gatekeeper: Remove csi-kata-directvolume build from required tests

Since we don't build that anymore.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>

.github/workflows/build-kata-static-tarball-amd64.yaml

@@ -367,7 +367,6 @@ jobs:
       matrix:
         asset:
           - agent-ctl
-          - csi-kata-directvolume
           - genpolicy
           - kata-ctl
           - kata-manager

.github/workflows/ci.yaml

@@ -216,61 +216,6 @@ jobs:
           platforms: linux/amd64, linux/s390x
           file: tests/integration/kubernetes/runtimeclass_workloads/confidential/unencrypted/Dockerfile
 
-  publish-csi-driver-amd64:
-    name: publish-csi-driver-amd64
-    needs: build-kata-static-tarball-amd64
-    permissions:
-      contents: read
-      packages: write
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ inputs.commit-hash }}
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Rebase atop of the latest target branch
-        run: |
-          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
-        env:
-          TARGET_BRANCH: ${{ inputs.target-branch }}
-
-      - name: get-kata-tools-tarball
-        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
-        with:
-          name: kata-tools-static-tarball-amd64-${{ inputs.tag }}
-          path: kata-tools-artifacts
-
-      - name: Install kata-tools
-        run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-tools-artifacts
-
-      - name: Copy binary into Docker context
-        run: |
-          # Copy to the location where the Dockerfile expects the binary.
-          mkdir -p src/tools/csi-kata-directvolume/bin/
-          cp /opt/kata/bin/csi-kata-directvolume src/tools/csi-kata-directvolume/bin/directvolplugin
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Login to Kata Containers ghcr.io
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Docker build and push
-        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
-        with:
-          tags: ghcr.io/kata-containers/csi-kata-directvolume:${{ inputs.pr-number }}
-          push: true
-          context: src/tools/csi-kata-directvolume/
-          platforms: linux/amd64
-          file: src/tools/csi-kata-directvolume/Dockerfile
-
   run-kata-monitor-tests:
     if: ${{ inputs.skip-test != 'yes' }}
     needs: build-kata-static-tarball-amd64
@@ -349,7 +294,6 @@ jobs:
     needs:
      - publish-kata-deploy-payload-amd64
      - build-and-publish-tee-confidential-unencrypted-image
-     - publish-csi-driver-amd64
     uses: ./.github/workflows/run-kata-coco-tests.yaml
     permissions:
       contents: read

.github/workflows/run-kata-coco-tests.yaml

@@ -110,10 +110,6 @@ jobs:
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
 
-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
-
       - name: Run tests
         timeout-minutes: 100
         run: bash tests/integration/kubernetes/gha-run.sh run-tests
@@ -134,10 +130,6 @@ jobs:
           [[ "${KATA_HYPERVISOR}" == "qemu-tdx" ]] && echo "ITA_KEY=${GH_ITA_KEY}" >> "${GITHUB_ENV}"
           bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
 
-      - name: Delete CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
-
   # Generate jobs for testing CoCo on non-TEE environments
   run-k8s-tests-coco-nontee:
     name: run-k8s-tests-coco-nontee
@@ -235,10 +227,6 @@ jobs:
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
 
-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
-
       - name: Run tests
         timeout-minutes: 80
         run: bash tests/integration/kubernetes/gha-run.sh run-tests
@@ -257,11 +245,6 @@ jobs:
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
 
-      - name: Delete CSI driver
-        if: always()
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
-
   # Extensive matrix: autogenerated policy tests (nydus + experimental-force-guest-pull) on k0s, k3s, rke2, microk8s with qemu-coco-dev / qemu-coco-dev-runtime-rs
   run-k8s-tests-coco-nontee-extensive-matrix:
     if: ${{ inputs.extensive-matrix-autogenerated-policy == 'yes' }}
@@ -365,10 +348,6 @@ jobs:
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh install-kbs-client
 
-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
-
       - name: Run tests
         timeout-minutes: 80
         run: bash tests/integration/kubernetes/gha-run.sh run-tests
@@ -387,11 +366,6 @@ jobs:
         timeout-minutes: 10
         run: bash tests/integration/kubernetes/gha-run.sh delete-coco-kbs
 
-      - name: Delete CSI driver
-        if: always()
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver
-
   # Generate jobs for testing CoCo on non-TEE environments with erofs-snapshotter
   run-k8s-tests-coco-nontee-with-erofs-snapshotter:
     name: run-k8s-tests-coco-nontee-with-erofs-snapshotter
@@ -478,10 +452,6 @@ jobs:
         timeout-minutes: 20
         run: bash tests/integration/kubernetes/gha-run.sh deploy-kata
 
-      - name: Deploy CSI driver
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh deploy-csi-driver
-
       - name: Run tests
         timeout-minutes: 80
         run: bash tests/integration/kubernetes/gha-run.sh run-tests
@@ -494,8 +464,3 @@ jobs:
         if: always()
         timeout-minutes: 15
         run: bash tests/integration/kubernetes/gha-run.sh cleanup
-
-      - name: Delete CSI driver
-        if: always()
-        timeout-minutes: 5
-        run: bash tests/integration/kubernetes/gha-run.sh delete-csi-driver

.gitignore

@@ -20,3 +20,6 @@ tools/packaging/static-build/agent/install_libseccomp.sh
 .direnv
 **/.DS_Store
 site/
+opt/
+tools/packaging/kernel/configs/**/.config
+root_hash.txt

Cargo.toml

@@ -22,6 +22,9 @@ members = [
   "src/dragonball/dbs_utils",
   "src/dragonball/dbs_virtio_devices",
 
+  # genpolicy
+  "src/tools/genpolicy",
+
   # runtime-rs
   "src/runtime-rs",
   "src/runtime-rs/crates/agent",
@@ -107,6 +110,9 @@ safe-path = { path = "src/libs/safe-path" }
 shim-interface = { path = "src/libs/shim-interface" }
 test-utils = { path = "src/libs/test-utils" }
 
+# Local dependencies from `src/agent`
+kata-agent-policy = { path = "src/agent/policy" }
+
 # Outside dependencies
 actix-rt = "2.7.0"
 anyhow = "1.0"

osv-scanner.toml

@@ -0,0 +1,8 @@
+[[IgnoredVulns]]
+# yaml-rust is unmaintained.
+# We tried the most promising alternative in https://github.com/kata-containers/kata-containers/pull/12509,
+# but its literal quoting is not conformant.
+id = "RUSTSEC-2024-0320"
+ignoreUntil = 2026-10-01 # TODO(burgerdev): revisit yml library ecosystem
+reason = "No alternative currently supports 'yes' strings correctly; genpolicy processes only trusted input."
+

src/agent/Cargo.lock

@@ -979,6 +979,12 @@ dependencies = [
  "parking_lot_core",
 ]
 
+[[package]]
+name = "data-encoding"
+version = "2.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
+
 [[package]]
 name = "deranged"
 version = "0.5.5"
@@ -3428,6 +3434,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "843c3d97f07e3b5ac0955d53ad0af4c91fe4a4f8525843ece5bf014f27829b73"
 dependencies = [
  "anyhow",
+ "data-encoding",
  "lazy_static",
  "rand",
  "regex",

src/agent/policy/Cargo.toml

@@ -18,6 +18,8 @@ serde_json.workspace = true
 # Agent Policy
 regorus = { version = "0.2.8", default-features = false, features = [
     "arc",
+    "base64",
+    "base64url",
     "regex",
     "std",
 ] }

src/agent/src/rpc.rs

@@ -2308,9 +2308,6 @@ fn is_sealed_secret_path(source_path: &str) -> bool {
 }
 
 async fn cdh_handler_trusted_storage(oci: &mut Spec) -> Result<()> {
-    if !confidential_data_hub::is_cdh_client_initialized() {
-        return Ok(());
-    }
     let linux = oci
         .linux()
         .as_ref()
@@ -2320,26 +2317,8 @@ async fn cdh_handler_trusted_storage(oci: &mut Spec) -> Result<()> {
         for specdev in devices.iter() {
             if specdev.path().as_path().to_str() == Some(TRUSTED_IMAGE_STORAGE_DEVICE) {
                 let dev_major_minor = format!("{}:{}", specdev.major(), specdev.minor());
-                let secure_storage_integrity = AGENT_CONFIG.secure_storage_integrity.to_string();
-                info!(
-                    sl(),
-                    "trusted_store device major:min {}, enable data integrity {}",
-                    dev_major_minor,
-                    secure_storage_integrity
-                );
-
-                let options = std::collections::HashMap::from([
-                    ("deviceId".to_string(), dev_major_minor),
-                    ("encryptType".to_string(), "LUKS".to_string()),
-                    ("dataIntegrity".to_string(), secure_storage_integrity),
-                ]);
-                confidential_data_hub::secure_mount(
-                    "BlockDevice",
-                    &options,
-                    vec![],
-                    KATA_IMAGE_WORK_DIR,
-                )
-                .await?;
+                cdh_secure_mount("BlockDevice", &dev_major_minor, "LUKS", KATA_IMAGE_WORK_DIR)
+                    .await?;
                 break;
             }
         }
@@ -2347,6 +2326,38 @@ async fn cdh_handler_trusted_storage(oci: &mut Spec) -> Result<()> {
     Ok(())
 }
 
+pub(crate) async fn cdh_secure_mount(
+    device_type: &str,
+    device_id: &str,
+    encrypt_type: &str,
+    mount_point: &str,
+) -> Result<()> {
+    if !confidential_data_hub::is_cdh_client_initialized() {
+        return Ok(());
+    }
+
+    let integrity = AGENT_CONFIG.secure_storage_integrity.to_string();
+
+    info!(
+        sl(),
+        "cdh_secure_mount: device_type {}, device_id {}, encrypt_type {}, integrity {}",
+        device_type,
+        device_id,
+        encrypt_type,
+        integrity
+    );
+
+    let options = std::collections::HashMap::from([
+        ("deviceId".to_string(), device_id.to_string()),
+        ("encryptType".to_string(), encrypt_type.to_string()),
+        ("dataIntegrity".to_string(), integrity),
+    ]);
+
+    confidential_data_hub::secure_mount(device_type, &options, vec![], mount_point).await?;
+
+    Ok(())
+}
+
 async fn cdh_handler_sealed_secrets(oci: &mut Spec) -> Result<()> {
     if !confidential_data_hub::is_cdh_client_initialized() {
         return Ok(());

src/agent/src/sandbox.rs

@@ -65,6 +65,12 @@ type UeventWatcher = (Box<dyn UeventMatcher>, oneshot::Sender<Uevent>);
 pub struct StorageState {
     count: Arc<AtomicU32>,
     device: Arc<dyn StorageDevice>,
+
+    /// Whether the storage is shared across multiple containers (e.g.
+    /// block-based emptyDirs). Shared storages should not be cleaned up
+    /// when a container exits; cleanup happens only when the sandbox is
+    /// destroyed.
+    shared: bool,
 }
 
 impl Debug for StorageState {
@@ -74,17 +80,11 @@ impl Debug for StorageState {
 }
 
 impl StorageState {
-    fn new() -> Self {
+    fn new(shared: bool) -> Self {
         StorageState {
             count: Arc::new(AtomicU32::new(1)),
             device: Arc::new(StorageDeviceGeneric::default()),
-        }
-    }
-
-    pub fn from_device(device: Arc<dyn StorageDevice>) -> Self {
-        Self {
-            count: Arc::new(AtomicU32::new(1)),
-            device,
+            shared,
         }
     }
 
@@ -92,6 +92,10 @@ impl StorageState {
         self.device.path()
     }
 
+    pub fn is_shared(&self) -> bool {
+        self.shared
+    }
+
     pub async fn ref_count(&self) -> u32 {
         self.count.load(Ordering::Relaxed)
     }
@@ -171,8 +175,10 @@ impl Sandbox {
 
     /// Add a new storage object or increase reference count of existing one.
     /// The caller may detect new storage object by checking `StorageState.refcount == 1`.
+    /// The `shared` flag indicates if this storage is shared across multiple containers;
+    /// if true, cleanup will be skipped when containers exit.
     #[instrument]
-    pub async fn add_sandbox_storage(&mut self, path: &str) -> StorageState {
+    pub async fn add_sandbox_storage(&mut self, path: &str, shared: bool) -> StorageState {
         match self.storages.entry(path.to_string()) {
             Entry::Occupied(e) => {
                 let state = e.get().clone();
@@ -180,7 +186,7 @@ impl Sandbox {
                 state
             }
             Entry::Vacant(e) => {
-                let state = StorageState::new();
+                let state = StorageState::new(shared);
                 e.insert(state.clone());
                 state
             }
@@ -188,22 +194,32 @@ impl Sandbox {
     }
 
     /// Update the storage device associated with a path.
+    /// Preserves the existing shared flag and reference count.
     pub fn update_sandbox_storage(
         &mut self,
         path: &str,
         device: Arc<dyn StorageDevice>,
     ) -> std::result::Result<Arc<dyn StorageDevice>, Arc<dyn StorageDevice>> {
-        if !self.storages.contains_key(path) {
-            return Err(device);
+        match self.storages.get(path) {
+            None => Err(device),
+            Some(existing) => {
+                let state = StorageState {
+                    device,
+                    ..existing.clone()
+                };
+                // Safe to unwrap() because we have just ensured existence of entry via get().
+                let state = self.storages.insert(path.to_string(), state).unwrap();
+                Ok(state.device)
+            }
         }
-
-        let state = StorageState::from_device(device);
-        // Safe to unwrap() because we have just ensured existence of entry.
-        let state = self.storages.insert(path.to_string(), state).unwrap();
-        Ok(state.device)
     }
 
     /// Decrease reference count and destroy the storage object if reference count reaches zero.
+    ///
+    /// For shared storages (e.g., emptyDir volumes), cleanup is skipped even when refcount
+    /// reaches zero. The storage entry is kept in the map so subsequent containers can reuse
+    /// the already-mounted storage. Actual cleanup happens when the sandbox is destroyed.
+    ///
     /// Returns `Ok(true)` if the reference count has reached zero and the storage object has been
     /// removed.
     #[instrument]
@@ -212,6 +228,10 @@ impl Sandbox {
             None => Err(anyhow!("Sandbox storage with path {} not found", path)),
             Some(state) => {
                 if state.dec_and_test_ref_count().await {
+                    if state.is_shared() {
+                        state.count.store(1, Ordering::Release);
+                        return Ok(false);
+                    }
                     if let Some(storage) = self.storages.remove(path) {
                         storage.device.cleanup()?;
                     }
@@ -720,7 +740,7 @@ mod tests {
         let tmpdir_path = tmpdir.path().to_str().unwrap();
 
         // Add a new sandbox storage
-        let new_storage = s.add_sandbox_storage(tmpdir_path).await;
+        let new_storage = s.add_sandbox_storage(tmpdir_path, false).await;
 
         // Check the reference counter
         let ref_count = new_storage.ref_count().await;
@@ -730,7 +750,7 @@ mod tests {
         );
 
         // Use the existing sandbox storage
-        let new_storage = s.add_sandbox_storage(tmpdir_path).await;
+        let new_storage = s.add_sandbox_storage(tmpdir_path, false).await;
 
         // Since we are using existing storage, the reference counter
         // should be 2 by now.
@@ -771,7 +791,7 @@ mod tests {
 
         assert!(bind_mount(srcdir_path, destdir_path, &logger).is_ok());
 
-        s.add_sandbox_storage(destdir_path).await;
+        s.add_sandbox_storage(destdir_path, false).await;
         let storage = StorageDeviceGeneric::new(destdir_path.to_string());
         assert!(s
             .update_sandbox_storage(destdir_path, Arc::new(storage))
@@ -789,7 +809,7 @@ mod tests {
             let other_dir_path = other_dir.path().to_str().unwrap();
             other_dir_str = other_dir_path.to_string();
 
-            s.add_sandbox_storage(other_dir_path).await;
+            s.add_sandbox_storage(other_dir_path, false).await;
             let storage = StorageDeviceGeneric::new(other_dir_path.to_string());
             assert!(s
                 .update_sandbox_storage(other_dir_path, Arc::new(storage))
@@ -808,9 +828,9 @@ mod tests {
         let storage_path = "/tmp/testEphe";
 
         // Add a new sandbox storage
-        s.add_sandbox_storage(storage_path).await;
+        s.add_sandbox_storage(storage_path, false).await;
         // Use the existing sandbox storage
-        let state = s.add_sandbox_storage(storage_path).await;
+        let state = s.add_sandbox_storage(storage_path, false).await;
         assert!(
             state.ref_count().await > 1,
             "Expects false as the storage is not new."

src/agent/src/storage/block_handler.rs

@@ -6,7 +6,7 @@
 
 use crate::linux_abi::pcipath_from_dev_tree_path;
 use std::fs;
-use std::os::unix::fs::PermissionsExt;
+use std::os::unix::fs::{MetadataExt, PermissionsExt};
 use std::path::Path;
 use std::sync::Arc;
 
@@ -17,6 +17,7 @@ use kata_types::device::{
     DRIVER_BLK_MMIO_TYPE, DRIVER_BLK_PCI_TYPE, DRIVER_NVDIMM_TYPE, DRIVER_SCSI_TYPE,
 };
 use kata_types::mount::StorageDevice;
+use nix::sys::stat::{major, minor};
 use protocols::agent::Storage;
 use tracing::instrument;
 
@@ -29,10 +30,44 @@ use crate::device::block_device_handler::{
 };
 use crate::device::nvdimm_device_handler::wait_for_pmem_device;
 use crate::device::scsi_device_handler::get_scsi_device_name;
-use crate::storage::{common_storage_handler, new_device, StorageContext, StorageHandler};
+use crate::storage::{
+    common_storage_handler, new_device, set_ownership, StorageContext, StorageHandler,
+};
+use slog::Logger;
 #[cfg(target_arch = "s390x")]
 use std::str::FromStr;
 
+fn get_device_number(dev_path: &str, metadata: Option<&fs::Metadata>) -> Result<String> {
+    let dev_id = match metadata {
+        Some(m) => m.rdev(),
+        None => {
+            let m =
+                fs::metadata(dev_path).context(format!("get metadata on file {:?}", dev_path))?;
+            m.rdev()
+        }
+    };
+    Ok(format!("{}:{}", major(dev_id), minor(dev_id)))
+}
+
+async fn handle_block_storage(
+    logger: &Logger,
+    storage: &Storage,
+    dev_num: &str,
+) -> Result<Arc<dyn StorageDevice>> {
+    let has_ephemeral_encryption = storage
+        .driver_options
+        .contains(&"encryption_key=ephemeral".to_string());
+
+    if has_ephemeral_encryption {
+        crate::rpc::cdh_secure_mount("BlockDevice", dev_num, "LUKS", &storage.mount_point).await?;
+        set_ownership(logger, storage)?;
+        new_device(storage.mount_point.clone())
+    } else {
+        let path = common_storage_handler(logger, storage)?;
+        new_device(path)
+    }
+}
+
 #[derive(Debug)]
 pub struct VirtioBlkMmioHandler {}
 
@@ -75,6 +110,8 @@ impl StorageHandler for VirtioBlkPciHandler {
         mut storage: Storage,
         ctx: &mut StorageContext,
     ) -> Result<Arc<dyn StorageDevice>> {
+        let dev_num: String;
+
         // If hot-plugged, get the device node path based on the PCI path
         // otherwise use the virt path provided in Storage Source
         if storage.source.starts_with("/dev") {
@@ -84,15 +121,16 @@ impl StorageHandler for VirtioBlkPciHandler {
             if mode & libc::S_IFBLK == 0 {
                 return Err(anyhow!("Invalid device {}", &storage.source));
             }
+            dev_num = get_device_number(&storage.source, Some(&metadata))?;
         } else {
             let (root_complex, pcipath) = pcipath_from_dev_tree_path(&storage.source)?;
             let dev_path =
                 get_virtio_blk_pci_device_name(ctx.sandbox, root_complex, &pcipath).await?;
             storage.source = dev_path;
+            dev_num = get_device_number(&storage.source, None)?;
         }
 
-        let path = common_storage_handler(ctx.logger, &storage)?;
-        new_device(path)
+        handle_block_storage(ctx.logger, &storage, &dev_num).await
     }
 }
 
@@ -151,10 +189,10 @@ impl StorageHandler for ScsiHandler {
     ) -> Result<Arc<dyn StorageDevice>> {
         // Retrieve the device path from SCSI address.
         let dev_path = get_scsi_device_name(ctx.sandbox, &storage.source).await?;
-        storage.source = dev_path;
+        storage.source = dev_path.clone();
 
-        let path = common_storage_handler(ctx.logger, &storage)?;
-        new_device(path)
+        let dev_num = get_device_number(&dev_path, None)?;
+        handle_block_storage(ctx.logger, &storage, &dev_num).await
     }
 }
 

src/agent/src/storage/mod.rs

@@ -172,7 +172,11 @@ pub async fn add_storages(
 
     for storage in storages {
         let path = storage.mount_point.clone();
-        let state = sandbox.lock().await.add_sandbox_storage(&path).await;
+        let state = sandbox
+            .lock()
+            .await
+            .add_sandbox_storage(&path, storage.shared)
+            .await;
         if state.ref_count().await > 1 {
             if let Some(path) = state.path() {
                 if !path.is_empty() {

src/libs/protocols/protos/agent.proto

@@ -520,6 +520,11 @@ message Storage {
 	// FSGroup consists of the group ID and group ownership change policy
 	// that the mounted volume must have its group ID changed to when specified.
 	FSGroup fs_group = 7;
+	// Shared indicates this storage is shared across multiple containers
+	// (e.g., block-based emptyDirs). When true, the agent should not clean up
+	// the storage when a container using it exits, as other containers
+	// may still need it. Cleanup will happen when the sandbox is destroyed.
+	bool shared = 8;
 }
 
 // Device represents only the devices that could have been defined through the

src/runtime-rs/Makefile

@@ -15,6 +15,11 @@ PROJECT_URL = https://github.com/kata-containers
 PROJECT_COMPONENT = containerd-shim-kata-v2
 CONTAINERD_RUNTIME_NAME = io.containerd.kata.v2
 
+# This snippet finds all packages inside runtime-rs. Used for tessting.
+PACKAGES := $(shell cargo metadata --no-deps --format-version 1 | \
+                    jq -r '.packages[] | select(.manifest_path | contains("runtime-rs")) | .name')
+PACKAGE_FLAGS := $(patsubst %,-p %,$(PACKAGES))
+
 include ../../utils.mk
 
 ARCH_DIR = arch
@@ -45,9 +50,9 @@ test:
 else
 ##TARGET default: build code
 default: runtime show-header
-##TARGET test: run cargo tests
+##TARGET test: run cargo tests for runtime-rs and all its sub-crates.
 test: static-checks-build
-	@cargo test --all --target $(TRIPLE) $(EXTRA_RUSTFEATURES) -- --nocapture  --skip bindgen
+	@cargo test $(PACKAGE_FLAGS) --target $(TRIPLE) $(EXTRA_RUSTFEATURES) -- --nocapture  --skip bindgen
 install: install-runtime install-configs
 endif
 
@@ -733,7 +738,7 @@ static-checks-build: $(GENERATED_FILES)
 $(TARGET): $(GENERATED_FILES) $(TARGET_PATH)
 
 $(TARGET_PATH): $(SOURCES) | show-summary
-	@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build --target $(TRIPLE) $(if $(findstring release,$(BUILD_TYPE)),--release) $(EXTRA_RUSTFEATURES)
+	@RUSTFLAGS="$(EXTRA_RUSTFLAGS) --deny warnings" cargo build -p runtime-rs --target $(TRIPLE) $(if $(findstring release,$(BUILD_TYPE)),--release) $(EXTRA_RUSTFEATURES)
 
 $(GENERATED_FILES): %: %.in
 	@sed \
@@ -769,7 +774,7 @@ endif
 
 ##TARGET run: build and run agent
 run:
-	@cargo run --target $(TRIPLE)
+	@cargo run -p runtime-rs --target $(TRIPLE)
 
 show-header:
 	@printf "%s - version %s (commit %s)\n\n" "$(TARGET)" "$(VERSION)" "$(COMMIT_MSG)"

src/runtime/Makefile

@@ -225,6 +225,8 @@ DEFENABLEANNOTATIONS := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_pa
 DEFENABLEANNOTATIONS_COCO := [\"enable_iommu\", \"virtio_fs_extra_args\", \"kernel_params\", \"kernel_verity_params\", \"default_vcpus\", \"default_memory\", \"cc_init_data\"]
 DEFDISABLEGUESTSECCOMP := true
 DEFDISABLEGUESTEMPTYDIR := false
+DEFEMPTYDIRMODE := shared-fs
+DEFEMPTYDIRMODE_COCO := block-encrypted
 #Default experimental features enabled
 DEFAULTEXPFEATURES := []
 
@@ -750,6 +752,8 @@ USER_VARS += DEFNETWORKMODEL_FC
 USER_VARS += DEFNETWORKMODEL_QEMU
 USER_VARS += DEFNETWORKMODEL_STRATOVIRT
 USER_VARS += DEFDISABLEGUESTEMPTYDIR
+USER_VARS += DEFEMPTYDIRMODE
+USER_VARS += DEFEMPTYDIRMODE_COCO
 USER_VARS += DEFDISABLEGUESTSECCOMP
 USER_VARS += DEFDISABLESELINUX
 USER_VARS += DEFDISABLEGUESTSELINUX

src/runtime/config/configuration-clh.toml.in

@@ -463,6 +463,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-fc.toml.in

@@ -354,6 +354,18 @@ static_sandbox_resource_mgmt = @DEFSTATICRESOURCEMGMT_FC@
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-cca.toml.in

@@ -638,6 +638,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-coco-dev.toml.in

@@ -701,6 +701,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE_COCO@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in

@@ -717,6 +717,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in

@@ -694,6 +694,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-nvidia-gpu.toml.in

@@ -696,6 +696,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-se.toml.in

@@ -679,6 +679,18 @@ vfio_mode = "@DEFVFIOMODE_SE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-snp.toml.in

@@ -704,6 +704,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE_COCO@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu-tdx.toml.in

@@ -686,6 +686,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE_COCO@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-qemu.toml.in

@@ -695,6 +695,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-remote.toml.in

@@ -262,6 +262,18 @@ vfio_mode = "@DEFVFIOMODE@"
 # Note: remote hypervisor has no sharing of emptydir mounts from host to guest
 disable_guest_empty_dir = false
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/config/configuration-stratovirt.toml.in

@@ -397,6 +397,18 @@ static_sandbox_resource_mgmt = @DEFSTATICRESOURCEMGMT_STRATOVIRT@
 # be created on the host and shared via virtio-fs. This is potentially slower, but allows sharing of files from host to guest.
 disable_guest_empty_dir = @DEFDISABLEGUESTEMPTYDIR@
 
+# Specifies how Kubernetes emptyDir volumes are handled.
+# Options:
+#
+#   - shared-fs (default)
+#     Shares the emptyDir folder with the guest using the method given
+#     by the `shared_fs` setting.
+#
+#   - block-encrypted
+#     Plugs a block device to be encrypted in the guest.
+#
+emptydir_mode = "@DEFEMPTYDIRMODE@"
+
 # Enabled experimental feature list, format: ["a", "b"].
 # Experimental features are features not stable enough for production,
 # they may break compatibility, and are prepared for a big version bump.

src/runtime/go.mod

@@ -26,11 +26,11 @@ require (
 	github.com/docker/go-units v0.5.0
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/go-ini/ini v1.67.0
-	github.com/go-openapi/errors v0.22.4
-	github.com/go-openapi/runtime v0.29.2
-	github.com/go-openapi/strfmt v0.25.0
+	github.com/go-openapi/errors v0.22.1
+	github.com/go-openapi/runtime v0.28.0
+	github.com/go-openapi/strfmt v0.23.0
 	github.com/go-openapi/swag v0.23.1
-	github.com/go-openapi/validate v0.25.1
+	github.com/go-openapi/validate v0.24.0
 	github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/intel-go/cpuid v0.0.0-20210602155658-5747e5cec0d9
@@ -72,6 +72,7 @@ require (
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.13.0 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cilium/ebpf v0.16.0 // indirect
@@ -92,21 +93,11 @@ require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.24.1 // indirect
-	github.com/go-openapi/jsonpointer v0.22.1 // indirect
-	github.com/go-openapi/jsonreference v0.21.3 // indirect
-	github.com/go-openapi/loads v0.23.2 // indirect
-	github.com/go-openapi/spec v0.22.1 // indirect
-	github.com/go-openapi/swag/conv v0.25.1 // indirect
-	github.com/go-openapi/swag/fileutils v0.25.1 // indirect
-	github.com/go-openapi/swag/jsonname v0.25.1 // indirect
-	github.com/go-openapi/swag/jsonutils v0.25.1 // indirect
-	github.com/go-openapi/swag/loading v0.25.1 // indirect
-	github.com/go-openapi/swag/mangling v0.25.1 // indirect
-	github.com/go-openapi/swag/stringutils v0.25.1 // indirect
-	github.com/go-openapi/swag/typeutils v0.25.1 // indirect
-	github.com/go-openapi/swag/yamlutils v0.25.1 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
@@ -117,6 +108,7 @@ require (
 	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/mdlayher/socket v0.5.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
@@ -127,16 +119,16 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/opencontainers/runtime-tools v0.9.1-0.20250303011046-260e151b8552 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.mongodb.org/mongo-driver v1.17.6 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
 	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
 	golang.org/x/mod v0.31.0 // indirect
 	golang.org/x/net v0.49.0 // indirect

