Update github.com/containers/image/v5 digest to e14c1c5

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-07-05 02:47:32 +00:00 · 2023-06-01 01:10:03 +00:00 · 2023-06-01 01:10:03 +00:00 · 1c7388064a
commit 1c7388064a
parent ba3138e72b
350 changed files with 3037 additions and 45803 deletions
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.18
 require (
 	github.com/containers/common v0.53.0
-	github.com/containers/image/v5 v5.25.1-0.20230505072505-dc4a4be9cc1e
+	github.com/containers/image/v5 v5.25.1-0.20230530235238-e14c1c5f94d0
 	github.com/containers/ocicrypt v1.1.7
 	github.com/containers/storage v1.46.1
 	github.com/docker/distribution v2.8.2+incompatible
@ -22,8 +22,9 @@ require (
 )
 require (
-	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
+	github.com/BurntSushi/toml v1.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
@ -31,16 +32,15 @@ require (
 	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
-	github.com/coreos/go-oidc/v3 v3.5.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/docker v23.0.5+incompatible // indirect
+	github.com/docker/docker v24.0.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@ -54,28 +54,24 @@ require (
 	github.com/go-openapi/strfmt v0.21.7 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-openapi/validate v0.22.1 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.13.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-containerregistry v0.14.0 // indirect
+	github.com/google/go-containerregistry v0.15.2 // indirect
 	github.com/google/go-intervals v0.0.2 // indirect
-	github.com/google/trillian v1.5.1 // indirect
+	github.com/google/trillian v1.5.2 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.5 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/leodido/go-urn v1.2.3 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
@ -87,7 +83,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
-	github.com/opencontainers/runc v1.1.5 // indirect
+	github.com/opencontainers/runc v1.1.7 // indirect
 	github.com/opencontainers/runtime-spec v1.1.0-rc.2 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
@ -99,15 +95,14 @@ require (
 	github.com/russross/blackfriday v2.0.0+incompatible // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sigstore/fulcio v1.3.1 // indirect
-	github.com/sigstore/rekor v1.1.1 // indirect
+	github.com/sigstore/rekor v1.2.2-0.20230529154427-55a5a338d149 // indirect
-	github.com/sigstore/sigstore v1.6.4 // indirect
+	github.com/sigstore/sigstore v1.6.5 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
-	github.com/sylabs/sif/v2 v2.11.3 // indirect
+	github.com/sylabs/sif/v2 v2.11.4 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/theupdateframework/go-tuf v0.5.2 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/transparency-dev/merkle v0.0.1 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/vbatts/tar-split v0.11.3 // indirect
 	github.com/vbauerster/mpb/v8 v8.4.0 // indirect
@ -120,23 +115,19 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel v1.15.0 // indirect
 	go.opentelemetry.io/otel/trace v1.15.0 // indirect
-	go.uber.org/atomic v1.10.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
 	golang.org/x/crypto v0.8.0 // indirect
 	golang.org/x/mod v0.10.0 // indirect
-	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/oauth2 v0.7.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
 	golang.org/x/sync v0.2.0 // indirect
 	golang.org/x/sys v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.54.0 // indirect
+	google.golang.org/grpc v1.55.0 // indirect
 	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.90.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,12 +1,13 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774 h1:SCbEWT58NSt7d2mcFdvxC9uyrdcTfvBbPLThhkDmXzg=
-github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
+github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
 github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/BurntSushi/toml v1.3.0 h1:Ws8e5YmnrGEHzZEzg0YvK/7COGYtTC5PbaH9oSSbgfA=
-github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
+github.com/BurntSushi/toml v1.3.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/Microsoft/hcsshim v0.10.0-rc.7/go.mod h1:ILuwjA+kNW+MrN/w5un7n3mTqkwsFu4Bp05/okFUZlE=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@ -18,33 +19,27 @@ github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat6
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
 github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
 github.com/containers/common v0.53.0 h1:Ax814cLeX5VXSnkKUdxz762g+27fJj1st4UvKoXmkKs=
 github.com/containers/common v0.53.0/go.mod h1:pABPxJwlTE8oYk9/2BW0e0mumkuhJHIPsABHTGRXN3w=
-github.com/containers/image/v5 v5.25.1-0.20230505072505-dc4a4be9cc1e h1:9rH8hFLJjmwMkNAdFfXP3O6cAODKujsTn8JurumYz6I=
+github.com/containers/image/v5 v5.25.1-0.20230530235238-e14c1c5f94d0 h1:8ixt9sbyRvFU37arzxRCQbQ9Z5CZkOvurgsXVT3+k/M=
-github.com/containers/image/v5 v5.25.1-0.20230505072505-dc4a4be9cc1e/go.mod h1:fGnQk2T+xmEk1/yL9Ky6djJ2F86vBIeo6X14zZQ33iM=
+github.com/containers/image/v5 v5.25.1-0.20230530235238-e14c1c5f94d0/go.mod h1:8YGnE7MmUBJq3i1UJ+NuMQ5mIqG9LTgh/cdQ8OE5bJ0=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.1.7 h1:thhNr4fu2ltyGz8aMx8u48Ae0Pnbip3ePP9/mzkZ/3U=
 github.com/containers/ocicrypt v1.1.7/go.mod h1:7CAhjcj2H8AYp5YvEie7oVSK2AhBY8NscCYRawuDNtw=
 github.com/containers/storage v1.46.1 h1:GcAe8J0Y6T2CF70fXPojUpnme6zXamuzGCrNujVtIGE=
 github.com/containers/storage v1.46.1/go.mod h1:81vNDX4h+nXJ2o0D6Yqy6JGXDYJGVpHZpz0nr09iJuQ=
-github.com/coreos/go-oidc/v3 v3.5.0 h1:VxKtbccHZxs8juq7RdJntSqtXFtde9YpNpGn0yqgEHw=
+github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
-github.com/coreos/go-oidc/v3 v3.5.0/go.mod h1:ecXRtV4romGPeO6ieExAsUK9cb/3fp9hXNz1tlv8PIM=
+github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI=
@ -56,13 +51,12 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
+github.com/docker/docker v24.0.2+incompatible h1:eATx+oLz9WdNVkQrr0qjQ8HvRJ4bOOxfzEo8R+dA3cg=
-github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v24.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 h1:iFaUwBSo5Svw6L7HYpRu/0lE3e0BaElwnNO1qkNQxBY=
@ -75,13 +69,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
 github.com/facebookgo/limitgroup v0.0.0-20150612190941-6abd8d71ec01 h1:IeaD1VDVBPlx3viJT9Md8if8IxxJnO+x0JCGb054heg=
 github.com/facebookgo/muster v0.0.0-20150708232844-fd3d7953fd52 h1:a4DFiKFJiDRGFD1qIcqGLX/WlUMD9dyLSLDt+9QZgt8=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
 github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@ -122,15 +111,7 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
 github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
 github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
-github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-rod/rod v0.113.1 h1:+Qb4K/vkR7BOhW6FhfhtLzUD3l11+0XlF4do+27sOQk=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.13.0 h1:cFRQdfaSMCOSfGCCLB20MHvuoHb/s5G8L5pu2ppK5AQ=
 github.com/go-playground/validator/v10 v10.13.0/go.mod h1:dwu7+CG8/CtBiJFZDz4e+5Upb6OLw04gtBYw0mcG/z4=
 github.com/go-rod/rod v0.112.9 h1:uA/yLbB+t0UlqJcLJtK2pZrCNPzd15dOKRUEOnmnt9k=
 github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
@ -158,8 +139,6 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
 github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@ -167,7 +146,6 @@ github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@ -179,7 +157,6 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@ -190,19 +167,16 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
-github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw=
+github.com/google/go-containerregistry v0.15.2 h1:MMkSh+tjSdnmJZO7ljvEqV1DjfekB6VUEAZgy3a+TQE=
-github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk=
+github.com/google/go-containerregistry v0.15.2/go.mod h1:wWK+LnOv4jXMM23IT/F1wdYftGWGr47Is8CG+pmHK1Q=
 github.com/google/go-intervals v0.0.2 h1:FGrVEiUnTRKR8yE04qzXYaJMtnIYqobR5QbblK3ixcM=
 github.com/google/go-intervals v0.0.2/go.mod h1:MkaR3LNRfeKLPmqgJYs4E66z5InYjmCjbbr4TQlcT6Y=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20221103000818-d260c55eee4c h1:lvddKcYTQ545ADhBujtIJmqQrZBDsGo7XIMbAQe/sNY=
-github.com/google/trillian v1.5.1 h1:2p1l13f0eWd7eOShwarwIxutYYnGzY/5S+xYewQIPkU=
+github.com/google/trillian v1.5.2 h1:roGP6G8aaAch7vP08+oitPkvmZzxjTfIkguozqJ04Ok=
-github.com/google/trillian v1.5.1/go.mod h1:EcDttN8nf+EoAiyLigBAp9ebncZI6rhJPyxZ+dQ6HSo=
+github.com/google/trillian v1.5.2/go.mod h1:H8vOoa2dxd3xCdMzOOwt9kIz/3MSoJhcqLJGG8iRwbg=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@ -215,16 +189,16 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v1.3.1 h1:vDwF1DFNZhntP4DAjuTpOw3uEgMUpXh1pB5fW9DqHpo=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0=
 github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/honeycombio/beeline-go v1.10.0 h1:cUDe555oqvw8oD76BQJ8alk7FP0JZ/M/zXpNvOEDLDc=
 github.com/honeycombio/libhoney-go v1.16.0 h1:kPpqoz6vbOzgp7jC6SR7SkNj7rua7rgxvznI6M3KdHc=
-github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
-github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
@ -248,17 +222,13 @@ github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQ
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA=
 github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 h1:unJdfS94Y3k85TKy+mvKzjW5R9rIC+Lv4KGbE7uNu0I=
 github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6/go.mod h1:PUgW5vI9ANEaV6qv9a6EKu8gAySgwf0xrzG9xIB/CK0=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@ -266,8 +236,6 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
@ -281,10 +249,9 @@ github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
-github.com/moby/term v0.0.0-20221120202655-abb19827d345 h1:J9c53/kxIH+2nTKBEfZYFMlhghtHpIHSXpm5VRGHSnU=
+github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -292,11 +259,9 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY=
 github.com/onsi/ginkgo/v2 v2.9.2 h1:BA2GMJOtfGAfagzYtrAlufIP0lq6QERkFmHLMLPwFSU=
 github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@ -306,12 +271,10 @@ github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0
 github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/opencontainers/image-tools v1.0.0-rc3 h1:ZR837lBIxq6mmwEqfYrbLMuf75eBSHhccVHy6lsBeM4=
 github.com/opencontainers/image-tools v1.0.0-rc3/go.mod h1:A9btVpZLzttF4iFaKNychhPyrhfOjJ1OF5KrA8GcLj4=
-github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs=
+github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/uoCk=
-github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.1.0-rc.2 h1:ucBtEms2tamYYW/SvGpvq9yUN0NEVL6oyLEwDcTSrk8=
 github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
@ -327,9 +290,9 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/proglottis/gpgme v0.1.3 h1:Crxx0oz4LKB3QXc5Ea0J19K/3ICfy3ftr5exgUK1AU0=
 github.com/proglottis/gpgme v0.1.3/go.mod h1:fPbW/EZ0LvwQtH8Hy7eixhp1eF3G39dtx7GUN+0Gmy0=
-github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM=
+github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
 github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
 github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
@ -341,26 +304,22 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/russross/blackfriday v2.0.0+incompatible h1:cBXrhZNUf9C+La9/YpS+UHpUT8YD6Td9ZMSU9APFcsk=
 github.com/russross/blackfriday v2.0.0+incompatible/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sigstore/fulcio v1.3.1 h1:0ntW9VbQbt2JytoSs8BOGB84A65eeyvGSavWteYp29Y=
 github.com/sigstore/fulcio v1.3.1/go.mod h1:/XfqazOec45ulJZpyL9sq+OsVQ8g2UOVoNVi7abFgqU=
-github.com/sigstore/rekor v1.1.1 h1:JCeSss+qUHnCATmwAZh4zT9k0Frdyq0BjmRwewSfEy4=
+github.com/sigstore/rekor v1.2.2-0.20230529154427-55a5a338d149 h1:nq4M06IMfNREIBMkCGVyQQJMTZi5YNqeoaVV9yzIARU=
-github.com/sigstore/rekor v1.1.1/go.mod h1:x/xK+HK08MiuJv+v4OxY/Oo3bhuz1DtJXNJrV7hrzvs=
+github.com/sigstore/rekor v1.2.2-0.20230529154427-55a5a338d149/go.mod h1:LiLDoAgQf+dFuuRg8y+iXBJekKkQueIrpcKzDYcUnvQ=
-github.com/sigstore/sigstore v1.6.4 h1:jH4AzR7qlEH/EWzm+opSpxCfuUcjHL+LJPuQE7h40WE=
+github.com/sigstore/sigstore v1.6.5 h1:/liHIo7YPJp6sN31DzBYDOuRPmN1xbzROMBE5DLllYM=
-github.com/sigstore/sigstore v1.6.4/go.mod h1:pjR64lBxnjoSrAr+Ydye/FV73IfrgtoYlAI11a8xMfA=
+github.com/sigstore/sigstore v1.6.5/go.mod h1:h+EoQsf9+6UKgNYxKhBcPgo4PZeEVfzAJxKRRIYhyN4=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/sirupsen/logrus v1.9.2 h1:oxx1eChJGI6Uks2ZC4W1zpLlVgqB8ner4EuQwV4Ik1Y=
 github.com/sirupsen/logrus v1.9.2/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@ -385,11 +344,10 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/sylabs/sif/v2 v2.11.3 h1:EQxi5zl6i5DsbVal9HHpk/zuSx7aNLeZBy8vmvFz838=
+github.com/sylabs/sif/v2 v2.11.4 h1:4dRvsRFVkyS7e8oD8AEL0HrJocnet05+EFW+DhVb/Ic=
-github.com/sylabs/sif/v2 v2.11.3/go.mod h1:0ryivqvvsncJOJjU5QQIEc77a5zKK46F+urBXMdA07w=
+github.com/sylabs/sif/v2 v2.11.4/go.mod h1:83kqbKZFRFfFLe1ui5BH+rAxF2obICM/i3zto4ivM7s=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
@ -400,19 +358,14 @@ github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhV
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
 github.com/transparency-dev/merkle v0.0.1 h1:T9/9gYB8uZl7VOJIhdwjALeRWlxUxSfDEysjfmx+L9E=
 github.com/transparency-dev/merkle v0.0.1/go.mod h1:B8FIw5LTq6DaULoHsVFRzYIUDkl8yuSwCdZnOZGKL/A=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/vbatts/tar-split v0.11.3 h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=
 github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY=
 github.com/vbauerster/mpb/v8 v8.4.0 h1:Jq2iNA7T6SydpMVOwaT+2OBWlXS9Th8KEvBqeu5eeTo=
 github.com/vbauerster/mpb/v8 v8.4.0/go.mod h1:vjp3hSTuCtR+x98/+2vW3eZ8XzxvGoP8CPseHMhiPyc=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
@ -428,13 +381,13 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/ysmood/fetchup v0.2.2 h1:Qn8/q5uDW7szclt4sVXCFJ1TXup3hogz94OaLf6kloo=
+github.com/ysmood/fetchup v0.2.3 h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ=
 github.com/ysmood/goob v0.4.0 h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=
 github.com/ysmood/got v0.34.1 h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s=
 github.com/ysmood/gson v0.7.3 h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE=
 github.com/ysmood/leakless v0.8.0 h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
@ -452,13 +405,7 @@ go.opentelemetry.io/otel v1.15.0/go.mod h1:qfwLEbWhLPk5gyWrne4XnF0lC8wtywbuJbgfA
 go.opentelemetry.io/otel/sdk v1.15.0 h1:jZTCkRRd08nxD6w7rIaZeDNGZGGQstH3SfLQ3ZsKICk=
 go.opentelemetry.io/otel/trace v1.15.0 h1:5Fwje4O2ooOxkfyqI/kJwxWotggDLix4BSAvpE1wlpo=
 go.opentelemetry.io/otel/trace v1.15.0/go.mod h1:CUsmE2Ht1CRkvE8OsMESvraoZrrcgD1J2W8GV1ev0Y4=
 go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
 go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
@ -467,10 +414,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 h1:5llv2sWeaMSnA3w2kS57ouQQ4pudlXrR0dCgw51QK9o=
 golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
@ -479,7 +425,6 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
 golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -492,19 +437,14 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
-golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -513,7 +453,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
 golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -524,28 +463,19 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -554,7 +484,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
@ -570,9 +499,8 @@ golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -591,8 +519,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
+google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
+google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@ -604,8 +532,6 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
@ -634,5 +560,4 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
+k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
 k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
--- a/vendor/github.com/BurntSushi/toml/decode.go
+++ b/vendor/github.com/BurntSushi/toml/decode.go
@ -91,7 +91,7 @@ const (
 // UnmarshalText method. See the Unmarshaler example for a demonstration with
 // email addresses.
 //
-// ### Key mapping
+// # Key mapping
 //
 // TOML keys can map to either keys in a Go map or field names in a Go struct.
 // The special `toml` struct tag can be used to map TOML keys to struct fields
--- a/vendor/github.com/BurntSushi/toml/deprecated.go
+++ b/vendor/github.com/BurntSushi/toml/deprecated.go
@ -5,17 +5,25 @@ import (
 	"io"
 )
 // TextMarshaler is an alias for encoding.TextMarshaler.
 //
 // Deprecated: use encoding.TextMarshaler
 type TextMarshaler encoding.TextMarshaler
 // TextUnmarshaler is an alias for encoding.TextUnmarshaler.
 //
 // Deprecated: use encoding.TextUnmarshaler
 type TextUnmarshaler encoding.TextUnmarshaler
 // PrimitiveDecode is an alias for MetaData.PrimitiveDecode().
 //
 // Deprecated: use MetaData.PrimitiveDecode.
 func PrimitiveDecode(primValue Primitive, v interface{}) error {
 	md := MetaData{decoded: make(map[string]struct{})}
 	return md.unify(primValue.undecoded, rvalue(v))
 }
 // DecodeReader is an alias for NewDecoder(r).Decode(v).
 //
 // Deprecated: use NewDecoder(reader).Decode(&value).
 func DecodeReader(r io.Reader, v interface{}) (MetaData, error) { return NewDecoder(r).Decode(v) }
--- a/vendor/github.com/BurntSushi/toml/encode.go
+++ b/vendor/github.com/BurntSushi/toml/encode.go
@ -136,6 +136,9 @@ func NewEncoder(w io.Writer) *Encoder {
 // document.
 func (enc *Encoder) Encode(v interface{}) error {
 	rv := eindirect(reflect.ValueOf(v))
 	// XXX
 	if err := enc.safeEncode(Key([]string{}), rv); err != nil {
 		return err
 	}
@ -457,6 +460,16 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) {
 			frv := eindirect(rv.Field(i))
 			if is32Bit {
 				// Copy so it works correct on 32bit archs; not clear why this
 				// is needed. See #314, and https://www.reddit.com/r/golang/comments/pnx8v4
 				// This also works fine on 64bit, but 32bit archs are somewhat
 				// rare and this is a wee bit faster.
 				copyStart := make([]int, len(start))
 				copy(copyStart, start)
 				start = copyStart
 			}
 			// Treat anonymous struct fields with tag names as though they are
 			// not anonymous, like encoding/json does.
 			//
@ -471,17 +484,7 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) {
 			if typeIsTable(tomlTypeOfGo(frv)) {
 				fieldsSub = append(fieldsSub, append(start, f.Index...))
 			} else {
-				// Copy so it works correct on 32bit archs; not clear why this
+				fieldsDirect = append(fieldsDirect, append(start, f.Index...))
 				// is needed. See #314, and https://www.reddit.com/r/golang/comments/pnx8v4
 				// This also works fine on 64bit, but 32bit archs are somewhat
 				// rare and this is a wee bit faster.
 				if is32Bit {
 					copyStart := make([]int, len(start))
 					copy(copyStart, start)
 					fieldsDirect = append(fieldsDirect, append(copyStart, f.Index...))
 				} else {
 					fieldsDirect = append(fieldsDirect, append(start, f.Index...))
 				}
 			}
 		}
 	}
@ -490,24 +493,27 @@ func (enc *Encoder) eStruct(key Key, rv reflect.Value, inline bool) {
 	writeFields := func(fields [][]int) {
 		for _, fieldIndex := range fields {
 			fieldType := rt.FieldByIndex(fieldIndex)
-			fieldVal := eindirect(rv.FieldByIndex(fieldIndex))
+			fieldVal := rv.FieldByIndex(fieldIndex)
 			if isNil(fieldVal) { /// Don't write anything for nil fields.
 				continue
 			}
 			opts := getOptions(fieldType.Tag)
 			if opts.skip {
 				continue
 			}
 			if opts.omitempty && isEmpty(fieldVal) {
 				continue
 			}
 			fieldVal = eindirect(fieldVal)
 			if isNil(fieldVal) { // Don't write anything for nil fields.
 				continue
 			}
 			keyName := fieldType.Name
 			if opts.name != "" {
 				keyName = opts.name
 			}
 			if opts.omitempty && enc.isEmpty(fieldVal) {
 				continue
 			}
 			if opts.omitzero && isZero(fieldVal) {
 				continue
 			}
@ -649,7 +655,7 @@ func isZero(rv reflect.Value) bool {
 	return false
 }
-func (enc *Encoder) isEmpty(rv reflect.Value) bool {
+func isEmpty(rv reflect.Value) bool {
 	switch rv.Kind() {
 	case reflect.Array, reflect.Slice, reflect.Map, reflect.String:
 		return rv.Len() == 0
@ -664,13 +670,15 @@ func (enc *Encoder) isEmpty(rv reflect.Value) bool {
 		//   type b struct{ s []string }
 		//   s := a{field: b{s: []string{"AAA"}}}
 		for i := 0; i < rv.NumField(); i++ {
-			if !enc.isEmpty(rv.Field(i)) {
+			if !isEmpty(rv.Field(i)) {
 				return false
 			}
 		}
 		return true
 	case reflect.Bool:
 		return !rv.Bool()
 	case reflect.Ptr:
 		return rv.IsNil()
 	}
 	return false
 }
@ -693,8 +701,11 @@ func (enc *Encoder) newline() {
 //	v      v   v  v    vv
 //	key = {k = 1, k2 = 2}
 func (enc *Encoder) writeKeyValue(key Key, val reflect.Value, inline bool) {
 	/// Marshaler used on top-level document; call eElement() to just call
 	/// Marshal{TOML,Text}.
 	if len(key) == 0 {
-		encPanic(errNoKey)
+		enc.eElement(val)
 		return
 	}
 	enc.wf("%s%s = ", enc.indentStr(key), key.maybeQuoted(len(key)-1))
 	enc.eElement(val)
--- a/vendor/github.com/BurntSushi/toml/error.go
+++ b/vendor/github.com/BurntSushi/toml/error.go
@ -84,7 +84,7 @@ func (pe ParseError) Error() string {
 		pe.Position.Line, pe.LastKey, msg)
 }
-// ErrorWithUsage() returns the error with detailed location context.
+// ErrorWithPosition returns the error with detailed location context.
 //
 // See the documentation on [ParseError].
 func (pe ParseError) ErrorWithPosition() string {
@ -124,7 +124,7 @@ func (pe ParseError) ErrorWithPosition() string {
 	return b.String()
 }
-// ErrorWithUsage() returns the error with detailed location context and usage
+// ErrorWithUsage returns the error with detailed location context and usage
 // guidance.
 //
 // See the documentation on [ParseError].
--- a/vendor/github.com/BurntSushi/toml/lex.go
+++ b/vendor/github.com/BurntSushi/toml/lex.go
@ -618,6 +618,9 @@ func lexInlineTableValue(lx *lexer) stateFn {
 	case isWhitespace(r):
 		return lexSkip(lx, lexInlineTableValue)
 	case isNL(r):
 		if tomlNext {
 			return lexSkip(lx, lexInlineTableValue)
 		}
 		return lx.errorPrevLine(errLexInlineTableNL{})
 	case r == '#':
 		lx.push(lexInlineTableValue)
@ -640,6 +643,9 @@ func lexInlineTableValueEnd(lx *lexer) stateFn {
 	case isWhitespace(r):
 		return lexSkip(lx, lexInlineTableValueEnd)
 	case isNL(r):
 		if tomlNext {
 			return lexSkip(lx, lexInlineTableValueEnd)
 		}
 		return lx.errorPrevLine(errLexInlineTableNL{})
 	case r == '#':
 		lx.push(lexInlineTableValueEnd)
@ -648,6 +654,9 @@ func lexInlineTableValueEnd(lx *lexer) stateFn {
 		lx.ignore()
 		lx.skip(isWhitespace)
 		if lx.peek() == '}' {
 			if tomlNext {
 				return lexInlineTableValueEnd
 			}
 			return lx.errorf("trailing comma not allowed in inline tables")
 		}
 		return lexInlineTableValue
@ -770,8 +779,8 @@ func lexRawString(lx *lexer) stateFn {
 	}
 }
-// lexMultilineRawString consumes a raw string. Nothing can be escaped in such
+// lexMultilineRawString consumes a raw string. Nothing can be escaped in such a
-// a string. It assumes that the beginning ''' has already been consumed and
+// string. It assumes that the beginning triple-' has already been consumed and
 // ignored.
 func lexMultilineRawString(lx *lexer) stateFn {
 	r := lx.next()
@ -828,6 +837,11 @@ func lexMultilineStringEscape(lx *lexer) stateFn {
 func lexStringEscape(lx *lexer) stateFn {
 	r := lx.next()
 	switch r {
 	case 'e':
 		if !tomlNext {
 			return lx.error(errLexEscape{r})
 		}
 		fallthrough
 	case 'b':
 		fallthrough
 	case 't':
@ -846,6 +860,11 @@ func lexStringEscape(lx *lexer) stateFn {
 		fallthrough
 	case '\\':
 		return lx.pop()
 	case 'x':
 		if !tomlNext {
 			return lx.error(errLexEscape{r})
 		}
 		return lexHexEscape
 	case 'u':
 		return lexShortUnicodeEscape
 	case 'U':
@ -854,6 +873,19 @@ func lexStringEscape(lx *lexer) stateFn {
 	return lx.error(errLexEscape{r})
 }
 func lexHexEscape(lx *lexer) stateFn {
 	var r rune
 	for i := 0; i < 2; i++ {
 		r = lx.next()
 		if !isHexadecimal(r) {
 			return lx.errorf(
 				`expected two hexadecimal digits after '\x', but got %q instead`,
 				lx.current())
 		}
 	}
 	return lx.pop()
 }
 func lexShortUnicodeEscape(lx *lexer) stateFn {
 	var r rune
 	for i := 0; i < 4; i++ {
@ -1225,7 +1257,23 @@ func isOctal(r rune) bool  { return r >= '0' && r <= '7' }
 func isHexadecimal(r rune) bool {
 	return (r >= '0' && r <= '9') || (r >= 'a' && r <= 'f') || (r >= 'A' && r <= 'F')
 }
 func isBareKeyChar(r rune) bool {
 	if tomlNext {
 		return (r >= 'A' && r <= 'Z') ||
 			(r >= 'a' && r <= 'z') ||
 			(r >= '0' && r <= '9') ||
 			r == '_' || r == '-' ||
 			r == 0xb2 || r == 0xb3 || r == 0xb9 || (r >= 0xbc && r <= 0xbe) ||
 			(r >= 0xc0 && r <= 0xd6) || (r >= 0xd8 && r <= 0xf6) || (r >= 0xf8 && r <= 0x037d) ||
 			(r >= 0x037f && r <= 0x1fff) ||
 			(r >= 0x200c && r <= 0x200d) || (r >= 0x203f && r <= 0x2040) ||
 			(r >= 0x2070 && r <= 0x218f) || (r >= 0x2460 && r <= 0x24ff) ||
 			(r >= 0x2c00 && r <= 0x2fef) || (r >= 0x3001 && r <= 0xd7ff) ||
 			(r >= 0xf900 && r <= 0xfdcf) || (r >= 0xfdf0 && r <= 0xfffd) ||
 			(r >= 0x10000 && r <= 0xeffff)
 	}
 	return (r >= 'A' && r <= 'Z') ||
 		(r >= 'a' && r <= 'z') ||
 		(r >= '0' && r <= '9') ||
--- a/vendor/github.com/BurntSushi/toml/parse.go
+++ b/vendor/github.com/BurntSushi/toml/parse.go
@ -2,6 +2,7 @@ package toml
 import (
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 	"time"
@ -10,6 +11,11 @@ import (
 	"github.com/BurntSushi/toml/internal"
 )
 var tomlNext = func() bool {
 	_, ok := os.LookupEnv("BURNTSUSHI_TOML_110")
 	return ok
 }()
 type parser struct {
 	lx         *lexer
 	context    Key      // Full key for the current hash in scope.
@ -41,9 +47,12 @@ func parse(data string) (p *parser, err error) {
 	}()
 	// Read over BOM; do this here as the lexer calls utf8.DecodeRuneInString()
-	// which mangles stuff.
