event.version_directive) {
+				return false
+			}
+		}
+
+		for i := 0; i < len(event.tag_directives); i++ {
+			tag_directive := &event.tag_directives[i]
+			if !yaml_emitter_analyze_tag_directive(emitter, tag_directive) {
+				return false
+			}
+			if !yaml_emitter_append_tag_directive(emitter, tag_directive, false) {
+				return false
+			}
+		}
+
+		for i := 0; i < len(default_tag_directives); i++ {
+			tag_directive := &default_tag_directives[i]
+			if !yaml_emitter_append_tag_directive(emitter, tag_directive, true) {
+				return false
+			}
+		}
+
+		implicit := event.implicit
+		if !first || emitter.canonical {
+			implicit = false
+		}
+
+		if emitter.open_ended && (event.version_directive != nil || len(event.tag_directives) > 0) {
+			if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+
+		if event.version_directive != nil {
+			implicit = false
+			if !yaml_emitter_write_indicator(emitter, []byte("%YAML"), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indicator(emitter, []byte("1.1"), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+
+		if len(event.tag_directives) > 0 {
+			implicit = false
+			for i := 0; i < len(event.tag_directives); i++ {
+				tag_directive := &event.tag_directives[i]
+				if !yaml_emitter_write_indicator(emitter, []byte("%TAG"), true, false, false) {
+					return false
+				}
+				if !yaml_emitter_write_tag_handle(emitter, tag_directive.handle) {
+					return false
+				}
+				if !yaml_emitter_write_tag_content(emitter, tag_directive.prefix, true) {
+					return false
+				}
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+		}
+
+		if yaml_emitter_check_empty_document(emitter) {
+			implicit = false
+		}
+		if !implicit {
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+			if !yaml_emitter_write_indicator(emitter, []byte("---"), true, false, false) {
+				return false
+			}
+			if emitter.canonical {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+		}
+
+		emitter.state = yaml_EMIT_DOCUMENT_CONTENT_STATE
+		return true
+	}
+
+	if event.typ == yaml_STREAM_END_EVENT {
+		if emitter.open_ended {
+			if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_flush(emitter) {
+			return false
+		}
+		emitter.state = yaml_EMIT_END_STATE
+		return true
+	}
+
+	return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-START or STREAM-END")
+}
+
+// Expect the root node.
+func yaml_emitter_emit_document_content(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	emitter.states = append(emitter.states, yaml_EMIT_DOCUMENT_END_STATE)
+	return yaml_emitter_emit_node(emitter, event, true, false, false, false)
+}
+
+// Expect DOCUMENT-END.
+func yaml_emitter_emit_document_end(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if event.typ != yaml_DOCUMENT_END_EVENT {
+		return yaml_emitter_set_emitter_error(emitter, "expected DOCUMENT-END")
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if !event.implicit {
+		// [Go] Allocate the slice elsewhere.
+		if !yaml_emitter_write_indicator(emitter, []byte("..."), true, false, false) {
+			return false
+		}
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+	if !yaml_emitter_flush(emitter) {
+		return false
+	}
+	emitter.state = yaml_EMIT_DOCUMENT_START_STATE
+	emitter.tag_directives = emitter.tag_directives[:0]
+	return true
+}
+
+// Expect a flow item node.
+func yaml_emitter_emit_flow_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_write_indicator(emitter, []byte{'['}, true, true, false) {
+			return false
+		}
+		if !yaml_emitter_increase_indent(emitter, true, false) {
+			return false
+		}
+		emitter.flow_level++
+	}
+
+	if event.typ == yaml_SEQUENCE_END_EVENT {
+		emitter.flow_level--
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		if emitter.canonical && !first {
+			if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{']'}, false, false, false) {
+			return false
+		}
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+
+		return true
+	}
+
+	if !first {
+		if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+			return false
+		}
+	}
+
+	if emitter.canonical || emitter.column > emitter.best_width {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, true, false, false)
+}
+
+// Expect a flow key node.
+func yaml_emitter_emit_flow_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_write_indicator(emitter, []byte{'{'}, true, true, false) {
+			return false
+		}
+		if !yaml_emitter_increase_indent(emitter, true, false) {
+			return false
+		}
+		emitter.flow_level++
+	}
+
+	if event.typ == yaml_MAPPING_END_EVENT {
+		emitter.flow_level--
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		if emitter.canonical && !first {
+			if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+				return false
+			}
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{'}'}, false, false, false) {
+			return false
+		}
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+
+	if !first {
+		if !yaml_emitter_write_indicator(emitter, []byte{','}, false, false, false) {
+			return false
+		}
+	}
+	if emitter.canonical || emitter.column > emitter.best_width {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+	}
+
+	if !emitter.canonical && yaml_emitter_check_simple_key(emitter) {
+		emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE)
+		return yaml_emitter_emit_node(emitter, event, false, false, true, true)
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, false) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_VALUE_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a flow value node.
+func yaml_emitter_emit_flow_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool {
+	if simple {
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) {
+			return false
+		}
+	} else {
+		if emitter.canonical || emitter.column > emitter.best_width {
+			if !yaml_emitter_write_indent(emitter) {
+				return false
+			}
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, false) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_FLOW_MAPPING_KEY_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a block item node.
+func yaml_emitter_emit_block_sequence_item(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_increase_indent(emitter, false, emitter.mapping_context && !emitter.indention) {
+			return false
+		}
+	}
+	if event.typ == yaml_SEQUENCE_END_EVENT {
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'-'}, true, false, true) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, true, false, false)
+}
+
+// Expect a block key node.
+func yaml_emitter_emit_block_mapping_key(emitter *yaml_emitter_t, event *yaml_event_t, first bool) bool {
+	if first {
+		if !yaml_emitter_increase_indent(emitter, false, false) {
+			return false
+		}
+	}
+	if event.typ == yaml_MAPPING_END_EVENT {
+		emitter.indent = emitter.indents[len(emitter.indents)-1]
+		emitter.indents = emitter.indents[:len(emitter.indents)-1]
+		emitter.state = emitter.states[len(emitter.states)-1]
+		emitter.states = emitter.states[:len(emitter.states)-1]
+		return true
+	}
+	if !yaml_emitter_write_indent(emitter) {
+		return false
+	}
+	if yaml_emitter_check_simple_key(emitter) {
+		emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE)
+		return yaml_emitter_emit_node(emitter, event, false, false, true, true)
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'?'}, true, false, true) {
+		return false
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_VALUE_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a block value node.
+func yaml_emitter_emit_block_mapping_value(emitter *yaml_emitter_t, event *yaml_event_t, simple bool) bool {
+	if simple {
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, false, false, false) {
+			return false
+		}
+	} else {
+		if !yaml_emitter_write_indent(emitter) {
+			return false
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{':'}, true, false, true) {
+			return false
+		}
+	}
+	emitter.states = append(emitter.states, yaml_EMIT_BLOCK_MAPPING_KEY_STATE)
+	return yaml_emitter_emit_node(emitter, event, false, false, true, false)
+}
+
+// Expect a node.
+func yaml_emitter_emit_node(emitter *yaml_emitter_t, event *yaml_event_t,
+	root bool, sequence bool, mapping bool, simple_key bool) bool {
+
+	emitter.root_context = root
+	emitter.sequence_context = sequence
+	emitter.mapping_context = mapping
+	emitter.simple_key_context = simple_key
+
+	switch event.typ {
+	case yaml_ALIAS_EVENT:
+		return yaml_emitter_emit_alias(emitter, event)
+	case yaml_SCALAR_EVENT:
+		return yaml_emitter_emit_scalar(emitter, event)
+	case yaml_SEQUENCE_START_EVENT:
+		return yaml_emitter_emit_sequence_start(emitter, event)
+	case yaml_MAPPING_START_EVENT:
+		return yaml_emitter_emit_mapping_start(emitter, event)
+	default:
+		return yaml_emitter_set_emitter_error(emitter,
+			fmt.Sprintf("expected SCALAR, SEQUENCE-START, MAPPING-START, or ALIAS, but got %v", event.typ))
+	}
+}
+
+// Expect ALIAS.
+func yaml_emitter_emit_alias(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	emitter.state = emitter.states[len(emitter.states)-1]
+	emitter.states = emitter.states[:len(emitter.states)-1]
+	return true
+}
+
+// Expect SCALAR.
+func yaml_emitter_emit_scalar(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_select_scalar_style(emitter, event) {
+		return false
+	}
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if !yaml_emitter_increase_indent(emitter, true, false) {
+		return false
+	}
+	if !yaml_emitter_process_scalar(emitter) {
+		return false
+	}
+	emitter.indent = emitter.indents[len(emitter.indents)-1]
+	emitter.indents = emitter.indents[:len(emitter.indents)-1]
+	emitter.state = emitter.states[len(emitter.states)-1]
+	emitter.states = emitter.states[:len(emitter.states)-1]
+	return true
+}
+
+// Expect SEQUENCE-START.
+func yaml_emitter_emit_sequence_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if emitter.flow_level > 0 || emitter.canonical || event.sequence_style() == yaml_FLOW_SEQUENCE_STYLE ||
+		yaml_emitter_check_empty_sequence(emitter) {
+		emitter.state = yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE
+	} else {
+		emitter.state = yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE
+	}
+	return true
+}
+
+// Expect MAPPING-START.
+func yaml_emitter_emit_mapping_start(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+	if !yaml_emitter_process_anchor(emitter) {
+		return false
+	}
+	if !yaml_emitter_process_tag(emitter) {
+		return false
+	}
+	if emitter.flow_level > 0 || emitter.canonical || event.mapping_style() == yaml_FLOW_MAPPING_STYLE ||
+		yaml_emitter_check_empty_mapping(emitter) {
+		emitter.state = yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE
+	} else {
+		emitter.state = yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE
+	}
+	return true
+}
+
+// Check if the document content is an empty scalar.
+func yaml_emitter_check_empty_document(emitter *yaml_emitter_t) bool {
+	return false // [Go] Huh?
+}
+
+// Check if the next events represent an empty sequence.
+func yaml_emitter_check_empty_sequence(emitter *yaml_emitter_t) bool {
+	if len(emitter.events)-emitter.events_head < 2 {
+		return false
+	}
+	return emitter.events[emitter.events_head].typ == yaml_SEQUENCE_START_EVENT &&
+		emitter.events[emitter.events_head+1].typ == yaml_SEQUENCE_END_EVENT
+}
+
+// Check if the next events represent an empty mapping.
+func yaml_emitter_check_empty_mapping(emitter *yaml_emitter_t) bool {
+	if len(emitter.events)-emitter.events_head < 2 {
+		return false
+	}
+	return emitter.events[emitter.events_head].typ == yaml_MAPPING_START_EVENT &&
+		emitter.events[emitter.events_head+1].typ == yaml_MAPPING_END_EVENT
+}
+
+// Check if the next node can be expressed as a simple key.
+func yaml_emitter_check_simple_key(emitter *yaml_emitter_t) bool {
+	length := 0
+	switch emitter.events[emitter.events_head].typ {
+	case yaml_ALIAS_EVENT:
+		length += len(emitter.anchor_data.anchor)
+	case yaml_SCALAR_EVENT:
+		if emitter.scalar_data.multiline {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix) +
+			len(emitter.scalar_data.value)
+	case yaml_SEQUENCE_START_EVENT:
+		if !yaml_emitter_check_empty_sequence(emitter) {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix)
+	case yaml_MAPPING_START_EVENT:
+		if !yaml_emitter_check_empty_mapping(emitter) {
+			return false
+		}
+		length += len(emitter.anchor_data.anchor) +
+			len(emitter.tag_data.handle) +
+			len(emitter.tag_data.suffix)
+	default:
+		return false
+	}
+	return length <= 128
+}
+
+// Determine an acceptable scalar style.
+func yaml_emitter_select_scalar_style(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+
+	no_tag := len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0
+	if no_tag && !event.implicit && !event.quoted_implicit {
+		return yaml_emitter_set_emitter_error(emitter, "neither tag nor implicit flags are specified")
+	}
+
+	style := event.scalar_style()
+	if style == yaml_ANY_SCALAR_STYLE {
+		style = yaml_PLAIN_SCALAR_STYLE
+	}
+	if emitter.canonical {
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	if emitter.simple_key_context && emitter.scalar_data.multiline {
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+
+	if style == yaml_PLAIN_SCALAR_STYLE {
+		if emitter.flow_level > 0 && !emitter.scalar_data.flow_plain_allowed ||
+			emitter.flow_level == 0 && !emitter.scalar_data.block_plain_allowed {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+		if len(emitter.scalar_data.value) == 0 && (emitter.flow_level > 0 || emitter.simple_key_context) {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+		if no_tag && !event.implicit {
+			style = yaml_SINGLE_QUOTED_SCALAR_STYLE
+		}
+	}
+	if style == yaml_SINGLE_QUOTED_SCALAR_STYLE {
+		if !emitter.scalar_data.single_quoted_allowed {
+			style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+		}
+	}
+	if style == yaml_LITERAL_SCALAR_STYLE || style == yaml_FOLDED_SCALAR_STYLE {
+		if !emitter.scalar_data.block_allowed || emitter.flow_level > 0 || emitter.simple_key_context {
+			style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+		}
+	}
+
+	if no_tag && !event.quoted_implicit && style != yaml_PLAIN_SCALAR_STYLE {
+		emitter.tag_data.handle = []byte{'!'}
+	}
+	emitter.scalar_data.style = style
+	return true
+}
+
+// Write an anchor.
+func yaml_emitter_process_anchor(emitter *yaml_emitter_t) bool {
+	if emitter.anchor_data.anchor == nil {
+		return true
+	}
+	c := []byte{'&'}
+	if emitter.anchor_data.alias {
+		c[0] = '*'
+	}
+	if !yaml_emitter_write_indicator(emitter, c, true, false, false) {
+		return false
+	}
+	return yaml_emitter_write_anchor(emitter, emitter.anchor_data.anchor)
+}
+
+// Write a tag.
+func yaml_emitter_process_tag(emitter *yaml_emitter_t) bool {
+	if len(emitter.tag_data.handle) == 0 && len(emitter.tag_data.suffix) == 0 {
+		return true
+	}
+	if len(emitter.tag_data.handle) > 0 {
+		if !yaml_emitter_write_tag_handle(emitter, emitter.tag_data.handle) {
+			return false
+		}
+		if len(emitter.tag_data.suffix) > 0 {
+			if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) {
+				return false
+			}
+		}
+	} else {
+		// [Go] Allocate these slices elsewhere.
+		if !yaml_emitter_write_indicator(emitter, []byte("!<"), true, false, false) {
+			return false
+		}
+		if !yaml_emitter_write_tag_content(emitter, emitter.tag_data.suffix, false) {
+			return false
+		}
+		if !yaml_emitter_write_indicator(emitter, []byte{'>'}, false, false, false) {
+			return false
+		}
+	}
+	return true
+}
+
+// Write a scalar.
+func yaml_emitter_process_scalar(emitter *yaml_emitter_t) bool {
+	switch emitter.scalar_data.style {
+	case yaml_PLAIN_SCALAR_STYLE:
+		return yaml_emitter_write_plain_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_SINGLE_QUOTED_SCALAR_STYLE:
+		return yaml_emitter_write_single_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_DOUBLE_QUOTED_SCALAR_STYLE:
+		return yaml_emitter_write_double_quoted_scalar(emitter, emitter.scalar_data.value, !emitter.simple_key_context)
+
+	case yaml_LITERAL_SCALAR_STYLE:
+		return yaml_emitter_write_literal_scalar(emitter, emitter.scalar_data.value)
+
+	case yaml_FOLDED_SCALAR_STYLE:
+		return yaml_emitter_write_folded_scalar(emitter, emitter.scalar_data.value)
+	}
+	panic("unknown scalar style")
+}
+
+// Check if a %YAML directive is valid.
+func yaml_emitter_analyze_version_directive(emitter *yaml_emitter_t, version_directive *yaml_version_directive_t) bool {
+	if version_directive.major != 1 || version_directive.minor != 1 {
+		return yaml_emitter_set_emitter_error(emitter, "incompatible %YAML directive")
+	}
+	return true
+}
+
+// Check if a %TAG directive is valid.
+func yaml_emitter_analyze_tag_directive(emitter *yaml_emitter_t, tag_directive *yaml_tag_directive_t) bool {
+	handle := tag_directive.handle
+	prefix := tag_directive.prefix
+	if len(handle) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must not be empty")
+	}
+	if handle[0] != '!' {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must start with '!'")
+	}
+	if handle[len(handle)-1] != '!' {
+		return yaml_emitter_set_emitter_error(emitter, "tag handle must end with '!'")
+	}
+	for i := 1; i < len(handle)-1; i += width(handle[i]) {
+		if !is_alpha(handle, i) {
+			return yaml_emitter_set_emitter_error(emitter, "tag handle must contain alphanumerical characters only")
+		}
+	}
+	if len(prefix) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag prefix must not be empty")
+	}
+	return true
+}
+
+// Check if an anchor is valid.
+func yaml_emitter_analyze_anchor(emitter *yaml_emitter_t, anchor []byte, alias bool) bool {
+	if len(anchor) == 0 {
+		problem := "anchor value must not be empty"
+		if alias {
+			problem = "alias value must not be empty"
+		}
+		return yaml_emitter_set_emitter_error(emitter, problem)
+	}
+	for i := 0; i < len(anchor); i += width(anchor[i]) {
+		if !is_alpha(anchor, i) {
+			problem := "anchor value must contain alphanumerical characters only"
+			if alias {
+				problem = "alias value must contain alphanumerical characters only"
+			}
+			return yaml_emitter_set_emitter_error(emitter, problem)
+		}
+	}
+	emitter.anchor_data.anchor = anchor
+	emitter.anchor_data.alias = alias
+	return true
+}
+
+// Check if a tag is valid.
+func yaml_emitter_analyze_tag(emitter *yaml_emitter_t, tag []byte) bool {
+	if len(tag) == 0 {
+		return yaml_emitter_set_emitter_error(emitter, "tag value must not be empty")
+	}
+	for i := 0; i < len(emitter.tag_directives); i++ {
+		tag_directive := &emitter.tag_directives[i]
+		if bytes.HasPrefix(tag, tag_directive.prefix) {
+			emitter.tag_data.handle = tag_directive.handle
+			emitter.tag_data.suffix = tag[len(tag_directive.prefix):]
+			return true
+		}
+	}
+	emitter.tag_data.suffix = tag
+	return true
+}
+
+// Check if a scalar is valid.
+func yaml_emitter_analyze_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	var (
+		block_indicators   = false
+		flow_indicators    = false
+		line_breaks        = false
+		special_characters = false
+
+		leading_space  = false
+		leading_break  = false
+		trailing_space = false
+		trailing_break = false
+		break_space    = false
+		space_break    = false
+
+		preceded_by_whitespace = false
+		followed_by_whitespace = false
+		previous_space         = false
+		previous_break         = false
+	)
+
+	emitter.scalar_data.value = value
+
+	if len(value) == 0 {
+		emitter.scalar_data.multiline = false
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = true
+		emitter.scalar_data.single_quoted_allowed = true
+		emitter.scalar_data.block_allowed = false
+		return true
+	}
+
+	if len(value) >= 3 && ((value[0] == '-' && value[1] == '-' && value[2] == '-') || (value[0] == '.' && value[1] == '.' && value[2] == '.')) {
+		block_indicators = true
+		flow_indicators = true
+	}
+
+	preceded_by_whitespace = true
+	for i, w := 0, 0; i < len(value); i += w {
+		w = width(value[i])
+		followed_by_whitespace = i+w >= len(value) || is_blank(value, i+w)
+
+		if i == 0 {
+			switch value[i] {
+			case '#', ',', '[', ']', '{', '}', '&', '*', '!', '|', '>', '\'', '"', '%', '@', '`':
+				flow_indicators = true
+				block_indicators = true
+			case '?', ':':
+				flow_indicators = true
+				if followed_by_whitespace {
+					block_indicators = true
+				}
+			case '-':
+				if followed_by_whitespace {
+					flow_indicators = true
+					block_indicators = true
+				}
+			}
+		} else {
+			switch value[i] {
+			case ',', '?', '[', ']', '{', '}':
+				flow_indicators = true
+			case ':':
+				flow_indicators = true
+				if followed_by_whitespace {
+					block_indicators = true
+				}
+			case '#':
+				if preceded_by_whitespace {
+					flow_indicators = true
+					block_indicators = true
+				}
+			}
+		}
+
+		if !is_printable(value, i) || !is_ascii(value, i) && !emitter.unicode {
+			special_characters = true
+		}
+		if is_space(value, i) {
+			if i == 0 {
+				leading_space = true
+			}
+			if i+width(value[i]) == len(value) {
+				trailing_space = true
+			}
+			if previous_break {
+				break_space = true
+			}
+			previous_space = true
+			previous_break = false
+		} else if is_break(value, i) {
+			line_breaks = true
+			if i == 0 {
+				leading_break = true
+			}
+			if i+width(value[i]) == len(value) {
+				trailing_break = true
+			}
+			if previous_space {
+				space_break = true
+			}
+			previous_space = false
+			previous_break = true
+		} else {
+			previous_space = false
+			previous_break = false
+		}
+
+		// [Go]: Why 'z'? Couldn't be the end of the string as that's the loop condition.
+		preceded_by_whitespace = is_blankz(value, i)
+	}
+
+	emitter.scalar_data.multiline = line_breaks
+	emitter.scalar_data.flow_plain_allowed = true
+	emitter.scalar_data.block_plain_allowed = true
+	emitter.scalar_data.single_quoted_allowed = true
+	emitter.scalar_data.block_allowed = true
+
+	if leading_space || leading_break || trailing_space || trailing_break {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	if trailing_space {
+		emitter.scalar_data.block_allowed = false
+	}
+	if break_space {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+		emitter.scalar_data.single_quoted_allowed = false
+	}
+	if space_break || special_characters {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+		emitter.scalar_data.single_quoted_allowed = false
+		emitter.scalar_data.block_allowed = false
+	}
+	if line_breaks {
+		emitter.scalar_data.flow_plain_allowed = false
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	if flow_indicators {
+		emitter.scalar_data.flow_plain_allowed = false
+	}
+	if block_indicators {
+		emitter.scalar_data.block_plain_allowed = false
+	}
+	return true
+}
+
+// Check if the event data is valid.
+func yaml_emitter_analyze_event(emitter *yaml_emitter_t, event *yaml_event_t) bool {
+
+	emitter.anchor_data.anchor = nil
+	emitter.tag_data.handle = nil
+	emitter.tag_data.suffix = nil
+	emitter.scalar_data.value = nil
+
+	switch event.typ {
+	case yaml_ALIAS_EVENT:
+		if !yaml_emitter_analyze_anchor(emitter, event.anchor, true) {
+			return false
+		}
+
+	case yaml_SCALAR_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || (!event.implicit && !event.quoted_implicit)) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+		if !yaml_emitter_analyze_scalar(emitter, event.value) {
+			return false
+		}
+
+	case yaml_SEQUENCE_START_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || !event.implicit) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+
+	case yaml_MAPPING_START_EVENT:
+		if len(event.anchor) > 0 {
+			if !yaml_emitter_analyze_anchor(emitter, event.anchor, false) {
+				return false
+			}
+		}
+		if len(event.tag) > 0 && (emitter.canonical || !event.implicit) {
+			if !yaml_emitter_analyze_tag(emitter, event.tag) {
+				return false
+			}
+		}
+	}
+	return true
+}
+
+// Write the BOM character.
+func yaml_emitter_write_bom(emitter *yaml_emitter_t) bool {
+	if !flush(emitter) {
+		return false
+	}
+	pos := emitter.buffer_pos
+	emitter.buffer[pos+0] = '\xEF'
+	emitter.buffer[pos+1] = '\xBB'
+	emitter.buffer[pos+2] = '\xBF'
+	emitter.buffer_pos += 3
+	return true
+}
+
+func yaml_emitter_write_indent(emitter *yaml_emitter_t) bool {
+	indent := emitter.indent
+	if indent < 0 {
+		indent = 0
+	}
+	if !emitter.indention || emitter.column > indent || (emitter.column == indent && !emitter.whitespace) {
+		if !put_break(emitter) {
+			return false
+		}
+	}
+	for emitter.column < indent {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	emitter.whitespace = true
+	emitter.indention = true
+	return true
+}
+
+func yaml_emitter_write_indicator(emitter *yaml_emitter_t, indicator []byte, need_whitespace, is_whitespace, is_indention bool) bool {
+	if need_whitespace && !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	if !write_all(emitter, indicator) {
+		return false
+	}
+	emitter.whitespace = is_whitespace
+	emitter.indention = (emitter.indention && is_indention)
+	emitter.open_ended = false
+	return true
+}
+
+func yaml_emitter_write_anchor(emitter *yaml_emitter_t, value []byte) bool {
+	if !write_all(emitter, value) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_tag_handle(emitter *yaml_emitter_t, value []byte) bool {
+	if !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	if !write_all(emitter, value) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_tag_content(emitter *yaml_emitter_t, value []byte, need_whitespace bool) bool {
+	if need_whitespace && !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+	for i := 0; i < len(value); {
+		var must_write bool
+		switch value[i] {
+		case ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '_', '.', '~', '*', '\'', '(', ')', '[', ']':
+			must_write = true
+		default:
+			must_write = is_alpha(value, i)
+		}
+		if must_write {
+			if !write(emitter, value, &i) {
+				return false
+			}
+		} else {
+			w := width(value[i])
+			for k := 0; k < w; k++ {
+				octet := value[i]
+				i++
+				if !put(emitter, '%') {
+					return false
+				}
+
+				c := octet >> 4
+				if c < 10 {
+					c += '0'
+				} else {
+					c += 'A' - 10
+				}
+				if !put(emitter, c) {
+					return false
+				}
+
+				c = octet & 0x0f
+				if c < 10 {
+					c += '0'
+				} else {
+					c += 'A' - 10
+				}
+				if !put(emitter, c) {
+					return false
+				}
+			}
+		}
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_plain_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+	if !emitter.whitespace {
+		if !put(emitter, ' ') {
+			return false
+		}
+	}
+
+	spaces := false
+	breaks := false
+	for i := 0; i < len(value); {
+		if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && !is_space(value, i+1) {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			spaces = true
+		} else if is_break(value, i) {
+			if !breaks && value[i] == '\n' {
+				if !put_break(emitter) {
+					return false
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			spaces = false
+			breaks = false
+		}
+	}
+
+	emitter.whitespace = false
+	emitter.indention = false
+	if emitter.root_context {
+		emitter.open_ended = true
+	}
+
+	return true
+}
+
+func yaml_emitter_write_single_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+
+	if !yaml_emitter_write_indicator(emitter, []byte{'\''}, true, false, false) {
+		return false
+	}
+
+	spaces := false
+	breaks := false
+	for i := 0; i < len(value); {
+		if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 && !is_space(value, i+1) {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			spaces = true
+		} else if is_break(value, i) {
+			if !breaks && value[i] == '\n' {
+				if !put_break(emitter) {
+					return false
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if value[i] == '\'' {
+				if !put(emitter, '\'') {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			spaces = false
+			breaks = false
+		}
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'\''}, false, false, false) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_double_quoted_scalar(emitter *yaml_emitter_t, value []byte, allow_breaks bool) bool {
+	spaces := false
+	if !yaml_emitter_write_indicator(emitter, []byte{'"'}, true, false, false) {
+		return false
+	}
+
+	for i := 0; i < len(value); {
+		if !is_printable(value, i) || (!emitter.unicode && !is_ascii(value, i)) ||
+			is_bom(value, i) || is_break(value, i) ||
+			value[i] == '"' || value[i] == '\\' {
+
+			octet := value[i]
+
+			var w int
+			var v rune
+			switch {
+			case octet&0x80 == 0x00:
+				w, v = 1, rune(octet&0x7F)
+			case octet&0xE0 == 0xC0:
+				w, v = 2, rune(octet&0x1F)
+			case octet&0xF0 == 0xE0:
+				w, v = 3, rune(octet&0x0F)
+			case octet&0xF8 == 0xF0:
+				w, v = 4, rune(octet&0x07)
+			}
+			for k := 1; k < w; k++ {
+				octet = value[i+k]
+				v = (v << 6) + (rune(octet) & 0x3F)
+			}
+			i += w
+
+			if !put(emitter, '\\') {
+				return false
+			}
+
+			var ok bool
+			switch v {
+			case 0x00:
+				ok = put(emitter, '0')
+			case 0x07:
+				ok = put(emitter, 'a')
+			case 0x08:
+				ok = put(emitter, 'b')
+			case 0x09:
+				ok = put(emitter, 't')
+			case 0x0A:
+				ok = put(emitter, 'n')
+			case 0x0b:
+				ok = put(emitter, 'v')
+			case 0x0c:
+				ok = put(emitter, 'f')
+			case 0x0d:
+				ok = put(emitter, 'r')
+			case 0x1b:
+				ok = put(emitter, 'e')
+			case 0x22:
+				ok = put(emitter, '"')
+			case 0x5c:
+				ok = put(emitter, '\\')
+			case 0x85:
+				ok = put(emitter, 'N')
+			case 0xA0:
+				ok = put(emitter, '_')
+			case 0x2028:
+				ok = put(emitter, 'L')
+			case 0x2029:
+				ok = put(emitter, 'P')
+			default:
+				if v <= 0xFF {
+					ok = put(emitter, 'x')
+					w = 2
+				} else if v <= 0xFFFF {
+					ok = put(emitter, 'u')
+					w = 4
+				} else {
+					ok = put(emitter, 'U')
+					w = 8
+				}
+				for k := (w - 1) * 4; ok && k >= 0; k -= 4 {
+					digit := byte((v >> uint(k)) & 0x0F)
+					if digit < 10 {
+						ok = put(emitter, digit+'0')
+					} else {
+						ok = put(emitter, digit+'A'-10)
+					}
+				}
+			}
+			if !ok {
+				return false
+			}
+			spaces = false
+		} else if is_space(value, i) {
+			if allow_breaks && !spaces && emitter.column > emitter.best_width && i > 0 && i < len(value)-1 {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				if is_space(value, i+1) {
+					if !put(emitter, '\\') {
+						return false
+					}
+				}
+				i += width(value[i])
+			} else if !write(emitter, value, &i) {
+				return false
+			}
+			spaces = true
+		} else {
+			if !write(emitter, value, &i) {
+				return false
+			}
+			spaces = false
+		}
+	}
+	if !yaml_emitter_write_indicator(emitter, []byte{'"'}, false, false, false) {
+		return false
+	}
+	emitter.whitespace = false
+	emitter.indention = false
+	return true
+}
+
+func yaml_emitter_write_block_scalar_hints(emitter *yaml_emitter_t, value []byte) bool {
+	if is_space(value, 0) || is_break(value, 0) {
+		indent_hint := []byte{'0' + byte(emitter.best_indent)}
+		if !yaml_emitter_write_indicator(emitter, indent_hint, false, false, false) {
+			return false
+		}
+	}
+
+	emitter.open_ended = false
+
+	var chomp_hint [1]byte
+	if len(value) == 0 {
+		chomp_hint[0] = '-'
+	} else {
+		i := len(value) - 1
+		for value[i]&0xC0 == 0x80 {
+			i--
+		}
+		if !is_break(value, i) {
+			chomp_hint[0] = '-'
+		} else if i == 0 {
+			chomp_hint[0] = '+'
+			emitter.open_ended = true
+		} else {
+			i--
+			for value[i]&0xC0 == 0x80 {
+				i--
+			}
+			if is_break(value, i) {
+				chomp_hint[0] = '+'
+				emitter.open_ended = true
+			}
+		}
+	}
+	if chomp_hint[0] != 0 {
+		if !yaml_emitter_write_indicator(emitter, chomp_hint[:], false, false, false) {
+			return false
+		}
+	}
+	return true
+}
+
+func yaml_emitter_write_literal_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	if !yaml_emitter_write_indicator(emitter, []byte{'|'}, true, false, false) {
+		return false
+	}
+	if !yaml_emitter_write_block_scalar_hints(emitter, value) {
+		return false
+	}
+	if !put_break(emitter) {
+		return false
+	}
+	emitter.indention = true
+	emitter.whitespace = true
+	breaks := true
+	for i := 0; i < len(value); {
+		if is_break(value, i) {
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+			}
+			if !write(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = false
+			breaks = false
+		}
+	}
+
+	return true
+}
+
+func yaml_emitter_write_folded_scalar(emitter *yaml_emitter_t, value []byte) bool {
+	if !yaml_emitter_write_indicator(emitter, []byte{'>'}, true, false, false) {
+		return false
+	}
+	if !yaml_emitter_write_block_scalar_hints(emitter, value) {
+		return false
+	}
+
+	if !put_break(emitter) {
+		return false
+	}
+	emitter.indention = true
+	emitter.whitespace = true
+
+	breaks := true
+	leading_spaces := true
+	for i := 0; i < len(value); {
+		if is_break(value, i) {
+			if !breaks && !leading_spaces && value[i] == '\n' {
+				k := 0
+				for is_break(value, k) {
+					k += width(value[k])
+				}
+				if !is_blankz(value, k) {
+					if !put_break(emitter) {
+						return false
+					}
+				}
+			}
+			if !write_break(emitter, value, &i) {
+				return false
+			}
+			emitter.indention = true
+			breaks = true
+		} else {
+			if breaks {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				leading_spaces = is_blank(value, i)
+			}
+			if !breaks && is_space(value, i) && !is_space(value, i+1) && emitter.column > emitter.best_width {
+				if !yaml_emitter_write_indent(emitter) {
+					return false
+				}
+				i += width(value[i])
+			} else {
+				if !write(emitter, value, &i) {
+					return false
+				}
+			}
+			emitter.indention = false
+			breaks = false
+		}
+	}
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
new file mode 100644
index 000000000..0ee738e11
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/encode.go
@@ -0,0 +1,390 @@
+package yaml
+
+import (
+	"encoding"
+	"fmt"
+	"io"
+	"reflect"
+	"regexp"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+	"unicode/utf8"
+)
+
+// jsonNumber is the interface of the encoding/json.Number datatype.
+// Repeating the interface here avoids a dependency on encoding/json, and also
+// supports other libraries like jsoniter, which use a similar datatype with
+// the same interface. Detecting this interface is useful when dealing with
+// structures containing json.Number, which is a string under the hood. The
+// encoder should prefer the use of Int64(), Float64() and string(), in that
+// order, when encoding this type.
+type jsonNumber interface {
+	Float64() (float64, error)
+	Int64() (int64, error)
+	String() string
+}
+
+type encoder struct {
+	emitter yaml_emitter_t
+	event   yaml_event_t
+	out     []byte
+	flow    bool
+	// doneInit holds whether the initial stream_start_event has been
+	// emitted.
+	doneInit bool
+}
+
+func newEncoder() *encoder {
+	e := &encoder{}
+	yaml_emitter_initialize(&e.emitter)
+	yaml_emitter_set_output_string(&e.emitter, &e.out)
+	yaml_emitter_set_unicode(&e.emitter, true)
+	return e
+}
+
+func newEncoderWithWriter(w io.Writer) *encoder {
+	e := &encoder{}
+	yaml_emitter_initialize(&e.emitter)
+	yaml_emitter_set_output_writer(&e.emitter, w)
+	yaml_emitter_set_unicode(&e.emitter, true)
+	return e
+}
+
+func (e *encoder) init() {
+	if e.doneInit {
+		return
+	}
+	yaml_stream_start_event_initialize(&e.event, yaml_UTF8_ENCODING)
+	e.emit()
+	e.doneInit = true
+}
+
+func (e *encoder) finish() {
+	e.emitter.open_ended = false
+	yaml_stream_end_event_initialize(&e.event)
+	e.emit()
+}
+
+func (e *encoder) destroy() {
+	yaml_emitter_delete(&e.emitter)
+}
+
+func (e *encoder) emit() {
+	// This will internally delete the e.event value.
+	e.must(yaml_emitter_emit(&e.emitter, &e.event))
+}
+
+func (e *encoder) must(ok bool) {
+	if !ok {
+		msg := e.emitter.problem
+		if msg == "" {
+			msg = "unknown problem generating YAML content"
+		}
+		failf("%s", msg)
+	}
+}
+
+func (e *encoder) marshalDoc(tag string, in reflect.Value) {
+	e.init()
+	yaml_document_start_event_initialize(&e.event, nil, nil, true)
+	e.emit()
+	e.marshal(tag, in)
+	yaml_document_end_event_initialize(&e.event, true)
+	e.emit()
+}
+
+func (e *encoder) marshal(tag string, in reflect.Value) {
+	if !in.IsValid() || in.Kind() == reflect.Ptr && in.IsNil() {
+		e.nilv()
+		return
+	}
+	iface := in.Interface()
+	switch m := iface.(type) {
+	case jsonNumber:
+		integer, err := m.Int64()