src/runtime/go.sum

@@ -17,6 +17,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/Microsoft/hcsshim v0.13.0 h1:/BcXOiS6Qi7N9XqUcv27vkIuVOkBEcWstd2pMlWSeaA=
 github.com/Microsoft/hcsshim v0.13.0/go.mod h1:9KWJ/8DgU+QzYGupX4tzMhRQE8h6w90lH6HAaclpEok=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
+github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
@@ -103,58 +105,32 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/analysis v0.24.1 h1:Xp+7Yn/KOnVWYG8d+hPksOYnCYImE3TieBa7rBOesYM=
-github.com/go-openapi/analysis v0.24.1/go.mod h1:dU+qxX7QGU1rl7IYhBC8bIfmWQdX4Buoea4TGtxXY84=
-github.com/go-openapi/errors v0.22.4 h1:oi2K9mHTOb5DPW2Zjdzs/NIvwi2N3fARKaTJLdNabaM=
-github.com/go-openapi/errors v0.22.4/go.mod h1:z9S8ASTUqx7+CP1Q8dD8ewGH/1JWFFLX/2PmAYNQLgk=
-github.com/go-openapi/jsonpointer v0.22.1 h1:sHYI1He3b9NqJ4wXLoJDKmUmHkWy/L7rtEo92JUxBNk=
-github.com/go-openapi/jsonpointer v0.22.1/go.mod h1:pQT9OsLkfz1yWoMgYFy4x3U5GY5nUlsOn1qSBH5MkCM=
-github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc=
-github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4=
-github.com/go-openapi/loads v0.23.2 h1:rJXAcP7g1+lWyBHC7iTY+WAF0rprtM+pm8Jxv1uQJp4=
-github.com/go-openapi/loads v0.23.2/go.mod h1:IEVw1GfRt/P2Pplkelxzj9BYFajiWOtY2nHZNj4UnWY=
-github.com/go-openapi/runtime v0.29.2 h1:UmwSGWNmWQqKm1c2MGgXVpC2FTGwPDQeUsBMufc5Yj0=
-github.com/go-openapi/runtime v0.29.2/go.mod h1:biq5kJXRJKBJxTDJXAa00DOTa/anflQPhT0/wmjuy+0=
-github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k=
-github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA=
-github.com/go-openapi/strfmt v0.25.0 h1:7R0RX7mbKLa9EYCTHRcCuIPcaqlyQiWNPTXwClK0saQ=
-github.com/go-openapi/strfmt v0.25.0/go.mod h1:nNXct7OzbwrMY9+5tLX4I21pzcmE6ccMGXl3jFdPfn8=
+github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
+github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
+github.com/go-openapi/errors v0.22.1 h1:kslMRRnK7NCb/CvR1q1VWuEQCEIsBGn5GgKD9e+HYhU=
+github.com/go-openapi/errors v0.22.1/go.mod h1:+n/5UdIqdVnLIJ6Q9Se8HNGUXYaY6CN8ImWzfi/Gzp0=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
+github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
+github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=
+github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
+github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=
+github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=
 github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
 github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
-github.com/go-openapi/swag/conv v0.25.1 h1:+9o8YUg6QuqqBM5X6rYL/p1dpWeZRhoIt9x7CCP+he0=
-github.com/go-openapi/swag/conv v0.25.1/go.mod h1:Z1mFEGPfyIKPu0806khI3zF+/EUXde+fdeksUl2NiDs=
-github.com/go-openapi/swag/fileutils v0.25.1 h1:rSRXapjQequt7kqalKXdcpIegIShhTPXx7yw0kek2uU=
-github.com/go-openapi/swag/fileutils v0.25.1/go.mod h1:+NXtt5xNZZqmpIpjqcujqojGFek9/w55b3ecmOdtg8M=
-github.com/go-openapi/swag/jsonname v0.25.1 h1:Sgx+qbwa4ej6AomWC6pEfXrA6uP2RkaNjA9BR8a1RJU=
-github.com/go-openapi/swag/jsonname v0.25.1/go.mod h1:71Tekow6UOLBD3wS7XhdT98g5J5GR13NOTQ9/6Q11Zo=
-github.com/go-openapi/swag/jsonutils v0.25.1 h1:AihLHaD0brrkJoMqEZOBNzTLnk81Kg9cWr+SPtxtgl8=
-github.com/go-openapi/swag/jsonutils v0.25.1/go.mod h1:JpEkAjxQXpiaHmRO04N1zE4qbUEg3b7Udll7AMGTNOo=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1 h1:DSQGcdB6G0N9c/KhtpYc71PzzGEIc/fZ1no35x4/XBY=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.1/go.mod h1:kjmweouyPwRUEYMSrbAidoLMGeJ5p6zdHi9BgZiqmsg=
-github.com/go-openapi/swag/loading v0.25.1 h1:6OruqzjWoJyanZOim58iG2vj934TysYVptyaoXS24kw=
-github.com/go-openapi/swag/loading v0.25.1/go.mod h1:xoIe2EG32NOYYbqxvXgPzne989bWvSNoWoyQVWEZicc=
-github.com/go-openapi/swag/mangling v0.25.1 h1:XzILnLzhZPZNtmxKaz/2xIGPQsBsvmCjrJOWGNz/ync=
-github.com/go-openapi/swag/mangling v0.25.1/go.mod h1:CdiMQ6pnfAgyQGSOIYnZkXvqhnnwOn997uXZMAd/7mQ=
-github.com/go-openapi/swag/stringutils v0.25.1 h1:Xasqgjvk30eUe8VKdmyzKtjkVjeiXx1Iz0zDfMNpPbw=
-github.com/go-openapi/swag/stringutils v0.25.1/go.mod h1:JLdSAq5169HaiDUbTvArA2yQxmgn4D6h4A+4HqVvAYg=
-github.com/go-openapi/swag/typeutils v0.25.1 h1:rD/9HsEQieewNt6/k+JBwkxuAHktFtH3I3ysiFZqukA=
-github.com/go-openapi/swag/typeutils v0.25.1/go.mod h1:9McMC/oCdS4BKwk2shEB7x17P6HmMmA6dQRtAkSnNb8=
-github.com/go-openapi/swag/yamlutils v0.25.1 h1:mry5ez8joJwzvMbaTGLhw8pXUnhDK91oSJLDPF1bmGk=
-github.com/go-openapi/swag/yamlutils v0.25.1/go.mod h1:cm9ywbzncy3y6uPm/97ysW8+wZ09qsks+9RS8fLWKqg=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
-github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
-github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
-github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
-github.com/go-openapi/validate v0.25.1 h1:sSACUI6Jcnbo5IWqbYHgjibrhhmt3vR6lCzKZnmAgBw=
-github.com/go-openapi/validate v0.25.1/go.mod h1:RMVyVFYte0gbSTaZ0N4KmTn6u/kClvAFp+mAVfS/DQc=
+github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
+github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
 github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
 github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
 github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
-github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
-github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466 h1:sQspH8M4niEijh3PFscJRLDnkL547IeP7kpPe3uUhEg=
 github.com/godbus/dbus/v5 v5.1.1-0.20230522191255-76236955d466/go.mod h1:ZiQxhyQ+bbbfxUKVvjfO498oPYvtYhZzycal3G/NHmU=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -226,6 +202,8 @@ github.com/mdlayher/socket v0.5.1 h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos
 github.com/mdlayher/socket v0.5.1/go.mod h1:TjPLHI1UgwEv5J1B5q0zTZq12A/6H7nKmtTanQE37IQ=
 github.com/mdlayher/vsock v1.2.1 h1:pC1mTJTvjo1r9n9fbm7S1j04rCgCzhCOS5DY0zqHlnQ=
 github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
@@ -270,6 +248,8 @@ github.com/opencontainers/runtime-tools v0.9.1-0.20250303011046-260e151b8552 h1:
 github.com/opencontainers/runtime-tools v0.9.1-0.20250303011046-260e151b8552/go.mod h1:T487Kf80NeF2i0OyVXHiylg217e0buz8pQsa0T791RA=
 github.com/opencontainers/selinux v1.13.0 h1:Zza88GWezyT7RLql12URvoxsbLfjFx988+LGaWfbL84=
 github.com/opencontainers/selinux v1.13.0/go.mod h1:XxWTed+A/s5NNq4GmYScVy+9jzXhGBVEOAyucdRUY8s=
+github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
+github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0=
 github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -301,6 +281,7 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -328,8 +309,8 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.mongodb.org/mongo-driver v1.17.6 h1:87JUG1wZfWsr6rIz3ZmpH90rL5tea7O3IHuSwHUpsss=
-go.mongodb.org/mongo-driver v1.17.6/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
+go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
+go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=

src/runtime/pkg/direct-volume/utils.go

@@ -17,6 +17,7 @@ import (
 const (
 	mountInfoFileName = "mountInfo.json"
 
+	EncryptionKeyMetadataKey       = "encryptionKey"
 	FSGroupMetadataKey             = "fsGroup"
 	FSGroupChangePolicyMetadataKey = "fsGroupChangePolicy"
 )
@@ -77,6 +78,14 @@ func Add(volumePath string, mountInfo string) error {
 	return os.WriteFile(filepath.Join(volumeDir, mountInfoFileName), []byte(mountInfo), 0600)
 }
 
+func AddMountInfo(volumePath string, mountInfo MountInfo) error {
+	s, err := json.Marshal(&mountInfo)
+	if err != nil {
+		return err
+	}
+	return Add(volumePath, string(s))
+}
+
 // Remove deletes the direct volume path including all the files inside it.
 func Remove(volumePath string) error {
 	return os.RemoveAll(filepath.Join(kataDirectVolumeRootPath, b64.URLEncoding.EncodeToString([]byte(volumePath))))
@@ -99,7 +108,18 @@ func VolumeMountInfo(volumePath string) (*MountInfo, error) {
 	return &mountInfo, nil
 }
 
-// RecordSandboxID associates a sandbox id with a direct volume.
+// IsVolumeMounted returns whether the direct volume mount is present.
+func IsVolumeMounted(volumePath string) (bool, error) {
+	if _, err := VolumeMountInfo(volumePath); err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	return true, nil
+}
+
+// RecordSandboxId associates a sandbox id with a direct volume.
 func RecordSandboxID(sandboxID string, volumePath string) error {
 	encodedPath := b64.URLEncoding.EncodeToString([]byte(volumePath))
 	mountInfoFilePath := filepath.Join(kataDirectVolumeRootPath, encodedPath, mountInfoFileName)

src/runtime/pkg/katautils/config.go

@@ -197,6 +197,7 @@ type runtime struct {
 	StaticSandboxResourceMgmt bool     `toml:"static_sandbox_resource_mgmt"`
 	EnablePprof               bool     `toml:"enable_pprof"`
 	DisableGuestEmptyDir      bool     `toml:"disable_guest_empty_dir"`
+	EmptyDirMode              string   `toml:"emptydir_mode"`
 	CreateContainerTimeout    uint64   `toml:"create_container_timeout"`
 	DanConf                   string   `toml:"dan_conf"`
 	ForceGuestPull            bool     `toml:"experimental_force_guest_pull"`
@@ -204,6 +205,22 @@ type runtime struct {
 	KubeletRootDir            string   `toml:"kubelet_root_dir"`
 }
 
+// emptyDirMode returns a valid emptydir_mode value, defaulting to shared-fs
+// if the TOML field is unset.
+func (r runtime) emptyDirMode() (string, error) {
+	if r.EmptyDirMode == "" {
+		return vc.EmptyDirModeSharedFs, nil
+	}
+
+	switch r.EmptyDirMode {
+	case vc.EmptyDirModeSharedFs, vc.EmptyDirModeVirtioBlkEncrypted:
+		return r.EmptyDirMode, nil
+	default:
+		return "", fmt.Errorf("invalid emptydir_mode=%q, allowed values: %q, %q",
+			r.EmptyDirMode, vc.EmptyDirModeSharedFs, vc.EmptyDirModeVirtioBlkEncrypted)
+	}
+}
+
 type agent struct {
 	KernelModules       []string `toml:"kernel_modules"`
 	Debug               bool     `toml:"enable_debug"`
@@ -1390,6 +1407,16 @@ func updateRuntimeConfigAgent(configPath string, tomlConf tomlConfig, config *oc
 	return nil
 }
 
+func updateRuntimeConfigRuntime(configPath string, tomlConf tomlConfig, config *oci.RuntimeConfig) error {
+	emptyDirMode, err := tomlConf.Runtime.emptyDirMode()
+	if err != nil {
+		return fmt.Errorf("%v: %v", configPath, err)
+	}
+	config.EmptyDirMode = emptyDirMode
+
+	return nil
+}
+
 // SetKernelParams adds the user-specified kernel parameters (from the
 // configuration file) to the defaults so that the former take priority.
 func SetKernelParams(runtimeConfig *oci.RuntimeConfig) error {
@@ -1454,6 +1481,10 @@ func updateRuntimeConfig(configPath string, tomlConf tomlConfig, config *oci.Run
 		return err
 	}
 
+	if err := updateRuntimeConfigRuntime(configPath, tomlConf, config); err != nil {
+		return err
+	}
+
 	fConfig, err := newFactoryConfig(tomlConf.Factory)
 	if err != nil {
 		return fmt.Errorf("%v: %v", configPath, err)

src/runtime/pkg/katautils/config_test.go

@@ -218,6 +218,7 @@ func createAllRuntimeConfigFiles(dir, hypervisor string) (testConfig testRuntime
 		JaegerPassword:  jaegerPassword,
 
 		FactoryConfig: factoryConfig,
+		EmptyDirMode:  vc.EmptyDirModeSharedFs,
 	}
 
 	err = SetKernelParams(&runtimeConfig)
@@ -599,6 +600,7 @@ func TestMinimalRuntimeConfig(t *testing.T) {
 		AgentConfig: expectedAgentConfig,
 
 		FactoryConfig: expectedFactoryConfig,
+		EmptyDirMode:  vc.EmptyDirModeSharedFs,
 	}
 	err = SetKernelParams(&expectedConfig)
 	if err != nil {
@@ -1609,6 +1611,39 @@ func TestCheckNetNsConfig(t *testing.T) {
 	assert.Error(err)
 }
 
+func TestCheckEmptyDirMode(t *testing.T) {
+	assert := assert.New(t)
+
+	// Valid values
+	r := runtime{EmptyDirMode: vc.EmptyDirModeSharedFs}
+	mode, err := r.emptyDirMode()
+	assert.NoError(err)
+	assert.Equal(vc.EmptyDirModeSharedFs, mode)
+
+	r = runtime{EmptyDirMode: vc.EmptyDirModeVirtioBlkEncrypted}
+	mode, err = r.emptyDirMode()
+	assert.NoError(err)
+	assert.Equal(vc.EmptyDirModeVirtioBlkEncrypted, mode)
+
+	r = runtime{}
+	mode, err = r.emptyDirMode()
+	assert.NoError(err)
+	assert.Equal(vc.EmptyDirModeSharedFs, mode)
+
+	// Invalid values
+	r = runtime{EmptyDirMode: "invalid"}
+	_, err = r.emptyDirMode()
+	assert.Error(err)
+
+	r = runtime{EmptyDirMode: "shared_fs"}
+	_, err = r.emptyDirMode()
+	assert.Error(err)
+
+	r = runtime{EmptyDirMode: "block_encrypted"}
+	_, err = r.emptyDirMode()
+	assert.Error(err)
+}
+
 func TestCheckFactoryConfig(t *testing.T) {
 	assert := assert.New(t)
 

src/runtime/pkg/katautils/create.go

@@ -98,12 +98,12 @@ func HandleFactory(ctx context.Context, vci vc.VC, runtimeConfig *oci.RuntimeCon
 // For the given pod ephemeral volume is created only once
 // backed by tmpfs inside the VM. For successive containers
 // of the same pod the already existing volume is reused.
-func SetEphemeralStorageType(ociSpec specs.Spec, disableGuestEmptyDir bool) specs.Spec {
+func SetEphemeralStorageType(ociSpec specs.Spec, disableGuestEmptyDir bool, emptyDirMode string) specs.Spec {
 	for idx, mnt := range ociSpec.Mounts {
 		if vc.IsEphemeralStorage(mnt.Source) {
 			ociSpec.Mounts[idx].Type = vc.KataEphemeralDevType
 		}
-		if vc.Isk8sHostEmptyDir(mnt.Source) && !disableGuestEmptyDir {
+		if vc.Isk8sHostEmptyDir(mnt.Source) && !disableGuestEmptyDir && emptyDirMode != vc.EmptyDirModeVirtioBlkEncrypted {
 			ociSpec.Mounts[idx].Type = vc.KataLocalDevType
 		}
 	}
@@ -243,7 +243,8 @@ func CreateContainer(ctx context.Context, sandbox vc.VCSandbox, ociSpec specs.Sp
 	// The value of this annotation is sent to the sandbox using init data.
 	delete(ociSpec.Annotations, vcAnnotations.Initdata)
 
-	ociSpec = SetEphemeralStorageType(ociSpec, disableGuestEmptyDir)
+	emptyDirMode := sandbox.Status().EmptyDirMode
+	ociSpec = SetEphemeralStorageType(ociSpec, disableGuestEmptyDir, emptyDirMode)
 
 	contConfig, err := oci.ContainerConfig(ociSpec, bundlePath, containerID, disableOutput)
 	if err != nil {

src/runtime/pkg/katautils/create_test.go

@@ -141,7 +141,7 @@ func TestSetEphemeralStorageType(t *testing.T) {
 
 	ociMounts = append(ociMounts, mount)
 	ociSpec.Mounts = ociMounts
-	ociSpec = SetEphemeralStorageType(ociSpec, false)
+	ociSpec = SetEphemeralStorageType(ociSpec, false, vc.EmptyDirModeSharedFs)
 
 	mountType := ociSpec.Mounts[0].Type
 	assert.Equal(mountType, "ephemeral",

src/runtime/pkg/oci/utils.go

@@ -165,6 +165,10 @@ type RuntimeConfig struct {
 	// Determines if Kata creates emptyDir on the guest
 	DisableGuestEmptyDir bool
 
+	// EmptyDirMode specifies how Kubernetes emptyDir volumes are handled.
+	// Valid values are "shared-fs" (default) or "block-encrypted".
+	EmptyDirMode string
+
 	// CreateContainer timeout which, if provided, indicates the createcontainer request timeout
 	// needed for the workload ( Mostly used for pulling images in the guest )
 	CreateContainerTimeout uint64
@@ -1211,6 +1215,8 @@ func SandboxConfig(ocispec specs.Spec, runtime RuntimeConfig, bundlePath, cid st
 
 		DisableGuestSeccomp: runtime.DisableGuestSeccomp,
 
+		EmptyDirMode: runtime.EmptyDirMode,
+
 		EnableVCPUsPinning: runtime.EnableVCPUsPinning,
 
 		GuestSeLinuxLabel: runtime.GuestSeLinuxLabel,

src/runtime/vendor/github.com/asaskevich/govalidator/.gitignore

@@ -0,0 +1,15 @@
+bin/
+.idea/
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+

src/runtime/vendor/github.com/asaskevich/govalidator/.travis.yml

@@ -0,0 +1,12 @@
+language: go
+dist: xenial
+go:
+  - '1.10'
+  - '1.11'
+  - '1.12'
+  - '1.13'
+  - 'tip'
+
+script:
+     - go test -coverpkg=./... -coverprofile=coverage.info -timeout=5s
+     - bash <(curl -s https://codecov.io/bash)

src/runtime/vendor/github.com/asaskevich/govalidator/CODE_OF_CONDUCT.md

@@ -0,0 +1,43 @@
+# Contributor Code of Conduct
+
+This project adheres to [The Code Manifesto](http://codemanifesto.com)
+as its guidelines for contributor interactions.
+
+## The Code Manifesto
+
+We want to work in an ecosystem that empowers developers to reach their
+potential — one that encourages growth and effective collaboration. A space
+that is safe for all.
+
+A space such as this benefits everyone that participates in it. It encourages
+new developers to enter our field. It is through discussion and collaboration
+that we grow, and through growth that we improve.
+
+In the effort to create such a place, we hold to these values:
+
+1. **Discrimination limits us.** This includes discrimination on the basis of
+   race, gender, sexual orientation, gender identity, age, nationality,
+   technology and any other arbitrary exclusion of a group of people.
+2. **Boundaries honor us.** Your comfort levels are not everyone’s comfort
+   levels. Remember that, and if brought to your attention, heed it.
+3. **We are our biggest assets.** None of us were born masters of our trade.
+   Each of us has been helped along the way. Return that favor, when and where
+   you can.
+4. **We are resources for the future.** As an extension of #3, share what you
+   know. Make yourself a resource to help those that come after you.
+5. **Respect defines us.** Treat others as you wish to be treated. Make your
+   discussions, criticisms and debates from a position of respectfulness. Ask
+   yourself, is it true? Is it necessary? Is it constructive? Anything less is
+   unacceptable.
+6. **Reactions require grace.** Angry responses are valid, but abusive language
+   and vindictive actions are toxic. When something happens that offends you,
+   handle it assertively, but be respectful. Escalate reasonably, and try to
+   allow the offender an opportunity to explain themselves, and possibly
+   correct the issue.
+7. **Opinions are just that: opinions.** Each and every one of us, due to our
+   background and upbringing, have varying opinions. That is perfectly
+   acceptable. Remember this: if you respect your own opinions, you should
+   respect the opinions of others.
+8. **To err is human.** You might not intend it, but mistakes do happen and
+   contribute to build experience. Tolerate honest mistakes, and don't
+   hesitate to apologize if you make one yourself.

src/runtime/vendor/github.com/asaskevich/govalidator/CONTRIBUTING.md

@@ -0,0 +1,63 @@
+#### Support
+If you do have a contribution to the package, feel free to create a Pull Request or an Issue.
+
+#### What to contribute
+If you don't know what to do, there are some features and functions that need to be done
+
+- [ ] Refactor code
+- [ ] Edit docs and [README](https://github.com/asaskevich/govalidator/README.md): spellcheck, grammar and typo check
+- [ ] Create actual list of contributors and projects that currently using this package
+- [ ] Resolve [issues and bugs](https://github.com/asaskevich/govalidator/issues)
+- [ ] Update actual [list of functions](https://github.com/asaskevich/govalidator#list-of-functions)
+- [ ] Update [list of validators](https://github.com/asaskevich/govalidator#validatestruct-2) that available for `ValidateStruct` and add new
+- [ ] Implement new validators: `IsFQDN`, `IsIMEI`, `IsPostalCode`, `IsISIN`, `IsISRC` etc
+- [x] Implement [validation by maps](https://github.com/asaskevich/govalidator/issues/224)
+- [ ] Implement fuzzing testing
+- [ ] Implement some struct/map/array utilities
+- [ ] Implement map/array validation
+- [ ] Implement benchmarking
+- [ ] Implement batch of examples
+- [ ] Look at forks for new features and fixes
+
+#### Advice
+Feel free to create what you want, but keep in mind when you implement new features:
+- Code must be clear and readable, names of variables/constants clearly describes what they are doing
+- Public functions must be documented and described in source file and added to README.md to the list of available functions
+- There are must be unit-tests for any new functions and improvements
+
+## Financial contributions
+
+We also welcome financial contributions in full transparency on our [open collective](https://opencollective.com/govalidator).
+Anyone can file an expense. If the expense makes sense for the development of the community, it will be "merged" in the ledger of our open collective by the core contributors and the person who filed the expense will be reimbursed.
+
+
+## Credits
+
+
+### Contributors
+
+Thank you to all the people who have already contributed to govalidator!
+<a href="https://github.com/asaskevich/govalidator/graphs/contributors"><img src="https://opencollective.com/govalidator/contributors.svg?width=890" /></a>
+
+
+### Backers
+
+Thank you to all our backers! [[Become a backer](https://opencollective.com/govalidator#backer)]
+
+<a href="https://opencollective.com/govalidator#backers" target="_blank"><img src="https://opencollective.com/govalidator/backers.svg?width=890"></a>
+
+
+### Sponsors
+
+Thank you to all our sponsors! (please ask your company to also support this open source project by [becoming a sponsor](https://opencollective.com/govalidator#sponsor))
+
+<a href="https://opencollective.com/govalidator/sponsor/0/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/0/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/1/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/1/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/2/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/2/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/3/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/3/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/4/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/4/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/5/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/5/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/6/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/6/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/7/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/7/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/8/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/8/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/9/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/9/avatar.svg"></a>

src/runtime/vendor/github.com/asaskevich/govalidator/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014-2020 Alex Saskevich
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

