Update aws vendoring and mod tidy

Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
2025-07-20 17:49:10 +00:00 · 2022-08-23 10:18:02 +03:00 · 2022-08-23 10:18:02 +03:00 · 364f66a5b8
commit 364f66a5b8
parent 1cf22ed0ac
32 changed files with 15104 additions and 7588 deletions
--- a/src/cmd/linuxkit/go.mod
+++ b/src/cmd/linuxkit/go.mod
@ -13,20 +13,14 @@ require (
 	github.com/Code-Hex/vz v0.0.4
 	github.com/Microsoft/go-winio v0.5.2
 	github.com/ScaleFT/sshkeys v0.0.0-20181112160850-82451a803681
-	github.com/aws/aws-sdk-go v1.43.16
+	github.com/aws/aws-sdk-go v1.44.82
 	github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
 	github.com/bugsnag/bugsnag-go v2.1.2+incompatible // indirect
 	github.com/bugsnag/panicwrap v1.3.4 // indirect
 	github.com/containerd/containerd v1.6.6
 	github.com/creack/goselect v0.0.0-20180501195510-58854f77ee8d // indirect
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect
 	github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 // indirect
 	github.com/docker/buildx v0.8.2
 	github.com/docker/cli v20.10.17+incompatible
 	github.com/docker/docker v20.10.17+incompatible
-	github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
+	github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966
 	github.com/estesp/manifest-tool/v2 v2.0.0
 	github.com/gofrs/uuid v4.2.0+incompatible // indirect
 	github.com/google/go-containerregistry v0.6.1-0.20211105150418-5c9c442d5d68
 	github.com/google/uuid v1.3.0
 	github.com/gophercloud/gophercloud v0.1.0
@ -51,12 +45,8 @@ require (
 	github.com/spf13/cobra v1.4.0 // indirect
 	github.com/stretchr/testify v1.7.2
 	github.com/surma/gocpio v1.0.2-0.20160926205914-fcb68777e7dc
 	github.com/urfave/cli v1.22.9 // indirect
 	github.com/vmware/govmomi v0.20.3
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940 // indirect
 	github.com/yvasiyarov/gorelic v0.0.7 // indirect
 	github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9 // indirect
 	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
 	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
 	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1
@ -69,6 +59,5 @@ require (
 replace (
 	// these are for the delicate dance of docker/docker, moby/moby, moby/buildkit, estesp/manifest-tool, oras.land/oras-go, linuxkit/linuxkit
 	github.com/docker/docker => github.com/moby/moby v20.10.3-0.20220728162118-71cb54cec41e+incompatible
 	github.com/estesp/manifest-tool/v2 => github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966
 	oras.land/oras-go => oras.land/oras-go v1.1.0
 )
--- a/src/cmd/linuxkit/go.sum
+++ b/src/cmd/linuxkit/go.sum
@ -236,8 +236,8 @@ github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
 github.com/aws/aws-sdk-go v1.34.9/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
-github.com/aws/aws-sdk-go v1.43.16 h1:Y7wBby44f+tINqJjw5fLH3vA+gFq4uMITIKqditwM14=
+github.com/aws/aws-sdk-go v1.44.82 h1:Miji7nHIMxTWfa831nZf8XAcMWGLaT+PvsS6CdbMG7M=
-github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.44.82/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v1.16.3/go.mod h1:ytwTPBG6fXTZLxxeeCCWj2/EMYp/xDUgX+OET6TLNNU=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.1/go.mod h1:n8Bs1ElDD2wJ9kCRTczA83gYbBmjSwZp3umc6zF4EeM=
 github.com/aws/aws-sdk-go-v2/config v1.15.5/go.mod h1:ZijHHh0xd/A+ZY53az0qzC5tT46kt4JVCePf2NX9Lk4=
@ -513,9 +513,8 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e/go.mod h1:xpWTC2KnJMiDLkoawhsPQcXjvwATEBcbq0xevG2YR9M=
 github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY=
 github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684/go.mod h1:UfCu3YXJJCI+IdnqGgYP82dk2+Joxmv+mUTVBES6wac=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk=
 github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4=
 github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/buildx v0.8.2 h1:dsd3F0hhmUydFX/KFrvbK81JvlTA4T3Iy0lwDJt4PsU=
@ -537,17 +536,6 @@ github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4Kfc
 github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v0.0.0-20200511152416-a93e9eb0e95c/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v1.4.2-0.20180531152204-71cd53e4a197/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v17.12.0-ce-rc1.0.20200730172259-9f28837c1d93+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.3-0.20211208011758-87521affb077+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.9+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE=
 github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o=
 github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c=
@ -564,7 +552,6 @@ github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHz
 github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/libnetwork v0.8.0-dev.2.0.20200917202933-d0951081b35f h1:jC/ZXgYdzCUuKFkKGNiekhnIkGfUrdelEqvg4Miv440=
 github.com/docker/libnetwork v0.8.0-dev.2.0.20200917202933-d0951081b35f/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
 github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
 github.com/docker/libtrust v0.0.0-20150526203908-9cbd2a1374f4/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
@ -592,8 +579,6 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/estesp/manifest-tool/v2 v2.0.0 h1:LOnEwh9fXJWpfIp0+xTUKrhoK8DfCcu1TZTuUyeG418=
 github.com/estesp/manifest-tool/v2 v2.0.0/go.mod h1:iMVclhrm8gp1wdDNlW76zlKEV2E7pZUlH2tHsCJ/CWg=
 github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966 h1:Hlw3XgTSejseEVY+URYLZKmJf2iXDT9IzBa/rvJZ8zc=
 github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966/go.mod h1:xXnTTBEDX1yic5KumuBnxU9+8jdVA4vuJkioPzwredI=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@ -1472,12 +1457,10 @@ github.com/vdemeester/k8s-pkg-credentialprovider v1.17.4/go.mod h1:inCTmtUdr5KJb
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5 h1:+UB2BJA852UkGH42H+Oee69djmxS3ANzl2b/JtT1YiA=
 github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
@ -2353,8 +2336,6 @@ mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZI
 mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7/go.mod h1:HGC5lll35J70Y5v7vCGb9oLhHoScFwkHDJm/05RdSTc=
 oras.land/oras-go v1.1.0 h1:tfWM1RT7PzUwWphqHU6ptPU3ZhwVnSw/9nEGf519rYg=
 oras.land/oras-go v1.1.0/go.mod h1:1A7vR/0KknT2UkJVWh+xMi95I/AhK8ZrxrnUSmXN0bQ=
 oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4=
 oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc=
 pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/doc.go
@ -9,7 +9,7 @@
 // AWS GovCloud (US) (aws-us-gov).