+		if err == nil {
+			// In this case the json.Number is a valid int64
+			in = reflect.ValueOf(integer)
+			break
+		}
+		float, err := m.Float64()
+		if err == nil {
+			// In this case the json.Number is a valid float64
+			in = reflect.ValueOf(float)
+			break
+		}
+		// fallback case - no number could be obtained
+		in = reflect.ValueOf(m.String())
+	case time.Time, *time.Time:
+		// Although time.Time implements TextMarshaler,
+		// we don't want to treat it as a string for YAML
+		// purposes because YAML has special support for
+		// timestamps.
+	case Marshaler:
+		v, err := m.MarshalYAML()
+		if err != nil {
+			fail(err)
+		}
+		if v == nil {
+			e.nilv()
+			return
+		}
+		in = reflect.ValueOf(v)
+	case encoding.TextMarshaler:
+		text, err := m.MarshalText()
+		if err != nil {
+			fail(err)
+		}
+		in = reflect.ValueOf(string(text))
+	case nil:
+		e.nilv()
+		return
+	}
+	switch in.Kind() {
+	case reflect.Interface:
+		e.marshal(tag, in.Elem())
+	case reflect.Map:
+		e.mapv(tag, in)
+	case reflect.Ptr:
+		if in.Type() == ptrTimeType {
+			e.timev(tag, in.Elem())
+		} else {
+			e.marshal(tag, in.Elem())
+		}
+	case reflect.Struct:
+		if in.Type() == timeType {
+			e.timev(tag, in)
+		} else {
+			e.structv(tag, in)
+		}
+	case reflect.Slice, reflect.Array:
+		if in.Type().Elem() == mapItemType {
+			e.itemsv(tag, in)
+		} else {
+			e.slicev(tag, in)
+		}
+	case reflect.String:
+		e.stringv(tag, in)
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		if in.Type() == durationType {
+			e.stringv(tag, reflect.ValueOf(iface.(time.Duration).String()))
+		} else {
+			e.intv(tag, in)
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		e.uintv(tag, in)
+	case reflect.Float32, reflect.Float64:
+		e.floatv(tag, in)
+	case reflect.Bool:
+		e.boolv(tag, in)
+	default:
+		panic("cannot marshal type: " + in.Type().String())
+	}
+}
+
+func (e *encoder) mapv(tag string, in reflect.Value) {
+	e.mappingv(tag, func() {
+		keys := keyList(in.MapKeys())
+		sort.Sort(keys)
+		for _, k := range keys {
+			e.marshal("", k)
+			e.marshal("", in.MapIndex(k))
+		}
+	})
+}
+
+func (e *encoder) itemsv(tag string, in reflect.Value) {
+	e.mappingv(tag, func() {
+		slice := in.Convert(reflect.TypeOf([]MapItem{})).Interface().([]MapItem)
+		for _, item := range slice {
+			e.marshal("", reflect.ValueOf(item.Key))
+			e.marshal("", reflect.ValueOf(item.Value))
+		}
+	})
+}
+
+func (e *encoder) structv(tag string, in reflect.Value) {
+	sinfo, err := getStructInfo(in.Type())
+	if err != nil {
+		panic(err)
+	}
+	e.mappingv(tag, func() {
+		for _, info := range sinfo.FieldsList {
+			var value reflect.Value
+			if info.Inline == nil {
+				value = in.Field(info.Num)
+			} else {
+				value = in.FieldByIndex(info.Inline)
+			}
+			if info.OmitEmpty && isZero(value) {
+				continue
+			}
+			e.marshal("", reflect.ValueOf(info.Key))
+			e.flow = info.Flow
+			e.marshal("", value)
+		}
+		if sinfo.InlineMap >= 0 {
+			m := in.Field(sinfo.InlineMap)
+			if m.Len() > 0 {
+				e.flow = false
+				keys := keyList(m.MapKeys())
+				sort.Sort(keys)
+				for _, k := range keys {
+					if _, found := sinfo.FieldsMap[k.String()]; found {
+						panic(fmt.Sprintf("Can't have key %q in inlined map; conflicts with struct field", k.String()))
+					}
+					e.marshal("", k)
+					e.flow = false
+					e.marshal("", m.MapIndex(k))
+				}
+			}
+		}
+	})
+}
+
+func (e *encoder) mappingv(tag string, f func()) {
+	implicit := tag == ""
+	style := yaml_BLOCK_MAPPING_STYLE
+	if e.flow {
+		e.flow = false
+		style = yaml_FLOW_MAPPING_STYLE
+	}
+	yaml_mapping_start_event_initialize(&e.event, nil, []byte(tag), implicit, style)
+	e.emit()
+	f()
+	yaml_mapping_end_event_initialize(&e.event)
+	e.emit()
+}
+
+func (e *encoder) slicev(tag string, in reflect.Value) {
+	implicit := tag == ""
+	style := yaml_BLOCK_SEQUENCE_STYLE
+	if e.flow {
+		e.flow = false
+		style = yaml_FLOW_SEQUENCE_STYLE
+	}
+	e.must(yaml_sequence_start_event_initialize(&e.event, nil, []byte(tag), implicit, style))
+	e.emit()
+	n := in.Len()
+	for i := 0; i < n; i++ {
+		e.marshal("", in.Index(i))
+	}
+	e.must(yaml_sequence_end_event_initialize(&e.event))
+	e.emit()
+}
+
+// isBase60 returns whether s is in base 60 notation as defined in YAML 1.1.
+//
+// The base 60 float notation in YAML 1.1 is a terrible idea and is unsupported
+// in YAML 1.2 and by this package, but these should be marshalled quoted for
+// the time being for compatibility with other parsers.
+func isBase60Float(s string) (result bool) {
+	// Fast path.
+	if s == "" {
+		return false
+	}
+	c := s[0]
+	if !(c == '+' || c == '-' || c >= '0' && c <= '9') || strings.IndexByte(s, ':') < 0 {
+		return false
+	}
+	// Do the full match.
+	return base60float.MatchString(s)
+}
+
+// From http://yaml.org/type/float.html, except the regular expression there
+// is bogus. In practice parsers do not enforce the "\.[0-9_]*" suffix.
+var base60float = regexp.MustCompile(`^[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+(?:\.[0-9_]*)?$`)
+
+func (e *encoder) stringv(tag string, in reflect.Value) {
+	var style yaml_scalar_style_t
+	s := in.String()
+	canUsePlain := true
+	switch {
+	case !utf8.ValidString(s):
+		if tag == yaml_BINARY_TAG {
+			failf("explicitly tagged !!binary data must be base64-encoded")
+		}
+		if tag != "" {
+			failf("cannot marshal invalid UTF-8 data as %s", shortTag(tag))
+		}
+		// It can't be encoded directly as YAML so use a binary tag
+		// and encode it as base64.
+		tag = yaml_BINARY_TAG
+		s = encodeBase64(s)
+	case tag == "":
+		// Check to see if it would resolve to a specific
+		// tag when encoded unquoted. If it doesn't,
+		// there's no need to quote it.
+		rtag, _ := resolve("", s)
+		canUsePlain = rtag == yaml_STR_TAG && !isBase60Float(s)
+	}
+	// Note: it's possible for user code to emit invalid YAML
+	// if they explicitly specify a tag and a string containing
+	// text that's incompatible with that tag.
+	switch {
+	case strings.Contains(s, "\n"):
+		style = yaml_LITERAL_SCALAR_STYLE
+	case canUsePlain:
+		style = yaml_PLAIN_SCALAR_STYLE
+	default:
+		style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	e.emitScalar(s, "", tag, style)
+}
+
+func (e *encoder) boolv(tag string, in reflect.Value) {
+	var s string
+	if in.Bool() {
+		s = "true"
+	} else {
+		s = "false"
+	}
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) intv(tag string, in reflect.Value) {
+	s := strconv.FormatInt(in.Int(), 10)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) uintv(tag string, in reflect.Value) {
+	s := strconv.FormatUint(in.Uint(), 10)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) timev(tag string, in reflect.Value) {
+	t := in.Interface().(time.Time)
+	s := t.Format(time.RFC3339Nano)
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) floatv(tag string, in reflect.Value) {
+	// Issue #352: When formatting, use the precision of the underlying value
+	precision := 64
+	if in.Kind() == reflect.Float32 {
+		precision = 32
+	}
+
+	s := strconv.FormatFloat(in.Float(), 'g', -1, precision)
+	switch s {
+	case "+Inf":
+		s = ".inf"
+	case "-Inf":
+		s = "-.inf"
+	case "NaN":
+		s = ".nan"
+	}
+	e.emitScalar(s, "", tag, yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) nilv() {
+	e.emitScalar("null", "", "", yaml_PLAIN_SCALAR_STYLE)
+}
+
+func (e *encoder) emitScalar(value, anchor, tag string, style yaml_scalar_style_t) {
+	implicit := tag == ""
+	e.must(yaml_scalar_event_initialize(&e.event, []byte(anchor), []byte(tag), []byte(value), implicit, implicit, style))
+	e.emit()
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
new file mode 100644
index 000000000..81d05dfe5
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/parserc.go
@@ -0,0 +1,1095 @@
+package yaml
+
+import (
+	"bytes"
+)
+
+// The parser implements the following grammar:
+//
+// stream               ::= STREAM-START implicit_document? explicit_document* STREAM-END
+// implicit_document    ::= block_node DOCUMENT-END*
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+// block_node_or_indentless_sequence    ::=
+//                          ALIAS
+//                          | properties (block_content | indentless_block_sequence)?
+//                          | block_content
+//                          | indentless_block_sequence
+// block_node           ::= ALIAS
+//                          | properties block_content?
+//                          | block_content
+// flow_node            ::= ALIAS
+//                          | properties flow_content?
+//                          | flow_content
+// properties           ::= TAG ANCHOR? | ANCHOR TAG?
+// block_content        ::= block_collection | flow_collection | SCALAR
+// flow_content         ::= flow_collection | SCALAR
+// block_collection     ::= block_sequence | block_mapping
+// flow_collection      ::= flow_sequence | flow_mapping
+// block_sequence       ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+// indentless_sequence  ::= (BLOCK-ENTRY block_node?)+
+// block_mapping        ::= BLOCK-MAPPING_START
+//                          ((KEY block_node_or_indentless_sequence?)?
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//                          BLOCK-END
+// flow_sequence        ::= FLOW-SEQUENCE-START
+//                          (flow_sequence_entry FLOW-ENTRY)*
+//                          flow_sequence_entry?
+//                          FLOW-SEQUENCE-END
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+// flow_mapping         ::= FLOW-MAPPING-START
+//                          (flow_mapping_entry FLOW-ENTRY)*
+//                          flow_mapping_entry?
+//                          FLOW-MAPPING-END
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+
+// Peek the next token in the token queue.
+func peek_token(parser *yaml_parser_t) *yaml_token_t {
+	if parser.token_available || yaml_parser_fetch_more_tokens(parser) {
+		return &parser.tokens[parser.tokens_head]
+	}
+	return nil
+}
+
+// Remove the next token from the queue (must be called after peek_token).
+func skip_token(parser *yaml_parser_t) {
+	parser.token_available = false
+	parser.tokens_parsed++
+	parser.stream_end_produced = parser.tokens[parser.tokens_head].typ == yaml_STREAM_END_TOKEN
+	parser.tokens_head++
+}
+
+// Get the next event.
+func yaml_parser_parse(parser *yaml_parser_t, event *yaml_event_t) bool {
+	// Erase the event object.
+	*event = yaml_event_t{}
+
+	// No events after the end of the stream or error.
+	if parser.stream_end_produced || parser.error != yaml_NO_ERROR || parser.state == yaml_PARSE_END_STATE {
+		return true
+	}
+
+	// Generate the next event.
+	return yaml_parser_state_machine(parser, event)
+}
+
+// Set parser error.
+func yaml_parser_set_parser_error(parser *yaml_parser_t, problem string, problem_mark yaml_mark_t) bool {
+	parser.error = yaml_PARSER_ERROR
+	parser.problem = problem
+	parser.problem_mark = problem_mark
+	return false
+}
+
+func yaml_parser_set_parser_error_context(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string, problem_mark yaml_mark_t) bool {
+	parser.error = yaml_PARSER_ERROR
+	parser.context = context
+	parser.context_mark = context_mark
+	parser.problem = problem
+	parser.problem_mark = problem_mark
+	return false
+}
+
+// State dispatcher.
+func yaml_parser_state_machine(parser *yaml_parser_t, event *yaml_event_t) bool {
+	//trace("yaml_parser_state_machine", "state:", parser.state.String())
+
+	switch parser.state {
+	case yaml_PARSE_STREAM_START_STATE:
+		return yaml_parser_parse_stream_start(parser, event)
+
+	case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE:
+		return yaml_parser_parse_document_start(parser, event, true)
+
+	case yaml_PARSE_DOCUMENT_START_STATE:
+		return yaml_parser_parse_document_start(parser, event, false)
+
+	case yaml_PARSE_DOCUMENT_CONTENT_STATE:
+		return yaml_parser_parse_document_content(parser, event)
+
+	case yaml_PARSE_DOCUMENT_END_STATE:
+		return yaml_parser_parse_document_end(parser, event)
+
+	case yaml_PARSE_BLOCK_NODE_STATE:
+		return yaml_parser_parse_node(parser, event, true, false)
+
+	case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE:
+		return yaml_parser_parse_node(parser, event, true, true)
+
+	case yaml_PARSE_FLOW_NODE_STATE:
+		return yaml_parser_parse_node(parser, event, false, false)
+
+	case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE:
+		return yaml_parser_parse_block_sequence_entry(parser, event, true)
+
+	case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_block_sequence_entry(parser, event, false)
+
+	case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_indentless_sequence_entry(parser, event)
+
+	case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return yaml_parser_parse_block_mapping_key(parser, event, true)
+
+	case yaml_PARSE_BLOCK_MAPPING_KEY_STATE:
+		return yaml_parser_parse_block_mapping_key(parser, event, false)
+
+	case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_block_mapping_value(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE:
+		return yaml_parser_parse_flow_sequence_entry(parser, event, true)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE:
+		return yaml_parser_parse_flow_sequence_entry(parser, event, false)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_key(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_value(parser, event)
+
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE:
+		return yaml_parser_parse_flow_sequence_entry_mapping_end(parser, event)
+
+	case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE:
+		return yaml_parser_parse_flow_mapping_key(parser, event, true)
+
+	case yaml_PARSE_FLOW_MAPPING_KEY_STATE:
+		return yaml_parser_parse_flow_mapping_key(parser, event, false)
+
+	case yaml_PARSE_FLOW_MAPPING_VALUE_STATE:
+		return yaml_parser_parse_flow_mapping_value(parser, event, false)
+
+	case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE:
+		return yaml_parser_parse_flow_mapping_value(parser, event, true)
+
+	default:
+		panic("invalid parser state")
+	}
+}
+
+// Parse the production:
+// stream   ::= STREAM-START implicit_document? explicit_document* STREAM-END
+//              ************
+func yaml_parser_parse_stream_start(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_STREAM_START_TOKEN {
+		return yaml_parser_set_parser_error(parser, "did not find expected <stream-start>", token.start_mark)
+	}
+	parser.state = yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE
+	*event = yaml_event_t{
+		typ:        yaml_STREAM_START_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+		encoding:   token.encoding,
+	}
+	skip_token(parser)
+	return true
+}
+
+// Parse the productions:
+// implicit_document    ::= block_node DOCUMENT-END*
+//                          *
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//                          *************************
+func yaml_parser_parse_document_start(parser *yaml_parser_t, event *yaml_event_t, implicit bool) bool {
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	// Parse extra document end indicators.
+	if !implicit {
+		for token.typ == yaml_DOCUMENT_END_TOKEN {
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	}
+
+	if implicit && token.typ != yaml_VERSION_DIRECTIVE_TOKEN &&
+		token.typ != yaml_TAG_DIRECTIVE_TOKEN &&
+		token.typ != yaml_DOCUMENT_START_TOKEN &&
+		token.typ != yaml_STREAM_END_TOKEN {
+		// Parse an implicit document.
+		if !yaml_parser_process_directives(parser, nil, nil) {
+			return false
+		}
+		parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE)
+		parser.state = yaml_PARSE_BLOCK_NODE_STATE
+
+		*event = yaml_event_t{
+			typ:        yaml_DOCUMENT_START_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+
+	} else if token.typ != yaml_STREAM_END_TOKEN {
+		// Parse an explicit document.
+		var version_directive *yaml_version_directive_t
+		var tag_directives []yaml_tag_directive_t
+		start_mark := token.start_mark
+		if !yaml_parser_process_directives(parser, &version_directive, &tag_directives) {
+			return false
+		}
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_DOCUMENT_START_TOKEN {
+			yaml_parser_set_parser_error(parser,
+				"did not find expected <document start>", token.start_mark)
+			return false
+		}
+		parser.states = append(parser.states, yaml_PARSE_DOCUMENT_END_STATE)
+		parser.state = yaml_PARSE_DOCUMENT_CONTENT_STATE
+		end_mark := token.end_mark
+
+		*event = yaml_event_t{
+			typ:               yaml_DOCUMENT_START_EVENT,
+			start_mark:        start_mark,
+			end_mark:          end_mark,
+			version_directive: version_directive,
+			tag_directives:    tag_directives,
+			implicit:          false,
+		}
+		skip_token(parser)
+
+	} else {
+		// Parse the stream end.
+		parser.state = yaml_PARSE_END_STATE
+		*event = yaml_event_t{
+			typ:        yaml_STREAM_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+		skip_token(parser)
+	}
+
+	return true
+}
+
+// Parse the productions:
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//                                                    ***********
+//
+func yaml_parser_parse_document_content(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VERSION_DIRECTIVE_TOKEN ||
+		token.typ == yaml_TAG_DIRECTIVE_TOKEN ||
+		token.typ == yaml_DOCUMENT_START_TOKEN ||
+		token.typ == yaml_DOCUMENT_END_TOKEN ||
+		token.typ == yaml_STREAM_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		return yaml_parser_process_empty_scalar(parser, event,
+			token.start_mark)
+	}
+	return yaml_parser_parse_node(parser, event, true, false)
+}
+
+// Parse the productions:
+// implicit_document    ::= block_node DOCUMENT-END*
+//                                     *************
+// explicit_document    ::= DIRECTIVE* DOCUMENT-START block_node? DOCUMENT-END*
+//
+func yaml_parser_parse_document_end(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	start_mark := token.start_mark
+	end_mark := token.start_mark
+
+	implicit := true
+	if token.typ == yaml_DOCUMENT_END_TOKEN {
+		end_mark = token.end_mark
+		skip_token(parser)
+		implicit = false
+	}
+
+	parser.tag_directives = parser.tag_directives[:0]
+
+	parser.state = yaml_PARSE_DOCUMENT_START_STATE
+	*event = yaml_event_t{
+		typ:        yaml_DOCUMENT_END_EVENT,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		implicit:   implicit,
+	}
+	return true
+}
+
+// Parse the productions:
+// block_node_or_indentless_sequence    ::=
+//                          ALIAS
+//                          *****
+//                          | properties (block_content | indentless_block_sequence)?
+//                            **********  *
+//                          | block_content | indentless_block_sequence
+//                            *
+// block_node           ::= ALIAS
+//                          *****
+//                          | properties block_content?
+//                            ********** *
+//                          | block_content
+//                            *
+// flow_node            ::= ALIAS
+//                          *****
+//                          | properties flow_content?
+//                            ********** *
+//                          | flow_content
+//                            *
+// properties           ::= TAG ANCHOR? | ANCHOR TAG?
+//                          *************************
+// block_content        ::= block_collection | flow_collection | SCALAR
+//                                                               ******
+// flow_content         ::= flow_collection | SCALAR
+//                                            ******
+func yaml_parser_parse_node(parser *yaml_parser_t, event *yaml_event_t, block, indentless_sequence bool) bool {
+	//defer trace("yaml_parser_parse_node", "block:", block, "indentless_sequence:", indentless_sequence)()
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_ALIAS_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		*event = yaml_event_t{
+			typ:        yaml_ALIAS_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+			anchor:     token.value,
+		}
+		skip_token(parser)
+		return true
+	}
+
+	start_mark := token.start_mark
+	end_mark := token.start_mark
+
+	var tag_token bool
+	var tag_handle, tag_suffix, anchor []byte
+	var tag_mark yaml_mark_t
+	if token.typ == yaml_ANCHOR_TOKEN {
+		anchor = token.value
+		start_mark = token.start_mark
+		end_mark = token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ == yaml_TAG_TOKEN {
+			tag_token = true
+			tag_handle = token.value
+			tag_suffix = token.suffix
+			tag_mark = token.start_mark
+			end_mark = token.end_mark
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	} else if token.typ == yaml_TAG_TOKEN {
+		tag_token = true
+		tag_handle = token.value
+		tag_suffix = token.suffix
+		start_mark = token.start_mark
+		tag_mark = token.start_mark
+		end_mark = token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ == yaml_ANCHOR_TOKEN {
+			anchor = token.value
+			end_mark = token.end_mark
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+		}
+	}
+
+	var tag []byte
+	if tag_token {
+		if len(tag_handle) == 0 {
+			tag = tag_suffix
+			tag_suffix = nil
+		} else {
+			for i := range parser.tag_directives {
+				if bytes.Equal(parser.tag_directives[i].handle, tag_handle) {
+					tag = append([]byte(nil), parser.tag_directives[i].prefix...)
+					tag = append(tag, tag_suffix...)
+					break
+				}
+			}
+			if len(tag) == 0 {
+				yaml_parser_set_parser_error_context(parser,
+					"while parsing a node", start_mark,
+					"found undefined tag handle", tag_mark)
+				return false
+			}
+		}
+	}
+
+	implicit := len(tag) == 0
+	if indentless_sequence && token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if token.typ == yaml_SCALAR_TOKEN {
+		var plain_implicit, quoted_implicit bool
+		end_mark = token.end_mark
+		if (len(tag) == 0 && token.style == yaml_PLAIN_SCALAR_STYLE) || (len(tag) == 1 && tag[0] == '!') {
+			plain_implicit = true
+		} else if len(tag) == 0 {
+			quoted_implicit = true
+		}
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+
+		*event = yaml_event_t{
+			typ:             yaml_SCALAR_EVENT,
+			start_mark:      start_mark,
+			end_mark:        end_mark,
+			anchor:          anchor,
+			tag:             tag,
+			value:           token.value,
+			implicit:        plain_implicit,
+			quoted_implicit: quoted_implicit,
+			style:           yaml_style_t(token.style),
+		}
+		skip_token(parser)
+		return true
+	}
+	if token.typ == yaml_FLOW_SEQUENCE_START_TOKEN {
+		// [Go] Some of the events below can be merged as they differ only on style.
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_FLOW_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if token.typ == yaml_FLOW_MAPPING_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_FLOW_MAPPING_STYLE),
+		}
+		return true
+	}
+	if block && token.typ == yaml_BLOCK_SEQUENCE_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_SEQUENCE_STYLE),
+		}
+		return true
+	}
+	if block && token.typ == yaml_BLOCK_MAPPING_START_TOKEN {
+		end_mark = token.end_mark
+		parser.state = yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_START_EVENT,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			anchor:     anchor,
+			tag:        tag,
+			implicit:   implicit,
+			style:      yaml_style_t(yaml_BLOCK_MAPPING_STYLE),
+		}
+		return true
+	}
+	if len(anchor) > 0 || len(tag) > 0 {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+
+		*event = yaml_event_t{
+			typ:             yaml_SCALAR_EVENT,
+			start_mark:      start_mark,
+			end_mark:        end_mark,
+			anchor:          anchor,
+			tag:             tag,
+			implicit:        implicit,
+			quoted_implicit: false,
+			style:           yaml_style_t(yaml_PLAIN_SCALAR_STYLE),
+		}
+		return true
+	}
+
+	context := "while parsing a flow node"
+	if block {
+		context = "while parsing a block node"
+	}
+	yaml_parser_set_parser_error_context(parser, context, start_mark,
+		"did not find expected node content", token.start_mark)
+	return false
+}
+
+// Parse the productions:
+// block_sequence ::= BLOCK-SEQUENCE-START (BLOCK-ENTRY block_node?)* BLOCK-END
+//                    ********************  *********** *             *********
+//
+func yaml_parser_parse_block_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_BLOCK_ENTRY_TOKEN && token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, true, false)
+		} else {
+			parser.state = yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE
+			return yaml_parser_process_empty_scalar(parser, event, mark)
+		}
+	}
+	if token.typ == yaml_BLOCK_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		parser.marks = parser.marks[:len(parser.marks)-1]
+
+		*event = yaml_event_t{
+			typ:        yaml_SEQUENCE_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+
+		skip_token(parser)
+		return true
+	}
+
+	context_mark := parser.marks[len(parser.marks)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	return yaml_parser_set_parser_error_context(parser,
+		"while parsing a block collection", context_mark,
+		"did not find expected '-' indicator", token.start_mark)
+}
+
+// Parse the productions:
+// indentless_sequence  ::= (BLOCK-ENTRY block_node?)+
+//                           *********** *
+func yaml_parser_parse_indentless_sequence_entry(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_BLOCK_ENTRY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_BLOCK_ENTRY_TOKEN &&
+			token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, true, false)
+		}
+		parser.state = yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, mark)
+	}
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+
+	*event = yaml_event_t{
+		typ:        yaml_SEQUENCE_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.start_mark, // [Go] Shouldn't this be token.end_mark?
+	}
+	return true
+}
+
+// Parse the productions:
+// block_mapping        ::= BLOCK-MAPPING_START
+//                          *******************
+//                          ((KEY block_node_or_indentless_sequence?)?
+//                            *** *
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//
+//                          BLOCK-END
+//                          *********
+//
+func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ == yaml_KEY_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_VALUE_STATE)
+			return yaml_parser_parse_node(parser, event, true, true)
+		} else {
+			parser.state = yaml_PARSE_BLOCK_MAPPING_VALUE_STATE
+			return yaml_parser_process_empty_scalar(parser, event, mark)
+		}
+	} else if token.typ == yaml_BLOCK_END_TOKEN {
+		parser.state = parser.states[len(parser.states)-1]
+		parser.states = parser.states[:len(parser.states)-1]
+		parser.marks = parser.marks[:len(parser.marks)-1]
+		*event = yaml_event_t{
+			typ:        yaml_MAPPING_END_EVENT,
+			start_mark: token.start_mark,
+			end_mark:   token.end_mark,
+		}
+		skip_token(parser)
+		return true
+	}
+
+	context_mark := parser.marks[len(parser.marks)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	return yaml_parser_set_parser_error_context(parser,
+		"while parsing a block mapping", context_mark,
+		"did not find expected key", token.start_mark)
+}
+
+// Parse the productions:
+// block_mapping        ::= BLOCK-MAPPING_START
+//
+//                          ((KEY block_node_or_indentless_sequence?)?
+//
+//                          (VALUE block_node_or_indentless_sequence?)?)*
+//                           ***** *
+//                          BLOCK-END
+//
+//
+func yaml_parser_parse_block_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		mark := token.end_mark
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_KEY_TOKEN &&
+			token.typ != yaml_VALUE_TOKEN &&
+			token.typ != yaml_BLOCK_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_BLOCK_MAPPING_KEY_STATE)
+			return yaml_parser_parse_node(parser, event, true, true)
+		}
+		parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, mark)
+	}
+	parser.state = yaml_PARSE_BLOCK_MAPPING_KEY_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Parse the productions:
+// flow_sequence        ::= FLOW-SEQUENCE-START
+//                          *******************
+//                          (flow_sequence_entry FLOW-ENTRY)*
+//                           *                   **********
+//                          flow_sequence_entry?
+//                          *
+//                          FLOW-SEQUENCE-END
+//                          *****************
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                          *
+//
+func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+		if !first {
+			if token.typ == yaml_FLOW_ENTRY_TOKEN {
+				skip_token(parser)
+				token = peek_token(parser)
+				if token == nil {
+					return false
+				}
+			} else {
+				context_mark := parser.marks[len(parser.marks)-1]
+				parser.marks = parser.marks[:len(parser.marks)-1]
+				return yaml_parser_set_parser_error_context(parser,
+					"while parsing a flow sequence", context_mark,
+					"did not find expected ',' or ']'", token.start_mark)
+			}
+		}
+
+		if token.typ == yaml_KEY_TOKEN {
+			parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE
+			*event = yaml_event_t{
+				typ:        yaml_MAPPING_START_EVENT,
+				start_mark: token.start_mark,
+				end_mark:   token.end_mark,
+				implicit:   true,
+				style:      yaml_style_t(yaml_FLOW_MAPPING_STYLE),
+			}
+			skip_token(parser)
+			return true
+		} else if token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+
+	*event = yaml_event_t{
+		typ:        yaml_SEQUENCE_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+	}
+
+	skip_token(parser)
+	return true
+}
+
+//
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                      *** *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_key(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ != yaml_VALUE_TOKEN &&
+		token.typ != yaml_FLOW_ENTRY_TOKEN &&
+		token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+		parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE)
+		return yaml_parser_parse_node(parser, event, false, false)
+	}
+	mark := token.end_mark
+	skip_token(parser)
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE
+	return yaml_parser_process_empty_scalar(parser, event, mark)
+}
+
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                                      ***** *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_value(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		skip_token(parser)
+		token := peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_SEQUENCE_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Parse the productions:
+// flow_sequence_entry  ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                                                      *
+//
+func yaml_parser_parse_flow_sequence_entry_mapping_end(parser *yaml_parser_t, event *yaml_event_t) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	parser.state = yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE
+	*event = yaml_event_t{
+		typ:        yaml_MAPPING_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.start_mark, // [Go] Shouldn't this be end_mark?
+	}
+	return true
+}
+
+// Parse the productions:
+// flow_mapping         ::= FLOW-MAPPING-START
+//                          ******************
+//                          (flow_mapping_entry FLOW-ENTRY)*
+//                           *                  **********
+//                          flow_mapping_entry?
+//                          ******************
+//                          FLOW-MAPPING-END
+//                          ****************
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                          *           *** *
+//
+func yaml_parser_parse_flow_mapping_key(parser *yaml_parser_t, event *yaml_event_t, first bool) bool {
+	if first {
+		token := peek_token(parser)
+		parser.marks = append(parser.marks, token.start_mark)
+		skip_token(parser)
+	}
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	if token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+		if !first {
+			if token.typ == yaml_FLOW_ENTRY_TOKEN {
+				skip_token(parser)
+				token = peek_token(parser)
+				if token == nil {
+					return false
+				}
+			} else {
+				context_mark := parser.marks[len(parser.marks)-1]
+				parser.marks = parser.marks[:len(parser.marks)-1]
+				return yaml_parser_set_parser_error_context(parser,
+					"while parsing a flow mapping", context_mark,
+					"did not find expected ',' or '}'", token.start_mark)
+			}
+		}
+
+		if token.typ == yaml_KEY_TOKEN {
+			skip_token(parser)
+			token = peek_token(parser)
+			if token == nil {
+				return false
+			}
+			if token.typ != yaml_VALUE_TOKEN &&
+				token.typ != yaml_FLOW_ENTRY_TOKEN &&
+				token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+				parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_VALUE_STATE)
+				return yaml_parser_parse_node(parser, event, false, false)
+			} else {
+				parser.state = yaml_PARSE_FLOW_MAPPING_VALUE_STATE
+				return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+			}
+		} else if token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+
+	parser.state = parser.states[len(parser.states)-1]
+	parser.states = parser.states[:len(parser.states)-1]
+	parser.marks = parser.marks[:len(parser.marks)-1]
+	*event = yaml_event_t{
+		typ:        yaml_MAPPING_END_EVENT,
+		start_mark: token.start_mark,
+		end_mark:   token.end_mark,
+	}
+	skip_token(parser)
+	return true
+}
+
+// Parse the productions:
+// flow_mapping_entry   ::= flow_node | KEY flow_node? (VALUE flow_node?)?
+//                                   *                  ***** *
+//
+func yaml_parser_parse_flow_mapping_value(parser *yaml_parser_t, event *yaml_event_t, empty bool) bool {
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+	if empty {
+		parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE
+		return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+	}
+	if token.typ == yaml_VALUE_TOKEN {
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+		if token.typ != yaml_FLOW_ENTRY_TOKEN && token.typ != yaml_FLOW_MAPPING_END_TOKEN {
+			parser.states = append(parser.states, yaml_PARSE_FLOW_MAPPING_KEY_STATE)
+			return yaml_parser_parse_node(parser, event, false, false)
+		}
+	}
+	parser.state = yaml_PARSE_FLOW_MAPPING_KEY_STATE
+	return yaml_parser_process_empty_scalar(parser, event, token.start_mark)
+}
+
+// Generate an empty scalar event.
+func yaml_parser_process_empty_scalar(parser *yaml_parser_t, event *yaml_event_t, mark yaml_mark_t) bool {
+	*event = yaml_event_t{
+		typ:        yaml_SCALAR_EVENT,
+		start_mark: mark,
+		end_mark:   mark,
+		value:      nil, // Empty
+		implicit:   true,
+		style:      yaml_style_t(yaml_PLAIN_SCALAR_STYLE),
+	}
+	return true
+}
+
+var default_tag_directives = []yaml_tag_directive_t{
+	{[]byte("!"), []byte("!")},
+	{[]byte("!!"), []byte("tag:yaml.org,2002:")},
+}
+
+// Parse directives.
+func yaml_parser_process_directives(parser *yaml_parser_t,
+	version_directive_ref **yaml_version_directive_t,
+	tag_directives_ref *[]yaml_tag_directive_t) bool {
+
+	var version_directive *yaml_version_directive_t
+	var tag_directives []yaml_tag_directive_t
+
+	token := peek_token(parser)
+	if token == nil {
+		return false
+	}
+
+	for token.typ == yaml_VERSION_DIRECTIVE_TOKEN || token.typ == yaml_TAG_DIRECTIVE_TOKEN {
+		if token.typ == yaml_VERSION_DIRECTIVE_TOKEN {
+			if version_directive != nil {
+				yaml_parser_set_parser_error(parser,
+					"found duplicate %YAML directive", token.start_mark)
+				return false
+			}
+			if token.major != 1 || token.minor != 1 {
+				yaml_parser_set_parser_error(parser,
+					"found incompatible YAML document", token.start_mark)
+				return false
+			}
+			version_directive = &yaml_version_directive_t{
+				major: token.major,
+				minor: token.minor,
+			}
+		} else if token.typ == yaml_TAG_DIRECTIVE_TOKEN {
+			value := yaml_tag_directive_t{
+				handle: token.value,
+				prefix: token.prefix,
+			}
+			if !yaml_parser_append_tag_directive(parser, value, false, token.start_mark) {