+	// which mangles stuff. UTF-16 BOM isn't strictly valid, but some tools add
-	if strings.HasPrefix(data, "\xff\xfe") || strings.HasPrefix(data, "\xfe\xff") {
+	// it anyway.
 	if strings.HasPrefix(data, "\xff\xfe") || strings.HasPrefix(data, "\xfe\xff") { // UTF-16
 		data = data[2:]
 	} else if strings.HasPrefix(data, "\xef\xbb\xbf") { // UTF-8
 		data = data[3:]
 	}
 	// Examine first few bytes for NULL bytes; this probably means it's a UTF-16
@ -236,7 +245,7 @@ func (p *parser) value(it item, parentIsArray bool) (interface{}, tomlType) {
 	case itemString:
 		return p.replaceEscapes(it, it.val), p.typeOfPrimitive(it)
 	case itemMultilineString:
-		return p.replaceEscapes(it, stripFirstNewline(p.stripEscapedNewlines(it.val))), p.typeOfPrimitive(it)
+		return p.replaceEscapes(it, p.stripEscapedNewlines(stripFirstNewline(it.val))), p.typeOfPrimitive(it)
 	case itemRawString:
 		return it.val, p.typeOfPrimitive(it)
 	case itemRawMultilineString:
@ -331,11 +340,17 @@ func (p *parser) valueFloat(it item) (interface{}, tomlType) {
 var dtTypes = []struct {
 	fmt  string
 	zone *time.Location
 	next bool
 }{
-	{time.RFC3339Nano, time.Local},
+	{time.RFC3339Nano, time.Local, false},
-	{"2006-01-02T15:04:05.999999999", internal.LocalDatetime},
+	{"2006-01-02T15:04:05.999999999", internal.LocalDatetime, false},
-	{"2006-01-02", internal.LocalDate},
+	{"2006-01-02", internal.LocalDate, false},
-	{"15:04:05.999999999", internal.LocalTime},
+	{"15:04:05.999999999", internal.LocalTime, false},
 	// tomlNext
 	{"2006-01-02T15:04Z07:00", time.Local, true},
 	{"2006-01-02T15:04", internal.LocalDatetime, true},
 	{"15:04", internal.LocalTime, true},
 }
 func (p *parser) valueDatetime(it item) (interface{}, tomlType) {
@ -346,6 +361,9 @@ func (p *parser) valueDatetime(it item) (interface{}, tomlType) {
 		err error
 	)
 	for _, dt := range dtTypes {
 		if dt.next && !tomlNext {
 			continue
 		}
 		t, err = time.ParseInLocation(dt.fmt, it.val, dt.zone)
 		if err == nil {
 			ok = true
@ -384,6 +402,7 @@ func (p *parser) valueArray(it item) (interface{}, tomlType) {
 		//
 		// Not entirely sure how to best store this; could use "key[0]",
 		// "key[1]" notation, or maybe store it on the Array type?
 		_ = types
 	}
 	return array, tomlArray
 }
@ -662,49 +681,54 @@ func stripFirstNewline(s string) string {
 	return s
 }
-// Remove newlines inside triple-quoted strings if a line ends with "\".
+// stripEscapedNewlines removes whitespace after line-ending backslashes in
 // multiline strings.
 //
 // A line-ending backslash is an unescaped \ followed only by whitespace until
 // the next newline. After a line-ending backslash, all whitespace is removed
 // until the next non-whitespace character.
 func (p *parser) stripEscapedNewlines(s string) string {
-	split := strings.Split(s, "\n")
+	var b strings.Builder
-	if len(split) < 1 {
+	var i int
-		return s
+	for {
-	}
+		ix := strings.Index(s[i:], `\`)
 		if ix < 0 {
 			b.WriteString(s)
 			return b.String()
 		}
 		i += ix
-	escNL := false // Keep track of the last non-blank line was escaped.
+		if len(s) > i+1 && s[i+1] == '\\' {
-	for i, line := range split {
+			// Escaped backslash.
-		line = strings.TrimRight(line, " \t\r")
+			i += 2
-
+			continue
-		if len(line) == 0 || line[len(line)-1] != '\\' {
+		}
-			split[i] = strings.TrimRight(split[i], "\r")
+		// Scan until the next non-whitespace.
-			if !escNL && i != len(split)-1 {
+		j := i + 1
-				split[i] += "\n"
+	whitespaceLoop:
 		for ; j < len(s); j++ {
 			switch s[j] {
 			case ' ', '\t', '\r', '\n':
 			default:
 				break whitespaceLoop
 			}
 		}
 		if j == i+1 {
 			// Not a whitespace escape.
 			i++
 			continue
 		}
-
+		if !strings.Contains(s[i:j], "\n") {
-		escBS := true
+			// This is not a line-ending backslash.
-		for j := len(line) - 1; j >= 0 && line[j] == '\\'; j-- {
+			// (It's a bad escape sequence, but we can let
-			escBS = !escBS
+			// replaceEscapes catch it.)
-		}
+			i++
 		if escNL {
 			line = strings.TrimLeft(line, " \t\r")
 		}
 		escNL = !escBS
 		if escBS {
 			split[i] += "\n"
 			continue
 		}
-
+		b.WriteString(s[:i])
-		if i == len(split)-1 {
+		s = s[j:]
-			p.panicf("invalid escape: '\\ '")
+		i = 0
 		}
 		split[i] = line[:len(line)-1] // Remove \
 		if len(split)-1 > i {
 			split[i+1] = strings.TrimLeft(split[i+1], " \t\r")
 		}
 	}
 	return strings.Join(split, "")
 }
 func (p *parser) replaceEscapes(it item, str string) string {
@ -743,12 +767,23 @@ func (p *parser) replaceEscapes(it item, str string) string {
 		case 'r':
 			replaced = append(replaced, rune(0x000D))
 			r += 1
 		case 'e':
 			if tomlNext {
 				replaced = append(replaced, rune(0x001B))
 				r += 1
 			}
 		case '"':
 			replaced = append(replaced, rune(0x0022))
 			r += 1
 		case '\\':
 			replaced = append(replaced, rune(0x005C))
 			r += 1
 		case 'x':
 			if tomlNext {
 				escaped := p.asciiEscapeToUnicode(it, s[r+1:r+3])
 				replaced = append(replaced, escaped)
 				r += 3
 			}
 		case 'u':
 			// At this point, we know we have a Unicode escape of the form
 			// `uXXXX` at [r, r+5). (Because the lexer guarantees this
--- a/vendor/github.com/Microsoft/go-winio/.golangci.yml
+++ b/vendor/github.com/Microsoft/go-winio/.golangci.yml
@ -8,12 +8,8 @@ linters:
    - containedctx # struct contains a context
    - dupl # duplicate code
    - errname # erorrs are named correctly
    - goconst # strings that should be constants
    - godot # comments end in a period
    - misspell
    - nolintlint # "//nolint" directives are properly explained
    - revive # golint replacement
    - stylecheck # golint replacement, less configurable than revive
    - unconvert # unnecessary conversions
    - wastedassign
@ -23,10 +19,7 @@ linters:
    - exhaustive # check exhaustiveness of enum switch statements
    - gofmt # files are gofmt'ed
    - gosec # security
    - nestif # deeply nested ifs
    - nilerr # returns nil even with non-nil error
    - prealloc # slices that can be pre-allocated
    - structcheck # unused struct fields
    - unparam # unused function params
 issues:
@ -42,6 +35,18 @@ issues:
      text: "^line-length-limit: "
      source: "^//(go:generate|sys) "
    #TODO: remove after upgrading to go1.18
    # ignore comment spacing for nolint and sys directives
    - linters:
        - revive
      text: "^comment-spacings: no space between comment delimiter and comment text"
      source: "//(cspell:|nolint:|sys |todo)"
    # not on go 1.18 yet, so no any
    - linters:
        - revive
      text: "^use-any: since GO 1.18 'interface{}' can be replaced by 'any'"
    # allow unjustified ignores of error checks in defer statements
    - linters:
        - nolintlint
@ -56,6 +61,8 @@ issues:
 linters-settings:
  exhaustive:
    default-signifies-exhaustive: true
  govet:
    enable-all: true
    disable:
@ -98,6 +105,8 @@ linters-settings:
        disabled: true
      - name: flag-parameter # excessive, and a common idiom we use
        disabled: true
      - name: unhandled-error # warns over common fmt.Print* and io.Close; rely on errcheck instead
        disabled: true
      # general config
      - name: line-length-limit
        arguments:
@ -138,7 +147,3 @@ linters-settings:
            - VPCI
            - WCOW
            - WIM
  stylecheck:
    checks:
      - "all"
      - "-ST1003" # use revive's var naming
--- a/vendor/github.com/Microsoft/go-winio/hvsock.go
+++ b/vendor/github.com/Microsoft/go-winio/hvsock.go
@ -23,7 +23,7 @@ import (
 const afHVSock = 34 // AF_HYPERV
 // Well known Service and VM IDs
-//https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
+// https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
 // HvsockGUIDWildcard is the wildcard VmId for accepting connections from all partitions.
 func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
@ -31,7 +31,7 @@ func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
 }
 // HvsockGUIDBroadcast is the wildcard VmId for broadcasting sends to all partitions.
-func HvsockGUIDBroadcast() guid.GUID { //ffffffff-ffff-ffff-ffff-ffffffffffff
+func HvsockGUIDBroadcast() guid.GUID { // ffffffff-ffff-ffff-ffff-ffffffffffff
 	return guid.GUID{
 		Data1: 0xffffffff,
 		Data2: 0xffff,
@ -246,7 +246,7 @@ func (l *HvsockListener) Accept() (_ net.Conn, err error) {
 	var addrbuf [addrlen * 2]byte
 	var bytes uint32
-	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /*rxdatalen*/, addrlen, addrlen, &bytes, &c.o)
+	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /* rxdatalen */, addrlen, addrlen, &bytes, &c.o)
 	if _, err = l.sock.asyncIO(c, nil, bytes, err); err != nil {
 		return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
 	}
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
@ -0,0 +1,2 @@
 // This package contains Win32 filesystem functionality.
 package fs
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
@ -0,0 +1,202 @@
 //go:build windows
 package fs
 import (
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/stringbuffer"
 )
 //go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go fs.go
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew
 //sys CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) [failretval==windows.InvalidHandle] = CreateFileW
 const NullHandle windows.Handle = 0
 // AccessMask defines standard, specific, and generic rights.
 //
 //	Bitmask:
 //	 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
 //	 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
 //	+---------------+---------------+-------------------------------+
 //	|G|G|G|G|Resvd|A| StandardRights|         SpecificRights        |
 //	|R|W|E|A|     |S|               |                               |
 //	+-+-------------+---------------+-------------------------------+
 //
 //	GR     Generic Read
 //	GW     Generic Write
 //	GE     Generic Exectue
 //	GA     Generic All
 //	Resvd  Reserved
 //	AS     Access Security System
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/access-mask
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/generic-access-rights
 //
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-access-rights-constants
 type AccessMask = windows.ACCESS_MASK
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// Not actually any.
 	//
 	// For CreateFile: "query certain metadata such as file, directory, or device attributes without accessing that file or device"
 	// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew#parameters
 	FILE_ANY_ACCESS AccessMask = 0
 	// Specific Object Access
 	// from ntioapi.h
 	FILE_READ_DATA      AccessMask = (0x0001) // file & pipe
 	FILE_LIST_DIRECTORY AccessMask = (0x0001) // directory
 	FILE_WRITE_DATA AccessMask = (0x0002) // file & pipe
 	FILE_ADD_FILE   AccessMask = (0x0002) // directory
 	FILE_APPEND_DATA          AccessMask = (0x0004) // file
 	FILE_ADD_SUBDIRECTORY     AccessMask = (0x0004) // directory
 	FILE_CREATE_PIPE_INSTANCE AccessMask = (0x0004) // named pipe
 	FILE_READ_EA         AccessMask = (0x0008) // file & directory
 	FILE_READ_PROPERTIES AccessMask = FILE_READ_EA
 	FILE_WRITE_EA         AccessMask = (0x0010) // file & directory
 	FILE_WRITE_PROPERTIES AccessMask = FILE_WRITE_EA
 	FILE_EXECUTE  AccessMask = (0x0020) // file
 	FILE_TRAVERSE AccessMask = (0x0020) // directory
 	FILE_DELETE_CHILD AccessMask = (0x0040) // directory
 	FILE_READ_ATTRIBUTES AccessMask = (0x0080) // all
 	FILE_WRITE_ATTRIBUTES AccessMask = (0x0100) // all
 	FILE_ALL_ACCESS      AccessMask = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
 	FILE_GENERIC_READ    AccessMask = (STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE)
 	FILE_GENERIC_WRITE   AccessMask = (STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE)
 	FILE_GENERIC_EXECUTE AccessMask = (STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE)
 	SPECIFIC_RIGHTS_ALL AccessMask = 0x0000FFFF
 	// Standard Access
 	// from ntseapi.h
 	DELETE       AccessMask = 0x0001_0000
 	READ_CONTROL AccessMask = 0x0002_0000
 	WRITE_DAC    AccessMask = 0x0004_0000
 	WRITE_OWNER  AccessMask = 0x0008_0000
 	SYNCHRONIZE  AccessMask = 0x0010_0000
 	STANDARD_RIGHTS_REQUIRED AccessMask = 0x000F_0000
 	STANDARD_RIGHTS_READ    AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_WRITE   AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_EXECUTE AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_ALL AccessMask = 0x001F_0000
 )
 type FileShareMode uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	FILE_SHARE_NONE        FileShareMode = 0x00
 	FILE_SHARE_READ        FileShareMode = 0x01
 	FILE_SHARE_WRITE       FileShareMode = 0x02
 	FILE_SHARE_DELETE      FileShareMode = 0x04
 	FILE_SHARE_VALID_FLAGS FileShareMode = 0x07
 )
 type FileCreationDisposition uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// from winbase.h
 	CREATE_NEW        FileCreationDisposition = 0x01
 	CREATE_ALWAYS     FileCreationDisposition = 0x02
 	OPEN_EXISTING     FileCreationDisposition = 0x03
 	OPEN_ALWAYS       FileCreationDisposition = 0x04
 	TRUNCATE_EXISTING FileCreationDisposition = 0x05
 )
 // CreateFile and co. take flags or attributes together as one parameter.
 // Define alias until we can use generics to allow both
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
 type FileFlagOrAttribute uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const ( // from winnt.h
 	FILE_FLAG_WRITE_THROUGH       FileFlagOrAttribute = 0x8000_0000
 	FILE_FLAG_OVERLAPPED          FileFlagOrAttribute = 0x4000_0000
 	FILE_FLAG_NO_BUFFERING        FileFlagOrAttribute = 0x2000_0000
 	FILE_FLAG_RANDOM_ACCESS       FileFlagOrAttribute = 0x1000_0000
 	FILE_FLAG_SEQUENTIAL_SCAN     FileFlagOrAttribute = 0x0800_0000
 	FILE_FLAG_DELETE_ON_CLOSE     FileFlagOrAttribute = 0x0400_0000
 	FILE_FLAG_BACKUP_SEMANTICS    FileFlagOrAttribute = 0x0200_0000
 	FILE_FLAG_POSIX_SEMANTICS     FileFlagOrAttribute = 0x0100_0000
 	FILE_FLAG_OPEN_REPARSE_POINT  FileFlagOrAttribute = 0x0020_0000
 	FILE_FLAG_OPEN_NO_RECALL      FileFlagOrAttribute = 0x0010_0000
 	FILE_FLAG_FIRST_PIPE_INSTANCE FileFlagOrAttribute = 0x0008_0000
 )
 type FileSQSFlag = FileFlagOrAttribute
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const ( // from winbase.h
 	SECURITY_ANONYMOUS      FileSQSFlag = FileSQSFlag(SecurityAnonymous << 16)
 	SECURITY_IDENTIFICATION FileSQSFlag = FileSQSFlag(SecurityIdentification << 16)
 	SECURITY_IMPERSONATION  FileSQSFlag = FileSQSFlag(SecurityImpersonation << 16)
 	SECURITY_DELEGATION     FileSQSFlag = FileSQSFlag(SecurityDelegation << 16)
 	SECURITY_SQOS_PRESENT     FileSQSFlag = 0x00100000
 	SECURITY_VALID_SQOS_FLAGS FileSQSFlag = 0x001F0000
 )
 // GetFinalPathNameByHandle flags
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew#parameters
 type GetFinalPathFlag uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	GetFinalPathDefaultFlag GetFinalPathFlag = 0x0
 	FILE_NAME_NORMALIZED GetFinalPathFlag = 0x0
 	FILE_NAME_OPENED     GetFinalPathFlag = 0x8
 	VOLUME_NAME_DOS  GetFinalPathFlag = 0x0
 	VOLUME_NAME_GUID GetFinalPathFlag = 0x1
 	VOLUME_NAME_NT   GetFinalPathFlag = 0x2
 	VOLUME_NAME_NONE GetFinalPathFlag = 0x4
 )
 // getFinalPathNameByHandle facilitates calling the Windows API GetFinalPathNameByHandle
 // with the given handle and flags. It transparently takes care of creating a buffer of the
 // correct size for the call.
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew
 func GetFinalPathNameByHandle(h windows.Handle, flags GetFinalPathFlag) (string, error) {
 	b := stringbuffer.NewWString()
 	//TODO: can loop infinitely if Win32 keeps returning the same (or a larger) n?
 	for {
 		n, err := windows.GetFinalPathNameByHandle(h, b.Pointer(), b.Cap(), uint32(flags))
 		if err != nil {
 			return "", err
 		}
 		// If the buffer wasn't large enough, n will be the total size needed (including null terminator).
 		// Resize and try again.
 		if n > b.Cap() {
 			b.ResizeTo(n)
 			continue
 		}
 		// If the buffer is large enough, n will be the size not including the null terminator.
 		// Convert to a Go string and return.
 		return b.String(), nil
 	}
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
@ -0,0 +1,12 @@
 package fs
 // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-security_impersonation_level
 type SecurityImpersonationLevel int32 // C default enums underlying type is `int`, which is Go `int32`
 // Impersonation levels
 const (
 	SecurityAnonymous      SecurityImpersonationLevel = 0
 	SecurityIdentification SecurityImpersonationLevel = 1
 	SecurityImpersonation  SecurityImpersonationLevel = 2
 	SecurityDelegation     SecurityImpersonationLevel = 3
 )
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
@ -0,0 +1,64 @@
 //go:build windows
 // Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 package fs
 import (
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 	errERROR_EINVAL     error = syscall.EINVAL
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
 var (
 	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
 	procCreateFileW = modkernel32.NewProc("CreateFileW")
 )
 func CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return
 	}
 	return _CreateFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 func _CreateFile(name *uint16, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
 	handle = windows.Handle(r0)
 	if handle == windows.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
@ -100,8 +100,8 @@ func (f *runtimeFunc) Load() error {
 			(*byte)(unsafe.Pointer(&f.addr)),
 			uint32(unsafe.Sizeof(f.addr)),
 			&n,
-			nil, //overlapped
+			nil, // overlapped
-			0,   //completionRoutine
+			0,   // completionRoutine
 		)
 	})
 	return f.err
--- a/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
@ -0,0 +1,132 @@
 package stringbuffer
 import (
 	"sync"
 	"unicode/utf16"
 )
 // TODO: worth exporting and using in mkwinsyscall?
 // Uint16BufferSize is the buffer size in the pool, chosen somewhat arbitrarily to accommodate
 // large path strings:
 // MAX_PATH (260) + size of volume GUID prefix (49) + null terminator = 310.
 const MinWStringCap = 310
 // use *[]uint16 since []uint16 creates an extra allocation where the slice header
 // is copied to heap and then referenced via pointer in the interface header that sync.Pool
 // stores.
 var pathPool = sync.Pool{ // if go1.18+ adds Pool[T], use that to store []uint16 directly
 	New: func() interface{} {
 		b := make([]uint16, MinWStringCap)
 		return &b
 	},
 }
 func newBuffer() []uint16 { return *(pathPool.Get().(*[]uint16)) }
 // freeBuffer copies the slice header data, and puts a pointer to that in the pool.
 // This avoids taking a pointer to the slice header in WString, which can be set to nil.
 func freeBuffer(b []uint16) { pathPool.Put(&b) }
 // WString is a wide string buffer ([]uint16) meant for storing UTF-16 encoded strings
 // for interacting with Win32 APIs.
 // Sizes are specified as uint32 and not int.
 //
 // It is not thread safe.
 type WString struct {
 	// type-def allows casting to []uint16 directly, use struct to prevent that and allow adding fields in the future.
 	// raw buffer
 	b []uint16
 }
 // NewWString returns a [WString] allocated from a shared pool with an
 // initial capacity of at least [MinWStringCap].
 // Since the buffer may have been previously used, its contents are not guaranteed to be empty.
 //
 // The buffer should be freed via [WString.Free]
 func NewWString() *WString {
 	return &WString{
 		b: newBuffer(),
 	}
 }
 func (b *WString) Free() {
 	if b.empty() {
 		return
 	}
 	freeBuffer(b.b)
 	b.b = nil
 }
 // ResizeTo grows the buffer to at least c and returns the new capacity, freeing the
 // previous buffer back into pool.
 func (b *WString) ResizeTo(c uint32) uint32 {
 	// allready sufficient (or n is 0)
 	if c <= b.Cap() {
 		return b.Cap()
 	}
 	if c <= MinWStringCap {
 		c = MinWStringCap
 	}
 	// allocate at-least double buffer size, as is done in [bytes.Buffer] and other places
 	if c <= 2*b.Cap() {
 		c = 2 * b.Cap()
 	}
 	b2 := make([]uint16, c)
 	if !b.empty() {
 		copy(b2, b.b)
 		freeBuffer(b.b)
 	}
 	b.b = b2
 	return c
 }
 // Buffer returns the underlying []uint16 buffer.
 func (b *WString) Buffer() []uint16 {
 	if b.empty() {
 		return nil
 	}
 	return b.b
 }
 // Pointer returns a pointer to the first uint16 in the buffer.
 // If the [WString.Free] has already been called, the pointer will be nil.
 func (b *WString) Pointer() *uint16 {
 	if b.empty() {
 		return nil
 	}
 	return &b.b[0]
 }
 // String returns the returns the UTF-8 encoding of the UTF-16 string in the buffer.
 //
 // It assumes that the data is null-terminated.
 func (b *WString) String() string {
 	// Using [windows.UTF16ToString] would require importing "golang.org/x/sys/windows"
 	// and would make this code Windows-only, which makes no sense.
 	// So copy UTF16ToString code into here.
 	// If other windows-specific code is added, switch to [windows.UTF16ToString]
 	s := b.b
 	for i, v := range s {
 		if v == 0 {
 			s = s[:i]
 			break
 		}
 	}
 	return string(utf16.Decode(s))
 }
 // Cap returns the underlying buffer capacity.
 func (b *WString) Cap() uint32 {
 	if b.empty() {
 		return 0
 	}
 	return b.cap()
 }
 func (b *WString) cap() uint32 { return uint32(cap(b.b)) }
 func (b *WString) empty() bool { return b == nil || b.cap() == 0 }
--- a/vendor/github.com/Microsoft/go-winio/pipe.go
+++ b/vendor/github.com/Microsoft/go-winio/pipe.go
@ -16,11 +16,12 @@ import (
 	"unsafe"
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/fs"
 )
 //sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
 //sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error)  [failretval==syscall.InvalidHandle] = CreateNamedPipeW
 //sys createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW
 //sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
 //sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
@ -163,19 +164,21 @@ func (s pipeAddress) String() string {
 }
 // tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
-func tryDialPipe(ctx context.Context, path *string, access uint32) (syscall.Handle, error) {
+func tryDialPipe(ctx context.Context, path *string, access fs.AccessMask) (syscall.Handle, error) {
 	for {
 		select {
 		case <-ctx.Done():
 			return syscall.Handle(0), ctx.Err()
 		default:
-			h, err := createFile(*path,
+			wh, err := fs.CreateFile(*path,
 				access,
-				0,
+				0,   // mode
-				nil,
+				nil, // security attributes
-				syscall.OPEN_EXISTING,
+				fs.OPEN_EXISTING,
-				windows.FILE_FLAG_OVERLAPPED|windows.SECURITY_SQOS_PRESENT|windows.SECURITY_ANONYMOUS,
+				fs.FILE_FLAG_OVERLAPPED|fs.SECURITY_SQOS_PRESENT|fs.SECURITY_ANONYMOUS,
-				0)
+				0, // template file handle
 			)
 			h := syscall.Handle(wh)
 			if err == nil {
 				return h, nil
 			}
@ -219,7 +222,7 @@ func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
 func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
-	h, err = tryDialPipe(ctx, &path, access)
+	h, err = tryDialPipe(ctx, &path, fs.AccessMask(access))
 	if err != nil {
 		return nil, err
 	}
@ -279,6 +282,7 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 	}
 	defer localFree(ntPath.Buffer)
 	oa.ObjectName = &ntPath
 	oa.Attributes = windows.OBJ_CASE_INSENSITIVE
 	// The security descriptor is only needed for the first pipe.
 	if first {
--- a/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go
+++ b/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go
@ -477,15 +477,14 @@ func newFn(s string) (*Fn, error) {
 		return nil, errors.New("Could not extract dll name from \"" + f.src + "\"")
 	}
 	s = trim(s[1:])
-	a := strings.Split(s, ".")
+	if i := strings.LastIndex(s, "."); i >= 0 {
-	switch len(a) {
+		f.dllname = s[:i]
-	case 1:
+		f.dllfuncname = s[i+1:]
-		f.dllfuncname = a[0]
+	} else {
-	case 2:
+		f.dllfuncname = s
-		f.dllname = a[0]
+	}
-		f.dllfuncname = a[1]
+	if f.dllfuncname == "" {
-	default:
+		return nil, fmt.Errorf("function name is not specified in %q", s)
 		return nil, errors.New("Could not extract dll name from \"" + f.src + "\"")
 	}
 	if n := f.dllfuncname; endsIn(n, '?') {
 		f.dllfuncname = n[:len(n)-1]
@ -502,7 +501,23 @@ func (f *Fn) DLLName() string {
 	return f.dllname
 }
-// DLLName returns DLL function name for function f.
+// DLLVar returns a valid Go identifier that represents DLLName.
 func (f *Fn) DLLVar() string {
 	id := strings.Map(func(r rune) rune {
 		switch r {
 		case '.', '-':
 			return '_'
 		default:
 			return r
 		}
 	}, f.DLLName())
 	if !token.IsIdentifier(id) {
 		panic(fmt.Errorf("could not create Go identifier for DLLName %q", f.DLLName()))
 	}
 	return id
 }
 // DLLFuncName returns DLL function name for function f.
 func (f *Fn) DLLFuncName() string {
 	if f.dllfuncname == "" {
 		return f.Name
@ -648,6 +663,13 @@ func (f *Fn) HelperName() string {
 	return "_" + f.Name
 }
 // DLL is a DLL's filename and a string that is valid in a Go identifier that should be used when
 // naming a variable that refers to the DLL.
 type DLL struct {
 	Name string
 	Var  string
 }
 // Source files and functions.
 type Source struct {
 	Funcs           []*Fn
@ -697,18 +719,20 @@ func ParseFiles(fs []string) (*Source, error) {
 }
 // DLLs return dll names for a source set src.
-func (src *Source) DLLs() []string {
+func (src *Source) DLLs() []DLL {
 	uniq := make(map[string]bool)
-	r := make([]string, 0)
+	r := make([]DLL, 0)
 	for _, f := range src.Funcs {
-		name := f.DLLName()
+		id := f.DLLVar()
-		if _, found := uniq[name]; !found {
+		if _, found := uniq[id]; !found {
-			uniq[name] = true
+			uniq[id] = true
-			r = append(r, name)
+			r = append(r, DLL{f.DLLName(), id})
 		}
 	}
 	if *sortdecls {
-		sort.Strings(r)
+		sort.Slice(r, func(i, j int) bool {
 			return r[i].Var < r[j].Var
 		})
 	}
 	return r
 }
@ -878,6 +902,22 @@ func (src *Source) Generate(w io.Writer) error {
 	return nil
 }
 func writeTempSourceFile(data []byte) (string, error) {
 	f, err := os.CreateTemp("", "mkwinsyscall-generated-*.go")
 	if err != nil {
 		return "", err
 	}
 	_, err = f.Write(data)
 	if closeErr := f.Close(); err == nil {
 		err = closeErr
 	}
 	if err != nil {
 		os.Remove(f.Name()) // best effort
 		return "", err
 	}
 	return f.Name(), nil
 }
 func usage() {
 	fmt.Fprintf(os.Stderr, "usage: mkwinsyscall [flags] [path ...]\n")
 	flag.PrintDefaults()
@ -904,7 +944,12 @@ func main() {
 	data, err := format.Source(buf.Bytes())
 	if err != nil {
-		log.Fatal(err)
+		log.Printf("failed to format source: %v", err)
 		f, err := writeTempSourceFile(buf.Bytes())
 		if err != nil {
 			log.Fatalf("failed to write unformatted source to file: %v", err)
 		}
 		log.Fatalf("for diagnosis, wrote unformatted source to %v", f)
 	}
 	if *filename == "" {
 		_, err = os.Stdout.Write(data)
@ -970,10 +1015,10 @@ var (
 {{/* help functions */}}
-{{define "dlls"}}{{range .DLLs}}	mod{{.}} = {{newlazydll .}}
+{{define "dlls"}}{{range .DLLs}}	mod{{.Var}} = {{newlazydll .Name}}
 {{end}}{{end}}
-{{define "funcnames"}}{{range .DLLFuncNames}}	proc{{.DLLFuncName}} = mod{{.DLLName}}.NewProc("{{.DLLFuncName}}")
+{{define "funcnames"}}{{range .DLLFuncNames}}	proc{{.DLLFuncName}} = mod{{.DLLVar}}.NewProc("{{.DLLFuncName}}")
 {{end}}{{end}}
 {{define "helperbody"}}
--- a/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
@ -63,7 +63,6 @@ var (
 	procBackupWrite                                          = modkernel32.NewProc("BackupWrite")
 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
 	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
 	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
 	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
 	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
 	procGetCurrentThread                                     = modkernel32.NewProc("GetCurrentThread")
@ -305,24 +304,6 @@ func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
 	return
 }
 func createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return
 	}
 	return _createFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
 	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
 	handle = syscall.Handle(r0)
 	if handle == syscall.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
 func createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) {
 	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount), 0, 0)
 	newport = syscall.Handle(r0)
--- a/vendor/github.com/containers/image/v5/internal/set/set.go
+++ b/vendor/github.com/containers/image/v5/internal/set/set.go
@ -24,11 +24,11 @@ func NewWithValues[E comparable](values ...E) *Set[E] {
 	return s
 }
-func (s Set[E]) Add(v E) {
+func (s *Set[E]) Add(v E) {
 	s.m[v] = struct{}{} // Possibly writing the same struct{}{} presence marker again.