 // .
 //
-// Enumerating Regions and Endpoint Metadata
+// # Enumerating Regions and Endpoint Metadata
 //
 // Casting the Resolver returned by DefaultResolver to a EnumPartitions interface
 // will allow you to get access to the list of underlying Partitions with the
@ -32,7 +32,7 @@
 //	    }
 //	}
 //
-// Using Custom Endpoints
+// # Using Custom Endpoints
 //
 // The endpoints package also gives you the ability to use your own logic how
 // endpoints are resolved. This is a great way to define a custom endpoint
@ -47,7 +47,6 @@
 // of Resolver.EndpointFor, converting it to a type that satisfies the
 // Resolver interface.
 //
 //
 //	myCustomResolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
 //	    if service == endpoints.S3ServiceID {
 //	        return endpoints.ResolvedEndpoint{
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/endpoints/endpoints.go
@ -353,9 +353,11 @@ type EnumPartitions interface {
 // as the second parameter.
 //
 // This example shows how  to get the regions for DynamoDB in the AWS partition.
 //
 //	rs, exists := endpoints.RegionsForService(endpoints.DefaultPartitions(), endpoints.AwsPartitionID, endpoints.DynamodbServiceID)
 //
 // This is equivalent to using the partition directly.
 //
 //	rs := endpoints.AwsPartition().Services()[endpoints.DynamodbServiceID].Regions()
 func RegionsForService(ps []Partition, partitionID, serviceID string) (map[string]Region, bool) {
 	for _, p := range ps {
@ -423,8 +425,8 @@ func (p Partition) ID() string { return p.id }
 // of new regions and services expansions.
 //
 // Errors that can be returned.
-//   * UnknownServiceError
+//   - UnknownServiceError
-//   * UnknownEndpointError
+//   - UnknownEndpointError
 func (p Partition) EndpointFor(service, region string, opts ...func(*Options)) (ResolvedEndpoint, error) {
 	return p.p.EndpointFor(service, region, opts...)
 }
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/request/handlers.go
@ -330,6 +330,9 @@ func MakeAddToUserAgentFreeFormHandler(s string) func(*Request) {
 // WithSetRequestHeaders updates the operation request's HTTP header to contain
 // the header key value pairs provided. If the header key already exists in the
 // request's HTTP header set, the existing value(s) will be replaced.
 //
 // Header keys added will be added as canonical format with title casing
 // applied via http.Header.Set method.
 func WithSetRequestHeaders(h map[string]string) Option {
 	return withRequestHeader(h).SetRequestHeaders
 }
@ -338,6 +341,6 @@ type withRequestHeader map[string]string
 func (h withRequestHeader) SetRequestHeaders(r *Request) {
 	for k, v := range h {
-		r.HTTPRequest.Header[k] = []string{v}
+		r.HTTPRequest.Header.Set(k, v)
 	}
 }
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/version.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/aws/version.go
@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.43.16"
+const SDKVersion = "1.44.82"
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/ec2query/unmarshal.go
@ -4,6 +4,7 @@ package ec2query
 import (
 	"encoding/xml"
 	"strings"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@ -70,7 +71,7 @@ func UnmarshalError(r *request.Request) {
 	}
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(respErr.Code, respErr.Message, nil),
+		awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil),
 		r.HTTPResponse.StatusCode,
 		respErr.RequestID,
 	)
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/eventstream/eventstreamapi/transport.go
@ -5,6 +5,6 @@ package eventstreamapi
 import "github.com/aws/aws-sdk-go/aws/request"
-// This is a no-op for Go 1.18 and above.
+// ApplyHTTPTransportFixes is a no-op for Go 1.18 and above.
 func ApplyHTTPTransportFixes(r *request.Request) {
 }
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/query/unmarshal_error.go
@ -3,6 +3,7 @@ package query
 import (
 	"encoding/xml"
 	"fmt"
 	"strings"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/request"
@ -62,7 +63,7 @@ func UnmarshalError(r *request.Request) {
 	}
 	r.Error = awserr.NewRequestFailure(
-		awserr.New(respErr.Code, respErr.Message, nil),
+		awserr.New(strings.TrimSpace(respErr.Code), strings.TrimSpace(respErr.Message), nil),
 		r.HTTPResponse.StatusCode,
 		reqID,
 	)
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/private/protocol/rest/build.go
@ -276,6 +276,25 @@ func convertType(v reflect.Value, tag reflect.StructTag) (str string, err error)
 			value = base64.StdEncoding.EncodeToString([]byte(value))
 		}
 		str = value
 	case []*string:
 		if tag.Get("location") != "header" || tag.Get("enum") == "" {
 			return "", fmt.Errorf("%T is only supported with location header and enum shapes", value)
 		}
 		buff := &bytes.Buffer{}
 		for i, sv := range value {
 			if sv == nil || len(*sv) == 0 {
 				continue
 			}
 			if i != 0 {
 				buff.WriteRune(',')
 			}
 			item := *sv
 			if strings.Index(item, `,`) != -1 || strings.Index(item, `"`) != -1 {
 				item = strconv.Quote(item)
 			}
 			buff.WriteString(item)
 		}
 		str = string(buff.Bytes())
 	case []byte:
 		str = base64.StdEncoding.EncodeToString(value)
 	case bool:
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/api.go
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/doc.go
@ -16,16 +16,16 @@
 //
 // To learn more, see the following resources:
 //
-//    * Amazon EC2: AmazonEC2 product page (http://aws.amazon.com/ec2), Amazon
+//   - Amazon EC2: AmazonEC2 product page (http://aws.amazon.com/ec2), Amazon
 //     EC2 documentation (http://aws.amazon.com/documentation/ec2)
 //
-//    * Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
+//   - Amazon EBS: Amazon EBS product page (http://aws.amazon.com/ebs), Amazon
 //     EBS documentation (http://aws.amazon.com/documentation/ebs)
 //
-//    * Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
+//   - Amazon VPC: Amazon VPC product page (http://aws.amazon.com/vpc), Amazon
 //     VPC documentation (http://aws.amazon.com/documentation/vpc)
 //
-//    * Amazon Web Services VPN: Amazon Web Services VPN product page (http://aws.amazon.com/vpn),
+//   - Amazon Web Services VPN: Amazon Web Services VPN product page (http://aws.amazon.com/vpn),
 //     Amazon Web Services VPN documentation (http://aws.amazon.com/documentation/vpn)
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15 for more information on this service.