+				return false
+			}
+			tag_directives = append(tag_directives, value)
+		}
+
+		skip_token(parser)
+		token = peek_token(parser)
+		if token == nil {
+			return false
+		}
+	}
+
+	for i := range default_tag_directives {
+		if !yaml_parser_append_tag_directive(parser, default_tag_directives[i], true, token.start_mark) {
+			return false
+		}
+	}
+
+	if version_directive_ref != nil {
+		*version_directive_ref = version_directive
+	}
+	if tag_directives_ref != nil {
+		*tag_directives_ref = tag_directives
+	}
+	return true
+}
+
+// Append a tag directive to the directives stack.
+func yaml_parser_append_tag_directive(parser *yaml_parser_t, value yaml_tag_directive_t, allow_duplicates bool, mark yaml_mark_t) bool {
+	for i := range parser.tag_directives {
+		if bytes.Equal(value.handle, parser.tag_directives[i].handle) {
+			if allow_duplicates {
+				return true
+			}
+			return yaml_parser_set_parser_error(parser, "found duplicate %TAG directive", mark)
+		}
+	}
+
+	// [Go] I suspect the copy is unnecessary. This was likely done
+	// because there was no way to track ownership of the data.
+	value_copy := yaml_tag_directive_t{
+		handle: make([]byte, len(value.handle)),
+		prefix: make([]byte, len(value.prefix)),
+	}
+	copy(value_copy.handle, value.handle)
+	copy(value_copy.prefix, value.prefix)
+	parser.tag_directives = append(parser.tag_directives, value_copy)
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
new file mode 100644
index 000000000..7c1f5fac3
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/readerc.go
@@ -0,0 +1,412 @@
+package yaml
+
+import (
+	"io"
+)
+
+// Set the reader error and return 0.
+func yaml_parser_set_reader_error(parser *yaml_parser_t, problem string, offset int, value int) bool {
+	parser.error = yaml_READER_ERROR
+	parser.problem = problem
+	parser.problem_offset = offset
+	parser.problem_value = value
+	return false
+}
+
+// Byte order marks.
+const (
+	bom_UTF8    = "\xef\xbb\xbf"
+	bom_UTF16LE = "\xff\xfe"
+	bom_UTF16BE = "\xfe\xff"
+)
+
+// Determine the input stream encoding by checking the BOM symbol. If no BOM is
+// found, the UTF-8 encoding is assumed. Return 1 on success, 0 on failure.
+func yaml_parser_determine_encoding(parser *yaml_parser_t) bool {
+	// Ensure that we had enough bytes in the raw buffer.
+	for !parser.eof && len(parser.raw_buffer)-parser.raw_buffer_pos < 3 {
+		if !yaml_parser_update_raw_buffer(parser) {
+			return false
+		}
+	}
+
+	// Determine the encoding.
+	buf := parser.raw_buffer
+	pos := parser.raw_buffer_pos
+	avail := len(buf) - pos
+	if avail >= 2 && buf[pos] == bom_UTF16LE[0] && buf[pos+1] == bom_UTF16LE[1] {
+		parser.encoding = yaml_UTF16LE_ENCODING
+		parser.raw_buffer_pos += 2
+		parser.offset += 2
+	} else if avail >= 2 && buf[pos] == bom_UTF16BE[0] && buf[pos+1] == bom_UTF16BE[1] {
+		parser.encoding = yaml_UTF16BE_ENCODING
+		parser.raw_buffer_pos += 2
+		parser.offset += 2
+	} else if avail >= 3 && buf[pos] == bom_UTF8[0] && buf[pos+1] == bom_UTF8[1] && buf[pos+2] == bom_UTF8[2] {
+		parser.encoding = yaml_UTF8_ENCODING
+		parser.raw_buffer_pos += 3
+		parser.offset += 3
+	} else {
+		parser.encoding = yaml_UTF8_ENCODING
+	}
+	return true
+}
+
+// Update the raw buffer.
+func yaml_parser_update_raw_buffer(parser *yaml_parser_t) bool {
+	size_read := 0
+
+	// Return if the raw buffer is full.
+	if parser.raw_buffer_pos == 0 && len(parser.raw_buffer) == cap(parser.raw_buffer) {
+		return true
+	}
+
+	// Return on EOF.
+	if parser.eof {
+		return true
+	}
+
+	// Move the remaining bytes in the raw buffer to the beginning.
+	if parser.raw_buffer_pos > 0 && parser.raw_buffer_pos < len(parser.raw_buffer) {
+		copy(parser.raw_buffer, parser.raw_buffer[parser.raw_buffer_pos:])
+	}
+	parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)-parser.raw_buffer_pos]
+	parser.raw_buffer_pos = 0
+
+	// Call the read handler to fill the buffer.
+	size_read, err := parser.read_handler(parser, parser.raw_buffer[len(parser.raw_buffer):cap(parser.raw_buffer)])
+	parser.raw_buffer = parser.raw_buffer[:len(parser.raw_buffer)+size_read]
+	if err == io.EOF {
+		parser.eof = true
+	} else if err != nil {
+		return yaml_parser_set_reader_error(parser, "input error: "+err.Error(), parser.offset, -1)
+	}
+	return true
+}
+
+// Ensure that the buffer contains at least `length` characters.
+// Return true on success, false on failure.
+//
+// The length is supposed to be significantly less that the buffer size.
+func yaml_parser_update_buffer(parser *yaml_parser_t, length int) bool {
+	if parser.read_handler == nil {
+		panic("read handler must be set")
+	}
+
+	// [Go] This function was changed to guarantee the requested length size at EOF.
+	// The fact we need to do this is pretty awful, but the description above implies
+	// for that to be the case, and there are tests 
+
+	// If the EOF flag is set and the raw buffer is empty, do nothing.
+	if parser.eof && parser.raw_buffer_pos == len(parser.raw_buffer) {
+		// [Go] ACTUALLY! Read the documentation of this function above.
+		// This is just broken. To return true, we need to have the
+		// given length in the buffer. Not doing that means every single
+		// check that calls this function to make sure the buffer has a
+		// given length is Go) panicking; or C) accessing invalid memory.
+		//return true
+	}
+
+	// Return if the buffer contains enough characters.
+	if parser.unread >= length {
+		return true
+	}
+
+	// Determine the input encoding if it is not known yet.
+	if parser.encoding == yaml_ANY_ENCODING {
+		if !yaml_parser_determine_encoding(parser) {
+			return false
+		}
+	}
+
+	// Move the unread characters to the beginning of the buffer.
+	buffer_len := len(parser.buffer)
+	if parser.buffer_pos > 0 && parser.buffer_pos < buffer_len {
+		copy(parser.buffer, parser.buffer[parser.buffer_pos:])
+		buffer_len -= parser.buffer_pos
+		parser.buffer_pos = 0
+	} else if parser.buffer_pos == buffer_len {
+		buffer_len = 0
+		parser.buffer_pos = 0
+	}
+
+	// Open the whole buffer for writing, and cut it before returning.
+	parser.buffer = parser.buffer[:cap(parser.buffer)]
+
+	// Fill the buffer until it has enough characters.
+	first := true
+	for parser.unread < length {
+
+		// Fill the raw buffer if necessary.
+		if !first || parser.raw_buffer_pos == len(parser.raw_buffer) {
+			if !yaml_parser_update_raw_buffer(parser) {
+				parser.buffer = parser.buffer[:buffer_len]
+				return false
+			}
+		}
+		first = false
+
+		// Decode the raw buffer.
+	inner:
+		for parser.raw_buffer_pos != len(parser.raw_buffer) {
+			var value rune
+			var width int
+
+			raw_unread := len(parser.raw_buffer) - parser.raw_buffer_pos
+
+			// Decode the next character.
+			switch parser.encoding {
+			case yaml_UTF8_ENCODING:
+				// Decode a UTF-8 character.  Check RFC 3629
+				// (http://www.ietf.org/rfc/rfc3629.txt) for more details.
+				//
+				// The following table (taken from the RFC) is used for
+				// decoding.
+				//
+				//    Char. number range |        UTF-8 octet sequence
+				//      (hexadecimal)    |              (binary)
+				//   --------------------+------------------------------------
+				//   0000 0000-0000 007F | 0xxxxxxx
+				//   0000 0080-0000 07FF | 110xxxxx 10xxxxxx
+				//   0000 0800-0000 FFFF | 1110xxxx 10xxxxxx 10xxxxxx
+				//   0001 0000-0010 FFFF | 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+				//
+				// Additionally, the characters in the range 0xD800-0xDFFF
+				// are prohibited as they are reserved for use with UTF-16
+				// surrogate pairs.
+
+				// Determine the length of the UTF-8 sequence.
+				octet := parser.raw_buffer[parser.raw_buffer_pos]
+				switch {
+				case octet&0x80 == 0x00:
+					width = 1
+				case octet&0xE0 == 0xC0:
+					width = 2
+				case octet&0xF0 == 0xE0:
+					width = 3
+				case octet&0xF8 == 0xF0:
+					width = 4
+				default:
+					// The leading octet is invalid.
+					return yaml_parser_set_reader_error(parser,
+						"invalid leading UTF-8 octet",
+						parser.offset, int(octet))
+				}
+
+				// Check if the raw buffer contains an incomplete character.
+				if width > raw_unread {
+					if parser.eof {
+						return yaml_parser_set_reader_error(parser,
+							"incomplete UTF-8 octet sequence",
+							parser.offset, -1)
+					}
+					break inner
+				}
+
+				// Decode the leading octet.
+				switch {
+				case octet&0x80 == 0x00:
+					value = rune(octet & 0x7F)
+				case octet&0xE0 == 0xC0:
+					value = rune(octet & 0x1F)
+				case octet&0xF0 == 0xE0:
+					value = rune(octet & 0x0F)
+				case octet&0xF8 == 0xF0:
+					value = rune(octet & 0x07)
+				default:
+					value = 0
+				}
+
+				// Check and decode the trailing octets.
+				for k := 1; k < width; k++ {
+					octet = parser.raw_buffer[parser.raw_buffer_pos+k]
+
+					// Check if the octet is valid.
+					if (octet & 0xC0) != 0x80 {
+						return yaml_parser_set_reader_error(parser,
+							"invalid trailing UTF-8 octet",
+							parser.offset+k, int(octet))
+					}
+
+					// Decode the octet.
+					value = (value << 6) + rune(octet&0x3F)
+				}
+
+				// Check the length of the sequence against the value.
+				switch {
+				case width == 1:
+				case width == 2 && value >= 0x80:
+				case width == 3 && value >= 0x800:
+				case width == 4 && value >= 0x10000:
+				default:
+					return yaml_parser_set_reader_error(parser,
+						"invalid length of a UTF-8 sequence",
+						parser.offset, -1)
+				}
+
+				// Check the range of the value.
+				if value >= 0xD800 && value <= 0xDFFF || value > 0x10FFFF {
+					return yaml_parser_set_reader_error(parser,
+						"invalid Unicode character",
+						parser.offset, int(value))
+				}
+
+			case yaml_UTF16LE_ENCODING, yaml_UTF16BE_ENCODING:
+				var low, high int
+				if parser.encoding == yaml_UTF16LE_ENCODING {
+					low, high = 0, 1
+				} else {
+					low, high = 1, 0
+				}
+
+				// The UTF-16 encoding is not as simple as one might
+				// naively think.  Check RFC 2781
+				// (http://www.ietf.org/rfc/rfc2781.txt).
+				//
+				// Normally, two subsequent bytes describe a Unicode
+				// character.  However a special technique (called a
+				// surrogate pair) is used for specifying character
+				// values larger than 0xFFFF.
+				//
+				// A surrogate pair consists of two pseudo-characters:
+				//      high surrogate area (0xD800-0xDBFF)
+				//      low surrogate area (0xDC00-0xDFFF)
+				//
+				// The following formulas are used for decoding
+				// and encoding characters using surrogate pairs:
+				//
+				//  U  = U' + 0x10000   (0x01 00 00 <= U <= 0x10 FF FF)
+				//  U' = yyyyyyyyyyxxxxxxxxxx   (0 <= U' <= 0x0F FF FF)
+				//  W1 = 110110yyyyyyyyyy
+				//  W2 = 110111xxxxxxxxxx
+				//
+				// where U is the character value, W1 is the high surrogate
+				// area, W2 is the low surrogate area.
+
+				// Check for incomplete UTF-16 character.
+				if raw_unread < 2 {
+					if parser.eof {
+						return yaml_parser_set_reader_error(parser,
+							"incomplete UTF-16 character",
+							parser.offset, -1)
+					}
+					break inner
+				}
+
+				// Get the character.
+				value = rune(parser.raw_buffer[parser.raw_buffer_pos+low]) +
+					(rune(parser.raw_buffer[parser.raw_buffer_pos+high]) << 8)
+
+				// Check for unexpected low surrogate area.
+				if value&0xFC00 == 0xDC00 {
+					return yaml_parser_set_reader_error(parser,
+						"unexpected low surrogate area",
+						parser.offset, int(value))
+				}
+
+				// Check for a high surrogate area.
+				if value&0xFC00 == 0xD800 {
+					width = 4
+
+					// Check for incomplete surrogate pair.
+					if raw_unread < 4 {
+						if parser.eof {
+							return yaml_parser_set_reader_error(parser,
+								"incomplete UTF-16 surrogate pair",
+								parser.offset, -1)
+						}
+						break inner
+					}
+
+					// Get the next character.
+					value2 := rune(parser.raw_buffer[parser.raw_buffer_pos+low+2]) +
+						(rune(parser.raw_buffer[parser.raw_buffer_pos+high+2]) << 8)
+
+					// Check for a low surrogate area.
+					if value2&0xFC00 != 0xDC00 {
+						return yaml_parser_set_reader_error(parser,
+							"expected low surrogate area",
+							parser.offset+2, int(value2))
+					}
+
+					// Generate the value of the surrogate pair.
+					value = 0x10000 + ((value & 0x3FF) << 10) + (value2 & 0x3FF)
+				} else {
+					width = 2
+				}
+
+			default:
+				panic("impossible")
+			}
+
+			// Check if the character is in the allowed range:
+			//      #x9 | #xA | #xD | [#x20-#x7E]               (8 bit)
+			//      | #x85 | [#xA0-#xD7FF] | [#xE000-#xFFFD]    (16 bit)
+			//      | [#x10000-#x10FFFF]                        (32 bit)
+			switch {
+			case value == 0x09:
+			case value == 0x0A:
+			case value == 0x0D:
+			case value >= 0x20 && value <= 0x7E:
+			case value == 0x85:
+			case value >= 0xA0 && value <= 0xD7FF:
+			case value >= 0xE000 && value <= 0xFFFD:
+			case value >= 0x10000 && value <= 0x10FFFF:
+			default:
+				return yaml_parser_set_reader_error(parser,
+					"control characters are not allowed",
+					parser.offset, int(value))
+			}
+
+			// Move the raw pointers.
+			parser.raw_buffer_pos += width
+			parser.offset += width
+
+			// Finally put the character into the buffer.
+			if value <= 0x7F {
+				// 0000 0000-0000 007F . 0xxxxxxx
+				parser.buffer[buffer_len+0] = byte(value)
+				buffer_len += 1
+			} else if value <= 0x7FF {
+				// 0000 0080-0000 07FF . 110xxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xC0 + (value >> 6))
+				parser.buffer[buffer_len+1] = byte(0x80 + (value & 0x3F))
+				buffer_len += 2
+			} else if value <= 0xFFFF {
+				// 0000 0800-0000 FFFF . 1110xxxx 10xxxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xE0 + (value >> 12))
+				parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 6) & 0x3F))
+				parser.buffer[buffer_len+2] = byte(0x80 + (value & 0x3F))
+				buffer_len += 3
+			} else {
+				// 0001 0000-0010 FFFF . 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+				parser.buffer[buffer_len+0] = byte(0xF0 + (value >> 18))
+				parser.buffer[buffer_len+1] = byte(0x80 + ((value >> 12) & 0x3F))
+				parser.buffer[buffer_len+2] = byte(0x80 + ((value >> 6) & 0x3F))
+				parser.buffer[buffer_len+3] = byte(0x80 + (value & 0x3F))
+				buffer_len += 4
+			}
+
+			parser.unread++
+		}
+
+		// On EOF, put NUL into the buffer and return.
+		if parser.eof {
+			parser.buffer[buffer_len] = 0
+			buffer_len++
+			parser.unread++
+			break
+		}
+	}
+	// [Go] Read the documentation of this function above. To return true,
+	// we need to have the given length in the buffer. Not doing that means
+	// every single check that calls this function to make sure the buffer
+	// has a given length is Go) panicking; or C) accessing invalid memory.
+	// This happens here due to the EOF above breaking early.
+	for buffer_len < length {
+		parser.buffer[buffer_len] = 0
+		buffer_len++
+	}
+	parser.buffer = parser.buffer[:buffer_len]
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
new file mode 100644
index 000000000..4120e0c91
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/resolve.go
@@ -0,0 +1,258 @@
+package yaml
+
+import (
+	"encoding/base64"
+	"math"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+)
+
+type resolveMapItem struct {
+	value interface{}
+	tag   string
+}
+
+var resolveTable = make([]byte, 256)
+var resolveMap = make(map[string]resolveMapItem)
+
+func init() {
+	t := resolveTable
+	t[int('+')] = 'S' // Sign
+	t[int('-')] = 'S'
+	for _, c := range "0123456789" {
+		t[int(c)] = 'D' // Digit
+	}
+	for _, c := range "yYnNtTfFoO~" {
+		t[int(c)] = 'M' // In map
+	}
+	t[int('.')] = '.' // Float (potentially in map)
+
+	var resolveMapList = []struct {
+		v   interface{}
+		tag string
+		l   []string
+	}{
+		{true, yaml_BOOL_TAG, []string{"y", "Y", "yes", "Yes", "YES"}},
+		{true, yaml_BOOL_TAG, []string{"true", "True", "TRUE"}},
+		{true, yaml_BOOL_TAG, []string{"on", "On", "ON"}},
+		{false, yaml_BOOL_TAG, []string{"n", "N", "no", "No", "NO"}},
+		{false, yaml_BOOL_TAG, []string{"false", "False", "FALSE"}},
+		{false, yaml_BOOL_TAG, []string{"off", "Off", "OFF"}},
+		{nil, yaml_NULL_TAG, []string{"", "~", "null", "Null", "NULL"}},
+		{math.NaN(), yaml_FLOAT_TAG, []string{".nan", ".NaN", ".NAN"}},
+		{math.Inf(+1), yaml_FLOAT_TAG, []string{".inf", ".Inf", ".INF"}},
+		{math.Inf(+1), yaml_FLOAT_TAG, []string{"+.inf", "+.Inf", "+.INF"}},
+		{math.Inf(-1), yaml_FLOAT_TAG, []string{"-.inf", "-.Inf", "-.INF"}},
+		{"<<", yaml_MERGE_TAG, []string{"<<"}},
+	}
+
+	m := resolveMap
+	for _, item := range resolveMapList {
+		for _, s := range item.l {
+			m[s] = resolveMapItem{item.v, item.tag}
+		}
+	}
+}
+
+const longTagPrefix = "tag:yaml.org,2002:"
+
+func shortTag(tag string) string {
+	// TODO This can easily be made faster and produce less garbage.
+	if strings.HasPrefix(tag, longTagPrefix) {
+		return "!!" + tag[len(longTagPrefix):]
+	}
+	return tag
+}
+
+func longTag(tag string) string {
+	if strings.HasPrefix(tag, "!!") {
+		return longTagPrefix + tag[2:]
+	}
+	return tag
+}
+
+func resolvableTag(tag string) bool {
+	switch tag {
+	case "", yaml_STR_TAG, yaml_BOOL_TAG, yaml_INT_TAG, yaml_FLOAT_TAG, yaml_NULL_TAG, yaml_TIMESTAMP_TAG:
+		return true
+	}
+	return false
+}
+
+var yamlStyleFloat = regexp.MustCompile(`^[-+]?(\.[0-9]+|[0-9]+(\.[0-9]*)?)([eE][-+]?[0-9]+)?$`)
+
+func resolve(tag string, in string) (rtag string, out interface{}) {
+	if !resolvableTag(tag) {
+		return tag, in
+	}
+
+	defer func() {
+		switch tag {
+		case "", rtag, yaml_STR_TAG, yaml_BINARY_TAG:
+			return
+		case yaml_FLOAT_TAG:
+			if rtag == yaml_INT_TAG {
+				switch v := out.(type) {
+				case int64:
+					rtag = yaml_FLOAT_TAG
+					out = float64(v)
+					return
+				case int:
+					rtag = yaml_FLOAT_TAG
+					out = float64(v)
+					return
+				}
+			}
+		}
+		failf("cannot decode %s `%s` as a %s", shortTag(rtag), in, shortTag(tag))
+	}()
+
+	// Any data is accepted as a !!str or !!binary.
+	// Otherwise, the prefix is enough of a hint about what it might be.
+	hint := byte('N')
+	if in != "" {
+		hint = resolveTable[in[0]]
+	}
+	if hint != 0 && tag != yaml_STR_TAG && tag != yaml_BINARY_TAG {
+		// Handle things we can lookup in a map.
+		if item, ok := resolveMap[in]; ok {
+			return item.tag, item.value
+		}
+
+		// Base 60 floats are a bad idea, were dropped in YAML 1.2, and
+		// are purposefully unsupported here. They're still quoted on
+		// the way out for compatibility with other parser, though.
+
+		switch hint {
+		case 'M':
+			// We've already checked the map above.
+
+		case '.':
+			// Not in the map, so maybe a normal float.
+			floatv, err := strconv.ParseFloat(in, 64)
+			if err == nil {
+				return yaml_FLOAT_TAG, floatv
+			}
+
+		case 'D', 'S':
+			// Int, float, or timestamp.
+			// Only try values as a timestamp if the value is unquoted or there's an explicit
+			// !!timestamp tag.
+			if tag == "" || tag == yaml_TIMESTAMP_TAG {
+				t, ok := parseTimestamp(in)
+				if ok {
+					return yaml_TIMESTAMP_TAG, t
+				}
+			}
+
+			plain := strings.Replace(in, "_", "", -1)
+			intv, err := strconv.ParseInt(plain, 0, 64)
+			if err == nil {
+				if intv == int64(int(intv)) {
+					return yaml_INT_TAG, int(intv)
+				} else {
+					return yaml_INT_TAG, intv
+				}
+			}
+			uintv, err := strconv.ParseUint(plain, 0, 64)
+			if err == nil {
+				return yaml_INT_TAG, uintv
+			}
+			if yamlStyleFloat.MatchString(plain) {
+				floatv, err := strconv.ParseFloat(plain, 64)
+				if err == nil {
+					return yaml_FLOAT_TAG, floatv
+				}
+			}
+			if strings.HasPrefix(plain, "0b") {
+				intv, err := strconv.ParseInt(plain[2:], 2, 64)
+				if err == nil {
+					if intv == int64(int(intv)) {
+						return yaml_INT_TAG, int(intv)
+					} else {
+						return yaml_INT_TAG, intv
+					}
+				}
+				uintv, err := strconv.ParseUint(plain[2:], 2, 64)
+				if err == nil {
+					return yaml_INT_TAG, uintv
+				}
+			} else if strings.HasPrefix(plain, "-0b") {
+				intv, err := strconv.ParseInt("-" + plain[3:], 2, 64)
+				if err == nil {
+					if true || intv == int64(int(intv)) {
+						return yaml_INT_TAG, int(intv)
+					} else {
+						return yaml_INT_TAG, intv
+					}
+				}
+			}
+		default:
+			panic("resolveTable item not yet handled: " + string(rune(hint)) + " (with " + in + ")")
+		}
+	}
+	return yaml_STR_TAG, in
+}
+
+// encodeBase64 encodes s as base64 that is broken up into multiple lines
+// as appropriate for the resulting length.
+func encodeBase64(s string) string {
+	const lineLen = 70
+	encLen := base64.StdEncoding.EncodedLen(len(s))
+	lines := encLen/lineLen + 1
+	buf := make([]byte, encLen*2+lines)
+	in := buf[0:encLen]
+	out := buf[encLen:]
+	base64.StdEncoding.Encode(in, []byte(s))
+	k := 0
+	for i := 0; i < len(in); i += lineLen {
+		j := i + lineLen
+		if j > len(in) {
+			j = len(in)
+		}
+		k += copy(out[k:], in[i:j])
+		if lines > 1 {
+			out[k] = '\n'
+			k++
+		}
+	}
+	return string(out[:k])
+}
+
+// This is a subset of the formats allowed by the regular expression
+// defined at http://yaml.org/type/timestamp.html.
+var allowedTimestampFormats = []string{
+	"2006-1-2T15:4:5.999999999Z07:00", // RCF3339Nano with short date fields.
+	"2006-1-2t15:4:5.999999999Z07:00", // RFC3339Nano with short date fields and lower-case "t".
+	"2006-1-2 15:4:5.999999999",       // space separated with no time zone
+	"2006-1-2",                        // date only
+	// Notable exception: time.Parse cannot handle: "2001-12-14 21:59:43.10 -5"
+	// from the set of examples.
+}
+
+// parseTimestamp parses s as a timestamp string and
+// returns the timestamp and reports whether it succeeded.
+// Timestamp formats are defined at http://yaml.org/type/timestamp.html
+func parseTimestamp(s string) (time.Time, bool) {
+	// TODO write code to check all the formats supported by
+	// http://yaml.org/type/timestamp.html instead of using time.Parse.
+
+	// Quick check: all date formats start with YYYY-.
+	i := 0
+	for ; i < len(s); i++ {
+		if c := s[i]; c < '0' || c > '9' {
+			break
+		}
+	}
+	if i != 4 || i == len(s) || s[i] != '-' {
+		return time.Time{}, false
+	}
+	for _, format := range allowedTimestampFormats {
+		if t, err := time.Parse(format, s); err == nil {
+			return t, true
+		}
+	}
+	return time.Time{}, false
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
new file mode 100644
index 000000000..0b9bb6030
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/scannerc.go
@@ -0,0 +1,2711 @@
+package yaml
+
+import (
+	"bytes"
+	"fmt"
+)
+
+// Introduction
+// ************
+//
+// The following notes assume that you are familiar with the YAML specification
+// (http://yaml.org/spec/1.2/spec.html).  We mostly follow it, although in
+// some cases we are less restrictive that it requires.
+//
+// The process of transforming a YAML stream into a sequence of events is
+// divided on two steps: Scanning and Parsing.
+//
+// The Scanner transforms the input stream into a sequence of tokens, while the
+// parser transform the sequence of tokens produced by the Scanner into a
+// sequence of parsing events.
+//
+// The Scanner is rather clever and complicated. The Parser, on the contrary,
+// is a straightforward implementation of a recursive-descendant parser (or,
+// LL(1) parser, as it is usually called).
+//
+// Actually there are two issues of Scanning that might be called "clever", the
+// rest is quite straightforward.  The issues are "block collection start" and
+// "simple keys".  Both issues are explained below in details.
+//
+// Here the Scanning step is explained and implemented.  We start with the list
+// of all the tokens produced by the Scanner together with short descriptions.
+//
+// Now, tokens:
+//
+//      STREAM-START(encoding)          # The stream start.
+//      STREAM-END                      # The stream end.
+//      VERSION-DIRECTIVE(major,minor)  # The '%YAML' directive.
+//      TAG-DIRECTIVE(handle,prefix)    # The '%TAG' directive.
+//      DOCUMENT-START                  # '---'
+//      DOCUMENT-END                    # '...'
+//      BLOCK-SEQUENCE-START            # Indentation increase denoting a block
+//      BLOCK-MAPPING-START             # sequence or a block mapping.
+//      BLOCK-END                       # Indentation decrease.
+//      FLOW-SEQUENCE-START             # '['
+//      FLOW-SEQUENCE-END               # ']'
+//      BLOCK-SEQUENCE-START            # '{'
+//      BLOCK-SEQUENCE-END              # '}'
+//      BLOCK-ENTRY                     # '-'
+//      FLOW-ENTRY                      # ','
+//      KEY                             # '?' or nothing (simple keys).
+//      VALUE                           # ':'
+//      ALIAS(anchor)                   # '*anchor'
+//      ANCHOR(anchor)                  # '&anchor'
+//      TAG(handle,suffix)              # '!handle!suffix'
+//      SCALAR(value,style)             # A scalar.
+//
+// The following two tokens are "virtual" tokens denoting the beginning and the
+// end of the stream:
+//
+//      STREAM-START(encoding)
+//      STREAM-END
+//
+// We pass the information about the input stream encoding with the
+// STREAM-START token.
+//
+// The next two tokens are responsible for tags:
+//
+//      VERSION-DIRECTIVE(major,minor)
+//      TAG-DIRECTIVE(handle,prefix)
+//
+// Example:
+//
+//      %YAML   1.1
+//      %TAG    !   !foo
+//      %TAG    !yaml!  tag:yaml.org,2002:
+//      ---
+//
+// The correspoding sequence of tokens:
+//
+//      STREAM-START(utf-8)
+//      VERSION-DIRECTIVE(1,1)
+//      TAG-DIRECTIVE("!","!foo")
+//      TAG-DIRECTIVE("!yaml","tag:yaml.org,2002:")
+//      DOCUMENT-START
+//      STREAM-END
+//
+// Note that the VERSION-DIRECTIVE and TAG-DIRECTIVE tokens occupy a whole
+// line.
+//
+// The document start and end indicators are represented by:
+//
+//      DOCUMENT-START
+//      DOCUMENT-END
+//
+// Note that if a YAML stream contains an implicit document (without '---'
+// and '...' indicators), no DOCUMENT-START and DOCUMENT-END tokens will be
+// produced.
+//
+// In the following examples, we present whole documents together with the
+// produced tokens.
+//
+//      1. An implicit document:
+//
+//          'a scalar'
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          SCALAR("a scalar",single-quoted)
+//          STREAM-END
+//
+//      2. An explicit document:
+//
+//          ---
+//          'a scalar'
+//          ...
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          DOCUMENT-START
+//          SCALAR("a scalar",single-quoted)
+//          DOCUMENT-END
+//          STREAM-END
+//
+//      3. Several documents in a stream:
+//
+//          'a scalar'
+//          ---
+//          'another scalar'
+//          ---
+//          'yet another scalar'
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          SCALAR("a scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("another scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("yet another scalar",single-quoted)
+//          STREAM-END
+//
+// We have already introduced the SCALAR token above.  The following tokens are
+// used to describe aliases, anchors, tag, and scalars:
+//
+//      ALIAS(anchor)
+//      ANCHOR(anchor)
+//      TAG(handle,suffix)
+//      SCALAR(value,style)
+//
+// The following series of examples illustrate the usage of these tokens:
+//
+//      1. A recursive sequence:
+//
+//          &A [ *A ]
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          ANCHOR("A")
+//          FLOW-SEQUENCE-START
+//          ALIAS("A")
+//          FLOW-SEQUENCE-END
+//          STREAM-END
+//
+//      2. A tagged scalar:
+//
+//          !!float "3.14"  # A good approximation.
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          TAG("!!","float")
+//          SCALAR("3.14",double-quoted)
+//          STREAM-END
+//
+//      3. Various scalar styles:
+//
+//          --- # Implicit empty plain scalars do not produce tokens.
+//          --- a plain scalar
+//          --- 'a single-quoted scalar'
+//          --- "a double-quoted scalar"
+//          --- |-
+//            a literal scalar
+//          --- >-
+//            a folded
+//            scalar
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          DOCUMENT-START
+//          DOCUMENT-START
+//          SCALAR("a plain scalar",plain)
+//          DOCUMENT-START
+//          SCALAR("a single-quoted scalar",single-quoted)
+//          DOCUMENT-START
+//          SCALAR("a double-quoted scalar",double-quoted)
+//          DOCUMENT-START
+//          SCALAR("a literal scalar",literal)
+//          DOCUMENT-START
+//          SCALAR("a folded scalar",folded)
+//          STREAM-END
+//
+// Now it's time to review collection-related tokens. We will start with
+// flow collections:
+//
+//      FLOW-SEQUENCE-START
+//      FLOW-SEQUENCE-END
+//      FLOW-MAPPING-START
+//      FLOW-MAPPING-END
+//      FLOW-ENTRY
+//      KEY
+//      VALUE
+//
+// The tokens FLOW-SEQUENCE-START, FLOW-SEQUENCE-END, FLOW-MAPPING-START, and
+// FLOW-MAPPING-END represent the indicators '[', ']', '{', and '}'
+// correspondingly.  FLOW-ENTRY represent the ',' indicator.  Finally the
+// indicators '?' and ':', which are used for denoting mapping keys and values,
+// are represented by the KEY and VALUE tokens.
+//
+// The following examples show flow collections:
+//
+//      1. A flow sequence:
+//
+//          [item 1, item 2, item 3]
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          FLOW-SEQUENCE-START
+//          SCALAR("item 1",plain)
+//          FLOW-ENTRY
+//          SCALAR("item 2",plain)
+//          FLOW-ENTRY
+//          SCALAR("item 3",plain)
+//          FLOW-SEQUENCE-END
+//          STREAM-END
+//
+//      2. A flow mapping:
+//
+//          {
+//              a simple key: a value,  # Note that the KEY token is produced.
+//              ? a complex key: another value,
+//          }
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          FLOW-MAPPING-START
+//          KEY
+//          SCALAR("a simple key",plain)
+//          VALUE
+//          SCALAR("a value",plain)
+//          FLOW-ENTRY
+//          KEY
+//          SCALAR("a complex key",plain)
+//          VALUE
+//          SCALAR("another value",plain)
+//          FLOW-ENTRY
+//          FLOW-MAPPING-END
+//          STREAM-END
+//
+// A simple key is a key which is not denoted by the '?' indicator.  Note that
+// the Scanner still produce the KEY token whenever it encounters a simple key.
+//
+// For scanning block collections, the following tokens are used (note that we
+// repeat KEY and VALUE here):
+//
+//      BLOCK-SEQUENCE-START
+//      BLOCK-MAPPING-START
+//      BLOCK-END
+//      BLOCK-ENTRY
+//      KEY
+//      VALUE
+//
+// The tokens BLOCK-SEQUENCE-START and BLOCK-MAPPING-START denote indentation
+// increase that precedes a block collection (cf. the INDENT token in Python).
+// The token BLOCK-END denote indentation decrease that ends a block collection
+// (cf. the DEDENT token in Python).  However YAML has some syntax pecularities
+// that makes detections of these tokens more complex.
+//
+// The tokens BLOCK-ENTRY, KEY, and VALUE are used to represent the indicators
+// '-', '?', and ':' correspondingly.
+//
+// The following examples show how the tokens BLOCK-SEQUENCE-START,
+// BLOCK-MAPPING-START, and BLOCK-END are emitted by the Scanner:
+//
+//      1. Block sequences:
+//
+//          - item 1
+//          - item 2
+//          -
+//            - item 3.1
+//            - item 3.2
+//          -
+//            key 1: value 1
+//            key 2: value 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-ENTRY
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 3.1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 3.2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+//      2. Block mappings:
+//
+//          a simple key: a value   # The KEY token is produced here.
+//          ? a complex key
+//          : another value
+//          a mapping:
+//            key 1: value 1
+//            key 2: value 2
+//          a sequence:
+//            - item 1
+//            - item 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("a simple key",plain)
+//          VALUE
+//          SCALAR("a value",plain)
+//          KEY
+//          SCALAR("a complex key",plain)
+//          VALUE
+//          SCALAR("another value",plain)
+//          KEY
+//          SCALAR("a mapping",plain)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          KEY
+//          SCALAR("a sequence",plain)
+//          VALUE
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+// YAML does not always require to start a new block collection from a new
+// line.  If the current line contains only '-', '?', and ':' indicators, a new
+// block collection may start at the current line.  The following examples
+// illustrate this case:
+//
+//      1. Collections in a sequence:
+//
+//          - - item 1
+//            - item 2
+//          - key 1: value 1
+//            key 2: value 2
+//          - ? complex key
+//            : complex value
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-ENTRY
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("complex key")
+//          VALUE
+//          SCALAR("complex value")
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+//      2. Collections in a mapping:
+//
+//          ? a sequence
+//          : - item 1
+//            - item 2
+//          ? a mapping
+//          : key 1: value 1
+//            key 2: value 2
+//
+//      Tokens:
+//
+//          STREAM-START(utf-8)
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("a sequence",plain)
+//          VALUE
+//          BLOCK-SEQUENCE-START
+//          BLOCK-ENTRY
+//          SCALAR("item 1",plain)
+//          BLOCK-ENTRY
+//          SCALAR("item 2",plain)
+//          BLOCK-END
+//          KEY
+//          SCALAR("a mapping",plain)
+//          VALUE
+//          BLOCK-MAPPING-START
+//          KEY
+//          SCALAR("key 1",plain)
+//          VALUE
+//          SCALAR("value 1",plain)
+//          KEY
+//          SCALAR("key 2",plain)
+//          VALUE
+//          SCALAR("value 2",plain)
+//          BLOCK-END
+//          BLOCK-END
+//          STREAM-END
+//
+// YAML also permits non-indented sequences if they are included into a block
+// mapping.  In this case, the token BLOCK-SEQUENCE-START is not produced:
+//
+//      key:
+//      - item 1    # BLOCK-SEQUENCE-START is NOT produced here.
+//      - item 2
+//
+// Tokens:
+//
+//      STREAM-START(utf-8)
+//      BLOCK-MAPPING-START
+//      KEY
+//      SCALAR("key",plain)
+//      VALUE
+//      BLOCK-ENTRY
+//      SCALAR("item 1",plain)
+//      BLOCK-ENTRY
+//      SCALAR("item 2",plain)
+//      BLOCK-END
+//
+
+// Ensure that the buffer contains the required number of characters.
+// Return true on success, false on failure (reader error or memory error).
+func cache(parser *yaml_parser_t, length int) bool {
+	// [Go] This was inlined: !cache(A, B) -> unread < B && !update(A, B)
+	return parser.unread >= length || yaml_parser_update_buffer(parser, length)
+}
+
+// Advance the buffer pointer.
+func skip(parser *yaml_parser_t) {
+	parser.mark.index++
+	parser.mark.column++
+	parser.unread--
+	parser.buffer_pos += width(parser.buffer[parser.buffer_pos])
+}
+
+func skip_line(parser *yaml_parser_t) {
+	if is_crlf(parser.buffer, parser.buffer_pos) {
+		parser.mark.index += 2
+		parser.mark.column = 0
+		parser.mark.line++
+		parser.unread -= 2
+		parser.buffer_pos += 2
+	} else if is_break(parser.buffer, parser.buffer_pos) {
+		parser.mark.index++
+		parser.mark.column = 0
+		parser.mark.line++
+		parser.unread--
+		parser.buffer_pos += width(parser.buffer[parser.buffer_pos])
+	}
+}
+
+// Copy a character to a string buffer and advance pointers.
+func read(parser *yaml_parser_t, s []byte) []byte {
+	w := width(parser.buffer[parser.buffer_pos])
+	if w == 0 {
+		panic("invalid character sequence")
+	}
+	if len(s) == 0 {
+		s = make([]byte, 0, 32)
+	}
+	if w == 1 && len(s)+w <= cap(s) {