 }
-func (s Set[E]) Delete(v E) {
+func (s *Set[E]) Delete(v E) {
 	delete(s.m, v)
 }
--- a/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
+++ b/vendor/github.com/containers/image/v5/pkg/docker/config/config.go
@ -48,9 +48,9 @@ var (
 	ErrNotSupported = errors.New("not supported")
 )
-// authPath combines a path to a file with container registry access keys,
+// authPath combines a path to a file with container registry credentials,
-// along with expected properties of that path (currently just whether it's)
+// along with expected properties of that path (currently just whether it's
-// legacy format or not.
+// legacy format or not).
 type authPath struct {
 	path         string
 	legacyFormat bool
@ -87,12 +87,12 @@ func SetCredentials(sys *types.SystemContext, key, username, password string) (s
 		switch helper {
 		// Special-case the built-in helpers for auth files.
 		case sysregistriesv2.AuthenticationFileHelper:
-			desc, err = modifyJSON(sys, func(auths *dockerConfigFile) (bool, string, error) {
+			desc, err = modifyJSON(sys, func(fileContents *dockerConfigFile) (bool, string, error) {
-				if ch, exists := auths.CredHelpers[key]; exists {
+				if ch, exists := fileContents.CredHelpers[key]; exists {
 					if isNamespaced {
 						return false, "", unsupportedNamespaceErr(ch)
 					}
-					desc, err := setAuthToCredHelper(ch, key, username, password)
+					desc, err := setCredsInCredHelper(ch, key, username, password)
 					if err != nil {
 						return false, "", err
 					}
@ -100,7 +100,7 @@ func SetCredentials(sys *types.SystemContext, key, username, password string) (s
 				}
 				creds := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
 				newCreds := dockerAuthConfig{Auth: creds}
-				auths.AuthConfigs[key] = newCreds
+				fileContents.AuthConfigs[key] = newCreds
 				return true, "", nil
 			})
 		// External helpers.
@ -108,7 +108,7 @@ func SetCredentials(sys *types.SystemContext, key, username, password string) (s
 			if isNamespaced {
 				err = unsupportedNamespaceErr(helper)
 			} else {
-				desc, err = setAuthToCredHelper(helper, key, username, password)
+				desc, err = setCredsInCredHelper(helper, key, username, password)
 			}
 		}
 		if err != nil {
@ -156,17 +156,17 @@ func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthCon
 		case sysregistriesv2.AuthenticationFileHelper:
 			for _, path := range getAuthFilePaths(sys, homedir.Get()) {
 				// parse returns an empty map in case the path doesn't exist.
-				auths, err := path.parse()
+				fileContents, err := path.parse()
 				if err != nil {
 					return nil, fmt.Errorf("reading JSON file %q: %w", path.path, err)
 				}
 				// Credential helpers in the auth file have a
 				// direct mapping to a registry, so we can just
 				// walk the map.
-				for registry := range auths.CredHelpers {
+				for registry := range fileContents.CredHelpers {
 					allKeys.Add(registry)
 				}
-				for key := range auths.AuthConfigs {
+				for key := range fileContents.AuthConfigs {
 					key := normalizeAuthFileKey(key, path.legacyFormat)
 					if key == normalizedDockerIORegistry {
 						key = "docker.io"
@ -176,7 +176,7 @@ func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthCon
 			}
 		// External helpers.
 		default:
-			creds, err := listAuthsFromCredHelper(helper)
+			creds, err := listCredsInCredHelper(helper)
 			if err != nil {
 				logrus.Debugf("Error listing credentials stored in credential helper %s: %v", helper, err)
 				if errors.Is(err, exec.ErrNotFound) {
@ -193,19 +193,19 @@ func GetAllCredentials(sys *types.SystemContext) (map[string]types.DockerAuthCon
 	// Now use `GetCredentials` to the specific auth configs for each
 	// previously listed registry.
-	authConfigs := make(map[string]types.DockerAuthConfig)
+	allCreds := make(map[string]types.DockerAuthConfig)
 	for _, key := range allKeys.Values() {
-		authConf, err := GetCredentials(sys, key)
+		creds, err := GetCredentials(sys, key)
 		if err != nil {
 			// Note: we rely on the logging in `GetCredentials`.
 			return nil, err
 		}
-		if authConf != (types.DockerAuthConfig{}) {
+		if creds != (types.DockerAuthConfig{}) {
-			authConfigs[key] = authConf
+			allCreds[key] = creds
 		}
 	}
-	return authConfigs, nil
+	return allCreds, nil
 }
 // getAuthFilePaths returns a slice of authPaths based on the system context
@ -285,13 +285,13 @@ func getCredentialsWithHomeDir(sys *types.SystemContext, key, homeDir string) (t
 	// Anonymous function to query credentials from auth files.
 	getCredentialsFromAuthFiles := func() (types.DockerAuthConfig, string, error) {
 		for _, path := range getAuthFilePaths(sys, homeDir) {
-			authConfig, err := findCredentialsInFile(key, registry, path)
+			creds, err := findCredentialsInFile(key, registry, path)
 			if err != nil {
 				return types.DockerAuthConfig{}, "", err
 			}
-			if authConfig != (types.DockerAuthConfig{}) {
+			if creds != (types.DockerAuthConfig{}) {
-				return authConfig, path.path, nil
+				return creds, path.path, nil
 			}
 		}
 		return types.DockerAuthConfig{}, "", nil
@ -320,7 +320,7 @@ func getCredentialsWithHomeDir(sys *types.SystemContext, key, homeDir string) (t
 			// This intentionally uses "registry", not "key"; we don't support namespaced
 			// credentials in helpers, but a "registry" is a valid parent of "key".
 			helperKey = registry
-			creds, err = getAuthFromCredHelper(helper, registry)
+			creds, err = getCredsFromCredHelper(helper, registry)
 		}
 		if err != nil {
 			logrus.Debugf("Error looking up credentials for %s in credential helper %s: %v", helperKey, helper, err)
@ -360,14 +360,14 @@ func GetAuthentication(sys *types.SystemContext, key string) (string, string, er
 // getAuthenticationWithHomeDir is an internal implementation detail of GetAuthentication,
 // it exists only to allow testing it with an artificial home directory.
 func getAuthenticationWithHomeDir(sys *types.SystemContext, key, homeDir string) (string, string, error) {
-	auth, err := getCredentialsWithHomeDir(sys, key, homeDir)
+	creds, err := getCredentialsWithHomeDir(sys, key, homeDir)
 	if err != nil {
 		return "", "", err
 	}
-	if auth.IdentityToken != "" {
+	if creds.IdentityToken != "" {
 		return "", "", fmt.Errorf("non-empty identity token found and this API doesn't support it: %w", ErrNotSupported)
 	}
-	return auth.Username, auth.Password, nil
+	return creds.Username, creds.Password, nil
 }
 // RemoveAuthentication removes credentials for `key` from all possible
@ -393,7 +393,7 @@ func RemoveAuthentication(sys *types.SystemContext, key string) error {
 			logrus.Debugf("Not removing credentials because namespaced keys are not supported for the credential helper: %s", helper)
 			return
 		}
-		err := deleteAuthFromCredHelper(helper, key)
+		err := deleteCredsFromCredHelper(helper, key)
 		if err == nil {
 			logrus.Debugf("Credentials for %q were deleted from credential helper %s", key, helper)
 			isLoggedIn = true
@ -411,13 +411,13 @@ func RemoveAuthentication(sys *types.SystemContext, key string) error {
 		switch helper {
 		// Special-case the built-in helper for auth files.
 		case sysregistriesv2.AuthenticationFileHelper:
-			_, err = modifyJSON(sys, func(auths *dockerConfigFile) (bool, string, error) {
+			_, err = modifyJSON(sys, func(fileContents *dockerConfigFile) (bool, string, error) {
-				if innerHelper, exists := auths.CredHelpers[key]; exists {
+				if innerHelper, exists := fileContents.CredHelpers[key]; exists {
 					removeFromCredHelper(innerHelper)
 				}
-				if _, ok := auths.AuthConfigs[key]; ok {
+				if _, ok := fileContents.AuthConfigs[key]; ok {
 					isLoggedIn = true
-					delete(auths.AuthConfigs, key)
+					delete(fileContents.AuthConfigs, key)
 				}
 				return true, "", multiErr
 			})
@ -454,23 +454,23 @@ func RemoveAllAuthentication(sys *types.SystemContext) error {
 		switch helper {
 		// Special-case the built-in helper for auth files.
 		case sysregistriesv2.AuthenticationFileHelper:
-			_, err = modifyJSON(sys, func(auths *dockerConfigFile) (bool, string, error) {
+			_, err = modifyJSON(sys, func(fileContents *dockerConfigFile) (bool, string, error) {
-				for registry, helper := range auths.CredHelpers {
+				for registry, helper := range fileContents.CredHelpers {
 					// Helpers in auth files are expected
 					// to exist, so no special treatment
 					// for them.
-					if err := deleteAuthFromCredHelper(helper, registry); err != nil {
+					if err := deleteCredsFromCredHelper(helper, registry); err != nil {
 						return false, "", err
 					}
 				}
-				auths.CredHelpers = make(map[string]string)
+				fileContents.CredHelpers = make(map[string]string)
-				auths.AuthConfigs = make(map[string]dockerAuthConfig)
+				fileContents.AuthConfigs = make(map[string]dockerAuthConfig)
 				return true, "", nil
 			})
 		// External helpers.
 		default:
 			var creds map[string]string
-			creds, err = listAuthsFromCredHelper(helper)
+			creds, err = listCredsInCredHelper(helper)
 			if err != nil {
 				if errors.Is(err, exec.ErrNotFound) {
 					// It's okay if the helper doesn't exist.
@ -480,7 +480,7 @@ func RemoveAllAuthentication(sys *types.SystemContext) error {
 				}
 			}
 			for registry := range creds {
-				err = deleteAuthFromCredHelper(helper, registry)
+				err = deleteCredsFromCredHelper(helper, registry)
 				if err != nil {
 					break
 				}
@ -497,7 +497,7 @@ func RemoveAllAuthentication(sys *types.SystemContext) error {
 	return multiErr
 }
-func listAuthsFromCredHelper(credHelper string) (map[string]string, error) {
+func listCredsInCredHelper(credHelper string) (map[string]string, error) {
 	helperName := fmt.Sprintf("docker-credential-%s", credHelper)
 	p := helperclient.NewShellProgramFunc(helperName)
 	return helperclient.List(p)
@ -543,40 +543,40 @@ func getPathToAuthWithOS(sys *types.SystemContext, goOS string) (authPath, bool,
 	return newAuthPathDefault(fmt.Sprintf(defaultPerUIDPathFormat, os.Getuid())), false, nil
 }
-// parse unmarshals the authentications stored in the auth.json file and returns it
+// parse unmarshals the credentials stored in the auth.json file and returns it
 // or returns an empty dockerConfigFile data structure if auth.json does not exist
 // if the file exists and is empty, this function returns an error.
 func (path authPath) parse() (dockerConfigFile, error) {
-	var auths dockerConfigFile
+	var fileContents dockerConfigFile
 	raw, err := os.ReadFile(path.path)
 	if err != nil {
 		if os.IsNotExist(err) {
-			auths.AuthConfigs = map[string]dockerAuthConfig{}
+			fileContents.AuthConfigs = map[string]dockerAuthConfig{}
-			return auths, nil
+			return fileContents, nil
 		}
 		return dockerConfigFile{}, err
 	}
 	if path.legacyFormat {
-		if err = json.Unmarshal(raw, &auths.AuthConfigs); err != nil {
+		if err = json.Unmarshal(raw, &fileContents.AuthConfigs); err != nil {
 			return dockerConfigFile{}, fmt.Errorf("unmarshaling JSON at %q: %w", path.path, err)
 		}
-		return auths, nil
+		return fileContents, nil
 	}
-	if err = json.Unmarshal(raw, &auths); err != nil {
+	if err = json.Unmarshal(raw, &fileContents); err != nil {
 		return dockerConfigFile{}, fmt.Errorf("unmarshaling JSON at %q: %w", path.path, err)
 	}
-	if auths.AuthConfigs == nil {
+	if fileContents.AuthConfigs == nil {
-		auths.AuthConfigs = map[string]dockerAuthConfig{}
+		fileContents.AuthConfigs = map[string]dockerAuthConfig{}
 	}
-	if auths.CredHelpers == nil {
+	if fileContents.CredHelpers == nil {
-		auths.CredHelpers = make(map[string]string)
+		fileContents.CredHelpers = make(map[string]string)
 	}
-	return auths, nil
+	return fileContents, nil
 }
 // modifyJSON finds an auth.json file, calls editor on the contents, and
@ -585,7 +585,7 @@ func (path authPath) parse() (dockerConfigFile, error) {
 //
 // The editor may also return a human-readable description of the updated location; if it is "",
 // the file itself is used.
-func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (bool, string, error)) (string, error) {
+func modifyJSON(sys *types.SystemContext, editor func(fileContents *dockerConfigFile) (bool, string, error)) (string, error) {
 	path, _, err := getPathToAuth(sys)
 	if err != nil {
 		return "", err
@ -599,17 +599,17 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (
 		return "", err
 	}
-	auths, err := path.parse()
+	fileContents, err := path.parse()
 	if err != nil {
 		return "", fmt.Errorf("reading JSON file %q: %w", path.path, err)
 	}
-	updated, description, err := editor(&auths)
+	updated, description, err := editor(&fileContents)
 	if err != nil {
 		return "", fmt.Errorf("updating %q: %w", path.path, err)
 	}
 	if updated {
-		newData, err := json.MarshalIndent(auths, "", "\t")
+		newData, err := json.MarshalIndent(fileContents, "", "\t")
 		if err != nil {
 			return "", fmt.Errorf("marshaling JSON %q: %w", path.path, err)
 		}
@ -625,7 +625,7 @@ func modifyJSON(sys *types.SystemContext, editor func(auths *dockerConfigFile) (
 	return description, nil
 }
-func getAuthFromCredHelper(credHelper, registry string) (types.DockerAuthConfig, error) {
+func getCredsFromCredHelper(credHelper, registry string) (types.DockerAuthConfig, error) {
 	helperName := fmt.Sprintf("docker-credential-%s", credHelper)
 	p := helperclient.NewShellProgramFunc(helperName)
 	creds, err := helperclient.Get(p, registry)
@ -650,9 +650,9 @@ func getAuthFromCredHelper(credHelper, registry string) (types.DockerAuthConfig,
 	}
 }
-// setAuthToCredHelper stores (username, password) for registry in credHelper.
+// setCredsInCredHelper stores (username, password) for registry in credHelper.
 // Returns a human-readable description of the destination, to be returned by SetCredentials.
-func setAuthToCredHelper(credHelper, registry, username, password string) (string, error) {
+func setCredsInCredHelper(credHelper, registry, username, password string) (string, error) {
 	helperName := fmt.Sprintf("docker-credential-%s", credHelper)
 	p := helperclient.NewShellProgramFunc(helperName)
 	creds := &credentials.Credentials{
@ -666,7 +666,7 @@ func setAuthToCredHelper(credHelper, registry, username, password string) (strin
 	return fmt.Sprintf("credential helper: %s", credHelper), nil
 }
-func deleteAuthFromCredHelper(credHelper, registry string) error {
+func deleteCredsFromCredHelper(credHelper, registry string) error {
 	helperName := fmt.Sprintf("docker-credential-%s", credHelper)
 	p := helperclient.NewShellProgramFunc(helperName)
 	return helperclient.Erase(p, registry)
@ -675,7 +675,7 @@ func deleteAuthFromCredHelper(credHelper, registry string) error {
 // findCredentialsInFile looks for credentials matching "key"
 // (which is "registry" or a namespace in "registry") in "path".
 func findCredentialsInFile(key, registry string, path authPath) (types.DockerAuthConfig, error) {
-	auths, err := path.parse()
+	fileContents, err := path.parse()
 	if err != nil {
 		return types.DockerAuthConfig{}, fmt.Errorf("reading JSON file %q: %w", path.path, err)
 	}
@ -683,9 +683,9 @@ func findCredentialsInFile(key, registry string, path authPath) (types.DockerAut
 	// First try cred helpers. They should always be normalized.
 	// This intentionally uses "registry", not "key"; we don't support namespaced
 	// credentials in helpers.
-	if ch, exists := auths.CredHelpers[registry]; exists {
+	if ch, exists := fileContents.CredHelpers[registry]; exists {
 		logrus.Debugf("Looking up in credential helper %s based on credHelpers entry in %s", ch, path.path)
-		return getAuthFromCredHelper(ch, registry)
+		return getCredsFromCredHelper(ch, registry)
 	}
 	// Support sub-registry namespaces in auth.
@ -701,7 +701,7 @@ func findCredentialsInFile(key, registry string, path authPath) (types.DockerAut
 	// Repo or namespace keys are only supported as exact matches. For registry
 	// keys we prefer exact matches as well.
 	for _, key := range keys {
-		if val, exists := auths.AuthConfigs[key]; exists {
+		if val, exists := fileContents.AuthConfigs[key]; exists {
 			return decodeDockerAuth(path.path, key, val)
 		}
 	}
@ -715,7 +715,7 @@ func findCredentialsInFile(key, registry string, path authPath) (types.DockerAut
 	// The docker.io registry still uses the /v1/ key with a special host name,
 	// so account for that as well.
 	registry = normalizeRegistry(registry)
-	for k, v := range auths.AuthConfigs {
+	for k, v := range fileContents.AuthConfigs {
 		if normalizeAuthFileKey(k, path.legacyFormat) == registry {
 			return decodeDockerAuth(path.path, k, v)
 		}
--- a/vendor/github.com/containers/image/v5/types/types.go
+++ b/vendor/github.com/containers/image/v5/types/types.go
@ -585,9 +585,9 @@ type SystemContext struct {
 	// resolving to Docker Hub in the Docker-compatible REST API of Podman; it should never be used outside this
 	// specific context.
 	PodmanOnlyShortNamesIgnoreRegistriesConfAndForceDockerHub bool
-	// If not "", overrides the default path for the authentication file, but only new format files
+	// If not "", overrides the default path for the registry authentication file, but only new format files
 	AuthFilePath string
-	// if not "", overrides the default path for the authentication file, but with the legacy format;
+	// if not "", overrides the default path for the registry authentication file, but with the legacy format;
 	// the code currently will by default look for legacy format files like .dockercfg in the $HOME dir;
 	// but in addition to the home dir, openshift may mount .dockercfg files (via secret mount)
 	// in locations other than the home dir; openshift components should then set this field in those cases;
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jose.go
@ -13,4 +13,5 @@ const (
 	PS256 = "PS256" // RSASSA-PSS using SHA256 and MGF1-SHA256
 	PS384 = "PS384" // RSASSA-PSS using SHA384 and MGF1-SHA384
 	PS512 = "PS512" // RSASSA-PSS using SHA512 and MGF1-SHA512
 	EdDSA = "EdDSA" // Ed25519 using SHA-512
 )
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/jwks.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rsa"
 	"errors"
 	"fmt"
@ -32,6 +33,7 @@ func (s *StaticKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte,
 		switch pub.(type) {
 		case *rsa.PublicKey:
 		case *ecdsa.PublicKey:
 		case ed25519.PublicKey:
 		default:
 			return nil, fmt.Errorf("invalid public key type provided: %T", pub)
 		}
@ -60,7 +62,7 @@ func newRemoteKeySet(ctx context.Context, jwksURL string, now func() time.Time)
 	if now == nil {
 		now = time.Now
 	}
-	return &RemoteKeySet{jwksURL: jwksURL, ctx: cloneContext(ctx), now: now}
+	return &RemoteKeySet{jwksURL: jwksURL, ctx: ctx, now: now}
 }
 // RemoteKeySet is a KeySet implementation that validates JSON web tokens against
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/oidc.go
@ -14,6 +14,7 @@ import (
 	"mime"
 	"net/http"
 	"strings"
 	"sync"
 	"time"
 	"golang.org/x/oauth2"
@ -48,39 +49,34 @@ var issuerURLKey contextKey
 // This method sets the same context key used by the golang.org/x/oauth2 package,
 // so the returned context works for that package too.
 //
-//    myClient := &http.Client{}
+//	myClient := &http.Client{}
-//    ctx := oidc.ClientContext(parentContext, myClient)
+//	ctx := oidc.ClientContext(parentContext, myClient)
 //
 //    // This will use the custom client
 //    provider, err := oidc.NewProvider(ctx, "https://accounts.example.com")
 //
 //	// This will use the custom client
 //	provider, err := oidc.NewProvider(ctx, "https://accounts.example.com")
 func ClientContext(ctx context.Context, client *http.Client) context.Context {
 	return context.WithValue(ctx, oauth2.HTTPClient, client)
 }
-// cloneContext copies a context's bag-of-values into a new context that isn't
+func getClient(ctx context.Context) *http.Client {
 // associated with its cancellation. This is used to initialize remote keys sets
 // which run in the background and aren't associated with the initial context.
 func cloneContext(ctx context.Context) context.Context {
 	cp := context.Background()
 	if c, ok := ctx.Value(oauth2.HTTPClient).(*http.Client); ok {
-		cp = ClientContext(cp, c)
+		return c
 	}
-	return cp
+	return nil
 }
 // InsecureIssuerURLContext allows discovery to work when the issuer_url reported
 // by upstream is mismatched with the discovery URL. This is meant for integration
 // with off-spec providers such as Azure.
 //
-//    discoveryBaseURL := "https://login.microsoftonline.com/organizations/v2.0"
+//	discoveryBaseURL := "https://login.microsoftonline.com/organizations/v2.0"
-//    issuerURL := "https://login.microsoftonline.com/my-tenantid/v2.0"
+//	issuerURL := "https://login.microsoftonline.com/my-tenantid/v2.0"
 //
-//    ctx := oidc.InsecureIssuerURLContext(parentContext, issuerURL)
+//	ctx := oidc.InsecureIssuerURLContext(parentContext, issuerURL)
 //
-//    // Provider will be discovered with the discoveryBaseURL, but use issuerURL
+//	// Provider will be discovered with the discoveryBaseURL, but use issuerURL
-//    // for future issuer validation.
+//	// for future issuer validation.
-//    provider, err := oidc.NewProvider(ctx, discoveryBaseURL)
+//	provider, err := oidc.NewProvider(ctx, discoveryBaseURL)
 //
 // This is insecure because validating the correct issuer is critical for multi-tenant
 // proivders. Any overrides here MUST be carefully reviewed.
@ -90,7 +86,7 @@ func InsecureIssuerURLContext(ctx context.Context, issuerURL string) context.Con
 func doRequest(ctx context.Context, req *http.Request) (*http.Response, error) {
 	client := http.DefaultClient
-	if c, ok := ctx.Value(oauth2.HTTPClient).(*http.Client); ok {
+	if c := getClient(ctx); c != nil {
 		client = c
 	}
 	return client.Do(req.WithContext(ctx))
@ -102,12 +98,33 @@ type Provider struct {
 	authURL     string
 	tokenURL    string
 	userInfoURL string
 	jwksURL     string
 	algorithms  []string
 	// Raw claims returned by the server.
 	rawClaims []byte
-	remoteKeySet KeySet
+	// Guards all of the following fields.
 	mu sync.Mutex
 	// HTTP client specified from the initial NewProvider request. This is used
 	// when creating the common key set.
 	client *http.Client
 	// A key set that uses context.Background() and is shared between all code paths
 	// that don't have a convinent way of supplying a unique context.
 	commonRemoteKeySet KeySet
 }
 func (p *Provider) remoteKeySet() KeySet {
 	p.mu.Lock()
 	defer p.mu.Unlock()
 	if p.commonRemoteKeySet == nil {
 		ctx := context.Background()
 		if p.client != nil {
 			ctx = ClientContext(ctx, p.client)
 		}
 		p.commonRemoteKeySet = NewRemoteKeySet(ctx, p.jwksURL)
 	}
 	return p.commonRemoteKeySet
 }
 type providerJSON struct {
@ -132,6 +149,7 @@ var supportedAlgorithms = map[string]bool{
 	PS256: true,
 	PS384: true,
 	PS512: true,
 	EdDSA: true,
 }
 // ProviderConfig allows creating providers when discovery isn't supported. It's
@ -167,12 +185,13 @@ type ProviderConfig struct {
 // through discovery.
 func (p *ProviderConfig) NewProvider(ctx context.Context) *Provider {
 	return &Provider{
-		issuer:       p.IssuerURL,
+		issuer:      p.IssuerURL,
-		authURL:      p.AuthURL,
+		authURL:     p.AuthURL,
-		tokenURL:     p.TokenURL,
+		tokenURL:    p.TokenURL,
-		userInfoURL:  p.UserInfoURL,
+		userInfoURL: p.UserInfoURL,
-		algorithms:   p.Algorithms,
+		jwksURL:     p.JWKSURL,
-		remoteKeySet: NewRemoteKeySet(cloneContext(ctx), p.JWKSURL),
+		algorithms:  p.Algorithms,
 		client:      getClient(ctx),
 	}
 }
@ -221,26 +240,27 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
 		}
 	}
 	return &Provider{
-		issuer:       issuerURL,
+		issuer:      issuerURL,
-		authURL:      p.AuthURL,
+		authURL:     p.AuthURL,
-		tokenURL:     p.TokenURL,
+		tokenURL:    p.TokenURL,
-		userInfoURL:  p.UserInfoURL,
+		userInfoURL: p.UserInfoURL,
-		algorithms:   algs,
+		jwksURL:     p.JWKSURL,
-		rawClaims:    body,
+		algorithms:  algs,
-		remoteKeySet: NewRemoteKeySet(cloneContext(ctx), p.JWKSURL),
+		rawClaims:   body,
 		client:      getClient(ctx),
 	}, nil
 }
 // Claims unmarshals raw fields returned by the server during discovery.
 //
-//    var claims struct {
+//	var claims struct {
-//        ScopesSupported []string `json:"scopes_supported"`
+//	    ScopesSupported []string `json:"scopes_supported"`
-//        ClaimsSupported []string `json:"claims_supported"`
+//	    ClaimsSupported []string `json:"claims_supported"`
-//    }
+//	}
 //
-//    if err := provider.Claims(&claims); err != nil {
+//	if err := provider.Claims(&claims); err != nil {
-//        // handle unmarshaling error
+//	    // handle unmarshaling error
-//    }
+//	}
 //
 // For a list of fields defined by the OpenID Connect spec see:
 // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
@ -256,6 +276,12 @@ func (p *Provider) Endpoint() oauth2.Endpoint {
 	return oauth2.Endpoint{AuthURL: p.authURL, TokenURL: p.tokenURL}
 }
 // UserInfoEndpoint returns the OpenID Connect userinfo endpoint for the given
 // provider.
 func (p *Provider) UserInfoEndpoint() string {
 	return p.userInfoURL
 }
 // UserInfo represents the OpenID Connect userinfo claims.
 type UserInfo struct {
 	Subject       string `json:"sub"`
@ -317,7 +343,7 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
 	ct := resp.Header.Get("Content-Type")
 	mediaType, _, parseErr := mime.ParseMediaType(ct)
 	if parseErr == nil && mediaType == "application/jwt" {
-		payload, err := p.remoteKeySet.VerifySignature(ctx, string(body))
+		payload, err := p.remoteKeySet().VerifySignature(ctx, string(body))
 		if err != nil {
 			return nil, fmt.Errorf("oidc: invalid userinfo jwt signature %v", err)
 		}
@ -391,18 +417,17 @@ type IDToken struct {
 // Claims unmarshals the raw JSON payload of the ID Token into a provided struct.