src/runtime/vendor/github.com/asaskevich/govalidator/README.md

@@ -0,0 +1,622 @@
+govalidator
+===========
+[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/asaskevich/govalidator?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) [![GoDoc](https://godoc.org/github.com/asaskevich/govalidator?status.png)](https://godoc.org/github.com/asaskevich/govalidator)
+[![Build Status](https://travis-ci.org/asaskevich/govalidator.svg?branch=master)](https://travis-ci.org/asaskevich/govalidator)
+[![Coverage](https://codecov.io/gh/asaskevich/govalidator/branch/master/graph/badge.svg)](https://codecov.io/gh/asaskevich/govalidator) [![Go Report Card](https://goreportcard.com/badge/github.com/asaskevich/govalidator)](https://goreportcard.com/report/github.com/asaskevich/govalidator) [![GoSearch](http://go-search.org/badge?id=github.com%2Fasaskevich%2Fgovalidator)](http://go-search.org/view?id=github.com%2Fasaskevich%2Fgovalidator) [![Backers on Open Collective](https://opencollective.com/govalidator/backers/badge.svg)](#backers) [![Sponsors on Open Collective](https://opencollective.com/govalidator/sponsors/badge.svg)](#sponsors) [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fasaskevich%2Fgovalidator.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fasaskevich%2Fgovalidator?ref=badge_shield)
+
+A package of validators and sanitizers for strings, structs and collections. Based on [validator.js](https://github.com/chriso/validator.js).
+
+#### Installation
+Make sure that Go is installed on your computer.
+Type the following command in your terminal:
+
+	go get github.com/asaskevich/govalidator
+
+or you can get specified release of the package with `gopkg.in`:
+
+	go get gopkg.in/asaskevich/govalidator.v10
+
+After it the package is ready to use.
+
+
+#### Import package in your project
+Add following line in your `*.go` file:
+```go
+import "github.com/asaskevich/govalidator"
+```
+If you are unhappy to use long `govalidator`, you can do something like this:
+```go
+import (
+  valid "github.com/asaskevich/govalidator"
+)
+```
+
+#### Activate behavior to require all fields have a validation tag by default
+`SetFieldsRequiredByDefault` causes validation to fail when struct fields do not include validations or are not explicitly marked as exempt (using `valid:"-"` or `valid:"email,optional"`). A good place to activate this is a package init function or the main() function.
+
+`SetNilPtrAllowedByRequired` causes validation to pass when struct fields marked by `required` are set to nil. This is disabled by default for consistency, but some packages that need to be able to determine between `nil` and `zero value` state can use this. If disabled, both `nil` and `zero` values cause validation errors.
+
+```go
+import "github.com/asaskevich/govalidator"
+
+func init() {
+  govalidator.SetFieldsRequiredByDefault(true)
+}
+```
+
+Here's some code to explain it:
+```go
+// this struct definition will fail govalidator.ValidateStruct() (and the field values do not matter):
+type exampleStruct struct {
+  Name  string ``
+  Email string `valid:"email"`
+}
+
+// this, however, will only fail when Email is empty or an invalid email address:
+type exampleStruct2 struct {
+  Name  string `valid:"-"`
+  Email string `valid:"email"`
+}
+
+// lastly, this will only fail when Email is an invalid email address but not when it's empty:
+type exampleStruct2 struct {
+  Name  string `valid:"-"`
+  Email string `valid:"email,optional"`
+}
+```
+
+#### Recent breaking changes (see [#123](https://github.com/asaskevich/govalidator/pull/123))
+##### Custom validator function signature
+A context was added as the second parameter, for structs this is the object being validated – this makes dependent validation possible.
+```go
+import "github.com/asaskevich/govalidator"
+
+// old signature
+func(i interface{}) bool
+
+// new signature
+func(i interface{}, o interface{}) bool
+```
+
+##### Adding a custom validator
+This was changed to prevent data races when accessing custom validators.
+```go
+import "github.com/asaskevich/govalidator"
+
+// before
+govalidator.CustomTypeTagMap["customByteArrayValidator"] = func(i interface{}, o interface{}) bool {
+  // ...
+}
+
+// after
+govalidator.CustomTypeTagMap.Set("customByteArrayValidator", func(i interface{}, o interface{}) bool {
+  // ...
+})
+```
+
+#### List of functions:
+```go
+func Abs(value float64) float64
+func BlackList(str, chars string) string
+func ByteLength(str string, params ...string) bool
+func CamelCaseToUnderscore(str string) string
+func Contains(str, substring string) bool
+func Count(array []interface{}, iterator ConditionIterator) int
+func Each(array []interface{}, iterator Iterator)
+func ErrorByField(e error, field string) string
+func ErrorsByField(e error) map[string]string
+func Filter(array []interface{}, iterator ConditionIterator) []interface{}
+func Find(array []interface{}, iterator ConditionIterator) interface{}
+func GetLine(s string, index int) (string, error)
+func GetLines(s string) []string
+func HasLowerCase(str string) bool
+func HasUpperCase(str string) bool
+func HasWhitespace(str string) bool
+func HasWhitespaceOnly(str string) bool
+func InRange(value interface{}, left interface{}, right interface{}) bool
+func InRangeFloat32(value, left, right float32) bool
+func InRangeFloat64(value, left, right float64) bool
+func InRangeInt(value, left, right interface{}) bool
+func IsASCII(str string) bool
+func IsAlpha(str string) bool
+func IsAlphanumeric(str string) bool
+func IsBase64(str string) bool
+func IsByteLength(str string, min, max int) bool
+func IsCIDR(str string) bool
+func IsCRC32(str string) bool
+func IsCRC32b(str string) bool
+func IsCreditCard(str string) bool
+func IsDNSName(str string) bool
+func IsDataURI(str string) bool
+func IsDialString(str string) bool
+func IsDivisibleBy(str, num string) bool
+func IsEmail(str string) bool
+func IsExistingEmail(email string) bool
+func IsFilePath(str string) (bool, int)
+func IsFloat(str string) bool
+func IsFullWidth(str string) bool
+func IsHalfWidth(str string) bool
+func IsHash(str string, algorithm string) bool
+func IsHexadecimal(str string) bool
+func IsHexcolor(str string) bool
+func IsHost(str string) bool
+func IsIP(str string) bool
+func IsIPv4(str string) bool
+func IsIPv6(str string) bool
+func IsISBN(str string, version int) bool
+func IsISBN10(str string) bool
+func IsISBN13(str string) bool
+func IsISO3166Alpha2(str string) bool
+func IsISO3166Alpha3(str string) bool
+func IsISO4217(str string) bool
+func IsISO693Alpha2(str string) bool
+func IsISO693Alpha3b(str string) bool
+func IsIn(str string, params ...string) bool
+func IsInRaw(str string, params ...string) bool
+func IsInt(str string) bool
+func IsJSON(str string) bool
+func IsLatitude(str string) bool
+func IsLongitude(str string) bool
+func IsLowerCase(str string) bool
+func IsMAC(str string) bool
+func IsMD4(str string) bool
+func IsMD5(str string) bool
+func IsMagnetURI(str string) bool
+func IsMongoID(str string) bool
+func IsMultibyte(str string) bool
+func IsNatural(value float64) bool
+func IsNegative(value float64) bool
+func IsNonNegative(value float64) bool
+func IsNonPositive(value float64) bool
+func IsNotNull(str string) bool
+func IsNull(str string) bool
+func IsNumeric(str string) bool
+func IsPort(str string) bool
+func IsPositive(value float64) bool
+func IsPrintableASCII(str string) bool
+func IsRFC3339(str string) bool
+func IsRFC3339WithoutZone(str string) bool
+func IsRGBcolor(str string) bool
+func IsRegex(str string) bool
+func IsRequestURI(rawurl string) bool
+func IsRequestURL(rawurl string) bool
+func IsRipeMD128(str string) bool
+func IsRipeMD160(str string) bool
+func IsRsaPub(str string, params ...string) bool
+func IsRsaPublicKey(str string, keylen int) bool
+func IsSHA1(str string) bool
+func IsSHA256(str string) bool
+func IsSHA384(str string) bool
+func IsSHA512(str string) bool
+func IsSSN(str string) bool
+func IsSemver(str string) bool
+func IsTiger128(str string) bool
+func IsTiger160(str string) bool
+func IsTiger192(str string) bool
+func IsTime(str string, format string) bool
+func IsType(v interface{}, params ...string) bool
+func IsURL(str string) bool
+func IsUTFDigit(str string) bool
+func IsUTFLetter(str string) bool
+func IsUTFLetterNumeric(str string) bool
+func IsUTFNumeric(str string) bool
+func IsUUID(str string) bool
+func IsUUIDv3(str string) bool
+func IsUUIDv4(str string) bool
+func IsUUIDv5(str string) bool
+func IsULID(str string) bool
+func IsUnixTime(str string) bool
+func IsUpperCase(str string) bool
+func IsVariableWidth(str string) bool
+func IsWhole(value float64) bool
+func LeftTrim(str, chars string) string
+func Map(array []interface{}, iterator ResultIterator) []interface{}
+func Matches(str, pattern string) bool
+func MaxStringLength(str string, params ...string) bool
+func MinStringLength(str string, params ...string) bool
+func NormalizeEmail(str string) (string, error)
+func PadBoth(str string, padStr string, padLen int) string
+func PadLeft(str string, padStr string, padLen int) string
+func PadRight(str string, padStr string, padLen int) string
+func PrependPathToErrors(err error, path string) error
+func Range(str string, params ...string) bool
+func RemoveTags(s string) string
+func ReplacePattern(str, pattern, replace string) string
+func Reverse(s string) string
+func RightTrim(str, chars string) string
+func RuneLength(str string, params ...string) bool
+func SafeFileName(str string) string
+func SetFieldsRequiredByDefault(value bool)
+func SetNilPtrAllowedByRequired(value bool)
+func Sign(value float64) float64
+func StringLength(str string, params ...string) bool
+func StringMatches(s string, params ...string) bool
+func StripLow(str string, keepNewLines bool) string
+func ToBoolean(str string) (bool, error)
+func ToFloat(str string) (float64, error)
+func ToInt(value interface{}) (res int64, err error)
+func ToJSON(obj interface{}) (string, error)
+func ToString(obj interface{}) string
+func Trim(str, chars string) string
+func Truncate(str string, length int, ending string) string
+func TruncatingErrorf(str string, args ...interface{}) error
+func UnderscoreToCamelCase(s string) string
+func ValidateMap(inputMap map[string]interface{}, validationMap map[string]interface{}) (bool, error)
+func ValidateStruct(s interface{}) (bool, error)
+func WhiteList(str, chars string) string
+type ConditionIterator
+type CustomTypeValidator
+type Error
+func (e Error) Error() string
+type Errors
+func (es Errors) Error() string
+func (es Errors) Errors() []error
+type ISO3166Entry
+type ISO693Entry
+type InterfaceParamValidator
+type Iterator
+type ParamValidator
+type ResultIterator
+type UnsupportedTypeError
+func (e *UnsupportedTypeError) Error() string
+type Validator
+```
+
+#### Examples
+###### IsURL
+```go
+println(govalidator.IsURL(`http://user@pass:domain.com/path/page`))
+```
+###### IsType
+```go
+println(govalidator.IsType("Bob", "string"))
+println(govalidator.IsType(1, "int"))
+i := 1
+println(govalidator.IsType(&i, "*int"))
+```
+
+IsType can be used through the tag `type` which is essential for map validation:
+```go
+type User	struct {
+  Name string      `valid:"type(string)"`
+  Age  int         `valid:"type(int)"`
+  Meta interface{} `valid:"type(string)"`
+}
+result, err := govalidator.ValidateStruct(User{"Bob", 20, "meta"})
+if err != nil {
+	println("error: " + err.Error())
+}
+println(result)
+```
+###### ToString
+```go
+type User struct {
+	FirstName string
+	LastName string
+}
+
+str := govalidator.ToString(&User{"John", "Juan"})
+println(str)
+```
+###### Each, Map, Filter, Count for slices
+Each iterates over the slice/array and calls Iterator for every item
+```go
+data := []interface{}{1, 2, 3, 4, 5}
+var fn govalidator.Iterator = func(value interface{}, index int) {
+	println(value.(int))
+}
+govalidator.Each(data, fn)
+```
+```go
+data := []interface{}{1, 2, 3, 4, 5}
+var fn govalidator.ResultIterator = func(value interface{}, index int) interface{} {
+	return value.(int) * 3
+}
+_ = govalidator.Map(data, fn) // result = []interface{}{1, 6, 9, 12, 15}
+```
+```go
+data := []interface{}{1, 2, 3, 4, 5, 6, 7, 8, 9, 10}
+var fn govalidator.ConditionIterator = func(value interface{}, index int) bool {
+	return value.(int)%2 == 0
+}
+_ = govalidator.Filter(data, fn) // result = []interface{}{2, 4, 6, 8, 10}
+_ = govalidator.Count(data, fn) // result = 5
+```
+###### ValidateStruct [#2](https://github.com/asaskevich/govalidator/pull/2)
+If you want to validate structs, you can use tag `valid` for any field in your structure. All validators used with this field in one tag are separated by comma. If you want to skip validation, place `-` in your tag. If you need a validator that is not on the list below, you can add it like this:
+```go
+govalidator.TagMap["duck"] = govalidator.Validator(func(str string) bool {
+	return str == "duck"
+})
+```
+For completely custom validators (interface-based), see below.
+
+Here is a list of available validators for struct fields (validator - used function):
+```go
+"email":              IsEmail,
+"url":                IsURL,
+"dialstring":         IsDialString,
+"requrl":             IsRequestURL,
+"requri":             IsRequestURI,
+"alpha":              IsAlpha,
+"utfletter":          IsUTFLetter,
+"alphanum":           IsAlphanumeric,
+"utfletternum":       IsUTFLetterNumeric,
+"numeric":            IsNumeric,
+"utfnumeric":         IsUTFNumeric,
+"utfdigit":           IsUTFDigit,
+"hexadecimal":        IsHexadecimal,
+"hexcolor":           IsHexcolor,
+"rgbcolor":           IsRGBcolor,
+"lowercase":          IsLowerCase,
+"uppercase":          IsUpperCase,
+"int":                IsInt,
+"float":              IsFloat,
+"null":               IsNull,
+"uuid":               IsUUID,
+"uuidv3":             IsUUIDv3,
+"uuidv4":             IsUUIDv4,
+"uuidv5":             IsUUIDv5,
+"creditcard":         IsCreditCard,
+"isbn10":             IsISBN10,
+"isbn13":             IsISBN13,
+"json":               IsJSON,
+"multibyte":          IsMultibyte,
+"ascii":              IsASCII,
+"printableascii":     IsPrintableASCII,
+"fullwidth":          IsFullWidth,
+"halfwidth":          IsHalfWidth,
+"variablewidth":      IsVariableWidth,
+"base64":             IsBase64,
+"datauri":            IsDataURI,
+"ip":                 IsIP,
+"port":               IsPort,
+"ipv4":               IsIPv4,
+"ipv6":               IsIPv6,
+"dns":                IsDNSName,
+"host":               IsHost,
+"mac":                IsMAC,
+"latitude":           IsLatitude,
+"longitude":          IsLongitude,
+"ssn":                IsSSN,
+"semver":             IsSemver,
+"rfc3339":            IsRFC3339,
+"rfc3339WithoutZone": IsRFC3339WithoutZone,
+"ISO3166Alpha2":      IsISO3166Alpha2,
+"ISO3166Alpha3":      IsISO3166Alpha3,
+"ulid":               IsULID,
+```
+Validators with parameters
+
+```go
+"range(min|max)": Range,
+"length(min|max)": ByteLength,
+"runelength(min|max)": RuneLength,
+"stringlength(min|max)": StringLength,
+"matches(pattern)": StringMatches,
+"in(string1|string2|...|stringN)": IsIn,
+"rsapub(keylength)" : IsRsaPub,
+"minstringlength(int): MinStringLength,
+"maxstringlength(int): MaxStringLength,
+```
+Validators with parameters for any type
+
+```go
+"type(type)": IsType,
+```
+
+And here is small example of usage:
+```go
+type Post struct {
+	Title    string `valid:"alphanum,required"`
+	Message  string `valid:"duck,ascii"`
+	Message2 string `valid:"animal(dog)"`
+	AuthorIP string `valid:"ipv4"`
+	Date     string `valid:"-"`
+}
+post := &Post{
+	Title:   "My Example Post",
+	Message: "duck",
+	Message2: "dog",
+	AuthorIP: "123.234.54.3",
+}
+
+// Add your own struct validation tags
+govalidator.TagMap["duck"] = govalidator.Validator(func(str string) bool {
+	return str == "duck"
+})
+
+// Add your own struct validation tags with parameter
+govalidator.ParamTagMap["animal"] = govalidator.ParamValidator(func(str string, params ...string) bool {
+    species := params[0]
+    return str == species
+})
+govalidator.ParamTagRegexMap["animal"] = regexp.MustCompile("^animal\\((\\w+)\\)$")
+
+result, err := govalidator.ValidateStruct(post)
+if err != nil {
+	println("error: " + err.Error())
+}
+println(result)
+```
+###### ValidateMap [#2](https://github.com/asaskevich/govalidator/pull/338)
+If you want to validate maps, you can use the map to be validated and a validation map that contain the same tags used in ValidateStruct, both maps have to be in the form `map[string]interface{}`
+
+So here is small example of usage:
+```go
+var mapTemplate = map[string]interface{}{
+	"name":"required,alpha",
+	"family":"required,alpha",
+	"email":"required,email",
+	"cell-phone":"numeric",
+	"address":map[string]interface{}{
+		"line1":"required,alphanum",
+		"line2":"alphanum",
+		"postal-code":"numeric",
+	},
+}
+
+var inputMap = map[string]interface{}{
+	"name":"Bob",
+	"family":"Smith",
+	"email":"foo@bar.baz",
+	"address":map[string]interface{}{
+		"line1":"",
+		"line2":"",
+		"postal-code":"",
+	},
+}
+
+result, err := govalidator.ValidateMap(inputMap, mapTemplate)
+if err != nil {
+	println("error: " + err.Error())
+}
+println(result)
+```
+
+###### WhiteList
+```go
+// Remove all characters from string ignoring characters between "a" and "z"
+println(govalidator.WhiteList("a3a43a5a4a3a2a23a4a5a4a3a4", "a-z") == "aaaaaaaaaaaa")
+```
+
+###### Custom validation functions
+Custom validation using your own domain specific validators is also available - here's an example of how to use it:
+```go
+import "github.com/asaskevich/govalidator"
+
+type CustomByteArray [6]byte // custom types are supported and can be validated
+
+type StructWithCustomByteArray struct {
+  ID              CustomByteArray `valid:"customByteArrayValidator,customMinLengthValidator"` // multiple custom validators are possible as well and will be evaluated in sequence
+  Email           string          `valid:"email"`
+  CustomMinLength int             `valid:"-"`
+}
+
+govalidator.CustomTypeTagMap.Set("customByteArrayValidator", func(i interface{}, context interface{}) bool {
+  switch v := context.(type) { // you can type switch on the context interface being validated
+  case StructWithCustomByteArray:
+    // you can check and validate against some other field in the context,
+    // return early or not validate against the context at all – your choice
+  case SomeOtherType:
+    // ...
+  default:
+    // expecting some other type? Throw/panic here or continue
+  }
+
+  switch v := i.(type) { // type switch on the struct field being validated
+  case CustomByteArray:
+    for _, e := range v { // this validator checks that the byte array is not empty, i.e. not all zeroes
+      if e != 0 {
+        return true
+      }
+    }
+  }
+  return false
+})
+govalidator.CustomTypeTagMap.Set("customMinLengthValidator", func(i interface{}, context interface{}) bool {
+  switch v := context.(type) { // this validates a field against the value in another field, i.e. dependent validation
+  case StructWithCustomByteArray:
+    return len(v.ID) >= v.CustomMinLength
+  }
+  return false
+})
+```
+
+###### Loop over Error()
+By default .Error() returns all errors in a single String. To access each error you can do this:
+```go
+  if err != nil {
+    errs := err.(govalidator.Errors).Errors()
+    for _, e := range errs {
+      fmt.Println(e.Error())
+    }
+  }
+```
+
+###### Custom error messages
+Custom error messages are supported via annotations by adding the `~` separator - here's an example of how to use it:
+```go
+type Ticket struct {
+  Id        int64     `json:"id"`
+  FirstName string    `json:"firstname" valid:"required~First name is blank"`
+}
+```
+
+#### Notes
+Documentation is available here: [godoc.org](https://godoc.org/github.com/asaskevich/govalidator).
+Full information about code coverage is also available here: [govalidator on gocover.io](http://gocover.io/github.com/asaskevich/govalidator).
+
+#### Support
+If you do have a contribution to the package, feel free to create a Pull Request or an Issue.
+
+#### What to contribute
+If you don't know what to do, there are some features and functions that need to be done
+
+- [ ] Refactor code
+- [ ] Edit docs and [README](https://github.com/asaskevich/govalidator/README.md): spellcheck, grammar and typo check
+- [ ] Create actual list of contributors and projects that currently using this package
+- [ ] Resolve [issues and bugs](https://github.com/asaskevich/govalidator/issues)
+- [ ] Update actual [list of functions](https://github.com/asaskevich/govalidator#list-of-functions)
+- [ ] Update [list of validators](https://github.com/asaskevich/govalidator#validatestruct-2) that available for `ValidateStruct` and add new
+- [ ] Implement new validators: `IsFQDN`, `IsIMEI`, `IsPostalCode`, `IsISIN`, `IsISRC` etc
+- [x] Implement [validation by maps](https://github.com/asaskevich/govalidator/issues/224)
+- [ ] Implement fuzzing testing
+- [ ] Implement some struct/map/array utilities
+- [ ] Implement map/array validation
+- [ ] Implement benchmarking
+- [ ] Implement batch of examples
+- [ ] Look at forks for new features and fixes
+
+#### Advice
+Feel free to create what you want, but keep in mind when you implement new features:
+- Code must be clear and readable, names of variables/constants clearly describes what they are doing
+- Public functions must be documented and described in source file and added to README.md to the list of available functions
+- There are must be unit-tests for any new functions and improvements
+
+## Credits
+### Contributors
+
+This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
+
+#### Special thanks to [contributors](https://github.com/asaskevich/govalidator/graphs/contributors)
+* [Daniel Lohse](https://github.com/annismckenzie)
+* [Attila Oláh](https://github.com/attilaolah)
+* [Daniel Korner](https://github.com/Dadie)
+* [Steven Wilkin](https://github.com/stevenwilkin)
+* [Deiwin Sarjas](https://github.com/deiwin)
+* [Noah Shibley](https://github.com/slugmobile)
+* [Nathan Davies](https://github.com/nathj07)
+* [Matt Sanford](https://github.com/mzsanford)
+* [Simon ccl1115](https://github.com/ccl1115)
+
+<a href="https://github.com/asaskevich/govalidator/graphs/contributors"><img src="https://opencollective.com/govalidator/contributors.svg?width=890" /></a>
+
+
+### Backers
+
+Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/govalidator#backer)]
+
+<a href="https://opencollective.com/govalidator#backers" target="_blank"><img src="https://opencollective.com/govalidator/backers.svg?width=890"></a>
+
+
+### Sponsors
+
+Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/govalidator#sponsor)]
+
+<a href="https://opencollective.com/govalidator/sponsor/0/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/0/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/1/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/1/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/2/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/2/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/3/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/3/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/4/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/4/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/5/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/5/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/6/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/6/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/7/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/7/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/8/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/8/avatar.svg"></a>
+<a href="https://opencollective.com/govalidator/sponsor/9/website" target="_blank"><img src="https://opencollective.com/govalidator/sponsor/9/avatar.svg"></a>
+
+
+
+
+## License
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fasaskevich%2Fgovalidator.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fasaskevich%2Fgovalidator?ref=badge_large)

src/runtime/vendor/github.com/asaskevich/govalidator/arrays.go

@@ -0,0 +1,87 @@
+package govalidator
+
+// Iterator is the function that accepts element of slice/array and its index
+type Iterator func(interface{}, int)
+
+// ResultIterator is the function that accepts element of slice/array and its index and returns any result
+type ResultIterator func(interface{}, int) interface{}
+
+// ConditionIterator is the function that accepts element of slice/array and its index and returns boolean
+type ConditionIterator func(interface{}, int) bool
+
+// ReduceIterator is the function that accepts two element of slice/array and returns result of merging those values
+type ReduceIterator func(interface{}, interface{}) interface{}
+
+// Some validates that any item of array corresponds to ConditionIterator. Returns boolean.
+func Some(array []interface{}, iterator ConditionIterator) bool {
+	res := false
+	for index, data := range array {
+		res = res || iterator(data, index)
+	}
+	return res
+}
+
+// Every validates that every item of array corresponds to ConditionIterator. Returns boolean.
+func Every(array []interface{}, iterator ConditionIterator) bool {
+	res := true
+	for index, data := range array {
+		res = res && iterator(data, index)
+	}
+	return res
+}
+
+// Reduce boils down a list of values into a single value by ReduceIterator
+func Reduce(array []interface{}, iterator ReduceIterator, initialValue interface{}) interface{} {
+	for _, data := range array {
+		initialValue = iterator(initialValue, data)
+	}
+	return initialValue
+}
+
+// Each iterates over the slice and apply Iterator to every item
+func Each(array []interface{}, iterator Iterator) {
+	for index, data := range array {
+		iterator(data, index)
+	}
+}
+
+// Map iterates over the slice and apply ResultIterator to every item. Returns new slice as a result.
+func Map(array []interface{}, iterator ResultIterator) []interface{} {
+	var result = make([]interface{}, len(array))
+	for index, data := range array {
+		result[index] = iterator(data, index)
+	}
+	return result
+}
+
+// Find iterates over the slice and apply ConditionIterator to every item. Returns first item that meet ConditionIterator or nil otherwise.
+func Find(array []interface{}, iterator ConditionIterator) interface{} {
+	for index, data := range array {
+		if iterator(data, index) {
+			return data
+		}
+	}
+	return nil
+}
+
+// Filter iterates over the slice and apply ConditionIterator to every item. Returns new slice.
+func Filter(array []interface{}, iterator ConditionIterator) []interface{} {
+	var result = make([]interface{}, 0)
+	for index, data := range array {
+		if iterator(data, index) {
+			result = append(result, data)
+		}
+	}
+	return result
+}
+
+// Count iterates over the slice and apply ConditionIterator to every item. Returns count of items that meets ConditionIterator.
+func Count(array []interface{}, iterator ConditionIterator) int {
+	count := 0
+	for index, data := range array {
+		if iterator(data, index) {
+			count = count + 1
+		}
+	}
+	return count
+}

src/runtime/vendor/github.com/asaskevich/govalidator/converter.go

@@ -0,0 +1,81 @@
+package govalidator
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"strconv"
+)
+
+// ToString convert the input to a string.
+func ToString(obj interface{}) string {
+	res := fmt.Sprintf("%v", obj)
+	return res
+}
+
+// ToJSON convert the input to a valid JSON string
+func ToJSON(obj interface{}) (string, error) {
+	res, err := json.Marshal(obj)
+	if err != nil {
+		res = []byte("")
+	}
+	return string(res), err
+}
+
+// ToFloat convert the input string to a float, or 0.0 if the input is not a float.
+func ToFloat(value interface{}) (res float64, err error) {
+	val := reflect.ValueOf(value)
+
+	switch value.(type) {
+	case int, int8, int16, int32, int64:
+		res = float64(val.Int())
+	case uint, uint8, uint16, uint32, uint64:
+		res = float64(val.Uint())
+	case float32, float64:
+		res = val.Float()
+	case string:
+		res, err = strconv.ParseFloat(val.String(), 64)
+		if err != nil {
+			res = 0
+		}
+	default:
+		err = fmt.Errorf("ToInt: unknown interface type %T", value)
+		res = 0
+	}
+
+	return
+}
+
+// ToInt convert the input string or any int type to an integer type 64, or 0 if the input is not an integer.
+func ToInt(value interface{}) (res int64, err error) {
+	val := reflect.ValueOf(value)
+
+	switch value.(type) {
+	case int, int8, int16, int32, int64:
+		res = val.Int()
+	case uint, uint8, uint16, uint32, uint64:
+		res = int64(val.Uint())
+	case float32, float64:
+		res = int64(val.Float())
+	case string:
+		if IsInt(val.String()) {
+			res, err = strconv.ParseInt(val.String(), 0, 64)
+			if err != nil {
+				res = 0
+			}
+		} else {
+			err = fmt.Errorf("ToInt: invalid numeric format %g", value)
+			res = 0
+		}
+	default:
+		err = fmt.Errorf("ToInt: unknown interface type %T", value)
+		res = 0
+	}
+
+	return
+}
+
+// ToBoolean convert the input string to a boolean.
+func ToBoolean(str string) (bool, error) {
+	return strconv.ParseBool(str)
+}

src/runtime/vendor/github.com/asaskevich/govalidator/doc.go

@@ -0,0 +1,3 @@
+package govalidator
+
+// A package of validators and sanitizers for strings, structures and collections.

src/runtime/vendor/github.com/asaskevich/govalidator/error.go

@@ -0,0 +1,47 @@
+package govalidator
+
+import (
+	"sort"
+	"strings"
+)
+
+// Errors is an array of multiple errors and conforms to the error interface.
+type Errors []error
+
+// Errors returns itself.
+func (es Errors) Errors() []error {
+	return es
+}
+
+func (es Errors) Error() string {
+	var errs []string
+	for _, e := range es {
+		errs = append(errs, e.Error())
+	}
+	sort.Strings(errs)
+	return strings.Join(errs, ";")
+}
+
+// Error encapsulates a name, an error and whether there's a custom error message or not.
+type Error struct {
+	Name                     string
+	Err                      error
+	CustomErrorMessageExists bool
+
+	// Validator indicates the name of the validator that failed
+	Validator string
+	Path      []string
+}
+
+func (e Error) Error() string {
+	if e.CustomErrorMessageExists {
+		return e.Err.Error()
+	}
+
+	errName := e.Name
+	if len(e.Path) > 0 {
+		errName = strings.Join(append(e.Path, e.Name), ".")
+	}
+
+	return errName + ": " + e.Err.Error()
+}

src/runtime/vendor/github.com/asaskevich/govalidator/numerics.go

@@ -0,0 +1,100 @@
+package govalidator
+
+import (
+	"math"
+)
+
+// Abs returns absolute value of number
+func Abs(value float64) float64 {
+	return math.Abs(value)
+}
+
+// Sign returns signum of number: 1 in case of value > 0, -1 in case of value < 0, 0 otherwise
+func Sign(value float64) float64 {
+	if value > 0 {
+		return 1
+	} else if value < 0 {
+		return -1
+	} else {
+		return 0
+	}
+}
+
+// IsNegative returns true if value < 0
+func IsNegative(value float64) bool {
+	return value < 0
+}
+
+// IsPositive returns true if value > 0
+func IsPositive(value float64) bool {
+	return value > 0
+}
+
+// IsNonNegative returns true if value >= 0
+func IsNonNegative(value float64) bool {
+	return value >= 0
+}
+
+// IsNonPositive returns true if value <= 0
+func IsNonPositive(value float64) bool {
+	return value <= 0
+}
+
+// InRangeInt returns true if value lies between left and right border
+func InRangeInt(value, left, right interface{}) bool {
+	value64, _ := ToInt(value)
+	left64, _ := ToInt(left)
+	right64, _ := ToInt(right)
+	if left64 > right64 {
+		left64, right64 = right64, left64
+	}
+	return value64 >= left64 && value64 <= right64
+}
+
+// InRangeFloat32 returns true if value lies between left and right border
+func InRangeFloat32(value, left, right float32) bool {
+	if left > right {
+		left, right = right, left
+	}
+	return value >= left && value <= right
+}
+
+// InRangeFloat64 returns true if value lies between left and right border
+func InRangeFloat64(value, left, right float64) bool {
+	if left > right {
+		left, right = right, left
+	}
+	return value >= left && value <= right
+}
+
+// InRange returns true if value lies between left and right border, generic type to handle int, float32, float64 and string.
+// All types must the same type.
+// False if value doesn't lie in range or if it incompatible or not comparable
+func InRange(value interface{}, left interface{}, right interface{}) bool {
+	switch value.(type) {
+	case int:
+		intValue, _ := ToInt(value)
+		intLeft, _ := ToInt(left)
+		intRight, _ := ToInt(right)
+		return InRangeInt(intValue, intLeft, intRight)
+	case float32, float64:
+		intValue, _ := ToFloat(value)
+		intLeft, _ := ToFloat(left)
+		intRight, _ := ToFloat(right)
+		return InRangeFloat64(intValue, intLeft, intRight)
+	case string:
+		return value.(string) >= left.(string) && value.(string) <= right.(string)
+	default:
+		return false
+	}
+}
+
+// IsWhole returns true if value is whole number
+func IsWhole(value float64) bool {
+	return math.Remainder(value, 1) == 0
+}
+
+// IsNatural returns true if value is natural number (positive and whole)
+func IsNatural(value float64) bool {
+	return IsWhole(value) && IsPositive(value)
+}

src/runtime/vendor/github.com/asaskevich/govalidator/patterns.go

@@ -0,0 +1,113 @@
+package govalidator
+
+import "regexp"
+
+// Basic regular expressions for validating strings
+const (
+	Email             string = "^(((([a-zA-Z]|\\d|[!#\\$%&'\\*\\+\\-\\/=\\?\\^_`{\\|}~]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])+(\\.([a-zA-Z]|\\d|[!#\\$%&'\\*\\+\\-\\/=\\?\\^_`{\\|}~]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])+)*)|((\\x22)((((\\x20|\\x09)*(\\x0d\\x0a))?(\\x20|\\x09)+)?(([\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]|\\x21|[\\x23-\\x5b]|[\\x5d-\\x7e]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])|(\\([\\x01-\\x09\\x0b\\x0c\\x0d-\\x7f]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}]))))*(((\\x20|\\x09)*(\\x0d\\x0a))?(\\x20|\\x09)+)?(\\x22)))@((([a-zA-Z]|\\d|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])|(([a-zA-Z]|\\d|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])([a-zA-Z]|\\d|-|\\.|_|~|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])*([a-zA-Z]|\\d|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])))\\.)+(([a-zA-Z]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])|(([a-zA-Z]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])([a-zA-Z]|\\d|-|_|~|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])*([a-zA-Z]|[\\x{00A0}-\\x{D7FF}\\x{F900}-\\x{FDCF}\\x{FDF0}-\\x{FFEF}])))\\.?$"
+	CreditCard        string = "^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|(222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11}|6[27][0-9]{14})$"
+	ISBN10            string = "^(?:[0-9]{9}X|[0-9]{10})$"
+	ISBN13            string = "^(?:[0-9]{13})$"
+	UUID3             string = "^[0-9a-f]{8}-[0-9a-f]{4}-3[0-9a-f]{3}-[0-9a-f]{4}-[0-9a-f]{12}$"
+	UUID4             string = "^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$"
+	UUID5             string = "^[0-9a-f]{8}-[0-9a-f]{4}-5[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$"
+	UUID              string = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+	Alpha             string = "^[a-zA-Z]+$"
+	Alphanumeric      string = "^[a-zA-Z0-9]+$"
+	Numeric           string = "^[0-9]+$"
+	Int               string = "^(?:[-+]?(?:0|[1-9][0-9]*))$"
+	Float             string = "^(?:[-+]?(?:[0-9]+))?(?:\\.[0-9]*)?(?:[eE][\\+\\-]?(?:[0-9]+))?$"
+	Hexadecimal       string = "^[0-9a-fA-F]+$"
+	Hexcolor          string = "^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$"
+	RGBcolor          string = "^rgb\\(\\s*(0|[1-9]\\d?|1\\d\\d?|2[0-4]\\d|25[0-5])\\s*,\\s*(0|[1-9]\\d?|1\\d\\d?|2[0-4]\\d|25[0-5])\\s*,\\s*(0|[1-9]\\d?|1\\d\\d?|2[0-4]\\d|25[0-5])\\s*\\)$"
+	ASCII             string = "^[\x00-\x7F]+$"
+	Multibyte         string = "[^\x00-\x7F]"
+	FullWidth         string = "[^\u0020-\u007E\uFF61-\uFF9F\uFFA0-\uFFDC\uFFE8-\uFFEE0-9a-zA-Z]"
+	HalfWidth         string = "[\u0020-\u007E\uFF61-\uFF9F\uFFA0-\uFFDC\uFFE8-\uFFEE0-9a-zA-Z]"
+	Base64            string = "^(?:[A-Za-z0-9+\\/]{4})*(?:[A-Za-z0-9+\\/]{2}==|[A-Za-z0-9+\\/]{3}=|[A-Za-z0-9+\\/]{4})$"
+	PrintableASCII    string = "^[\x20-\x7E]+$"
+	DataURI           string = "^data:.+\\/(.+);base64$"
+	MagnetURI         string = "^magnet:\\?xt=urn:[a-zA-Z0-9]+:[a-zA-Z0-9]{32,40}&dn=.+&tr=.+$"
+	Latitude          string = "^[-+]?([1-8]?\\d(\\.\\d+)?|90(\\.0+)?)$"
+	Longitude         string = "^[-+]?(180(\\.0+)?|((1[0-7]\\d)|([1-9]?\\d))(\\.\\d+)?)$"
+	DNSName           string = `^([a-zA-Z0-9_]{1}[a-zA-Z0-9_-]{0,62}){1}(\.[a-zA-Z0-9_]{1}[a-zA-Z0-9_-]{0,62})*[\._]?$`
+	IP                string = `(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))`
+	URLSchema         string = `((ftp|tcp|udp|wss?|https?):\/\/)`
+	URLUsername       string = `(\S+(:\S*)?@)`
+	URLPath           string = `((\/|\?|#)[^\s]*)`
+	URLPort           string = `(:(\d{1,5}))`
+	URLIP             string = `([1-9]\d?|1\d\d|2[01]\d|22[0-3]|24\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){2}(?:\.([0-9]\d?|1\d\d|2[0-4]\d|25[0-5]))`
+	URLSubdomain      string = `((www\.)|([a-zA-Z0-9]+([-_\.]?[a-zA-Z0-9])*[a-zA-Z0-9]\.[a-zA-Z0-9]+))`
+	URL                      = `^` + URLSchema + `?` + URLUsername + `?` + `((` + URLIP + `|(\[` + IP + `\])|(([a-zA-Z0-9]([a-zA-Z0-9-_]+)?[a-zA-Z0-9]([-\.][a-zA-Z0-9]+)*)|(` + URLSubdomain + `?))?(([a-zA-Z\x{00a1}-\x{ffff}0-9]+-?-?)*[a-zA-Z\x{00a1}-\x{ffff}0-9]+)(?:\.([a-zA-Z\x{00a1}-\x{ffff}]{1,}))?))\.?` + URLPort + `?` + URLPath + `?$`
+	SSN               string = `^\d{3}[- ]?\d{2}[- ]?\d{4}$`
+	WinPath           string = `^[a-zA-Z]:\\(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*$`
+	UnixPath          string = `^(/[^/\x00]*)+/?$`
+	WinARPath         string = `^(?:(?:[a-zA-Z]:|\\\\[a-z0-9_.$●-]+\\[a-z0-9_.$●-]+)\\|\\?[^\\/:*?"<>|\r\n]+\\?)(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*$`
+	UnixARPath        string = `^((\.{0,2}/)?([^/\x00]*))+/?$`
+	Semver            string = "^v?(?:0|[1-9]\\d*)\\.(?:0|[1-9]\\d*)\\.(?:0|[1-9]\\d*)(-(0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(\\.(0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\\+[0-9a-zA-Z-]+(\\.[0-9a-zA-Z-]+)*)?$"
+	tagName           string = "valid"
+	hasLowerCase      string = ".*[[:lower:]]"
+	hasUpperCase      string = ".*[[:upper:]]"
+	hasWhitespace     string = ".*[[:space:]]"
+	hasWhitespaceOnly string = "^[[:space:]]+$"
+	IMEI              string = "^[0-9a-f]{14}$|^\\d{15}$|^\\d{18}$"
+	IMSI              string = "^\\d{14,15}$"
+	E164              string = `^\+?[1-9]\d{1,14}$`
+)
+
+// Used by IsFilePath func
+const (
+	// Unknown is unresolved OS type
+	Unknown = iota
+	// Win is Windows type
+	Win
+	// Unix is *nix OS types
+	Unix
+)
+
+var (
+	userRegexp          = regexp.MustCompile("^[a-zA-Z0-9!#$%&'*+/=?^_`{|}~.-]+$")
+	hostRegexp          = regexp.MustCompile("^[^\\s]+\\.[^\\s]+$")
+	userDotRegexp       = regexp.MustCompile("(^[.]{1})|([.]{1}$)|([.]{2,})")
+	rxEmail             = regexp.MustCompile(Email)
+	rxCreditCard        = regexp.MustCompile(CreditCard)
+	rxISBN10            = regexp.MustCompile(ISBN10)
+	rxISBN13            = regexp.MustCompile(ISBN13)
+	rxUUID3             = regexp.MustCompile(UUID3)
+	rxUUID4             = regexp.MustCompile(UUID4)
+	rxUUID5             = regexp.MustCompile(UUID5)
+	rxUUID              = regexp.MustCompile(UUID)
+	rxAlpha             = regexp.MustCompile(Alpha)
+	rxAlphanumeric      = regexp.MustCompile(Alphanumeric)
+	rxNumeric           = regexp.MustCompile(Numeric)
+	rxInt               = regexp.MustCompile(Int)
+	rxFloat             = regexp.MustCompile(Float)
+	rxHexadecimal       = regexp.MustCompile(Hexadecimal)
+	rxHexcolor          = regexp.MustCompile(Hexcolor)
+	rxRGBcolor          = regexp.MustCompile(RGBcolor)
+	rxASCII             = regexp.MustCompile(ASCII)
+	rxPrintableASCII    = regexp.MustCompile(PrintableASCII)
+	rxMultibyte         = regexp.MustCompile(Multibyte)
+	rxFullWidth         = regexp.MustCompile(FullWidth)
+	rxHalfWidth         = regexp.MustCompile(HalfWidth)
+	rxBase64            = regexp.MustCompile(Base64)
+	rxDataURI           = regexp.MustCompile(DataURI)
+	rxMagnetURI         = regexp.MustCompile(MagnetURI)
+	rxLatitude          = regexp.MustCompile(Latitude)
+	rxLongitude         = regexp.MustCompile(Longitude)
+	rxDNSName           = regexp.MustCompile(DNSName)
+	rxURL               = regexp.MustCompile(URL)
+	rxSSN               = regexp.MustCompile(SSN)
+	rxWinPath           = regexp.MustCompile(WinPath)
+	rxUnixPath          = regexp.MustCompile(UnixPath)
+	rxARWinPath         = regexp.MustCompile(WinARPath)
+	rxARUnixPath        = regexp.MustCompile(UnixARPath)
+	rxSemver            = regexp.MustCompile(Semver)
+	rxHasLowerCase      = regexp.MustCompile(hasLowerCase)
+	rxHasUpperCase      = regexp.MustCompile(hasUpperCase)
+	rxHasWhitespace     = regexp.MustCompile(hasWhitespace)
+	rxHasWhitespaceOnly = regexp.MustCompile(hasWhitespaceOnly)
+	rxIMEI              = regexp.MustCompile(IMEI)
+	rxIMSI              = regexp.MustCompile(IMSI)
+	rxE164              = regexp.MustCompile(E164)
+)