+		s = s[:len(s)+1]
+		s[len(s)-1] = parser.buffer[parser.buffer_pos]
+		parser.buffer_pos++
+	} else {
+		s = append(s, parser.buffer[parser.buffer_pos:parser.buffer_pos+w]...)
+		parser.buffer_pos += w
+	}
+	parser.mark.index++
+	parser.mark.column++
+	parser.unread--
+	return s
+}
+
+// Copy a line break character to a string buffer and advance pointers.
+func read_line(parser *yaml_parser_t, s []byte) []byte {
+	buf := parser.buffer
+	pos := parser.buffer_pos
+	switch {
+	case buf[pos] == '\r' && buf[pos+1] == '\n':
+		// CR LF . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 2
+		parser.mark.index++
+		parser.unread--
+	case buf[pos] == '\r' || buf[pos] == '\n':
+		// CR|LF . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 1
+	case buf[pos] == '\xC2' && buf[pos+1] == '\x85':
+		// NEL . LF
+		s = append(s, '\n')
+		parser.buffer_pos += 2
+	case buf[pos] == '\xE2' && buf[pos+1] == '\x80' && (buf[pos+2] == '\xA8' || buf[pos+2] == '\xA9'):
+		// LS|PS . LS|PS
+		s = append(s, buf[parser.buffer_pos:pos+3]...)
+		parser.buffer_pos += 3
+	default:
+		return s
+	}
+	parser.mark.index++
+	parser.mark.column = 0
+	parser.mark.line++
+	parser.unread--
+	return s
+}
+
+// Get the next token.
+func yaml_parser_scan(parser *yaml_parser_t, token *yaml_token_t) bool {
+	// Erase the token object.
+	*token = yaml_token_t{} // [Go] Is this necessary?
+
+	// No tokens after STREAM-END or error.
+	if parser.stream_end_produced || parser.error != yaml_NO_ERROR {
+		return true
+	}
+
+	// Ensure that the tokens queue contains enough tokens.
+	if !parser.token_available {
+		if !yaml_parser_fetch_more_tokens(parser) {
+			return false
+		}
+	}
+
+	// Fetch the next token from the queue.
+	*token = parser.tokens[parser.tokens_head]
+	parser.tokens_head++
+	parser.tokens_parsed++
+	parser.token_available = false
+
+	if token.typ == yaml_STREAM_END_TOKEN {
+		parser.stream_end_produced = true
+	}
+	return true
+}
+
+// Set the scanner error and return false.
+func yaml_parser_set_scanner_error(parser *yaml_parser_t, context string, context_mark yaml_mark_t, problem string) bool {
+	parser.error = yaml_SCANNER_ERROR
+	parser.context = context
+	parser.context_mark = context_mark
+	parser.problem = problem
+	parser.problem_mark = parser.mark
+	return false
+}
+
+func yaml_parser_set_scanner_tag_error(parser *yaml_parser_t, directive bool, context_mark yaml_mark_t, problem string) bool {
+	context := "while parsing a tag"
+	if directive {
+		context = "while parsing a %TAG directive"
+	}
+	return yaml_parser_set_scanner_error(parser, context, context_mark, problem)
+}
+
+func trace(args ...interface{}) func() {
+	pargs := append([]interface{}{"+++"}, args...)
+	fmt.Println(pargs...)
+	pargs = append([]interface{}{"---"}, args...)
+	return func() { fmt.Println(pargs...) }
+}
+
+// Ensure that the tokens queue contains at least one token which can be
+// returned to the Parser.
+func yaml_parser_fetch_more_tokens(parser *yaml_parser_t) bool {
+	// While we need more tokens to fetch, do it.
+	for {
+		if parser.tokens_head != len(parser.tokens) {
+			// If queue is non-empty, check if any potential simple key may
+			// occupy the head position.
+			head_tok_idx, ok := parser.simple_keys_by_tok[parser.tokens_parsed]
+			if !ok {
+				break
+			} else if valid, ok := yaml_simple_key_is_valid(parser, &parser.simple_keys[head_tok_idx]); !ok {
+				return false
+			} else if !valid {
+				break
+			}
+		}
+		// Fetch the next token.
+		if !yaml_parser_fetch_next_token(parser) {
+			return false
+		}
+	}
+
+	parser.token_available = true
+	return true
+}
+
+// The dispatcher for token fetchers.
+func yaml_parser_fetch_next_token(parser *yaml_parser_t) bool {
+	// Ensure that the buffer is initialized.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// Check if we just started scanning.  Fetch STREAM-START then.
+	if !parser.stream_start_produced {
+		return yaml_parser_fetch_stream_start(parser)
+	}
+
+	// Eat whitespaces and comments until we reach the next token.
+	if !yaml_parser_scan_to_next_token(parser) {
+		return false
+	}
+
+	// Check the indentation level against the current column.
+	if !yaml_parser_unroll_indent(parser, parser.mark.column) {
+		return false
+	}
+
+	// Ensure that the buffer contains at least 4 characters.  4 is the length
+	// of the longest indicators ('--- ' and '... ').
+	if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+		return false
+	}
+
+	// Is it the end of the stream?
+	if is_z(parser.buffer, parser.buffer_pos) {
+		return yaml_parser_fetch_stream_end(parser)
+	}
+
+	// Is it a directive?
+	if parser.mark.column == 0 && parser.buffer[parser.buffer_pos] == '%' {
+		return yaml_parser_fetch_directive(parser)
+	}
+
+	buf := parser.buffer
+	pos := parser.buffer_pos
+
+	// Is it the document start indicator?
+	if parser.mark.column == 0 && buf[pos] == '-' && buf[pos+1] == '-' && buf[pos+2] == '-' && is_blankz(buf, pos+3) {
+		return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_START_TOKEN)
+	}
+
+	// Is it the document end indicator?
+	if parser.mark.column == 0 && buf[pos] == '.' && buf[pos+1] == '.' && buf[pos+2] == '.' && is_blankz(buf, pos+3) {
+		return yaml_parser_fetch_document_indicator(parser, yaml_DOCUMENT_END_TOKEN)
+	}
+
+	// Is it the flow sequence start indicator?
+	if buf[pos] == '[' {
+		return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_SEQUENCE_START_TOKEN)
+	}
+
+	// Is it the flow mapping start indicator?
+	if parser.buffer[parser.buffer_pos] == '{' {
+		return yaml_parser_fetch_flow_collection_start(parser, yaml_FLOW_MAPPING_START_TOKEN)
+	}
+
+	// Is it the flow sequence end indicator?
+	if parser.buffer[parser.buffer_pos] == ']' {
+		return yaml_parser_fetch_flow_collection_end(parser,
+			yaml_FLOW_SEQUENCE_END_TOKEN)
+	}
+
+	// Is it the flow mapping end indicator?
+	if parser.buffer[parser.buffer_pos] == '}' {
+		return yaml_parser_fetch_flow_collection_end(parser,
+			yaml_FLOW_MAPPING_END_TOKEN)
+	}
+
+	// Is it the flow entry indicator?
+	if parser.buffer[parser.buffer_pos] == ',' {
+		return yaml_parser_fetch_flow_entry(parser)
+	}
+
+	// Is it the block entry indicator?
+	if parser.buffer[parser.buffer_pos] == '-' && is_blankz(parser.buffer, parser.buffer_pos+1) {
+		return yaml_parser_fetch_block_entry(parser)
+	}
+
+	// Is it the key indicator?
+	if parser.buffer[parser.buffer_pos] == '?' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_key(parser)
+	}
+
+	// Is it the value indicator?
+	if parser.buffer[parser.buffer_pos] == ':' && (parser.flow_level > 0 || is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_value(parser)
+	}
+
+	// Is it an alias?
+	if parser.buffer[parser.buffer_pos] == '*' {
+		return yaml_parser_fetch_anchor(parser, yaml_ALIAS_TOKEN)
+	}
+
+	// Is it an anchor?
+	if parser.buffer[parser.buffer_pos] == '&' {
+		return yaml_parser_fetch_anchor(parser, yaml_ANCHOR_TOKEN)
+	}
+
+	// Is it a tag?
+	if parser.buffer[parser.buffer_pos] == '!' {
+		return yaml_parser_fetch_tag(parser)
+	}
+
+	// Is it a literal scalar?
+	if parser.buffer[parser.buffer_pos] == '|' && parser.flow_level == 0 {
+		return yaml_parser_fetch_block_scalar(parser, true)
+	}
+
+	// Is it a folded scalar?
+	if parser.buffer[parser.buffer_pos] == '>' && parser.flow_level == 0 {
+		return yaml_parser_fetch_block_scalar(parser, false)
+	}
+
+	// Is it a single-quoted scalar?
+	if parser.buffer[parser.buffer_pos] == '\'' {
+		return yaml_parser_fetch_flow_scalar(parser, true)
+	}
+
+	// Is it a double-quoted scalar?
+	if parser.buffer[parser.buffer_pos] == '"' {
+		return yaml_parser_fetch_flow_scalar(parser, false)
+	}
+
+	// Is it a plain scalar?
+	//
+	// A plain scalar may start with any non-blank characters except
+	//
+	//      '-', '?', ':', ',', '[', ']', '{', '}',
+	//      '#', '&', '*', '!', '|', '>', '\'', '\"',
+	//      '%', '@', '`'.
+	//
+	// In the block context (and, for the '-' indicator, in the flow context
+	// too), it may also start with the characters
+	//
+	//      '-', '?', ':'
+	//
+	// if it is followed by a non-space character.
+	//
+	// The last rule is more restrictive than the specification requires.
+	// [Go] Make this logic more reasonable.
+	//switch parser.buffer[parser.buffer_pos] {
+	//case '-', '?', ':', ',', '?', '-', ',', ':', ']', '[', '}', '{', '&', '#', '!', '*', '>', '|', '"', '\'', '@', '%', '-', '`':
+	//}
+	if !(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '-' ||
+		parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':' ||
+		parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '[' ||
+		parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' ||
+		parser.buffer[parser.buffer_pos] == '}' || parser.buffer[parser.buffer_pos] == '#' ||
+		parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '*' ||
+		parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '|' ||
+		parser.buffer[parser.buffer_pos] == '>' || parser.buffer[parser.buffer_pos] == '\'' ||
+		parser.buffer[parser.buffer_pos] == '"' || parser.buffer[parser.buffer_pos] == '%' ||
+		parser.buffer[parser.buffer_pos] == '@' || parser.buffer[parser.buffer_pos] == '`') ||
+		(parser.buffer[parser.buffer_pos] == '-' && !is_blank(parser.buffer, parser.buffer_pos+1)) ||
+		(parser.flow_level == 0 &&
+			(parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == ':') &&
+			!is_blankz(parser.buffer, parser.buffer_pos+1)) {
+		return yaml_parser_fetch_plain_scalar(parser)
+	}
+
+	// If we don't determine the token type so far, it is an error.
+	return yaml_parser_set_scanner_error(parser,
+		"while scanning for the next token", parser.mark,
+		"found character that cannot start any token")
+}
+
+func yaml_simple_key_is_valid(parser *yaml_parser_t, simple_key *yaml_simple_key_t) (valid, ok bool) {
+	if !simple_key.possible {
+		return false, true
+	}
+
+	// The 1.2 specification says:
+	//
+	//     "If the ? indicator is omitted, parsing needs to see past the
+	//     implicit key to recognize it as such. To limit the amount of
+	//     lookahead required, the “:” indicator must appear at most 1024
+	//     Unicode characters beyond the start of the key. In addition, the key
+	//     is restricted to a single line."
+	//
+	if simple_key.mark.line < parser.mark.line || simple_key.mark.index+1024 < parser.mark.index {
+		// Check if the potential simple key to be removed is required.
+		if simple_key.required {
+			return false, yaml_parser_set_scanner_error(parser,
+				"while scanning a simple key", simple_key.mark,
+				"could not find expected ':'")
+		}
+		simple_key.possible = false
+		return false, true
+	}
+	return true, true
+}
+
+// Check if a simple key may start at the current position and add it if
+// needed.
+func yaml_parser_save_simple_key(parser *yaml_parser_t) bool {
+	// A simple key is required at the current position if the scanner is in
+	// the block context and the current column coincides with the indentation
+	// level.
+
+	required := parser.flow_level == 0 && parser.indent == parser.mark.column
+
+	//
+	// If the current position may start a simple key, save it.
+	//
+	if parser.simple_key_allowed {
+		simple_key := yaml_simple_key_t{
+			possible:     true,
+			required:     required,
+			token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+			mark:         parser.mark,
+		}
+
+		if !yaml_parser_remove_simple_key(parser) {
+			return false
+		}
+		parser.simple_keys[len(parser.simple_keys)-1] = simple_key
+		parser.simple_keys_by_tok[simple_key.token_number] = len(parser.simple_keys) - 1
+	}
+	return true
+}
+
+// Remove a potential simple key at the current flow level.
+func yaml_parser_remove_simple_key(parser *yaml_parser_t) bool {
+	i := len(parser.simple_keys) - 1
+	if parser.simple_keys[i].possible {
+		// If the key is required, it is an error.
+		if parser.simple_keys[i].required {
+			return yaml_parser_set_scanner_error(parser,
+				"while scanning a simple key", parser.simple_keys[i].mark,
+				"could not find expected ':'")
+		}
+		// Remove the key from the stack.
+		parser.simple_keys[i].possible = false
+		delete(parser.simple_keys_by_tok, parser.simple_keys[i].token_number)
+	}
+	return true
+}
+
+// max_flow_level limits the flow_level
+const max_flow_level = 10000
+
+// Increase the flow level and resize the simple key list if needed.
+func yaml_parser_increase_flow_level(parser *yaml_parser_t) bool {
+	// Reset the simple key on the next level.
+	parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{
+		possible:     false,
+		required:     false,
+		token_number: parser.tokens_parsed + (len(parser.tokens) - parser.tokens_head),
+		mark:         parser.mark,
+	})
+
+	// Increase the flow level.
+	parser.flow_level++
+	if parser.flow_level > max_flow_level {
+		return yaml_parser_set_scanner_error(parser,
+			"while increasing flow level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+			fmt.Sprintf("exceeded max depth of %d", max_flow_level))
+	}
+	return true
+}
+
+// Decrease the flow level.
+func yaml_parser_decrease_flow_level(parser *yaml_parser_t) bool {
+	if parser.flow_level > 0 {
+		parser.flow_level--
+		last := len(parser.simple_keys) - 1
+		delete(parser.simple_keys_by_tok, parser.simple_keys[last].token_number)
+		parser.simple_keys = parser.simple_keys[:last]
+	}
+	return true
+}
+
+// max_indents limits the indents stack size
+const max_indents = 10000
+
+// Push the current indentation level to the stack and set the new level
+// the current column is greater than the indentation level.  In this case,
+// append or insert the specified token into the token queue.
+func yaml_parser_roll_indent(parser *yaml_parser_t, column, number int, typ yaml_token_type_t, mark yaml_mark_t) bool {
+	// In the flow context, do nothing.
+	if parser.flow_level > 0 {
+		return true
+	}
+
+	if parser.indent < column {
+		// Push the current indentation level to the stack and set the new
+		// indentation level.
+		parser.indents = append(parser.indents, parser.indent)
+		parser.indent = column
+		if len(parser.indents) > max_indents {
+			return yaml_parser_set_scanner_error(parser,
+				"while increasing indent level", parser.simple_keys[len(parser.simple_keys)-1].mark,
+				fmt.Sprintf("exceeded max depth of %d", max_indents))
+		}
+
+		// Create a token and insert it into the queue.
+		token := yaml_token_t{
+			typ:        typ,
+			start_mark: mark,
+			end_mark:   mark,
+		}
+		if number > -1 {
+			number -= parser.tokens_parsed
+		}
+		yaml_insert_token(parser, number, &token)
+	}
+	return true
+}
+
+// Pop indentation levels from the indents stack until the current level
+// becomes less or equal to the column.  For each indentation level, append
+// the BLOCK-END token.
+func yaml_parser_unroll_indent(parser *yaml_parser_t, column int) bool {
+	// In the flow context, do nothing.
+	if parser.flow_level > 0 {
+		return true
+	}
+
+	// Loop through the indentation levels in the stack.
+	for parser.indent > column {
+		// Create a token and append it to the queue.
+		token := yaml_token_t{
+			typ:        yaml_BLOCK_END_TOKEN,
+			start_mark: parser.mark,
+			end_mark:   parser.mark,
+		}
+		yaml_insert_token(parser, -1, &token)
+
+		// Pop the indentation level.
+		parser.indent = parser.indents[len(parser.indents)-1]
+		parser.indents = parser.indents[:len(parser.indents)-1]
+	}
+	return true
+}
+
+// Initialize the scanner and produce the STREAM-START token.
+func yaml_parser_fetch_stream_start(parser *yaml_parser_t) bool {
+
+	// Set the initial indentation.
+	parser.indent = -1
+
+	// Initialize the simple key stack.
+	parser.simple_keys = append(parser.simple_keys, yaml_simple_key_t{})
+
+	parser.simple_keys_by_tok = make(map[int]int)
+
+	// A simple key is allowed at the beginning of the stream.
+	parser.simple_key_allowed = true
+
+	// We have started.
+	parser.stream_start_produced = true
+
+	// Create the STREAM-START token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_STREAM_START_TOKEN,
+		start_mark: parser.mark,
+		end_mark:   parser.mark,
+		encoding:   parser.encoding,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the STREAM-END token and shut down the scanner.
+func yaml_parser_fetch_stream_end(parser *yaml_parser_t) bool {
+
+	// Force new line.
+	if parser.mark.column != 0 {
+		parser.mark.column = 0
+		parser.mark.line++
+	}
+
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Create the STREAM-END token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_STREAM_END_TOKEN,
+		start_mark: parser.mark,
+		end_mark:   parser.mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce a VERSION-DIRECTIVE or TAG-DIRECTIVE token.
+func yaml_parser_fetch_directive(parser *yaml_parser_t) bool {
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Create the YAML-DIRECTIVE or TAG-DIRECTIVE token.
+	token := yaml_token_t{}
+	if !yaml_parser_scan_directive(parser, &token) {
+		return false
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the DOCUMENT-START or DOCUMENT-END token.
+func yaml_parser_fetch_document_indicator(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// Reset the indentation level.
+	if !yaml_parser_unroll_indent(parser, -1) {
+		return false
+	}
+
+	// Reset simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	parser.simple_key_allowed = false
+
+	// Consume the token.
+	start_mark := parser.mark
+
+	skip(parser)
+	skip(parser)
+	skip(parser)
+
+	end_mark := parser.mark
+
+	// Create the DOCUMENT-START or DOCUMENT-END token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-SEQUENCE-START or FLOW-MAPPING-START token.
+func yaml_parser_fetch_flow_collection_start(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// The indicators '[' and '{' may start a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// Increase the flow level.
+	if !yaml_parser_increase_flow_level(parser) {
+		return false
+	}
+
+	// A simple key may follow the indicators '[' and '{'.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-SEQUENCE-START of FLOW-MAPPING-START token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-SEQUENCE-END or FLOW-MAPPING-END token.
+func yaml_parser_fetch_flow_collection_end(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// Reset any potential simple key on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Decrease the flow level.
+	if !yaml_parser_decrease_flow_level(parser) {
+		return false
+	}
+
+	// No simple keys after the indicators ']' and '}'.
+	parser.simple_key_allowed = false
+
+	// Consume the token.
+
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-SEQUENCE-END of FLOW-MAPPING-END token.
+	token := yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	// Append the token to the queue.
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the FLOW-ENTRY token.
+func yaml_parser_fetch_flow_entry(parser *yaml_parser_t) bool {
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after ','.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the FLOW-ENTRY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_FLOW_ENTRY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the BLOCK-ENTRY token.
+func yaml_parser_fetch_block_entry(parser *yaml_parser_t) bool {
+	// Check if the scanner is in the block context.
+	if parser.flow_level == 0 {
+		// Check if we are allowed to start a new entry.
+		if !parser.simple_key_allowed {
+			return yaml_parser_set_scanner_error(parser, "", parser.mark,
+				"block sequence entries are not allowed in this context")
+		}
+		// Add the BLOCK-SEQUENCE-START token if needed.
+		if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_SEQUENCE_START_TOKEN, parser.mark) {
+			return false
+		}
+	} else {
+		// It is an error for the '-' indicator to occur in the flow context,
+		// but we let the Parser detect and report about it because the Parser
+		// is able to point to the context.
+	}
+
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after '-'.
+	parser.simple_key_allowed = true
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the BLOCK-ENTRY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_BLOCK_ENTRY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the KEY token.
+func yaml_parser_fetch_key(parser *yaml_parser_t) bool {
+
+	// In the block context, additional checks are required.
+	if parser.flow_level == 0 {
+		// Check if we are allowed to start a new key (not nessesary simple).
+		if !parser.simple_key_allowed {
+			return yaml_parser_set_scanner_error(parser, "", parser.mark,
+				"mapping keys are not allowed in this context")
+		}
+		// Add the BLOCK-MAPPING-START token if needed.
+		if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) {
+			return false
+		}
+	}
+
+	// Reset any potential simple keys on the current flow level.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// Simple keys are allowed after '?' in the block context.
+	parser.simple_key_allowed = parser.flow_level == 0
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the KEY token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_KEY_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the VALUE token.
+func yaml_parser_fetch_value(parser *yaml_parser_t) bool {
+
+	simple_key := &parser.simple_keys[len(parser.simple_keys)-1]
+
+	// Have we found a simple key?
+	if valid, ok := yaml_simple_key_is_valid(parser, simple_key); !ok {
+		return false
+
+	} else if valid {
+
+		// Create the KEY token and insert it into the queue.
+		token := yaml_token_t{
+			typ:        yaml_KEY_TOKEN,
+			start_mark: simple_key.mark,
+			end_mark:   simple_key.mark,
+		}
+		yaml_insert_token(parser, simple_key.token_number-parser.tokens_parsed, &token)
+
+		// In the block context, we may need to add the BLOCK-MAPPING-START token.
+		if !yaml_parser_roll_indent(parser, simple_key.mark.column,
+			simple_key.token_number,
+			yaml_BLOCK_MAPPING_START_TOKEN, simple_key.mark) {
+			return false
+		}
+
+		// Remove the simple key.
+		simple_key.possible = false
+		delete(parser.simple_keys_by_tok, simple_key.token_number)
+
+		// A simple key cannot follow another simple key.
+		parser.simple_key_allowed = false
+
+	} else {
+		// The ':' indicator follows a complex key.
+
+		// In the block context, extra checks are required.
+		if parser.flow_level == 0 {
+
+			// Check if we are allowed to start a complex value.
+			if !parser.simple_key_allowed {
+				return yaml_parser_set_scanner_error(parser, "", parser.mark,
+					"mapping values are not allowed in this context")
+			}
+
+			// Add the BLOCK-MAPPING-START token if needed.
+			if !yaml_parser_roll_indent(parser, parser.mark.column, -1, yaml_BLOCK_MAPPING_START_TOKEN, parser.mark) {
+				return false
+			}
+		}
+
+		// Simple keys after ':' are allowed in the block context.
+		parser.simple_key_allowed = parser.flow_level == 0
+	}
+
+	// Consume the token.
+	start_mark := parser.mark
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create the VALUE token and append it to the queue.
+	token := yaml_token_t{
+		typ:        yaml_VALUE_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the ALIAS or ANCHOR token.
+func yaml_parser_fetch_anchor(parser *yaml_parser_t, typ yaml_token_type_t) bool {
+	// An anchor or an alias could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow an anchor or an alias.
+	parser.simple_key_allowed = false
+
+	// Create the ALIAS or ANCHOR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_anchor(parser, &token, typ) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the TAG token.
+func yaml_parser_fetch_tag(parser *yaml_parser_t) bool {
+	// A tag could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a tag.
+	parser.simple_key_allowed = false
+
+	// Create the TAG token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_tag(parser, &token) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,literal) or SCALAR(...,folded) tokens.
+func yaml_parser_fetch_block_scalar(parser *yaml_parser_t, literal bool) bool {
+	// Remove any potential simple keys.
+	if !yaml_parser_remove_simple_key(parser) {
+		return false
+	}
+
+	// A simple key may follow a block scalar.
+	parser.simple_key_allowed = true
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_block_scalar(parser, &token, literal) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,single-quoted) or SCALAR(...,double-quoted) tokens.
+func yaml_parser_fetch_flow_scalar(parser *yaml_parser_t, single bool) bool {
+	// A plain scalar could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a flow scalar.
+	parser.simple_key_allowed = false
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_flow_scalar(parser, &token, single) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Produce the SCALAR(...,plain) token.
+func yaml_parser_fetch_plain_scalar(parser *yaml_parser_t) bool {
+	// A plain scalar could be a simple key.
+	if !yaml_parser_save_simple_key(parser) {
+		return false
+	}
+
+	// A simple key cannot follow a flow scalar.
+	parser.simple_key_allowed = false
+
+	// Create the SCALAR token and append it to the queue.
+	var token yaml_token_t
+	if !yaml_parser_scan_plain_scalar(parser, &token) {
+		return false
+	}
+	yaml_insert_token(parser, -1, &token)
+	return true
+}
+
+// Eat whitespaces and comments until the next token is found.
+func yaml_parser_scan_to_next_token(parser *yaml_parser_t) bool {
+
+	// Until the next token is not found.
+	for {
+		// Allow the BOM mark to start a line.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if parser.mark.column == 0 && is_bom(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+		}
+
+		// Eat whitespaces.
+		// Tabs are allowed:
+		//  - in the flow context
+		//  - in the block context, but not at the beginning of the line or
+		//  after '-', '?', or ':' (complex value).
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		for parser.buffer[parser.buffer_pos] == ' ' || ((parser.flow_level > 0 || !parser.simple_key_allowed) && parser.buffer[parser.buffer_pos] == '\t') {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Eat a comment until a line break.
+		if parser.buffer[parser.buffer_pos] == '#' {
+			for !is_breakz(parser.buffer, parser.buffer_pos) {
+				skip(parser)
+				if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+					return false
+				}
+			}
+		}
+
+		// If it is a line break, eat it.
+		if is_break(parser.buffer, parser.buffer_pos) {
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+			skip_line(parser)
+
+			// In the block context, a new line may start a simple key.
+			if parser.flow_level == 0 {
+				parser.simple_key_allowed = true
+			}
+		} else {
+			break // We have found a token.
+		}
+	}
+
+	return true
+}
+
+// Scan a YAML-DIRECTIVE or TAG-DIRECTIVE token.
+//
+// Scope:
+//      %YAML    1.1    # a comment \n
+//      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//
+func yaml_parser_scan_directive(parser *yaml_parser_t, token *yaml_token_t) bool {
+	// Eat '%'.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Scan the directive name.
+	var name []byte
+	if !yaml_parser_scan_directive_name(parser, start_mark, &name) {
+		return false
+	}
+
+	// Is it a YAML directive?
+	if bytes.Equal(name, []byte("YAML")) {
+		// Scan the VERSION directive value.
+		var major, minor int8
+		if !yaml_parser_scan_version_directive_value(parser, start_mark, &major, &minor) {
+			return false
+		}
+		end_mark := parser.mark
+
+		// Create a VERSION-DIRECTIVE token.
+		*token = yaml_token_t{
+			typ:        yaml_VERSION_DIRECTIVE_TOKEN,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			major:      major,
+			minor:      minor,
+		}
+
+		// Is it a TAG directive?
+	} else if bytes.Equal(name, []byte("TAG")) {
+		// Scan the TAG directive value.
+		var handle, prefix []byte
+		if !yaml_parser_scan_tag_directive_value(parser, start_mark, &handle, &prefix) {
+			return false
+		}
+		end_mark := parser.mark
+
+		// Create a TAG-DIRECTIVE token.
+		*token = yaml_token_t{
+			typ:        yaml_TAG_DIRECTIVE_TOKEN,
+			start_mark: start_mark,
+			end_mark:   end_mark,
+			value:      handle,
+			prefix:     prefix,
+		}
+
+		// Unknown directive.
+	} else {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "found unknown directive name")
+		return false
+	}
+
+	// Eat the rest of the line including any comments.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	if parser.buffer[parser.buffer_pos] == '#' {
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+	}
+
+	// Check if we are at the end of the line.
+	if !is_breakz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "did not find expected comment or line break")
+		return false
+	}
+
+	// Eat a line break.
+	if is_break(parser.buffer, parser.buffer_pos) {
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		skip_line(parser)
+	}
+
+	return true
+}
+
+// Scan the directive name.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//       ^^^^
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//       ^^^
+//
+func yaml_parser_scan_directive_name(parser *yaml_parser_t, start_mark yaml_mark_t, name *[]byte) bool {
+	// Consume the directive name.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	var s []byte
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the name is empty.
+	if len(s) == 0 {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "could not find expected directive name")
+		return false
+	}
+
+	// Check for an blank character after the name.
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a directive",
+			start_mark, "found unexpected non-alphabetical character")
+		return false
+	}
+	*name = s
+	return true
+}
+
+// Scan the value of VERSION-DIRECTIVE.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//           ^^^^^^
+func yaml_parser_scan_version_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, major, minor *int8) bool {
+	// Eat whitespaces.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Consume the major version number.
+	if !yaml_parser_scan_version_directive_number(parser, start_mark, major) {
+		return false
+	}
+
+	// Eat '.'.
+	if parser.buffer[parser.buffer_pos] != '.' {
+		return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+			start_mark, "did not find expected digit or '.' character")
+	}
+
+	skip(parser)
+
+	// Consume the minor version number.
+	if !yaml_parser_scan_version_directive_number(parser, start_mark, minor) {
+		return false
+	}
+	return true
+}
+
+const max_number_length = 2
+
+// Scan the version number of VERSION-DIRECTIVE.
+//
+// Scope:
+//      %YAML   1.1     # a comment \n
+//              ^
+//      %YAML   1.1     # a comment \n
+//                ^
+func yaml_parser_scan_version_directive_number(parser *yaml_parser_t, start_mark yaml_mark_t, number *int8) bool {
+
+	// Repeat while the next character is digit.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	var value, length int8
+	for is_digit(parser.buffer, parser.buffer_pos) {
+		// Check if the number is too long.
+		length++
+		if length > max_number_length {
+			return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+				start_mark, "found extremely long version number")
+		}
+		value = value*10 + int8(as_digit(parser.buffer, parser.buffer_pos))
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the number was present.
+	if length == 0 {
+		return yaml_parser_set_scanner_error(parser, "while scanning a %YAML directive",
+			start_mark, "did not find expected version number")
+	}
+	*number = value
+	return true
+}
+
+// Scan the value of a TAG-DIRECTIVE token.
+//
+// Scope:
+//      %TAG    !yaml!  tag:yaml.org,2002:  \n
+//          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+//
+func yaml_parser_scan_tag_directive_value(parser *yaml_parser_t, start_mark yaml_mark_t, handle, prefix *[]byte) bool {
+	var handle_value, prefix_value []byte
+
+	// Eat whitespaces.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Scan a handle.
+	if !yaml_parser_scan_tag_handle(parser, true, start_mark, &handle_value) {
+		return false
+	}
+
+	// Expect a whitespace.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blank(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive",
+			start_mark, "did not find expected whitespace")
+		return false
+	}
+
+	// Eat whitespaces.
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Scan a prefix.
+	if !yaml_parser_scan_tag_uri(parser, true, nil, start_mark, &prefix_value) {
+		return false
+	}
+
+	// Expect a whitespace or line break.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a %TAG directive",
+			start_mark, "did not find expected whitespace or line break")
+		return false
+	}
+
+	*handle = handle_value
+	*prefix = prefix_value
+	return true
+}
+
+func yaml_parser_scan_anchor(parser *yaml_parser_t, token *yaml_token_t, typ yaml_token_type_t) bool {
+	var s []byte
+
+	// Eat the indicator character.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Consume the value.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	end_mark := parser.mark
+
+	/*
+	 * Check if length of the anchor is greater than 0 and it is followed by
+	 * a whitespace character or one of the indicators:
+	 *
+	 *      '?', ':', ',', ']', '}', '%', '@', '`'.
+	 */
+
+	if len(s) == 0 ||
+		!(is_blankz(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == '?' ||
+			parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == ',' ||
+			parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '}' ||
+			parser.buffer[parser.buffer_pos] == '%' || parser.buffer[parser.buffer_pos] == '@' ||
+			parser.buffer[parser.buffer_pos] == '`') {
+		context := "while scanning an alias"
+		if typ == yaml_ANCHOR_TOKEN {
+			context = "while scanning an anchor"
+		}
+		yaml_parser_set_scanner_error(parser, context, start_mark,
+			"did not find expected alphabetic or numeric character")
+		return false
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        typ,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+	}
+
+	return true
+}
+
+/*
+ * Scan a TAG token.
+ */
+
+func yaml_parser_scan_tag(parser *yaml_parser_t, token *yaml_token_t) bool {
+	var handle, suffix []byte
+
+	start_mark := parser.mark
+
+	// Check if the tag is in the canonical form.
+	if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+		return false
+	}
+
+	if parser.buffer[parser.buffer_pos+1] == '<' {
+		// Keep the handle as ''
+
+		// Eat '!<'
+		skip(parser)
+		skip(parser)
+
+		// Consume the tag value.
+		if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) {
+			return false
+		}
+
+		// Check for '>' and eat it.
+		if parser.buffer[parser.buffer_pos] != '>' {
+			yaml_parser_set_scanner_error(parser, "while scanning a tag",
+				start_mark, "did not find the expected '>'")
+			return false
+		}
+
+		skip(parser)
+	} else {
+		// The tag has either the '!suffix' or the '!handle!suffix' form.
+
+		// First, try to scan a handle.
+		if !yaml_parser_scan_tag_handle(parser, false, start_mark, &handle) {
+			return false
+		}
+
+		// Check if it is, indeed, handle.
+		if handle[0] == '!' && len(handle) > 1 && handle[len(handle)-1] == '!' {
+			// Scan the suffix now.
+			if !yaml_parser_scan_tag_uri(parser, false, nil, start_mark, &suffix) {
+				return false
+			}
+		} else {
+			// It wasn't a handle after all.  Scan the rest of the tag.
+			if !yaml_parser_scan_tag_uri(parser, false, handle, start_mark, &suffix) {
+				return false
+			}
+
+			// Set the handle to '!'.
+			handle = []byte{'!'}
+
+			// A special case: the '!' tag.  Set the handle to '' and the
+			// suffix to '!'.
+			if len(suffix) == 0 {
+				handle, suffix = suffix, handle
+			}
+		}
+	}
+
+	// Check the character which ends the tag.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if !is_blankz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a tag",
+			start_mark, "did not find expected whitespace or line break")
+		return false
+	}
+
+	end_mark := parser.mark
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_TAG_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      handle,
+		suffix:     suffix,
+	}
+	return true
+}
+
+// Scan a tag handle.
+func yaml_parser_scan_tag_handle(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, handle *[]byte) bool {