 //
-//		idToken, err := idTokenVerifier.Verify(rawIDToken)
+//	idToken, err := idTokenVerifier.Verify(rawIDToken)
-//		if err != nil {
+//	if err != nil {
-//			// handle error
+//		// handle error
-//		}
+//	}
-//		var claims struct {
+//	var claims struct {
-//			Email         string `json:"email"`
+//		Email         string `json:"email"`
-//			EmailVerified bool   `json:"email_verified"`
+//		EmailVerified bool   `json:"email_verified"`
-//		}
+//	}
-//		if err := idToken.Claims(&claims); err != nil {
+//	if err := idToken.Claims(&claims); err != nil {
-//			// handle error
+//		// handle error
-//		}
+//	}
 //
 func (i *IDToken) Claims(v interface{}) error {
 	if i.claims == nil {
 		return errors.New("oidc: claims not set")
@ -424,7 +449,7 @@ func (i *IDToken) VerifyAccessToken(accessToken string) error {
 		h = sha256.New()
 	case RS384, ES384, PS384:
 		h = sha512.New384()
-	case RS512, ES512, PS512:
+	case RS512, ES512, PS512, EdDSA:
 		h = sha512.New()
 	default:
 		return fmt.Errorf("oidc: unsupported signing algorithm %q", i.sigAlgorithm)
--- a/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
+++ b/vendor/github.com/coreos/go-oidc/v3/oidc/verify.go
@ -64,14 +64,13 @@ type IDTokenVerifier struct {
 // This constructor can be used to create a verifier directly using the issuer URL and
 // JSON Web Key Set URL without using discovery:
 //
-//		keySet := oidc.NewRemoteKeySet(ctx, "https://www.googleapis.com/oauth2/v3/certs")
+//	keySet := oidc.NewRemoteKeySet(ctx, "https://www.googleapis.com/oauth2/v3/certs")
-//		verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
+//	verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
 //
 // Or a static key set (e.g. for testing):
 //
-//		keySet := &oidc.StaticKeySet{PublicKeys: []crypto.PublicKey{pub1, pub2}}
+//	keySet := &oidc.StaticKeySet{PublicKeys: []crypto.PublicKey{pub1, pub2}}
-//		verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
+//	verifier := oidc.NewVerifier("https://accounts.google.com", keySet, config)
 //
 func NewVerifier(issuerURL string, keySet KeySet, config *Config) *IDTokenVerifier {
 	return &IDTokenVerifier{keySet: keySet, config: config, issuer: issuerURL}
 }
@ -120,8 +119,22 @@ type Config struct {
 	InsecureSkipSignatureCheck bool
 }
 // VerifierContext returns an IDTokenVerifier that uses the provider's key set to
 // verify JWTs. As opposed to Verifier, the context is used for all requests to
 // the upstream JWKs endpoint.
 func (p *Provider) VerifierContext(ctx context.Context, config *Config) *IDTokenVerifier {
 	return p.newVerifier(NewRemoteKeySet(ctx, p.jwksURL), config)
 }
 // Verifier returns an IDTokenVerifier that uses the provider's key set to verify JWTs.
 //
 // The returned verifier uses a background context for all requests to the upstream
 // JWKs endpoint. To control that context, use VerifierContext instead.
 func (p *Provider) Verifier(config *Config) *IDTokenVerifier {
 	return p.newVerifier(p.remoteKeySet(), config)
 }
 func (p *Provider) newVerifier(keySet KeySet, config *Config) *IDTokenVerifier {
 	if len(config.SupportedSigningAlgs) == 0 && len(p.algorithms) > 0 {
 		// Make a copy so we don't modify the config values.
 		cp := &Config{}
@ -129,7 +142,7 @@ func (p *Provider) Verifier(config *Config) *IDTokenVerifier {
 		cp.SupportedSigningAlgs = p.algorithms
 		config = cp
 	}
-	return NewVerifier(p.issuer, p.remoteKeySet, config)
+	return NewVerifier(p.issuer, keySet, config)
 }
 func parseJWT(p string) ([]byte, error) {
@ -193,19 +206,18 @@ func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src
 //
 // See: https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
 //
-//    oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
+//	oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
-//    if err != nil {
+//	if err != nil {
-//        // handle error
+//	    // handle error
-//    }
+//	}
 //
-//    // Extract the ID Token from oauth2 token.
+//	// Extract the ID Token from oauth2 token.
-//    rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+//	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
-//    if !ok {
+//	if !ok {
-//        // handle error
+//	    // handle error
-//    }
+//	}
 //
 //    token, err := verifier.Verify(ctx, rawIDToken)
 //
 //	token, err := verifier.Verify(ctx, rawIDToken)
 func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDToken, error) {
 	// Throw out tokens with invalid claims before trying to verify the token. This lets
 	// us do cheap checks before possibly re-syncing keys.
--- a/vendor/github.com/docker/docker/AUTHORS
+++ b/vendor/github.com/docker/docker/AUTHORS
@ -29,6 +29,7 @@ Adam Pointer <adam.pointer@skybettingandgaming.com>
 Adam Singer <financeCoding@gmail.com>
 Adam Walz <adam@adamwalz.net>
 Adam Williams <awilliams@mirantis.com>
 AdamKorcz <adam@adalogics.com>
 Addam Hardy <addam.hardy@gmail.com>
 Aditi Rajagopal <arajagopal@us.ibm.com>
 Aditya <aditya@netroy.in>
@ -81,6 +82,7 @@ Alex Goodman <wagoodman@gmail.com>
 Alex Nordlund <alexander.nordlund@nasdaq.com>
 Alex Olshansky <i@creagenics.com>
 Alex Samorukov <samm@os2.kiev.ua>
 Alex Stockinger <alex@atomicjar.com>
 Alex Warhawk <ax.warhawk@gmail.com>
 Alexander Artemenko <svetlyak.40wt@gmail.com>
 Alexander Boyd <alex@opengroove.org>
@ -198,6 +200,7 @@ Anusha Ragunathan <anusha.ragunathan@docker.com>
 Anyu Wang <wanganyu@outlook.com>
 apocas <petermdias@gmail.com>
 Arash Deshmeh <adeshmeh@ca.ibm.com>
 arcosx <arcosx@outlook.com>
 ArikaChen <eaglesora@gmail.com>
 Arko Dasgupta <arko@tetrate.io>
 Arnaud Lefebvre <a.lefebvre@outlook.fr>
@ -241,6 +244,7 @@ Benjamin Atkin <ben@benatkin.com>
 Benjamin Baker <Benjamin.baker@utexas.edu>
 Benjamin Boudreau <boudreau.benjamin@gmail.com>
 Benjamin Böhmke <benjamin@boehmke.net>
 Benjamin Wang <wachao@vmware.com>
 Benjamin Yolken <yolken@stripe.com>
 Benny Ng <benny.tpng@gmail.com>
 Benoit Chesneau <bchesneau@gmail.com>
@ -634,6 +638,7 @@ Eng Zer Jun <engzerjun@gmail.com>
 Enguerran <engcolson@gmail.com>
 Eohyung Lee <liquidnuker@gmail.com>
 epeterso <epeterson@breakpoint-labs.com>
 er0k <er0k@er0k.net>
 Eric Barch <barch@tomesoftware.com>
 Eric Curtin <ericcurtin17@gmail.com>
 Eric G. Noriega <enoriega@vizuri.com>
@ -754,6 +759,7 @@ Félix Baylac-Jacqué <baylac.felix@gmail.com>
 Félix Cantournet <felix.cantournet@cloudwatt.com>
 Gabe Rosenhouse <gabe@missionst.com>
 Gabor Nagy <mail@aigeruth.hu>
 Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
 Gabriel Goller <gabrielgoller123@gmail.com>
 Gabriel L. Somlo <gsomlo@gmail.com>
 Gabriel Linder <linder.gabriel@gmail.com>
@ -855,6 +861,7 @@ Hongbin Lu <hongbin034@gmail.com>
 Hongxu Jia <hongxu.jia@windriver.com>
 Honza Pokorny <me@honza.ca>
 Hsing-Hui Hsu <hsinghui@amazon.com>
 Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
 hsinko <21551195@zju.edu.cn>
 Hu Keping <hukeping@huawei.com>
 Hu Tao <hutao@cn.fujitsu.com>
@ -887,6 +894,7 @@ Igor Dolzhikov <bluesriverz@gmail.com>
 Igor Karpovich <i.karpovich@currencysolutions.com>
 Iliana Weller <iweller@amazon.com>
 Ilkka Laukkanen <ilkka@ilkka.io>
 Illia Antypenko <ilya@antipenko.pp.ua>
 Illo Abdulrahim <abdulrahim.illo@nokia.com>
 Ilya Dmitrichenko <errordeveloper@gmail.com>
 Ilya Gusev <mail@igusev.ru>
@ -938,6 +946,7 @@ Jamie Hannaford <jamie@limetree.org>
 Jamshid Afshar <jafshar@yahoo.com>
 Jan Breig <git@pygos.space>
 Jan Chren <dev.rindeal@gmail.com>
 Jan Garcia <github-public@n-garcia.com>
 Jan Götte <jaseg@jaseg.net>
 Jan Keromnes <janx@linux.com>
 Jan Koprowski <jan.koprowski@gmail.com>
@ -1206,6 +1215,7 @@ Kimbro Staken <kstaken@kstaken.com>
 Kir Kolyshkin <kolyshkin@gmail.com>
 Kiran Gangadharan <kiran.daredevil@gmail.com>
 Kirill SIbirev <l0kix2@gmail.com>
 Kirk Easterson <kirk.easterson@gmail.com>
 knappe <tyler.knappe@gmail.com>
 Kohei Tsuruta <coheyxyz@gmail.com>
 Koichi Shiraishi <k@zchee.io>
@ -1240,10 +1250,12 @@ Lars Kellogg-Stedman <lars@redhat.com>
 Lars R. Damerow <lars@pixar.com>
 Lars-Magnus Skog <ralphtheninja@riseup.net>
 Laszlo Meszaros <lacienator@gmail.com>
 Laura Brehm <laurabrehm@hey.com>
 Laura Frank <ljfrank@gmail.com>
 Laurent Bernaille <laurent.bernaille@datadoghq.com>
 Laurent Erignoux <lerignoux@gmail.com>
 Laurie Voss <github@seldo.com>
 Leandro Motta Barros <lmb@stackedboxes.org>
 Leandro Siqueira <leandro.siqueira@gmail.com>
 Lee Calcote <leecalcote@gmail.com>
 Lee Chao <932819864@qq.com>
@ -1563,6 +1575,7 @@ Nick Neisen <nwneisen@gmail.com>
 Nick Parker <nikaios@gmail.com>
 Nick Payne <nick@kurai.co.uk>
 Nick Russo <nicholasjamesrusso@gmail.com>
 Nick Santos <nick.santos@docker.com>
 Nick Stenning <nick.stenning@digital.cabinet-office.gov.uk>
 Nick Stinemates <nick@stinemates.org>
 Nick Wood <nwood@microsoft.com>
@ -1584,6 +1597,7 @@ NikolaMandic <mn080202@gmail.com>
 Nikolas Garofil <nikolas.garofil@uantwerpen.be>
 Nikolay Edigaryev <edigaryev@gmail.com>
 Nikolay Milovanov <nmil@itransformers.net>
 ningmingxiao <ning.mingxiao@zte.com.cn>
 Nirmal Mehta <nirmalkmehta@gmail.com>
 Nishant Totla <nishanttotla@gmail.com>
 NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
@ -1615,6 +1629,7 @@ Omri Shiv <Omri.Shiv@teradata.com>
 Onur Filiz <onur.filiz@microsoft.com>
 Oriol Francès <oriolfa@gmail.com>
 Oscar Bonilla <6f6231@gmail.com>
 oscar.chen <2972789494@qq.com>
 Oskar Niburski <oskarniburski@gmail.com>
 Otto Kekäläinen <otto@seravo.fi>
 Ouyang Liduo <oyld0210@163.com>
@ -1822,6 +1837,7 @@ Rory Hunter <roryhunter2@gmail.com>
 Rory McCune <raesene@gmail.com>
 Ross Boucher <rboucher@gmail.com>
 Rovanion Luckey <rovanion.luckey@gmail.com>
 Roy Reznik <roy@wiz.io>
 Royce Remer <royceremer@gmail.com>
 Rozhnov Alexandr <nox73@ya.ru>
 Rudolph Gottesheim <r.gottesheim@loot.at>
@ -2271,6 +2287,7 @@ Xiaoyu Zhang <zhang.xiaoyu33@zte.com.cn>
 xichengliudui <1693291525@qq.com>
 xiekeyang <xiekeyang@huawei.com>
 Ximo Guanter Gonzálbez <joaquin.guantergonzalbez@telefonica.com>
 xin.li <xin.li@daocloud.io>
 Xinbo Weng <xihuanbo_0521@zju.edu.cn>
 Xinfeng Liu <xinfeng.liu@gmail.com>
 Xinzi Zhou <imdreamrunner@gmail.com>
@ -2282,6 +2299,7 @@ Yahya <ya7yaz@gmail.com>
 yalpul <yalpul@gmail.com>
 YAMADA Tsuyoshi <tyamada@minimum2scp.org>
 Yamasaki Masahide <masahide.y@gmail.com>
 Yamazaki Masashi <masi19bw@gmail.com>
 Yan Feng <yanfeng2@huawei.com>
 Yan Zhu <yanzhu@alauda.io>
 Yang Bai <hamo.by@gmail.com>
--- a/vendor/github.com/docker/docker/api/common.go
+++ b/vendor/github.com/docker/docker/api/common.go
@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
-	DefaultVersion = "1.42"
+	DefaultVersion = "1.43"
 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@ -19,10 +19,10 @@ produces:
 consumes:
  - "application/json"
  - "text/plain"
-basePath: "/v1.42"
+basePath: "/v1.43"
 info:
  title: "Docker Engine API"
-  version: "1.42"
+  version: "1.43"
  x-logo:
    url: "https://docs.docker.com/assets/images/logo-docker-main.png"
  description: |
@ -55,8 +55,8 @@ info:
    the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
    is returned.
-    If you omit the version-prefix, the current version of the API (v1.42) is used.
+    If you omit the version-prefix, the current version of the API (v1.43) is used.
-    For example, calling `/info` is the same as calling `/v1.42/info`. Using the
+    For example, calling `/info` is the same as calling `/v1.43/info`. Using the
    API without a version-prefix is deprecated and will be removed in a future release.
    Engine releases in the near future should support this version of the API,
@ -976,6 +976,13 @@ definitions:
            items:
              type: "integer"
              minimum: 0
          Annotations:
            type: "object"
            description: |
              Arbitrary non-identifying metadata attached to container and
              provided to the runtime when the container is started.
            additionalProperties:
              type: "string"
          # Applicable to UNIX platforms
          CapAdd:
@ -1122,6 +1129,7 @@ definitions:
              remapping option is enabled.
          ShmSize:
            type: "integer"
            format: "int64"
            description: |
              Size of `/dev/shm` in bytes. If omitted, the system uses 64MB.
            minimum: 0
@ -1610,6 +1618,34 @@ definitions:
          "WorkDir": "/var/lib/docker/overlay2/ef749362d13333e65fc95c572eb525abbe0052e16e086cb64bc3b98ae9aa6d74/work"
        }
  FilesystemChange:
    description: |
      Change in the container's filesystem.
    type: "object"
    required: [Path, Kind]
    properties:
      Path:
        description: |
          Path to file or directory that has changed.
        type: "string"
        x-nullable: false
      Kind:
        $ref: "#/definitions/ChangeType"
  ChangeType:
    description: |
      Kind of change
      Can be one of:
      - `0`: Modified ("C")
      - `1`: Added ("A")
      - `2`: Deleted ("D")
    type: "integer"
    format: "uint8"
    enum: [0, 1, 2]
    x-nullable: false
  ImageInspect:
    description: |
      Information about an image in the local image cache.
@ -1746,15 +1782,14 @@ definitions:
          Total size of the image including all layers it is composed of.
          In versions of Docker before v1.10, this field was calculated from
-          the image itself and all of its parent images. Docker v1.10 and up
+          the image itself and all of its parent images. Images are now stored
-          store images self-contained, and no longer use a parent-chain, making
+          self-contained, and no longer use a parent-chain, making this field
-          this field an equivalent of the Size field.
+          an equivalent of the Size field.
-          This field is kept for backward compatibility, but may be removed in
+          > **Deprecated**: this field is kept for backward compatibility, but
-          a future version of the API.
+          > will be removed in API v1.44.
        type: "integer"
        format: "int64"
        x-nullable: false
        example: 1239828
      GraphDriver:
        $ref: "#/definitions/GraphDriverData"
@ -1802,7 +1837,6 @@ definitions:
      - Created
      - Size
      - SharedSize
      - VirtualSize
      - Labels
      - Containers
    properties:
@ -1888,19 +1922,17 @@ definitions:
        x-nullable: false
        example: 1239828
      VirtualSize:
-        description: |
+        description: |-
          Total size of the image including all layers it is composed of.
          In versions of Docker before v1.10, this field was calculated from
-          the image itself and all of its parent images. Docker v1.10 and up
+          the image itself and all of its parent images. Images are now stored
-          store images self-contained, and no longer use a parent-chain, making
+          self-contained, and no longer use a parent-chain, making this field
-          this field an equivalent of the Size field.
+          an equivalent of the Size field.
-          This field is kept for backward compatibility, but may be removed in
+          Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
          a future version of the API.
        type: "integer"
        format: "int64"
        x-nullable: false
        example: 172064416
      Labels:
        description: "User-defined key/value metadata."
@ -4652,7 +4684,8 @@ definitions:
        example: false
      OOMKilled:
        description: |
-          Whether this container has been killed because it ran out of memory.
+          Whether a process within this container has been killed because it ran
          out of memory since the container was last started.
        type: "boolean"
        example: false
      Dead:
@ -5242,7 +5275,8 @@ definitions:
      SecurityOptions:
        description: |
          List of security features that are enabled on the daemon, such as
-          apparmor, seccomp, SELinux, user-namespaces (userns), and rootless.
+          apparmor, seccomp, SELinux, user-namespaces (userns), rootless and
          no-new-privileges.
          Additional configuration options for each security feature may
          be present, and are included as a comma-separated list of key/value
@ -6875,9 +6909,9 @@ paths:
        Returns which files in a container's filesystem have been added, deleted,
        or modified. The `Kind` of modification can be one of:
-        - `0`: Modified
+        - `0`: Modified ("C")
-        - `1`: Added
+        - `1`: Added ("A")
-        - `2`: Deleted
+        - `2`: Deleted ("D")
      operationId: "ContainerChanges"
      produces: ["application/json"]
      responses:
@ -6886,22 +6920,7 @@ paths:
          schema:
            type: "array"
            items:
-              type: "object"
+              $ref: "#/definitions/FilesystemChange"
              x-go-name: "ContainerChangeResponseItem"
              title: "ContainerChangeResponseItem"
              description: "change item in response to ContainerChanges operation"
              required: [Path, Kind]
              properties:
                Path:
                  description: "Path to file that has changed"
                  type: "string"
                  x-nullable: false
                Kind:
                  description: "Kind of change"
                  type: "integer"
                  format: "uint8"
                  enum: [0, 1, 2]
                  x-nullable: false
          examples:
            application/json:
              - Path: "/dev"
@ -8228,7 +8247,7 @@ paths:
            Available filters:
-            - `until=<duration>`: duration relative to daemon's time, during which build cache was not used, in Go's duration format (e.g., '24h')
+            - `until=<timestamp>` remove cache older than `<timestamp>`. The `<timestamp>` can be Unix timestamps, date formatted timestamps, or Go duration strings (e.g. `10m`, `1h30m`) computed relative to the daemon's local time.
            - `id=<id>`
            - `parent=<id>`
            - `type=<string>`
--- a/vendor/github.com/docker/docker/api/types/auth.go
+++ b/vendor/github.com/docker/docker/api/types/auth.go
@ -1,22 +1,7 @@
 package types // import "github.com/docker/docker/api/types"
 import "github.com/docker/docker/api/types/registry"
-// AuthConfig contains authorization information for connecting to a Registry
+// AuthConfig contains authorization information for connecting to a Registry.
-type AuthConfig struct {
+//
-	Username string `json:"username,omitempty"`
+// Deprecated: use github.com/docker/docker/api/types/registry.AuthConfig
-	Password string `json:"password,omitempty"`
+type AuthConfig = registry.AuthConfig
 	Auth     string `json:"auth,omitempty"`
 	// Email is an optional value associated with the username.
 	// This field is deprecated and will be removed in a later
 	// version of docker.
 	Email string `json:"email,omitempty"`
 	ServerAddress string `json:"serveraddress,omitempty"`
 	// IdentityToken is used to authenticate the user and get
 	// an access token for the registry.
 	IdentityToken string `json:"identitytoken,omitempty"`
 	// RegistryToken is a bearer token to be sent to a registry
 	RegistryToken string `json:"registrytoken,omitempty"`
 }
--- a/vendor/github.com/docker/docker/api/types/client.go
+++ b/vendor/github.com/docker/docker/api/types/client.go
@ -7,6 +7,7 @@ import (
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/registry"
 	units "github.com/docker/go-units"
 )
@ -180,7 +181,7 @@ type ImageBuildOptions struct {
 	// at all (nil). See the parsing of buildArgs in
 	// api/server/router/build/build_routes.go for even more info.
 	BuildArgs   map[string]*string
-	AuthConfigs map[string]AuthConfig
+	AuthConfigs map[string]registry.AuthConfig
 	Context     io.Reader
 	Labels      map[string]string
 	// squash the resulting image's layers to the parent
--- a/vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go
+++ b/vendor/github.com/docker/docker/api/types/container/change_response_deprecated.go
@ -0,0 +1,6 @@
 package container
 // ContainerChangeResponseItem change item in response to ContainerChanges operation
 //
 // Deprecated: use [FilesystemChange].
 type ContainerChangeResponseItem = FilesystemChange
--- a/vendor/github.com/docker/docker/api/types/container/change_type.go
+++ b/vendor/github.com/docker/docker/api/types/container/change_type.go
@ -0,0 +1,15 @@
 package container
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 // ChangeType Kind of change
 //
 // Can be one of:
 //
 // - `0`: Modified ("C")
 // - `1`: Added ("A")
 // - `2`: Deleted ("D")
 //
 // swagger:model ChangeType
 type ChangeType uint8
--- a/vendor/github.com/docker/docker/api/types/container/change_types.go
+++ b/vendor/github.com/docker/docker/api/types/container/change_types.go
@ -0,0 +1,23 @@
 package container
 const (
 	// ChangeModify represents the modify operation.
 	ChangeModify ChangeType = 0
 	// ChangeAdd represents the add operation.
 	ChangeAdd ChangeType = 1
 	// ChangeDelete represents the delete operation.
 	ChangeDelete ChangeType = 2
 )
 func (ct ChangeType) String() string {
 	switch ct {
 	case ChangeModify:
 		return "C"
 	case ChangeAdd:
 		return "A"
 	case ChangeDelete:
 		return "D"
 	default:
 		return ""
 	}
 }
--- a/vendor/github.com/docker/docker/api/types/container/container_changes.go
+++ b/vendor/github.com/docker/docker/api/types/container/container_changes.go
@ -1,20 +0,0 @@
 package container // import "github.com/docker/docker/api/types/container"
 // ----------------------------------------------------------------------------
 // Code generated by `swagger generate operation`. DO NOT EDIT.
 //
 // See hack/generate-swagger-api.sh
 // ----------------------------------------------------------------------------
 // ContainerChangeResponseItem change item in response to ContainerChanges operation
 // swagger:model ContainerChangeResponseItem
 type ContainerChangeResponseItem struct {
 	// Kind of change
 	// Required: true
 	Kind uint8 `json:"Kind"`
 	// Path to file that has changed
 	// Required: true
 	Path string `json:"Path"`
 }
--- a/vendor/github.com/docker/docker/api/types/container/deprecated.go
+++ b/vendor/github.com/docker/docker/api/types/container/deprecated.go
@ -1,16 +0,0 @@
 package container // import "github.com/docker/docker/api/types/container"
 // ContainerCreateCreatedBody OK response to ContainerCreate operation
 //
 // Deprecated: use CreateResponse
 type ContainerCreateCreatedBody = CreateResponse
 // ContainerWaitOKBody OK response to ContainerWait operation
 //
 // Deprecated: use WaitResponse
 type ContainerWaitOKBody = WaitResponse
 // ContainerWaitOKBodyError container waiting error, if any
 //
 // Deprecated: use WaitExitError
 type ContainerWaitOKBodyError = WaitExitError
--- a/vendor/github.com/docker/docker/api/types/container/filesystem_change.go
+++ b/vendor/github.com/docker/docker/api/types/container/filesystem_change.go
@ -0,0 +1,19 @@
 package container
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 // FilesystemChange Change in the container's filesystem.
 //
 // swagger:model FilesystemChange
 type FilesystemChange struct {
 	// kind
 	// Required: true
 	Kind ChangeType `json:"Kind"`
 	// Path to file or directory that has changed.
 	//
 	// Required: true
 	Path string `json:"Path"`
 }
--- a/vendor/github.com/docker/docker/api/types/container/host_config.go
+++ b/vendor/github.com/docker/docker/api/types/container/host_config.go
@ -101,7 +101,8 @@ func (n IpcMode) IsShareable() bool {
 // IsContainer indicates whether the container uses another container's ipc namespace.
 func (n IpcMode) IsContainer() bool {
-	return strings.HasPrefix(string(n), string(IPCModeContainer)+":")
+	_, ok := containerID(string(n))
 	return ok
 }
 // IsNone indicates whether container IpcMode is set to "none".
@ -116,15 +117,14 @@ func (n IpcMode) IsEmpty() bool {
 // Valid indicates whether the ipc mode is valid.
 func (n IpcMode) Valid() bool {
 	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
 	return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer()
 }
 // Container returns the name of the container ipc stack is going to be used.
-func (n IpcMode) Container() string {
+func (n IpcMode) Container() (idOrName string) {
-	if n.IsContainer() {
+	idOrName, _ = containerID(string(n))
-		return strings.TrimPrefix(string(n), string(IPCModeContainer)+":")
+	return idOrName
 	}
 	return ""
 }
 // NetworkMode represents the container network stack.
@ -147,17 +147,14 @@ func (n NetworkMode) IsPrivate() bool {
 // IsContainer indicates whether container uses a container network stack.
 func (n NetworkMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
+	_, ok := containerID(string(n))
-	return len(parts) > 1 && parts[0] == "container"
+	return ok
 }
 // ConnectedContainer is the id of the container which network this container is connected to.
-func (n NetworkMode) ConnectedContainer() string {
+func (n NetworkMode) ConnectedContainer() (idOrName string) {
-	parts := strings.SplitN(string(n), ":", 2)
+	idOrName, _ = containerID(string(n))
-	if len(parts) > 1 {
+	return idOrName
 		return parts[1]
 	}
 	return ""
 }
 // UserDefined indicates user-created network
@ -178,18 +175,12 @@ func (n UsernsMode) IsHost() bool {
 // IsPrivate indicates whether the container uses the a private userns.
 func (n UsernsMode) IsPrivate() bool {
-	return !(n.IsHost())
+	return !n.IsHost()
 }
 // Valid indicates whether the userns is valid.
 func (n UsernsMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
+	return n == "" || n.IsHost()
 	switch mode := parts[0]; mode {
 	case "", "host":
 	default:
 		return false
 	}
 	return true
 }
 // CgroupSpec represents the cgroup to use for the container.
@ -197,22 +188,20 @@ type CgroupSpec string
 // IsContainer indicates whether the container is using another container cgroup
 func (c CgroupSpec) IsContainer() bool {
-	parts := strings.SplitN(string(c), ":", 2)
+	_, ok := containerID(string(c))
-	return len(parts) > 1 && parts[0] == "container"
+	return ok
 }
 // Valid indicates whether the cgroup spec is valid.
 func (c CgroupSpec) Valid() bool {
-	return c.IsContainer() || c == ""
+	// TODO(thaJeztah): align with PidMode, and consider container-mode without a container name/ID to be invalid.
 	return c == "" || c.IsContainer()
 }
-// Container returns the name of the container whose cgroup will be used.
+// Container returns the ID or name of the container whose cgroup will be used.
-func (c CgroupSpec) Container() string {
+func (c CgroupSpec) Container() (idOrName string) {
-	parts := strings.SplitN(string(c), ":", 2)
+	idOrName, _ = containerID(string(c))
-	if len(parts) > 1 {
+	return idOrName
 		return parts[1]
 	}
 	return ""
 }
 // UTSMode represents the UTS namespace of the container.
@ -220,7 +209,7 @@ type UTSMode string
 // IsPrivate indicates whether the container uses its private UTS namespace.
 func (n UTSMode) IsPrivate() bool {
-	return !(n.IsHost())
+	return !n.IsHost()
 }
 // IsHost indicates whether the container uses the host's UTS namespace.