src/runtime/vendor/github.com/asaskevich/govalidator/types.go

@@ -0,0 +1,656 @@
+package govalidator
+
+import (
+	"reflect"
+	"regexp"
+	"sort"
+	"sync"
+)
+
+// Validator is a wrapper for a validator function that returns bool and accepts string.
+type Validator func(str string) bool
+
+// CustomTypeValidator is a wrapper for validator functions that returns bool and accepts any type.
+// The second parameter should be the context (in the case of validating a struct: the whole object being validated).
+type CustomTypeValidator func(i interface{}, o interface{}) bool
+
+// ParamValidator is a wrapper for validator functions that accept additional parameters.
+type ParamValidator func(str string, params ...string) bool
+
+// InterfaceParamValidator is a wrapper for functions that accept variants parameters for an interface value
+type InterfaceParamValidator func(in interface{}, params ...string) bool
+type tagOptionsMap map[string]tagOption
+
+func (t tagOptionsMap) orderedKeys() []string {
+	var keys []string
+	for k := range t {
+		keys = append(keys, k)
+	}
+
+	sort.Slice(keys, func(a, b int) bool {
+		return t[keys[a]].order < t[keys[b]].order
+	})
+
+	return keys
+}
+
+type tagOption struct {
+	name               string
+	customErrorMessage string
+	order              int
+}
+
+// UnsupportedTypeError is a wrapper for reflect.Type
+type UnsupportedTypeError struct {
+	Type reflect.Type
+}
+
+// stringValues is a slice of reflect.Value holding *reflect.StringValue.
+// It implements the methods to sort by string.
+type stringValues []reflect.Value
+
+// InterfaceParamTagMap is a map of functions accept variants parameters for an interface value
+var InterfaceParamTagMap = map[string]InterfaceParamValidator{
+	"type": IsType,
+}
+
+// InterfaceParamTagRegexMap maps interface param tags to their respective regexes.
+var InterfaceParamTagRegexMap = map[string]*regexp.Regexp{
+	"type": regexp.MustCompile(`^type\((.*)\)$`),
+}
+
+// ParamTagMap is a map of functions accept variants parameters
+var ParamTagMap = map[string]ParamValidator{
+	"length":          ByteLength,
+	"range":           Range,
+	"runelength":      RuneLength,
+	"stringlength":    StringLength,
+	"matches":         StringMatches,
+	"in":              IsInRaw,
+	"rsapub":          IsRsaPub,
+	"minstringlength": MinStringLength,
+	"maxstringlength": MaxStringLength,
+}
+
+// ParamTagRegexMap maps param tags to their respective regexes.
+var ParamTagRegexMap = map[string]*regexp.Regexp{
+	"range":           regexp.MustCompile("^range\\((\\d+)\\|(\\d+)\\)$"),
+	"length":          regexp.MustCompile("^length\\((\\d+)\\|(\\d+)\\)$"),
+	"runelength":      regexp.MustCompile("^runelength\\((\\d+)\\|(\\d+)\\)$"),
+	"stringlength":    regexp.MustCompile("^stringlength\\((\\d+)\\|(\\d+)\\)$"),
+	"in":              regexp.MustCompile(`^in\((.*)\)`),
+	"matches":         regexp.MustCompile(`^matches\((.+)\)$`),
+	"rsapub":          regexp.MustCompile("^rsapub\\((\\d+)\\)$"),
+	"minstringlength": regexp.MustCompile("^minstringlength\\((\\d+)\\)$"),
+	"maxstringlength": regexp.MustCompile("^maxstringlength\\((\\d+)\\)$"),
+}
+
+type customTypeTagMap struct {
+	validators map[string]CustomTypeValidator
+
+	sync.RWMutex
+}
+
+func (tm *customTypeTagMap) Get(name string) (CustomTypeValidator, bool) {
+	tm.RLock()
+	defer tm.RUnlock()
+	v, ok := tm.validators[name]
+	return v, ok
+}
+
+func (tm *customTypeTagMap) Set(name string, ctv CustomTypeValidator) {
+	tm.Lock()
+	defer tm.Unlock()
+	tm.validators[name] = ctv
+}
+
+// CustomTypeTagMap is a map of functions that can be used as tags for ValidateStruct function.
+// Use this to validate compound or custom types that need to be handled as a whole, e.g.
+// `type UUID [16]byte` (this would be handled as an array of bytes).
+var CustomTypeTagMap = &customTypeTagMap{validators: make(map[string]CustomTypeValidator)}
+
+// TagMap is a map of functions, that can be used as tags for ValidateStruct function.
+var TagMap = map[string]Validator{
+	"email":              IsEmail,
+	"url":                IsURL,
+	"dialstring":         IsDialString,
+	"requrl":             IsRequestURL,
+	"requri":             IsRequestURI,
+	"alpha":              IsAlpha,
+	"utfletter":          IsUTFLetter,
+	"alphanum":           IsAlphanumeric,
+	"utfletternum":       IsUTFLetterNumeric,
+	"numeric":            IsNumeric,
+	"utfnumeric":         IsUTFNumeric,
+	"utfdigit":           IsUTFDigit,
+	"hexadecimal":        IsHexadecimal,
+	"hexcolor":           IsHexcolor,
+	"rgbcolor":           IsRGBcolor,
+	"lowercase":          IsLowerCase,
+	"uppercase":          IsUpperCase,
+	"int":                IsInt,
+	"float":              IsFloat,
+	"null":               IsNull,
+	"notnull":            IsNotNull,
+	"uuid":               IsUUID,
+	"uuidv3":             IsUUIDv3,
+	"uuidv4":             IsUUIDv4,
+	"uuidv5":             IsUUIDv5,
+	"creditcard":         IsCreditCard,
+	"isbn10":             IsISBN10,
+	"isbn13":             IsISBN13,
+	"json":               IsJSON,
+	"multibyte":          IsMultibyte,
+	"ascii":              IsASCII,
+	"printableascii":     IsPrintableASCII,
+	"fullwidth":          IsFullWidth,
+	"halfwidth":          IsHalfWidth,
+	"variablewidth":      IsVariableWidth,
+	"base64":             IsBase64,
+	"datauri":            IsDataURI,
+	"ip":                 IsIP,
+	"port":               IsPort,
+	"ipv4":               IsIPv4,
+	"ipv6":               IsIPv6,
+	"dns":                IsDNSName,
+	"host":               IsHost,
+	"mac":                IsMAC,
+	"latitude":           IsLatitude,
+	"longitude":          IsLongitude,
+	"ssn":                IsSSN,
+	"semver":             IsSemver,
+	"rfc3339":            IsRFC3339,
+	"rfc3339WithoutZone": IsRFC3339WithoutZone,
+	"ISO3166Alpha2":      IsISO3166Alpha2,
+	"ISO3166Alpha3":      IsISO3166Alpha3,
+	"ISO4217":            IsISO4217,
+	"IMEI":               IsIMEI,
+	"ulid":               IsULID,
+}
+
+// ISO3166Entry stores country codes
+type ISO3166Entry struct {
+	EnglishShortName string
+	FrenchShortName  string
+	Alpha2Code       string
+	Alpha3Code       string
+	Numeric          string
+}
+
+//ISO3166List based on https://www.iso.org/obp/ui/#search/code/ Code Type "Officially Assigned Codes"
+var ISO3166List = []ISO3166Entry{
+	{"Afghanistan", "Afghanistan (l')", "AF", "AFG", "004"},
+	{"Albania", "Albanie (l')", "AL", "ALB", "008"},
+	{"Antarctica", "Antarctique (l')", "AQ", "ATA", "010"},
+	{"Algeria", "Algérie (l')", "DZ", "DZA", "012"},
+	{"American Samoa", "Samoa américaines (les)", "AS", "ASM", "016"},
+	{"Andorra", "Andorre (l')", "AD", "AND", "020"},
+	{"Angola", "Angola (l')", "AO", "AGO", "024"},
+	{"Antigua and Barbuda", "Antigua-et-Barbuda", "AG", "ATG", "028"},
+	{"Azerbaijan", "Azerbaïdjan (l')", "AZ", "AZE", "031"},
+	{"Argentina", "Argentine (l')", "AR", "ARG", "032"},
+	{"Australia", "Australie (l')", "AU", "AUS", "036"},
+	{"Austria", "Autriche (l')", "AT", "AUT", "040"},
+	{"Bahamas (the)", "Bahamas (les)", "BS", "BHS", "044"},
+	{"Bahrain", "Bahreïn", "BH", "BHR", "048"},
+	{"Bangladesh", "Bangladesh (le)", "BD", "BGD", "050"},
+	{"Armenia", "Arménie (l')", "AM", "ARM", "051"},
+	{"Barbados", "Barbade (la)", "BB", "BRB", "052"},
+	{"Belgium", "Belgique (la)", "BE", "BEL", "056"},
+	{"Bermuda", "Bermudes (les)", "BM", "BMU", "060"},
+	{"Bhutan", "Bhoutan (le)", "BT", "BTN", "064"},
+	{"Bolivia (Plurinational State of)", "Bolivie (État plurinational de)", "BO", "BOL", "068"},
+	{"Bosnia and Herzegovina", "Bosnie-Herzégovine (la)", "BA", "BIH", "070"},
+	{"Botswana", "Botswana (le)", "BW", "BWA", "072"},
+	{"Bouvet Island", "Bouvet (l'Île)", "BV", "BVT", "074"},
+	{"Brazil", "Brésil (le)", "BR", "BRA", "076"},
+	{"Belize", "Belize (le)", "BZ", "BLZ", "084"},
+	{"British Indian Ocean Territory (the)", "Indien (le Territoire britannique de l'océan)", "IO", "IOT", "086"},
+	{"Solomon Islands", "Salomon (Îles)", "SB", "SLB", "090"},
+	{"Virgin Islands (British)", "Vierges britanniques (les Îles)", "VG", "VGB", "092"},
+	{"Brunei Darussalam", "Brunéi Darussalam (le)", "BN", "BRN", "096"},
+	{"Bulgaria", "Bulgarie (la)", "BG", "BGR", "100"},
+	{"Myanmar", "Myanmar (le)", "MM", "MMR", "104"},
+	{"Burundi", "Burundi (le)", "BI", "BDI", "108"},
+	{"Belarus", "Bélarus (le)", "BY", "BLR", "112"},
+	{"Cambodia", "Cambodge (le)", "KH", "KHM", "116"},
+	{"Cameroon", "Cameroun (le)", "CM", "CMR", "120"},
+	{"Canada", "Canada (le)", "CA", "CAN", "124"},
+	{"Cabo Verde", "Cabo Verde", "CV", "CPV", "132"},
+	{"Cayman Islands (the)", "Caïmans (les Îles)", "KY", "CYM", "136"},
+	{"Central African Republic (the)", "République centrafricaine (la)", "CF", "CAF", "140"},
+	{"Sri Lanka", "Sri Lanka", "LK", "LKA", "144"},
+	{"Chad", "Tchad (le)", "TD", "TCD", "148"},
+	{"Chile", "Chili (le)", "CL", "CHL", "152"},
+	{"China", "Chine (la)", "CN", "CHN", "156"},
+	{"Taiwan (Province of China)", "Taïwan (Province de Chine)", "TW", "TWN", "158"},
+	{"Christmas Island", "Christmas (l'Île)", "CX", "CXR", "162"},
+	{"Cocos (Keeling) Islands (the)", "Cocos (les Îles)/ Keeling (les Îles)", "CC", "CCK", "166"},
+	{"Colombia", "Colombie (la)", "CO", "COL", "170"},
+	{"Comoros (the)", "Comores (les)", "KM", "COM", "174"},
+	{"Mayotte", "Mayotte", "YT", "MYT", "175"},
+	{"Congo (the)", "Congo (le)", "CG", "COG", "178"},
+	{"Congo (the Democratic Republic of the)", "Congo (la République démocratique du)", "CD", "COD", "180"},
+	{"Cook Islands (the)", "Cook (les Îles)", "CK", "COK", "184"},
+	{"Costa Rica", "Costa Rica (le)", "CR", "CRI", "188"},
+	{"Croatia", "Croatie (la)", "HR", "HRV", "191"},
+	{"Cuba", "Cuba", "CU", "CUB", "192"},
+	{"Cyprus", "Chypre", "CY", "CYP", "196"},
+	{"Czech Republic (the)", "tchèque (la République)", "CZ", "CZE", "203"},
+	{"Benin", "Bénin (le)", "BJ", "BEN", "204"},
+	{"Denmark", "Danemark (le)", "DK", "DNK", "208"},
+	{"Dominica", "Dominique (la)", "DM", "DMA", "212"},
+	{"Dominican Republic (the)", "dominicaine (la République)", "DO", "DOM", "214"},
+	{"Ecuador", "Équateur (l')", "EC", "ECU", "218"},
+	{"El Salvador", "El Salvador", "SV", "SLV", "222"},
+	{"Equatorial Guinea", "Guinée équatoriale (la)", "GQ", "GNQ", "226"},
+	{"Ethiopia", "Éthiopie (l')", "ET", "ETH", "231"},
+	{"Eritrea", "Érythrée (l')", "ER", "ERI", "232"},
+	{"Estonia", "Estonie (l')", "EE", "EST", "233"},
+	{"Faroe Islands (the)", "Féroé (les Îles)", "FO", "FRO", "234"},
+	{"Falkland Islands (the) [Malvinas]", "Falkland (les Îles)/Malouines (les Îles)", "FK", "FLK", "238"},
+	{"South Georgia and the South Sandwich Islands", "Géorgie du Sud-et-les Îles Sandwich du Sud (la)", "GS", "SGS", "239"},
+	{"Fiji", "Fidji (les)", "FJ", "FJI", "242"},
+	{"Finland", "Finlande (la)", "FI", "FIN", "246"},
+	{"Åland Islands", "Åland(les Îles)", "AX", "ALA", "248"},
+	{"France", "France (la)", "FR", "FRA", "250"},
+	{"French Guiana", "Guyane française (la )", "GF", "GUF", "254"},
+	{"French Polynesia", "Polynésie française (la)", "PF", "PYF", "258"},
+	{"French Southern Territories (the)", "Terres australes françaises (les)", "TF", "ATF", "260"},
+	{"Djibouti", "Djibouti", "DJ", "DJI", "262"},
+	{"Gabon", "Gabon (le)", "GA", "GAB", "266"},
+	{"Georgia", "Géorgie (la)", "GE", "GEO", "268"},
+	{"Gambia (the)", "Gambie (la)", "GM", "GMB", "270"},
+	{"Palestine, State of", "Palestine, État de", "PS", "PSE", "275"},
+	{"Germany", "Allemagne (l')", "DE", "DEU", "276"},
+	{"Ghana", "Ghana (le)", "GH", "GHA", "288"},
+	{"Gibraltar", "Gibraltar", "GI", "GIB", "292"},
+	{"Kiribati", "Kiribati", "KI", "KIR", "296"},
+	{"Greece", "Grèce (la)", "GR", "GRC", "300"},
+	{"Greenland", "Groenland (le)", "GL", "GRL", "304"},
+	{"Grenada", "Grenade (la)", "GD", "GRD", "308"},
+	{"Guadeloupe", "Guadeloupe (la)", "GP", "GLP", "312"},
+	{"Guam", "Guam", "GU", "GUM", "316"},
+	{"Guatemala", "Guatemala (le)", "GT", "GTM", "320"},
+	{"Guinea", "Guinée (la)", "GN", "GIN", "324"},
+	{"Guyana", "Guyana (le)", "GY", "GUY", "328"},
+	{"Haiti", "Haïti", "HT", "HTI", "332"},
+	{"Heard Island and McDonald Islands", "Heard-et-Îles MacDonald (l'Île)", "HM", "HMD", "334"},
+	{"Holy See (the)", "Saint-Siège (le)", "VA", "VAT", "336"},
+	{"Honduras", "Honduras (le)", "HN", "HND", "340"},
+	{"Hong Kong", "Hong Kong", "HK", "HKG", "344"},
+	{"Hungary", "Hongrie (la)", "HU", "HUN", "348"},
+	{"Iceland", "Islande (l')", "IS", "ISL", "352"},
+	{"India", "Inde (l')", "IN", "IND", "356"},
+	{"Indonesia", "Indonésie (l')", "ID", "IDN", "360"},
+	{"Iran (Islamic Republic of)", "Iran (République Islamique d')", "IR", "IRN", "364"},
+	{"Iraq", "Iraq (l')", "IQ", "IRQ", "368"},
+	{"Ireland", "Irlande (l')", "IE", "IRL", "372"},
+	{"Israel", "Israël", "IL", "ISR", "376"},
+	{"Italy", "Italie (l')", "IT", "ITA", "380"},
+	{"Côte d'Ivoire", "Côte d'Ivoire (la)", "CI", "CIV", "384"},
+	{"Jamaica", "Jamaïque (la)", "JM", "JAM", "388"},
+	{"Japan", "Japon (le)", "JP", "JPN", "392"},
+	{"Kazakhstan", "Kazakhstan (le)", "KZ", "KAZ", "398"},
+	{"Jordan", "Jordanie (la)", "JO", "JOR", "400"},
+	{"Kenya", "Kenya (le)", "KE", "KEN", "404"},
+	{"Korea (the Democratic People's Republic of)", "Corée (la République populaire démocratique de)", "KP", "PRK", "408"},
+	{"Korea (the Republic of)", "Corée (la République de)", "KR", "KOR", "410"},
+	{"Kuwait", "Koweït (le)", "KW", "KWT", "414"},
+	{"Kyrgyzstan", "Kirghizistan (le)", "KG", "KGZ", "417"},
+	{"Lao People's Democratic Republic (the)", "Lao, République démocratique populaire", "LA", "LAO", "418"},
+	{"Lebanon", "Liban (le)", "LB", "LBN", "422"},
+	{"Lesotho", "Lesotho (le)", "LS", "LSO", "426"},
+	{"Latvia", "Lettonie (la)", "LV", "LVA", "428"},
+	{"Liberia", "Libéria (le)", "LR", "LBR", "430"},
+	{"Libya", "Libye (la)", "LY", "LBY", "434"},
+	{"Liechtenstein", "Liechtenstein (le)", "LI", "LIE", "438"},
+	{"Lithuania", "Lituanie (la)", "LT", "LTU", "440"},
+	{"Luxembourg", "Luxembourg (le)", "LU", "LUX", "442"},
+	{"Macao", "Macao", "MO", "MAC", "446"},
+	{"Madagascar", "Madagascar", "MG", "MDG", "450"},
+	{"Malawi", "Malawi (le)", "MW", "MWI", "454"},
+	{"Malaysia", "Malaisie (la)", "MY", "MYS", "458"},
+	{"Maldives", "Maldives (les)", "MV", "MDV", "462"},
+	{"Mali", "Mali (le)", "ML", "MLI", "466"},
+	{"Malta", "Malte", "MT", "MLT", "470"},
+	{"Martinique", "Martinique (la)", "MQ", "MTQ", "474"},
+	{"Mauritania", "Mauritanie (la)", "MR", "MRT", "478"},
+	{"Mauritius", "Maurice", "MU", "MUS", "480"},
+	{"Mexico", "Mexique (le)", "MX", "MEX", "484"},
+	{"Monaco", "Monaco", "MC", "MCO", "492"},
+	{"Mongolia", "Mongolie (la)", "MN", "MNG", "496"},
+	{"Moldova (the Republic of)", "Moldova , République de", "MD", "MDA", "498"},
+	{"Montenegro", "Monténégro (le)", "ME", "MNE", "499"},
+	{"Montserrat", "Montserrat", "MS", "MSR", "500"},
+	{"Morocco", "Maroc (le)", "MA", "MAR", "504"},
+	{"Mozambique", "Mozambique (le)", "MZ", "MOZ", "508"},
+	{"Oman", "Oman", "OM", "OMN", "512"},
+	{"Namibia", "Namibie (la)", "NA", "NAM", "516"},
+	{"Nauru", "Nauru", "NR", "NRU", "520"},
+	{"Nepal", "Népal (le)", "NP", "NPL", "524"},
+	{"Netherlands (the)", "Pays-Bas (les)", "NL", "NLD", "528"},
+	{"Curaçao", "Curaçao", "CW", "CUW", "531"},
+	{"Aruba", "Aruba", "AW", "ABW", "533"},
+	{"Sint Maarten (Dutch part)", "Saint-Martin (partie néerlandaise)", "SX", "SXM", "534"},
+	{"Bonaire, Sint Eustatius and Saba", "Bonaire, Saint-Eustache et Saba", "BQ", "BES", "535"},
+	{"New Caledonia", "Nouvelle-Calédonie (la)", "NC", "NCL", "540"},
+	{"Vanuatu", "Vanuatu (le)", "VU", "VUT", "548"},
+	{"New Zealand", "Nouvelle-Zélande (la)", "NZ", "NZL", "554"},
+	{"Nicaragua", "Nicaragua (le)", "NI", "NIC", "558"},
+	{"Niger (the)", "Niger (le)", "NE", "NER", "562"},
+	{"Nigeria", "Nigéria (le)", "NG", "NGA", "566"},
+	{"Niue", "Niue", "NU", "NIU", "570"},
+	{"Norfolk Island", "Norfolk (l'Île)", "NF", "NFK", "574"},
+	{"Norway", "Norvège (la)", "NO", "NOR", "578"},
+	{"Northern Mariana Islands (the)", "Mariannes du Nord (les Îles)", "MP", "MNP", "580"},
+	{"United States Minor Outlying Islands (the)", "Îles mineures éloignées des États-Unis (les)", "UM", "UMI", "581"},
+	{"Micronesia (Federated States of)", "Micronésie (États fédérés de)", "FM", "FSM", "583"},
+	{"Marshall Islands (the)", "Marshall (Îles)", "MH", "MHL", "584"},
+	{"Palau", "Palaos (les)", "PW", "PLW", "585"},
+	{"Pakistan", "Pakistan (le)", "PK", "PAK", "586"},
+	{"Panama", "Panama (le)", "PA", "PAN", "591"},
+	{"Papua New Guinea", "Papouasie-Nouvelle-Guinée (la)", "PG", "PNG", "598"},
+	{"Paraguay", "Paraguay (le)", "PY", "PRY", "600"},
+	{"Peru", "Pérou (le)", "PE", "PER", "604"},
+	{"Philippines (the)", "Philippines (les)", "PH", "PHL", "608"},
+	{"Pitcairn", "Pitcairn", "PN", "PCN", "612"},
+	{"Poland", "Pologne (la)", "PL", "POL", "616"},
+	{"Portugal", "Portugal (le)", "PT", "PRT", "620"},
+	{"Guinea-Bissau", "Guinée-Bissau (la)", "GW", "GNB", "624"},
+	{"Timor-Leste", "Timor-Leste (le)", "TL", "TLS", "626"},
+	{"Puerto Rico", "Porto Rico", "PR", "PRI", "630"},
+	{"Qatar", "Qatar (le)", "QA", "QAT", "634"},
+	{"Réunion", "Réunion (La)", "RE", "REU", "638"},
+	{"Romania", "Roumanie (la)", "RO", "ROU", "642"},
+	{"Russian Federation (the)", "Russie (la Fédération de)", "RU", "RUS", "643"},
+	{"Rwanda", "Rwanda (le)", "RW", "RWA", "646"},
+	{"Saint Barthélemy", "Saint-Barthélemy", "BL", "BLM", "652"},
+	{"Saint Helena, Ascension and Tristan da Cunha", "Sainte-Hélène, Ascension et Tristan da Cunha", "SH", "SHN", "654"},
+	{"Saint Kitts and Nevis", "Saint-Kitts-et-Nevis", "KN", "KNA", "659"},
+	{"Anguilla", "Anguilla", "AI", "AIA", "660"},
+	{"Saint Lucia", "Sainte-Lucie", "LC", "LCA", "662"},
+	{"Saint Martin (French part)", "Saint-Martin (partie française)", "MF", "MAF", "663"},
+	{"Saint Pierre and Miquelon", "Saint-Pierre-et-Miquelon", "PM", "SPM", "666"},
+	{"Saint Vincent and the Grenadines", "Saint-Vincent-et-les Grenadines", "VC", "VCT", "670"},
+	{"San Marino", "Saint-Marin", "SM", "SMR", "674"},
+	{"Sao Tome and Principe", "Sao Tomé-et-Principe", "ST", "STP", "678"},
+	{"Saudi Arabia", "Arabie saoudite (l')", "SA", "SAU", "682"},
+	{"Senegal", "Sénégal (le)", "SN", "SEN", "686"},
+	{"Serbia", "Serbie (la)", "RS", "SRB", "688"},
+	{"Seychelles", "Seychelles (les)", "SC", "SYC", "690"},
+	{"Sierra Leone", "Sierra Leone (la)", "SL", "SLE", "694"},
+	{"Singapore", "Singapour", "SG", "SGP", "702"},
+	{"Slovakia", "Slovaquie (la)", "SK", "SVK", "703"},
+	{"Viet Nam", "Viet Nam (le)", "VN", "VNM", "704"},
+	{"Slovenia", "Slovénie (la)", "SI", "SVN", "705"},
+	{"Somalia", "Somalie (la)", "SO", "SOM", "706"},
+	{"South Africa", "Afrique du Sud (l')", "ZA", "ZAF", "710"},
+	{"Zimbabwe", "Zimbabwe (le)", "ZW", "ZWE", "716"},
+	{"Spain", "Espagne (l')", "ES", "ESP", "724"},
+	{"South Sudan", "Soudan du Sud (le)", "SS", "SSD", "728"},
+	{"Sudan (the)", "Soudan (le)", "SD", "SDN", "729"},
+	{"Western Sahara*", "Sahara occidental (le)*", "EH", "ESH", "732"},
+	{"Suriname", "Suriname (le)", "SR", "SUR", "740"},
+	{"Svalbard and Jan Mayen", "Svalbard et l'Île Jan Mayen (le)", "SJ", "SJM", "744"},
+	{"Swaziland", "Swaziland (le)", "SZ", "SWZ", "748"},
+	{"Sweden", "Suède (la)", "SE", "SWE", "752"},
+	{"Switzerland", "Suisse (la)", "CH", "CHE", "756"},
+	{"Syrian Arab Republic", "République arabe syrienne (la)", "SY", "SYR", "760"},
+	{"Tajikistan", "Tadjikistan (le)", "TJ", "TJK", "762"},
+	{"Thailand", "Thaïlande (la)", "TH", "THA", "764"},
+	{"Togo", "Togo (le)", "TG", "TGO", "768"},
+	{"Tokelau", "Tokelau (les)", "TK", "TKL", "772"},
+	{"Tonga", "Tonga (les)", "TO", "TON", "776"},
+	{"Trinidad and Tobago", "Trinité-et-Tobago (la)", "TT", "TTO", "780"},
+	{"United Arab Emirates (the)", "Émirats arabes unis (les)", "AE", "ARE", "784"},
+	{"Tunisia", "Tunisie (la)", "TN", "TUN", "788"},
+	{"Turkey", "Turquie (la)", "TR", "TUR", "792"},
+	{"Turkmenistan", "Turkménistan (le)", "TM", "TKM", "795"},
+	{"Turks and Caicos Islands (the)", "Turks-et-Caïcos (les Îles)", "TC", "TCA", "796"},
+	{"Tuvalu", "Tuvalu (les)", "TV", "TUV", "798"},
+	{"Uganda", "Ouganda (l')", "UG", "UGA", "800"},
+	{"Ukraine", "Ukraine (l')", "UA", "UKR", "804"},
+	{"Macedonia (the former Yugoslav Republic of)", "Macédoine (l'ex‑République yougoslave de)", "MK", "MKD", "807"},
+	{"Egypt", "Égypte (l')", "EG", "EGY", "818"},
+	{"United Kingdom of Great Britain and Northern Ireland (the)", "Royaume-Uni de Grande-Bretagne et d'Irlande du Nord (le)", "GB", "GBR", "826"},
+	{"Guernsey", "Guernesey", "GG", "GGY", "831"},
+	{"Jersey", "Jersey", "JE", "JEY", "832"},
+	{"Isle of Man", "Île de Man", "IM", "IMN", "833"},
+	{"Tanzania, United Republic of", "Tanzanie, République-Unie de", "TZ", "TZA", "834"},
+	{"United States of America (the)", "États-Unis d'Amérique (les)", "US", "USA", "840"},
+	{"Virgin Islands (U.S.)", "Vierges des États-Unis (les Îles)", "VI", "VIR", "850"},
+	{"Burkina Faso", "Burkina Faso (le)", "BF", "BFA", "854"},
+	{"Uruguay", "Uruguay (l')", "UY", "URY", "858"},
+	{"Uzbekistan", "Ouzbékistan (l')", "UZ", "UZB", "860"},
+	{"Venezuela (Bolivarian Republic of)", "Venezuela (République bolivarienne du)", "VE", "VEN", "862"},
+	{"Wallis and Futuna", "Wallis-et-Futuna", "WF", "WLF", "876"},
+	{"Samoa", "Samoa (le)", "WS", "WSM", "882"},
+	{"Yemen", "Yémen (le)", "YE", "YEM", "887"},
+	{"Zambia", "Zambie (la)", "ZM", "ZMB", "894"},
+}
+
+// ISO4217List is the list of ISO currency codes
+var ISO4217List = []string{
+	"AED", "AFN", "ALL", "AMD", "ANG", "AOA", "ARS", "AUD", "AWG", "AZN",
+	"BAM", "BBD", "BDT", "BGN", "BHD", "BIF", "BMD", "BND", "BOB", "BOV", "BRL", "BSD", "BTN", "BWP", "BYN", "BZD",
+	"CAD", "CDF", "CHE", "CHF", "CHW", "CLF", "CLP", "CNY", "COP", "COU", "CRC", "CUC", "CUP", "CVE", "CZK",
+	"DJF", "DKK", "DOP", "DZD",
+	"EGP", "ERN", "ETB", "EUR",
+	"FJD", "FKP",
+	"GBP", "GEL", "GHS", "GIP", "GMD", "GNF", "GTQ", "GYD",
+	"HKD", "HNL", "HRK", "HTG", "HUF",
+	"IDR", "ILS", "INR", "IQD", "IRR", "ISK",
+	"JMD", "JOD", "JPY",
+	"KES", "KGS", "KHR", "KMF", "KPW", "KRW", "KWD", "KYD", "KZT",
+	"LAK", "LBP", "LKR", "LRD", "LSL", "LYD",
+	"MAD", "MDL", "MGA", "MKD", "MMK", "MNT", "MOP", "MRO", "MUR", "MVR", "MWK", "MXN", "MXV", "MYR", "MZN",
+	"NAD", "NGN", "NIO", "NOK", "NPR", "NZD",
+	"OMR",
+	"PAB", "PEN", "PGK", "PHP", "PKR", "PLN", "PYG",
+	"QAR",
+	"RON", "RSD", "RUB", "RWF",
+	"SAR", "SBD", "SCR", "SDG", "SEK", "SGD", "SHP", "SLL", "SOS", "SRD", "SSP", "STD", "STN", "SVC", "SYP", "SZL",
+	"THB", "TJS", "TMT", "TND", "TOP", "TRY", "TTD", "TWD", "TZS",
+	"UAH", "UGX", "USD", "USN", "UYI", "UYU", "UYW", "UZS",
+	"VEF", "VES", "VND", "VUV",
+	"WST",
+	"XAF", "XAG", "XAU", "XBA", "XBB", "XBC", "XBD", "XCD", "XDR", "XOF", "XPD", "XPF", "XPT", "XSU", "XTS", "XUA", "XXX",
+	"YER",
+	"ZAR", "ZMW", "ZWL",
+}
+
+// ISO693Entry stores ISO language codes
+type ISO693Entry struct {
+	Alpha3bCode string
+	Alpha2Code  string
+	English     string
+}
+
+//ISO693List based on http://data.okfn.org/data/core/language-codes/r/language-codes-3b2.json
+var ISO693List = []ISO693Entry{
+	{Alpha3bCode: "aar", Alpha2Code: "aa", English: "Afar"},
+	{Alpha3bCode: "abk", Alpha2Code: "ab", English: "Abkhazian"},
+	{Alpha3bCode: "afr", Alpha2Code: "af", English: "Afrikaans"},
+	{Alpha3bCode: "aka", Alpha2Code: "ak", English: "Akan"},
+	{Alpha3bCode: "alb", Alpha2Code: "sq", English: "Albanian"},
+	{Alpha3bCode: "amh", Alpha2Code: "am", English: "Amharic"},
+	{Alpha3bCode: "ara", Alpha2Code: "ar", English: "Arabic"},
+	{Alpha3bCode: "arg", Alpha2Code: "an", English: "Aragonese"},
+	{Alpha3bCode: "arm", Alpha2Code: "hy", English: "Armenian"},
+	{Alpha3bCode: "asm", Alpha2Code: "as", English: "Assamese"},
+	{Alpha3bCode: "ava", Alpha2Code: "av", English: "Avaric"},
+	{Alpha3bCode: "ave", Alpha2Code: "ae", English: "Avestan"},
+	{Alpha3bCode: "aym", Alpha2Code: "ay", English: "Aymara"},
+	{Alpha3bCode: "aze", Alpha2Code: "az", English: "Azerbaijani"},
+	{Alpha3bCode: "bak", Alpha2Code: "ba", English: "Bashkir"},
+	{Alpha3bCode: "bam", Alpha2Code: "bm", English: "Bambara"},
+	{Alpha3bCode: "baq", Alpha2Code: "eu", English: "Basque"},
+	{Alpha3bCode: "bel", Alpha2Code: "be", English: "Belarusian"},
+	{Alpha3bCode: "ben", Alpha2Code: "bn", English: "Bengali"},
+	{Alpha3bCode: "bih", Alpha2Code: "bh", English: "Bihari languages"},
+	{Alpha3bCode: "bis", Alpha2Code: "bi", English: "Bislama"},
+	{Alpha3bCode: "bos", Alpha2Code: "bs", English: "Bosnian"},
+	{Alpha3bCode: "bre", Alpha2Code: "br", English: "Breton"},
+	{Alpha3bCode: "bul", Alpha2Code: "bg", English: "Bulgarian"},
+	{Alpha3bCode: "bur", Alpha2Code: "my", English: "Burmese"},
+	{Alpha3bCode: "cat", Alpha2Code: "ca", English: "Catalan; Valencian"},
+	{Alpha3bCode: "cha", Alpha2Code: "ch", English: "Chamorro"},
+	{Alpha3bCode: "che", Alpha2Code: "ce", English: "Chechen"},
+	{Alpha3bCode: "chi", Alpha2Code: "zh", English: "Chinese"},
+	{Alpha3bCode: "chu", Alpha2Code: "cu", English: "Church Slavic; Old Slavonic; Church Slavonic; Old Bulgarian; Old Church Slavonic"},
+	{Alpha3bCode: "chv", Alpha2Code: "cv", English: "Chuvash"},
+	{Alpha3bCode: "cor", Alpha2Code: "kw", English: "Cornish"},
+	{Alpha3bCode: "cos", Alpha2Code: "co", English: "Corsican"},
+	{Alpha3bCode: "cre", Alpha2Code: "cr", English: "Cree"},
+	{Alpha3bCode: "cze", Alpha2Code: "cs", English: "Czech"},
+	{Alpha3bCode: "dan", Alpha2Code: "da", English: "Danish"},
+	{Alpha3bCode: "div", Alpha2Code: "dv", English: "Divehi; Dhivehi; Maldivian"},
+	{Alpha3bCode: "dut", Alpha2Code: "nl", English: "Dutch; Flemish"},
+	{Alpha3bCode: "dzo", Alpha2Code: "dz", English: "Dzongkha"},
+	{Alpha3bCode: "eng", Alpha2Code: "en", English: "English"},
+	{Alpha3bCode: "epo", Alpha2Code: "eo", English: "Esperanto"},
+	{Alpha3bCode: "est", Alpha2Code: "et", English: "Estonian"},
+	{Alpha3bCode: "ewe", Alpha2Code: "ee", English: "Ewe"},
+	{Alpha3bCode: "fao", Alpha2Code: "fo", English: "Faroese"},
+	{Alpha3bCode: "fij", Alpha2Code: "fj", English: "Fijian"},
+	{Alpha3bCode: "fin", Alpha2Code: "fi", English: "Finnish"},
+	{Alpha3bCode: "fre", Alpha2Code: "fr", English: "French"},
+	{Alpha3bCode: "fry", Alpha2Code: "fy", English: "Western Frisian"},
+	{Alpha3bCode: "ful", Alpha2Code: "ff", English: "Fulah"},
+	{Alpha3bCode: "geo", Alpha2Code: "ka", English: "Georgian"},
+	{Alpha3bCode: "ger", Alpha2Code: "de", English: "German"},
+	{Alpha3bCode: "gla", Alpha2Code: "gd", English: "Gaelic; Scottish Gaelic"},
+	{Alpha3bCode: "gle", Alpha2Code: "ga", English: "Irish"},
+	{Alpha3bCode: "glg", Alpha2Code: "gl", English: "Galician"},
+	{Alpha3bCode: "glv", Alpha2Code: "gv", English: "Manx"},
+	{Alpha3bCode: "gre", Alpha2Code: "el", English: "Greek, Modern (1453-)"},
+	{Alpha3bCode: "grn", Alpha2Code: "gn", English: "Guarani"},
+	{Alpha3bCode: "guj", Alpha2Code: "gu", English: "Gujarati"},
+	{Alpha3bCode: "hat", Alpha2Code: "ht", English: "Haitian; Haitian Creole"},
+	{Alpha3bCode: "hau", Alpha2Code: "ha", English: "Hausa"},
+	{Alpha3bCode: "heb", Alpha2Code: "he", English: "Hebrew"},
+	{Alpha3bCode: "her", Alpha2Code: "hz", English: "Herero"},
+	{Alpha3bCode: "hin", Alpha2Code: "hi", English: "Hindi"},
+	{Alpha3bCode: "hmo", Alpha2Code: "ho", English: "Hiri Motu"},
+	{Alpha3bCode: "hrv", Alpha2Code: "hr", English: "Croatian"},
+	{Alpha3bCode: "hun", Alpha2Code: "hu", English: "Hungarian"},
+	{Alpha3bCode: "ibo", Alpha2Code: "ig", English: "Igbo"},
+	{Alpha3bCode: "ice", Alpha2Code: "is", English: "Icelandic"},
+	{Alpha3bCode: "ido", Alpha2Code: "io", English: "Ido"},
+	{Alpha3bCode: "iii", Alpha2Code: "ii", English: "Sichuan Yi; Nuosu"},
+	{Alpha3bCode: "iku", Alpha2Code: "iu", English: "Inuktitut"},
+	{Alpha3bCode: "ile", Alpha2Code: "ie", English: "Interlingue; Occidental"},
+	{Alpha3bCode: "ina", Alpha2Code: "ia", English: "Interlingua (International Auxiliary Language Association)"},
+	{Alpha3bCode: "ind", Alpha2Code: "id", English: "Indonesian"},
+	{Alpha3bCode: "ipk", Alpha2Code: "ik", English: "Inupiaq"},
+	{Alpha3bCode: "ita", Alpha2Code: "it", English: "Italian"},
+	{Alpha3bCode: "jav", Alpha2Code: "jv", English: "Javanese"},
+	{Alpha3bCode: "jpn", Alpha2Code: "ja", English: "Japanese"},
+	{Alpha3bCode: "kal", Alpha2Code: "kl", English: "Kalaallisut; Greenlandic"},
+	{Alpha3bCode: "kan", Alpha2Code: "kn", English: "Kannada"},
+	{Alpha3bCode: "kas", Alpha2Code: "ks", English: "Kashmiri"},
+	{Alpha3bCode: "kau", Alpha2Code: "kr", English: "Kanuri"},
+	{Alpha3bCode: "kaz", Alpha2Code: "kk", English: "Kazakh"},
+	{Alpha3bCode: "khm", Alpha2Code: "km", English: "Central Khmer"},
+	{Alpha3bCode: "kik", Alpha2Code: "ki", English: "Kikuyu; Gikuyu"},
+	{Alpha3bCode: "kin", Alpha2Code: "rw", English: "Kinyarwanda"},
+	{Alpha3bCode: "kir", Alpha2Code: "ky", English: "Kirghiz; Kyrgyz"},
+	{Alpha3bCode: "kom", Alpha2Code: "kv", English: "Komi"},
+	{Alpha3bCode: "kon", Alpha2Code: "kg", English: "Kongo"},
+	{Alpha3bCode: "kor", Alpha2Code: "ko", English: "Korean"},
+	{Alpha3bCode: "kua", Alpha2Code: "kj", English: "Kuanyama; Kwanyama"},
+	{Alpha3bCode: "kur", Alpha2Code: "ku", English: "Kurdish"},
+	{Alpha3bCode: "lao", Alpha2Code: "lo", English: "Lao"},
+	{Alpha3bCode: "lat", Alpha2Code: "la", English: "Latin"},
+	{Alpha3bCode: "lav", Alpha2Code: "lv", English: "Latvian"},
+	{Alpha3bCode: "lim", Alpha2Code: "li", English: "Limburgan; Limburger; Limburgish"},
+	{Alpha3bCode: "lin", Alpha2Code: "ln", English: "Lingala"},
+	{Alpha3bCode: "lit", Alpha2Code: "lt", English: "Lithuanian"},
+	{Alpha3bCode: "ltz", Alpha2Code: "lb", English: "Luxembourgish; Letzeburgesch"},
+	{Alpha3bCode: "lub", Alpha2Code: "lu", English: "Luba-Katanga"},
+	{Alpha3bCode: "lug", Alpha2Code: "lg", English: "Ganda"},
+	{Alpha3bCode: "mac", Alpha2Code: "mk", English: "Macedonian"},
+	{Alpha3bCode: "mah", Alpha2Code: "mh", English: "Marshallese"},
+	{Alpha3bCode: "mal", Alpha2Code: "ml", English: "Malayalam"},
+	{Alpha3bCode: "mao", Alpha2Code: "mi", English: "Maori"},
+	{Alpha3bCode: "mar", Alpha2Code: "mr", English: "Marathi"},
+	{Alpha3bCode: "may", Alpha2Code: "ms", English: "Malay"},
+	{Alpha3bCode: "mlg", Alpha2Code: "mg", English: "Malagasy"},
+	{Alpha3bCode: "mlt", Alpha2Code: "mt", English: "Maltese"},
+	{Alpha3bCode: "mon", Alpha2Code: "mn", English: "Mongolian"},
+	{Alpha3bCode: "nau", Alpha2Code: "na", English: "Nauru"},
+	{Alpha3bCode: "nav", Alpha2Code: "nv", English: "Navajo; Navaho"},
+	{Alpha3bCode: "nbl", Alpha2Code: "nr", English: "Ndebele, South; South Ndebele"},
+	{Alpha3bCode: "nde", Alpha2Code: "nd", English: "Ndebele, North; North Ndebele"},
+	{Alpha3bCode: "ndo", Alpha2Code: "ng", English: "Ndonga"},
+	{Alpha3bCode: "nep", Alpha2Code: "ne", English: "Nepali"},
+	{Alpha3bCode: "nno", Alpha2Code: "nn", English: "Norwegian Nynorsk; Nynorsk, Norwegian"},
+	{Alpha3bCode: "nob", Alpha2Code: "nb", English: "Bokmål, Norwegian; Norwegian Bokmål"},
+	{Alpha3bCode: "nor", Alpha2Code: "no", English: "Norwegian"},
+	{Alpha3bCode: "nya", Alpha2Code: "ny", English: "Chichewa; Chewa; Nyanja"},
+	{Alpha3bCode: "oci", Alpha2Code: "oc", English: "Occitan (post 1500); Provençal"},
+	{Alpha3bCode: "oji", Alpha2Code: "oj", English: "Ojibwa"},
+	{Alpha3bCode: "ori", Alpha2Code: "or", English: "Oriya"},
+	{Alpha3bCode: "orm", Alpha2Code: "om", English: "Oromo"},
+	{Alpha3bCode: "oss", Alpha2Code: "os", English: "Ossetian; Ossetic"},
+	{Alpha3bCode: "pan", Alpha2Code: "pa", English: "Panjabi; Punjabi"},
+	{Alpha3bCode: "per", Alpha2Code: "fa", English: "Persian"},
+	{Alpha3bCode: "pli", Alpha2Code: "pi", English: "Pali"},
+	{Alpha3bCode: "pol", Alpha2Code: "pl", English: "Polish"},
+	{Alpha3bCode: "por", Alpha2Code: "pt", English: "Portuguese"},
+	{Alpha3bCode: "pus", Alpha2Code: "ps", English: "Pushto; Pashto"},
+	{Alpha3bCode: "que", Alpha2Code: "qu", English: "Quechua"},
+	{Alpha3bCode: "roh", Alpha2Code: "rm", English: "Romansh"},
+	{Alpha3bCode: "rum", Alpha2Code: "ro", English: "Romanian; Moldavian; Moldovan"},
+	{Alpha3bCode: "run", Alpha2Code: "rn", English: "Rundi"},
+	{Alpha3bCode: "rus", Alpha2Code: "ru", English: "Russian"},
+	{Alpha3bCode: "sag", Alpha2Code: "sg", English: "Sango"},
+	{Alpha3bCode: "san", Alpha2Code: "sa", English: "Sanskrit"},
+	{Alpha3bCode: "sin", Alpha2Code: "si", English: "Sinhala; Sinhalese"},
+	{Alpha3bCode: "slo", Alpha2Code: "sk", English: "Slovak"},
+	{Alpha3bCode: "slv", Alpha2Code: "sl", English: "Slovenian"},
+	{Alpha3bCode: "sme", Alpha2Code: "se", English: "Northern Sami"},
+	{Alpha3bCode: "smo", Alpha2Code: "sm", English: "Samoan"},
+	{Alpha3bCode: "sna", Alpha2Code: "sn", English: "Shona"},
+	{Alpha3bCode: "snd", Alpha2Code: "sd", English: "Sindhi"},
+	{Alpha3bCode: "som", Alpha2Code: "so", English: "Somali"},
+	{Alpha3bCode: "sot", Alpha2Code: "st", English: "Sotho, Southern"},
+	{Alpha3bCode: "spa", Alpha2Code: "es", English: "Spanish; Castilian"},
+	{Alpha3bCode: "srd", Alpha2Code: "sc", English: "Sardinian"},
+	{Alpha3bCode: "srp", Alpha2Code: "sr", English: "Serbian"},
+	{Alpha3bCode: "ssw", Alpha2Code: "ss", English: "Swati"},
+	{Alpha3bCode: "sun", Alpha2Code: "su", English: "Sundanese"},
+	{Alpha3bCode: "swa", Alpha2Code: "sw", English: "Swahili"},
+	{Alpha3bCode: "swe", Alpha2Code: "sv", English: "Swedish"},
+	{Alpha3bCode: "tah", Alpha2Code: "ty", English: "Tahitian"},
+	{Alpha3bCode: "tam", Alpha2Code: "ta", English: "Tamil"},
+	{Alpha3bCode: "tat", Alpha2Code: "tt", English: "Tatar"},
+	{Alpha3bCode: "tel", Alpha2Code: "te", English: "Telugu"},
+	{Alpha3bCode: "tgk", Alpha2Code: "tg", English: "Tajik"},
+	{Alpha3bCode: "tgl", Alpha2Code: "tl", English: "Tagalog"},
+	{Alpha3bCode: "tha", Alpha2Code: "th", English: "Thai"},
+	{Alpha3bCode: "tib", Alpha2Code: "bo", English: "Tibetan"},
+	{Alpha3bCode: "tir", Alpha2Code: "ti", English: "Tigrinya"},
+	{Alpha3bCode: "ton", Alpha2Code: "to", English: "Tonga (Tonga Islands)"},
+	{Alpha3bCode: "tsn", Alpha2Code: "tn", English: "Tswana"},
+	{Alpha3bCode: "tso", Alpha2Code: "ts", English: "Tsonga"},
+	{Alpha3bCode: "tuk", Alpha2Code: "tk", English: "Turkmen"},
+	{Alpha3bCode: "tur", Alpha2Code: "tr", English: "Turkish"},
+	{Alpha3bCode: "twi", Alpha2Code: "tw", English: "Twi"},
+	{Alpha3bCode: "uig", Alpha2Code: "ug", English: "Uighur; Uyghur"},
+	{Alpha3bCode: "ukr", Alpha2Code: "uk", English: "Ukrainian"},
+	{Alpha3bCode: "urd", Alpha2Code: "ur", English: "Urdu"},
+	{Alpha3bCode: "uzb", Alpha2Code: "uz", English: "Uzbek"},
+	{Alpha3bCode: "ven", Alpha2Code: "ve", English: "Venda"},
+	{Alpha3bCode: "vie", Alpha2Code: "vi", English: "Vietnamese"},
+	{Alpha3bCode: "vol", Alpha2Code: "vo", English: "Volapük"},
+	{Alpha3bCode: "wel", Alpha2Code: "cy", English: "Welsh"},
+	{Alpha3bCode: "wln", Alpha2Code: "wa", English: "Walloon"},
+	{Alpha3bCode: "wol", Alpha2Code: "wo", English: "Wolof"},
+	{Alpha3bCode: "xho", Alpha2Code: "xh", English: "Xhosa"},
+	{Alpha3bCode: "yid", Alpha2Code: "yi", English: "Yiddish"},
+	{Alpha3bCode: "yor", Alpha2Code: "yo", English: "Yoruba"},
+	{Alpha3bCode: "zha", Alpha2Code: "za", English: "Zhuang; Chuang"},
+	{Alpha3bCode: "zul", Alpha2Code: "zu", English: "Zulu"},
+}