+	// Check the initial '!' character.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	if parser.buffer[parser.buffer_pos] != '!' {
+		yaml_parser_set_scanner_tag_error(parser, directive,
+			start_mark, "did not find expected '!'")
+		return false
+	}
+
+	var s []byte
+
+	// Copy the '!' character.
+	s = read(parser, s)
+
+	// Copy all subsequent alphabetical and numerical characters.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_alpha(parser.buffer, parser.buffer_pos) {
+		s = read(parser, s)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+
+	// Check if the trailing character is '!' and copy it.
+	if parser.buffer[parser.buffer_pos] == '!' {
+		s = read(parser, s)
+	} else {
+		// It's either the '!' tag or not really a tag handle.  If it's a %TAG
+		// directive, it's an error.  If it's a tag token, it must be a part of URI.
+		if directive && string(s) != "!" {
+			yaml_parser_set_scanner_tag_error(parser, directive,
+				start_mark, "did not find expected '!'")
+			return false
+		}
+	}
+
+	*handle = s
+	return true
+}
+
+// Scan a tag.
+func yaml_parser_scan_tag_uri(parser *yaml_parser_t, directive bool, head []byte, start_mark yaml_mark_t, uri *[]byte) bool {
+	//size_t length = head ? strlen((char *)head) : 0
+	var s []byte
+	hasTag := len(head) > 0
+
+	// Copy the head if needed.
+	//
+	// Note that we don't copy the leading '!' character.
+	if len(head) > 1 {
+		s = append(s, head[1:]...)
+	}
+
+	// Scan the tag.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// The set of characters that may appear in URI is as follows:
+	//
+	//      '0'-'9', 'A'-'Z', 'a'-'z', '_', '-', ';', '/', '?', ':', '@', '&',
+	//      '=', '+', '$', ',', '.', '!', '~', '*', '\'', '(', ')', '[', ']',
+	//      '%'.
+	// [Go] Convert this into more reasonable logic.
+	for is_alpha(parser.buffer, parser.buffer_pos) || parser.buffer[parser.buffer_pos] == ';' ||
+		parser.buffer[parser.buffer_pos] == '/' || parser.buffer[parser.buffer_pos] == '?' ||
+		parser.buffer[parser.buffer_pos] == ':' || parser.buffer[parser.buffer_pos] == '@' ||
+		parser.buffer[parser.buffer_pos] == '&' || parser.buffer[parser.buffer_pos] == '=' ||
+		parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '$' ||
+		parser.buffer[parser.buffer_pos] == ',' || parser.buffer[parser.buffer_pos] == '.' ||
+		parser.buffer[parser.buffer_pos] == '!' || parser.buffer[parser.buffer_pos] == '~' ||
+		parser.buffer[parser.buffer_pos] == '*' || parser.buffer[parser.buffer_pos] == '\'' ||
+		parser.buffer[parser.buffer_pos] == '(' || parser.buffer[parser.buffer_pos] == ')' ||
+		parser.buffer[parser.buffer_pos] == '[' || parser.buffer[parser.buffer_pos] == ']' ||
+		parser.buffer[parser.buffer_pos] == '%' {
+		// Check if it is a URI-escape sequence.
+		if parser.buffer[parser.buffer_pos] == '%' {
+			if !yaml_parser_scan_uri_escapes(parser, directive, start_mark, &s) {
+				return false
+			}
+		} else {
+			s = read(parser, s)
+		}
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		hasTag = true
+	}
+
+	if !hasTag {
+		yaml_parser_set_scanner_tag_error(parser, directive,
+			start_mark, "did not find expected tag URI")
+		return false
+	}
+	*uri = s
+	return true
+}
+
+// Decode an URI-escape sequence corresponding to a single UTF-8 character.
+func yaml_parser_scan_uri_escapes(parser *yaml_parser_t, directive bool, start_mark yaml_mark_t, s *[]byte) bool {
+
+	// Decode the required number of characters.
+	w := 1024
+	for w > 0 {
+		// Check for a URI-escaped octet.
+		if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) {
+			return false
+		}
+
+		if !(parser.buffer[parser.buffer_pos] == '%' &&
+			is_hex(parser.buffer, parser.buffer_pos+1) &&
+			is_hex(parser.buffer, parser.buffer_pos+2)) {
+			return yaml_parser_set_scanner_tag_error(parser, directive,
+				start_mark, "did not find URI escaped octet")
+		}
+
+		// Get the octet.
+		octet := byte((as_hex(parser.buffer, parser.buffer_pos+1) << 4) + as_hex(parser.buffer, parser.buffer_pos+2))
+
+		// If it is the leading octet, determine the length of the UTF-8 sequence.
+		if w == 1024 {
+			w = width(octet)
+			if w == 0 {
+				return yaml_parser_set_scanner_tag_error(parser, directive,
+					start_mark, "found an incorrect leading UTF-8 octet")
+			}
+		} else {
+			// Check if the trailing octet is correct.
+			if octet&0xC0 != 0x80 {
+				return yaml_parser_set_scanner_tag_error(parser, directive,
+					start_mark, "found an incorrect trailing UTF-8 octet")
+			}
+		}
+
+		// Copy the octet and move the pointers.
+		*s = append(*s, octet)
+		skip(parser)
+		skip(parser)
+		skip(parser)
+		w--
+	}
+	return true
+}
+
+// Scan a block scalar.
+func yaml_parser_scan_block_scalar(parser *yaml_parser_t, token *yaml_token_t, literal bool) bool {
+	// Eat the indicator '|' or '>'.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Scan the additional block scalar indicators.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+
+	// Check for a chomping indicator.
+	var chomping, increment int
+	if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' {
+		// Set the chomping method and eat the indicator.
+		if parser.buffer[parser.buffer_pos] == '+' {
+			chomping = +1
+		} else {
+			chomping = -1
+		}
+		skip(parser)
+
+		// Check for an indentation indicator.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if is_digit(parser.buffer, parser.buffer_pos) {
+			// Check that the indentation is greater than 0.
+			if parser.buffer[parser.buffer_pos] == '0' {
+				yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+					start_mark, "found an indentation indicator equal to 0")
+				return false
+			}
+
+			// Get the indentation level and eat the indicator.
+			increment = as_digit(parser.buffer, parser.buffer_pos)
+			skip(parser)
+		}
+
+	} else if is_digit(parser.buffer, parser.buffer_pos) {
+		// Do the same as above, but in the opposite order.
+
+		if parser.buffer[parser.buffer_pos] == '0' {
+			yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+				start_mark, "found an indentation indicator equal to 0")
+			return false
+		}
+		increment = as_digit(parser.buffer, parser.buffer_pos)
+		skip(parser)
+
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		if parser.buffer[parser.buffer_pos] == '+' || parser.buffer[parser.buffer_pos] == '-' {
+			if parser.buffer[parser.buffer_pos] == '+' {
+				chomping = +1
+			} else {
+				chomping = -1
+			}
+			skip(parser)
+		}
+	}
+
+	// Eat whitespaces and comments to the end of the line.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	for is_blank(parser.buffer, parser.buffer_pos) {
+		skip(parser)
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+	}
+	if parser.buffer[parser.buffer_pos] == '#' {
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+	}
+
+	// Check if we are at the end of the line.
+	if !is_breakz(parser.buffer, parser.buffer_pos) {
+		yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+			start_mark, "did not find expected comment or line break")
+		return false
+	}
+
+	// Eat a line break.
+	if is_break(parser.buffer, parser.buffer_pos) {
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		skip_line(parser)
+	}
+
+	end_mark := parser.mark
+
+	// Set the indentation level if it was specified.
+	var indent int
+	if increment > 0 {
+		if parser.indent >= 0 {
+			indent = parser.indent + increment
+		} else {
+			indent = increment
+		}
+	}
+
+	// Scan the leading line breaks and determine the indentation level if needed.
+	var s, leading_break, trailing_breaks []byte
+	if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) {
+		return false
+	}
+
+	// Scan the block scalar content.
+	if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+		return false
+	}
+	var leading_blank, trailing_blank bool
+	for parser.mark.column == indent && !is_z(parser.buffer, parser.buffer_pos) {
+		// We are at the beginning of a non-empty line.
+
+		// Is it a trailing whitespace?
+		trailing_blank = is_blank(parser.buffer, parser.buffer_pos)
+
+		// Check if we need to fold the leading line break.
+		if !literal && !leading_blank && !trailing_blank && len(leading_break) > 0 && leading_break[0] == '\n' {
+			// Do we need to join the lines by space?
+			if len(trailing_breaks) == 0 {
+				s = append(s, ' ')
+			}
+		} else {
+			s = append(s, leading_break...)
+		}
+		leading_break = leading_break[:0]
+
+		// Append the remaining line breaks.
+		s = append(s, trailing_breaks...)
+		trailing_breaks = trailing_breaks[:0]
+
+		// Is it a leading whitespace?
+		leading_blank = is_blank(parser.buffer, parser.buffer_pos)
+
+		// Consume the current line.
+		for !is_breakz(parser.buffer, parser.buffer_pos) {
+			s = read(parser, s)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Consume the line break.
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+
+		leading_break = read_line(parser, leading_break)
+
+		// Eat the following indentation spaces and line breaks.
+		if !yaml_parser_scan_block_scalar_breaks(parser, &indent, &trailing_breaks, start_mark, &end_mark) {
+			return false
+		}
+	}
+
+	// Chomp the tail.
+	if chomping != -1 {
+		s = append(s, leading_break...)
+	}
+	if chomping == 1 {
+		s = append(s, trailing_breaks...)
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_LITERAL_SCALAR_STYLE,
+	}
+	if !literal {
+		token.style = yaml_FOLDED_SCALAR_STYLE
+	}
+	return true
+}
+
+// Scan indentation spaces and line breaks for a block scalar.  Determine the
+// indentation level if needed.
+func yaml_parser_scan_block_scalar_breaks(parser *yaml_parser_t, indent *int, breaks *[]byte, start_mark yaml_mark_t, end_mark *yaml_mark_t) bool {
+	*end_mark = parser.mark
+
+	// Eat the indentation spaces and line breaks.
+	max_indent := 0
+	for {
+		// Eat the indentation spaces.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+		for (*indent == 0 || parser.mark.column < *indent) && is_space(parser.buffer, parser.buffer_pos) {
+			skip(parser)
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+		if parser.mark.column > max_indent {
+			max_indent = parser.mark.column
+		}
+
+		// Check for a tab character messing the indentation.
+		if (*indent == 0 || parser.mark.column < *indent) && is_tab(parser.buffer, parser.buffer_pos) {
+			return yaml_parser_set_scanner_error(parser, "while scanning a block scalar",
+				start_mark, "found a tab character where an indentation space is expected")
+		}
+
+		// Have we found a non-empty line?
+		if !is_break(parser.buffer, parser.buffer_pos) {
+			break
+		}
+
+		// Consume the line break.
+		if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+			return false
+		}
+		// [Go] Should really be returning breaks instead.
+		*breaks = read_line(parser, *breaks)
+		*end_mark = parser.mark
+	}
+
+	// Determine the indentation level if needed.
+	if *indent == 0 {
+		*indent = max_indent
+		if *indent < parser.indent+1 {
+			*indent = parser.indent + 1
+		}
+		if *indent < 1 {
+			*indent = 1
+		}
+	}
+	return true
+}
+
+// Scan a quoted scalar.
+func yaml_parser_scan_flow_scalar(parser *yaml_parser_t, token *yaml_token_t, single bool) bool {
+	// Eat the left quote.
+	start_mark := parser.mark
+	skip(parser)
+
+	// Consume the content of the quoted scalar.
+	var s, leading_break, trailing_breaks, whitespaces []byte
+	for {
+		// Check that there are no document indicators at the beginning of the line.
+		if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+			return false
+		}
+
+		if parser.mark.column == 0 &&
+			((parser.buffer[parser.buffer_pos+0] == '-' &&
+				parser.buffer[parser.buffer_pos+1] == '-' &&
+				parser.buffer[parser.buffer_pos+2] == '-') ||
+				(parser.buffer[parser.buffer_pos+0] == '.' &&
+					parser.buffer[parser.buffer_pos+1] == '.' &&
+					parser.buffer[parser.buffer_pos+2] == '.')) &&
+			is_blankz(parser.buffer, parser.buffer_pos+3) {
+			yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar",
+				start_mark, "found unexpected document indicator")
+			return false
+		}
+
+		// Check for EOF.
+		if is_z(parser.buffer, parser.buffer_pos) {
+			yaml_parser_set_scanner_error(parser, "while scanning a quoted scalar",
+				start_mark, "found unexpected end of stream")
+			return false
+		}
+
+		// Consume non-blank characters.
+		leading_blanks := false
+		for !is_blankz(parser.buffer, parser.buffer_pos) {
+			if single && parser.buffer[parser.buffer_pos] == '\'' && parser.buffer[parser.buffer_pos+1] == '\'' {
+				// Is is an escaped single quote.
+				s = append(s, '\'')
+				skip(parser)
+				skip(parser)
+
+			} else if single && parser.buffer[parser.buffer_pos] == '\'' {
+				// It is a right single quote.
+				break
+			} else if !single && parser.buffer[parser.buffer_pos] == '"' {
+				// It is a right double quote.
+				break
+
+			} else if !single && parser.buffer[parser.buffer_pos] == '\\' && is_break(parser.buffer, parser.buffer_pos+1) {
+				// It is an escaped line break.
+				if parser.unread < 3 && !yaml_parser_update_buffer(parser, 3) {
+					return false
+				}
+				skip(parser)
+				skip_line(parser)
+				leading_blanks = true
+				break
+
+			} else if !single && parser.buffer[parser.buffer_pos] == '\\' {
+				// It is an escape sequence.
+				code_length := 0
+
+				// Check the escape character.
+				switch parser.buffer[parser.buffer_pos+1] {
+				case '0':
+					s = append(s, 0)
+				case 'a':
+					s = append(s, '\x07')
+				case 'b':
+					s = append(s, '\x08')
+				case 't', '\t':
+					s = append(s, '\x09')
+				case 'n':
+					s = append(s, '\x0A')
+				case 'v':
+					s = append(s, '\x0B')
+				case 'f':
+					s = append(s, '\x0C')
+				case 'r':
+					s = append(s, '\x0D')
+				case 'e':
+					s = append(s, '\x1B')
+				case ' ':
+					s = append(s, '\x20')
+				case '"':
+					s = append(s, '"')
+				case '\'':
+					s = append(s, '\'')
+				case '\\':
+					s = append(s, '\\')
+				case 'N': // NEL (#x85)
+					s = append(s, '\xC2')
+					s = append(s, '\x85')
+				case '_': // #xA0
+					s = append(s, '\xC2')
+					s = append(s, '\xA0')
+				case 'L': // LS (#x2028)
+					s = append(s, '\xE2')
+					s = append(s, '\x80')
+					s = append(s, '\xA8')
+				case 'P': // PS (#x2029)
+					s = append(s, '\xE2')
+					s = append(s, '\x80')
+					s = append(s, '\xA9')
+				case 'x':
+					code_length = 2
+				case 'u':
+					code_length = 4
+				case 'U':
+					code_length = 8
+				default:
+					yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+						start_mark, "found unknown escape character")
+					return false
+				}
+
+				skip(parser)
+				skip(parser)
+
+				// Consume an arbitrary escape code.
+				if code_length > 0 {
+					var value int
+
+					// Scan the character value.
+					if parser.unread < code_length && !yaml_parser_update_buffer(parser, code_length) {
+						return false
+					}
+					for k := 0; k < code_length; k++ {
+						if !is_hex(parser.buffer, parser.buffer_pos+k) {
+							yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+								start_mark, "did not find expected hexdecimal number")
+							return false
+						}
+						value = (value << 4) + as_hex(parser.buffer, parser.buffer_pos+k)
+					}
+
+					// Check the value and write the character.
+					if (value >= 0xD800 && value <= 0xDFFF) || value > 0x10FFFF {
+						yaml_parser_set_scanner_error(parser, "while parsing a quoted scalar",
+							start_mark, "found invalid Unicode character escape code")
+						return false
+					}
+					if value <= 0x7F {
+						s = append(s, byte(value))
+					} else if value <= 0x7FF {
+						s = append(s, byte(0xC0+(value>>6)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					} else if value <= 0xFFFF {
+						s = append(s, byte(0xE0+(value>>12)))
+						s = append(s, byte(0x80+((value>>6)&0x3F)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					} else {
+						s = append(s, byte(0xF0+(value>>18)))
+						s = append(s, byte(0x80+((value>>12)&0x3F)))
+						s = append(s, byte(0x80+((value>>6)&0x3F)))
+						s = append(s, byte(0x80+(value&0x3F)))
+					}
+
+					// Advance the pointer.
+					for k := 0; k < code_length; k++ {
+						skip(parser)
+					}
+				}
+			} else {
+				// It is a non-escaped non-blank character.
+				s = read(parser, s)
+			}
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+		}
+
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		// Check if we are at the end of the scalar.
+		if single {
+			if parser.buffer[parser.buffer_pos] == '\'' {
+				break
+			}
+		} else {
+			if parser.buffer[parser.buffer_pos] == '"' {
+				break
+			}
+		}
+
+		// Consume blank characters.
+		for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) {
+			if is_blank(parser.buffer, parser.buffer_pos) {
+				// Consume a space or a tab character.
+				if !leading_blanks {
+					whitespaces = read(parser, whitespaces)
+				} else {
+					skip(parser)
+				}
+			} else {
+				if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+					return false
+				}
+
+				// Check if it is a first line break.
+				if !leading_blanks {
+					whitespaces = whitespaces[:0]
+					leading_break = read_line(parser, leading_break)
+					leading_blanks = true
+				} else {
+					trailing_breaks = read_line(parser, trailing_breaks)
+				}
+			}
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Join the whitespaces or fold line breaks.
+		if leading_blanks {
+			// Do we need to fold line breaks?
+			if len(leading_break) > 0 && leading_break[0] == '\n' {
+				if len(trailing_breaks) == 0 {
+					s = append(s, ' ')
+				} else {
+					s = append(s, trailing_breaks...)
+				}
+			} else {
+				s = append(s, leading_break...)
+				s = append(s, trailing_breaks...)
+			}
+			trailing_breaks = trailing_breaks[:0]
+			leading_break = leading_break[:0]
+		} else {
+			s = append(s, whitespaces...)
+			whitespaces = whitespaces[:0]
+		}
+	}
+
+	// Eat the right quote.
+	skip(parser)
+	end_mark := parser.mark
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_SINGLE_QUOTED_SCALAR_STYLE,
+	}
+	if !single {
+		token.style = yaml_DOUBLE_QUOTED_SCALAR_STYLE
+	}
+	return true
+}
+
+// Scan a plain scalar.
+func yaml_parser_scan_plain_scalar(parser *yaml_parser_t, token *yaml_token_t) bool {
+
+	var s, leading_break, trailing_breaks, whitespaces []byte
+	var leading_blanks bool
+	var indent = parser.indent + 1
+
+	start_mark := parser.mark
+	end_mark := parser.mark
+
+	// Consume the content of the plain scalar.
+	for {
+		// Check for a document indicator.
+		if parser.unread < 4 && !yaml_parser_update_buffer(parser, 4) {
+			return false
+		}
+		if parser.mark.column == 0 &&
+			((parser.buffer[parser.buffer_pos+0] == '-' &&
+				parser.buffer[parser.buffer_pos+1] == '-' &&
+				parser.buffer[parser.buffer_pos+2] == '-') ||
+				(parser.buffer[parser.buffer_pos+0] == '.' &&
+					parser.buffer[parser.buffer_pos+1] == '.' &&
+					parser.buffer[parser.buffer_pos+2] == '.')) &&
+			is_blankz(parser.buffer, parser.buffer_pos+3) {
+			break
+		}
+
+		// Check for a comment.
+		if parser.buffer[parser.buffer_pos] == '#' {
+			break
+		}
+
+		// Consume non-blank characters.
+		for !is_blankz(parser.buffer, parser.buffer_pos) {
+
+			// Check for indicators that may end a plain scalar.
+			if (parser.buffer[parser.buffer_pos] == ':' && is_blankz(parser.buffer, parser.buffer_pos+1)) ||
+				(parser.flow_level > 0 &&
+					(parser.buffer[parser.buffer_pos] == ',' ||
+						parser.buffer[parser.buffer_pos] == '?' || parser.buffer[parser.buffer_pos] == '[' ||
+						parser.buffer[parser.buffer_pos] == ']' || parser.buffer[parser.buffer_pos] == '{' ||
+						parser.buffer[parser.buffer_pos] == '}')) {
+				break
+			}
+
+			// Check if we need to join whitespaces and breaks.
+			if leading_blanks || len(whitespaces) > 0 {
+				if leading_blanks {
+					// Do we need to fold line breaks?
+					if leading_break[0] == '\n' {
+						if len(trailing_breaks) == 0 {
+							s = append(s, ' ')
+						} else {
+							s = append(s, trailing_breaks...)
+						}
+					} else {
+						s = append(s, leading_break...)
+						s = append(s, trailing_breaks...)
+					}
+					trailing_breaks = trailing_breaks[:0]
+					leading_break = leading_break[:0]
+					leading_blanks = false
+				} else {
+					s = append(s, whitespaces...)
+					whitespaces = whitespaces[:0]
+				}
+			}
+
+			// Copy the character.
+			s = read(parser, s)
+
+			end_mark = parser.mark
+			if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+				return false
+			}
+		}
+
+		// Is it the end?
+		if !(is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos)) {
+			break
+		}
+
+		// Consume blank characters.
+		if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+			return false
+		}
+
+		for is_blank(parser.buffer, parser.buffer_pos) || is_break(parser.buffer, parser.buffer_pos) {
+			if is_blank(parser.buffer, parser.buffer_pos) {
+
+				// Check for tab characters that abuse indentation.
+				if leading_blanks && parser.mark.column < indent && is_tab(parser.buffer, parser.buffer_pos) {
+					yaml_parser_set_scanner_error(parser, "while scanning a plain scalar",
+						start_mark, "found a tab character that violates indentation")
+					return false
+				}
+
+				// Consume a space or a tab character.
+				if !leading_blanks {
+					whitespaces = read(parser, whitespaces)
+				} else {
+					skip(parser)
+				}
+			} else {
+				if parser.unread < 2 && !yaml_parser_update_buffer(parser, 2) {
+					return false
+				}
+
+				// Check if it is a first line break.
+				if !leading_blanks {
+					whitespaces = whitespaces[:0]
+					leading_break = read_line(parser, leading_break)
+					leading_blanks = true
+				} else {
+					trailing_breaks = read_line(parser, trailing_breaks)
+				}
+			}
+			if parser.unread < 1 && !yaml_parser_update_buffer(parser, 1) {
+				return false
+			}
+		}
+
+		// Check indentation level.
+		if parser.flow_level == 0 && parser.mark.column < indent {
+			break
+		}
+	}
+
+	// Create a token.
+	*token = yaml_token_t{
+		typ:        yaml_SCALAR_TOKEN,
+		start_mark: start_mark,
+		end_mark:   end_mark,
+		value:      s,
+		style:      yaml_PLAIN_SCALAR_STYLE,
+	}
+
+	// Note that we change the 'simple_key_allowed' flag.
+	if leading_blanks {
+		parser.simple_key_allowed = true
+	}
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
new file mode 100644
index 000000000..4c45e660a
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/sorter.go
@@ -0,0 +1,113 @@
+package yaml
+
+import (
+	"reflect"
+	"unicode"
+)
+
+type keyList []reflect.Value
+
+func (l keyList) Len() int      { return len(l) }
+func (l keyList) Swap(i, j int) { l[i], l[j] = l[j], l[i] }
+func (l keyList) Less(i, j int) bool {
+	a := l[i]
+	b := l[j]
+	ak := a.Kind()
+	bk := b.Kind()
+	for (ak == reflect.Interface || ak == reflect.Ptr) && !a.IsNil() {
+		a = a.Elem()
+		ak = a.Kind()
+	}
+	for (bk == reflect.Interface || bk == reflect.Ptr) && !b.IsNil() {
+		b = b.Elem()
+		bk = b.Kind()
+	}
+	af, aok := keyFloat(a)
+	bf, bok := keyFloat(b)
+	if aok && bok {
+		if af != bf {
+			return af < bf
+		}
+		if ak != bk {
+			return ak < bk
+		}
+		return numLess(a, b)
+	}
+	if ak != reflect.String || bk != reflect.String {
+		return ak < bk
+	}
+	ar, br := []rune(a.String()), []rune(b.String())
+	for i := 0; i < len(ar) && i < len(br); i++ {
+		if ar[i] == br[i] {
+			continue
+		}
+		al := unicode.IsLetter(ar[i])
+		bl := unicode.IsLetter(br[i])
+		if al && bl {
+			return ar[i] < br[i]
+		}
+		if al || bl {
+			return bl
+		}
+		var ai, bi int
+		var an, bn int64
+		if ar[i] == '0' || br[i] == '0' {
+			for j := i-1; j >= 0 && unicode.IsDigit(ar[j]); j-- {
+				if ar[j] != '0' {
+					an = 1
+					bn = 1
+					break
+				}
+			}
+		}
+		for ai = i; ai < len(ar) && unicode.IsDigit(ar[ai]); ai++ {
+			an = an*10 + int64(ar[ai]-'0')
+		}
+		for bi = i; bi < len(br) && unicode.IsDigit(br[bi]); bi++ {
+			bn = bn*10 + int64(br[bi]-'0')
+		}
+		if an != bn {
+			return an < bn
+		}
+		if ai != bi {
+			return ai < bi
+		}
+		return ar[i] < br[i]
+	}
+	return len(ar) < len(br)
+}
+
+// keyFloat returns a float value for v if it is a number/bool
+// and whether it is a number/bool or not.
+func keyFloat(v reflect.Value) (f float64, ok bool) {
+	switch v.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return float64(v.Int()), true
+	case reflect.Float32, reflect.Float64:
+		return v.Float(), true
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return float64(v.Uint()), true
+	case reflect.Bool:
+		if v.Bool() {
+			return 1, true
+		}
+		return 0, true
+	}
+	return 0, false
+}
+
+// numLess returns whether a < b.
+// a and b must necessarily have the same kind.
+func numLess(a, b reflect.Value) bool {
+	switch a.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return a.Int() < b.Int()
+	case reflect.Float32, reflect.Float64:
+		return a.Float() < b.Float()
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return a.Uint() < b.Uint()
+	case reflect.Bool:
+		return !a.Bool() && b.Bool()
+	}
+	panic("not a number")
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
new file mode 100644
index 000000000..a2dde608c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/writerc.go
@@ -0,0 +1,26 @@
+package yaml
+
+// Set the writer error and return false.
+func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool {
+	emitter.error = yaml_WRITER_ERROR
+	emitter.problem = problem
+	return false
+}
+
+// Flush the output buffer.
+func yaml_emitter_flush(emitter *yaml_emitter_t) bool {
+	if emitter.write_handler == nil {
+		panic("write handler not set")
+	}
+
+	// Check if the buffer is empty.
+	if emitter.buffer_pos == 0 {
+		return true
+	}
+
+	if err := emitter.write_handler(emitter, emitter.buffer[:emitter.buffer_pos]); err != nil {
+		return yaml_emitter_set_writer_error(emitter, "write error: "+err.Error())
+	}
+	emitter.buffer_pos = 0
+	return true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
new file mode 100644
index 000000000..30813884c
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yaml.go
@@ -0,0 +1,478 @@
+// Package yaml implements YAML support for the Go language.
+//
+// Source code and other details for the project are available at GitHub:
+//
+//   https://github.com/go-yaml/yaml
+//
+package yaml
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"reflect"
+	"strings"
+	"sync"
+)
+
+// MapSlice encodes and decodes as a YAML map.
+// The order of keys is preserved when encoding and decoding.
+type MapSlice []MapItem
+
+// MapItem is an item in a MapSlice.
+type MapItem struct {
+	Key, Value interface{}
+}
+
+// The Unmarshaler interface may be implemented by types to customize their
+// behavior when being unmarshaled from a YAML document. The UnmarshalYAML
+// method receives a function that may be called to unmarshal the original
+// YAML value into a field or variable. It is safe to call the unmarshal
+// function parameter more than once if necessary.
+type Unmarshaler interface {
+	UnmarshalYAML(unmarshal func(interface{}) error) error
+}
+
+// The Marshaler interface may be implemented by types to customize their
+// behavior when being marshaled into a YAML document. The returned value
+// is marshaled in place of the original value implementing Marshaler.
+//
+// If an error is returned by MarshalYAML, the marshaling procedure stops
+// and returns with the provided error.
+type Marshaler interface {
+	MarshalYAML() (interface{}, error)
+}
+
+// Unmarshal decodes the first document found within the in byte slice
+// and assigns decoded values into the out value.
+//
+// Maps and pointers (to a struct, string, int, etc) are accepted as out
+// values. If an internal pointer within a struct is not initialized,
+// the yaml package will initialize it if necessary for unmarshalling
+// the provided data. The out parameter must not be nil.
+//
+// The type of the decoded values should be compatible with the respective
+// values in out. If one or more values cannot be decoded due to a type
+// mismatches, decoding continues partially until the end of the YAML
+// content, and a *yaml.TypeError is returned with details for all
+// missed values.
+//
+// Struct fields are only unmarshalled if they are exported (have an
+// upper case first letter), and are unmarshalled using the field name
+// lowercased as the default key. Custom keys may be defined via the
+// "yaml" name in the field tag: the content preceding the first comma
+// is used as the key, and the following comma-separated options are
+// used to tweak the marshalling process (see Marshal).
+// Conflicting names result in a runtime error.
+//
+// For example:
+//
+//     type T struct {
+//         F int `yaml:"a,omitempty"`
+//         B int
+//     }
+//     var t T
+//     yaml.Unmarshal([]byte("a: 1\nb: 2"), &t)
+//
+// See the documentation of Marshal for the format of tags and a list of
+// supported tag options.
+//
+func Unmarshal(in []byte, out interface{}) (err error) {
+	return unmarshal(in, out, false)
+}
+
+// UnmarshalStrict is like Unmarshal except that any fields that are found
+// in the data that do not have corresponding struct members, or mapping
+// keys that are duplicates, will result in
+// an error.
+func UnmarshalStrict(in []byte, out interface{}) (err error) {
+	return unmarshal(in, out, true)
+}
+
+// A Decoder reads and decodes YAML values from an input stream.
+type Decoder struct {
+	strict bool
+	parser *parser
+}
+
+// NewDecoder returns a new decoder that reads from r.
+//
+// The decoder introduces its own buffering and may read
+// data from r beyond the YAML values requested.
+func NewDecoder(r io.Reader) *Decoder {
+	return &Decoder{
+		parser: newParserFromReader(r),
+	}
+}
+
+// SetStrict sets whether strict decoding behaviour is enabled when
+// decoding items in the data (see UnmarshalStrict). By default, decoding is not strict.
+func (dec *Decoder) SetStrict(strict bool) {
+	dec.strict = strict
+}
+
+// Decode reads the next YAML-encoded value from its input
+// and stores it in the value pointed to by v.
+//
+// See the documentation for Unmarshal for details about the
+// conversion of YAML into a Go value.
+func (dec *Decoder) Decode(v interface{}) (err error) {
+	d := newDecoder(dec.strict)
+	defer handleErr(&err)
+	node := dec.parser.parse()
+	if node == nil {
+		return io.EOF
+	}
+	out := reflect.ValueOf(v)
+	if out.Kind() == reflect.Ptr && !out.IsNil() {
+		out = out.Elem()
+	}
+	d.unmarshal(node, out)
+	if len(d.terrors) > 0 {
+		return &TypeError{d.terrors}
+	}
+	return nil
+}
+
+func unmarshal(in []byte, out interface{}, strict bool) (err error) {
+	defer handleErr(&err)
+	d := newDecoder(strict)
+	p := newParser(in)
+	defer p.destroy()
+	node := p.parse()
+	if node != nil {
+		v := reflect.ValueOf(out)
+		if v.Kind() == reflect.Ptr && !v.IsNil() {
+			v = v.Elem()
+		}
+		d.unmarshal(node, v)
+	}
+	if len(d.terrors) > 0 {
+		return &TypeError{d.terrors}
+	}
+	return nil
+}
+
+// Marshal serializes the value provided into a YAML document. The structure
+// of the generated document will reflect the structure of the value itself.
+// Maps and pointers (to struct, string, int, etc) are accepted as the in value.
+//
+// Struct fields are only marshalled if they are exported (have an upper case
+// first letter), and are marshalled using the field name lowercased as the
+// default key. Custom keys may be defined via the "yaml" name in the field
+// tag: the content preceding the first comma is used as the key, and the
+// following comma-separated options are used to tweak the marshalling process.
+// Conflicting names result in a runtime error.
+//
+// The field tag format accepted is:
+//
+//     `(...) yaml:"[<key>][,<flag1>[,<flag2>]]" (...)`
+//
+// The following flags are currently supported:
+//
+//     omitempty    Only include the field if it's not set to the zero
+//                  value for the type or to empty slices or maps.
+//                  Zero valued structs will be omitted if all their public
+//                  fields are zero, unless they implement an IsZero
+//                  method (see the IsZeroer interface type), in which
+//                  case the field will be excluded if IsZero returns true.
+//
+//     flow         Marshal using a flow style (useful for structs,
+//                  sequences and maps).
+//
+//     inline       Inline the field, which must be a struct or a map,
+//                  causing all of its fields or keys to be processed as if
+//                  they were part of the outer struct. For maps, keys must
+//                  not conflict with the yaml keys of other struct fields.
+//
+// In addition, if the key is "-", the field is ignored.
+//
+// For example:
+//
+//     type T struct {
+//         F int `yaml:"a,omitempty"`
+//         B int
+//     }
+//     yaml.Marshal(&T{B: 2}) // Returns "b: 2\n"
+//     yaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n"
+//
+func Marshal(in interface{}) (out []byte, err error) {
+	defer handleErr(&err)
+	e := newEncoder()
+	defer e.destroy()
+	e.marshalDoc("", reflect.ValueOf(in))
+	e.finish()
+	out = e.out
+	return
+}
+
+// An Encoder writes YAML values to an output stream.
+type Encoder struct {
+	encoder *encoder
+}
+
+// NewEncoder returns a new encoder that writes to w.
+// The Encoder should be closed after use to flush all data
+// to w.
+func NewEncoder(w io.Writer) *Encoder {
+	return &Encoder{
+		encoder: newEncoderWithWriter(w),
+	}
+}
+
+// Encode writes the YAML encoding of v to the stream.
+// If multiple items are encoded to the stream, the
+// second and subsequent document will be preceded
+// with a "---" document separator, but the first will not.
+//
+// See the documentation for Marshal for details about the conversion of Go
+// values to YAML.
+func (e *Encoder) Encode(v interface{}) (err error) {
+	defer handleErr(&err)
+	e.encoder.marshalDoc("", reflect.ValueOf(v))
+	return nil
+}
+
+// Close closes the encoder by writing any remaining data.
+// It does not write a stream terminating string "...".
+func (e *Encoder) Close() (err error) {
+	defer handleErr(&err)
+	e.encoder.finish()
+	return nil
+}
+
+func handleErr(err *error) {
+	if v := recover(); v != nil {
+		if e, ok := v.(yamlError); ok {
+			*err = e.err
+		} else {
+			panic(v)
+		}
+	}
+}
+
+type yamlError struct {
+	err error
+}
+
+func fail(err error) {
+	panic(yamlError{err})
+}
+
+func failf(format string, args ...interface{}) {
+	panic(yamlError{fmt.Errorf("yaml: "+format, args...)})
+}
+
+// A TypeError is returned by Unmarshal when one or more fields in
+// the YAML document cannot be properly decoded into the requested
+// types. When this error is returned, the value is still
+// unmarshaled partially.
+type TypeError struct {
+	Errors []string
+}
+
+func (e *TypeError) Error() string {
+	return fmt.Sprintf("yaml: unmarshal errors:\n  %s", strings.Join(e.Errors, "\n  "))
+}
+
+// --------------------------------------------------------------------------
+// Maintain a mapping of keys to structure field indexes
+
+// The code in this section was copied from mgo/bson.
+
+// structInfo holds details for the serialization of fields of
+// a given struct.
+type structInfo struct {
+	FieldsMap  map[string]fieldInfo
+	FieldsList []fieldInfo
+
+	// InlineMap is the number of the field in the struct that
+	// contains an ,inline map, or -1 if there's none.
+	InlineMap int
+}
+
+type fieldInfo struct {
+	Key       string
+	Num       int
+	OmitEmpty bool
+	Flow      bool
+	// Id holds the unique field identifier, so we can cheaply
+	// check for field duplicates without maintaining an extra map.
+	Id int
+
+	// Inline holds the field index if the field is part of an inlined struct.
+	Inline []int
+}
+
+var structMap = make(map[reflect.Type]*structInfo)
+var fieldMapMutex sync.RWMutex
+
+func getStructInfo(st reflect.Type) (*structInfo, error) {
+	fieldMapMutex.RLock()
+	sinfo, found := structMap[st]
+	fieldMapMutex.RUnlock()
+	if found {
+		return sinfo, nil
+	}
+
+	n := st.NumField()
+	fieldsMap := make(map[string]fieldInfo)
+	fieldsList := make([]fieldInfo, 0, n)