@ -230,13 +219,7 @@ func (n UTSMode) IsHost() bool {
 // Valid indicates whether the UTS namespace is valid.
 func (n UTSMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
+	return n == "" || n.IsHost()
 	switch mode := parts[0]; mode {
 	case "", "host":
 	default:
 		return false
 	}
 	return true
 }
 // PidMode represents the pid namespace of the container.
@ -254,32 +237,19 @@ func (n PidMode) IsHost() bool {
 // IsContainer indicates whether the container uses a container's pid namespace.
 func (n PidMode) IsContainer() bool {
-	parts := strings.SplitN(string(n), ":", 2)
+	_, ok := containerID(string(n))
-	return len(parts) > 1 && parts[0] == "container"
+	return ok
 }
 // Valid indicates whether the pid namespace is valid.
 func (n PidMode) Valid() bool {
-	parts := strings.Split(string(n), ":")
+	return n == "" || n.IsHost() || validContainer(string(n))
 	switch mode := parts[0]; mode {
 	case "", "host":
 	case "container":
 		if len(parts) != 2 || parts[1] == "" {
 			return false
 		}
 	default:
 		return false
 	}
 	return true
 }
 // Container returns the name of the container whose pid namespace is going to be used.
-func (n PidMode) Container() string {
+func (n PidMode) Container() (idOrName string) {
-	parts := strings.SplitN(string(n), ":", 2)
+	idOrName, _ = containerID(string(n))
-	if len(parts) > 1 {
+	return idOrName
 		return parts[1]
 	}
 	return ""
 }
 // DeviceRequest represents a request for devices from a device driver.
@ -408,16 +378,17 @@ type UpdateConfig struct {
 // Portable information *should* appear in Config.
 type HostConfig struct {
 	// Applicable to all platforms
-	Binds           []string      // List of volume bindings for this container
+	Binds           []string          // List of volume bindings for this container
-	ContainerIDFile string        // File (path) where the containerId is written
+	ContainerIDFile string            // File (path) where the containerId is written
-	LogConfig       LogConfig     // Configuration of the logs for this container
+	LogConfig       LogConfig         // Configuration of the logs for this container
-	NetworkMode     NetworkMode   // Network mode to use for the container
+	NetworkMode     NetworkMode       // Network mode to use for the container
-	PortBindings    nat.PortMap   // Port mapping between the exposed port (container) and the host
+	PortBindings    nat.PortMap       // Port mapping between the exposed port (container) and the host
-	RestartPolicy   RestartPolicy // Restart policy to be used for the container
+	RestartPolicy   RestartPolicy     // Restart policy to be used for the container
-	AutoRemove      bool          // Automatically remove container when it exits
+	AutoRemove      bool              // Automatically remove container when it exits
-	VolumeDriver    string        // Name of the volume driver used to mount volumes
+	VolumeDriver    string            // Name of the volume driver used to mount volumes
-	VolumesFrom     []string      // List of volumes to take from other container
+	VolumesFrom     []string          // List of volumes to take from other container
-	ConsoleSize     [2]uint       // Initial console size (height,width)
+	ConsoleSize     [2]uint           // Initial console size (height,width)
 	Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
 	// Applicable to UNIX platforms
 	CapAdd          strslice.StrSlice // List of kernel capabilities to add to the container
@ -463,3 +434,23 @@ type HostConfig struct {
 	// Run a custom init inside the container, if null, use the daemon's configured settings
 	Init *bool `json:",omitempty"`
 }
 // containerID splits "container:<ID|name>" values. It returns the container
 // ID or name, and whether an ID/name was found. It returns an empty string and
 // a "false" if the value does not have a "container:" prefix. Further validation
 // of the returned, including checking if the value is empty, should be handled
 // by the caller.
 func containerID(val string) (idOrName string, ok bool) {
 	k, v, hasSep := strings.Cut(val, ":")
 	if !hasSep || k != "container" {
 		return "", false
 	}
 	return v, true
 }
 // validContainer checks if the given value is a "container:" mode with
 // a non-empty name/ID.
 func validContainer(val string) bool {
 	id, ok := containerID(val)
 	return ok && id != ""
 }
--- a/vendor/github.com/docker/docker/api/types/deprecated.go
+++ b/vendor/github.com/docker/docker/api/types/deprecated.go
@ -1,14 +0,0 @@
 package types // import "github.com/docker/docker/api/types"
 import "github.com/docker/docker/api/types/volume"
 // Volume volume
 //
 // Deprecated: use github.com/docker/docker/api/types/volume.Volume
 type Volume = volume.Volume
 // VolumeUsageData Usage details about the volume. This information is used by the
 // `GET /system/df` endpoint, and omitted in other endpoints.
 //
 // Deprecated: use github.com/docker/docker/api/types/volume.UsageData
 type VolumeUsageData = volume.UsageData
--- a/vendor/github.com/docker/docker/api/types/filters/errors.go
+++ b/vendor/github.com/docker/docker/api/types/filters/errors.go
@ -0,0 +1,37 @@
 package filters
 import "fmt"
 // invalidFilter indicates that the provided filter or its value is invalid
 type invalidFilter struct {
 	Filter string
 	Value  []string
 }
 func (e invalidFilter) Error() string {
 	msg := "invalid filter"
 	if e.Filter != "" {
 		msg += " '" + e.Filter
 		if e.Value != nil {
 			msg = fmt.Sprintf("%s=%s", msg, e.Value)
 		}
 		msg += "'"
 	}
 	return msg
 }
 // InvalidParameter marks this error as ErrInvalidParameter
 func (e invalidFilter) InvalidParameter() {}
 // unreachableCode is an error indicating that the code path was not expected to be reached.
 type unreachableCode struct {
 	Filter string
 	Value  []string
 }
 // System marks this error as ErrSystem
 func (e unreachableCode) System() {}
 func (e unreachableCode) Error() string {
 	return fmt.Sprintf("unreachable code reached for filter: %q with values: %s", e.Filter, e.Value)
 }
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@ -10,7 +10,6 @@ import (
 	"strings"
 	"github.com/docker/docker/api/types/versions"
 	"github.com/pkg/errors"
 )
 // Args stores a mapping of keys to a set of multiple values.
@ -99,7 +98,7 @@ func FromJSON(p string) (Args, error) {
 	// Fallback to parsing arguments in the legacy slice format
 	deprecated := map[string][]string{}
 	if legacyErr := json.Unmarshal(raw, &deprecated); legacyErr != nil {
-		return args, invalidFilter{errors.Wrap(err, "invalid filter")}
+		return args, invalidFilter{}
 	}
 	args.fields = deprecatedArgs(deprecated)
@ -163,13 +162,13 @@ func (args Args) MatchKVList(key string, sources map[string]string) bool {
 	}
 	for value := range fieldValues {
-		testKV := strings.SplitN(value, "=", 2)
+		testK, testV, hasValue := strings.Cut(value, "=")
-		v, ok := sources[testKV[0]]
+		v, ok := sources[testK]
 		if !ok {
 			return false
 		}
-		if len(testKV) == 2 && testKV[1] != v {
+		if hasValue && testV != v {
 			return false
 		}
 	}
@ -196,6 +195,38 @@ func (args Args) Match(field, source string) bool {
 	return false
 }
 // GetBoolOrDefault returns a boolean value of the key if the key is present
 // and is intepretable as a boolean value. Otherwise the default value is returned.
 // Error is not nil only if the filter values are not valid boolean or are conflicting.
 func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
 	fieldValues, ok := args.fields[key]
 	if !ok {
 		return defaultValue, nil
 	}
 	if len(fieldValues) == 0 {
 		return defaultValue, invalidFilter{key, nil}
 	}
 	isFalse := fieldValues["0"] || fieldValues["false"]
 	isTrue := fieldValues["1"] || fieldValues["true"]
 	conflicting := isFalse && isTrue
 	invalid := !isFalse && !isTrue
 	if conflicting || invalid {
 		return defaultValue, invalidFilter{key, args.Get(key)}
 	} else if isFalse {
 		return false, nil
 	} else if isTrue {
 		return true, nil
 	}
 	// This code shouldn't be reached.
 	return defaultValue, unreachableCode{Filter: key, Value: args.Get(key)}
 }
 // ExactMatch returns true if the source matches exactly one of the values.
 func (args Args) ExactMatch(key, source string) bool {
 	fieldValues, ok := args.fields[key]
@ -246,20 +277,12 @@ func (args Args) Contains(field string) bool {
 	return ok
 }
 type invalidFilter struct{ error }
 func (e invalidFilter) Error() string {
 	return e.error.Error()
 }
 func (invalidFilter) InvalidParameter() {}
 // Validate compared the set of accepted keys against the keys in the mapping.
 // An error is returned if any mapping keys are not in the accepted set.
 func (args Args) Validate(accepted map[string]bool) error {
 	for name := range args.fields {
 		if !accepted[name] {
-			return invalidFilter{errors.New("invalid filter '" + name + "'")}
+			return invalidFilter{name, nil}
 		}
 	}
 	return nil
--- a/vendor/github.com/docker/docker/api/types/image/opts.go
+++ b/vendor/github.com/docker/docker/api/types/image/opts.go
@ -0,0 +1,9 @@
 package image
 import specs "github.com/opencontainers/image-spec/specs-go/v1"
 // GetImageOpts holds parameters to inspect an image.
 type GetImageOpts struct {
 	Platform *specs.Platform
 	Details  bool
 }
--- a/vendor/github.com/docker/docker/api/types/image_summary.go
+++ b/vendor/github.com/docker/docker/api/types/image_summary.go
@ -85,13 +85,10 @@ type ImageSummary struct {
 	// Total size of the image including all layers it is composed of.
 	//
 	// In versions of Docker before v1.10, this field was calculated from
-	// the image itself and all of its parent images. Docker v1.10 and up
+	// the image itself and all of its parent images. Images are now stored
-	// store images self-contained, and no longer use a parent-chain, making
+	// self-contained, and no longer use a parent-chain, making this field
-	// this field an equivalent of the Size field.
+	// an equivalent of the Size field.
 	//
-	// This field is kept for backward compatibility, but may be removed in
+	// Deprecated: this field is kept for backward compatibility, and will be removed in API v1.44.
-	// a future version of the API.
+	VirtualSize int64 `json:"VirtualSize,omitempty"`
 	//
 	// Required: true
 	VirtualSize int64 `json:"VirtualSize"`
 }
--- a/vendor/github.com/docker/docker/api/types/registry/authconfig.go
+++ b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
@ -0,0 +1,99 @@
 package registry // import "github.com/docker/docker/api/types/registry"
 import (
 	"encoding/base64"
 	"encoding/json"
 	"io"
 	"strings"
 	"github.com/pkg/errors"
 )
 // AuthHeader is the name of the header used to send encoded registry
 // authorization credentials for registry operations (push/pull).
 const AuthHeader = "X-Registry-Auth"
 // AuthConfig contains authorization information for connecting to a Registry.
 type AuthConfig struct {
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty"`
 	Auth     string `json:"auth,omitempty"`
 	// Email is an optional value associated with the username.
 	// This field is deprecated and will be removed in a later
 	// version of docker.
 	Email string `json:"email,omitempty"`
 	ServerAddress string `json:"serveraddress,omitempty"`
 	// IdentityToken is used to authenticate the user and get
 	// an access token for the registry.
 	IdentityToken string `json:"identitytoken,omitempty"`
 	// RegistryToken is a bearer token to be sent to a registry
 	RegistryToken string `json:"registrytoken,omitempty"`
 }
 // EncodeAuthConfig serializes the auth configuration as a base64url encoded
 // RFC4648, section 5) JSON string for sending through the X-Registry-Auth header.
 //
 // For details on base64url encoding, see:
 // - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
 func EncodeAuthConfig(authConfig AuthConfig) (string, error) {
 	buf, err := json.Marshal(authConfig)
 	if err != nil {
 		return "", errInvalidParameter{err}
 	}
 	return base64.URLEncoding.EncodeToString(buf), nil
 }
 // DecodeAuthConfig decodes base64url encoded (RFC4648, section 5) JSON
 // authentication information as sent through the X-Registry-Auth header.
 //
 // This function always returns an AuthConfig, even if an error occurs. It is up
 // to the caller to decide if authentication is required, and if the error can
 // be ignored.
 //
 // For details on base64url encoding, see:
 // - RFC4648, section 5:   https://tools.ietf.org/html/rfc4648#section-5
 func DecodeAuthConfig(authEncoded string) (*AuthConfig, error) {
 	if authEncoded == "" {
 		return &AuthConfig{}, nil
 	}
 	authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))
 	return decodeAuthConfigFromReader(authJSON)
 }
 // DecodeAuthConfigBody decodes authentication information as sent as JSON in the
 // body of a request. This function is to provide backward compatibility with old
 // clients and API versions. Current clients and API versions expect authentication
 // to be provided through the X-Registry-Auth header.
 //
 // Like DecodeAuthConfig, this function always returns an AuthConfig, even if an
 // error occurs. It is up to the caller to decide if authentication is required,
 // and if the error can be ignored.
 func DecodeAuthConfigBody(rdr io.ReadCloser) (*AuthConfig, error) {
 	return decodeAuthConfigFromReader(rdr)
 }
 func decodeAuthConfigFromReader(rdr io.Reader) (*AuthConfig, error) {
 	authConfig := &AuthConfig{}
 	if err := json.NewDecoder(rdr).Decode(authConfig); err != nil {
 		// always return an (empty) AuthConfig to increase compatibility with
 		// the existing API.
 		return &AuthConfig{}, invalid(err)
 	}
 	return authConfig, nil
 }
 func invalid(err error) error {
 	return errInvalidParameter{errors.Wrap(err, "invalid X-Registry-Auth header")}
 }
 type errInvalidParameter struct{ error }
 func (errInvalidParameter) InvalidParameter() {}
 func (e errInvalidParameter) Cause() error { return e.error }
 func (e errInvalidParameter) Unwrap() error { return e.error }
--- a/vendor/github.com/docker/docker/api/types/time/timestamp.go
+++ b/vendor/github.com/docker/docker/api/types/time/timestamp.go
@ -95,37 +95,37 @@ func GetTimestamp(value string, reference time.Time) (string, error) {
 	return fmt.Sprintf("%d.%09d", t.Unix(), int64(t.Nanosecond())), nil
 }
-// ParseTimestamps returns seconds and nanoseconds from a timestamp that has the
+// ParseTimestamps returns seconds and nanoseconds from a timestamp that has
-// format "%d.%09d", time.Unix(), int64(time.Nanosecond()))
+// the format ("%d.%09d", time.Unix(), int64(time.Nanosecond())).
-// if the incoming nanosecond portion is longer or shorter than 9 digits it is
+// If the incoming nanosecond portion is longer than 9 digits it is truncated.
-// converted to nanoseconds.  The expectation is that the seconds and
+// The expectation is that the seconds and nanoseconds will be used to create a
-// seconds will be used to create a time variable.  For example:
+// time variable.  For example:
 //
-//	seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0)
+//	seconds, nanoseconds, _ := ParseTimestamp("1136073600.000000001",0)
-//	if err == nil since := time.Unix(seconds, nanoseconds)
+//	since := time.Unix(seconds, nanoseconds)
 //
-// returns seconds as def(aultSeconds) if value == ""
+// returns seconds as defaultSeconds if value == ""
-func ParseTimestamps(value string, def int64) (int64, int64, error) {
+func ParseTimestamps(value string, defaultSeconds int64) (seconds int64, nanoseconds int64, err error) {
 	if value == "" {
-		return def, 0, nil
+		return defaultSeconds, 0, nil
 	}
 	return parseTimestamp(value)
 }
-func parseTimestamp(value string) (int64, int64, error) {
+func parseTimestamp(value string) (sec int64, nsec int64, err error) {
-	sa := strings.SplitN(value, ".", 2)
+	s, n, ok := strings.Cut(value, ".")
-	s, err := strconv.ParseInt(sa[0], 10, 64)
+	sec, err = strconv.ParseInt(s, 10, 64)
 	if err != nil {
-		return s, 0, err
+		return sec, 0, err
 	}
-	if len(sa) != 2 {
+	if !ok {
-		return s, 0, nil
+		return sec, 0, nil
 	}
-	n, err := strconv.ParseInt(sa[1], 10, 64)
+	nsec, err = strconv.ParseInt(n, 10, 64)
 	if err != nil {
-		return s, n, err
+		return sec, nsec, err
 	}
 	// should already be in nanoseconds but just in case convert n to nanoseconds
-	n = int64(float64(n) * math.Pow(float64(10), float64(9-len(sa[1]))))
+	nsec = int64(float64(nsec) * math.Pow(float64(10), float64(9-len(n))))
-	return s, n, nil
+	return sec, nsec, nil
 }
--- a/vendor/github.com/docker/docker/api/types/types.go
+++ b/vendor/github.com/docker/docker/api/types/types.go
@ -123,9 +123,8 @@ type ImageInspect struct {
 	// store images self-contained, and no longer use a parent-chain, making
 	// this field an equivalent of the Size field.
 	//
-	// This field is kept for backward compatibility, but may be removed in
+	// Deprecated: Unused in API 1.43 and up, but kept for backward compatibility with older API versions.
-	// a future version of the API.
+	VirtualSize int64 `json:"VirtualSize,omitempty"`
 	VirtualSize int64 // TODO(thaJeztah): deprecate this field
 	// GraphDriver holds information about the storage driver used to store the
 	// container's and image's filesystem.
@ -297,8 +296,6 @@ type Info struct {
 	Labels             []string
 	ExperimentalBuild  bool
 	ServerVersion      string
 	ClusterStore       string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	ClusterAdvertise   string `json:",omitempty"` // Deprecated: host-discovery and overlay networks with external k/v stores are deprecated
 	Runtimes           map[string]Runtime
 	DefaultRuntime     string
 	Swarm              swarm.Info
@ -350,20 +347,19 @@ func DecodeSecurityOptions(opts []string) ([]SecurityOpt, error) {
 			continue
 		}
 		secopt := SecurityOpt{}
-		split := strings.Split(opt, ",")
+		for _, s := range strings.Split(opt, ",") {
-		for _, s := range split {
+			k, v, ok := strings.Cut(s, "=")
-			kv := strings.SplitN(s, "=", 2)
+			if !ok {
 			if len(kv) != 2 {
 				return nil, fmt.Errorf("invalid security option %q", s)
 			}
-			if kv[0] == "" || kv[1] == "" {
+			if k == "" || v == "" {
 				return nil, errors.New("invalid empty security option")
 			}
-			if kv[0] == "name" {
+			if k == "name" {
-				secopt.Name = kv[1]
+				secopt.Name = v
 				continue
 			}
-			secopt.Options = append(secopt.Options, KeyValue{Key: kv[0], Value: kv[1]})
+			secopt.Options = append(secopt.Options, KeyValue{Key: k, Value: v})
 		}
 		so = append(so, secopt)
 	}
@ -656,12 +652,18 @@ type Checkpoint struct {
 // Runtime describes an OCI runtime
 type Runtime struct {
-	Path string   `json:"path"`
+	// "Legacy" runtime configuration for runc-compatible runtimes.
 	Path string   `json:"path,omitempty"`
 	Args []string `json:"runtimeArgs,omitempty"`
 	// Shimv2 runtime configuration. Mutually exclusive with the legacy config above.
 	Type    string                 `json:"runtimeType,omitempty"`
 	Options map[string]interface{} `json:"options,omitempty"`
 	// This is exposed here only for internal use
-	// It is not currently supported to specify custom shim configs
+	ShimConfig *ShimConfig `json:"-"`
 	Shim *ShimConfig `json:"-"`
 }
 // ShimConfig is used by runtime to configure containerd shims
--- a/vendor/github.com/docker/docker/api/types/volume/deprecated.go
+++ b/vendor/github.com/docker/docker/api/types/volume/deprecated.go
@ -1,11 +0,0 @@
 package volume // import "github.com/docker/docker/api/types/volume"
 // VolumeCreateBody Volume configuration
 //
 // Deprecated: use CreateOptions
 type VolumeCreateBody = CreateOptions
 // VolumeListOKBody Volume list response
 //
 // Deprecated: use ListResponse
 type VolumeListOKBody = ListResponse
--- a/vendor/github.com/docker/docker/client/build_prune.go
+++ b/vendor/github.com/docker/docker/client/build_prune.go
@ -3,8 +3,8 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net/url"
 	"strconv"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/filters"
@ -23,12 +23,12 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
 	if opts.All {
 		query.Set("all", "1")
 	}
-	query.Set("keep-storage", fmt.Sprintf("%d", opts.KeepStorage))
+	query.Set("keep-storage", strconv.Itoa(int(opts.KeepStorage)))
-	filters, err := filters.ToJSON(opts.Filters)
+	f, err := filters.ToJSON(opts.Filters)
 	if err != nil {
 		return nil, errors.Wrap(err, "prune could not marshal filters option")
 	}
-	query.Set("filters", filters)
+	query.Set("filters", f)
 	serverResp, err := cli.post(ctx, "/build/prune", query, nil, nil)
 	defer ensureReaderClosed(serverResp)
@ -38,7 +38,7 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
 	}
 	if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
-		return nil, fmt.Errorf("Error retrieving disk usage: %v", err)
+		return nil, errors.Wrap(err, "error retrieving disk usage")
 	}
 	return &report, nil
--- a/vendor/github.com/docker/docker/client/client.go
+++ b/vendor/github.com/docker/docker/client/client.go
@ -126,7 +126,12 @@ func CheckRedirect(req *http.Request, via []*http.Request) error {
 //		client.WithAPIVersionNegotiation(),
 //	)
 func NewClientWithOpts(ops ...Opt) (*Client, error) {
-	client, err := defaultHTTPClient(DefaultDockerHost)
+	hostURL, err := ParseHostURL(DefaultDockerHost)
 	if err != nil {
 		return nil, err
 	}
 	client, err := defaultHTTPClient(hostURL)
 	if err != nil {
 		return nil, err
 	}
@ -134,8 +139,8 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 		host:    DefaultDockerHost,
 		version: api.DefaultVersion,
 		client:  client,
-		proto:   defaultProto,
+		proto:   hostURL.Scheme,
-		addr:    defaultAddr,
+		addr:    hostURL.Host,
 	}
 	for _, op := range ops {
@ -161,13 +166,12 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) {
 	return c, nil
 }
-func defaultHTTPClient(host string) (*http.Client, error) {
+func defaultHTTPClient(hostURL *url.URL) (*http.Client, error) {
-	hostURL, err := ParseHostURL(host)
+	transport := &http.Transport{}
 	err := sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
 	if err != nil {
 		return nil, err
 	}
 	transport := &http.Transport{}
 	_ = sockets.ConfigureTransport(transport, hostURL.Scheme, hostURL.Host)
 	return &http.Client{
 		Transport:     transport,
 		CheckRedirect: CheckRedirect,
@ -283,13 +287,12 @@ func (cli *Client) HTTPClient() *http.Client {
 // ParseHostURL parses a url string, validates the string is a host url, and
 // returns the parsed URL
 func ParseHostURL(host string) (*url.URL, error) {
-	protoAddrParts := strings.SplitN(host, "://", 2)
+	proto, addr, ok := strings.Cut(host, "://")
-	if len(protoAddrParts) == 1 {
+	if !ok || addr == "" {
 		return nil, errors.Errorf("unable to parse docker host `%s`", host)
 	}
 	var basePath string
 	proto, addr := protoAddrParts[0], protoAddrParts[1]
 	if proto == "tcp" {
 		parsed, err := url.Parse("tcp://" + addr)
 		if err != nil {
--- a/vendor/github.com/docker/docker/client/client_unix.go
+++ b/vendor/github.com/docker/docker/client/client_unix.go
@ -1,11 +1,8 @@
-//go:build linux || freebsd || openbsd || netbsd || darwin || solaris || illumos || dragonfly
+//go:build !windows
-// +build linux freebsd openbsd netbsd darwin solaris illumos dragonfly
+// +build !windows
 package client // import "github.com/docker/docker/client"
 // DefaultDockerHost defines OS-specific default host if the DOCKER_HOST
 // (EnvOverrideHost) environment variable is unset or empty.
 const DefaultDockerHost = "unix:///var/run/docker.sock"
 const defaultProto = "unix"
 const defaultAddr = "/var/run/docker.sock"
--- a/vendor/github.com/docker/docker/client/client_windows.go
+++ b/vendor/github.com/docker/docker/client/client_windows.go
@ -3,6 +3,3 @@ package client // import "github.com/docker/docker/client"
 // DefaultDockerHost defines OS-specific default host if the DOCKER_HOST
 // (EnvOverrideHost) environment variable is unset or empty.
 const DefaultDockerHost = "npipe:////./pipe/docker_engine"
 const defaultProto = "npipe"
 const defaultAddr = "//./pipe/docker_engine"
--- a/vendor/github.com/docker/docker/client/container_diff.go
+++ b/vendor/github.com/docker/docker/client/container_diff.go
@ -9,8 +9,8 @@ import (
 )
 // ContainerDiff shows differences in a container filesystem since it was started.
-func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.ContainerChangeResponseItem, error) {
+func (cli *Client) ContainerDiff(ctx context.Context, containerID string) ([]container.FilesystemChange, error) {
-	var changes []container.ContainerChangeResponseItem
+	var changes []container.FilesystemChange
 	serverResp, err := cli.get(ctx, "/containers/"+containerID+"/changes", url.Values{}, nil)
 	defer ensureReaderClosed(serverResp)
--- a/vendor/github.com/docker/docker/client/distribution_inspect.go
+++ b/vendor/github.com/docker/docker/client/distribution_inspect.go
@ -5,13 +5,13 @@ import (
 	"encoding/json"
 	"net/url"
-	registrytypes "github.com/docker/docker/api/types/registry"
+	"github.com/docker/docker/api/types/registry"
 )
 // DistributionInspect returns the image digest with the full manifest.
-func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
+func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registry.DistributionInspect, error) {
 	// Contact the registry to retrieve digest and platform information
-	var distributionInspect registrytypes.DistributionInspect
+	var distributionInspect registry.DistributionInspect
 	if image == "" {
 		return distributionInspect, objectNotFoundError{object: "distribution", id: image}
 	}
@ -23,7 +23,7 @@ func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegist
 	if encodedRegistryAuth != "" {
 		headers = map[string][]string{
-			"X-Registry-Auth": {encodedRegistryAuth},
+			registry.AuthHeader: {encodedRegistryAuth},
 		}
 	}
--- a/vendor/github.com/docker/docker/client/errors.go
+++ b/vendor/github.com/docker/docker/client/errors.go
@ -58,31 +58,6 @@ func (e objectNotFoundError) Error() string {
 	return fmt.Sprintf("Error: No such %s: %s", e.object, e.id)
 }
 // IsErrUnauthorized returns true if the error is caused
 // when a remote registry authentication fails
 //
 // Deprecated: use errdefs.IsUnauthorized
 func IsErrUnauthorized(err error) bool {
 	return errdefs.IsUnauthorized(err)
 }
 type pluginPermissionDenied struct {
 	name string
 }
 func (e pluginPermissionDenied) Error() string {
 	return "Permission denied while installing plugin " + e.name
 }
 // IsErrNotImplemented returns true if the error is a NotImplemented error.
 // This is returned by the API when a requested feature has not been
 // implemented.
 //
 // Deprecated: use errdefs.IsNotImplemented
 func IsErrNotImplemented(err error) bool {
 	return errdefs.IsNotImplemented(err)
 }
 // NewVersionError returns an error if the APIVersion required
 // if less than the current supported version
 func (cli *Client) NewVersionError(APIrequired, feature string) error {
--- a/vendor/github.com/docker/docker/client/image_create.go
+++ b/vendor/github.com/docker/docker/client/image_create.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 )
 // ImageCreate creates a new image based on the parent options.