src/runtime/vendor/github.com/asaskevich/govalidator/utils.go

@@ -0,0 +1,270 @@
+package govalidator
+
+import (
+	"errors"
+	"fmt"
+	"html"
+	"math"
+	"path"
+	"regexp"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+)
+
+// Contains checks if the string contains the substring.
+func Contains(str, substring string) bool {
+	return strings.Contains(str, substring)
+}
+
+// Matches checks if string matches the pattern (pattern is regular expression)
+// In case of error return false
+func Matches(str, pattern string) bool {
+	match, _ := regexp.MatchString(pattern, str)
+	return match
+}
+
+// LeftTrim trims characters from the left side of the input.
+// If second argument is empty, it will remove leading spaces.
+func LeftTrim(str, chars string) string {
+	if chars == "" {
+		return strings.TrimLeftFunc(str, unicode.IsSpace)
+	}
+	r, _ := regexp.Compile("^[" + chars + "]+")
+	return r.ReplaceAllString(str, "")
+}
+
+// RightTrim trims characters from the right side of the input.
+// If second argument is empty, it will remove trailing spaces.
+func RightTrim(str, chars string) string {
+	if chars == "" {
+		return strings.TrimRightFunc(str, unicode.IsSpace)
+	}
+	r, _ := regexp.Compile("[" + chars + "]+$")
+	return r.ReplaceAllString(str, "")
+}
+
+// Trim trims characters from both sides of the input.
+// If second argument is empty, it will remove spaces.
+func Trim(str, chars string) string {
+	return LeftTrim(RightTrim(str, chars), chars)
+}
+
+// WhiteList removes characters that do not appear in the whitelist.
+func WhiteList(str, chars string) string {
+	pattern := "[^" + chars + "]+"
+	r, _ := regexp.Compile(pattern)
+	return r.ReplaceAllString(str, "")
+}
+
+// BlackList removes characters that appear in the blacklist.
+func BlackList(str, chars string) string {
+	pattern := "[" + chars + "]+"
+	r, _ := regexp.Compile(pattern)
+	return r.ReplaceAllString(str, "")
+}
+
+// StripLow removes characters with a numerical value < 32 and 127, mostly control characters.
+// If keep_new_lines is true, newline characters are preserved (\n and \r, hex 0xA and 0xD).
+func StripLow(str string, keepNewLines bool) string {
+	chars := ""
+	if keepNewLines {
+		chars = "\x00-\x09\x0B\x0C\x0E-\x1F\x7F"
+	} else {
+		chars = "\x00-\x1F\x7F"
+	}
+	return BlackList(str, chars)
+}
+
+// ReplacePattern replaces regular expression pattern in string
+func ReplacePattern(str, pattern, replace string) string {
+	r, _ := regexp.Compile(pattern)
+	return r.ReplaceAllString(str, replace)
+}
+
+// Escape replaces <, >, & and " with HTML entities.
+var Escape = html.EscapeString
+
+func addSegment(inrune, segment []rune) []rune {
+	if len(segment) == 0 {
+		return inrune
+	}
+	if len(inrune) != 0 {
+		inrune = append(inrune, '_')
+	}
+	inrune = append(inrune, segment...)
+	return inrune
+}
+
+// UnderscoreToCamelCase converts from underscore separated form to camel case form.
+// Ex.: my_func => MyFunc
+func UnderscoreToCamelCase(s string) string {
+	return strings.Replace(strings.Title(strings.Replace(strings.ToLower(s), "_", " ", -1)), " ", "", -1)
+}
+
+// CamelCaseToUnderscore converts from camel case form to underscore separated form.
+// Ex.: MyFunc => my_func
+func CamelCaseToUnderscore(str string) string {
+	var output []rune
+	var segment []rune
+	for _, r := range str {
+
+		// not treat number as separate segment
+		if !unicode.IsLower(r) && string(r) != "_" && !unicode.IsNumber(r) {
+			output = addSegment(output, segment)
+			segment = nil
+		}
+		segment = append(segment, unicode.ToLower(r))
+	}
+	output = addSegment(output, segment)
+	return string(output)
+}
+
+// Reverse returns reversed string
+func Reverse(s string) string {
+	r := []rune(s)
+	for i, j := 0, len(r)-1; i < j; i, j = i+1, j-1 {
+		r[i], r[j] = r[j], r[i]
+	}
+	return string(r)
+}
+
+// GetLines splits string by "\n" and return array of lines
+func GetLines(s string) []string {
+	return strings.Split(s, "\n")
+}
+
+// GetLine returns specified line of multiline string
+func GetLine(s string, index int) (string, error) {
+	lines := GetLines(s)
+	if index < 0 || index >= len(lines) {
+		return "", errors.New("line index out of bounds")
+	}
+	return lines[index], nil
+}
+
+// RemoveTags removes all tags from HTML string
+func RemoveTags(s string) string {
+	return ReplacePattern(s, "<[^>]*>", "")
+}
+
+// SafeFileName returns safe string that can be used in file names
+func SafeFileName(str string) string {
+	name := strings.ToLower(str)
+	name = path.Clean(path.Base(name))
+	name = strings.Trim(name, " ")
+	separators, err := regexp.Compile(`[ &_=+:]`)
+	if err == nil {
+		name = separators.ReplaceAllString(name, "-")
+	}
+	legal, err := regexp.Compile(`[^[:alnum:]-.]`)
+	if err == nil {
+		name = legal.ReplaceAllString(name, "")
+	}
+	for strings.Contains(name, "--") {
+		name = strings.Replace(name, "--", "-", -1)
+	}
+	return name
+}
+
+// NormalizeEmail canonicalize an email address.
+// The local part of the email address is lowercased for all domains; the hostname is always lowercased and
+// the local part of the email address is always lowercased for hosts that are known to be case-insensitive (currently only GMail).
+// Normalization follows special rules for known providers: currently, GMail addresses have dots removed in the local part and
+// are stripped of tags (e.g. some.one+tag@gmail.com becomes someone@gmail.com) and all @googlemail.com addresses are
+// normalized to @gmail.com.
+func NormalizeEmail(str string) (string, error) {
+	if !IsEmail(str) {
+		return "", fmt.Errorf("%s is not an email", str)
+	}
+	parts := strings.Split(str, "@")
+	parts[0] = strings.ToLower(parts[0])
+	parts[1] = strings.ToLower(parts[1])
+	if parts[1] == "gmail.com" || parts[1] == "googlemail.com" {
+		parts[1] = "gmail.com"
+		parts[0] = strings.Split(ReplacePattern(parts[0], `\.`, ""), "+")[0]
+	}
+	return strings.Join(parts, "@"), nil
+}
+
+// Truncate a string to the closest length without breaking words.
+func Truncate(str string, length int, ending string) string {
+	var aftstr, befstr string
+	if len(str) > length {
+		words := strings.Fields(str)
+		before, present := 0, 0
+		for i := range words {
+			befstr = aftstr
+			before = present
+			aftstr = aftstr + words[i] + " "
+			present = len(aftstr)
+			if present > length && i != 0 {
+				if (length - before) < (present - length) {
+					return Trim(befstr, " /\\.,\"'#!?&@+-") + ending
+				}
+				return Trim(aftstr, " /\\.,\"'#!?&@+-") + ending
+			}
+		}
+	}
+
+	return str
+}
+
+// PadLeft pads left side of a string if size of string is less then indicated pad length
+func PadLeft(str string, padStr string, padLen int) string {
+	return buildPadStr(str, padStr, padLen, true, false)
+}
+
+// PadRight pads right side of a string if size of string is less then indicated pad length
+func PadRight(str string, padStr string, padLen int) string {
+	return buildPadStr(str, padStr, padLen, false, true)
+}
+
+// PadBoth pads both sides of a string if size of string is less then indicated pad length
+func PadBoth(str string, padStr string, padLen int) string {
+	return buildPadStr(str, padStr, padLen, true, true)
+}
+
+// PadString either left, right or both sides.
+// Note that padding string can be unicode and more then one character
+func buildPadStr(str string, padStr string, padLen int, padLeft bool, padRight bool) string {
+
+	// When padded length is less then the current string size
+	if padLen < utf8.RuneCountInString(str) {
+		return str
+	}
+
+	padLen -= utf8.RuneCountInString(str)
+
+	targetLen := padLen
+
+	targetLenLeft := targetLen
+	targetLenRight := targetLen
+	if padLeft && padRight {
+		targetLenLeft = padLen / 2
+		targetLenRight = padLen - targetLenLeft
+	}
+
+	strToRepeatLen := utf8.RuneCountInString(padStr)
+
+	repeatTimes := int(math.Ceil(float64(targetLen) / float64(strToRepeatLen)))
+	repeatedString := strings.Repeat(padStr, repeatTimes)
+
+	leftSide := ""
+	if padLeft {
+		leftSide = repeatedString[0:targetLenLeft]
+	}
+
+	rightSide := ""
+	if padRight {
+		rightSide = repeatedString[0:targetLenRight]
+	}
+
+	return leftSide + str + rightSide
+}
+
+// TruncatingErrorf removes extra args from fmt.Errorf if not formatted in the str object
+func TruncatingErrorf(str string, args ...interface{}) error {
+	n := strings.Count(str, "%s")
+	return fmt.Errorf(str, args[:n]...)
+}

src/runtime/vendor/github.com/asaskevich/govalidator/wercker.yml

@@ -0,0 +1,15 @@
+box: golang
+build:
+  steps:
+    - setup-go-workspace
+
+    - script:
+        name: go get
+        code: |
+          go version
+          go get -t ./...
+
+    - script:
+        name: go test
+        code: |
+          go test -race -v ./...

src/runtime/vendor/github.com/go-openapi/analysis/.golangci.yml

@@ -1,75 +1,61 @@
-version: "2"
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 45
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
+    - maligned
+    - unparam
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
+    - whitespace
+    - wsl
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - gomnd
+    - exhaustivestruct
+    - goerr113
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
     - depguard
     - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gosmopolitan
     - inamedparam
-    - intrange
-    - ireturn
-    - lll
-    - musttag
-    - nestif
-    - nlreturn
-    - noinlineerr
     - nonamedreturns
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
-    - unparam
-    - varnamelen
-    - whitespace
-    - wrapcheck
-    - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase

src/runtime/vendor/github.com/go-openapi/analysis/debug.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package analysis
 

src/runtime/vendor/github.com/go-openapi/analysis/doc.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 /*
 Package analysis provides methods to work with a Swagger specification document from

src/runtime/vendor/github.com/go-openapi/analysis/errors.go

@@ -1,56 +0,0 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
-package analysis
-
-import (
-	"errors"
-	"fmt"
-)
-
-type analysisError string
-
-const (
-	ErrAnalysis analysisError = "analysis error"
-	ErrNoSchema analysisError = "no schema to analyze"
-)
-
-func (e analysisError) Error() string {
-	return string(e)
-}
-
-func ErrAtKey(key string, err error) error {
-	return errors.Join(
-		fmt.Errorf("key %s: %w", key, err),
-		ErrAnalysis,
-	)
-}
-
-func ErrInvalidRef(key string) error {
-	return fmt.Errorf("invalid reference: %q: %w", key, ErrAnalysis)
-}
-
-func ErrInvalidParameterRef(key string) error {
-	return fmt.Errorf("resolved reference is not a parameter: %q: %w", key, ErrAnalysis)
-}
-
-func ErrResolveSchema(err error) error {
-	return errors.Join(
-		fmt.Errorf("could not resolve schema: %w", err),
-		ErrAnalysis,
-	)
-}
-
-func ErrRewriteRef(key string, target any, err error) error {
-	return errors.Join(
-		fmt.Errorf("failed to rewrite ref for key %q at %v: %w", key, target, err),
-		ErrAnalysis,
-	)
-}
-
-func ErrInlineDefinition(key string, err error) error {
-	return errors.Join(
-		fmt.Errorf("error while creating definition %q from inline schema: %w", key, err),
-		ErrAnalysis,
-	)
-}

src/runtime/vendor/github.com/go-openapi/analysis/fixer.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package analysis
 
@@ -61,7 +72,7 @@ func FixEmptyDescs(rs *spec.Responses) {
 // Response object if it doesn't already have one and isn't a
 // ref. No-op on nil input.
 func FixEmptyDesc(rs *spec.Response) {
-	if rs == nil || rs.Description != "" || rs.Ref.GetURL() != nil {
+	if rs == nil || rs.Description != "" || rs.Ref.Ref.GetURL() != nil {
 		return
 	}
 	rs.Description = "(empty)"

src/runtime/vendor/github.com/go-openapi/analysis/flatten.go

@@ -1,12 +1,23 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package analysis
 
 import (
+	"fmt"
 	"log"
 	"path"
-	"slices"
 	"sort"
 	"strings"
 
@@ -41,9 +52,9 @@ type context struct {
 
 func newContext() *context {
 	return &context{
-		newRefs:  make(map[string]*newRef, allocMediumMap),
+		newRefs:  make(map[string]*newRef, 150),
 		warnings: make([]string, 0),
-		resolved: make(map[string]string, allocMediumMap),
+		resolved: make(map[string]string, 50),
 	}
 }
 
@@ -240,7 +251,7 @@ func nameInlinedSchemas(opts *FlattenOpts) error {
 
 		asch, err := Schema(SchemaOpts{Schema: sch.Schema, Root: opts.Swagger(), BasePath: opts.BasePath})
 		if err != nil {
-			return ErrAtKey(key, err)
+			return fmt.Errorf("schema analysis [%s]: %w", key, err)
 		}
 
 		if asch.isAnalyzedAsComplex() { // move complex schemas to definitions
@@ -309,7 +320,7 @@ func importNewRef(entry sortref.RefRevIdx, refStr string, opts *FlattenOpts) err
 
 	sch, err := spec.ResolveRefWithBase(opts.Swagger(), &entry.Ref, opts.ExpandOpts(false))
 	if err != nil {
-		return ErrResolveSchema(err)
+		return fmt.Errorf("could not resolve schema: %w", err)
 	}
 
 	// at this stage only $ref analysis matters
@@ -324,7 +335,7 @@ func importNewRef(entry sortref.RefRevIdx, refStr string, opts *FlattenOpts) err
 	// now rewrite those refs with rebase
 	for key, ref := range partialAnalyzer.references.allRefs {
 		if err := replace.UpdateRef(sch, key, spec.MustCreateRef(normalize.RebaseRef(entry.Ref.String(), ref.String()))); err != nil {
-			return ErrRewriteRef(key, entry.Ref.String(), err)
+			return fmt.Errorf("failed to rewrite ref for key %q at %s: %w", key, entry.Ref.String(), err)
 		}
 	}
 
@@ -418,7 +429,7 @@ func importExternalReferences(opts *FlattenOpts) (bool, error) {
 			ref := spec.MustCreateRef(r.path)
 			sch, err := spec.ResolveRefWithBase(opts.Swagger(), &ref, opts.ExpandOpts(false))
 			if err != nil {
-				return false, ErrResolveSchema(err)
+				return false, fmt.Errorf("could not resolve schema: %w", err)
 			}
 
 			r.schema = sch
@@ -531,7 +542,14 @@ func updateRefParents(allRefs map[string]spec.Ref, r *newRef) {
 			continue
 		}
 