+	inlineMap := -1
+	for i := 0; i != n; i++ {
+		field := st.Field(i)
+		if field.PkgPath != "" && !field.Anonymous {
+			continue // Private field
+		}
+
+		info := fieldInfo{Num: i}
+
+		tag := field.Tag.Get("yaml")
+		if tag == "" && strings.Index(string(field.Tag), ":") < 0 {
+			tag = string(field.Tag)
+		}
+		if tag == "-" {
+			continue
+		}
+
+		inline := false
+		fields := strings.Split(tag, ",")
+		if len(fields) > 1 {
+			for _, flag := range fields[1:] {
+				switch flag {
+				case "omitempty":
+					info.OmitEmpty = true
+				case "flow":
+					info.Flow = true
+				case "inline":
+					inline = true
+				default:
+					return nil, errors.New(fmt.Sprintf("Unsupported flag %q in tag %q of type %s", flag, tag, st))
+				}
+			}
+			tag = fields[0]
+		}
+
+		if inline {
+			switch field.Type.Kind() {
+			case reflect.Map:
+				if inlineMap >= 0 {
+					return nil, errors.New("Multiple ,inline maps in struct " + st.String())
+				}
+				if field.Type.Key() != reflect.TypeOf("") {
+					return nil, errors.New("Option ,inline needs a map with string keys in struct " + st.String())
+				}
+				inlineMap = info.Num
+			case reflect.Struct:
+				sinfo, err := getStructInfo(field.Type)
+				if err != nil {
+					return nil, err
+				}
+				for _, finfo := range sinfo.FieldsList {
+					if _, found := fieldsMap[finfo.Key]; found {
+						msg := "Duplicated key '" + finfo.Key + "' in struct " + st.String()
+						return nil, errors.New(msg)
+					}
+					if finfo.Inline == nil {
+						finfo.Inline = []int{i, finfo.Num}
+					} else {
+						finfo.Inline = append([]int{i}, finfo.Inline...)
+					}
+					finfo.Id = len(fieldsList)
+					fieldsMap[finfo.Key] = finfo
+					fieldsList = append(fieldsList, finfo)
+				}
+			default:
+				//return nil, errors.New("Option ,inline needs a struct value or map field")
+				return nil, errors.New("Option ,inline needs a struct value field")
+			}
+			continue
+		}
+
+		if tag != "" {
+			info.Key = tag
+		} else {
+			info.Key = strings.ToLower(field.Name)
+		}
+
+		if _, found = fieldsMap[info.Key]; found {
+			msg := "Duplicated key '" + info.Key + "' in struct " + st.String()
+			return nil, errors.New(msg)
+		}
+
+		info.Id = len(fieldsList)
+		fieldsList = append(fieldsList, info)
+		fieldsMap[info.Key] = info
+	}
+
+	sinfo = &structInfo{
+		FieldsMap:  fieldsMap,
+		FieldsList: fieldsList,
+		InlineMap:  inlineMap,
+	}
+
+	fieldMapMutex.Lock()
+	structMap[st] = sinfo
+	fieldMapMutex.Unlock()
+	return sinfo, nil
+}
+
+// IsZeroer is used to check whether an object is zero to
+// determine whether it should be omitted when marshaling
+// with the omitempty flag. One notable implementation
+// is time.Time.
+type IsZeroer interface {
+	IsZero() bool
+}
+
+func isZero(v reflect.Value) bool {
+	kind := v.Kind()
+	if z, ok := v.Interface().(IsZeroer); ok {
+		if (kind == reflect.Ptr || kind == reflect.Interface) && v.IsNil() {
+			return true
+		}
+		return z.IsZero()
+	}
+	switch kind {
+	case reflect.String:
+		return len(v.String()) == 0
+	case reflect.Interface, reflect.Ptr:
+		return v.IsNil()
+	case reflect.Slice:
+		return v.Len() == 0
+	case reflect.Map:
+		return v.Len() == 0
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		return v.Int() == 0
+	case reflect.Float32, reflect.Float64:
+		return v.Float() == 0
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		return v.Uint() == 0
+	case reflect.Bool:
+		return !v.Bool()
+	case reflect.Struct:
+		vt := v.Type()
+		for i := v.NumField() - 1; i >= 0; i-- {
+			if vt.Field(i).PkgPath != "" {
+				continue // Private field
+			}
+			if !isZero(v.Field(i)) {
+				return false
+			}
+		}
+		return true
+	}
+	return false
+}
+
+// FutureLineWrap globally disables line wrapping when encoding long strings.
+// This is a temporary and thus deprecated method introduced to faciliate
+// migration towards v3, which offers more control of line lengths on
+// individual encodings, and has a default matching the behavior introduced
+// by this function.
+//
+// The default formatting of v2 was erroneously changed in v2.3.0 and reverted
+// in v2.4.0, at which point this function was introduced to help migration.
+func FutureLineWrap() {
+	disableLineWrapping = true
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
new file mode 100644
index 000000000..f6a9c8e34
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlh.go
@@ -0,0 +1,739 @@
+package yaml
+
+import (
+	"fmt"
+	"io"
+)
+
+// The version directive data.
+type yaml_version_directive_t struct {
+	major int8 // The major version number.
+	minor int8 // The minor version number.
+}
+
+// The tag directive data.
+type yaml_tag_directive_t struct {
+	handle []byte // The tag handle.
+	prefix []byte // The tag prefix.
+}
+
+type yaml_encoding_t int
+
+// The stream encoding.
+const (
+	// Let the parser choose the encoding.
+	yaml_ANY_ENCODING yaml_encoding_t = iota
+
+	yaml_UTF8_ENCODING    // The default UTF-8 encoding.
+	yaml_UTF16LE_ENCODING // The UTF-16-LE encoding with BOM.
+	yaml_UTF16BE_ENCODING // The UTF-16-BE encoding with BOM.
+)
+
+type yaml_break_t int
+
+// Line break types.
+const (
+	// Let the parser choose the break type.
+	yaml_ANY_BREAK yaml_break_t = iota
+
+	yaml_CR_BREAK   // Use CR for line breaks (Mac style).
+	yaml_LN_BREAK   // Use LN for line breaks (Unix style).
+	yaml_CRLN_BREAK // Use CR LN for line breaks (DOS style).
+)
+
+type yaml_error_type_t int
+
+// Many bad things could happen with the parser and emitter.
+const (
+	// No error is produced.
+	yaml_NO_ERROR yaml_error_type_t = iota
+
+	yaml_MEMORY_ERROR   // Cannot allocate or reallocate a block of memory.
+	yaml_READER_ERROR   // Cannot read or decode the input stream.
+	yaml_SCANNER_ERROR  // Cannot scan the input stream.
+	yaml_PARSER_ERROR   // Cannot parse the input stream.
+	yaml_COMPOSER_ERROR // Cannot compose a YAML document.
+	yaml_WRITER_ERROR   // Cannot write to the output stream.
+	yaml_EMITTER_ERROR  // Cannot emit a YAML stream.
+)
+
+// The pointer position.
+type yaml_mark_t struct {
+	index  int // The position index.
+	line   int // The position line.
+	column int // The position column.
+}
+
+// Node Styles
+
+type yaml_style_t int8
+
+type yaml_scalar_style_t yaml_style_t
+
+// Scalar styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_SCALAR_STYLE yaml_scalar_style_t = iota
+
+	yaml_PLAIN_SCALAR_STYLE         // The plain scalar style.
+	yaml_SINGLE_QUOTED_SCALAR_STYLE // The single-quoted scalar style.
+	yaml_DOUBLE_QUOTED_SCALAR_STYLE // The double-quoted scalar style.
+	yaml_LITERAL_SCALAR_STYLE       // The literal scalar style.
+	yaml_FOLDED_SCALAR_STYLE        // The folded scalar style.
+)
+
+type yaml_sequence_style_t yaml_style_t
+
+// Sequence styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_SEQUENCE_STYLE yaml_sequence_style_t = iota
+
+	yaml_BLOCK_SEQUENCE_STYLE // The block sequence style.
+	yaml_FLOW_SEQUENCE_STYLE  // The flow sequence style.
+)
+
+type yaml_mapping_style_t yaml_style_t
+
+// Mapping styles.
+const (
+	// Let the emitter choose the style.
+	yaml_ANY_MAPPING_STYLE yaml_mapping_style_t = iota
+
+	yaml_BLOCK_MAPPING_STYLE // The block mapping style.
+	yaml_FLOW_MAPPING_STYLE  // The flow mapping style.
+)
+
+// Tokens
+
+type yaml_token_type_t int
+
+// Token types.
+const (
+	// An empty token.
+	yaml_NO_TOKEN yaml_token_type_t = iota
+
+	yaml_STREAM_START_TOKEN // A STREAM-START token.
+	yaml_STREAM_END_TOKEN   // A STREAM-END token.
+
+	yaml_VERSION_DIRECTIVE_TOKEN // A VERSION-DIRECTIVE token.
+	yaml_TAG_DIRECTIVE_TOKEN     // A TAG-DIRECTIVE token.
+	yaml_DOCUMENT_START_TOKEN    // A DOCUMENT-START token.
+	yaml_DOCUMENT_END_TOKEN      // A DOCUMENT-END token.
+
+	yaml_BLOCK_SEQUENCE_START_TOKEN // A BLOCK-SEQUENCE-START token.
+	yaml_BLOCK_MAPPING_START_TOKEN  // A BLOCK-SEQUENCE-END token.
+	yaml_BLOCK_END_TOKEN            // A BLOCK-END token.
+
+	yaml_FLOW_SEQUENCE_START_TOKEN // A FLOW-SEQUENCE-START token.
+	yaml_FLOW_SEQUENCE_END_TOKEN   // A FLOW-SEQUENCE-END token.
+	yaml_FLOW_MAPPING_START_TOKEN  // A FLOW-MAPPING-START token.
+	yaml_FLOW_MAPPING_END_TOKEN    // A FLOW-MAPPING-END token.
+
+	yaml_BLOCK_ENTRY_TOKEN // A BLOCK-ENTRY token.
+	yaml_FLOW_ENTRY_TOKEN  // A FLOW-ENTRY token.
+	yaml_KEY_TOKEN         // A KEY token.
+	yaml_VALUE_TOKEN       // A VALUE token.
+
+	yaml_ALIAS_TOKEN  // An ALIAS token.
+	yaml_ANCHOR_TOKEN // An ANCHOR token.
+	yaml_TAG_TOKEN    // A TAG token.
+	yaml_SCALAR_TOKEN // A SCALAR token.
+)
+
+func (tt yaml_token_type_t) String() string {
+	switch tt {
+	case yaml_NO_TOKEN:
+		return "yaml_NO_TOKEN"
+	case yaml_STREAM_START_TOKEN:
+		return "yaml_STREAM_START_TOKEN"
+	case yaml_STREAM_END_TOKEN:
+		return "yaml_STREAM_END_TOKEN"
+	case yaml_VERSION_DIRECTIVE_TOKEN:
+		return "yaml_VERSION_DIRECTIVE_TOKEN"
+	case yaml_TAG_DIRECTIVE_TOKEN:
+		return "yaml_TAG_DIRECTIVE_TOKEN"
+	case yaml_DOCUMENT_START_TOKEN:
+		return "yaml_DOCUMENT_START_TOKEN"
+	case yaml_DOCUMENT_END_TOKEN:
+		return "yaml_DOCUMENT_END_TOKEN"
+	case yaml_BLOCK_SEQUENCE_START_TOKEN:
+		return "yaml_BLOCK_SEQUENCE_START_TOKEN"
+	case yaml_BLOCK_MAPPING_START_TOKEN:
+		return "yaml_BLOCK_MAPPING_START_TOKEN"
+	case yaml_BLOCK_END_TOKEN:
+		return "yaml_BLOCK_END_TOKEN"
+	case yaml_FLOW_SEQUENCE_START_TOKEN:
+		return "yaml_FLOW_SEQUENCE_START_TOKEN"
+	case yaml_FLOW_SEQUENCE_END_TOKEN:
+		return "yaml_FLOW_SEQUENCE_END_TOKEN"
+	case yaml_FLOW_MAPPING_START_TOKEN:
+		return "yaml_FLOW_MAPPING_START_TOKEN"
+	case yaml_FLOW_MAPPING_END_TOKEN:
+		return "yaml_FLOW_MAPPING_END_TOKEN"
+	case yaml_BLOCK_ENTRY_TOKEN:
+		return "yaml_BLOCK_ENTRY_TOKEN"
+	case yaml_FLOW_ENTRY_TOKEN:
+		return "yaml_FLOW_ENTRY_TOKEN"
+	case yaml_KEY_TOKEN:
+		return "yaml_KEY_TOKEN"
+	case yaml_VALUE_TOKEN:
+		return "yaml_VALUE_TOKEN"
+	case yaml_ALIAS_TOKEN:
+		return "yaml_ALIAS_TOKEN"
+	case yaml_ANCHOR_TOKEN:
+		return "yaml_ANCHOR_TOKEN"
+	case yaml_TAG_TOKEN:
+		return "yaml_TAG_TOKEN"
+	case yaml_SCALAR_TOKEN:
+		return "yaml_SCALAR_TOKEN"
+	}
+	return "<unknown token>"
+}
+
+// The token structure.
+type yaml_token_t struct {
+	// The token type.
+	typ yaml_token_type_t
+
+	// The start/end of the token.
+	start_mark, end_mark yaml_mark_t
+
+	// The stream encoding (for yaml_STREAM_START_TOKEN).
+	encoding yaml_encoding_t
+
+	// The alias/anchor/scalar value or tag/tag directive handle
+	// (for yaml_ALIAS_TOKEN, yaml_ANCHOR_TOKEN, yaml_SCALAR_TOKEN, yaml_TAG_TOKEN, yaml_TAG_DIRECTIVE_TOKEN).
+	value []byte
+
+	// The tag suffix (for yaml_TAG_TOKEN).
+	suffix []byte
+
+	// The tag directive prefix (for yaml_TAG_DIRECTIVE_TOKEN).
+	prefix []byte
+
+	// The scalar style (for yaml_SCALAR_TOKEN).
+	style yaml_scalar_style_t
+
+	// The version directive major/minor (for yaml_VERSION_DIRECTIVE_TOKEN).
+	major, minor int8
+}
+
+// Events
+
+type yaml_event_type_t int8
+
+// Event types.
+const (
+	// An empty event.
+	yaml_NO_EVENT yaml_event_type_t = iota
+
+	yaml_STREAM_START_EVENT   // A STREAM-START event.
+	yaml_STREAM_END_EVENT     // A STREAM-END event.
+	yaml_DOCUMENT_START_EVENT // A DOCUMENT-START event.
+	yaml_DOCUMENT_END_EVENT   // A DOCUMENT-END event.
+	yaml_ALIAS_EVENT          // An ALIAS event.
+	yaml_SCALAR_EVENT         // A SCALAR event.
+	yaml_SEQUENCE_START_EVENT // A SEQUENCE-START event.
+	yaml_SEQUENCE_END_EVENT   // A SEQUENCE-END event.
+	yaml_MAPPING_START_EVENT  // A MAPPING-START event.
+	yaml_MAPPING_END_EVENT    // A MAPPING-END event.
+)
+
+var eventStrings = []string{
+	yaml_NO_EVENT:             "none",
+	yaml_STREAM_START_EVENT:   "stream start",
+	yaml_STREAM_END_EVENT:     "stream end",
+	yaml_DOCUMENT_START_EVENT: "document start",
+	yaml_DOCUMENT_END_EVENT:   "document end",
+	yaml_ALIAS_EVENT:          "alias",
+	yaml_SCALAR_EVENT:         "scalar",
+	yaml_SEQUENCE_START_EVENT: "sequence start",
+	yaml_SEQUENCE_END_EVENT:   "sequence end",
+	yaml_MAPPING_START_EVENT:  "mapping start",
+	yaml_MAPPING_END_EVENT:    "mapping end",
+}
+
+func (e yaml_event_type_t) String() string {
+	if e < 0 || int(e) >= len(eventStrings) {
+		return fmt.Sprintf("unknown event %d", e)
+	}
+	return eventStrings[e]
+}
+
+// The event structure.
+type yaml_event_t struct {
+
+	// The event type.
+	typ yaml_event_type_t
+
+	// The start and end of the event.
+	start_mark, end_mark yaml_mark_t
+
+	// The document encoding (for yaml_STREAM_START_EVENT).
+	encoding yaml_encoding_t
+
+	// The version directive (for yaml_DOCUMENT_START_EVENT).
+	version_directive *yaml_version_directive_t
+
+	// The list of tag directives (for yaml_DOCUMENT_START_EVENT).
+	tag_directives []yaml_tag_directive_t
+
+	// The anchor (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_ALIAS_EVENT).
+	anchor []byte
+
+	// The tag (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT).
+	tag []byte
+
+	// The scalar value (for yaml_SCALAR_EVENT).
+	value []byte
+
+	// Is the document start/end indicator implicit, or the tag optional?
+	// (for yaml_DOCUMENT_START_EVENT, yaml_DOCUMENT_END_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT, yaml_SCALAR_EVENT).
+	implicit bool
+
+	// Is the tag optional for any non-plain style? (for yaml_SCALAR_EVENT).
+	quoted_implicit bool
+
+	// The style (for yaml_SCALAR_EVENT, yaml_SEQUENCE_START_EVENT, yaml_MAPPING_START_EVENT).
+	style yaml_style_t
+}
+
+func (e *yaml_event_t) scalar_style() yaml_scalar_style_t     { return yaml_scalar_style_t(e.style) }
+func (e *yaml_event_t) sequence_style() yaml_sequence_style_t { return yaml_sequence_style_t(e.style) }
+func (e *yaml_event_t) mapping_style() yaml_mapping_style_t   { return yaml_mapping_style_t(e.style) }
+
+// Nodes
+
+const (
+	yaml_NULL_TAG      = "tag:yaml.org,2002:null"      // The tag !!null with the only possible value: null.
+	yaml_BOOL_TAG      = "tag:yaml.org,2002:bool"      // The tag !!bool with the values: true and false.
+	yaml_STR_TAG       = "tag:yaml.org,2002:str"       // The tag !!str for string values.
+	yaml_INT_TAG       = "tag:yaml.org,2002:int"       // The tag !!int for integer values.
+	yaml_FLOAT_TAG     = "tag:yaml.org,2002:float"     // The tag !!float for float values.
+	yaml_TIMESTAMP_TAG = "tag:yaml.org,2002:timestamp" // The tag !!timestamp for date and time values.
+
+	yaml_SEQ_TAG = "tag:yaml.org,2002:seq" // The tag !!seq is used to denote sequences.
+	yaml_MAP_TAG = "tag:yaml.org,2002:map" // The tag !!map is used to denote mapping.
+
+	// Not in original libyaml.
+	yaml_BINARY_TAG = "tag:yaml.org,2002:binary"
+	yaml_MERGE_TAG  = "tag:yaml.org,2002:merge"
+
+	yaml_DEFAULT_SCALAR_TAG   = yaml_STR_TAG // The default scalar tag is !!str.
+	yaml_DEFAULT_SEQUENCE_TAG = yaml_SEQ_TAG // The default sequence tag is !!seq.
+	yaml_DEFAULT_MAPPING_TAG  = yaml_MAP_TAG // The default mapping tag is !!map.
+)
+
+type yaml_node_type_t int
+
+// Node types.
+const (
+	// An empty node.
+	yaml_NO_NODE yaml_node_type_t = iota
+
+	yaml_SCALAR_NODE   // A scalar node.
+	yaml_SEQUENCE_NODE // A sequence node.
+	yaml_MAPPING_NODE  // A mapping node.
+)
+
+// An element of a sequence node.
+type yaml_node_item_t int
+
+// An element of a mapping node.
+type yaml_node_pair_t struct {
+	key   int // The key of the element.
+	value int // The value of the element.
+}
+
+// The node structure.
+type yaml_node_t struct {
+	typ yaml_node_type_t // The node type.
+	tag []byte           // The node tag.
+
+	// The node data.
+
+	// The scalar parameters (for yaml_SCALAR_NODE).
+	scalar struct {
+		value  []byte              // The scalar value.
+		length int                 // The length of the scalar value.
+		style  yaml_scalar_style_t // The scalar style.
+	}
+
+	// The sequence parameters (for YAML_SEQUENCE_NODE).
+	sequence struct {
+		items_data []yaml_node_item_t    // The stack of sequence items.
+		style      yaml_sequence_style_t // The sequence style.
+	}
+
+	// The mapping parameters (for yaml_MAPPING_NODE).
+	mapping struct {
+		pairs_data  []yaml_node_pair_t   // The stack of mapping pairs (key, value).
+		pairs_start *yaml_node_pair_t    // The beginning of the stack.
+		pairs_end   *yaml_node_pair_t    // The end of the stack.
+		pairs_top   *yaml_node_pair_t    // The top of the stack.
+		style       yaml_mapping_style_t // The mapping style.
+	}
+
+	start_mark yaml_mark_t // The beginning of the node.
+	end_mark   yaml_mark_t // The end of the node.
+
+}
+
+// The document structure.
+type yaml_document_t struct {
+
+	// The document nodes.
+	nodes []yaml_node_t
+
+	// The version directive.
+	version_directive *yaml_version_directive_t
+
+	// The list of tag directives.
+	tag_directives_data  []yaml_tag_directive_t
+	tag_directives_start int // The beginning of the tag directives list.
+	tag_directives_end   int // The end of the tag directives list.
+
+	start_implicit int // Is the document start indicator implicit?
+	end_implicit   int // Is the document end indicator implicit?
+
+	// The start/end of the document.
+	start_mark, end_mark yaml_mark_t
+}
+
+// The prototype of a read handler.
+//
+// The read handler is called when the parser needs to read more bytes from the
+// source. The handler should write not more than size bytes to the buffer.
+// The number of written bytes should be set to the size_read variable.
+//
+// [in,out]   data        A pointer to an application data specified by
+//                        yaml_parser_set_input().
+// [out]      buffer      The buffer to write the data from the source.
+// [in]       size        The size of the buffer.
+// [out]      size_read   The actual number of bytes read from the source.
+//
+// On success, the handler should return 1.  If the handler failed,
+// the returned value should be 0. On EOF, the handler should set the
+// size_read to 0 and return 1.
+type yaml_read_handler_t func(parser *yaml_parser_t, buffer []byte) (n int, err error)
+
+// This structure holds information about a potential simple key.
+type yaml_simple_key_t struct {
+	possible     bool        // Is a simple key possible?
+	required     bool        // Is a simple key required?
+	token_number int         // The number of the token.
+	mark         yaml_mark_t // The position mark.
+}
+
+// The states of the parser.
+type yaml_parser_state_t int
+
+const (
+	yaml_PARSE_STREAM_START_STATE yaml_parser_state_t = iota
+
+	yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE           // Expect the beginning of an implicit document.
+	yaml_PARSE_DOCUMENT_START_STATE                    // Expect DOCUMENT-START.
+	yaml_PARSE_DOCUMENT_CONTENT_STATE                  // Expect the content of a document.
+	yaml_PARSE_DOCUMENT_END_STATE                      // Expect DOCUMENT-END.
+	yaml_PARSE_BLOCK_NODE_STATE                        // Expect a block node.
+	yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE // Expect a block node or indentless sequence.
+	yaml_PARSE_FLOW_NODE_STATE                         // Expect a flow node.
+	yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE        // Expect the first entry of a block sequence.
+	yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE              // Expect an entry of a block sequence.
+	yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE         // Expect an entry of an indentless sequence.
+	yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE           // Expect the first key of a block mapping.
+	yaml_PARSE_BLOCK_MAPPING_KEY_STATE                 // Expect a block mapping key.
+	yaml_PARSE_BLOCK_MAPPING_VALUE_STATE               // Expect a block mapping value.
+	yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE         // Expect the first entry of a flow sequence.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE               // Expect an entry of a flow sequence.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE   // Expect a key of an ordered mapping.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE // Expect a value of an ordered mapping.
+	yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE   // Expect the and of an ordered mapping entry.
+	yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE            // Expect the first key of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_KEY_STATE                  // Expect a key of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_VALUE_STATE                // Expect a value of a flow mapping.
+	yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE          // Expect an empty value of a flow mapping.
+	yaml_PARSE_END_STATE                               // Expect nothing.
+)
+
+func (ps yaml_parser_state_t) String() string {
+	switch ps {
+	case yaml_PARSE_STREAM_START_STATE:
+		return "yaml_PARSE_STREAM_START_STATE"
+	case yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE:
+		return "yaml_PARSE_IMPLICIT_DOCUMENT_START_STATE"
+	case yaml_PARSE_DOCUMENT_START_STATE:
+		return "yaml_PARSE_DOCUMENT_START_STATE"
+	case yaml_PARSE_DOCUMENT_CONTENT_STATE:
+		return "yaml_PARSE_DOCUMENT_CONTENT_STATE"
+	case yaml_PARSE_DOCUMENT_END_STATE:
+		return "yaml_PARSE_DOCUMENT_END_STATE"
+	case yaml_PARSE_BLOCK_NODE_STATE:
+		return "yaml_PARSE_BLOCK_NODE_STATE"
+	case yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE:
+		return "yaml_PARSE_BLOCK_NODE_OR_INDENTLESS_SEQUENCE_STATE"
+	case yaml_PARSE_FLOW_NODE_STATE:
+		return "yaml_PARSE_FLOW_NODE_STATE"
+	case yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE:
+		return "yaml_PARSE_BLOCK_SEQUENCE_FIRST_ENTRY_STATE"
+	case yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_BLOCK_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_INDENTLESS_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_FIRST_KEY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_KEY_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_KEY_STATE"
+	case yaml_PARSE_BLOCK_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_BLOCK_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_FIRST_ENTRY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_KEY_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE:
+		return "yaml_PARSE_FLOW_SEQUENCE_ENTRY_MAPPING_END_STATE"
+	case yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_FIRST_KEY_STATE"
+	case yaml_PARSE_FLOW_MAPPING_KEY_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_KEY_STATE"
+	case yaml_PARSE_FLOW_MAPPING_VALUE_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_VALUE_STATE"
+	case yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE:
+		return "yaml_PARSE_FLOW_MAPPING_EMPTY_VALUE_STATE"
+	case yaml_PARSE_END_STATE:
+		return "yaml_PARSE_END_STATE"
+	}
+	return "<unknown parser state>"
+}
+
+// This structure holds aliases data.
+type yaml_alias_data_t struct {
+	anchor []byte      // The anchor.
+	index  int         // The node id.
+	mark   yaml_mark_t // The anchor mark.
+}
+
+// The parser structure.
+//
+// All members are internal. Manage the structure using the
+// yaml_parser_ family of functions.
+type yaml_parser_t struct {
+
+	// Error handling
+
+	error yaml_error_type_t // Error type.
+
+	problem string // Error description.
+
+	// The byte about which the problem occurred.
+	problem_offset int
+	problem_value  int
+	problem_mark   yaml_mark_t
+
+	// The error context.
+	context      string
+	context_mark yaml_mark_t
+
+	// Reader stuff
+
+	read_handler yaml_read_handler_t // Read handler.
+
+	input_reader io.Reader // File input data.
+	input        []byte    // String input data.
+	input_pos    int
+
+	eof bool // EOF flag
+
+	buffer     []byte // The working buffer.
+	buffer_pos int    // The current position of the buffer.
+
+	unread int // The number of unread characters in the buffer.
+
+	raw_buffer     []byte // The raw buffer.
+	raw_buffer_pos int    // The current position of the buffer.
+
+	encoding yaml_encoding_t // The input encoding.
+
+	offset int         // The offset of the current position (in bytes).
+	mark   yaml_mark_t // The mark of the current position.
+
+	// Scanner stuff
+
+	stream_start_produced bool // Have we started to scan the input stream?
+	stream_end_produced   bool // Have we reached the end of the input stream?
+
+	flow_level int // The number of unclosed '[' and '{' indicators.
+
+	tokens          []yaml_token_t // The tokens queue.
+	tokens_head     int            // The head of the tokens queue.
+	tokens_parsed   int            // The number of tokens fetched from the queue.
+	token_available bool           // Does the tokens queue contain a token ready for dequeueing.
+
+	indent  int   // The current indentation level.
+	indents []int // The indentation levels stack.
+
+	simple_key_allowed bool                // May a simple key occur at the current position?
+	simple_keys        []yaml_simple_key_t // The stack of simple keys.
+	simple_keys_by_tok map[int]int         // possible simple_key indexes indexed by token_number
+
+	// Parser stuff
+
+	state          yaml_parser_state_t    // The current parser state.
+	states         []yaml_parser_state_t  // The parser states stack.
+	marks          []yaml_mark_t          // The stack of marks.
+	tag_directives []yaml_tag_directive_t // The list of TAG directives.
+
+	// Dumper stuff
+
+	aliases []yaml_alias_data_t // The alias data.
+
+	document *yaml_document_t // The currently parsed document.
+}
+
+// Emitter Definitions
+
+// The prototype of a write handler.
+//
+// The write handler is called when the emitter needs to flush the accumulated
+// characters to the output.  The handler should write @a size bytes of the
+// @a buffer to the output.
+//
+// @param[in,out]   data        A pointer to an application data specified by
+//                              yaml_emitter_set_output().
+// @param[in]       buffer      The buffer with bytes to be written.
+// @param[in]       size        The size of the buffer.
+//
+// @returns On success, the handler should return @c 1.  If the handler failed,
+// the returned value should be @c 0.
+//
+type yaml_write_handler_t func(emitter *yaml_emitter_t, buffer []byte) error
+
+type yaml_emitter_state_t int
+
+// The emitter states.
+const (
+	// Expect STREAM-START.
+	yaml_EMIT_STREAM_START_STATE yaml_emitter_state_t = iota
+
+	yaml_EMIT_FIRST_DOCUMENT_START_STATE       // Expect the first DOCUMENT-START or STREAM-END.
+	yaml_EMIT_DOCUMENT_START_STATE             // Expect DOCUMENT-START or STREAM-END.
+	yaml_EMIT_DOCUMENT_CONTENT_STATE           // Expect the content of a document.
+	yaml_EMIT_DOCUMENT_END_STATE               // Expect DOCUMENT-END.
+	yaml_EMIT_FLOW_SEQUENCE_FIRST_ITEM_STATE   // Expect the first item of a flow sequence.
+	yaml_EMIT_FLOW_SEQUENCE_ITEM_STATE         // Expect an item of a flow sequence.
+	yaml_EMIT_FLOW_MAPPING_FIRST_KEY_STATE     // Expect the first key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_KEY_STATE           // Expect a key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_SIMPLE_VALUE_STATE  // Expect a value for a simple key of a flow mapping.
+	yaml_EMIT_FLOW_MAPPING_VALUE_STATE         // Expect a value of a flow mapping.
+	yaml_EMIT_BLOCK_SEQUENCE_FIRST_ITEM_STATE  // Expect the first item of a block sequence.
+	yaml_EMIT_BLOCK_SEQUENCE_ITEM_STATE        // Expect an item of a block sequence.
+	yaml_EMIT_BLOCK_MAPPING_FIRST_KEY_STATE    // Expect the first key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_KEY_STATE          // Expect the key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_SIMPLE_VALUE_STATE // Expect a value for a simple key of a block mapping.
+	yaml_EMIT_BLOCK_MAPPING_VALUE_STATE        // Expect a value of a block mapping.
+	yaml_EMIT_END_STATE                        // Expect nothing.
+)
+
+// The emitter structure.
+//
+// All members are internal.  Manage the structure using the @c yaml_emitter_
+// family of functions.
+type yaml_emitter_t struct {
+
+	// Error handling
+
+	error   yaml_error_type_t // Error type.
+	problem string            // Error description.
+
+	// Writer stuff
+
+	write_handler yaml_write_handler_t // Write handler.
+
+	output_buffer *[]byte   // String output data.
+	output_writer io.Writer // File output data.
+
+	buffer     []byte // The working buffer.
+	buffer_pos int    // The current position of the buffer.
+
+	raw_buffer     []byte // The raw buffer.
+	raw_buffer_pos int    // The current position of the buffer.
+
+	encoding yaml_encoding_t // The stream encoding.
+
+	// Emitter stuff
+
+	canonical   bool         // If the output is in the canonical style?
+	best_indent int          // The number of indentation spaces.
+	best_width  int          // The preferred width of the output lines.
+	unicode     bool         // Allow unescaped non-ASCII characters?
+	line_break  yaml_break_t // The preferred line break.
+
+	state  yaml_emitter_state_t   // The current emitter state.
+	states []yaml_emitter_state_t // The stack of states.
+
+	events      []yaml_event_t // The event queue.
+	events_head int            // The head of the event queue.
+
+	indents []int // The stack of indentation levels.
+
+	tag_directives []yaml_tag_directive_t // The list of tag directives.
+
+	indent int // The current indentation level.
+
+	flow_level int // The current flow level.
+
+	root_context       bool // Is it the document root context?
+	sequence_context   bool // Is it a sequence context?
+	mapping_context    bool // Is it a mapping context?
+	simple_key_context bool // Is it a simple mapping key context?
+
+	line       int  // The current line.
+	column     int  // The current column.
+	whitespace bool // If the last character was a whitespace?
+	indention  bool // If the last character was an indentation character (' ', '-', '?', ':')?
+	open_ended bool // If an explicit document end is required?
+
+	// Anchor analysis.
+	anchor_data struct {
+		anchor []byte // The anchor value.
+		alias  bool   // Is it an alias?
+	}
+
+	// Tag analysis.
+	tag_data struct {
+		handle []byte // The tag handle.
+		suffix []byte // The tag suffix.
+	}
+
+	// Scalar analysis.
+	scalar_data struct {
+		value                 []byte              // The scalar value.
+		multiline             bool                // Does the scalar contain line breaks?
+		flow_plain_allowed    bool                // Can the scalar be expessed in the flow plain style?
+		block_plain_allowed   bool                // Can the scalar be expressed in the block plain style?
+		single_quoted_allowed bool                // Can the scalar be expressed in the single quoted style?
+		block_allowed         bool                // Can the scalar be expressed in the literal or folded styles?
+		style                 yaml_scalar_style_t // The output style.
+	}
+
+	// Dumper stuff
+
+	opened bool // If the stream was already opened?
+	closed bool // If the stream was already closed?
+
+	// The information associated with the document nodes.
+	anchors *struct {
+		references int  // The number of references.
+		anchor     int  // The anchor id.
+		serialized bool // If the node has been emitted?
+	}
+
+	last_anchor_id int // The last assigned anchor id.
+
+	document *yaml_document_t // The currently emitted document.
+}
diff --git a/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go
new file mode 100644
index 000000000..8110ce3c3
--- /dev/null
+++ b/vendor/sigs.k8s.io/yaml/goyaml.v2/yamlprivateh.go
@@ -0,0 +1,173 @@
+package yaml
+
+const (
+	// The size of the input raw buffer.
+	input_raw_buffer_size = 512
+
+	// The size of the input buffer.
+	// It should be possible to decode the whole raw buffer.
+	input_buffer_size = input_raw_buffer_size * 3
+
+	// The size of the output buffer.
+	output_buffer_size = 128
+
+	// The size of the output raw buffer.
+	// It should be possible to encode the whole output buffer.
+	output_raw_buffer_size = (output_buffer_size*2 + 2)
+
+	// The size of other stacks and queues.
+	initial_stack_size  = 16
+	initial_queue_size  = 16
+	initial_string_size = 16
+)
+
+// Check if the character at the specified position is an alphabetical
+// character, a digit, '_', or '-'.
+func is_alpha(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'Z' || b[i] >= 'a' && b[i] <= 'z' || b[i] == '_' || b[i] == '-'
+}
+
+// Check if the character at the specified position is a digit.
+func is_digit(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9'
+}
+
+// Get the value of a digit.
+func as_digit(b []byte, i int) int {
+	return int(b[i]) - '0'
+}
+
+// Check if the character at the specified position is a hex-digit.
+func is_hex(b []byte, i int) bool {
+	return b[i] >= '0' && b[i] <= '9' || b[i] >= 'A' && b[i] <= 'F' || b[i] >= 'a' && b[i] <= 'f'
+}
+
+// Get the value of a hex-digit.
+func as_hex(b []byte, i int) int {
+	bi := b[i]
+	if bi >= 'A' && bi <= 'F' {
+		return int(bi) - 'A' + 10
+	}
+	if bi >= 'a' && bi <= 'f' {
+		return int(bi) - 'a' + 10
+	}
+	return int(bi) - '0'
+}
+
+// Check if the character is ASCII.
+func is_ascii(b []byte, i int) bool {
+	return b[i] <= 0x7F
+}
+
+// Check if the character at the start of the buffer can be printed unescaped.
+func is_printable(b []byte, i int) bool {
+	return ((b[i] == 0x0A) || // . == #x0A
+		(b[i] >= 0x20 && b[i] <= 0x7E) || // #x20 <= . <= #x7E
+		(b[i] == 0xC2 && b[i+1] >= 0xA0) || // #0xA0 <= . <= #xD7FF
+		(b[i] > 0xC2 && b[i] < 0xED) ||
+		(b[i] == 0xED && b[i+1] < 0xA0) ||
+		(b[i] == 0xEE) ||
+		(b[i] == 0xEF && // #xE000 <= . <= #xFFFD
+			!(b[i+1] == 0xBB && b[i+2] == 0xBF) && // && . != #xFEFF
+			!(b[i+1] == 0xBF && (b[i+2] == 0xBE || b[i+2] == 0xBF))))
+}
+
+// Check if the character at the specified position is NUL.
+func is_z(b []byte, i int) bool {
+	return b[i] == 0x00
+}
+
+// Check if the beginning of the buffer is a BOM.
+func is_bom(b []byte, i int) bool {
+	return b[0] == 0xEF && b[1] == 0xBB && b[2] == 0xBF
+}
+
+// Check if the character at the specified position is space.
+func is_space(b []byte, i int) bool {
+	return b[i] == ' '
+}
+
+// Check if the character at the specified position is tab.
+func is_tab(b []byte, i int) bool {
+	return b[i] == '\t'
+}
+
+// Check if the character at the specified position is blank (space or tab).
+func is_blank(b []byte, i int) bool {
+	//return is_space(b, i) || is_tab(b, i)
+	return b[i] == ' ' || b[i] == '\t'
+}
+
+// Check if the character at the specified position is a line break.
+func is_break(b []byte, i int) bool {
+	return (b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9) // PS (#x2029)
+}
+
+func is_crlf(b []byte, i int) bool {
+	return b[i] == '\r' && b[i+1] == '\n'
+}
+
+// Check if the character is a line break or NUL.
+func is_breakz(b []byte, i int) bool {
+	//return is_break(b, i) || is_z(b, i)
+	return (        // is_break:
+	b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		// is_z:
+		b[i] == 0)
+}
+
+// Check if the character is a line break, space, or NUL.
+func is_spacez(b []byte, i int) bool {
+	//return is_space(b, i) || is_breakz(b, i)
+	return ( // is_space:
+	b[i] == ' ' ||
+		// is_breakz:
+		b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		b[i] == 0)
+}
+
+// Check if the character is a line break, space, tab, or NUL.
+func is_blankz(b []byte, i int) bool {
+	//return is_blank(b, i) || is_breakz(b, i)
+	return ( // is_blank:
+	b[i] == ' ' || b[i] == '\t' ||
+		// is_breakz:
+		b[i] == '\r' || // CR (#xD)
+		b[i] == '\n' || // LF (#xA)
+		b[i] == 0xC2 && b[i+1] == 0x85 || // NEL (#x85)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA8 || // LS (#x2028)
+		b[i] == 0xE2 && b[i+1] == 0x80 && b[i+2] == 0xA9 || // PS (#x2029)
+		b[i] == 0)
+}
+
+// Determine the width of the character.
+func width(b byte) int {
+	// Don't replace these by a switch without first
+	// confirming that it is being inlined.
+	if b&0x80 == 0x00 {
+		return 1
+	}
+	if b&0xE0 == 0xC0 {
+		return 2
+	}
+	if b&0xF0 == 0xE0 {
+		return 3
+	}
+	if b&0xF8 == 0xF0 {
+		return 4
+	}
+	return 0
+
+}
diff --git a/vendor/sigs.k8s.io/yaml/yaml.go b/vendor/sigs.k8s.io/yaml/yaml.go
index efbc535d4..fc10246bd 100644
--- a/vendor/sigs.k8s.io/yaml/yaml.go
+++ b/vendor/sigs.k8s.io/yaml/yaml.go
@@ -1,3 +1,19 @@
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package yaml
 