@ -32,6 +33,6 @@ func (cli *Client) ImageCreate(ctx context.Context, parentReference string, opti
 }
 func (cli *Client) tryImageCreate(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/images/create", query, nil, headers)
 }
--- a/vendor/github.com/docker/docker/client/image_push.go
+++ b/vendor/github.com/docker/docker/client/image_push.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 )
@ -49,6 +50,6 @@ func (cli *Client) ImagePush(ctx context.Context, image string, options types.Im
 }
 func (cli *Client) tryImagePush(ctx context.Context, imageID string, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/images/"+imageID+"/push", query, nil, headers)
 }
--- a/vendor/github.com/docker/docker/client/image_search.go
+++ b/vendor/github.com/docker/docker/client/image_search.go
@ -48,6 +48,6 @@ func (cli *Client) ImageSearch(ctx context.Context, term string, options types.I
 }
 func (cli *Client) tryImageSearch(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.get(ctx, "/images/search", query, headers)
 }
--- a/vendor/github.com/docker/docker/client/interface.go
+++ b/vendor/github.com/docker/docker/client/interface.go
@ -48,7 +48,7 @@ type ContainerAPIClient interface {
 	ContainerAttach(ctx context.Context, container string, options types.ContainerAttachOptions) (types.HijackedResponse, error)
 	ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error)
 	ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.CreateResponse, error)
-	ContainerDiff(ctx context.Context, container string) ([]container.ContainerChangeResponseItem, error)
+	ContainerDiff(ctx context.Context, container string) ([]container.FilesystemChange, error)
 	ContainerExecAttach(ctx context.Context, execID string, config types.ExecStartCheck) (types.HijackedResponse, error)
 	ContainerExecCreate(ctx context.Context, container string, config types.ExecConfig) (types.IDResponse, error)
 	ContainerExecInspect(ctx context.Context, execID string) (types.ContainerExecInspect, error)
@ -166,7 +166,7 @@ type SwarmAPIClient interface {
 type SystemAPIClient interface {
 	Events(ctx context.Context, options types.EventsOptions) (<-chan events.Message, <-chan error)
 	Info(ctx context.Context) (types.Info, error)
-	RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error)
+	RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error)
 	DiskUsage(ctx context.Context, options types.DiskUsageOptions) (types.DiskUsage, error)
 	Ping(ctx context.Context) (types.Ping, error)
 }
@ -176,7 +176,7 @@ type VolumeAPIClient interface {
 	VolumeCreate(ctx context.Context, options volume.CreateOptions) (volume.Volume, error)
 	VolumeInspect(ctx context.Context, volumeID string) (volume.Volume, error)
 	VolumeInspectWithRaw(ctx context.Context, volumeID string) (volume.Volume, []byte, error)
-	VolumeList(ctx context.Context, filter filters.Args) (volume.ListResponse, error)
+	VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error)
 	VolumeRemove(ctx context.Context, volumeID string, force bool) error
 	VolumesPrune(ctx context.Context, pruneFilter filters.Args) (types.VolumesPruneReport, error)
 	VolumeUpdate(ctx context.Context, volumeID string, version swarm.Version, options volume.UpdateOptions) error
--- a/vendor/github.com/docker/docker/client/login.go
+++ b/vendor/github.com/docker/docker/client/login.go
@ -5,13 +5,12 @@ import (
 	"encoding/json"
 	"net/url"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 )
 // RegistryLogin authenticates the docker server with a given docker registry.
 // It returns unauthorizedError when the authentication fails.
-func (cli *Client) RegistryLogin(ctx context.Context, auth types.AuthConfig) (registry.AuthenticateOKBody, error) {
+func (cli *Client) RegistryLogin(ctx context.Context, auth registry.AuthConfig) (registry.AuthenticateOKBody, error) {
 	resp, err := cli.post(ctx, "/auth", url.Values{}, auth, nil)
 	defer ensureReaderClosed(resp)
--- a/vendor/github.com/docker/docker/client/ping.go
+++ b/vendor/github.com/docker/docker/client/ping.go
@ -64,10 +64,10 @@ func parsePingResponse(cli *Client, resp serverResponse) (types.Ping, error) {
 		ping.BuilderVersion = types.BuilderVersion(bv)
 	}
 	if si := resp.header.Get("Swarm"); si != "" {
-		parts := strings.SplitN(si, "/", 2)
+		state, role, _ := strings.Cut(si, "/")
 		ping.SwarmStatus = &swarm.Status{
-			NodeState:        swarm.LocalNodeState(parts[0]),
+			NodeState:        swarm.LocalNodeState(state),
-			ControlAvailable: len(parts) == 2 && parts[1] == "manager",
+			ControlAvailable: role == "manager",
 		}
 	}
 	err := cli.checkResponseErr(resp)
--- a/vendor/github.com/docker/docker/client/plugin_install.go
+++ b/vendor/github.com/docker/docker/client/plugin_install.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/errdefs"
 	"github.com/pkg/errors"
 )
@ -67,12 +68,12 @@ func (cli *Client) PluginInstall(ctx context.Context, name string, options types
 }
 func (cli *Client) tryPluginPrivileges(ctx context.Context, query url.Values, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.get(ctx, "/plugins/privileges", query, headers)
 }
 func (cli *Client) tryPluginPull(ctx context.Context, query url.Values, privileges types.PluginPrivileges, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/plugins/pull", query, privileges, headers)
 }
@ -106,7 +107,7 @@ func (cli *Client) checkPluginPermissions(ctx context.Context, query url.Values,
 			return nil, err
 		}
 		if !accept {
-			return nil, pluginPermissionDenied{options.RemoteRef}
+			return nil, errors.Errorf("permission denied while installing plugin %s", options.RemoteRef)
 		}
 	}
 	return privileges, nil
--- a/vendor/github.com/docker/docker/client/plugin_push.go
+++ b/vendor/github.com/docker/docker/client/plugin_push.go
@ -3,11 +3,13 @@ package client // import "github.com/docker/docker/client"
 import (
 	"context"
 	"io"
 	"github.com/docker/docker/api/types/registry"
 )
 // PluginPush pushes a plugin to a registry
 func (cli *Client) PluginPush(ctx context.Context, name string, registryAuth string) (io.ReadCloser, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	resp, err := cli.post(ctx, "/plugins/"+name+"/push", nil, nil, headers)
 	if err != nil {
 		return nil, err
--- a/vendor/github.com/docker/docker/client/plugin_upgrade.go
+++ b/vendor/github.com/docker/docker/client/plugin_upgrade.go
@ -7,6 +7,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/pkg/errors"
 )
@ -34,6 +35,6 @@ func (cli *Client) PluginUpgrade(ctx context.Context, name string, options types
 }
 func (cli *Client) tryPluginUpgrade(ctx context.Context, query url.Values, privileges types.PluginPrivileges, name, registryAuth string) (serverResponse, error) {
-	headers := map[string][]string{"X-Registry-Auth": {registryAuth}}
+	headers := map[string][]string{registry.AuthHeader: {registryAuth}}
 	return cli.post(ctx, "/plugins/"+name+"/upgrade", query, privileges, headers)
 }
--- a/vendor/github.com/docker/docker/client/service_create.go
+++ b/vendor/github.com/docker/docker/client/service_create.go
@ -8,6 +8,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
@ -21,7 +22,7 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,
 	}
 	if options.EncodedRegistryAuth != "" {
-		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
+		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
 	}
 	// Make sure containerSpec is not nil when no runtime is set or the runtime is set to container
--- a/vendor/github.com/docker/docker/client/service_update.go
+++ b/vendor/github.com/docker/docker/client/service_update.go
@ -6,6 +6,7 @@ import (
 	"net/url"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/api/types/swarm"
 )
@ -23,7 +24,7 @@ func (cli *Client) ServiceUpdate(ctx context.Context, serviceID string, version
 	}
 	if options.EncodedRegistryAuth != "" {
-		headers["X-Registry-Auth"] = []string{options.EncodedRegistryAuth}
+		headers[registry.AuthHeader] = []string{options.EncodedRegistryAuth}
 	}
 	if options.RegistryAuthFrom != "" {
--- a/vendor/github.com/docker/docker/client/volume_list.go
+++ b/vendor/github.com/docker/docker/client/volume_list.go
@ -10,13 +10,13 @@ import (
 )
 // VolumeList returns the volumes configured in the docker host.
-func (cli *Client) VolumeList(ctx context.Context, filter filters.Args) (volume.ListResponse, error) {
+func (cli *Client) VolumeList(ctx context.Context, options volume.ListOptions) (volume.ListResponse, error) {
 	var volumes volume.ListResponse
 	query := url.Values{}
-	if filter.Len() > 0 {
+	if options.Filters.Len() > 0 {
 		//nolint:staticcheck // ignore SA1019 for old code
-		filterJSON, err := filters.ToParamWithVersion(cli.version, filter)
+		filterJSON, err := filters.ToParamWithVersion(cli.version, options.Filters)
 		if err != nil {
 			return volumes, err
 		}
--- a/vendor/github.com/go-chi/chi/.gitignore
+++ b/vendor/github.com/go-chi/chi/.gitignore
@ -1,3 +0,0 @@
 .idea
 *.sw?
 .vscode
--- a/vendor/github.com/go-chi/chi/.travis.yml
+++ b/vendor/github.com/go-chi/chi/.travis.yml
@ -1,20 +0,0 @@
 language: go
 go:
  - 1.10.x
  - 1.11.x
  - 1.12.x
  - 1.13.x
  - 1.14.x
 script:
  - go get -d -t ./...
  - go vet ./...
  - go test ./...
  - >
    go_version=$(go version);
    if [ ${go_version:13:4} = "1.12" ]; then
      go get -u golang.org/x/tools/cmd/goimports;
      goimports -d -e ./ | grep '.*' && { echo; echo "Aborting due to non-empty goimports output."; exit 1; } || :;
    fi
--- a/vendor/github.com/go-chi/chi/CHANGELOG.md
+++ b/vendor/github.com/go-chi/chi/CHANGELOG.md
@ -1,190 +0,0 @@
 # Changelog
 ## v4.1.2 (2020-06-02)
 - fix that handles MethodNotAllowed with path variables, thank you @caseyhadden for your contribution
 - fix to replace nested wildcards correctly in RoutePattern, thank you @@unmultimedio for your contribution
 - History of changes: see https://github.com/go-chi/chi/compare/v4.1.1...v4.1.2
 ## v4.1.1 (2020-04-16)
 - fix for issue https://github.com/go-chi/chi/issues/411 which allows for overlapping regexp
  route to the correct handler through a recursive tree search, thanks to @Jahaja for the PR/fix!
 - new middleware.RouteHeaders as a simple router for request headers with wildcard support
 - History of changes: see https://github.com/go-chi/chi/compare/v4.1.0...v4.1.1
 ## v4.1.0 (2020-04-1)
 - middleware.LogEntry: Write method on interface now passes the response header
  and an extra interface type useful for custom logger implementations.
 - middleware.WrapResponseWriter: minor fix
 - middleware.Recoverer: a bit prettier
 - History of changes: see https://github.com/go-chi/chi/compare/v4.0.4...v4.1.0
 ## v4.0.4 (2020-03-24)
 - middleware.Recoverer: new pretty stack trace printing (https://github.com/go-chi/chi/pull/496)
 - a few minor improvements and fixes
 - History of changes: see https://github.com/go-chi/chi/compare/v4.0.3...v4.0.4
 ## v4.0.3 (2020-01-09)
 - core: fix regexp routing to include default value when param is not matched
 - middleware: rewrite of middleware.Compress
 - middleware: suppress http.ErrAbortHandler in middleware.Recoverer
 - History of changes: see https://github.com/go-chi/chi/compare/v4.0.2...v4.0.3
 ## v4.0.2 (2019-02-26)
 - Minor fixes
 - History of changes: see https://github.com/go-chi/chi/compare/v4.0.1...v4.0.2
 ## v4.0.1 (2019-01-21)
 - Fixes issue with compress middleware: #382 #385
 - History of changes: see https://github.com/go-chi/chi/compare/v4.0.0...v4.0.1
 ## v4.0.0 (2019-01-10)
 - chi v4 requires Go 1.10.3+ (or Go 1.9.7+) - we have deprecated support for Go 1.7 and 1.8
 - router: respond with 404 on router with no routes (#362)
 - router: additional check to ensure wildcard is at the end of a url pattern (#333)
 - middleware: deprecate use of http.CloseNotifier (#347)
 - middleware: fix RedirectSlashes to include query params on redirect (#334)
 - History of changes: see https://github.com/go-chi/chi/compare/v3.3.4...v4.0.0
 ## v3.3.4 (2019-01-07)
 - Minor middleware improvements. No changes to core library/router. Moving v3 into its
 - own branch as a version of chi for Go 1.7, 1.8, 1.9, 1.10, 1.11
 - History of changes: see https://github.com/go-chi/chi/compare/v3.3.3...v3.3.4
 ## v3.3.3 (2018-08-27)
 - Minor release
 - See https://github.com/go-chi/chi/compare/v3.3.2...v3.3.3
 ## v3.3.2 (2017-12-22)
 - Support to route trailing slashes on mounted sub-routers (#281)
 - middleware: new `ContentCharset` to check matching charsets. Thank you
  @csucu for your community contribution!
 ## v3.3.1 (2017-11-20)
 - middleware: new `AllowContentType` handler for explicit whitelist of accepted request Content-Types
 - middleware: new `SetHeader` handler for short-hand middleware to set a response header key/value
 - Minor bug fixes
 ## v3.3.0 (2017-10-10)
 - New chi.RegisterMethod(method) to add support for custom HTTP methods, see _examples/custom-method for usage
 - Deprecated LINK and UNLINK methods from the default list, please use `chi.RegisterMethod("LINK")` and `chi.RegisterMethod("UNLINK")` in an `init()` function
 ## v3.2.1 (2017-08-31)
 - Add new `Match(rctx *Context, method, path string) bool` method to `Routes` interface
  and `Mux`. Match searches the mux's routing tree for a handler that matches the method/path
 - Add new `RouteMethod` to `*Context`
 - Add new `Routes` pointer to `*Context`
 - Add new `middleware.GetHead` to route missing HEAD requests to GET handler
 - Updated benchmarks (see README)
 ## v3.1.5 (2017-08-02)
 - Setup golint and go vet for the project
 - As per golint, we've redefined `func ServerBaseContext(h http.Handler, baseCtx context.Context) http.Handler`
  to `func ServerBaseContext(baseCtx context.Context, h http.Handler) http.Handler`
 ## v3.1.0 (2017-07-10)
 - Fix a few minor issues after v3 release
 - Move `docgen` sub-pkg to https://github.com/go-chi/docgen
 - Move `render` sub-pkg to https://github.com/go-chi/render
 - Add new `URLFormat` handler to chi/middleware sub-pkg to make working with url mime 
  suffixes easier, ie. parsing `/articles/1.json` and `/articles/1.xml`. See comments in
  https://github.com/go-chi/chi/blob/master/middleware/url_format.go for example usage.
 ## v3.0.0 (2017-06-21)
 - Major update to chi library with many exciting updates, but also some *breaking changes*
 - URL parameter syntax changed from `/:id` to `/{id}` for even more flexible routing, such as
  `/articles/{month}-{day}-{year}-{slug}`, `/articles/{id}`, and `/articles/{id}.{ext}` on the
  same router
 - Support for regexp for routing patterns, in the form of `/{paramKey:regExp}` for example:
  `r.Get("/articles/{name:[a-z]+}", h)` and `chi.URLParam(r, "name")`
 - Add `Method` and `MethodFunc` to `chi.Router` to allow routing definitions such as
  `r.Method("GET", "/", h)` which provides a cleaner interface for custom handlers like
  in `_examples/custom-handler`
 - Deprecating `mux#FileServer` helper function. Instead, we encourage users to create their
  own using file handler with the stdlib, see `_examples/fileserver` for an example
 - Add support for LINK/UNLINK http methods via `r.Method()` and `r.MethodFunc()`
 - Moved the chi project to its own organization, to allow chi-related community packages to
  be easily discovered and supported, at: https://github.com/go-chi
 - *NOTE:* please update your import paths to `"github.com/go-chi/chi"`
 - *NOTE:* chi v2 is still available at https://github.com/go-chi/chi/tree/v2
 ## v2.1.0 (2017-03-30)
 - Minor improvements and update to the chi core library
 - Introduced a brand new `chi/render` sub-package to complete the story of building
  APIs to offer a pattern for managing well-defined request / response payloads. Please
  check out the updated `_examples/rest` example for how it works.
 - Added `MethodNotAllowed(h http.HandlerFunc)` to chi.Router interface
 ## v2.0.0 (2017-01-06)
 - After many months of v2 being in an RC state with many companies and users running it in
  production, the inclusion of some improvements to the middlewares, we are very pleased to
  announce v2.0.0 of chi.
 ## v2.0.0-rc1 (2016-07-26)
 - Huge update! chi v2 is a large refactor targetting Go 1.7+. As of Go 1.7, the popular
  community `"net/context"` package has been included in the standard library as `"context"` and
  utilized by `"net/http"` and `http.Request` to managing deadlines, cancelation signals and other
  request-scoped values. We're very excited about the new context addition and are proud to
  introduce chi v2, a minimal and powerful routing package for building large HTTP services,
  with zero external dependencies. Chi focuses on idiomatic design and encourages the use of 
  stdlib HTTP handlers and middlwares.
 - chi v2 deprecates its `chi.Handler` interface and requires `http.Handler` or `http.HandlerFunc`
 - chi v2 stores URL routing parameters and patterns in the standard request context: `r.Context()`
 - chi v2 lower-level routing context is accessible by `chi.RouteContext(r.Context()) *chi.Context`,
  which provides direct access to URL routing parameters, the routing path and the matching
  routing patterns.
 - Users upgrading from chi v1 to v2, need to:
  1. Update the old chi.Handler signature, `func(ctx context.Context, w http.ResponseWriter, r *http.Request)` to
     the standard http.Handler: `func(w http.ResponseWriter, r *http.Request)`
  2. Use `chi.URLParam(r *http.Request, paramKey string) string`
     or `URLParamFromCtx(ctx context.Context, paramKey string) string` to access a url parameter value
 ## v1.0.0 (2016-07-01)
 - Released chi v1 stable https://github.com/go-chi/chi/tree/v1.0.0 for Go 1.6 and older.
 ## v0.9.0 (2016-03-31)
 - Reuse context objects via sync.Pool for zero-allocation routing [#33](https://github.com/go-chi/chi/pull/33)
 - BREAKING NOTE: due to subtle API changes, previously `chi.URLParams(ctx)["id"]` used to access url parameters
  has changed to: `chi.URLParam(ctx, "id")`
--- a/vendor/github.com/go-chi/chi/CONTRIBUTING.md
+++ b/vendor/github.com/go-chi/chi/CONTRIBUTING.md
@ -1,31 +0,0 @@
 # Contributing
 ## Prerequisites
 1. [Install Go][go-install].
 2. Download the sources and switch the working directory:
    ```bash
    go get -u -d github.com/go-chi/chi
    cd $GOPATH/src/github.com/go-chi/chi
    ```
 ## Submitting a Pull Request
 A typical workflow is:
 1. [Fork the repository.][fork] [This tip maybe also helpful.][go-fork-tip]
 2. [Create a topic branch.][branch]
 3. Add tests for your change.
 4. Run `go test`. If your tests pass, return to the step 3.
 5. Implement the change and ensure the steps from the previous step pass.
 6. Run `goimports -w .`, to ensure the new code conforms to Go formatting guideline.
 7. [Add, commit and push your changes.][git-help]
 8. [Submit a pull request.][pull-req]
 [go-install]: https://golang.org/doc/install
 [go-fork-tip]: http://blog.campoy.cat/2014/03/github-and-go-forking-pull-requests-and.html
 [fork]: https://help.github.com/articles/fork-a-repo
 [branch]: http://learn.github.com/p/branching.html
 [git-help]: https://guides.github.com
 [pull-req]: https://help.github.com/articles/using-pull-requests
--- a/vendor/github.com/go-chi/chi/LICENSE
+++ b/vendor/github.com/go-chi/chi/LICENSE
@ -1,20 +0,0 @@
 Copyright (c) 2015-present Peter Kieltyka (https://github.com/pkieltyka), Google Inc.
 MIT License
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
 the Software without restriction, including without limitation the rights to
 use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 the Software, and to permit persons to whom the Software is furnished to do so,
 subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
 FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
 COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--- a/vendor/github.com/go-chi/chi/README.md
+++ b/vendor/github.com/go-chi/chi/README.md
@ -1,441 +0,0 @@
 # <img alt="chi" src="https://cdn.rawgit.com/go-chi/chi/master/_examples/chi.svg" width="220" />
 [![GoDoc Widget]][GoDoc] [![Travis Widget]][Travis]
 `chi` is a lightweight, idiomatic and composable router for building Go HTTP services. It's
 especially good at helping you write large REST API services that are kept maintainable as your
 project grows and changes. `chi` is built on the new `context` package introduced in Go 1.7 to
 handle signaling, cancelation and request-scoped values across a handler chain.
 The focus of the project has been to seek out an elegant and comfortable design for writing
 REST API servers, written during the development of the Pressly API service that powers our
 public API service, which in turn powers all of our client-side applications.
 The key considerations of chi's design are: project structure, maintainability, standard http
 handlers (stdlib-only), developer productivity, and deconstructing a large system into many small
 parts. The core router `github.com/go-chi/chi` is quite small (less than 1000 LOC), but we've also
 included some useful/optional subpackages: [middleware](/middleware), [render](https://github.com/go-chi/render) and [docgen](https://github.com/go-chi/docgen). We hope you enjoy it too!
 ## Install
 `go get -u github.com/go-chi/chi`
 ## Features
 * **Lightweight** - cloc'd in ~1000 LOC for the chi router
 * **Fast** - yes, see [benchmarks](#benchmarks)
 * **100% compatible with net/http** - use any http or middleware pkg in the ecosystem that is also compatible with `net/http`
 * **Designed for modular/composable APIs** - middlewares, inline middlewares, route groups and subrouter mounting
 * **Context control** - built on new `context` package, providing value chaining, cancellations and timeouts
 * **Robust** - in production at Pressly, CloudFlare, Heroku, 99Designs, and many others (see [discussion](https://github.com/go-chi/chi/issues/91))
 * **Doc generation** - `docgen` auto-generates routing documentation from your source to JSON or Markdown
 * **No external dependencies** - plain ol' Go stdlib + net/http
 ## Examples
 See [_examples/](https://github.com/go-chi/chi/blob/master/_examples/) for a variety of examples.
 **As easy as:**
 ```go
 package main
 import (
 	"net/http"
 	"github.com/go-chi/chi"
 	"github.com/go-chi/chi/middleware"
 )
 func main() {
 	r := chi.NewRouter()
 	r.Use(middleware.Logger)
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte("welcome"))
 	})
 	http.ListenAndServe(":3000", r)
 }
 ```
 **REST Preview:**
 Here is a little preview of how routing looks like with chi. Also take a look at the generated routing docs
 in JSON ([routes.json](https://github.com/go-chi/chi/blob/master/_examples/rest/routes.json)) and in
 Markdown ([routes.md](https://github.com/go-chi/chi/blob/master/_examples/rest/routes.md)).
 I highly recommend reading the source of the [examples](https://github.com/go-chi/chi/blob/master/_examples/) listed
 above, they will show you all the features of chi and serve as a good form of documentation.
 ```go
 import (
  //...
  "context"
  "github.com/go-chi/chi"
  "github.com/go-chi/chi/middleware"
 )
 func main() {
  r := chi.NewRouter()
  // A good base middleware stack
  r.Use(middleware.RequestID)
  r.Use(middleware.RealIP)
  r.Use(middleware.Logger)
  r.Use(middleware.Recoverer)
  // Set a timeout value on the request context (ctx), that will signal
  // through ctx.Done() that the request has timed out and further
  // processing should be stopped.
  r.Use(middleware.Timeout(60 * time.Second))
  r.Get("/", func(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("hi"))
  })
  // RESTy routes for "articles" resource
  r.Route("/articles", func(r chi.Router) {
    r.With(paginate).Get("/", listArticles)                           // GET /articles
    r.With(paginate).Get("/{month}-{day}-{year}", listArticlesByDate) // GET /articles/01-16-2017
    r.Post("/", createArticle)                                        // POST /articles
    r.Get("/search", searchArticles)                                  // GET /articles/search
    // Regexp url parameters:
    r.Get("/{articleSlug:[a-z-]+}", getArticleBySlug)                // GET /articles/home-is-toronto
    // Subrouters:
    r.Route("/{articleID}", func(r chi.Router) {
      r.Use(ArticleCtx)
      r.Get("/", getArticle)                                          // GET /articles/123
      r.Put("/", updateArticle)                                       // PUT /articles/123
      r.Delete("/", deleteArticle)                                    // DELETE /articles/123
    })
  })
  // Mount the admin sub-router
  r.Mount("/admin", adminRouter())
  http.ListenAndServe(":3333", r)
 }
 func ArticleCtx(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    articleID := chi.URLParam(r, "articleID")
    article, err := dbGetArticle(articleID)
    if err != nil {
      http.Error(w, http.StatusText(404), 404)
      return
    }
    ctx := context.WithValue(r.Context(), "article", article)
    next.ServeHTTP(w, r.WithContext(ctx))
  })
 }
 func getArticle(w http.ResponseWriter, r *http.Request) {
  ctx := r.Context()
  article, ok := ctx.Value("article").(*Article)
  if !ok {
    http.Error(w, http.StatusText(422), 422)
    return
  }
  w.Write([]byte(fmt.Sprintf("title:%s", article.Title)))
 }
 // A completely separate router for administrator routes
 func adminRouter() http.Handler {
  r := chi.NewRouter()
  r.Use(AdminOnly)
  r.Get("/", adminIndex)
  r.Get("/accounts", adminListAccounts)
  return r
 }
 func AdminOnly(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    ctx := r.Context()
    perm, ok := ctx.Value("acl.permission").(YourPermissionType)
    if !ok || !perm.IsAdmin() {
      http.Error(w, http.StatusText(403), 403)
      return
    }
    next.ServeHTTP(w, r)
  })
 }
 ```
 ## Router design
 chi's router is based on a kind of [Patricia Radix trie](https://en.wikipedia.org/wiki/Radix_tree).
 The router is fully compatible with `net/http`.
 Built on top of the tree is the `Router` interface:
 ```go
 // Router consisting of the core routing methods used by chi's Mux,
 // using only the standard net/http.
 type Router interface {
 	http.Handler
 	Routes
 	// Use appends one or more middlewares onto the Router stack.
 	Use(middlewares ...func(http.Handler) http.Handler)
 	// With adds inline middlewares for an endpoint handler.
 	With(middlewares ...func(http.Handler) http.Handler) Router
 	// Group adds a new inline-Router along the current routing
 	// path, with a fresh middleware stack for the inline-Router.
 	Group(fn func(r Router)) Router
 	// Route mounts a sub-Router along a `pattern`` string.
 	Route(pattern string, fn func(r Router)) Router
 	// Mount attaches another http.Handler along ./pattern/*
 	Mount(pattern string, h http.Handler)
 	// Handle and HandleFunc adds routes for `pattern` that matches
 	// all HTTP methods.
 	Handle(pattern string, h http.Handler)
 	HandleFunc(pattern string, h http.HandlerFunc)
 	// Method and MethodFunc adds routes for `pattern` that matches
 	// the `method` HTTP method.
 	Method(method, pattern string, h http.Handler)
 	MethodFunc(method, pattern string, h http.HandlerFunc)
 	// HTTP-method routing along `pattern`
 	Connect(pattern string, h http.HandlerFunc)
 	Delete(pattern string, h http.HandlerFunc)
 	Get(pattern string, h http.HandlerFunc)
 	Head(pattern string, h http.HandlerFunc)
 	Options(pattern string, h http.HandlerFunc)
 	Patch(pattern string, h http.HandlerFunc)
 	Post(pattern string, h http.HandlerFunc)
 	Put(pattern string, h http.HandlerFunc)
 	Trace(pattern string, h http.HandlerFunc)
 	// NotFound defines a handler to respond whenever a route could
 	// not be found.
 	NotFound(h http.HandlerFunc)
 	// MethodNotAllowed defines a handler to respond whenever a method is
 	// not allowed.
 	MethodNotAllowed(h http.HandlerFunc)
 }
 // Routes interface adds two methods for router traversal, which is also
 // used by the github.com/go-chi/docgen package to generate documentation for Routers.
 type Routes interface {
 	// Routes returns the routing tree in an easily traversable structure.
 	Routes() []Route
 	// Middlewares returns the list of middlewares in use by the router.
 	Middlewares() Middlewares
 	// Match searches the routing tree for a handler that matches
 	// the method/path - similar to routing a http request, but without
 	// executing the handler thereafter.
 	Match(rctx *Context, method, path string) bool
 }
 ```
 Each routing method accepts a URL `pattern` and chain of `handlers`. The URL pattern
 supports named params (ie. `/users/{userID}`) and wildcards (ie. `/admin/*`). URL parameters
 can be fetched at runtime by calling `chi.URLParam(r, "userID")` for named parameters
 and `chi.URLParam(r, "*")` for a wildcard parameter.
 ### Middleware handlers
 chi's middlewares are just stdlib net/http middleware handlers. There is nothing special
 about them, which means the router and all the tooling is designed to be compatible and
 friendly with any middleware in the community. This offers much better extensibility and reuse
 of packages and is at the heart of chi's purpose.
 Here is an example of a standard net/http middleware handler using the new request context
 available in Go. This middleware sets a hypothetical user identifier on the request
 context and calls the next handler in the chain.
 ```go
 // HTTP middleware setting a value on the request context
 func MyMiddleware(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    ctx := context.WithValue(r.Context(), "user", "123")
    next.ServeHTTP(w, r.WithContext(ctx))
  })
 }
 ```
 ### Request handlers
 chi uses standard net/http request handlers. This little snippet is an example of a http.Handler
 func that reads a user identifier from the request context - hypothetically, identifying
 the user sending an authenticated request, validated+set by a previous middleware handler.
 ```go
 // HTTP handler accessing data from the request context.
 func MyRequestHandler(w http.ResponseWriter, r *http.Request) {
  user := r.Context().Value("user").(string)
  w.Write([]byte(fmt.Sprintf("hi %s", user)))
 }
 ```
 ### URL parameters
 chi's router parses and stores URL parameters right onto the request context. Here is
 an example of how to access URL params in your net/http handlers. And of course, middlewares
 are able to access the same information.