@ -33,7 +33,7 @@
 // See ec2 package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Amazon Elastic Compute Cloud with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/service.go
@ -39,6 +39,7 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
 //
 //	mySession := session.Must(session.NewSession())
 //
 //	// Create a EC2 client from just a session.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/ec2/waiters.go
@ -906,6 +906,57 @@ func (c *EC2) WaitUntilNatGatewayAvailableWithContext(ctx aws.Context, input *De
 	return w.WaitWithContext(ctx)
 }
 // WaitUntilNatGatewayDeleted uses the Amazon EC2 API operation
 // DescribeNatGateways to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will
 // be returned.
 func (c *EC2) WaitUntilNatGatewayDeleted(input *DescribeNatGatewaysInput) error {
 	return c.WaitUntilNatGatewayDeletedWithContext(aws.BackgroundContext(), input)
 }
 // WaitUntilNatGatewayDeletedWithContext is an extended version of WaitUntilNatGatewayDeleted.
 // With the support for passing in a context and options to configure the
 // Waiter and the underlying request options.
 //
 // The context must be non-nil and will be used for request cancellation. If
 // the context is nil a panic will occur. In the future the SDK may create
 // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 // for more information on using Contexts.
 func (c *EC2) WaitUntilNatGatewayDeletedWithContext(ctx aws.Context, input *DescribeNatGatewaysInput, opts ...request.WaiterOption) error {
 	w := request.Waiter{
 		Name:        "WaitUntilNatGatewayDeleted",
 		MaxAttempts: 40,
 		Delay:       request.ConstantWaiterDelay(15 * time.Second),
 		Acceptors: []request.WaiterAcceptor{
 			{
 				State:   request.SuccessWaiterState,
 				Matcher: request.PathAllWaiterMatch, Argument: "NatGateways[].State",
 				Expected: "deleted",
 			},
 			{
 				State:    request.SuccessWaiterState,
 				Matcher:  request.ErrorWaiterMatch,
 				Expected: "NatGatewayNotFound",
 			},
 		},
 		Logger: c.Config.Logger,
 		NewRequest: func(opts []request.Option) (*request.Request, error) {
 			var inCpy *DescribeNatGatewaysInput
 			if input != nil {
 				tmp := *input
 				inCpy = &tmp
 			}
 			req, _ := c.DescribeNatGatewaysRequest(inCpy)
 			req.SetContext(ctx)
 			req.ApplyOptions(opts...)
 			return req, nil
 		},
 	}
 	w.ApplyOptions(opts...)
 	return w.WaitWithContext(ctx)
 }
 // WaitUntilNetworkInterfaceAvailable uses the Amazon EC2 API operation
 // DescribeNetworkInterfaces to wait for a condition to be met before returning.
 // If the condition is not met within the max attempt window, an error will
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/api.go
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/doc.go
@ -8,7 +8,7 @@
 // See s3 package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact Amazon Simple Storage Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/doc_custom.go
@ -31,7 +31,7 @@
 // See the s3manager package's Uploader type documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Uploader
 //
-// Download Manager
+// # Download Manager
 //
 // The s3manager package's Downloader provides concurrently downloading of Objects
 // from S3. The Downloader will write S3 Object content with an io.WriterAt.
@ -63,7 +63,7 @@
 // See the s3manager package's Downloader type documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#Downloader
 //
-// Automatic URI cleaning
+// # Automatic URI cleaning
 //
 // Interacting with objects whose keys contain adjacent slashes (e.g. bucketname/foo//bar/objectname)
 // requires setting DisableRestProtocolURICleaning to true in the aws.Config struct
@ -77,7 +77,7 @@
 //	    	Key: aws.String("//foo//bar//moo"),
 //	})
 //
-// Get Bucket Region
+// # Get Bucket Region
 //
 // GetBucketRegion will attempt to get the region for a bucket using a region
 // hint to determine which AWS partition to perform the query on. Use this utility
@ -98,7 +98,7 @@
 // See the s3manager package's GetBucketRegion function documentation for more information
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#GetBucketRegion
 //
-// S3 Crypto Client
+// # S3 Crypto Client
 //
 // The s3crypto package provides the tools to upload and download encrypted
 // content from S3. The Encryption and Decryption clients can be used concurrently
@ -106,5 +106,4 @@
 //
 // See the s3crypto package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/
 //
 package s3
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go
@ -54,7 +54,6 @@ func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
 // Supported Outpost AccessPoint ARN format:
 //   - ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
 //   - example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
 //
 func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
 	// outpost accesspoint arn is only valid if service is s3-outposts
 	if a.Service != "s3-outposts" {
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/endpoint_builder.go
@ -37,7 +37,6 @@ type accessPointEndpointBuilder arn.AccessPointARN
 // - example : myaccesspoint-012345678901.s3-accesspoint.us-west-2.amazonaws.com
 //
 // Access Point Endpoint requests are signed using "s3" as signing name.
 //
 func (a accessPointEndpointBuilder) build(req *request.Request) error {
 	resolveService := arn.AccessPointARN(a).Service
 	resolveRegion := arn.AccessPointARN(a).Region
@ -92,7 +91,6 @@ type s3ObjectLambdaAccessPointEndpointBuilder arn.S3ObjectLambdaAccessPointARN
 // - example : myaccesspoint-012345678901.s3-object-lambda.us-west-2.amazonaws.com
 //
 // Access Point Endpoint requests are signed using "s3-object-lambda" as signing name.
 //
 func (a s3ObjectLambdaAccessPointEndpointBuilder) build(req *request.Request) error {
 	resolveRegion := arn.S3ObjectLambdaAccessPointARN(a).Region
@ -147,7 +145,6 @@ type outpostAccessPointEndpointBuilder arn.OutpostAccessPointARN
 // - example : myaccesspoint-012345678901.op-01234567890123456.s3-outposts.us-west-2.amazonaws.com
 //
 // Outpost AccessPoint Endpoint request are signed using "s3-outposts" as signing name.
 //
 func (o outpostAccessPointEndpointBuilder) build(req *request.Request) error {
 	resolveRegion := o.Region
 	resolveService := o.Service
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/s3/service.go
@ -39,6 +39,7 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
 //
 //	mySession := session.Must(session.NewSession())
 //
 //	// Create a S3 client from just a session.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/api.go
@ -29,7 +29,6 @@ const opGetRoleCredentials = "GetRoleCredentials"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the GetRoleCredentialsRequest method.