-		found := slices.Contains(r.parents, k)
+		found := false
+		for _, p := range r.parents {
+			if p == k {
+				found = true
+
+				break
+			}
+		}
 		if !found {
 			r.parents = append(r.parents, k)
 		}
@@ -625,7 +643,7 @@ func stripOAIGenForRef(opts *FlattenOpts, k string, r *newRef) (bool, error) {
 		}
 
 		debugLog("re-inlined schema: parent: %s, %t", pr[0], asch.isAnalyzedAsComplex())
-		replacedWithComplex = replacedWithComplex || path.Dir(pr[0]) != definitionsPath && asch.isAnalyzedAsComplex()
+		replacedWithComplex = replacedWithComplex || !(path.Dir(pr[0]) == definitionsPath) && asch.isAnalyzedAsComplex()
 	}
 
 	return replacedWithComplex, nil
@@ -648,7 +666,7 @@ func namePointers(opts *FlattenOpts) error {
 
 		result, err := replace.DeepestRef(opts.Swagger(), opts.ExpandOpts(false), ref)
 		if err != nil {
-			return ErrAtKey(k, err)
+			return fmt.Errorf("at %s, %w", k, err)
 		}
 
 		replacingRef := result.Ref
@@ -679,7 +697,7 @@ func namePointers(opts *FlattenOpts) error {
 		// update current replacement, which may have been updated by previous changes of deeper elements
 		result, erd := replace.DeepestRef(opts.Swagger(), opts.ExpandOpts(false), v.Ref)
 		if erd != nil {
-			return ErrAtKey(key, erd)
+			return fmt.Errorf("at %s, %w", key, erd)
 		}
 
 		if opts.flattenContext != nil {
@@ -725,9 +743,9 @@ func flattenAnonPointer(key string, v SchemaRef, refsToReplace map[string]Schema
 	// qualify the expanded schema
 	asch, ers := Schema(SchemaOpts{Schema: v.Schema, Root: opts.Swagger(), BasePath: opts.BasePath})
 	if ers != nil {
-		return ErrAtKey(key, ers)
+		return fmt.Errorf("schema analysis [%s]: %w", key, ers)
 	}
-	callers := make([]string, 0, allocMediumMap)
+	callers := make([]string, 0, 64)
 
 	debugLog("looking for callers")
 
@@ -735,7 +753,7 @@ func flattenAnonPointer(key string, v SchemaRef, refsToReplace map[string]Schema
 	for k, w := range an.references.allRefs {
 		r, err := replace.DeepestRef(opts.Swagger(), opts.ExpandOpts(false), w)
 		if err != nil {
-			return ErrAtKey(key, err)
+			return fmt.Errorf("at %s, %w", key, err)
 		}
 
 		if opts.flattenContext != nil {

src/runtime/vendor/github.com/go-openapi/analysis/flatten_name.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package analysis
 
 import (
@@ -14,7 +11,7 @@ import (
 	"github.com/go-openapi/analysis/internal/flatten/schutils"
 	"github.com/go-openapi/analysis/internal/flatten/sortref"
 	"github.com/go-openapi/spec"
-	"github.com/go-openapi/swag/mangling"
+	"github.com/go-openapi/swag"
 )
 
 // InlineSchemaNamer finds a new name for an inlined type
@@ -46,7 +43,7 @@ func (isn *InlineSchemaNamer) Name(key string, schema *spec.Schema, aschema *Ana
 		debugLog("rewriting schema to ref: key=%s with new name: %s", key, newName)
 		if err := replace.RewriteSchemaToRef(isn.Spec, key,
 			spec.MustCreateRef(path.Join(definitionsPath, newName))); err != nil {
-			return ErrInlineDefinition(newName, err)
+			return fmt.Errorf("error while creating definition %q from inline schema: %w", newName, err)
 		}
 
 		// rewrite any dependent $ref pointing to this place,
@@ -57,7 +54,7 @@ func (isn *InlineSchemaNamer) Name(key string, schema *spec.Schema, aschema *Ana
 		for k, v := range an.references.allRefs {
 			r, erd := replace.DeepestRef(isn.opts.Swagger(), isn.opts.ExpandOpts(false), v)
 			if erd != nil {
-				return ErrAtKey(k, erd)
+				return fmt.Errorf("at %s, %w", k, erd)
 			}
 
 			if isn.opts.flattenContext != nil {
@@ -230,15 +227,10 @@ func namesForOperation(parts sortref.SplitKey, operations map[string]operations.
 	return baseNames, startIndex
 }
 
-const (
-	minStartIndex = 2
-	minSegments   = 2
-)
-
 func namesForDefinition(parts sortref.SplitKey) ([][]string, int) {
 	nm := parts.DefinitionName()
 	if nm != "" {
-		return [][]string{{parts.DefinitionName()}}, minStartIndex
+		return [][]string{{parts.DefinitionName()}}, 2
 	}
 
 	return [][]string{}, 0
@@ -247,7 +239,7 @@ func namesForDefinition(parts sortref.SplitKey) ([][]string, int) {
 // partAdder knows how to interpret a schema when it comes to build a name from parts
 func partAdder(aschema *AnalyzedSchema) sortref.PartAdder {
 	return func(part string) []string {
-		segments := make([]string, 0, minSegments)
+		segments := make([]string, 0, 2)
 
 		if part == "items" || part == "additionalItems" {
 			if aschema.IsTuple || aschema.IsTupleWithExtra {
@@ -273,9 +265,8 @@ func mangler(o *FlattenOpts) func(string) string {
 	if o.KeepNames {
 		return func(in string) string { return in }
 	}
-	mangler := mangling.NewNameMangler()
 
-	return mangler.ToJSONName
+	return swag.ToJSONName
 }
 
 func nameFromRef(ref spec.Ref, o *FlattenOpts) string {

src/runtime/vendor/github.com/go-openapi/analysis/flatten_options.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package analysis
 
 import (

src/runtime/vendor/github.com/go-openapi/analysis/internal/debug/debug.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package debug
 
@@ -16,15 +27,15 @@ var (
 )
 
 // GetLogger provides a prefix debug logger
-func GetLogger(prefix string, debug bool) func(string, ...any) {
+func GetLogger(prefix string, debug bool) func(string, ...interface{}) {
 	if debug {
 		logger := log.New(output, prefix+":", log.LstdFlags)
 
-		return func(msg string, args ...any) {
+		return func(msg string, args ...interface{}) {
 			_, file1, pos1, _ := runtime.Caller(1)
 			logger.Printf("%s:%d: %s", filepath.Base(file1), pos1, fmt.Sprintf(msg, args...))
 		}
 	}
 
-	return func(_ string, _ ...any) {}
+	return func(_ string, _ ...interface{}) {}
 }

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/normalize/normalize.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package normalize
 
 import (

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/operations/operations.go

@@ -1,17 +1,13 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package operations
 
 import (
 	"path"
-	"slices"
 	"sort"
 	"strings"
 
 	"github.com/go-openapi/jsonpointer"
 	"github.com/go-openapi/spec"
-	"github.com/go-openapi/swag/mangling"
+	"github.com/go-openapi/swag"
 )
 
 // AllOpRefsByRef returns an index of sortable operations
@@ -54,13 +50,12 @@ type Provider interface {
 // GatherOperations builds a map of sorted operations from a spec
 func GatherOperations(specDoc Provider, operationIDs []string) map[string]OpRef {
 	var oprefs OpRefs
-	mangler := mangling.NewNameMangler()
 
 	for method, pathItem := range specDoc.Operations() {
 		for pth, operation := range pathItem {
 			vv := *operation
 			oprefs = append(oprefs, OpRef{
-				Key:    mangler.ToGoName(strings.ToLower(method) + " " + pth),
+				Key:    swag.ToGoName(strings.ToLower(method) + " " + pth),
 				Method: method,
 				Path:   pth,
 				ID:     vv.ID,
@@ -84,7 +79,7 @@ func GatherOperations(specDoc Provider, operationIDs []string) map[string]OpRef
 			nm = opr.Key
 		}
 
-		if len(operationIDs) == 0 || slices.Contains(operationIDs, opr.ID) || slices.Contains(operationIDs, nm) {
+		if len(operationIDs) == 0 || swag.ContainsStrings(operationIDs, opr.ID) || swag.ContainsStrings(operationIDs, nm) {
 			opr.ID = nm
 			opr.Op.ID = nm
 			operations[nm] = opr

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/replace/errors.go

@@ -1,64 +0,0 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
-package replace
-
-import (
-	"errors"
-	"fmt"
-)
-
-type replaceError string
-
-const (
-	ErrReplace        replaceError = "flatten replace error"
-	ErrUnexpectedType replaceError = "unexpected type used in getPointerFromKey"
-)
-
-func (e replaceError) Error() string {
-	return string(e)
-}
-
-func ErrNoSchemaWithRef(key string, value any) error {
-	return fmt.Errorf("no schema with ref found at %s for %T: %w", key, value, ErrReplace)
-}
-
-func ErrNoSchema(key string) error {
-	return fmt.Errorf("no schema found at %s: %w", key, ErrReplace)
-}
-
-func ErrNotANumber(key string, err error) error {
-	return errors.Join(
-		ErrReplace,
-		fmt.Errorf("%s not a number: %w", key, err),
-	)
-}
-
-func ErrUnhandledParentRewrite(key string, value any) error {
-	return fmt.Errorf("unhandled parent schema rewrite %s: %T: %w", key, value, ErrReplace)
-}
-
-func ErrUnhandledParentType(key string, value any) error {
-	return fmt.Errorf("unhandled type for parent of %s: %T: %w", key, value, ErrReplace)
-}
-
-func ErrNoParent(key string, err error) error {
-	return errors.Join(
-		fmt.Errorf("can't get parent for %s: %w", key, err),
-		ErrReplace,
-	)
-}
-
-func ErrUnhandledContainerType(key string, value any) error {
-	return fmt.Errorf("unhandled container type at %s: %T: %w", key, value, ErrReplace)
-}
-
-func ErrCyclicChain(key string) error {
-	return fmt.Errorf("cannot resolve cyclic chain of pointers under %s: %w", key, ErrReplace)
-}
-
-func ErrInvalidPointerType(key string, value any, err error) error {
-	return fmt.Errorf("invalid type for resolved JSON pointer %s. Expected a schema a, got: %T (%v): %w",
-		key, value, err, ErrReplace,
-	)
-}

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/replace/replace.go

@@ -1,11 +1,7 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package replace
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/url"
 	"os"
@@ -17,10 +13,7 @@ import (
 	"github.com/go-openapi/spec"
 )
 
-const (
-	definitionsPath = "#/definitions"
-	allocMediumMap  = 64
-)
+const definitionsPath = "#/definitions"
 
 var debugLog = debug.GetLogger("analysis/flatten/replace", os.Getenv("SWAGGER_DEBUG") != "")
 
@@ -48,10 +41,10 @@ func RewriteSchemaToRef(sp *spec.Swagger, key string, ref spec.Ref) error {
 		if refable.Schema != nil {
 			refable.Schema = &spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 		}
-	case map[string]any: // this happens e.g. if a schema points to an extension unmarshaled as map[string]interface{}
+	case map[string]interface{}: // this happens e.g. if a schema points to an extension unmarshaled as map[string]interface{}
 		return rewriteParentRef(sp, key, ref)
 	default:
-		return ErrNoSchemaWithRef(key, value)
+		return fmt.Errorf("no schema with ref found at %s for %T", key, value)
 	}
 
 	return nil
@@ -76,7 +69,7 @@ func rewriteParentRef(sp *spec.Swagger, key string, ref spec.Ref) error {
 	case *spec.Responses:
 		statusCode, err := strconv.Atoi(entry)
 		if err != nil {
-			return ErrNotANumber(key[1:], err)
+			return fmt.Errorf("%s not a number: %w", key[1:], err)
 		}
 		resp := container.StatusCodeResponses[statusCode]
 		resp.Schema = &spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
@@ -100,7 +93,7 @@ func rewriteParentRef(sp *spec.Swagger, key string, ref spec.Ref) error {
 	case []spec.Parameter:
 		idx, err := strconv.Atoi(entry)
 		if err != nil {
-			return ErrNotANumber(key[1:], err)
+			return fmt.Errorf("%s not a number: %w", key[1:], err)
 		}
 		param := container[idx]
 		param.Schema = &spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
@@ -115,7 +108,7 @@ func rewriteParentRef(sp *spec.Swagger, key string, ref spec.Ref) error {
 	case []spec.Schema:
 		idx, err := strconv.Atoi(entry)
 		if err != nil {
-			return ErrNotANumber(key[1:], err)
+			return fmt.Errorf("%s not a number: %w", key[1:], err)
 		}
 		container[idx] = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
@@ -123,32 +116,32 @@ func rewriteParentRef(sp *spec.Swagger, key string, ref spec.Ref) error {
 		// NOTE: this is necessarily an array - otherwise, the parent would be *Schema
 		idx, err := strconv.Atoi(entry)
 		if err != nil {
-			return ErrNotANumber(key[1:], err)
+			return fmt.Errorf("%s not a number: %w", key[1:], err)
 		}
 		container.Schemas[idx] = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
 	case spec.SchemaProperties:
 		container[entry] = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
-	case *any:
+	case *interface{}:
 		*container = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
 	// NOTE: can't have case *spec.SchemaOrBool = parent in this case is *Schema
 
 	default:
-		return ErrUnhandledParentRewrite(key, pvalue)
+		return fmt.Errorf("unhandled parent schema rewrite %s (%T)", key, pvalue)
 	}
 
 	return nil
 }
 
 // getPointerFromKey retrieves the content of the JSON pointer "key"
-func getPointerFromKey(sp any, key string) (string, any, error) {
+func getPointerFromKey(sp interface{}, key string) (string, interface{}, error) {
 	switch sp.(type) {
 	case *spec.Schema:
 	case *spec.Swagger:
 	default:
-		panic(ErrUnexpectedType)
+		panic("unexpected type used in getPointerFromKey")
 	}
 	if key == "#/" {
 		return "", sp, nil
@@ -157,26 +150,26 @@ func getPointerFromKey(sp any, key string) (string, any, error) {
 	pth, _ := url.PathUnescape(key[1:])
 	ptr, err := jsonpointer.New(pth)
 	if err != nil {
-		return "", nil, errors.Join(err, ErrReplace)
+		return "", nil, err
 	}
 
 	value, _, err := ptr.Get(sp)
 	if err != nil {
 		debugLog("error when getting key: %s with path: %s", key, pth)
 
-		return "", nil, errors.Join(err, ErrReplace)
+		return "", nil, err
 	}
 
 	return pth, value, nil
 }
 
 // getParentFromKey retrieves the container of the JSON pointer "key"
-func getParentFromKey(sp any, key string) (string, string, any, error) {
+func getParentFromKey(sp interface{}, key string) (string, string, interface{}, error) {
 	switch sp.(type) {
 	case *spec.Schema:
 	case *spec.Swagger:
 	default:
-		panic(ErrUnexpectedType)
+		panic("unexpected type used in getPointerFromKey")
 	}
 	// unescape chars in key, e.g. "{}" from path params
 	pth, _ := url.PathUnescape(key[1:])
@@ -186,23 +179,23 @@ func getParentFromKey(sp any, key string) (string, string, any, error) {
 
 	pptr, err := jsonpointer.New(parent)
 	if err != nil {
-		return "", "", nil, errors.Join(err, ErrReplace)
+		return "", "", nil, err
 	}
 	pvalue, _, err := pptr.Get(sp)
 	if err != nil {
-		return "", "", nil, ErrNoParent(parent, err)
+		return "", "", nil, fmt.Errorf("can't get parent for %s: %w", parent, err)
 	}
 
 	return parent, entry, pvalue, nil
 }
 
 // UpdateRef replaces a ref by another one
-func UpdateRef(sp any, key string, ref spec.Ref) error {
+func UpdateRef(sp interface{}, key string, ref spec.Ref) error {
 	switch sp.(type) {
 	case *spec.Schema:
 	case *spec.Swagger:
 	default:
-		panic(ErrUnexpectedType)
+		panic("unexpected type used in getPointerFromKey")
 	}
 	debugLog("updating ref for %s with %s", key, ref.String())
 	pth, value, err := getPointerFromKey(sp, key)
@@ -225,7 +218,7 @@ func UpdateRef(sp any, key string, ref spec.Ref) error {
 		debugLog("rewriting holder for %T", refable)
 		_, entry, pvalue, erp := getParentFromKey(sp, key)
 		if erp != nil {
-			return erp
+			return err
 		}
 		switch container := pvalue.(type) {
 		case spec.Definitions:
@@ -237,7 +230,7 @@ func UpdateRef(sp any, key string, ref spec.Ref) error {
 		case []spec.Schema:
 			idx, err := strconv.Atoi(entry)
 			if err != nil {
-				return ErrNotANumber(pth, err)
+				return fmt.Errorf("%s not a number: %w", pth, err)
 			}
 			container[idx] = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
@@ -245,7 +238,7 @@ func UpdateRef(sp any, key string, ref spec.Ref) error {
 			// NOTE: this is necessarily an array - otherwise, the parent would be *Schema
 			idx, err := strconv.Atoi(entry)
 			if err != nil {
-				return ErrNotANumber(pth, err)
+				return fmt.Errorf("%s not a number: %w", pth, err)
 			}
 			container.Schemas[idx] = spec.Schema{SchemaProps: spec.SchemaProps{Ref: ref}}
 
@@ -255,11 +248,11 @@ func UpdateRef(sp any, key string, ref spec.Ref) error {
 		// NOTE: can't have case *spec.SchemaOrBool = parent in this case is *Schema
 
 		default:
-			return ErrUnhandledContainerType(key, value)
+			return fmt.Errorf("unhandled container type at %s: %T", key, value)
 		}
 
 	default:
-		return ErrNoSchemaWithRef(key, value)
+		return fmt.Errorf("no schema with ref found at %s for %T", key, value)
 	}
 
 	return nil
@@ -279,9 +272,8 @@ func UpdateRefWithSchema(sp *spec.Swagger, key string, sch *spec.Schema) error {
 	case spec.Schema:
 		_, entry, pvalue, erp := getParentFromKey(sp, key)
 		if erp != nil {
-			return erp
+			return err
 		}
-
 		switch container := pvalue.(type) {
 		case spec.Definitions:
 			container[entry] = *sch
@@ -292,7 +284,7 @@ func UpdateRefWithSchema(sp *spec.Swagger, key string, sch *spec.Schema) error {
 		case []spec.Schema:
 			idx, err := strconv.Atoi(entry)
 			if err != nil {
-				return ErrNotANumber(pth, err)
+				return fmt.Errorf("%s not a number: %w", pth, err)
 			}
 			container[idx] = *sch
 
@@ -300,7 +292,7 @@ func UpdateRefWithSchema(sp *spec.Swagger, key string, sch *spec.Schema) error {
 			// NOTE: this is necessarily an array - otherwise, the parent would be *Schema
 			idx, err := strconv.Atoi(entry)
 			if err != nil {
-				return ErrNotANumber(pth, err)
+				return fmt.Errorf("%s not a number: %w", pth, err)
 			}
 			container.Schemas[idx] = *sch
 
@@ -310,7 +302,7 @@ func UpdateRefWithSchema(sp *spec.Swagger, key string, sch *spec.Schema) error {
 		// NOTE: can't have case *spec.SchemaOrBool = parent in this case is *Schema
 
 		default:
-			return ErrUnhandledParentType(key, value)
+			return fmt.Errorf("unhandled type for parent of [%s]: %T", key, value)
 		}
 	case *spec.SchemaOrArray:
 		*refable.Schema = *sch
@@ -318,7 +310,7 @@ func UpdateRefWithSchema(sp *spec.Swagger, key string, sch *spec.Schema) error {
 	case *spec.SchemaOrBool:
 		*refable.Schema = *sch
 	default:
-		return ErrNoSchemaWithRef(key, value)
+		return fmt.Errorf("no schema with ref found at %s for %T", key, value)
 	}
 
 	return nil
@@ -344,8 +336,8 @@ func DeepestRef(sp *spec.Swagger, opts *spec.ExpandOptions, ref spec.Ref) (*Deep
 	}
 
 	currentRef := ref
-	visited := make(map[string]bool, allocMediumMap)
-	warnings := make([]string, 0)
+	visited := make(map[string]bool, 64)
+	warnings := make([]string, 0, 2)
 
 DOWNREF:
 	for currentRef.String() != "" {
@@ -355,7 +347,8 @@ DOWNREF:
 		}
 
 		if _, beenThere := visited[currentRef.String()]; beenThere {
-			return nil, ErrCyclicChain(currentRef.String())
+			return nil,
+				fmt.Errorf("cannot resolve cyclic chain of pointers under %s", currentRef.String())
 		}
 
 		visited[currentRef.String()] = true
@@ -397,7 +390,10 @@ DOWNREF:
 
 			err := asSchema.UnmarshalJSON(asJSON)
 			if err != nil {
-				return nil, ErrInvalidPointerType(currentRef.String(), value, err)
+				return nil,
+					fmt.Errorf("invalid type for resolved JSON pointer %s. Expected a schema a, got: %T (%v)",
+						currentRef.String(), value, err,
+					)
 			}
 			warnings = append(warnings, fmt.Sprintf("found $ref %q (response) interpreted as schema", currentRef.String()))
 
@@ -412,7 +408,10 @@ DOWNREF:
 			asJSON, _ := refable.MarshalJSON()
 			var asSchema spec.Schema
 			if err := asSchema.UnmarshalJSON(asJSON); err != nil {
-				return nil, ErrInvalidPointerType(currentRef.String(), value, err)
+				return nil,
+					fmt.Errorf("invalid type for resolved JSON pointer %s. Expected a schema a, got: %T (%v)",
+						currentRef.String(), value, err,
+					)
 			}
 
 			warnings = append(warnings, fmt.Sprintf("found $ref %q (parameter) interpreted as schema", currentRef.String()))
@@ -431,7 +430,10 @@ DOWNREF:
 			asJSON, _ := json.Marshal(refable)
 			var asSchema spec.Schema
 			if err := asSchema.UnmarshalJSON(asJSON); err != nil {
-				return nil, ErrInvalidPointerType(currentRef.String(), value, err)
+				return nil,
+					fmt.Errorf("unhandled type to resolve JSON pointer %s. Expected a Schema, got: %T (%v)",
+						currentRef.String(), value, err,
+					)
 			}
 			warnings = append(warnings, fmt.Sprintf("found $ref %q (%T) interpreted as schema", currentRef.String(), refable))
 
@@ -449,7 +451,7 @@ DOWNREF:
 	}
 
 	if sch == nil {
-		return nil, ErrNoSchema(currentRef.String())
+		return nil, fmt.Errorf("no schema found at %s", currentRef.String())
 	}
 
 	return &DeepestRefResult{Ref: currentRef, Schema: sch, Warnings: warnings}, nil

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/schutils/flatten_schema.go

@@ -1,17 +1,12 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 // Package schutils provides tools to save or clone a schema
 // when flattening a spec.
 package schutils
 
 import (
 	"github.com/go-openapi/spec"
-	"github.com/go-openapi/swag/jsonutils"
+	"github.com/go-openapi/swag"
 )
 
-const allocLargeMap = 150
-
 // Save registers a schema as an entry in spec #/definitions
 func Save(sp *spec.Swagger, name string, schema *spec.Schema) {
 	if schema == nil {
@@ -19,7 +14,7 @@ func Save(sp *spec.Swagger, name string, schema *spec.Schema) {
 	}
 
 	if sp.Definitions == nil {
-		sp.Definitions = make(map[string]spec.Schema, allocLargeMap)
+		sp.Definitions = make(map[string]spec.Schema, 150)
 	}
 
 	sp.Definitions[name] = *schema
@@ -28,7 +23,7 @@ func Save(sp *spec.Swagger, name string, schema *spec.Schema) {
 // Clone deep-clones a schema
 func Clone(schema *spec.Schema) *spec.Schema {
 	var sch spec.Schema
-	_ = jsonutils.FromDynamicJSON(schema, &sch)
+	_ = swag.FromDynamicJSON(schema, &sch)
 
 	return &sch
 }

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/sortref/keys.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package sortref
 
 import (
@@ -63,7 +60,7 @@ func (k Keys) Less(i, j int) bool {
 // KeyParts construct a SplitKey with all its /-separated segments decomposed. It is sortable.
 func KeyParts(key string) SplitKey {
 	var res []string
-	for part := range strings.SplitSeq(key[1:], "/") {
+	for _, part := range strings.Split(key[1:], "/") {
 		if part != "" {
 			res = append(res, jsonpointer.Unescape(part))
 		}
@@ -89,6 +86,22 @@ func (s SplitKey) DefinitionName() string {
 	return s[1]
 }
 
+func (s SplitKey) isKeyName(i int) bool {
+	if i <= 0 {
+		return false
+	}
+
+	count := 0
+	for idx := i - 1; idx > 0; idx-- {
+		if s[idx] != "properties" {
+			break
+		}
+		count++
+	}
+
+	return count%2 != 0
+}
+
 // PartAdder know how to construct the components of a new name
 type PartAdder func(string) []string
 
@@ -166,8 +179,7 @@ func (s SplitKey) ResponseName() string {
 
 // PathItemRef constructs a $ref object from a split key of the form /{path}/{method}
 func (s SplitKey) PathItemRef() spec.Ref {
-	const minValidPathItems = 3
-	if len(s) < minValidPathItems {
+	if len(s) < 3 {
 		return spec.Ref{}
 	}
 
@@ -187,19 +199,3 @@ func (s SplitKey) PathRef() spec.Ref {
 
 	return spec.MustCreateRef("#" + path.Join("/", paths, jsonpointer.Escape(s[1])))
 }
-
-func (s SplitKey) isKeyName(i int) bool {
-	if i <= 0 {
-		return false
-	}
-
-	count := 0
-	for idx := i - 1; idx > 0; idx-- {
-		if s[idx] != "properties" {
-			break
-		}
-		count++
-	}
-
-	return count%2 != 0
-}

src/runtime/vendor/github.com/go-openapi/analysis/internal/flatten/sortref/sort_ref.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package sortref
 
 import (
@@ -33,7 +30,7 @@ func (i *mapIterator) Key() string {
 	return i.mapIter.Key().String()
 }
 
-func mustMapIterator(anyMap any) *mapIterator {
+func mustMapIterator(anyMap interface{}) *mapIterator {
 	val := reflect.ValueOf(anyMap)
 
 	return &mapIterator{mapIter: val.MapRange(), len: val.Len()}
@@ -43,7 +40,7 @@ func mustMapIterator(anyMap any) *mapIterator {
 // (shared params, op param, statuscode response, default response, definitions)
 // sort groups internally by number of parts in the key and lexical names
 // flatten groups into a single list of keys
-func DepthFirst(in any) []string {
+func DepthFirst(in interface{}) []string {
 	iterator := mustMapIterator(in)
 	sorted := make([]string, 0, iterator.Len())
 	grouped := make(map[string]Keys, iterator.Len())

src/runtime/vendor/github.com/go-openapi/analysis/mixin.go

@@ -1,12 +1,22 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package analysis
 
 import (
 	"fmt"
 	"reflect"
-	"slices"
 
 	"github.com/go-openapi/spec"
 )
@@ -238,7 +248,14 @@ func mergeResponses(primary *spec.Swagger, m *spec.Swagger) (skipped []string) {
 
 func mergeConsumes(primary *spec.Swagger, m *spec.Swagger) []string {
 	for _, v := range m.Consumes {
-		found := slices.Contains(primary.Consumes, v)
+		found := false
+		for _, vv := range primary.Consumes {
+			if v == vv {
+				found = true
+
+				break
+			}
+		}
 
 		if found {
 			// no warning here: we just skip it
@@ -252,7 +269,14 @@ func mergeConsumes(primary *spec.Swagger, m *spec.Swagger) []string {
 
 func mergeProduces(primary *spec.Swagger, m *spec.Swagger) []string {
 	for _, v := range m.Produces {
-		found := slices.Contains(primary.Produces, v)
+		found := false
+		for _, vv := range primary.Produces {
+			if v == vv {
+				found = true
+
+				break
+			}
+		}
 
 		if found {
 			// no warning here: we just skip it
@@ -293,7 +317,14 @@ func mergeTags(primary *spec.Swagger, m *spec.Swagger) (skipped []string) {
 
 func mergeSchemes(primary *spec.Swagger, m *spec.Swagger) []string {
 	for _, v := range m.Schemes {
-		found := slices.Contains(primary.Schemes, v)
+		found := false
+		for _, vv := range primary.Schemes {
+			if v == vv {
+				found = true
+
+				break
+			}
+		}
 
 		if found {
 			// no warning here: we just skip it
@@ -360,7 +391,7 @@ func mergeInfo(primary *spec.Info, m *spec.Info) []string {
 	}
 
 	if primary.Title == "" {
-		primary.Title = m.Title
+		primary.Description = m.Description
 	}
 
 	if primary.TermsOfService == "" {
@@ -443,23 +474,23 @@ func initPrimary(primary *spec.Swagger) {
 	}
 
 	if primary.Security == nil {
-		primary.Security = make([]map[string][]string, 0, allocSmallMap)
+		primary.Security = make([]map[string][]string, 0, 10)
 	}
 
 	if primary.Produces == nil {
-		primary.Produces = make([]string, 0, allocSmallMap)
+		primary.Produces = make([]string, 0, 10)
 	}
 
 	if primary.Consumes == nil {
-		primary.Consumes = make([]string, 0, allocSmallMap)
+		primary.Consumes = make([]string, 0, 10)
 	}
 
 	if primary.Tags == nil {
-		primary.Tags = make([]spec.Tag, 0, allocSmallMap)
+		primary.Tags = make([]spec.Tag, 0, 10)
 	}
 
 	if primary.Schemes == nil {
-		primary.Schemes = make([]string, 0, allocSmallMap)
+		primary.Schemes = make([]string, 0, 10)
 	}
 
 	if primary.Paths == nil {

src/runtime/vendor/github.com/go-openapi/analysis/schema.go

@@ -1,9 +1,8 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package analysis
 
 import (
+	"errors"
+
 	"github.com/go-openapi/spec"
 	"github.com/go-openapi/strfmt"
 )
@@ -11,7 +10,7 @@ import (
 // SchemaOpts configures the schema analyzer
 type SchemaOpts struct {
 	Schema   *spec.Schema
-	Root     any
+	Root     interface{}
 	BasePath string
 	_        struct{}
 }
@@ -20,7 +19,7 @@ type SchemaOpts struct {
 // patterns.
 func Schema(opts SchemaOpts) (*AnalyzedSchema, error) {
 	if opts.Schema == nil {
-		return nil, ErrNoSchema
+		return nil, errors.New("no schema to analyze")
 	}
 
 	a := &AnalyzedSchema{
@@ -55,7 +54,7 @@ func Schema(opts SchemaOpts) (*AnalyzedSchema, error) {
 // AnalyzedSchema indicates what the schema represents
 type AnalyzedSchema struct {
 	schema   *spec.Schema
-	root     any
+	root     interface{}
 	basePath string
 
 	hasProps           bool

src/runtime/vendor/github.com/go-openapi/errors/.golangci.yml

@@ -1,75 +1,55 @@
-version: "2"
+linters-settings:
+  gocyclo:
+    min-complexity: 45
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
+    - unparam
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
+    - whitespace
+    - wsl
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - exhaustruct
+    - varnamelen
+    - gci
     - depguard
     - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gosmopolitan
     - inamedparam
-    #- intrange # disabled while < go1.22
-    - ireturn
-    - lll
-    - musttag
-    - nestif
-    - nlreturn
-    - noinlineerr
     - nonamedreturns
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
-    - unparam
-    - varnamelen
-    - whitespace
-    - wrapcheck
-    - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    #- deadcode
+    #- interfacer
+    #- scopelint
+    #- varcheck
+    #- structcheck
+    #- golint
+    #- nosnakecase
+    #- maligned
+    #- goerr113
+    #- ifshort
+    #- gomnd
+    #- exhaustivestruct

src/runtime/vendor/github.com/go-openapi/errors/README.md

@@ -6,7 +6,3 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/go-openapi/errors)](https://goreportcard.com/report/github.com/go-openapi/errors)
 
 Shared errors and error interface used throughout the various libraries found in the go-openapi toolkit.
-
-## Licensing
-
-This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).

src/runtime/vendor/github.com/go-openapi/errors/api.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 
@@ -35,14 +46,14 @@ func (a *apiError) Code() int32 {
 
 // MarshalJSON implements the JSON encoding interface
 func (a apiError) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return json.Marshal(map[string]interface{}{
 		"code":    a.code,
 		"message": a.message,
 	})
 }
 