 import (
@@ -8,56 +24,59 @@ import (
 	"reflect"
 	"strconv"
 
-	"gopkg.in/yaml.v2"
+	"sigs.k8s.io/yaml/goyaml.v2"
 )
 
-// Marshal marshals the object into JSON then converts JSON to YAML and returns the
-// YAML.
-func Marshal(o interface{}) ([]byte, error) {
-	j, err := json.Marshal(o)
+// Marshal marshals obj into JSON using stdlib json.Marshal, and then converts JSON to YAML using JSONToYAML (see that method for more reference)
+func Marshal(obj interface{}) ([]byte, error) {
+	jsonBytes, err := json.Marshal(obj)
 	if err != nil {
-		return nil, fmt.Errorf("error marshaling into JSON: %v", err)
+		return nil, fmt.Errorf("error marshaling into JSON: %w", err)
 	}
 
-	y, err := JSONToYAML(j)
-	if err != nil {
-		return nil, fmt.Errorf("error converting JSON to YAML: %v", err)
-	}
-
-	return y, nil
+	return JSONToYAML(jsonBytes)
 }
 
 // JSONOpt is a decoding option for decoding from JSON format.
 type JSONOpt func(*json.Decoder) *json.Decoder
 
-// Unmarshal converts YAML to JSON then uses JSON to unmarshal into an object,
-// optionally configuring the behavior of the JSON unmarshal.
-func Unmarshal(y []byte, o interface{}, opts ...JSONOpt) error {
-	return yamlUnmarshal(y, o, false, opts...)
+// Unmarshal first converts the given YAML to JSON, and then unmarshals the JSON into obj. Options for the
+// standard library json.Decoder can be optionally specified, e.g. to decode untyped numbers into json.Number instead of float64, or to disallow unknown fields (but for that purpose, see also UnmarshalStrict). obj must be a non-nil pointer.
+//
+// Important notes about the Unmarshal logic:
+//
+//   - Decoding is case-insensitive, unlike the rest of Kubernetes API machinery, as this is using the stdlib json library. This might be confusing to users.
+//   - This decodes any number (although it is an integer) into a float64 if the type of obj is unknown, e.g. *map[string]interface{}, *interface{}, or *[]interface{}. This means integers above +/- 2^53 will lose precision when round-tripping. Make a JSONOpt that calls d.UseNumber() to avoid this.
+//   - Duplicate fields, including in-case-sensitive matches, are ignored in an undefined order. Note that the YAML specification forbids duplicate fields, so this logic is more permissive than it needs to. See UnmarshalStrict for an alternative.
+//   - Unknown fields, i.e. serialized data that do not map to a field in obj, are ignored. Use d.DisallowUnknownFields() or UnmarshalStrict to override.
+//   - As per the YAML 1.1 specification, which yaml.v2 used underneath implements, literal 'yes' and 'no' strings without quotation marks will be converted to true/false implicitly.
+//   - YAML non-string keys, e.g. ints, bools and floats, are converted to strings implicitly during the YAML to JSON conversion process.
+//   - There are no compatibility guarantees for returned error values.
+func Unmarshal(yamlBytes []byte, obj interface{}, opts ...JSONOpt) error {
+	return unmarshal(yamlBytes, obj, yaml.Unmarshal, opts...)
 }
 