 ```go
 // HTTP handler accessing the url routing parameters.
 func MyRequestHandler(w http.ResponseWriter, r *http.Request) {
  userID := chi.URLParam(r, "userID") // from a route like /users/{userID}
  ctx := r.Context()
  key := ctx.Value("key").(string)
  w.Write([]byte(fmt.Sprintf("hi %v, %v", userID, key)))
 }
 ```
 ## Middlewares
 chi comes equipped with an optional `middleware` package, providing a suite of standard
 `net/http` middlewares. Please note, any middleware in the ecosystem that is also compatible
 with `net/http` can be used with chi's mux.
 ### Core middlewares
 -----------------------------------------------------------------------------------------------------------
 | chi/middleware Handler | description                                                                    |
 |:----------------------|:---------------------------------------------------------------------------------
 | AllowContentType      | Explicit whitelist of accepted request Content-Types                            |
 | BasicAuth             | Basic HTTP authentication                                                       |
 | Compress              | Gzip compression for clients that accept compressed responses                   |
 | GetHead               | Automatically route undefined HEAD requests to GET handlers                     |
 | Heartbeat             | Monitoring endpoint to check the servers pulse                                  |
 | Logger                | Logs the start and end of each request with the elapsed processing time         |
 | NoCache               | Sets response headers to prevent clients from caching                           |
 | Profiler              | Easily attach net/http/pprof to your routers                                    |
 | RealIP                | Sets a http.Request's RemoteAddr to either X-Forwarded-For or X-Real-IP         |
 | Recoverer             | Gracefully absorb panics and prints the stack trace                             |
 | RequestID             | Injects a request ID into the context of each request                           |
 | RedirectSlashes       | Redirect slashes on routing paths                                               |
 | SetHeader             | Short-hand middleware to set a response header key/value                        |
 | StripSlashes          | Strip slashes on routing paths                                                  |
 | Throttle              | Puts a ceiling on the number of concurrent requests                             |
 | Timeout               | Signals to the request context when the timeout deadline is reached             |
 | URLFormat             | Parse extension from url and put it on request context                          |
 | WithValue             | Short-hand middleware to set a key/value on the request context                 |
 -----------------------------------------------------------------------------------------------------------
 ### Extra middlewares & packages
 Please see https://github.com/go-chi for additional packages.
 --------------------------------------------------------------------------------------------------------------------
 | package                                            | description                                                 |
 |:---------------------------------------------------|:-------------------------------------------------------------
 | [cors](https://github.com/go-chi/cors)             | Cross-origin resource sharing (CORS)                        |
 | [docgen](https://github.com/go-chi/docgen)         | Print chi.Router routes at runtime                          |
 | [jwtauth](https://github.com/go-chi/jwtauth)       | JWT authentication                                          |
 | [hostrouter](https://github.com/go-chi/hostrouter) | Domain/host based request routing                           |
 | [httplog](https://github.com/go-chi/httplog)       | Small but powerful structured HTTP request logging          |
 | [httprate](https://github.com/go-chi/httprate)     | HTTP request rate limiter                                   |
 | [httptracer](https://github.com/go-chi/httptracer) | HTTP request performance tracing library                    |
 | [httpvcr](https://github.com/go-chi/httpvcr)       | Write deterministic tests for external sources              |
 | [stampede](https://github.com/go-chi/stampede)     | HTTP request coalescer                                      |
 --------------------------------------------------------------------------------------------------------------------
 please [submit a PR](./CONTRIBUTING.md) if you'd like to include a link to a chi-compatible middleware
 ## context?
 `context` is a tiny pkg that provides simple interface to signal context across call stacks
 and goroutines. It was originally written by [Sameer Ajmani](https://github.com/Sajmani)
 and is available in stdlib since go1.7.
 Learn more at https://blog.golang.org/context
 and..
 * Docs: https://golang.org/pkg/context
 * Source: https://github.com/golang/go/tree/master/src/context
 ## Benchmarks
 The benchmark suite: https://github.com/pkieltyka/go-http-routing-benchmark
 Results as of Jan 9, 2019 with Go 1.11.4 on Linux X1 Carbon laptop
 ```shell
 BenchmarkChi_Param            3000000         475 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_Param5           2000000         696 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_Param20          1000000        1275 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_ParamWrite       3000000         505 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GithubStatic     3000000         508 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GithubParam      2000000         669 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GithubAll          10000      134627 ns/op     87699 B/op    609 allocs/op
 BenchmarkChi_GPlusStatic      3000000         402 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GPlusParam       3000000         500 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GPlus2Params     3000000         586 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_GPlusAll          200000        7237 ns/op      5616 B/op     39 allocs/op
 BenchmarkChi_ParseStatic      3000000         408 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_ParseParam       3000000         488 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_Parse2Params     3000000         551 ns/op       432 B/op      3 allocs/op
 BenchmarkChi_ParseAll          100000       13508 ns/op     11232 B/op     78 allocs/op
 BenchmarkChi_StaticAll          20000       81933 ns/op     67826 B/op    471 allocs/op
 ```
 Comparison with other routers: https://gist.github.com/pkieltyka/123032f12052520aaccab752bd3e78cc
 NOTE: the allocs in the benchmark above are from the calls to http.Request's
 `WithContext(context.Context)` method that clones the http.Request, sets the `Context()`
 on the duplicated (alloc'd) request and returns it the new request object. This is just
 how setting context on a request in Go works.
 ## Credits
 * Carl Jackson for https://github.com/zenazn/goji
  * Parts of chi's thinking comes from goji, and chi's middleware package
    sources from goji.
 * Armon Dadgar for https://github.com/armon/go-radix
 * Contributions: [@VojtechVitek](https://github.com/VojtechVitek)
 We'll be more than happy to see [your contributions](./CONTRIBUTING.md)!
 ## Beyond REST
 chi is just a http router that lets you decompose request handling into many smaller layers.
 Many companies use chi to write REST services for their public APIs. But, REST is just a convention
 for managing state via HTTP, and there's a lot of other pieces required to write a complete client-server
 system or network of microservices.
 Looking beyond REST, I also recommend some newer works in the field:
 * [webrpc](https://github.com/webrpc/webrpc) - Web-focused RPC client+server framework with code-gen
 * [gRPC](https://github.com/grpc/grpc-go) - Google's RPC framework via protobufs
 * [graphql](https://github.com/99designs/gqlgen) - Declarative query language
 * [NATS](https://nats.io) - lightweight pub-sub
 ## License
 Copyright (c) 2015-present [Peter Kieltyka](https://github.com/pkieltyka)
 Licensed under [MIT License](./LICENSE)
 [GoDoc]: https://godoc.org/github.com/go-chi/chi
 [GoDoc Widget]: https://godoc.org/github.com/go-chi/chi?status.svg
 [Travis]: https://travis-ci.org/go-chi/chi
 [Travis Widget]: https://travis-ci.org/go-chi/chi.svg?branch=master
--- a/vendor/github.com/go-chi/chi/chain.go
+++ b/vendor/github.com/go-chi/chi/chain.go
@ -1,49 +0,0 @@
 package chi
 import "net/http"
 // Chain returns a Middlewares type from a slice of middleware handlers.
 func Chain(middlewares ...func(http.Handler) http.Handler) Middlewares {
 	return Middlewares(middlewares)
 }
 // Handler builds and returns a http.Handler from the chain of middlewares,
 // with `h http.Handler` as the final handler.
 func (mws Middlewares) Handler(h http.Handler) http.Handler {
 	return &ChainHandler{mws, h, chain(mws, h)}
 }
 // HandlerFunc builds and returns a http.Handler from the chain of middlewares,
 // with `h http.Handler` as the final handler.
 func (mws Middlewares) HandlerFunc(h http.HandlerFunc) http.Handler {
 	return &ChainHandler{mws, h, chain(mws, h)}
 }
 // ChainHandler is a http.Handler with support for handler composition and
 // execution.
 type ChainHandler struct {
 	Middlewares Middlewares
 	Endpoint    http.Handler
 	chain       http.Handler
 }
 func (c *ChainHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	c.chain.ServeHTTP(w, r)
 }
 // chain builds a http.Handler composed of an inline middleware stack and endpoint
 // handler in the order they are passed.
 func chain(middlewares []func(http.Handler) http.Handler, endpoint http.Handler) http.Handler {
 	// Return ahead of time if there aren't any middlewares for the chain
 	if len(middlewares) == 0 {
 		return endpoint
 	}
 	// Wrap the end handler with the middleware chain
 	h := middlewares[len(middlewares)-1](endpoint)
 	for i := len(middlewares) - 2; i >= 0; i-- {
 		h = middlewares[i](h)
 	}
 	return h
 }
--- a/vendor/github.com/go-chi/chi/chi.go
+++ b/vendor/github.com/go-chi/chi/chi.go
@ -1,134 +0,0 @@
 //
 // Package chi is a small, idiomatic and composable router for building HTTP services.
 //
 // chi requires Go 1.10 or newer.
 //
 // Example:
 //  package main
 //
 //  import (
 //  	"net/http"
 //
 //  	"github.com/go-chi/chi"
 //  	"github.com/go-chi/chi/middleware"
 //  )
 //
 //  func main() {
 //  	r := chi.NewRouter()
 //  	r.Use(middleware.Logger)
 //  	r.Use(middleware.Recoverer)
 //
 //  	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 //  		w.Write([]byte("root."))
 //  	})
 //
 //  	http.ListenAndServe(":3333", r)
 //  }
 //
 // See github.com/go-chi/chi/_examples/ for more in-depth examples.
 //
 // URL patterns allow for easy matching of path components in HTTP
 // requests. The matching components can then be accessed using
 // chi.URLParam(). All patterns must begin with a slash.
 //
 // A simple named placeholder {name} matches any sequence of characters
 // up to the next / or the end of the URL. Trailing slashes on paths must
 // be handled explicitly.
 //
 // A placeholder with a name followed by a colon allows a regular
 // expression match, for example {number:\\d+}. The regular expression
 // syntax is Go's normal regexp RE2 syntax, except that regular expressions
 // including { or } are not supported, and / will never be
 // matched. An anonymous regexp pattern is allowed, using an empty string
 // before the colon in the placeholder, such as {:\\d+}
 //
 // The special placeholder of asterisk matches the rest of the requested
 // URL. Any trailing characters in the pattern are ignored. This is the only
 // placeholder which will match / characters.
 //
 // Examples:
 //  "/user/{name}" matches "/user/jsmith" but not "/user/jsmith/info" or "/user/jsmith/"
 //  "/user/{name}/info" matches "/user/jsmith/info"
 //  "/page/*" matches "/page/intro/latest"
 //  "/page/*/index" also matches "/page/intro/latest"
 //  "/date/{yyyy:\\d\\d\\d\\d}/{mm:\\d\\d}/{dd:\\d\\d}" matches "/date/2017/04/01"
 //
 package chi
 import "net/http"
 // NewRouter returns a new Mux object that implements the Router interface.
 func NewRouter() *Mux {
 	return NewMux()
 }
 // Router consisting of the core routing methods used by chi's Mux,
 // using only the standard net/http.
 type Router interface {
 	http.Handler
 	Routes
 	// Use appends one or more middlewares onto the Router stack.
 	Use(middlewares ...func(http.Handler) http.Handler)
 	// With adds inline middlewares for an endpoint handler.
 	With(middlewares ...func(http.Handler) http.Handler) Router
 	// Group adds a new inline-Router along the current routing
 	// path, with a fresh middleware stack for the inline-Router.
 	Group(fn func(r Router)) Router
 	// Route mounts a sub-Router along a `pattern`` string.
 	Route(pattern string, fn func(r Router)) Router
 	// Mount attaches another http.Handler along ./pattern/*
 	Mount(pattern string, h http.Handler)
 	// Handle and HandleFunc adds routes for `pattern` that matches
 	// all HTTP methods.
 	Handle(pattern string, h http.Handler)
 	HandleFunc(pattern string, h http.HandlerFunc)
 	// Method and MethodFunc adds routes for `pattern` that matches
 	// the `method` HTTP method.
 	Method(method, pattern string, h http.Handler)
 	MethodFunc(method, pattern string, h http.HandlerFunc)
 	// HTTP-method routing along `pattern`
 	Connect(pattern string, h http.HandlerFunc)
 	Delete(pattern string, h http.HandlerFunc)
 	Get(pattern string, h http.HandlerFunc)
 	Head(pattern string, h http.HandlerFunc)
 	Options(pattern string, h http.HandlerFunc)
 	Patch(pattern string, h http.HandlerFunc)
 	Post(pattern string, h http.HandlerFunc)
 	Put(pattern string, h http.HandlerFunc)
 	Trace(pattern string, h http.HandlerFunc)
 	// NotFound defines a handler to respond whenever a route could
 	// not be found.
 	NotFound(h http.HandlerFunc)
 	// MethodNotAllowed defines a handler to respond whenever a method is
 	// not allowed.
 	MethodNotAllowed(h http.HandlerFunc)
 }
 // Routes interface adds two methods for router traversal, which is also
 // used by the `docgen` subpackage to generation documentation for Routers.
 type Routes interface {
 	// Routes returns the routing tree in an easily traversable structure.
 	Routes() []Route
 	// Middlewares returns the list of middlewares in use by the router.
 	Middlewares() Middlewares
 	// Match searches the routing tree for a handler that matches
 	// the method/path - similar to routing a http request, but without
 	// executing the handler thereafter.
 	Match(rctx *Context, method, path string) bool
 }
 // Middlewares type is a slice of standard middleware handlers with methods
 // to compose middleware chains and http.Handler's.
 type Middlewares []func(http.Handler) http.Handler
--- a/vendor/github.com/go-chi/chi/context.go
+++ b/vendor/github.com/go-chi/chi/context.go
@ -1,172 +0,0 @@
 package chi
 import (
 	"context"
 	"net"
 	"net/http"
 	"strings"
 )
 // URLParam returns the url parameter from a http.Request object.
 func URLParam(r *http.Request, key string) string {
 	if rctx := RouteContext(r.Context()); rctx != nil {
 		return rctx.URLParam(key)
 	}
 	return ""
 }
 // URLParamFromCtx returns the url parameter from a http.Request Context.
 func URLParamFromCtx(ctx context.Context, key string) string {
 	if rctx := RouteContext(ctx); rctx != nil {
 		return rctx.URLParam(key)
 	}
 	return ""
 }
 // RouteContext returns chi's routing Context object from a
 // http.Request Context.
 func RouteContext(ctx context.Context) *Context {
 	val, _ := ctx.Value(RouteCtxKey).(*Context)
 	return val
 }
 // ServerBaseContext wraps an http.Handler to set the request context to the
 // `baseCtx`.
 func ServerBaseContext(baseCtx context.Context, h http.Handler) http.Handler {
 	fn := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		baseCtx := baseCtx
 		// Copy over default net/http server context keys
 		if v, ok := ctx.Value(http.ServerContextKey).(*http.Server); ok {
 			baseCtx = context.WithValue(baseCtx, http.ServerContextKey, v)
 		}
 		if v, ok := ctx.Value(http.LocalAddrContextKey).(net.Addr); ok {
 			baseCtx = context.WithValue(baseCtx, http.LocalAddrContextKey, v)
 		}
 		h.ServeHTTP(w, r.WithContext(baseCtx))
 	})
 	return fn
 }
 // NewRouteContext returns a new routing Context object.
 func NewRouteContext() *Context {
 	return &Context{}
 }
 var (
 	// RouteCtxKey is the context.Context key to store the request context.
 	RouteCtxKey = &contextKey{"RouteContext"}
 )
 // Context is the default routing context set on the root node of a
 // request context to track route patterns, URL parameters and
 // an optional routing path.
 type Context struct {
 	Routes Routes
 	// Routing path/method override used during the route search.
 	// See Mux#routeHTTP method.
 	RoutePath   string
 	RouteMethod string
 	// Routing pattern stack throughout the lifecycle of the request,
 	// across all connected routers. It is a record of all matching
 	// patterns across a stack of sub-routers.
 	RoutePatterns []string
 	// URLParams are the stack of routeParams captured during the
 	// routing lifecycle across a stack of sub-routers.
 	URLParams RouteParams
 	// The endpoint routing pattern that matched the request URI path
 	// or `RoutePath` of the current sub-router. This value will update
 	// during the lifecycle of a request passing through a stack of
 	// sub-routers.
 	routePattern string
 	// Route parameters matched for the current sub-router. It is
 	// intentionally unexported so it cant be tampered.
 	routeParams RouteParams
 	// methodNotAllowed hint
 	methodNotAllowed bool
 }
 // Reset a routing context to its initial state.
 func (x *Context) Reset() {
 	x.Routes = nil
 	x.RoutePath = ""
 	x.RouteMethod = ""
 	x.RoutePatterns = x.RoutePatterns[:0]
 	x.URLParams.Keys = x.URLParams.Keys[:0]
 	x.URLParams.Values = x.URLParams.Values[:0]
 	x.routePattern = ""
 	x.routeParams.Keys = x.routeParams.Keys[:0]
 	x.routeParams.Values = x.routeParams.Values[:0]
 	x.methodNotAllowed = false
 }
 // URLParam returns the corresponding URL parameter value from the request
 // routing context.
 func (x *Context) URLParam(key string) string {
 	for k := len(x.URLParams.Keys) - 1; k >= 0; k-- {
 		if x.URLParams.Keys[k] == key {
 			return x.URLParams.Values[k]
 		}
 	}
 	return ""
 }
 // RoutePattern builds the routing pattern string for the particular
 // request, at the particular point during routing. This means, the value
 // will change throughout the execution of a request in a router. That is
 // why its advised to only use this value after calling the next handler.
 //
 // For example,
 //
 //   func Instrument(next http.Handler) http.Handler {
 //     return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 //       next.ServeHTTP(w, r)
 //       routePattern := chi.RouteContext(r.Context()).RoutePattern()
 //       measure(w, r, routePattern)
 //   	 })
 //   }
 func (x *Context) RoutePattern() string {
 	routePattern := strings.Join(x.RoutePatterns, "")
 	return replaceWildcards(routePattern)
 }
 // replaceWildcards takes a route pattern and recursively replaces all
 // occurrences of "/*/" to "/".
 func replaceWildcards(p string) string {
 	if strings.Contains(p, "/*/") {
 		return replaceWildcards(strings.Replace(p, "/*/", "/", -1))
 	}
 	return p
 }
 // RouteParams is a structure to track URL routing parameters efficiently.
 type RouteParams struct {
 	Keys, Values []string
 }
 // Add will append a URL parameter to the end of the route param
 func (s *RouteParams) Add(key, value string) {
 	s.Keys = append(s.Keys, key)
 	s.Values = append(s.Values, value)
 }
 // contextKey is a value for use with context.WithValue. It's used as
 // a pointer so it fits in an interface{} without allocation. This technique
 // for defining context keys was copied from Go 1.7's new use of context in net/http.
 type contextKey struct {
 	name string
 }
 func (k *contextKey) String() string {
 	return "chi context value " + k.name
 }
--- a/vendor/github.com/go-chi/chi/middleware/basic_auth.go
+++ b/vendor/github.com/go-chi/chi/middleware/basic_auth.go
@ -1,32 +0,0 @@
 package middleware
 import (
 	"fmt"
 	"net/http"
 )
 // BasicAuth implements a simple middleware handler for adding basic http auth to a route.
 func BasicAuth(realm string, creds map[string]string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			user, pass, ok := r.BasicAuth()
 			if !ok {
 				basicAuthFailed(w, realm)
 				return
 			}
 			credPass, credUserOk := creds[user]
 			if !credUserOk || pass != credPass {
 				basicAuthFailed(w, realm)
 				return
 			}
 			next.ServeHTTP(w, r)
 		})
 	}
 }
 func basicAuthFailed(w http.ResponseWriter, realm string) {
 	w.Header().Add("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, realm))
 	w.WriteHeader(http.StatusUnauthorized)
 }
--- a/vendor/github.com/go-chi/chi/middleware/compress.go
+++ b/vendor/github.com/go-chi/chi/middleware/compress.go
@ -1,399 +0,0 @@
 package middleware
 import (
 	"bufio"
 	"compress/flate"
 	"compress/gzip"
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"strings"
 	"sync"
 )
 var defaultCompressibleContentTypes = []string{
 	"text/html",
 	"text/css",
 	"text/plain",
 	"text/javascript",
 	"application/javascript",
 	"application/x-javascript",
 	"application/json",
 	"application/atom+xml",
 	"application/rss+xml",
 	"image/svg+xml",
 }
 // Compress is a middleware that compresses response
 // body of a given content types to a data format based
 // on Accept-Encoding request header. It uses a given
 // compression level.
 //
 // NOTE: make sure to set the Content-Type header on your response
 // otherwise this middleware will not compress the response body. For ex, in
 // your handler you should set w.Header().Set("Content-Type", http.DetectContentType(yourBody))
 // or set it manually.
 //
 // Passing a compression level of 5 is sensible value
 func Compress(level int, types ...string) func(next http.Handler) http.Handler {
 	compressor := NewCompressor(level, types...)
 	return compressor.Handler
 }
 // Compressor represents a set of encoding configurations.
 type Compressor struct {
 	level int // The compression level.
 	// The mapping of encoder names to encoder functions.
 	encoders map[string]EncoderFunc
 	// The mapping of pooled encoders to pools.
 	pooledEncoders map[string]*sync.Pool
 	// The set of content types allowed to be compressed.
 	allowedTypes     map[string]struct{}
 	allowedWildcards map[string]struct{}
 	// The list of encoders in order of decreasing precedence.
 	encodingPrecedence []string
 }
 // NewCompressor creates a new Compressor that will handle encoding responses.
 //
 // The level should be one of the ones defined in the flate package.
 // The types are the content types that are allowed to be compressed.
 func NewCompressor(level int, types ...string) *Compressor {
 	// If types are provided, set those as the allowed types. If none are
 	// provided, use the default list.
 	allowedTypes := make(map[string]struct{})
 	allowedWildcards := make(map[string]struct{})
 	if len(types) > 0 {
 		for _, t := range types {
 			if strings.Contains(strings.TrimSuffix(t, "/*"), "*") {
 				panic(fmt.Sprintf("middleware/compress: Unsupported content-type wildcard pattern '%s'. Only '/*' supported", t))
 			}
 			if strings.HasSuffix(t, "/*") {
 				allowedWildcards[strings.TrimSuffix(t, "/*")] = struct{}{}
 			} else {
 				allowedTypes[t] = struct{}{}
 			}
 		}
 	} else {
 		for _, t := range defaultCompressibleContentTypes {
 			allowedTypes[t] = struct{}{}
 		}
 	}
 	c := &Compressor{
 		level:            level,
 		encoders:         make(map[string]EncoderFunc),
 		pooledEncoders:   make(map[string]*sync.Pool),
 		allowedTypes:     allowedTypes,
 		allowedWildcards: allowedWildcards,
 	}
 	// Set the default encoders.  The precedence order uses the reverse
 	// ordering that the encoders were added. This means adding new encoders
 	// will move them to the front of the order.
 	//
 	// TODO:
 	// lzma: Opera.
 	// sdch: Chrome, Android. Gzip output + dictionary header.
 	// br:   Brotli, see https://github.com/go-chi/chi/pull/326
 	// HTTP 1.1 "deflate" (RFC 2616) stands for DEFLATE data (RFC 1951)
 	// wrapped with zlib (RFC 1950). The zlib wrapper uses Adler-32
 	// checksum compared to CRC-32 used in "gzip" and thus is faster.
 	//
 	// But.. some old browsers (MSIE, Safari 5.1) incorrectly expect
 	// raw DEFLATE data only, without the mentioned zlib wrapper.
 	// Because of this major confusion, most modern browsers try it
 	// both ways, first looking for zlib headers.
 	// Quote by Mark Adler: http://stackoverflow.com/a/9186091/385548
 	//
 	// The list of browsers having problems is quite big, see:
 	// http://zoompf.com/blog/2012/02/lose-the-wait-http-compression
 	// https://web.archive.org/web/20120321182910/http://www.vervestudios.co/projects/compression-tests/results
 	//
 	// That's why we prefer gzip over deflate. It's just more reliable
 	// and not significantly slower than gzip.
 	c.SetEncoder("deflate", encoderDeflate)
 	// TODO: Exception for old MSIE browsers that can't handle non-HTML?
 	// https://zoompf.com/blog/2012/02/lose-the-wait-http-compression
 	c.SetEncoder("gzip", encoderGzip)
 	// NOTE: Not implemented, intentionally:
 	// case "compress": // LZW. Deprecated.
 	// case "bzip2":    // Too slow on-the-fly.
 	// case "zopfli":   // Too slow on-the-fly.
 	// case "xz":       // Too slow on-the-fly.
 	return c
 }
 // SetEncoder can be used to set the implementation of a compression algorithm.
 //
 // The encoding should be a standardised identifier. See:
 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding
 //
 // For example, add the Brotli algortithm:
 //
 //  import brotli_enc "gopkg.in/kothar/brotli-go.v0/enc"
 //
 //  compressor := middleware.NewCompressor(5, "text/html")
 //  compressor.SetEncoder("br", func(w http.ResponseWriter, level int) io.Writer {
 //    params := brotli_enc.NewBrotliParams()
 //    params.SetQuality(level)
 //    return brotli_enc.NewBrotliWriter(params, w)
 //  })
 func (c *Compressor) SetEncoder(encoding string, fn EncoderFunc) {
 	encoding = strings.ToLower(encoding)
 	if encoding == "" {
 		panic("the encoding can not be empty")
 	}
 	if fn == nil {
 		panic("attempted to set a nil encoder function")
 	}
 	// If we are adding a new encoder that is already registered, we have to
 	// clear that one out first.
 	if _, ok := c.pooledEncoders[encoding]; ok {
 		delete(c.pooledEncoders, encoding)
 	}
 	if _, ok := c.encoders[encoding]; ok {
 		delete(c.encoders, encoding)
 	}
 	// If the encoder supports Resetting (IoReseterWriter), then it can be pooled.
 	encoder := fn(ioutil.Discard, c.level)
 	if encoder != nil {
 		if _, ok := encoder.(ioResetterWriter); ok {
 			pool := &sync.Pool{
 				New: func() interface{} {
 					return fn(ioutil.Discard, c.level)
 				},
 			}
 			c.pooledEncoders[encoding] = pool
 		}
 	}
 	// If the encoder is not in the pooledEncoders, add it to the normal encoders.
 	if _, ok := c.pooledEncoders[encoding]; !ok {
 		c.encoders[encoding] = fn
 	}
 	for i, v := range c.encodingPrecedence {
 		if v == encoding {
 			c.encodingPrecedence = append(c.encodingPrecedence[:i], c.encodingPrecedence[i+1:]...)
 		}
 	}
 	c.encodingPrecedence = append([]string{encoding}, c.encodingPrecedence...)
 }
 // Handler returns a new middleware that will compress the response based on the
 // current Compressor.
 func (c *Compressor) Handler(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		encoder, encoding, cleanup := c.selectEncoder(r.Header, w)
 		cw := &compressResponseWriter{
 			ResponseWriter:   w,
 			w:                w,
 			contentTypes:     c.allowedTypes,
 			contentWildcards: c.allowedWildcards,
 			encoding:         encoding,
 			compressable:     false, // determined in post-handler
 		}
 		if encoder != nil {
 			cw.w = encoder
 		}
 		// Re-add the encoder to the pool if applicable.
 		defer cleanup()
 		defer cw.Close()
 		next.ServeHTTP(cw, r)
 	})
 }
 // selectEncoder returns the encoder, the name of the encoder, and a closer function.
 func (c *Compressor) selectEncoder(h http.Header, w io.Writer) (io.Writer, string, func()) {
 	header := h.Get("Accept-Encoding")
 	// Parse the names of all accepted algorithms from the header.
 	accepted := strings.Split(strings.ToLower(header), ",")
 	// Find supported encoder by accepted list by precedence
 	for _, name := range c.encodingPrecedence {
 		if matchAcceptEncoding(accepted, name) {
 			if pool, ok := c.pooledEncoders[name]; ok {
 				encoder := pool.Get().(ioResetterWriter)
 				cleanup := func() {
 					pool.Put(encoder)
 				}
 				encoder.Reset(w)
 				return encoder, name, cleanup
 			}
 			if fn, ok := c.encoders[name]; ok {
 				return fn(w, c.level), name, func() {}
 			}
 		}
 	}
 	// No encoder found to match the accepted encoding
 	return nil, "", func() {}
 }
 func matchAcceptEncoding(accepted []string, encoding string) bool {
 	for _, v := range accepted {
 		if strings.Contains(v, encoding) {
 			return true
 		}
 	}
 	return false
 }
 // An EncoderFunc is a function that wraps the provided io.Writer with a
 // streaming compression algorithm and returns it.