 //	req, resp := client.GetRoleCredentialsRequest(params)
 //
@ -69,19 +68,20 @@ func (c *SSO) GetRoleCredentialsRequest(input *GetRoleCredentialsInput) (req *re
 // API operation GetRoleCredentials for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
+//
 //   - InvalidRequestException
 //     Indicates that a problem occurred with the input to the request. For example,
 //     a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - UnauthorizedException
 //     Indicates that the request is not authorized. This can happen due to an invalid
 //     access token in the request.
 //
-//   * TooManyRequestsException
+//   - TooManyRequestsException
 //     Indicates that the request is being made too frequently and is more than
 //     what the server can handle.
 //
-//   * ResourceNotFoundException
+//   - ResourceNotFoundException
 //     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/GetRoleCredentials
@ -122,7 +122,6 @@ const opListAccountRoles = "ListAccountRoles"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the ListAccountRolesRequest method.
 //	req, resp := client.ListAccountRolesRequest(params)
 //
@ -157,7 +156,8 @@ func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *reques
 // ListAccountRoles API operation for AWS Single Sign-On.
 //
-// Lists all roles that are assigned to the user for a given AWS account.
+// Lists all roles that are assigned to the user for a given Amazon Web Services
 // account.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -167,19 +167,20 @@ func (c *SSO) ListAccountRolesRequest(input *ListAccountRolesInput) (req *reques
 // API operation ListAccountRoles for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
+//
 //   - InvalidRequestException
 //     Indicates that a problem occurred with the input to the request. For example,
 //     a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - UnauthorizedException
 //     Indicates that the request is not authorized. This can happen due to an invalid
 //     access token in the request.
 //
-//   * TooManyRequestsException
+//   - TooManyRequestsException
 //     Indicates that the request is being made too frequently and is more than
 //     what the server can handle.
 //
-//   * ResourceNotFoundException
+//   - ResourceNotFoundException
 //     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRoles
@ -220,7 +221,6 @@ func (c *SSO) ListAccountRolesWithContext(ctx aws.Context, input *ListAccountRol
 //	        fmt.Println(page)
 //	        return pageNum <= 3
 //	    })
 //
 func (c *SSO) ListAccountRolesPages(input *ListAccountRolesInput, fn func(*ListAccountRolesOutput, bool) bool) error {
 	return c.ListAccountRolesPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@ -272,7 +272,6 @@ const opListAccounts = "ListAccounts"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the ListAccountsRequest method.
 //	req, resp := client.ListAccountsRequest(params)
 //
@ -307,10 +306,11 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // ListAccounts API operation for AWS Single Sign-On.
 //
-// Lists all AWS accounts assigned to the user. These AWS accounts are assigned
+// Lists all Amazon Web Services accounts assigned to the user. These Amazon
-// by the administrator of the account. For more information, see Assign User
+// Web Services accounts are assigned by the administrator of the account. For
-// Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
+// more information, see Assign User Access (https://docs.aws.amazon.com/singlesignon/latest/userguide/useraccess.html#assignusers)
-// in the AWS SSO User Guide. This operation returns a paginated response.
+// in the Amazon Web Services SSO User Guide. This operation returns a paginated
 // response.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -320,19 +320,20 @@ func (c *SSO) ListAccountsRequest(input *ListAccountsInput) (req *request.Reques
 // API operation ListAccounts for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
+//
 //   - InvalidRequestException
 //     Indicates that a problem occurred with the input to the request. For example,
 //     a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - UnauthorizedException
 //     Indicates that the request is not authorized. This can happen due to an invalid
 //     access token in the request.
 //
-//   * TooManyRequestsException
+//   - TooManyRequestsException
 //     Indicates that the request is being made too frequently and is more than
 //     what the server can handle.
 //
-//   * ResourceNotFoundException
+//   - ResourceNotFoundException
 //     The specified resource doesn't exist.
 //
 // See also, https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccounts
@ -373,7 +374,6 @@ func (c *SSO) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput,
 //	        fmt.Println(page)
 //	        return pageNum <= 3
 //	    })
 //
 func (c *SSO) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
 	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
 }
@ -425,7 +425,6 @@ const opLogout = "Logout"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the LogoutRequest method.
 //	req, resp := client.LogoutRequest(params)
 //
@ -455,7 +454,21 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 // Logout API operation for AWS Single Sign-On.
 //
-// Removes the client- and server-side session that is associated with the user.
+// Removes the locally stored SSO tokens from the client-side cache and sends
 // an API call to the Amazon Web Services SSO service to invalidate the corresponding
 // server-side Amazon Web Services SSO sign in session.
 //
 // If a user uses Amazon Web Services SSO to access the AWS CLI, the user’s
 // Amazon Web Services SSO sign in session is used to obtain an IAM session,
 // as specified in the corresponding Amazon Web Services SSO permission set.
 // More specifically, Amazon Web Services SSO assumes an IAM role in the target
 // account on behalf of the user, and the corresponding temporary Amazon Web
 // Services credentials are returned to the client.
 //
 // After user logout, any existing IAM role sessions that were created by using
 // Amazon Web Services SSO permission sets continue based on the duration configured
 // in the permission set. For more information, see User authentications (https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html)
 // in the Amazon Web Services SSO User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -465,15 +478,16 @@ func (c *SSO) LogoutRequest(input *LogoutInput) (req *request.Request, output *L
 // API operation Logout for usage and error information.
 //
 // Returned Error Types:
-//   * InvalidRequestException
+//
 //   - InvalidRequestException
 //     Indicates that a problem occurred with the input to the request. For example,
 //     a required parameter might be missing or out of range.
 //
-//   * UnauthorizedException
+//   - UnauthorizedException
 //     Indicates that the request is not authorized. This can happen due to an invalid
 //     access token in the request.
 //
-//   * TooManyRequestsException
+//   - TooManyRequestsException
 //     Indicates that the request is being made too frequently and is more than
 //     what the server can handle.
 //
@ -499,17 +513,20 @@ func (c *SSO) LogoutWithContext(ctx aws.Context, input *LogoutInput, opts ...req
 	return out, req.Send()
 }
-// Provides information about your AWS account.
+// Provides information about your Amazon Web Services account.
 type AccountInfo struct {
 	_ struct{} `type:"structure"`
-	// The identifier of the AWS account that is assigned to the user.
+	// The identifier of the Amazon Web Services account that is assigned to the
 	// user.
 	AccountId *string `locationName:"accountId" type:"string"`
-	// The display name of the AWS account that is assigned to the user.