-// UnmarshalStrict strictly converts YAML to JSON then uses JSON to unmarshal
-// into an object, optionally configuring the behavior of the JSON unmarshal.
-func UnmarshalStrict(y []byte, o interface{}, opts ...JSONOpt) error {
-	return yamlUnmarshal(y, o, true, append(opts, DisallowUnknownFields)...)
+// UnmarshalStrict is similar to Unmarshal (please read its documentation for reference), with the following exceptions:
+//
+//   - Duplicate fields in an object yield an error. This is according to the YAML specification.
+//   - If obj, or any of its recursive children, is a struct, presence of fields in the serialized data unknown to the struct will yield an error.
+func UnmarshalStrict(yamlBytes []byte, obj interface{}, opts ...JSONOpt) error {
+	return unmarshal(yamlBytes, obj, yaml.UnmarshalStrict, append(opts, DisallowUnknownFields)...)
 }
 
-// yamlUnmarshal unmarshals the given YAML byte stream into the given interface,
+// unmarshal unmarshals the given YAML byte stream into the given interface,
 // optionally performing the unmarshalling strictly
-func yamlUnmarshal(y []byte, o interface{}, strict bool, opts ...JSONOpt) error {
-	vo := reflect.ValueOf(o)
-	unmarshalFn := yaml.Unmarshal
-	if strict {
-		unmarshalFn = yaml.UnmarshalStrict
-	}
-	j, err := yamlToJSON(y, &vo, unmarshalFn)
+func unmarshal(yamlBytes []byte, obj interface{}, unmarshalFn func([]byte, interface{}) error, opts ...JSONOpt) error {
+	jsonTarget := reflect.ValueOf(obj)
+
+	jsonBytes, err := yamlToJSONTarget(yamlBytes, &jsonTarget, unmarshalFn)
 	if err != nil {
-		return fmt.Errorf("error converting YAML to JSON: %v", err)
+		return fmt.Errorf("error converting YAML to JSON: %w", err)
 	}
 
-	err = jsonUnmarshal(bytes.NewReader(j), o, opts...)
+	err = jsonUnmarshal(bytes.NewReader(jsonBytes), obj, opts...)
 	if err != nil {
-		return fmt.Errorf("error unmarshaling JSON: %v", err)
+		return fmt.Errorf("error unmarshaling JSON: %w", err)
 	}
 
 	return nil
@@ -67,21 +86,26 @@ func yamlUnmarshal(y []byte, o interface{}, strict bool, opts ...JSONOpt) error
 // object, optionally applying decoder options prior to decoding.  We are not
 // using json.Unmarshal directly as we want the chance to pass in non-default
 // options.
-func jsonUnmarshal(r io.Reader, o interface{}, opts ...JSONOpt) error {
-	d := json.NewDecoder(r)
+func jsonUnmarshal(reader io.Reader, obj interface{}, opts ...JSONOpt) error {
+	d := json.NewDecoder(reader)
 	for _, opt := range opts {
 		d = opt(d)
 	}
-	if err := d.Decode(&o); err != nil {
+	if err := d.Decode(&obj); err != nil {
 		return fmt.Errorf("while decoding JSON: %v", err)
 	}
 	return nil
 }
 
-// JSONToYAML Converts JSON to YAML.
+// JSONToYAML converts JSON to YAML. Notable implementation details:
+//
+//   - Duplicate fields, are case-sensitively ignored in an undefined order.
+//   - The sequence indentation style is compact, which means that the "- " marker for a YAML sequence will be on the same indentation level as the sequence field name.
+//   - Unlike Unmarshal, all integers, up to 64 bits, are preserved during this round-trip.
 func JSONToYAML(j []byte) ([]byte, error) {
 	// Convert the JSON to an object.
 	var jsonObj interface{}
+
 	// We are using yaml.Unmarshal here (instead of json.Unmarshal) because the
 	// Go JSON library doesn't try to pick the right number type (int, float,
 	// etc.) when unmarshalling to interface{}, it just picks float64
@@ -93,35 +117,46 @@ func JSONToYAML(j []byte) ([]byte, error) {
 	}
 
 	// Marshal this object into YAML.
-	return yaml.Marshal(jsonObj)
+	yamlBytes, err := yaml.Marshal(jsonObj)
+	if err != nil {
+		return nil, err
+	}
+
+	return yamlBytes, nil
 }
 
 // YAMLToJSON converts YAML to JSON. Since JSON is a subset of YAML,
 // passing JSON through this method should be a no-op.
 //
-// Things YAML can do that are not supported by JSON:
-// * In YAML you can have binary and null keys in your maps. These are invalid
-//   in JSON. (int and float keys are converted to strings.)
-// * Binary data in YAML with the !!binary tag is not supported. If you want to
-//   use binary data with this library, encode the data as base64 as usual but do
-//   not use the !!binary tag in your YAML. This will ensure the original base64
-//   encoded data makes it all the way through to the JSON.
+// Some things YAML can do that are not supported by JSON:
+//   - In YAML you can have binary and null keys in your maps. These are invalid
+//     in JSON, and therefore int, bool and float keys are converted to strings implicitly.
+//   - Binary data in YAML with the !!binary tag is not supported. If you want to
+//     use binary data with this library, encode the data as base64 as usual but do
+//     not use the !!binary tag in your YAML. This will ensure the original base64
+//     encoded data makes it all the way through to the JSON.
+//   - And more... read the YAML specification for more details.
+//
+// Notable about the implementation:
 //
-// For strict decoding of YAML, use YAMLToJSONStrict.
+// - Duplicate fields are case-sensitively ignored in an undefined order. Note that the YAML specification forbids duplicate fields, so this logic is more permissive than it needs to. See YAMLToJSONStrict for an alternative.
+// - As per the YAML 1.1 specification, which yaml.v2 used underneath implements, literal 'yes' and 'no' strings without quotation marks will be converted to true/false implicitly.
+// - Unlike Unmarshal, all integers, up to 64 bits, are preserved during this round-trip.
+// - There are no compatibility guarantees for returned error values.
 func YAMLToJSON(y []byte) ([]byte, error) {
-	return yamlToJSON(y, nil, yaml.Unmarshal)
+	return yamlToJSONTarget(y, nil, yaml.Unmarshal)
 }
 
 // YAMLToJSONStrict is like YAMLToJSON but enables strict YAML decoding,
 // returning an error on any duplicate field names.
 func YAMLToJSONStrict(y []byte) ([]byte, error) {
-	return yamlToJSON(y, nil, yaml.UnmarshalStrict)
+	return yamlToJSONTarget(y, nil, yaml.UnmarshalStrict)
 }
 
-func yamlToJSON(y []byte, jsonTarget *reflect.Value, yamlUnmarshal func([]byte, interface{}) error) ([]byte, error) {
+func yamlToJSONTarget(yamlBytes []byte, jsonTarget *reflect.Value, unmarshalFn func([]byte, interface{}) error) ([]byte, error) {
 	// Convert the YAML to an object.
 	var yamlObj interface{}
-	err := yamlUnmarshal(y, &yamlObj)
+	err := unmarshalFn(yamlBytes, &yamlObj)
 	if err != nil {
 		return nil, err
 	}
@@ -136,7 +171,11 @@ func yamlToJSON(y []byte, jsonTarget *reflect.Value, yamlUnmarshal func([]byte,
 	}
 
 	// Convert this object to JSON and return the data.
-	return json.Marshal(jsonObj)
+	jsonBytes, err := json.Marshal(jsonObj)
+	if err != nil {
+		return nil, err
+	}
+	return jsonBytes, nil
 }
 
 func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (interface{}, error) {
@@ -147,13 +186,13 @@ func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (in
 	// decoding into the value, we're just checking if the ultimate target is a
 	// string.
 	if jsonTarget != nil {
-		ju, tu, pv := indirect(*jsonTarget, false)
+		jsonUnmarshaler, textUnmarshaler, pointerValue := indirect(*jsonTarget, false)
 		// We have a JSON or Text Umarshaler at this level, so we can't be trying
 		// to decode into a string.
-		if ju != nil || tu != nil {
+		if jsonUnmarshaler != nil || textUnmarshaler != nil {
 			jsonTarget = nil
 		} else {
-			jsonTarget = &pv
+			jsonTarget = &pointerValue
 		}
 	}
 
@@ -205,7 +244,7 @@ func convertToJSONableObject(yamlObj interface{}, jsonTarget *reflect.Value) (in
 					keyString = "false"
 				}
 			default:
-				return nil, fmt.Errorf("Unsupported map key of type: %s, key: %+#v, value: %+#v",
+				return nil, fmt.Errorf("unsupported map key of type: %s, key: %+#v, value: %+#v",
 					reflect.TypeOf(k), k, v)
 			}
 
diff --git a/vendor/sigs.k8s.io/yaml/yaml_go110.go b/vendor/sigs.k8s.io/yaml/yaml_go110.go
index ab3e06a22..94abc1719 100644
--- a/vendor/sigs.k8s.io/yaml/yaml_go110.go
+++ b/vendor/sigs.k8s.io/yaml/yaml_go110.go
@@ -1,7 +1,24 @@
 // This file contains changes that are only compatible with go 1.10 and onwards.
 
+//go:build go1.10
 // +build go1.10
 
+/*
+Copyright 2021 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package yaml
 
 import "encoding/json"

From cd0698eabf43a901481723416d6666b79bdbbfb7 Mon Sep 17 00:00:00 2001
From: Les Aker <me@lesaker.org>
Date: Wed, 29 Nov 2023 23:17:29 -0500
Subject: [PATCH 12/12] remove show_traffic_restriction_as_allowlist

---
 internal/provider/resource_port_profile.go | 76 ++++++++++------------
 1 file changed, 34 insertions(+), 42 deletions(-)

diff --git a/internal/provider/resource_port_profile.go b/internal/provider/resource_port_profile.go
index 2772c7991..489cbb53b 100644
--- a/internal/provider/resource_port_profile.go
+++ b/internal/provider/resource_port_profile.go
@@ -163,12 +163,6 @@ func resourcePortProfile() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.IntBetween(0, 100),
 			},
-			"show_traffic_restriction_as_allowlist": {
-				Description: "Show the Traffic Restriction as allow list. This only affect to the UI, the list need to be configured on `excluded_networkconf_ids` as black list.",
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     false,
-			},
 			"speed": {
 				Description:  "The link speed to set for the port profile. Can be one of `10`, `100`, `1000`, `2500`, `5000`, `10000`, `20000`, `25000`, `40000`, `50000` or `100000`",
 				Type:         schema.TypeInt,
@@ -288,41 +282,40 @@ func resourcePortProfileGetResourceData(d *schema.ResourceData) (*unifi.PortProf
 	}
 
 	return &unifi.PortProfile{
-		Autoneg:                           d.Get("autoneg").(bool),
-		Dot1XCtrl:                         d.Get("dot1x_ctrl").(string),
-		Dot1XIDleTimeout:                  d.Get("dot1x_idle_timeout").(int),
-		EgressRateLimitKbps:               d.Get("egress_rate_limit_kbps").(int),
-		EgressRateLimitKbpsEnabled:        d.Get("egress_rate_limit_kbps_enabled").(bool),
-		Forward:                           d.Get("forward").(string),
-		ExcludedNetworkIDs:                excludedNetworkIds,
-		FullDuplex:                        d.Get("full_duplex").(bool),
-		Isolation:                         d.Get("isolation").(bool),
-		LldpmedEnabled:                    d.Get("lldpmed_enabled").(bool),
-		LldpmedNotifyEnabled:              d.Get("lldpmed_notify_enabled").(bool),
-		NATiveNetworkID:                   d.Get("native_networkconf_id").(string),
-		Name:                              d.Get("name").(string),
-		OpMode:                            d.Get("op_mode").(string),
-		PoeMode:                           d.Get("poe_mode").(string),
-		PortSecurityEnabled:               d.Get("port_security_enabled").(bool),
-		PortSecurityMACAddress:            portSecurityMacAddress,
-		PriorityQueue1Level:               d.Get("priority_queue1_level").(int),
-		PriorityQueue2Level:               d.Get("priority_queue2_level").(int),
-		PriorityQueue3Level:               d.Get("priority_queue3_level").(int),
-		PriorityQueue4Level:               d.Get("priority_queue4_level").(int),
-		ShowTrafficRestrictionAsAllowlist: d.Get("show_traffic_restriction_as_allowlist").(bool),
-		Speed:                             d.Get("speed").(int),
-		StormctrlBroadcastastEnabled:      d.Get("stormctrl_bcast_enabled").(bool),
-		StormctrlBroadcastastLevel:        d.Get("stormctrl_bcast_level").(int),
-		StormctrlBroadcastastRate:         d.Get("stormctrl_bcast_rate").(int),
-		StormctrlMcastEnabled:             d.Get("stormctrl_mcast_enabled").(bool),
-		StormctrlMcastLevel:               d.Get("stormctrl_mcast_level").(int),
-		StormctrlMcastRate:                d.Get("stormctrl_mcast_rate").(int),
-		StormctrlType:                     d.Get("stormctrl_type").(string),
-		StormctrlUcastEnabled:             d.Get("stormctrl_ucast_enabled").(bool),
-		StormctrlUcastLevel:               d.Get("stormctrl_ucast_level").(int),
-		StormctrlUcastRate:                d.Get("stormctrl_ucast_rate").(int),
-		StpPortMode:                       d.Get("stp_port_mode").(bool),
-		VoiceNetworkID:                    d.Get("voice_networkconf_id").(string),
+		Autoneg:                      d.Get("autoneg").(bool),
+		Dot1XCtrl:                    d.Get("dot1x_ctrl").(string),
+		Dot1XIDleTimeout:             d.Get("dot1x_idle_timeout").(int),
+		EgressRateLimitKbps:          d.Get("egress_rate_limit_kbps").(int),
+		EgressRateLimitKbpsEnabled:   d.Get("egress_rate_limit_kbps_enabled").(bool),
+		Forward:                      d.Get("forward").(string),
+		ExcludedNetworkIDs:           excludedNetworkIds,
+		FullDuplex:                   d.Get("full_duplex").(bool),
+		Isolation:                    d.Get("isolation").(bool),
+		LldpmedEnabled:               d.Get("lldpmed_enabled").(bool),
+		LldpmedNotifyEnabled:         d.Get("lldpmed_notify_enabled").(bool),
+		NATiveNetworkID:              d.Get("native_networkconf_id").(string),
+		Name:                         d.Get("name").(string),
+		OpMode:                       d.Get("op_mode").(string),
+		PoeMode:                      d.Get("poe_mode").(string),
+		PortSecurityEnabled:          d.Get("port_security_enabled").(bool),
+		PortSecurityMACAddress:       portSecurityMacAddress,
+		PriorityQueue1Level:          d.Get("priority_queue1_level").(int),
+		PriorityQueue2Level:          d.Get("priority_queue2_level").(int),
+		PriorityQueue3Level:          d.Get("priority_queue3_level").(int),
+		PriorityQueue4Level:          d.Get("priority_queue4_level").(int),
+		Speed:                        d.Get("speed").(int),
+		StormctrlBroadcastastEnabled: d.Get("stormctrl_bcast_enabled").(bool),
+		StormctrlBroadcastastLevel:   d.Get("stormctrl_bcast_level").(int),
+		StormctrlBroadcastastRate:    d.Get("stormctrl_bcast_rate").(int),
+		StormctrlMcastEnabled:        d.Get("stormctrl_mcast_enabled").(bool),
+		StormctrlMcastLevel:          d.Get("stormctrl_mcast_level").(int),
+		StormctrlMcastRate:           d.Get("stormctrl_mcast_rate").(int),
+		StormctrlType:                d.Get("stormctrl_type").(string),
+		StormctrlUcastEnabled:        d.Get("stormctrl_ucast_enabled").(bool),
+		StormctrlUcastLevel:          d.Get("stormctrl_ucast_level").(int),
+		StormctrlUcastRate:           d.Get("stormctrl_ucast_rate").(int),
+		StpPortMode:                  d.Get("stp_port_mode").(bool),
+		VoiceNetworkID:               d.Get("voice_networkconf_id").(string),
 	}, nil
 }
 
@@ -349,7 +342,6 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("priority_queue2_level", resp.PriorityQueue2Level)
 	d.Set("priority_queue3_level", resp.PriorityQueue3Level)
 	d.Set("priority_queue4_level", resp.PriorityQueue4Level)
-	d.Set("show_traffic_restriction_as_allowlist", resp.ShowTrafficRestrictionAsAllowlist)
 	d.Set("speed", resp.Speed)
 	d.Set("stormctrl_bcast_enabled", resp.StormctrlBroadcastastEnabled)
 	d.Set("stormctrl_bcast_level", resp.StormctrlBroadcastastLevel)