 // New creates a new API error with a code and a message
-func New(code int32, message string, args ...any) Error {
+func New(code int32, message string, args ...interface{}) Error {
 	if len(args) > 0 {
 		return &apiError{
 			code:    code,
@@ -56,16 +67,16 @@ func New(code int32, message string, args ...any) Error {
 }
 
 // NotFound creates a new not found error
-func NotFound(message string, args ...any) Error {
+func NotFound(message string, args ...interface{}) Error {
 	if message == "" {
 		message = "Not found"
 	}
-	return New(http.StatusNotFound, message, args...)
+	return New(http.StatusNotFound, fmt.Sprintf(message, args...))
 }
 
 // NotImplemented creates a new not implemented error
 func NotImplemented(message string) Error {
-	return New(http.StatusNotImplemented, "%s", message)
+	return New(http.StatusNotImplemented, message)
 }
 
 // MethodNotAllowedError represents an error for when the path matches but the method doesn't
@@ -86,7 +97,7 @@ func (m *MethodNotAllowedError) Code() int32 {
 
 // MarshalJSON implements the JSON encoding interface
 func (m MethodNotAllowedError) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return json.Marshal(map[string]interface{}{
 		"code":    m.code,
 		"message": m.message,
 		"allowed": m.Allowed,
@@ -168,7 +179,7 @@ func ServeError(rw http.ResponseWriter, r *http.Request, err error) {
 	default:
 		rw.WriteHeader(http.StatusInternalServerError)
 		if r == nil || r.Method != http.MethodHead {
-			_, _ = rw.Write(errorAsJSON(New(http.StatusInternalServerError, "%v", err)))
+			_, _ = rw.Write(errorAsJSON(New(http.StatusInternalServerError, err.Error())))
 		}
 	}
 }

src/runtime/vendor/github.com/go-openapi/errors/auth.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 

src/runtime/vendor/github.com/go-openapi/errors/doc.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 /*
 Package errors provides an Error interface and several concrete types

src/runtime/vendor/github.com/go-openapi/errors/headers.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 
@@ -14,9 +25,9 @@ type Validation struct { //nolint: errname
 	code    int32
 	Name    string
 	In      string
-	Value   any
+	Value   interface{}
 	message string
-	Values  []any
+	Values  []interface{}
 }
 
 func (e *Validation) Error() string {
@@ -30,7 +41,7 @@ func (e *Validation) Code() int32 {
 
 // MarshalJSON implements the JSON encoding interface
 func (e Validation) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return json.Marshal(map[string]interface{}{
 		"code":    e.code,
 		"message": e.message,
 		"in":      e.In,
@@ -61,7 +72,7 @@ const (
 
 // InvalidContentType error for an invalid content type
 func InvalidContentType(value string, allowed []string) *Validation {
-	values := make([]any, 0, len(allowed))
+	values := make([]interface{}, 0, len(allowed))
 	for _, v := range allowed {
 		values = append(values, v)
 	}
@@ -77,7 +88,7 @@ func InvalidContentType(value string, allowed []string) *Validation {
 
 // InvalidResponseFormat error for an unacceptable response format request
 func InvalidResponseFormat(value string, allowed []string) *Validation {
-	values := make([]any, 0, len(allowed))
+	values := make([]interface{}, 0, len(allowed))
 	for _, v := range allowed {
 		values = append(values, v)
 	}

src/runtime/vendor/github.com/go-openapi/errors/middleware.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 
@@ -24,7 +35,7 @@ func (v *APIVerificationFailed) Error() string {
 	hasSpecMissing := len(v.MissingSpecification) > 0
 
 	if hasRegMissing {
-		fmt.Fprintf(buf, "missing [%s] %s registrations", strings.Join(v.MissingRegistration, ", "), v.Section)
+		buf.WriteString(fmt.Sprintf("missing [%s] %s registrations", strings.Join(v.MissingRegistration, ", "), v.Section))
 	}
 
 	if hasRegMissing && hasSpecMissing {
@@ -32,7 +43,7 @@ func (v *APIVerificationFailed) Error() string {
 	}
 
 	if hasSpecMissing {
-		fmt.Fprintf(buf, "missing from spec file [%s] %s", strings.Join(v.MissingSpecification, ", "), v.Section)
+		buf.WriteString(fmt.Sprintf("missing from spec file [%s] %s", strings.Join(v.MissingSpecification, ", "), v.Section))
 	}
 
 	return buf.String()

src/runtime/vendor/github.com/go-openapi/errors/parsing.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 
@@ -19,6 +30,36 @@ type ParseError struct {
 	message string
 }
 
+func (e *ParseError) Error() string {
+	return e.message
+}
+
+// Code returns the http status code for this error
+func (e *ParseError) Code() int32 {
+	return e.code
+}
+
+// MarshalJSON implements the JSON encoding interface
+func (e ParseError) MarshalJSON() ([]byte, error) {
+	var reason string
+	if e.Reason != nil {
+		reason = e.Reason.Error()
+	}
+	return json.Marshal(map[string]interface{}{
+		"code":    e.code,
+		"message": e.message,
+		"in":      e.In,
+		"name":    e.Name,
+		"value":   e.Value,
+		"reason":  reason,
+	})
+}
+
+const (
+	parseErrorTemplContent     = `parsing %s %s from %q failed, because %s`
+	parseErrorTemplContentNoIn = `parsing %s from %q failed, because %s`
+)
+
 // NewParseError creates a new parse error
 func NewParseError(name, in, value string, reason error) *ParseError {
 	var msg string
@@ -36,33 +77,3 @@ func NewParseError(name, in, value string, reason error) *ParseError {
 		message: msg,
 	}
 }
-
-func (e *ParseError) Error() string {
-	return e.message
-}
-
-// Code returns the http status code for this error
-func (e *ParseError) Code() int32 {
-	return e.code
-}
-
-// MarshalJSON implements the JSON encoding interface
-func (e ParseError) MarshalJSON() ([]byte, error) {
-	var reason string
-	if e.Reason != nil {
-		reason = e.Reason.Error()
-	}
-	return json.Marshal(map[string]any{
-		"code":    e.code,
-		"message": e.message,
-		"in":      e.In,
-		"name":    e.Name,
-		"value":   e.Value,
-		"reason":  reason,
-	})
-}
-
-const (
-	parseErrorTemplContent     = `parsing %s %s from %q failed, because %s`
-	parseErrorTemplContentNoIn = `parsing %s from %q failed, because %s`
-)

src/runtime/vendor/github.com/go-openapi/errors/schema.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package errors
 
@@ -119,7 +130,7 @@ func (c *CompositeError) Unwrap() []error {
 
 // MarshalJSON implements the JSON encoding interface
 func (c CompositeError) MarshalJSON() ([]byte, error) {
-	return json.Marshal(map[string]any{
+	return json.Marshal(map[string]interface{}{
 		"code":    c.code,
 		"message": c.message,
 		"errors":  c.Errors,
@@ -243,7 +254,7 @@ func InvalidTypeName(typeName string) *Validation {
 }
 
 // InvalidType creates an error for when the type is invalid
-func InvalidType(name, in, typeName string, value any) *Validation {
+func InvalidType(name, in, typeName string, value interface{}) *Validation {
 	var message string
 
 	if in != "" {
@@ -291,7 +302,7 @@ func DuplicateItems(name, in string) *Validation {
 }
 
 // TooManyItems error for when an array contains too many items
-func TooManyItems(name, in string, maximum int64, value any) *Validation {
+func TooManyItems(name, in string, maximum int64, value interface{}) *Validation {
 	msg := fmt.Sprintf(maximumItemsFail, name, in, maximum)
 	if in == "" {
 		msg = fmt.Sprintf(maximumItemsFailNoIn, name, maximum)
@@ -307,7 +318,7 @@ func TooManyItems(name, in string, maximum int64, value any) *Validation {
 }
 
 // TooFewItems error for when an array contains too few items
-func TooFewItems(name, in string, minimum int64, value any) *Validation {
+func TooFewItems(name, in string, minimum int64, value interface{}) *Validation {
 	msg := fmt.Sprintf(minItemsFail, name, in, minimum)
 	if in == "" {
 		msg = fmt.Sprintf(minItemsFailNoIn, name, minimum)
@@ -322,7 +333,7 @@ func TooFewItems(name, in string, minimum int64, value any) *Validation {
 }
 
 // ExceedsMaximumInt error for when maximumimum validation fails
-func ExceedsMaximumInt(name, in string, maximum int64, exclusive bool, value any) *Validation {
+func ExceedsMaximumInt(name, in string, maximum int64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := maximumIncFailNoIn
@@ -347,7 +358,7 @@ func ExceedsMaximumInt(name, in string, maximum int64, exclusive bool, value any
 }
 
 // ExceedsMaximumUint error for when maximumimum validation fails
-func ExceedsMaximumUint(name, in string, maximum uint64, exclusive bool, value any) *Validation {
+func ExceedsMaximumUint(name, in string, maximum uint64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := maximumIncFailNoIn
@@ -372,7 +383,7 @@ func ExceedsMaximumUint(name, in string, maximum uint64, exclusive bool, value a
 }
 
 // ExceedsMaximum error for when maximumimum validation fails
-func ExceedsMaximum(name, in string, maximum float64, exclusive bool, value any) *Validation {
+func ExceedsMaximum(name, in string, maximum float64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := maximumIncFailNoIn
@@ -397,7 +408,7 @@ func ExceedsMaximum(name, in string, maximum float64, exclusive bool, value any)
 }
 
 // ExceedsMinimumInt error for when minimum validation fails
-func ExceedsMinimumInt(name, in string, minimum int64, exclusive bool, value any) *Validation {
+func ExceedsMinimumInt(name, in string, minimum int64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := minIncFailNoIn
@@ -422,7 +433,7 @@ func ExceedsMinimumInt(name, in string, minimum int64, exclusive bool, value any
 }
 
 // ExceedsMinimumUint error for when minimum validation fails
-func ExceedsMinimumUint(name, in string, minimum uint64, exclusive bool, value any) *Validation {
+func ExceedsMinimumUint(name, in string, minimum uint64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := minIncFailNoIn
@@ -447,7 +458,7 @@ func ExceedsMinimumUint(name, in string, minimum uint64, exclusive bool, value a
 }
 
 // ExceedsMinimum error for when minimum validation fails
-func ExceedsMinimum(name, in string, minimum float64, exclusive bool, value any) *Validation {
+func ExceedsMinimum(name, in string, minimum float64, exclusive bool, value interface{}) *Validation {
 	var message string
 	if in == "" {
 		m := minIncFailNoIn
@@ -472,7 +483,7 @@ func ExceedsMinimum(name, in string, minimum float64, exclusive bool, value any)
 }
 
 // NotMultipleOf error for when multiple of validation fails
-func NotMultipleOf(name, in string, multiple, value any) *Validation {
+func NotMultipleOf(name, in string, multiple, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(multipleOfFailNoIn, name, multiple)
@@ -489,7 +500,7 @@ func NotMultipleOf(name, in string, multiple, value any) *Validation {
 }
 
 // EnumFail error for when an enum validation fails
-func EnumFail(name, in string, value any, values []any) *Validation {
+func EnumFail(name, in string, value interface{}, values []interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(enumFailNoIn, name, values)
@@ -508,7 +519,7 @@ func EnumFail(name, in string, value any, values []any) *Validation {
 }
 
 // Required error for when a value is missing
-func Required(name, in string, value any) *Validation {
+func Required(name, in string, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(requiredFailNoIn, name)
@@ -525,7 +536,7 @@ func Required(name, in string, value any) *Validation {
 }
 
 // ReadOnly error for when a value is present in request
-func ReadOnly(name, in string, value any) *Validation {
+func ReadOnly(name, in string, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(readOnlyFailNoIn, name)
@@ -542,7 +553,7 @@ func ReadOnly(name, in string, value any) *Validation {
 }
 
 // TooLong error for when a string is too long
-func TooLong(name, in string, maximum int64, value any) *Validation {
+func TooLong(name, in string, maximum int64, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(tooLongMessageNoIn, name, maximum)
@@ -559,7 +570,7 @@ func TooLong(name, in string, maximum int64, value any) *Validation {
 }
 
 // TooShort error for when a string is too short
-func TooShort(name, in string, minimum int64, value any) *Validation {
+func TooShort(name, in string, minimum int64, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(tooShortMessageNoIn, name, minimum)
@@ -578,7 +589,7 @@ func TooShort(name, in string, minimum int64, value any) *Validation {
 
 // FailedPattern error for when a string fails a regex pattern match
 // the pattern that is returned is the ECMA syntax version of the pattern not the golang version.
-func FailedPattern(name, in, pattern string, value any) *Validation {
+func FailedPattern(name, in, pattern string, value interface{}) *Validation {
 	var msg string
 	if in == "" {
 		msg = fmt.Sprintf(patternFailNoIn, name, pattern)
@@ -597,7 +608,7 @@ func FailedPattern(name, in, pattern string, value any) *Validation {
 
 // MultipleOfMustBePositive error for when a
 // multipleOf factor is negative
-func MultipleOfMustBePositive(name, in string, factor any) *Validation {
+func MultipleOfMustBePositive(name, in string, factor interface{}) *Validation {
 	return &Validation{
 		code:    MultipleOfMustBePositiveCode,
 		Name:    name,

src/runtime/vendor/github.com/go-openapi/jsonpointer/.golangci.yml

@@ -1,75 +1,61 @@
-version: "2"
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 45
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
+    - maligned
+    - unparam
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
+    - whitespace
+    - wsl
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - gomnd
+    - exhaustivestruct
+    - goerr113
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
     - depguard
     - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gosmopolitan
     - inamedparam
-    #- intrange # disabled while < go1.22
-    - ireturn
-    - lll
-    - musttag
-    - nestif
-    - nlreturn
     - nonamedreturns
-    - noinlineerr
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
-    - unparam
-    - varnamelen
-    - whitespace
-    - wrapcheck
-    - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase

src/runtime/vendor/github.com/go-openapi/jsonpointer/README.md

@@ -13,14 +13,7 @@ Completed YES
 Tested YES
 
 ## References
-
-<https://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07>
-
-also known as [RFC6901](https://www.rfc-editor.org/rfc/rfc6901)
+http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07
 
 ### Note
-
 The 4.Evaluation part of the previous reference, starting with 'If the currently referenced value is a JSON array, the reference token MUST contain either...' is not implemented.
-
-That is because our implementation of the JSON pointer only supports explicit references to array elements: the provision in the spec
-to resolve non-existent members as "the last element in the array", using the special trailing character "-".

src/runtime/vendor/github.com/go-openapi/jsonpointer/errors.go

@@ -1,18 +0,0 @@
-package jsonpointer
-
-type pointerError string
-
-func (e pointerError) Error() string {
-	return string(e)
-}
-
-const (
-	// ErrPointer is an error raised by the jsonpointer package
-	ErrPointer pointerError = "JSON pointer error"
-
-	// ErrInvalidStart states that a JSON pointer must start with a separator ("/")
-	ErrInvalidStart pointerError = `JSON pointer must be empty or start with a "` + pointerSeparator
-
-	// ErrUnsupportedValueType indicates that a value of the wrong type is being set
-	ErrUnsupportedValueType pointerError = "only structs, pointers, maps and slices are supported for setting values"
-)

src/runtime/vendor/github.com/go-openapi/jsonpointer/pointer.go

@@ -33,18 +33,19 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/go-openapi/swag/jsonname"
+	"github.com/go-openapi/swag"
 )
 
 const (
 	emptyPointer     = ``
 	pointerSeparator = `/`
+
+	invalidStart = `JSON pointer must be empty or start with a "` + pointerSeparator
+	notFound     = `Can't find the pointer in the document`
 )
 
-var (
-	jsonPointableType = reflect.TypeOf(new(JSONPointable)).Elem()
-	jsonSetableType   = reflect.TypeOf(new(JSONSetable)).Elem()
-)
+var jsonPointableType = reflect.TypeOf(new(JSONPointable)).Elem()
+var jsonSetableType = reflect.TypeOf(new(JSONSetable)).Elem()
 
 // JSONPointable is an interface for structs to implement when they need to customize the
 // json pointer process
@@ -58,30 +59,303 @@ type JSONSetable interface {
 	JSONSet(string, any) error
 }
 
-// Pointer is a representation of a json pointer
+// New creates a new json pointer for the given string
+func New(jsonPointerString string) (Pointer, error) {
+
+	var p Pointer
+	err := p.parse(jsonPointerString)
+	return p, err
+
+}
+
+// Pointer the json pointer reprsentation
 type Pointer struct {
 	referenceTokens []string
 }
 
-// New creates a new json pointer for the given string
-func New(jsonPointerString string) (Pointer, error) {
-	var p Pointer
-	err := p.parse(jsonPointerString)
+// "Constructor", parses the given string JSON pointer
+func (p *Pointer) parse(jsonPointerString string) error {
 
-	return p, err
+	var err error
+
+	if jsonPointerString != emptyPointer {
+		if !strings.HasPrefix(jsonPointerString, pointerSeparator) {
+			err = errors.New(invalidStart)
+		} else {
+			referenceTokens := strings.Split(jsonPointerString, pointerSeparator)
+			p.referenceTokens = append(p.referenceTokens, referenceTokens[1:]...)
+		}
+	}
+
+	return err
 }
 
 // Get uses the pointer to retrieve a value from a JSON document
 func (p *Pointer) Get(document any) (any, reflect.Kind, error) {
-	return p.get(document, jsonname.DefaultJSONNameProvider)
+	return p.get(document, swag.DefaultJSONNameProvider)
 }
 
 // Set uses the pointer to set a value from a JSON document
 func (p *Pointer) Set(document any, value any) (any, error) {
-	return document, p.set(document, value, jsonname.DefaultJSONNameProvider)
+	return document, p.set(document, value, swag.DefaultJSONNameProvider)
 }
 
-// DecodedTokens returns the decoded tokens of this JSON pointer
+// GetForToken gets a value for a json pointer token 1 level deep
+func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) {
+	return getSingleImpl(document, decodedToken, swag.DefaultJSONNameProvider)
+}
+
+// SetForToken gets a value for a json pointer token 1 level deep
+func SetForToken(document any, decodedToken string, value any) (any, error) {
+	return document, setSingleImpl(document, value, decodedToken, swag.DefaultJSONNameProvider)
+}
+
+func isNil(input any) bool {
+	if input == nil {
+		return true
+	}
+
+	kind := reflect.TypeOf(input).Kind()
+	switch kind { //nolint:exhaustive
+	case reflect.Ptr, reflect.Map, reflect.Slice, reflect.Chan:
+		return reflect.ValueOf(input).IsNil()
+	default:
+		return false
+	}
+}
+
+func getSingleImpl(node any, decodedToken string, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
+	rValue := reflect.Indirect(reflect.ValueOf(node))
+	kind := rValue.Kind()
+	if isNil(node) {
+		return nil, kind, fmt.Errorf("nil value has not field %q", decodedToken)
+	}
+
+	switch typed := node.(type) {
+	case JSONPointable:
+		r, err := typed.JSONLookup(decodedToken)
+		if err != nil {
+			return nil, kind, err
+		}
+		return r, kind, nil
+	case *any: // case of a pointer to interface, that is not resolved by reflect.Indirect
+		return getSingleImpl(*typed, decodedToken, nameProvider)
+	}
+
+	switch kind { //nolint:exhaustive
+	case reflect.Struct:
+		nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
+		if !ok {
+			return nil, kind, fmt.Errorf("object has no field %q", decodedToken)
+		}
+		fld := rValue.FieldByName(nm)
+		return fld.Interface(), kind, nil
+
+	case reflect.Map:
+		kv := reflect.ValueOf(decodedToken)
+		mv := rValue.MapIndex(kv)
+
+		if mv.IsValid() {
+			return mv.Interface(), kind, nil
+		}
+		return nil, kind, fmt.Errorf("object has no key %q", decodedToken)
+
+	case reflect.Slice:
+		tokenIndex, err := strconv.Atoi(decodedToken)
+		if err != nil {
+			return nil, kind, err
+		}
+		sLength := rValue.Len()
+		if tokenIndex < 0 || tokenIndex >= sLength {
+			return nil, kind, fmt.Errorf("index out of bounds array[0,%d] index '%d'", sLength-1, tokenIndex)
+		}
+
+		elem := rValue.Index(tokenIndex)
+		return elem.Interface(), kind, nil
+
+	default:
+		return nil, kind, fmt.Errorf("invalid token reference %q", decodedToken)
+	}
+
+}
+
+func setSingleImpl(node, data any, decodedToken string, nameProvider *swag.NameProvider) error {
+	rValue := reflect.Indirect(reflect.ValueOf(node))
+
+	if ns, ok := node.(JSONSetable); ok { // pointer impl
+		return ns.JSONSet(decodedToken, data)
+	}
+
+	if rValue.Type().Implements(jsonSetableType) {
+		return node.(JSONSetable).JSONSet(decodedToken, data)
+	}
+
+	switch rValue.Kind() { //nolint:exhaustive
+	case reflect.Struct:
+		nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
+		if !ok {
+			return fmt.Errorf("object has no field %q", decodedToken)
+		}
+		fld := rValue.FieldByName(nm)
+		if fld.IsValid() {
+			fld.Set(reflect.ValueOf(data))
+		}
+		return nil
+
+	case reflect.Map:
+		kv := reflect.ValueOf(decodedToken)
+		rValue.SetMapIndex(kv, reflect.ValueOf(data))
+		return nil
+
+	case reflect.Slice:
+		tokenIndex, err := strconv.Atoi(decodedToken)
+		if err != nil {
+			return err
+		}
+		sLength := rValue.Len()
+		if tokenIndex < 0 || tokenIndex >= sLength {
+			return fmt.Errorf("index out of bounds array[0,%d] index '%d'", sLength, tokenIndex)
+		}
+
+		elem := rValue.Index(tokenIndex)
+		if !elem.CanSet() {
+			return fmt.Errorf("can't set slice index %s to %v", decodedToken, data)
+		}
+		elem.Set(reflect.ValueOf(data))
+		return nil
+
+	default:
+		return fmt.Errorf("invalid token reference %q", decodedToken)
+	}
+
+}
+
+func (p *Pointer) get(node any, nameProvider *swag.NameProvider) (any, reflect.Kind, error) {
+
+	if nameProvider == nil {
+		nameProvider = swag.DefaultJSONNameProvider
+	}
+
+	kind := reflect.Invalid
+
+	// Full document when empty
+	if len(p.referenceTokens) == 0 {
+		return node, kind, nil
+	}
+
+	for _, token := range p.referenceTokens {
+
+		decodedToken := Unescape(token)
+
+		r, knd, err := getSingleImpl(node, decodedToken, nameProvider)
+		if err != nil {
+			return nil, knd, err
+		}
+		node = r
+	}
+
+	rValue := reflect.ValueOf(node)
+	kind = rValue.Kind()
+
+	return node, kind, nil
+}
+
+func (p *Pointer) set(node, data any, nameProvider *swag.NameProvider) error {
+	knd := reflect.ValueOf(node).Kind()
+
+	if knd != reflect.Ptr && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array {
+		return errors.New("only structs, pointers, maps and slices are supported for setting values")
+	}
+
+	if nameProvider == nil {
+		nameProvider = swag.DefaultJSONNameProvider
+	}
+
+	// Full document when empty
+	if len(p.referenceTokens) == 0 {
+		return nil
+	}
+
+	lastI := len(p.referenceTokens) - 1
+	for i, token := range p.referenceTokens {
+		isLastToken := i == lastI
+		decodedToken := Unescape(token)
+
+		if isLastToken {
+
+			return setSingleImpl(node, data, decodedToken, nameProvider)
+		}
+
+		rValue := reflect.Indirect(reflect.ValueOf(node))
+		kind := rValue.Kind()
+
+		if rValue.Type().Implements(jsonPointableType) {
+			r, err := node.(JSONPointable).JSONLookup(decodedToken)
+			if err != nil {
+				return err
+			}
+			fld := reflect.ValueOf(r)
+			if fld.CanAddr() && fld.Kind() != reflect.Interface && fld.Kind() != reflect.Map && fld.Kind() != reflect.Slice && fld.Kind() != reflect.Ptr {
+				node = fld.Addr().Interface()
+				continue
+			}
+			node = r
+			continue
+		}
+
+		switch kind { //nolint:exhaustive
+		case reflect.Struct:
+			nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
+			if !ok {
+				return fmt.Errorf("object has no field %q", decodedToken)
+			}
+			fld := rValue.FieldByName(nm)
+			if fld.CanAddr() && fld.Kind() != reflect.Interface && fld.Kind() != reflect.Map && fld.Kind() != reflect.Slice && fld.Kind() != reflect.Ptr {
+				node = fld.Addr().Interface()
+				continue
+			}
+			node = fld.Interface()
+
+		case reflect.Map:
+			kv := reflect.ValueOf(decodedToken)
+			mv := rValue.MapIndex(kv)
+
+			if !mv.IsValid() {
+				return fmt.Errorf("object has no key %q", decodedToken)
+			}
+			if mv.CanAddr() && mv.Kind() != reflect.Interface && mv.Kind() != reflect.Map && mv.Kind() != reflect.Slice && mv.Kind() != reflect.Ptr {
+				node = mv.Addr().Interface()
+				continue
+			}
+			node = mv.Interface()
+
+		case reflect.Slice:
+			tokenIndex, err := strconv.Atoi(decodedToken)
+			if err != nil {
+				return err
+			}
+			sLength := rValue.Len()
+			if tokenIndex < 0 || tokenIndex >= sLength {
+				return fmt.Errorf("index out of bounds array[0,%d] index '%d'", sLength, tokenIndex)
+			}
+
+			elem := rValue.Index(tokenIndex)
+			if elem.CanAddr() && elem.Kind() != reflect.Interface && elem.Kind() != reflect.Map && elem.Kind() != reflect.Slice && elem.Kind() != reflect.Ptr {
+				node = elem.Addr().Interface()
+				continue
+			}
+			node = elem.Interface()
+
+		default:
+			return fmt.Errorf("invalid token reference %q", decodedToken)
+		}
+
+	}
+
+	return nil
+}
+
+// DecodedTokens returns the decoded tokens
 func (p *Pointer) DecodedTokens() []string {
 	result := make([]string, 0, len(p.referenceTokens))
 	for _, t := range p.referenceTokens {
@@ -103,7 +377,9 @@ func (p *Pointer) String() string {
 		return emptyPointer
 	}
 
-	return pointerSeparator + strings.Join(p.referenceTokens, pointerSeparator)
+	pointerString := pointerSeparator + strings.Join(p.referenceTokens, pointerSeparator)
+
+	return pointerString
 }
 
 func (p *Pointer) Offset(document string) (int64, error) {
@@ -128,294 +404,15 @@ func (p *Pointer) Offset(document string) (int64, error) {
 					return 0, err
 				}
 			default:
-				return 0, fmt.Errorf("invalid token %#v: %w", tk, ErrPointer)
+				return 0, fmt.Errorf("invalid token %#v", tk)
 			}
 		default:
-			return 0, fmt.Errorf("invalid token %#v: %w", tk, ErrPointer)
+			return 0, fmt.Errorf("invalid token %#v", tk)
 		}
 	}
 	return offset, nil
 }
 
-// "Constructor", parses the given string JSON pointer
-func (p *Pointer) parse(jsonPointerString string) error {
-	var err error
-
-	if jsonPointerString != emptyPointer {
-		if !strings.HasPrefix(jsonPointerString, pointerSeparator) {
-			err = errors.Join(ErrInvalidStart, ErrPointer)
-		} else {
-			referenceTokens := strings.Split(jsonPointerString, pointerSeparator)
-			p.referenceTokens = append(p.referenceTokens, referenceTokens[1:]...)
-		}
-	}
-
-	return err
-}
-
-func (p *Pointer) get(node any, nameProvider *jsonname.NameProvider) (any, reflect.Kind, error) {
-	if nameProvider == nil {
-		nameProvider = jsonname.DefaultJSONNameProvider
-	}
-
-	kind := reflect.Invalid
-
-	// Full document when empty
-	if len(p.referenceTokens) == 0 {
-		return node, kind, nil
-	}
-
-	for _, token := range p.referenceTokens {
-		decodedToken := Unescape(token)
-
-		r, knd, err := getSingleImpl(node, decodedToken, nameProvider)
-		if err != nil {
-			return nil, knd, err
-		}
-		node = r
-	}
-
-	rValue := reflect.ValueOf(node)
-	kind = rValue.Kind()
-
-	return node, kind, nil
-}
-
-func (p *Pointer) set(node, data any, nameProvider *jsonname.NameProvider) error {
-	knd := reflect.ValueOf(node).Kind()
-
-	if knd != reflect.Pointer && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array {
-		return errors.Join(
-			ErrUnsupportedValueType,
-			ErrPointer,
-		)
-	}
-
-	if nameProvider == nil {
-		nameProvider = jsonname.DefaultJSONNameProvider
-	}
-
-	// Full document when empty
-	if len(p.referenceTokens) == 0 {
-		return nil
-	}
-
-	lastI := len(p.referenceTokens) - 1
-	for i, token := range p.referenceTokens {
-		isLastToken := i == lastI
-		decodedToken := Unescape(token)
-
-		if isLastToken {
-
-			return setSingleImpl(node, data, decodedToken, nameProvider)
-		}
-
-		// Check for nil during traversal
-		if isNil(node) {
-			return fmt.Errorf("cannot traverse through nil value at %q: %w", decodedToken, ErrPointer)
-		}
-
-		rValue := reflect.Indirect(reflect.ValueOf(node))
-		kind := rValue.Kind()
-
-		if rValue.Type().Implements(jsonPointableType) {
-			r, err := node.(JSONPointable).JSONLookup(decodedToken)
-			if err != nil {
-				return err
-			}
-			fld := reflect.ValueOf(r)
-			if fld.CanAddr() && fld.Kind() != reflect.Interface && fld.Kind() != reflect.Map && fld.Kind() != reflect.Slice && fld.Kind() != reflect.Pointer {
-				node = fld.Addr().Interface()
-				continue
-			}
-			node = r
-			continue
-		}
-
-		switch kind { //nolint:exhaustive
-		case reflect.Struct:
-			nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
-			if !ok {
-				return fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer)
-			}
-			fld := rValue.FieldByName(nm)
-			if fld.CanAddr() && fld.Kind() != reflect.Interface && fld.Kind() != reflect.Map && fld.Kind() != reflect.Slice && fld.Kind() != reflect.Pointer {
-				node = fld.Addr().Interface()
-				continue
-			}
-			node = fld.Interface()
-
-		case reflect.Map:
-			kv := reflect.ValueOf(decodedToken)
-			mv := rValue.MapIndex(kv)
-
-			if !mv.IsValid() {
-				return fmt.Errorf("object has no key %q: %w", decodedToken, ErrPointer)
-			}
-			if mv.CanAddr() && mv.Kind() != reflect.Interface && mv.Kind() != reflect.Map && mv.Kind() != reflect.Slice && mv.Kind() != reflect.Pointer {
-				node = mv.Addr().Interface()
-				continue
-			}
-			node = mv.Interface()
-
-		case reflect.Slice:
-			tokenIndex, err := strconv.Atoi(decodedToken)
-			if err != nil {
-				return err
-			}
-			sLength := rValue.Len()
-			if tokenIndex < 0 || tokenIndex >= sLength {
-				return fmt.Errorf("index out of bounds array[0,%d] index '%d': %w", sLength, tokenIndex, ErrPointer)
-			}
-
-			elem := rValue.Index(tokenIndex)
-			if elem.CanAddr() && elem.Kind() != reflect.Interface && elem.Kind() != reflect.Map && elem.Kind() != reflect.Slice && elem.Kind() != reflect.Pointer {
-				node = elem.Addr().Interface()
-				continue
-			}
-			node = elem.Interface()
-
-		default:
-			return fmt.Errorf("invalid token reference %q: %w", decodedToken, ErrPointer)
-		}
-	}
-
-	return nil
-}
-
-func isNil(input any) bool {
-	if input == nil {
-		return true
-	}
-
-	kind := reflect.TypeOf(input).Kind()
-	switch kind { //nolint:exhaustive
-	case reflect.Pointer, reflect.Map, reflect.Slice, reflect.Chan:
-		return reflect.ValueOf(input).IsNil()
-	default:
-		return false
-	}
-}
-
-// GetForToken gets a value for a json pointer token 1 level deep
-func GetForToken(document any, decodedToken string) (any, reflect.Kind, error) {
-	return getSingleImpl(document, decodedToken, jsonname.DefaultJSONNameProvider)
-}
-
-// SetForToken gets a value for a json pointer token 1 level deep
-func SetForToken(document any, decodedToken string, value any) (any, error) {
-	return document, setSingleImpl(document, value, decodedToken, jsonname.DefaultJSONNameProvider)
-}
-
-func getSingleImpl(node any, decodedToken string, nameProvider *jsonname.NameProvider) (any, reflect.Kind, error) {
-	rValue := reflect.Indirect(reflect.ValueOf(node))
-	kind := rValue.Kind()
-	if isNil(node) {
-		return nil, kind, fmt.Errorf("nil value has no field %q: %w", decodedToken, ErrPointer)
-	}
-
-	switch typed := node.(type) {
-	case JSONPointable:
-		r, err := typed.JSONLookup(decodedToken)
-		if err != nil {
-			return nil, kind, err
-		}
-		return r, kind, nil
-	case *any: // case of a pointer to interface, that is not resolved by reflect.Indirect
-		return getSingleImpl(*typed, decodedToken, nameProvider)
-	}
-
-	switch kind { //nolint:exhaustive
-	case reflect.Struct:
-		nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
-		if !ok {
-			return nil, kind, fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer)
-		}
-		fld := rValue.FieldByName(nm)
-		return fld.Interface(), kind, nil
-
-	case reflect.Map:
-		kv := reflect.ValueOf(decodedToken)
-		mv := rValue.MapIndex(kv)
-
-		if mv.IsValid() {
-			return mv.Interface(), kind, nil
-		}
-		return nil, kind, fmt.Errorf("object has no key %q: %w", decodedToken, ErrPointer)
-
-	case reflect.Slice:
-		tokenIndex, err := strconv.Atoi(decodedToken)
-		if err != nil {
-			return nil, kind, err
-		}
-		sLength := rValue.Len()
-		if tokenIndex < 0 || tokenIndex >= sLength {
-			return nil, kind, fmt.Errorf("index out of bounds array[0,%d] index '%d': %w", sLength-1, tokenIndex, ErrPointer)
-		}
-
-		elem := rValue.Index(tokenIndex)
-		return elem.Interface(), kind, nil
-
-	default:
-		return nil, kind, fmt.Errorf("invalid token reference %q: %w", decodedToken, ErrPointer)
-	}
-}
-
-func setSingleImpl(node, data any, decodedToken string, nameProvider *jsonname.NameProvider) error {
-	rValue := reflect.Indirect(reflect.ValueOf(node))
-
-	// Check for nil to prevent panic when calling rValue.Type()
-	if isNil(node) {
-		return fmt.Errorf("cannot set field %q on nil value: %w", decodedToken, ErrPointer)
-	}
-
-	if ns, ok := node.(JSONSetable); ok { // pointer impl
-		return ns.JSONSet(decodedToken, data)
-	}
-
-	if rValue.Type().Implements(jsonSetableType) {
-		return node.(JSONSetable).JSONSet(decodedToken, data)
-	}
-
-	switch rValue.Kind() { //nolint:exhaustive
-	case reflect.Struct:
-		nm, ok := nameProvider.GetGoNameForType(rValue.Type(), decodedToken)
-		if !ok {
-			return fmt.Errorf("object has no field %q: %w", decodedToken, ErrPointer)
-		}
-		fld := rValue.FieldByName(nm)
-		if fld.IsValid() {
-			fld.Set(reflect.ValueOf(data))
-		}
-		return nil
-
-	case reflect.Map:
-		kv := reflect.ValueOf(decodedToken)
-		rValue.SetMapIndex(kv, reflect.ValueOf(data))
-		return nil
-
-	case reflect.Slice:
-		tokenIndex, err := strconv.Atoi(decodedToken)
-		if err != nil {
-			return err
-		}
-		sLength := rValue.Len()
-		if tokenIndex < 0 || tokenIndex >= sLength {
-			return fmt.Errorf("index out of bounds array[0,%d] index '%d': %w", sLength, tokenIndex, ErrPointer)
-		}
-
-		elem := rValue.Index(tokenIndex)
-		if !elem.CanSet() {
-			return fmt.Errorf("can't set slice index %s to %v: %w", decodedToken, data, ErrPointer)
-		}
-		elem.Set(reflect.ValueOf(data))
-		return nil
-
-	default:
-		return fmt.Errorf("invalid token reference %q: %w", decodedToken, ErrPointer)
-	}
-}
-
 func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) {
 	for dec.More() {
 		offset := dec.InputOffset()
@@ -440,16 +437,16 @@ func offsetSingleObject(dec *json.Decoder, decodedToken string) (int64, error) {
 				return offset, nil
 			}
 		default:
-			return 0, fmt.Errorf("invalid token %#v: %w", tk, ErrPointer)
+			return 0, fmt.Errorf("invalid token %#v", tk)
 		}
 	}
-	return 0, fmt.Errorf("token reference %q not found: %w", decodedToken, ErrPointer)
+	return 0, fmt.Errorf("token reference %q not found", decodedToken)
 }
 