+	// The display name of the Amazon Web Services account that is assigned to the
 	// user.
 	AccountName *string `locationName:"accountName" type:"string"`
-	// The email address of the AWS account that is assigned to the user.
+	// The email address of the Amazon Web Services account that is assigned to
 	// the user.
 	EmailAddress *string `locationName:"emailAddress" min:"1" type:"string"`
 }
@ -554,7 +571,7 @@ type GetRoleCredentialsInput struct {
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the Amazon Web Services SSO OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by GetRoleCredentialsInput's
@ -563,7 +580,8 @@ type GetRoleCredentialsInput struct {
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-	// The identifier for the AWS account that is assigned to the user.
+	// The identifier for the Amazon Web Services account that is assigned to the
 	// user.
 	//
 	// AccountId is a required field
 	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
@ -730,7 +748,7 @@ type ListAccountRolesInput struct {
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the Amazon Web Services SSO OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by ListAccountRolesInput's
@ -739,7 +757,8 @@ type ListAccountRolesInput struct {
 	// AccessToken is a required field
 	AccessToken *string `location:"header" locationName:"x-amz-sso_bearer_token" type:"string" required:"true" sensitive:"true"`
-	// The identifier for the AWS account that is assigned to the user.
+	// The identifier for the Amazon Web Services account that is assigned to the
 	// user.
 	//
 	// AccountId is a required field
 	AccountId *string `location:"querystring" locationName:"account_id" type:"string" required:"true"`
@ -859,7 +878,7 @@ type ListAccountsInput struct {
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the Amazon Web Services SSO OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by ListAccountsInput's
@ -974,7 +993,7 @@ type LogoutInput struct {
 	// The token issued by the CreateToken API call. For more information, see CreateToken
 	// (https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html)
-	// in the AWS SSO OIDC API Reference Guide.
+	// in the Amazon Web Services SSO OIDC API Reference Guide.
 	//
 	// AccessToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by LogoutInput's
@ -1113,17 +1132,18 @@ type RoleCredentials struct {
 	_ struct{} `type:"structure"`
 	// The identifier used for the temporary security credentials. For more information,
-	// see Using Temporary Security Credentials to Request Access to AWS Resources
+	// see Using Temporary Security Credentials to Request Access to Amazon Web
-	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Services Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
-	// in the AWS IAM User Guide.
+	// in the Amazon Web Services IAM User Guide.
 	AccessKeyId *string `locationName:"accessKeyId" type:"string"`
 	// The date on which temporary security credentials expire.
 	Expiration *int64 `locationName:"expiration" type:"long"`
 	// The key that is used to sign the request. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Temporary Security Credentials to Request Access to Amazon Web Services Resources
-	// in the AWS IAM User Guide.
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the Amazon Web Services IAM User Guide.
 	//
 	// SecretAccessKey is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by RoleCredentials's
@ -1131,8 +1151,9 @@ type RoleCredentials struct {
 	SecretAccessKey *string `locationName:"secretAccessKey" type:"string" sensitive:"true"`
 	// The token used for temporary credentials. For more information, see Using
-	// Temporary Security Credentials to Request Access to AWS Resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
+	// Temporary Security Credentials to Request Access to Amazon Web Services Resources
-	// in the AWS IAM User Guide.
+	// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
 	// in the Amazon Web Services IAM User Guide.
 	//
 	// SessionToken is a sensitive parameter and its value will be
 	// replaced with "sensitive" in string returned by RoleCredentials's
@ -1186,7 +1207,7 @@ func (s *RoleCredentials) SetSessionToken(v string) *RoleCredentials {
 type RoleInfo struct {
 	_ struct{} `type:"structure"`
-	// The identifier of the AWS account assigned to the user.
+	// The identifier of the Amazon Web Services account assigned to the user.
 	AccountId *string `locationName:"accountId" type:"string"`
 	// The friendly name of the role that is assigned to the user.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/doc.go
@ -3,30 +3,32 @@
 // Package sso provides the client and types for making API
 // requests to AWS Single Sign-On.
 //
-// AWS Single Sign-On Portal is a web service that makes it easy for you to
+// Amazon Web Services Single Sign On Portal is a web service that makes it
-// assign user access to AWS SSO resources such as the user portal. Users can
+// easy for you to assign user access to Amazon Web Services SSO resources such
-// get AWS account applications and roles assigned to them and get federated
+// as the AWS access portal. Users can get Amazon Web Services account applications
-// into the application.
+// and roles assigned to them and get federated into the application.
 //
-// For general information about AWS SSO, see What is AWS Single Sign-On? (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+// Although Amazon Web Services Single Sign-On was renamed, the sso and identitystore
-// in the AWS SSO User Guide.
+// API namespaces will continue to retain their original name for backward compatibility
 // purposes. For more information, see Amazon Web Services SSO rename (https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html#renamed).
 //
-// This API reference guide describes the AWS SSO Portal operations that you
+// This reference guide describes the Amazon Web Services SSO Portal operations
-// can call programatically and includes detailed information on data types
+// that you can call programatically and includes detailed information on data
-// and errors.
+// types and errors.
 //
-// AWS provides SDKs that consist of libraries and sample code for various programming
+// Amazon Web Services provides SDKs that consist of libraries and sample code
-// languages and platforms, such as Java, Ruby, .Net, iOS, or Android. The SDKs
+// for various programming languages and platforms, such as Java, Ruby, .Net,
-// provide a convenient way to create programmatic access to AWS SSO and other
+// iOS, or Android. The SDKs provide a convenient way to create programmatic
-// AWS services. For more information about the AWS SDKs, including how to download
+// access to Amazon Web Services SSO and other Amazon Web Services services.
-// and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
+// For more information about the Amazon Web Services SDKs, including how to
 // download and install them, see Tools for Amazon Web Services (http://aws.amazon.com/tools/).
 //
 // See https://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10 for more information on this service.
 //
 // See sso package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sso/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Single Sign-On with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sso/service.go
@ -40,6 +40,7 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
 //
 //	mySession := session.Must(session.NewSession())
 //
 //	// Create a SSO client from just a session.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/api.go
@ -28,7 +28,6 @@ const opAssumeRole = "AssumeRole"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the AssumeRoleRequest method.
 //	req, resp := client.AssumeRoleRequest(params)
 //
@ -66,7 +65,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
-// Permissions
+// # Permissions
 //
 // The temporary security credentials created by AssumeRole can be used to make
 // API calls to any Amazon Web Services service with the following exception:
@ -105,10 +104,10 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // To allow a user to assume a role in the same account, you can do either of
 // the following:
 //
-//    * Attach a policy to the user that allows the user to call AssumeRole
+//   - Attach a policy to the user that allows the user to call AssumeRole
 //     (as long as the role's trust policy trusts the account).
 //
-//    * Add the user as a principal directly in the role's trust policy.
+//   - Add the user as a principal directly in the role's trust policy.
 //
 // You can do either because the role’s trust policy acts as an IAM resource-based
 // policy. When a resource-based policy grants access to a principal in the
@ -116,7 +115,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // about trust policies and resource-based policies, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
 // in the IAM User Guide.
 //
-// Tags
+// # Tags
 //
 // (Optional) You can pass tag key-value pairs to your session. These tags are
 // called session tags. For more information about session tags, see Passing
@ -134,7 +133,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide.
 //
-// Using MFA with AssumeRole
+// # Using MFA with AssumeRole
 //
 // (Optional) You can include multi-factor authentication (MFA) information
 // when you call AssumeRole. This is useful for cross-account scenarios to ensure
@ -163,11 +162,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 // API operation AssumeRole for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//
 //   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //     The request was rejected because the policy document was malformed. The error
 //     message describes the specific error.
 //
-//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //     The request was rejected because the total packed size of the session policies
 //     and session tags combined was too large. An Amazon Web Services conversion
 //     compresses the session policy document, session policy ARNs, and session
@ -181,7 +181,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 //     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 //     in the IAM User Guide.
 //
-//   * ErrCodeRegionDisabledException "RegionDisabledException"
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
 //     STS is not activated in the requested region for the account that is being
 //     asked to generate credentials. The account administrator must use the IAM
 //     console to activate STS in that region. For more information, see Activating
@ -189,7 +189,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
 //     (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
 //     in the IAM User Guide.
 //
-//   * ErrCodeExpiredTokenException "ExpiredTokenException"
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
 //     The web identity token that was passed is expired or is not valid. Get a
 //     new identity token from the identity provider and then retry the request.
 //
@ -231,7 +231,6 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the AssumeRoleWithSAMLRequest method.
 //	req, resp := client.AssumeRoleWithSAMLRequest(params)
 //
@ -274,7 +273,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // can use these temporary security credentials to sign calls to Amazon Web
 // Services services.
 //
-// Session Duration
+// # Session Duration
 //
 // By default, the temporary security credentials created by AssumeRoleWithSAML
 // last for one hour. However, you can use the optional DurationSeconds parameter
@ -300,7 +299,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // a role using role chaining and provide a DurationSeconds parameter value
 // greater than one hour, the operation fails.
 //
-// Permissions
+// # Permissions
 //
 // The temporary security credentials created by AssumeRoleWithSAML can be used
 // to make API calls to any Amazon Web Services service with the following exception:
@ -331,7 +330,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // identifiable information (PII). For example, you could instead use the persistent
 // identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).
 //
-// Tags
+// # Tags
 //
 // (Optional) You can configure your IdP to pass attributes into your SAML assertion
 // as session tags. Each session tag consists of a key name and an associated
@ -365,7 +364,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide.
 //
-// SAML Configuration
+// # SAML Configuration
 //
 // Before your application can call AssumeRoleWithSAML, you must configure your
 // SAML identity provider (IdP) to issue the claims required by Amazon Web Services.
@ -376,16 +375,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 //
 // For more information, see the following resources:
 //
-//    * About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
+//   - About SAML 2.0-based Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html)
 //     in the IAM User Guide.
 //
-//    * Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
+//   - Creating SAML Identity Providers (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html)
 //     in the IAM User Guide.
 //
-//    * Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
+//   - Configuring a Relying Party and Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html)
 //     in the IAM User Guide.
 //
-//    * Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
+//   - Creating a Role for SAML 2.0 Federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html)
 //     in the IAM User Guide.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
@ -396,11 +395,12 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 // API operation AssumeRoleWithSAML for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//
 //   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //     The request was rejected because the policy document was malformed. The error
 //     message describes the specific error.
 //
-//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //     The request was rejected because the total packed size of the session policies
 //     and session tags combined was too large. An Amazon Web Services conversion
 //     compresses the session policy document, session policy ARNs, and session
@ -414,23 +414,23 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
 //     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 //     in the IAM User Guide.
 //
-//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //     The identity provider (IdP) reported that authentication failed. This might
 //     be because the claim is invalid.
 //
 //     If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //     can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //     The web identity token that was passed could not be validated by Amazon Web
 //     Services. Get a new identity token from the identity provider and then retry
 //     the request.
 //
-//   * ErrCodeExpiredTokenException "ExpiredTokenException"
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
 //     The web identity token that was passed is expired or is not valid. Get a
 //     new identity token from the identity provider and then retry the request.
 //
-//   * ErrCodeRegionDisabledException "RegionDisabledException"
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
 //     STS is not activated in the requested region for the account that is being
 //     asked to generate credentials. The account administrator must use the IAM
 //     console to activate STS in that region. For more information, see Activating
@ -476,7 +476,6 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the AssumeRoleWithWebIdentityRequest method.
 //	req, resp := client.AssumeRoleWithWebIdentityRequest(params)
 //
@ -540,7 +539,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // temporary security credentials to sign calls to Amazon Web Services service
 // API operations.
 //
-// Session Duration
+// # Session Duration
 //
 // By default, the temporary security credentials created by AssumeRoleWithWebIdentity
 // last for one hour. However, you can use the optional DurationSeconds parameter
@ -555,7 +554,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
 // in the IAM User Guide.
 //
-// Permissions
+// # Permissions
 //
 // The temporary security credentials created by AssumeRoleWithWebIdentity can
 // be used to make API calls to any Amazon Web Services service with the following
@ -576,7 +575,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // in the IAM User Guide.
 //
-// Tags
+// # Tags
 //
 // (Optional) You can configure your IdP to pass attributes into your web identity
 // token as session tags. Each session tag consists of a key name and an associated
@ -610,7 +609,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining)
 // in the IAM User Guide.
 //
-// Identities
+// # Identities
 //
 // Before your application can call AssumeRoleWithWebIdentity, you must have
 // an identity token from a supported identity provider and create a role that
@ -628,21 +627,21 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
 // API, see the following resources:
 //
-//    * Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
+//   - Using Web Identity Federation API Operations for Mobile Apps (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html)
 //     and Federation Through a Web-based Identity Provider (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
 //
-//    * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
+//   - Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/).