 func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) {
 	idx, err := strconv.Atoi(decodedToken)
 	if err != nil {
-		return 0, fmt.Errorf("token reference %q is not a number: %v: %w", decodedToken, err, ErrPointer)
+		return 0, fmt.Errorf("token reference %q is not a number: %v", decodedToken, err)
 	}
 	var i int
 	for i = 0; i < idx && dec.More(); i++ {
@@ -473,7 +470,7 @@ func offsetSingleArray(dec *json.Decoder, decodedToken string) (int64, error) {
 	}
 
 	if !dec.More() {
-		return 0, fmt.Errorf("token reference %q not found: %w", decodedToken, ErrPointer)
+		return 0, fmt.Errorf("token reference %q not found", decodedToken)
 	}
 	return dec.InputOffset(), nil
 }
@@ -519,17 +516,16 @@ const (
 	decRefTok1 = `/`
 )
 
-var (
-	encRefTokReplacer = strings.NewReplacer(encRefTok1, decRefTok1, encRefTok0, decRefTok0)
-	decRefTokReplacer = strings.NewReplacer(decRefTok1, encRefTok1, decRefTok0, encRefTok0)
-)
-
 // Unescape unescapes a json pointer reference token string to the original representation
 func Unescape(token string) string {
-	return encRefTokReplacer.Replace(token)
+	step1 := strings.ReplaceAll(token, encRefTok1, decRefTok1)
+	step2 := strings.ReplaceAll(step1, encRefTok0, decRefTok0)
+	return step2
 }
 
 // Escape escapes a pointer reference token string
 func Escape(token string) string {
-	return decRefTokReplacer.Replace(token)
+	step1 := strings.ReplaceAll(token, decRefTok0, encRefTok0)
+	step2 := strings.ReplaceAll(step1, decRefTok1, encRefTok1)
+	return step2
 }

src/runtime/vendor/github.com/go-openapi/jsonreference/.golangci.yml

@@ -1,75 +1,61 @@
-version: "2"
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 45
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
+    - maligned
+    - unparam
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
+    - whitespace
+    - wsl
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - gomnd
+    - exhaustivestruct
+    - goerr113
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
     - depguard
     - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gosmopolitan
     - inamedparam
-    #- intrange # disabled while < go1.22
-    - ireturn
-    - lll
-    - musttag
-    - nestif
-    - nlreturn
     - nonamedreturns
-    - noinlineerr
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
-    - unparam
-    - varnamelen
-    - whitespace
-    - wrapcheck
-    - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase

src/runtime/vendor/github.com/go-openapi/jsonreference/NOTICE

@@ -1,36 +0,0 @@
-Copyright 2015-2025 go-swagger maintainers
-
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
-This software library, github.com/go-openapi/jsonpointer, includes software developed
-by the go-swagger and go-openapi maintainers ("go-swagger maintainers").
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this software except in compliance with the License.
-You may obtain a copy of the License at
-
-This software is copied from, derived from, and inspired by other original software products.
-It ships with copies of other software which license terms are recalled below.
-
-The original sofware was authored on 25-02-2013 by sigu-399 (https://github.com/sigu-399, sigu.399@gmail.com).
-
-github.com/sigh-399/jsonpointer
-===========================
-
-// SPDX-FileCopyrightText: Copyright 2013 sigu-399 ( https://github.com/sigu-399 )
-// SPDX-License-Identifier: Apache-2.0
-
-Copyright 2013 sigu-399 ( https://github.com/sigu-399 )
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.

src/runtime/vendor/github.com/go-openapi/jsonreference/README.md

@@ -17,10 +17,3 @@ Feature complete. Stable API
 
 * http://tools.ietf.org/html/draft-ietf-appsawg-json-pointer-07
 * http://tools.ietf.org/html/draft-pbryan-zyp-json-ref-03
-
-## Licensing
-
-This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).
-
-See the license [NOTICE](./NOTICE), which recalls the licensing terms of all the pieces of software
-on top of which it has been built.

src/runtime/vendor/github.com/go-openapi/jsonreference/internal/normalize_url.go

@@ -1,6 +1,3 @@
-// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package internal
 
 import (

src/runtime/vendor/github.com/go-openapi/jsonreference/reference.go

@@ -1,5 +1,27 @@
-// SPDX-FileCopyrightText: Copyright (c) 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2013 sigu-399 ( https://github.com/sigu-399 )
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// author       sigu-399
+// author-github  https://github.com/sigu-399
+// author-mail    sigu.399@gmail.com
+//
+// repository-name  jsonreference
+// repository-desc  An implementation of JSON Reference - Go language
+//
+// description    Main and unique file.
+//
+// created        26-02-2013
 
 package jsonreference
 
@@ -16,7 +38,24 @@ const (
 	fragmentRune = `#`
 )
 
-var ErrChildURL = errors.New("child url is nil")
+// New creates a new reference for the given string
+func New(jsonReferenceString string) (Ref, error) {
+
+	var r Ref
+	err := r.parse(jsonReferenceString)
+	return r, err
+
+}
+
+// MustCreateRef parses the ref string and panics when it's invalid.
+// Use the New method for a version that returns an error
+func MustCreateRef(ref string) Ref {
+	r, err := New(ref)
+	if err != nil {
+		panic(err)
+	}
+	return r
+}
 
 // Ref represents a json reference object
 type Ref struct {
@@ -30,24 +69,6 @@ type Ref struct {
 	HasFullFilePath bool
 }
 
-// New creates a new reference for the given string
-func New(jsonReferenceString string) (Ref, error) {
-	var r Ref
-	err := r.parse(jsonReferenceString)
-	return r, err
-}
-
-// MustCreateRef parses the ref string and panics when it's invalid.
-// Use the New method for a version that returns an error
-func MustCreateRef(ref string) Ref {
-	r, err := New(ref)
-	if err != nil {
-		panic(err)
-	}
-
-	return r
-}
-
 // GetURL gets the URL for this reference
 func (r *Ref) GetURL() *url.URL {
 	return r.referenceURL
@@ -60,6 +81,7 @@ func (r *Ref) GetPointer() *jsonpointer.Pointer {
 
 // String returns the best version of the url for this reference
 func (r *Ref) String() string {
+
 	if r.referenceURL != nil {
 		return r.referenceURL.String()
 	}
@@ -84,27 +106,9 @@ func (r *Ref) IsCanonical() bool {
 	return (r.HasFileScheme && r.HasFullFilePath) || (!r.HasFileScheme && r.HasFullURL)
 }
 
-// Inherits creates a new reference from a parent and a child
-// If the child cannot inherit from the parent, an error is returned
-func (r *Ref) Inherits(child Ref) (*Ref, error) {
-	childURL := child.GetURL()
-	parentURL := r.GetURL()
-	if childURL == nil {
-		return nil, ErrChildURL
-	}
-	if parentURL == nil {
-		return &child, nil
-	}
-
-	ref, err := New(parentURL.ResolveReference(childURL).String())
-	if err != nil {
-		return nil, err
-	}
-	return &ref, nil
-}
-
 // "Constructor", parses the given string JSON reference
 func (r *Ref) parse(jsonReferenceString string) error {
+
 	parsed, err := url.Parse(jsonReferenceString)
 	if err != nil {
 		return err
@@ -133,3 +137,22 @@ func (r *Ref) parse(jsonReferenceString string) error {
 
 	return nil
 }
+
+// Inherits creates a new reference from a parent and a child
+// If the child cannot inherit from the parent, an error is returned
+func (r *Ref) Inherits(child Ref) (*Ref, error) {
+	childURL := child.GetURL()
+	parentURL := r.GetURL()
+	if childURL == nil {
+		return nil, errors.New("child url is nil")
+	}
+	if parentURL == nil {
+		return &child, nil
+	}
+
+	ref, err := New(parentURL.ResolveReference(childURL).String())
+	if err != nil {
+		return nil, err
+	}
+	return &ref, nil
+}

src/runtime/vendor/github.com/go-openapi/loads/.golangci.yml

@@ -1,75 +1,61 @@
-version: "2"
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 45
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
+    - maligned
+    - unparam
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
+    - whitespace
+    - wsl
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - gomnd
+    - exhaustivestruct
+    - goerr113
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
     - depguard
     - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gosmopolitan
     - inamedparam
-    - intrange
-    - ireturn
-    - lll
-    - musttag
-    - nestif
-    - nlreturn
     - nonamedreturns
-    - noinlineerr
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
-    - unparam
-    - varnamelen
-    - whitespace
-    - wrapcheck
-    - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase

src/runtime/vendor/github.com/go-openapi/loads/README.md

@@ -3,30 +3,4 @@
 [![license](http://img.shields.io/badge/license-Apache%20v2-orange.svg)](https://raw.githubusercontent.com/go-openapi/loads/master/LICENSE) [![GoDoc](https://godoc.org/github.com/go-openapi/loads?status.svg)](http://godoc.org/github.com/go-openapi/loads)
 [![Go Report Card](https://goreportcard.com/badge/github.com/go-openapi/loads)](https://goreportcard.com/report/github.com/go-openapi/loads)
 
-Loading of OAI v2 API specification documents from local or remote locations. Supports JSON and YAML documents.
-
-Primary usage:
-
-```go
-  import (
-	  "github.com/go-openapi/loads"
-  )
-
-  ...
-
-	// loads a YAML spec from a http file
-	doc, err := loads.Spec(ts.URL)
-  
-  ...
-
-  // retrieves the object model for the API specification
-  spec := doc.Spec()
-
-  ...
-```
-
-See also the provided [examples](https://pkg.go.dev/github.com/go-openapi/loads#pkg-examples).
-
-## Licensing
-
-This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).
+Loading of OAI specification documents from local or remote locations. Supports JSON and YAML documents.

src/runtime/vendor/github.com/go-openapi/loads/doc.go

@@ -1,7 +1,18 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
-// Package loads provides document loading methods for swagger (OAI v2) API specifications.
+// Package loads provides document loading methods for swagger (OAI) specifications.
 //
 // It is used by other go-openapi packages to load and run analysis on local or remote spec documents.
 package loads

src/runtime/vendor/github.com/go-openapi/loads/errors.go

@@ -1,18 +0,0 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
-package loads
-
-type loaderError string
-
-func (e loaderError) Error() string {
-	return string(e)
-}
-
-const (
-	// ErrLoads is an error returned by the loads package
-	ErrLoads loaderError = "loaderrs error"
-
-	// ErrNoLoader indicates that no configured loader matched the input
-	ErrNoLoader loaderError = "no loader matched"
-)

src/runtime/vendor/github.com/go-openapi/loads/loaders.go

@@ -1,16 +1,12 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package loads
 
 import (
 	"encoding/json"
 	"errors"
 	"net/url"
-	"slices"
 
 	"github.com/go-openapi/spec"
-	"github.com/go-openapi/swag/loading"
+	"github.com/go-openapi/swag"
 )
 
 var (
@@ -34,8 +30,8 @@ func init() {
 
 	loaders = jsonLoader.WithHead(&loader{
 		DocLoaderWithMatch: DocLoaderWithMatch{
-			Match: loading.YAMLMatcher,
-			Fn:    loading.YAMLDoc,
+			Match: swag.YAMLMatcher,
+			Fn:    swag.YAMLDoc,
 		},
 	})
 
@@ -44,7 +40,7 @@ func init() {
 }
 
 // DocLoader represents a doc loader type
-type DocLoader func(string, ...loading.Option) (json.RawMessage, error)
+type DocLoader func(string) (json.RawMessage, error)
 
 // DocMatcher represents a predicate to check if a loader matches
 type DocMatcher func(string) bool
@@ -65,9 +61,6 @@ func NewDocLoaderWithMatch(fn DocLoader, matcher DocMatcher) DocLoaderWithMatch
 
 type loader struct {
 	DocLoaderWithMatch
-
-	loadingOptions []loading.Option
-
 	Next *loader
 }
 
@@ -90,17 +83,17 @@ func (l *loader) WithNext(next *loader) *loader {
 func (l *loader) Load(path string) (json.RawMessage, error) {
 	_, erp := url.Parse(path)
 	if erp != nil {
-		return nil, errors.Join(erp, ErrLoads)
+		return nil, erp
 	}
 
-	var lastErr error = ErrNoLoader // default error if no match was found
+	lastErr := errors.New("no loader matched") // default error if no match was found
 	for ldr := l; ldr != nil; ldr = ldr.Next {
 		if ldr.Match != nil && !ldr.Match(path) {
 			continue
 		}
 
 		// try then move to next one if there is an error
-		b, err := ldr.Fn(path, l.loadingOptions...)
+		b, err := ldr.Fn(path)
 		if err == nil {
 			return b, nil
 		}
@@ -108,29 +101,14 @@ func (l *loader) Load(path string) (json.RawMessage, error) {
 		lastErr = err
 	}
 
-	return nil, errors.Join(lastErr, ErrLoads)
+	return nil, lastErr
 }
 
-func (l *loader) clone() *loader {
-	if l == nil {
-		return nil
-	}
-
-	return &loader{
-		DocLoaderWithMatch: l.DocLoaderWithMatch,
-		loadingOptions:     slices.Clone(l.loadingOptions),
-		Next:               l.Next.clone(),
-	}
-}
-
-// JSONDoc loads a json document from either a file or a remote url.
-//
-// See [loading.Option] for available options (e.g. configuring authentifaction,
-// headers or using embedded file system resources).
-func JSONDoc(path string, opts ...loading.Option) (json.RawMessage, error) {
-	data, err := loading.LoadFromFileOrHTTP(path, opts...)
+// JSONDoc loads a json document from either a file or a remote url
+func JSONDoc(path string) (json.RawMessage, error) {
+	data, err := swag.LoadFromFileOrHTTP(path)
 	if err != nil {
-		return nil, errors.Join(err, ErrLoads)
+		return nil, err
 	}
 	return json.RawMessage(data), nil
 }

src/runtime/vendor/github.com/go-openapi/loads/options.go

@@ -1,13 +1,7 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
-
 package loads
 
-import "github.com/go-openapi/swag/loading"
-
 type options struct {
-	loader         *loader
-	loadingOptions []loading.Option
+	loader *loader
 }
 
 func defaultOptions() *options {
@@ -22,10 +16,7 @@ func loaderFromOptions(options []LoaderOption) *loader {
 		apply(opts)
 	}
 
-	l := opts.loader.clone()
-	l.loadingOptions = opts.loadingOptions
-
-	return l
+	return opts.loader
 }
 
 // LoaderOption allows to fine-tune the spec loader behavior
@@ -68,10 +59,3 @@ func WithDocLoaderMatches(l ...DocLoaderWithMatch) LoaderOption {
 		opt.loader = final
 	}
 }
-
-// WithLoadingOptions adds some [loading.Option] to be added when calling a registered loader.
-func WithLoadingOptions(loadingOptions ...loading.Option) LoaderOption {
-	return func(opt *options) {
-		opt.loadingOptions = loadingOptions
-	}
-}

src/runtime/vendor/github.com/go-openapi/loads/spec.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package loads
 
@@ -7,18 +18,16 @@ import (
 	"bytes"
 	"encoding/gob"
 	"encoding/json"
-	"errors"
 	"fmt"
-	"maps"
 
 	"github.com/go-openapi/analysis"
 	"github.com/go-openapi/spec"
-	"github.com/go-openapi/swag/yamlutils"
+	"github.com/go-openapi/swag"
 )
 
 func init() {
-	gob.Register(map[string]any{})
-	gob.Register([]any{})
+	gob.Register(map[string]interface{}{})
+	gob.Register([]interface{}{})
 }
 
 // Document represents a swagger spec document
@@ -33,21 +42,14 @@ type Document struct {
 	raw          json.RawMessage
 }
 
-// JSONSpec loads a spec from a json document, using the [JSONDoc] loader.
-//
-// A set of [loading.Option] may be passed to this loader using [WithLoadingOptions].
-func JSONSpec(path string, opts ...LoaderOption) (*Document, error) {
-	var o options
-	for _, apply := range opts {
-		apply(&o)
-	}
-
-	data, err := JSONDoc(path, o.loadingOptions...)
+// JSONSpec loads a spec from a json document
+func JSONSpec(path string, options ...LoaderOption) (*Document, error) {
+	data, err := JSONDoc(path)
 	if err != nil {
 		return nil, err
 	}
 	// convert to json
-	doc, err := Analyzed(data, "", opts...)
+	doc, err := Analyzed(data, "", options...)
 	if err != nil {
 		return nil, err
 	}
@@ -57,8 +59,8 @@ func JSONSpec(path string, opts ...LoaderOption) (*Document, error) {
 	return doc, nil
 }
 
-// Embedded returns a Document based on embedded specs (i.e. as a raw [json.RawMessage]). No analysis is required
-func Embedded(orig, flat json.RawMessage, opts ...LoaderOption) (*Document, error) {
+// Embedded returns a Document based on embedded specs. No analysis is required
+func Embedded(orig, flat json.RawMessage, options ...LoaderOption) (*Document, error) {
 	var origSpec, flatSpec spec.Swagger
 	if err := json.Unmarshal(orig, &origSpec); err != nil {
 		return nil, err
@@ -70,22 +72,20 @@ func Embedded(orig, flat json.RawMessage, opts ...LoaderOption) (*Document, erro
 		raw:        orig,
 		origSpec:   &origSpec,
 		spec:       &flatSpec,
-		pathLoader: loaderFromOptions(opts),
+		pathLoader: loaderFromOptions(options),
 	}, nil
 }
 
-// Spec loads a new spec document from a local or remote path.
-//
-// By default it uses a JSON or YAML loader, with auto-detection based on the resource extension.
-func Spec(path string, opts ...LoaderOption) (*Document, error) {
-	ldr := loaderFromOptions(opts)
+// Spec loads a new spec document from a local or remote path
+func Spec(path string, options ...LoaderOption) (*Document, error) {
+	ldr := loaderFromOptions(options)
 
 	b, err := ldr.Load(path)
 	if err != nil {
 		return nil, err
 	}
 
-	document, err := Analyzed(b, "", opts...)
+	document, err := Analyzed(b, "", options...)
 	if err != nil {
 		return nil, err
 	}
@@ -102,7 +102,7 @@ func Analyzed(data json.RawMessage, version string, options ...LoaderOption) (*D
 		version = "2.0"
 	}
 	if version != "2.0" {
-		return nil, fmt.Errorf("spec version %q is not supported: %w", version, ErrLoads)
+		return nil, fmt.Errorf("spec version %q is not supported", version)
 	}
 
 	raw, err := trimData(data) // trim blanks, then convert yaml docs into json
@@ -112,12 +112,12 @@ func Analyzed(data json.RawMessage, version string, options ...LoaderOption) (*D
 
 	swspec := new(spec.Swagger)
 	if err = json.Unmarshal(raw, swspec); err != nil {
-		return nil, errors.Join(err, ErrLoads)
+		return nil, err
 	}
 
 	origsqspec, err := cloneSpec(swspec)
 	if err != nil {
-		return nil, errors.Join(err, ErrLoads)
+		return nil, err
 	}
 
 	d := &Document{
@@ -143,20 +143,20 @@ func trimData(in json.RawMessage) (json.RawMessage, error) {
 	}
 
 	// assume yaml doc: convert it to json
-	yml, err := yamlutils.BytesToYAMLDoc(trimmed)
+	yml, err := swag.BytesToYAMLDoc(trimmed)
 	if err != nil {
-		return nil, fmt.Errorf("analyzed: %v: %w", err, ErrLoads)
+		return nil, fmt.Errorf("analyzed: %v", err)
 	}
 
-	d, err := yamlutils.YAMLToJSON(yml)
+	d, err := swag.YAMLToJSON(yml)
 	if err != nil {
-		return nil, fmt.Errorf("analyzed: %v: %w", err, ErrLoads)
+		return nil, fmt.Errorf("analyzed: %v", err)
 	}
 
 	return d, nil
 }
 
-// Expanded expands the $ref fields in the spec [Document] and returns a new expanded [Document]
+// Expanded expands the $ref fields in the spec document and returns a new spec document
 func (d *Document) Expanded(options ...*spec.ExpandOptions) (*Document, error) {
 	swspec := new(spec.Swagger)
 	if err := json.Unmarshal(d.raw, swspec); err != nil {
@@ -202,23 +202,20 @@ func (d *Document) Expanded(options ...*spec.ExpandOptions) (*Document, error) {
 
 // BasePath the base path for the API specified by this spec
 func (d *Document) BasePath() string {
-	if d.spec == nil {
-		return ""
-	}
 	return d.spec.BasePath
 }
 
-// Version returns the OpenAPI version of this spec (e.g. 2.0)
+// Version returns the version of this spec
 func (d *Document) Version() string {
 	return d.spec.Swagger
 }
 
-// Schema returns the swagger 2.0 meta-schema
+// Schema returns the swagger 2.0 schema
 func (d *Document) Schema() *spec.Schema {
 	return d.schema
 }
 
-// Spec returns the swagger object model for this API specification
+// Spec returns the swagger spec object model
 func (d *Document) Spec() *spec.Swagger {
 	return d.spec
 }
@@ -238,11 +235,14 @@ func (d *Document) OrigSpec() *spec.Swagger {
 	return d.origSpec
 }
 
-// ResetDefinitions yields a shallow copy with the models reset to the original spec
+// ResetDefinitions gives a shallow copy with the models reset to the original spec
 func (d *Document) ResetDefinitions() *Document {
-	d.spec.Definitions = make(map[string]spec.Schema, len(d.origSpec.Definitions))
-	maps.Copy(d.spec.Definitions, d.origSpec.Definitions)
+	defs := make(map[string]spec.Schema, len(d.origSpec.Definitions))
+	for k, v := range d.origSpec.Definitions {
+		defs[k] = v
+	}
 
+	d.spec.Definitions = defs
 	return d
 }
 
@@ -271,6 +271,5 @@ func cloneSpec(src *spec.Swagger) (*spec.Swagger, error) {
 	if err := gob.NewDecoder(&b).Decode(&dst); err != nil {
 		return nil, err
 	}
-
 	return &dst, nil
 }

src/runtime/vendor/github.com/go-openapi/runtime/.golangci.yml

@@ -1,77 +1,62 @@
-version: "2"
+linters-settings:
+  govet:
+    check-shadowing: true
+  golint:
+    min-confidence: 0
+  gocyclo:
+    min-complexity: 45
+  maligned:
+    suggest-new: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 2
+    min-occurrences: 3
+
 linters:
-  default: all
+  enable-all: true
   disable:
-    - cyclop
-    - depguard
-    - err113 # disabled temporarily: there are just too many issues to address
-    - errchkjson
-    - errorlint
-    - exhaustruct
-    - forcetypeassert
-    - funlen
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - godot
-    - godox
-    - gomoddirectives # moved to mono-repo, multi-modules, so replace directives are needed
-    - gosmopolitan
-    - inamedparam
-    - ireturn
-    - lll
-    - musttag
-    - nestif
     - nilerr # nilerr crashes on this repo
-    - nlreturn
-    - noinlineerr
-    - nonamedreturns
-    - paralleltest
-    - recvcheck
-    - testpackage
-    - thelper
-    - tparallel
+    - maligned
     - unparam
-    - varnamelen
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+    - funlen
+    - godox
+    - gocognit
     - whitespace
-    - wrapcheck
     - wsl
-    - wsl_v5
-  settings:
-    dupl:
-      threshold: 200
-    goconst:
-      min-len: 2
-      min-occurrences: 3
-    gocyclo:
-      min-complexity: 45
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-issues:
-  # Maximum issues count per one linter.
-  # Set to 0 to disable.
-  # Default: 50
-  max-issues-per-linter: 0
-  # Maximum count of issues with the same text.
-  # Set to 0 to disable.
-  # Default: 3
-  max-same-issues: 0
+    - wrapcheck
+    - testpackage
+    - nlreturn
+    - gomnd
+    - exhaustivestruct
+    - goerr113
+    - errorlint
+    - nestif
+    - godot
+    - gofumpt
+    - paralleltest
+    - tparallel
+    - thelper
+    - ifshort
+    - exhaustruct
+    - varnamelen
+    - gci
+    - depguard
+    - errchkjson
+    - inamedparam
+    - nonamedreturns
+    - musttag
+    - ireturn
+    - forcetypeassert
+    - cyclop
+    # deprecated linters
+    - deadcode
+    - interfacer
+    - scopelint
+    - varcheck
+    - structcheck
+    - golint
+    - nosnakecase

src/runtime/vendor/github.com/go-openapi/runtime/README.md

@@ -8,36 +8,3 @@
 # go OpenAPI toolkit runtime
 
 The runtime component for use in code generation or as untyped usage.
-
-## Release notes
-
-### v0.29.0
-
-**New with this release**:
-
-* upgraded to `go1.24` and modernized the code base accordingly
-* updated all dependencies, and removed an noticable indirect dependency (e.g. `mailru/easyjson`)
-* **breaking change** no longer imports `opentracing-go` (#365).
-    * the `WithOpentracing()` method now returns an opentelemetry transport
-    * for users who can't transition to opentelemetry, the previous behavior
-      of `WithOpentracing` delivering an opentracing transport is provided by a separate
-      module `github.com/go-openapi/runtime/client-middleware/opentracing`.
-* removed direct dependency to `gopkg.in/yaml.v3`, in favor of `go.yaml.in/yaml/v3` (an indirect
-  test dependency to the older package is still around)
-* technically, the repo has evolved to a mono-repo, multiple modules structures (2 go modules
-  published), with CI adapted accordingly
-
-**What coming next?**
-
-Moving forward, we want to :
-
-* [ ] continue narrowing down the scope of dependencies:
-  * yaml support in an independent module
-  * introduce more up-to-date support for opentelemetry as a separate module that evolves
-    independently from the main package (to avoid breaking changes, the existing API
-    will remain maintained, but evolve at a slower pace than opentelemetry).
-* [ ] fix a few known issues with some file upload requests (e.g. #286)
-
-## Licensing
-
-This library ships under the [SPDX-License-Identifier: Apache-2.0](./LICENSE).

src/runtime/vendor/github.com/go-openapi/runtime/bytestream.go

@@ -1,5 +1,16 @@
-// SPDX-FileCopyrightText: Copyright 2015-2025 go-swagger maintainers
-// SPDX-License-Identifier: Apache-2.0
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 
 package runtime
 
@@ -11,7 +22,7 @@ import (
 	"io"
 	"reflect"
 
-	"github.com/go-openapi/swag/jsonutils"
+	"github.com/go-openapi/swag"
 )
 
 func defaultCloser() error { return nil }
@@ -43,7 +54,7 @@ func ByteStreamConsumer(opts ...byteStreamOpt) Consumer {
 		opt(&vals)
 	}
 
-	return ConsumerFunc(func(reader io.Reader, data any) error {
+	return ConsumerFunc(func(reader io.Reader, data interface{}) error {
 		if reader == nil {
 			return errors.New("ByteStreamConsumer requires a reader") // early exit
 		}
@@ -137,7 +148,7 @@ func ByteStreamProducer(opts ...byteStreamOpt) Producer {
 		opt(&vals)
 	}
 
-	return ProducerFunc(func(writer io.Writer, data any) error {
+	return ProducerFunc(func(writer io.Writer, data interface{}) error {
 		if writer == nil {
 			return errors.New("ByteStreamProducer requires a writer") // early exit
 		}
@@ -195,7 +206,7 @@ func ByteStreamProducer(opts ...byteStreamOpt) Producer {
 				return err
 
 			case t.Kind() == reflect.Struct || t.Kind() == reflect.Slice:
-				b, err := jsonutils.WriteJSON(data)
+				b, err := swag.WriteJSON(data)
 				if err != nil {
 					return err
 				}