 //     Walk through the process of authenticating through Login with Amazon,
 //     Facebook, or Google, getting temporary security credentials, and then
 //     using those credentials to make a request to Amazon Web Services.
 //
-//    * Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
+//   - Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/)
 //     and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/).
 //     These toolkits contain sample apps that show how to invoke the identity
 //     providers. The toolkits then show how to use the information from these
 //     providers to get and use temporary security credentials.
 //
-//    * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
+//   - Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications).
 //     This article discusses web identity federation and shows an example of
 //     how to use web identity federation to get access to content in Amazon
 //     S3.
@ -655,11 +654,12 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 // API operation AssumeRoleWithWebIdentity for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//
 //   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //     The request was rejected because the policy document was malformed. The error
 //     message describes the specific error.
 //
-//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //     The request was rejected because the total packed size of the session policies
 //     and session tags combined was too large. An Amazon Web Services conversion
 //     compresses the session policy document, session policy ARNs, and session
@ -673,30 +673,30 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
 //     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 //     in the IAM User Guide.
 //
-//   * ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
+//   - ErrCodeIDPRejectedClaimException "IDPRejectedClaim"
 //     The identity provider (IdP) reported that authentication failed. This might
 //     be because the claim is invalid.
 //
 //     If this error is returned for the AssumeRoleWithWebIdentity operation, it
 //     can also mean that the claim has expired or has been explicitly revoked.
 //
-//   * ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
+//   - ErrCodeIDPCommunicationErrorException "IDPCommunicationError"
 //     The request could not be fulfilled because the identity provider (IDP) that
 //     was asked to verify the incoming identity token could not be reached. This
 //     is often a transient error caused by network conditions. Retry the request
 //     a limited number of times so that you don't exceed the request rate. If the
 //     error persists, the identity provider might be down or not responding.
 //
-//   * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
+//   - ErrCodeInvalidIdentityTokenException "InvalidIdentityToken"
 //     The web identity token that was passed could not be validated by Amazon Web
 //     Services. Get a new identity token from the identity provider and then retry
 //     the request.
 //
-//   * ErrCodeExpiredTokenException "ExpiredTokenException"
+//   - ErrCodeExpiredTokenException "ExpiredTokenException"
 //     The web identity token that was passed is expired or is not valid. Get a
 //     new identity token from the identity provider and then retry the request.
 //
-//   * ErrCodeRegionDisabledException "RegionDisabledException"
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
 //     STS is not activated in the requested region for the account that is being
 //     asked to generate credentials. The account administrator must use the IAM
 //     console to activate STS in that region. For more information, see Activating
@ -742,7 +742,6 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the DecodeAuthorizationMessageRequest method.
 //	req, resp := client.DecodeAuthorizationMessageRequest(params)
 //
@ -793,18 +792,18 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 //
 // The decoded message includes the following type of information:
 //
-//    * Whether the request was denied due to an explicit deny or due to the
+//   - Whether the request was denied due to an explicit deny or due to the
 //     absence of an explicit allow. For more information, see Determining Whether
 //     a Request is Allowed or Denied (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow)
 //     in the IAM User Guide.
 //
-//    * The principal who made the request.
+//   - The principal who made the request.
 //
-//    * The requested action.
+//   - The requested action.
 //
-//    * The requested resource.
+//   - The requested resource.
 //
-//    * The values of condition keys in the context of the user's request.
+//   - The values of condition keys in the context of the user's request.
 //
 // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 // with awserr.Error's Code and Message methods to get detailed information about
@ -814,7 +813,7 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
 // API operation DecodeAuthorizationMessage for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
+//   - ErrCodeInvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
 //     The error returned if the message passed to DecodeAuthorizationMessage was
 //     invalid. This can happen if the token contains invalid characters, such as
 //     linebreaks.
@ -857,7 +856,6 @@ const opGetAccessKeyInfo = "GetAccessKeyInfo"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the GetAccessKeyInfoRequest method.
 //	req, resp := client.GetAccessKeyInfoRequest(params)
 //
@ -954,7 +952,6 @@ const opGetCallerIdentity = "GetCallerIdentity"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the GetCallerIdentityRequest method.
 //	req, resp := client.GetCallerIdentityRequest(params)
 //
@ -1037,7 +1034,6 @@ const opGetFederationToken = "GetFederationToken"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the GetFederationTokenRequest method.
 //	req, resp := client.GetFederationTokenRequest(params)
 //
@ -1094,7 +1090,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html)
 // in the IAM User Guide.
 //
-// Session duration
+// # Session duration
 //
 // The temporary credentials are valid for the specified duration, from 900
 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default
@ -1102,15 +1098,15 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // by using the Amazon Web Services account root user credentials have a maximum
 // duration of 3,600 seconds (1 hour).
 //
-// Permissions
+// # Permissions
 //
 // You can use the temporary credentials created by GetFederationToken in any
 // Amazon Web Services service except the following:
 //
-//    * You cannot call any IAM operations using the CLI or the Amazon Web Services
+//   - You cannot call any IAM operations using the CLI or the Amazon Web Services
 //     API.
 //
-//    * You cannot call any STS operations except GetCallerIdentity.
+//   - You cannot call any STS operations except GetCallerIdentity.
 //
 // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session)
 // to this operation. You can pass a single JSON policy document to use as an
@ -1136,7 +1132,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // by the policy. These permissions are granted in addition to the permissions
 // granted by the session policies.
 //
-// Tags
+// # Tags
 //
 // (Optional) You can pass tag key-value pairs to your session. These are called
 // session tags. For more information about session tags, see Passing Session
@ -1172,11 +1168,12 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 // API operation GetFederationToken for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
+//
 //   - ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument"
 //     The request was rejected because the policy document was malformed. The error
 //     message describes the specific error.
 //
-//   * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
+//   - ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge"
 //     The request was rejected because the total packed size of the session policies
 //     and session tags combined was too large. An Amazon Web Services conversion
 //     compresses the session policy document, session policy ARNs, and session
@ -1190,7 +1187,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
 //     Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length)
 //     in the IAM User Guide.
 //
-//   * ErrCodeRegionDisabledException "RegionDisabledException"
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
 //     STS is not activated in the requested region for the account that is being
 //     asked to generate credentials. The account administrator must use the IAM
 //     console to activate STS in that region. For more information, see Activating
@ -1236,7 +1233,6 @@ const opGetSessionToken = "GetSessionToken"
 // This method is useful when you want to inject custom logic or configuration
 // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 //
 //
 //	// Example sending a request using the GetSessionTokenRequest method.
 //	req, resp := client.GetSessionTokenRequest(params)
 //
@ -1279,7 +1275,13 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // and Comparing the Amazon Web Services STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide.
 //
-// Session Duration
+// No permissions are required for users to perform this operation. The purpose
 // of the sts:GetSessionToken operation is to authenticate the user using MFA.
 // You cannot use policies to control authentication operations. For more information,
 // see Permissions for GetSessionToken (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
 // in the IAM User Guide.
 //
 // # Session Duration
 //
 // The GetSessionToken operation must be called by using the long-term Amazon
 // Web Services security credentials of the Amazon Web Services account root
@ -1290,15 +1292,15 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
 // default of 1 hour.
 //
-// Permissions
+// # Permissions
 //
 // The temporary security credentials created by GetSessionToken can be used
 // to make API calls to any Amazon Web Services service with the following exceptions:
 //
-//    * You cannot call any IAM API operations unless MFA authentication information
+//   - You cannot call any IAM API operations unless MFA authentication information
 //     is included in the request.
 //
-//    * You cannot call any STS API except AssumeRole or GetCallerIdentity.
+//   - You cannot call any STS API except AssumeRole or GetCallerIdentity.
 //
 // We recommend that you do not call GetSessionToken with Amazon Web Services
 // account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
@ -1324,7 +1326,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
 // API operation GetSessionToken for usage and error information.
 //
 // Returned Error Codes:
-//   * ErrCodeRegionDisabledException "RegionDisabledException"
+//   - ErrCodeRegionDisabledException "RegionDisabledException"
 //     STS is not activated in the requested region for the account that is being
 //     asked to generate credentials. The account administrator must use the IAM
 //     console to activate STS in that region. For more information, see Activating
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/doc.go
@ -14,7 +14,7 @@
 // See sts package documentation for more information.
 // https://docs.aws.amazon.com/sdk-for-go/api/service/sts/
 //
-// Using the Client
+// # Using the Client
 //
 // To contact AWS Security Token Service with the SDK use the New function to create
 // a new service client. With that client you can make API requests to the service.
--- a/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
+++ b/src/cmd/linuxkit/vendor/github.com/aws/aws-sdk-go/service/sts/service.go
@ -39,6 +39,7 @@ const (
 // aws.Config parameter to add your extra config.
 //
 // Example:
 //
 //	mySession := session.Must(session.NewSession())
 //
 //	// Create a STS client from just a session.
--- a/src/cmd/linuxkit/vendor/modules.txt
+++ b/src/cmd/linuxkit/vendor/modules.txt
@ -49,7 +49,7 @@ github.com/Microsoft/go-winio/pkg/guid
 github.com/ScaleFT/sshkeys
 # github.com/agext/levenshtein v1.2.3
 github.com/agext/levenshtein
-# github.com/aws/aws-sdk-go v1.43.16
+# github.com/aws/aws-sdk-go v1.44.82
 ## explicit
 github.com/aws/aws-sdk-go/aws
 github.com/aws/aws-sdk-go/aws/arn
@ -104,12 +104,6 @@ github.com/aws/aws-sdk-go/service/sts
 github.com/aws/aws-sdk-go/service/sts/stsiface
 # github.com/beorn7/perks v1.0.1
 github.com/beorn7/perks/quantile
 # github.com/bshuster-repo/logrus-logstash-hook v1.0.2
 ## explicit
 # github.com/bugsnag/bugsnag-go v2.1.2+incompatible
 ## explicit
 # github.com/bugsnag/panicwrap v1.3.4
 ## explicit
 # github.com/cespare/xxhash/v2 v2.1.2
 github.com/cespare/xxhash/v2
 # github.com/containerd/console v1.0.3
@ -156,8 +150,6 @@ github.com/davecgh/go-spew/spew
 # github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a
 ## explicit
 github.com/dchest/bcrypt_pbkdf
 # github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269
 ## explicit
 # github.com/docker/buildx v0.8.2
 ## explicit
 github.com/docker/buildx/util/logutil
@ -224,9 +216,7 @@ github.com/docker/go-connections/tlsconfig
 github.com/docker/go-metrics
 # github.com/docker/go-units v0.4.0
 github.com/docker/go-units
-# github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7
+# github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966
 ## explicit
 # github.com/estesp/manifest-tool/v2 v2.0.0 => github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966
 ## explicit
 github.com/estesp/manifest-tool/v2/pkg/registry
 github.com/estesp/manifest-tool/v2/pkg/store
@ -239,8 +229,6 @@ github.com/go-logr/logr/funcr
 github.com/go-logr/stdr
 # github.com/gofrs/flock v0.7.3
 github.com/gofrs/flock
 # github.com/gofrs/uuid v4.2.0+incompatible
 ## explicit
 # github.com/gogo/googleapis v1.4.1
 github.com/gogo/googleapis/google/rpc
 # github.com/gogo/protobuf v1.3.2
@ -522,8 +510,6 @@ github.com/tonistiigi/fsutil/types
 github.com/tonistiigi/units
 # github.com/tonistiigi/vt100 v0.0.0-20210615222946-8066bb97264f
 github.com/tonistiigi/vt100
 # github.com/urfave/cli v1.22.9
 ## explicit
 # github.com/vbatts/tar-split v0.11.2
 github.com/vbatts/tar-split/archive/tar
 # github.com/vmware/govmomi v0.20.3
@ -551,12 +537,6 @@ github.com/xeipuuv/gojsonreference
 # github.com/xeipuuv/gojsonschema v1.2.0
 ## explicit
 github.com/xeipuuv/gojsonschema
 # github.com/yvasiyarov/go-metrics v0.0.0-20150112132944-c25f46c4b940
 ## explicit
 # github.com/yvasiyarov/gorelic v0.0.7
 ## explicit
 # github.com/yvasiyarov/newrelic_platform_go v0.0.0-20160601141957-9c099fbc30e9
 ## explicit
 # go.opencensus.io v0.23.0
 go.opencensus.io
 go.opencensus.io/internal
@ -786,5 +766,4 @@ oras.land/oras-go/pkg/auth
 oras.land/oras-go/pkg/auth/docker
 oras.land/oras-go/pkg/content
 # github.com/docker/docker => github.com/moby/moby v20.10.3-0.20220728162118-71cb54cec41e+incompatible
 # github.com/estesp/manifest-tool/v2 => github.com/estesp/manifest-tool/v2 v2.0.6-0.20220728154431-89d791ab7966
 # oras.land/oras-go => oras.land/oras-go v1.1.0