 //
 // In case of failure, the function should return nil.
 type EncoderFunc func(w io.Writer, level int) io.Writer
 // Interface for types that allow resetting io.Writers.
 type ioResetterWriter interface {
 	io.Writer
 	Reset(w io.Writer)
 }
 type compressResponseWriter struct {
 	http.ResponseWriter
 	// The streaming encoder writer to be used if there is one. Otherwise,
 	// this is just the normal writer.
 	w                io.Writer
 	encoding         string
 	contentTypes     map[string]struct{}
 	contentWildcards map[string]struct{}
 	wroteHeader      bool
 	compressable     bool
 }
 func (cw *compressResponseWriter) isCompressable() bool {
 	// Parse the first part of the Content-Type response header.
 	contentType := cw.Header().Get("Content-Type")
 	if idx := strings.Index(contentType, ";"); idx >= 0 {
 		contentType = contentType[0:idx]
 	}
 	// Is the content type compressable?
 	if _, ok := cw.contentTypes[contentType]; ok {
 		return true
 	}
 	if idx := strings.Index(contentType, "/"); idx > 0 {
 		contentType = contentType[0:idx]
 		_, ok := cw.contentWildcards[contentType]
 		return ok
 	}
 	return false
 }
 func (cw *compressResponseWriter) WriteHeader(code int) {
 	if cw.wroteHeader {
 		cw.ResponseWriter.WriteHeader(code) // Allow multiple calls to propagate.
 		return
 	}
 	cw.wroteHeader = true
 	defer cw.ResponseWriter.WriteHeader(code)
 	// Already compressed data?
 	if cw.Header().Get("Content-Encoding") != "" {
 		return
 	}
 	if !cw.isCompressable() {
 		cw.compressable = false
 		return
 	}
 	if cw.encoding != "" {
 		cw.compressable = true
 		cw.Header().Set("Content-Encoding", cw.encoding)
 		cw.Header().Set("Vary", "Accept-Encoding")
 		// The content-length after compression is unknown
 		cw.Header().Del("Content-Length")
 	}
 }
 func (cw *compressResponseWriter) Write(p []byte) (int, error) {
 	if !cw.wroteHeader {
 		cw.WriteHeader(http.StatusOK)
 	}
 	return cw.writer().Write(p)
 }
 func (cw *compressResponseWriter) writer() io.Writer {
 	if cw.compressable {
 		return cw.w
 	} else {
 		return cw.ResponseWriter
 	}
 }
 type compressFlusher interface {
 	Flush() error
 }
 func (cw *compressResponseWriter) Flush() {
 	if f, ok := cw.writer().(http.Flusher); ok {
 		f.Flush()
 	}
 	// If the underlying writer has a compression flush signature,
 	// call this Flush() method instead
 	if f, ok := cw.writer().(compressFlusher); ok {
 		f.Flush()
 		// Also flush the underlying response writer
 		if f, ok := cw.ResponseWriter.(http.Flusher); ok {
 			f.Flush()
 		}
 	}
 }
 func (cw *compressResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
 	if hj, ok := cw.writer().(http.Hijacker); ok {
 		return hj.Hijack()
 	}
 	return nil, nil, errors.New("chi/middleware: http.Hijacker is unavailable on the writer")
 }
 func (cw *compressResponseWriter) Push(target string, opts *http.PushOptions) error {
 	if ps, ok := cw.writer().(http.Pusher); ok {
 		return ps.Push(target, opts)
 	}
 	return errors.New("chi/middleware: http.Pusher is unavailable on the writer")
 }
 func (cw *compressResponseWriter) Close() error {
 	if c, ok := cw.writer().(io.WriteCloser); ok {
 		return c.Close()
 	}
 	return errors.New("chi/middleware: io.WriteCloser is unavailable on the writer")
 }
 func encoderGzip(w io.Writer, level int) io.Writer {
 	gw, err := gzip.NewWriterLevel(w, level)
 	if err != nil {
 		return nil
 	}
 	return gw
 }
 func encoderDeflate(w io.Writer, level int) io.Writer {
 	dw, err := flate.NewWriter(w, level)
 	if err != nil {
 		return nil
 	}
 	return dw
 }
--- a/vendor/github.com/go-chi/chi/middleware/content_charset.go
+++ b/vendor/github.com/go-chi/chi/middleware/content_charset.go
@ -1,51 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strings"
 )
 // ContentCharset generates a handler that writes a 415 Unsupported Media Type response if none of the charsets match.
 // An empty charset will allow requests with no Content-Type header or no specified charset.
 func ContentCharset(charsets ...string) func(next http.Handler) http.Handler {
 	for i, c := range charsets {
 		charsets[i] = strings.ToLower(c)
 	}
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			if !contentEncoding(r.Header.Get("Content-Type"), charsets...) {
 				w.WriteHeader(http.StatusUnsupportedMediaType)
 				return
 			}
 			next.ServeHTTP(w, r)
 		})
 	}
 }
 // Check the content encoding against a list of acceptable values.
 func contentEncoding(ce string, charsets ...string) bool {
 	_, ce = split(strings.ToLower(ce), ";")
 	_, ce = split(ce, "charset=")
 	ce, _ = split(ce, ";")
 	for _, c := range charsets {
 		if ce == c {
 			return true
 		}
 	}
 	return false
 }
 // Split a string in two parts, cleaning any whitespace.
 func split(str, sep string) (string, string) {
 	var a, b string
 	var parts = strings.SplitN(str, sep, 2)
 	a = strings.TrimSpace(parts[0])
 	if len(parts) == 2 {
 		b = strings.TrimSpace(parts[1])
 	}
 	return a, b
 }
--- a/vendor/github.com/go-chi/chi/middleware/content_encoding.go
+++ b/vendor/github.com/go-chi/chi/middleware/content_encoding.go
@ -1,34 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strings"
 )
 // AllowContentEncoding enforces a whitelist of request Content-Encoding otherwise responds
 // with a 415 Unsupported Media Type status.
 func AllowContentEncoding(contentEncoding ...string) func(next http.Handler) http.Handler {
 	allowedEncodings := make(map[string]struct{}, len(contentEncoding))
 	for _, encoding := range contentEncoding {
 		allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))] = struct{}{}
 	}
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			requestEncodings := r.Header["Content-Encoding"]
 			// skip check for empty content body or no Content-Encoding
 			if r.ContentLength == 0 {
 				next.ServeHTTP(w, r)
 				return
 			}
 			// All encodings in the request must be allowed
 			for _, encoding := range requestEncodings {
 				if _, ok := allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))]; !ok {
 					w.WriteHeader(http.StatusUnsupportedMediaType)
 					return
 				}
 			}
 			next.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
--- a/vendor/github.com/go-chi/chi/middleware/content_type.go
+++ b/vendor/github.com/go-chi/chi/middleware/content_type.go
@ -1,51 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strings"
 )
 // SetHeader is a convenience handler to set a response header key/value
 func SetHeader(key, value string) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set(key, value)
 			next.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 // AllowContentType enforces a whitelist of request Content-Types otherwise responds
 // with a 415 Unsupported Media Type status.
 func AllowContentType(contentTypes ...string) func(next http.Handler) http.Handler {
 	cT := []string{}
 	for _, t := range contentTypes {
 		cT = append(cT, strings.ToLower(t))
 	}
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			if r.ContentLength == 0 {
 				// skip check for empty content body
 				next.ServeHTTP(w, r)
 				return
 			}
 			s := strings.ToLower(strings.TrimSpace(r.Header.Get("Content-Type")))
 			if i := strings.Index(s, ";"); i > -1 {
 				s = s[0:i]
 			}
 			for _, t := range cT {
 				if t == s {
 					next.ServeHTTP(w, r)
 					return
 				}
 			}
 			w.WriteHeader(http.StatusUnsupportedMediaType)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
--- a/vendor/github.com/go-chi/chi/middleware/get_head.go
+++ b/vendor/github.com/go-chi/chi/middleware/get_head.go
@ -1,39 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"github.com/go-chi/chi"
 )
 // GetHead automatically route undefined HEAD requests to GET handlers.
 func GetHead(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == "HEAD" {
 			rctx := chi.RouteContext(r.Context())
 			routePath := rctx.RoutePath
 			if routePath == "" {
 				if r.URL.RawPath != "" {
 					routePath = r.URL.RawPath
 				} else {
 					routePath = r.URL.Path
 				}
 			}
 			// Temporary routing context to look-ahead before routing the request
 			tctx := chi.NewRouteContext()
 			// Attempt to find a HEAD handler for the routing path, if not found, traverse
 			// the router as through its a GET route, but proceed with the request
 			// with the HEAD method.
 			if !rctx.Routes.Match(tctx, "HEAD", routePath) {
 				rctx.RouteMethod = "GET"
 				rctx.RoutePath = routePath
 				next.ServeHTTP(w, r)
 				return
 			}
 		}
 		next.ServeHTTP(w, r)
 	})
 }
--- a/vendor/github.com/go-chi/chi/middleware/heartbeat.go
+++ b/vendor/github.com/go-chi/chi/middleware/heartbeat.go
@ -1,26 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strings"
 )
 // Heartbeat endpoint middleware useful to setting up a path like
 // `/ping` that load balancers or uptime testing external services
 // can make a request before hitting any routes. It's also convenient
 // to place this above ACL middlewares as well.
 func Heartbeat(endpoint string) func(http.Handler) http.Handler {
 	f := func(h http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			if r.Method == "GET" && strings.EqualFold(r.URL.Path, endpoint) {
 				w.Header().Set("Content-Type", "text/plain")
 				w.WriteHeader(http.StatusOK)
 				w.Write([]byte("."))
 				return
 			}
 			h.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 	return f
 }
--- a/vendor/github.com/go-chi/chi/middleware/logger.go
+++ b/vendor/github.com/go-chi/chi/middleware/logger.go
@ -1,155 +0,0 @@
 package middleware
 import (
 	"bytes"
 	"context"
 	"log"
 	"net/http"
 	"os"
 	"time"
 )
 var (
 	// LogEntryCtxKey is the context.Context key to store the request log entry.
 	LogEntryCtxKey = &contextKey{"LogEntry"}
 	// DefaultLogger is called by the Logger middleware handler to log each request.
 	// Its made a package-level variable so that it can be reconfigured for custom
 	// logging configurations.
 	DefaultLogger = RequestLogger(&DefaultLogFormatter{Logger: log.New(os.Stdout, "", log.LstdFlags), NoColor: false})
 )
 // Logger is a middleware that logs the start and end of each request, along
 // with some useful data about what was requested, what the response status was,
 // and how long it took to return. When standard output is a TTY, Logger will
 // print in color, otherwise it will print in black and white. Logger prints a
 // request ID if one is provided.
 //
 // Alternatively, look at https://github.com/goware/httplog for a more in-depth
 // http logger with structured logging support.
 func Logger(next http.Handler) http.Handler {
 	return DefaultLogger(next)
 }
 // RequestLogger returns a logger handler using a custom LogFormatter.
 func RequestLogger(f LogFormatter) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			entry := f.NewLogEntry(r)
 			ww := NewWrapResponseWriter(w, r.ProtoMajor)
 			t1 := time.Now()
 			defer func() {
 				entry.Write(ww.Status(), ww.BytesWritten(), ww.Header(), time.Since(t1), nil)
 			}()
 			next.ServeHTTP(ww, WithLogEntry(r, entry))
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 // LogFormatter initiates the beginning of a new LogEntry per request.
 // See DefaultLogFormatter for an example implementation.
 type LogFormatter interface {
 	NewLogEntry(r *http.Request) LogEntry
 }
 // LogEntry records the final log when a request completes.
 // See defaultLogEntry for an example implementation.
 type LogEntry interface {
 	Write(status, bytes int, header http.Header, elapsed time.Duration, extra interface{})
 	Panic(v interface{}, stack []byte)
 }
 // GetLogEntry returns the in-context LogEntry for a request.
 func GetLogEntry(r *http.Request) LogEntry {
 	entry, _ := r.Context().Value(LogEntryCtxKey).(LogEntry)
 	return entry
 }
 // WithLogEntry sets the in-context LogEntry for a request.
 func WithLogEntry(r *http.Request, entry LogEntry) *http.Request {
 	r = r.WithContext(context.WithValue(r.Context(), LogEntryCtxKey, entry))
 	return r
 }
 // LoggerInterface accepts printing to stdlib logger or compatible logger.
 type LoggerInterface interface {
 	Print(v ...interface{})
 }
 // DefaultLogFormatter is a simple logger that implements a LogFormatter.
 type DefaultLogFormatter struct {
 	Logger  LoggerInterface
 	NoColor bool
 }
 // NewLogEntry creates a new LogEntry for the request.
 func (l *DefaultLogFormatter) NewLogEntry(r *http.Request) LogEntry {
 	useColor := !l.NoColor
 	entry := &defaultLogEntry{
 		DefaultLogFormatter: l,
 		request:             r,
 		buf:                 &bytes.Buffer{},
 		useColor:            useColor,
 	}
 	reqID := GetReqID(r.Context())
 	if reqID != "" {
 		cW(entry.buf, useColor, nYellow, "[%s] ", reqID)
 	}
 	cW(entry.buf, useColor, nCyan, "\"")
 	cW(entry.buf, useColor, bMagenta, "%s ", r.Method)
 	scheme := "http"
 	if r.TLS != nil {
 		scheme = "https"
 	}
 	cW(entry.buf, useColor, nCyan, "%s://%s%s %s\" ", scheme, r.Host, r.RequestURI, r.Proto)
 	entry.buf.WriteString("from ")
 	entry.buf.WriteString(r.RemoteAddr)
 	entry.buf.WriteString(" - ")
 	return entry
 }
 type defaultLogEntry struct {
 	*DefaultLogFormatter
 	request  *http.Request
 	buf      *bytes.Buffer
 	useColor bool
 }
 func (l *defaultLogEntry) Write(status, bytes int, header http.Header, elapsed time.Duration, extra interface{}) {
 	switch {
 	case status < 200:
 		cW(l.buf, l.useColor, bBlue, "%03d", status)
 	case status < 300:
 		cW(l.buf, l.useColor, bGreen, "%03d", status)
 	case status < 400:
 		cW(l.buf, l.useColor, bCyan, "%03d", status)
 	case status < 500:
 		cW(l.buf, l.useColor, bYellow, "%03d", status)
 	default:
 		cW(l.buf, l.useColor, bRed, "%03d", status)
 	}
 	cW(l.buf, l.useColor, bBlue, " %dB", bytes)
 	l.buf.WriteString(" in ")
 	if elapsed < 500*time.Millisecond {
 		cW(l.buf, l.useColor, nGreen, "%s", elapsed)
 	} else if elapsed < 5*time.Second {
 		cW(l.buf, l.useColor, nYellow, "%s", elapsed)
 	} else {
 		cW(l.buf, l.useColor, nRed, "%s", elapsed)
 	}
 	l.Logger.Print(l.buf.String())
 }
 func (l *defaultLogEntry) Panic(v interface{}, stack []byte) {
 	PrintPrettyStack(v)
 }
--- a/vendor/github.com/go-chi/chi/middleware/middleware.go
+++ b/vendor/github.com/go-chi/chi/middleware/middleware.go
@ -1,23 +0,0 @@
 package middleware
 import "net/http"
 // New will create a new middleware handler from a http.Handler.
 func New(h http.Handler) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			h.ServeHTTP(w, r)
 		})
 	}
 }
 // contextKey is a value for use with context.WithValue. It's used as
 // a pointer so it fits in an interface{} without allocation. This technique
 // for defining context keys was copied from Go 1.7's new use of context in net/http.
 type contextKey struct {
 	name string
 }
 func (k *contextKey) String() string {
 	return "chi/middleware context value " + k.name
 }
--- a/vendor/github.com/go-chi/chi/middleware/nocache.go
+++ b/vendor/github.com/go-chi/chi/middleware/nocache.go
@ -1,58 +0,0 @@
 package middleware
 // Ported from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"net/http"
 	"time"
 )
 // Unix epoch time
 var epoch = time.Unix(0, 0).Format(time.RFC1123)
 // Taken from https://github.com/mytrile/nocache
 var noCacheHeaders = map[string]string{
 	"Expires":         epoch,
 	"Cache-Control":   "no-cache, no-store, no-transform, must-revalidate, private, max-age=0",
 	"Pragma":          "no-cache",
 	"X-Accel-Expires": "0",
 }
 var etagHeaders = []string{
 	"ETag",
 	"If-Modified-Since",
 	"If-Match",
 	"If-None-Match",
 	"If-Range",
 	"If-Unmodified-Since",
 }
 // NoCache is a simple piece of middleware that sets a number of HTTP headers to prevent
 // a router (or subrouter) from being cached by an upstream proxy and/or client.
 //
 // As per http://wiki.nginx.org/HttpProxyModule - NoCache sets:
 //      Expires: Thu, 01 Jan 1970 00:00:00 UTC
 //      Cache-Control: no-cache, private, max-age=0
 //      X-Accel-Expires: 0
 //      Pragma: no-cache (for HTTP/1.0 proxies/clients)
 func NoCache(h http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		// Delete any ETag headers that may have been set
 		for _, v := range etagHeaders {
 			if r.Header.Get(v) != "" {
 				r.Header.Del(v)
 			}
 		}
 		// Set our NoCache headers
 		for k, v := range noCacheHeaders {
 			w.Header().Set(k, v)
 		}
 		h.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
--- a/vendor/github.com/go-chi/chi/middleware/profiler.go
+++ b/vendor/github.com/go-chi/chi/middleware/profiler.go
@ -1,55 +0,0 @@
 package middleware
 import (
 	"expvar"
 	"fmt"
 	"net/http"
 	"net/http/pprof"
 	"github.com/go-chi/chi"
 )
 // Profiler is a convenient subrouter used for mounting net/http/pprof. ie.
 //
 //  func MyService() http.Handler {
 //    r := chi.NewRouter()
 //    // ..middlewares
 //    r.Mount("/debug", middleware.Profiler())
 //    // ..routes
 //    return r
 //  }
 func Profiler() http.Handler {
 	r := chi.NewRouter()
 	r.Use(NoCache)
 	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, r.RequestURI+"/pprof/", 301)
 	})
 	r.HandleFunc("/pprof", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, r.RequestURI+"/", 301)
 	})
 	r.HandleFunc("/pprof/*", pprof.Index)
 	r.HandleFunc("/pprof/cmdline", pprof.Cmdline)
 	r.HandleFunc("/pprof/profile", pprof.Profile)
 	r.HandleFunc("/pprof/symbol", pprof.Symbol)
 	r.HandleFunc("/pprof/trace", pprof.Trace)
 	r.HandleFunc("/vars", expVars)
 	return r
 }
 // Replicated from expvar.go as not public.
 func expVars(w http.ResponseWriter, r *http.Request) {
 	first := true
 	w.Header().Set("Content-Type", "application/json")
 	fmt.Fprintf(w, "{\n")
 	expvar.Do(func(kv expvar.KeyValue) {
 		if !first {
 			fmt.Fprintf(w, ",\n")
 		}
 		first = false
 		fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
 	})
 	fmt.Fprintf(w, "\n}\n")
 }
--- a/vendor/github.com/go-chi/chi/middleware/realip.go
+++ b/vendor/github.com/go-chi/chi/middleware/realip.go
@ -1,54 +0,0 @@
 package middleware
 // Ported from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"net/http"
 	"strings"
 )
 var xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
 var xRealIP = http.CanonicalHeaderKey("X-Real-IP")
 // RealIP is a middleware that sets a http.Request's RemoteAddr to the results
 // of parsing either the X-Forwarded-For header or the X-Real-IP header (in that
 // order).
 //
 // This middleware should be inserted fairly early in the middleware stack to
 // ensure that subsequent layers (e.g., request loggers) which examine the
 // RemoteAddr will see the intended value.
 //
 // You should only use this middleware if you can trust the headers passed to
 // you (in particular, the two headers this middleware uses), for example
 // because you have placed a reverse proxy like HAProxy or nginx in front of
 // chi. If your reverse proxies are configured to pass along arbitrary header
 // values from the client, or if you use this middleware without a reverse
 // proxy, malicious clients will be able to make you very sad (or, depending on
 // how you're using RemoteAddr, vulnerable to an attack of some sort).
 func RealIP(h http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		if rip := realIP(r); rip != "" {
 			r.RemoteAddr = rip
 		}
 		h.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
 func realIP(r *http.Request) string {
 	var ip string
 	if xrip := r.Header.Get(xRealIP); xrip != "" {
 		ip = xrip
 	} else if xff := r.Header.Get(xForwardedFor); xff != "" {
 		i := strings.Index(xff, ", ")
 		if i == -1 {
 			i = len(xff)
 		}
 		ip = xff[:i]
 	}
 	return ip
 }
--- a/vendor/github.com/go-chi/chi/middleware/recoverer.go
+++ b/vendor/github.com/go-chi/chi/middleware/recoverer.go
@ -1,192 +0,0 @@
 package middleware
 // The original work was derived from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"runtime/debug"
 	"strings"
 )
 // Recoverer is a middleware that recovers from panics, logs the panic (and a
 // backtrace), and returns a HTTP 500 (Internal Server Error) status if
 // possible. Recoverer prints a request ID if one is provided.
 //
 // Alternatively, look at https://github.com/pressly/lg middleware pkgs.
 func Recoverer(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		defer func() {
 			if rvr := recover(); rvr != nil && rvr != http.ErrAbortHandler {
 				logEntry := GetLogEntry(r)
 				if logEntry != nil {
 					logEntry.Panic(rvr, debug.Stack())
 				} else {
 					PrintPrettyStack(rvr)
 				}
 				w.WriteHeader(http.StatusInternalServerError)
 			}
 		}()
 		next.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
 func PrintPrettyStack(rvr interface{}) {
 	debugStack := debug.Stack()
 	s := prettyStack{}
 	out, err := s.parse(debugStack, rvr)
 	if err == nil {
 		os.Stderr.Write(out)
 	} else {
 		// print stdlib output as a fallback
 		os.Stderr.Write(debugStack)
 	}
 }
 type prettyStack struct {
 }
 func (s prettyStack) parse(debugStack []byte, rvr interface{}) ([]byte, error) {
 	var err error
 	useColor := true
 	buf := &bytes.Buffer{}
 	cW(buf, false, bRed, "\n")
 	cW(buf, useColor, bCyan, " panic: ")
 	cW(buf, useColor, bBlue, "%v", rvr)
 	cW(buf, false, bWhite, "\n \n")
 	// process debug stack info
 	stack := strings.Split(string(debugStack), "\n")
 	lines := []string{}
 	// locate panic line, as we may have nested panics
 	for i := len(stack) - 1; i > 0; i-- {
 		lines = append(lines, stack[i])
 		if strings.HasPrefix(stack[i], "panic(0x") {
 			lines = lines[0 : len(lines)-2] // remove boilerplate
 			break
 		}
 	}
 	// reverse
 	for i := len(lines)/2 - 1; i >= 0; i-- {
 		opp := len(lines) - 1 - i
 		lines[i], lines[opp] = lines[opp], lines[i]
 	}
 	// decorate
 	for i, line := range lines {
 		lines[i], err = s.decorateLine(line, useColor, i)
 		if err != nil {
 			return nil, err
 		}
 	}
 	for _, l := range lines {
 		fmt.Fprintf(buf, "%s", l)
 	}
 	return buf.Bytes(), nil
 }
 func (s prettyStack) decorateLine(line string, useColor bool, num int) (string, error) {
 	line = strings.TrimSpace(line)
 	if strings.HasPrefix(line, "\t") || strings.Contains(line, ".go:") {
 		return s.decorateSourceLine(line, useColor, num)
 	} else if strings.HasSuffix(line, ")") {
 		return s.decorateFuncCallLine(line, useColor, num)
 	} else {
 		if strings.HasPrefix(line, "\t") {
 			return strings.Replace(line, "\t", "      ", 1), nil
 		} else {
 			return fmt.Sprintf("    %s\n", line), nil
 		}
 	}
 }
 func (s prettyStack) decorateFuncCallLine(line string, useColor bool, num int) (string, error) {
 	idx := strings.LastIndex(line, "(")
 	if idx < 0 {
 		return "", errors.New("not a func call line")
 	}
 	buf := &bytes.Buffer{}
 	pkg := line[0:idx]
 	// addr := line[idx:]
 	method := ""
 	idx = strings.LastIndex(pkg, string(os.PathSeparator))
 	if idx < 0 {
 		idx = strings.Index(pkg, ".")
 		method = pkg[idx:]
 		pkg = pkg[0:idx]
 	} else {
 		method = pkg[idx+1:]
 		pkg = pkg[0 : idx+1]
 		idx = strings.Index(method, ".")
 		pkg += method[0:idx]
 		method = method[idx:]
 	}
 	pkgColor := nYellow
 	methodColor := bGreen
 	if num == 0 {
 		cW(buf, useColor, bRed, " -> ")
 		pkgColor = bMagenta
 		methodColor = bRed
 	} else {
 		cW(buf, useColor, bWhite, "    ")
 	}
 	cW(buf, useColor, pkgColor, "%s", pkg)
 	cW(buf, useColor, methodColor, "%s\n", method)
 	// cW(buf, useColor, nBlack, "%s", addr)
 	return buf.String(), nil
 }
 func (s prettyStack) decorateSourceLine(line string, useColor bool, num int) (string, error) {
 	idx := strings.LastIndex(line, ".go:")
 	if idx < 0 {
 		return "", errors.New("not a source line")
 	}
 	buf := &bytes.Buffer{}
 	path := line[0 : idx+3]
 	lineno := line[idx+3:]
 	idx = strings.LastIndex(path, string(os.PathSeparator))
 	dir := path[0 : idx+1]
 	file := path[idx+1:]
 	idx = strings.Index(lineno, " ")
 	if idx > 0 {
 		lineno = lineno[0:idx]
 	}
 	fileColor := bCyan
 	lineColor := bGreen
 	if num == 1 {
 		cW(buf, useColor, bRed, " ->   ")
 		fileColor = bRed
 		lineColor = bMagenta
 	} else {
 		cW(buf, false, bWhite, "      ")
 	}
 	cW(buf, useColor, bWhite, "%s", dir)
 	cW(buf, useColor, fileColor, "%s", file)
 	cW(buf, useColor, lineColor, "%s", lineno)
 	if num == 1 {
 		cW(buf, false, bWhite, "\n")
 	}
 	cW(buf, false, bWhite, "\n")
 	return buf.String(), nil
 }
--- a/vendor/github.com/go-chi/chi/middleware/request_id.go
+++ b/vendor/github.com/go-chi/chi/middleware/request_id.go
@ -1,96 +0,0 @@
 package middleware
 // Ported from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
 	"fmt"
 	"net/http"
 	"os"
 	"strings"
 	"sync/atomic"
 )
 // Key to use when setting the request ID.
 type ctxKeyRequestID int
 // RequestIDKey is the key that holds the unique request ID in a request context.
 const RequestIDKey ctxKeyRequestID = 0
 // RequestIDHeader is the name of the HTTP Header which contains the request id.
 // Exported so that it can be changed by developers
 var RequestIDHeader = "X-Request-Id"
 var prefix string
 var reqid uint64
 // A quick note on the statistics here: we're trying to calculate the chance that
 // two randomly generated base62 prefixes will collide. We use the formula from
 // http://en.wikipedia.org/wiki/Birthday_problem
 //
 // P[m, n] \approx 1 - e^{-m^2/2n}
 //
 // We ballpark an upper bound for $m$ by imagining (for whatever reason) a server
 // that restarts every second over 10 years, for $m = 86400 * 365 * 10 = 315360000$
 //
 // For a $k$ character base-62 identifier, we have $n(k) = 62^k$
 //
 // Plugging this in, we find $P[m, n(10)] \approx 5.75%$, which is good enough for
 // our purposes, and is surely more than anyone would ever need in practice -- a
 // process that is rebooted a handful of times a day for a hundred years has less
 // than a millionth of a percent chance of generating two colliding IDs.
 func init() {
 	hostname, err := os.Hostname()
 	if hostname == "" || err != nil {
 		hostname = "localhost"
 	}
 	var buf [12]byte
 	var b64 string
 	for len(b64) < 10 {
 		rand.Read(buf[:])
 		b64 = base64.StdEncoding.EncodeToString(buf[:])
 		b64 = strings.NewReplacer("+", "", "/", "").Replace(b64)
 	}
 	prefix = fmt.Sprintf("%s/%s", hostname, b64[0:10])
 }
 // RequestID is a middleware that injects a request ID into the context of each
 // request. A request ID is a string of the form "host.example.com/random-0001",
 // where "random" is a base62 random string that uniquely identifies this go
 // process, and where the last number is an atomically incremented request
 // counter.
 func RequestID(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		requestID := r.Header.Get(RequestIDHeader)
 		if requestID == "" {
 			myid := atomic.AddUint64(&reqid, 1)
 			requestID = fmt.Sprintf("%s-%06d", prefix, myid)
 		}
 		ctx = context.WithValue(ctx, RequestIDKey, requestID)
 		next.ServeHTTP(w, r.WithContext(ctx))
 	}
 	return http.HandlerFunc(fn)
 }
 // GetReqID returns a request ID from the given context if one is present.
 // Returns the empty string if a request ID cannot be found.
 func GetReqID(ctx context.Context) string {
 	if ctx == nil {
 		return ""
 	}
 	if reqID, ok := ctx.Value(RequestIDKey).(string); ok {
 		return reqID
 	}
 	return ""
 }
 // NextRequestID generates the next request ID in the sequence.
 func NextRequestID() uint64 {
 	return atomic.AddUint64(&reqid, 1)
 }
--- a/vendor/github.com/go-chi/chi/middleware/route_headers.go
+++ b/vendor/github.com/go-chi/chi/middleware/route_headers.go
@ -1,160 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strings"
 )
 // RouteHeaders is a neat little header-based router that allows you to direct
 // the flow of a request through a middleware stack based on a request header.
 //
 // For example, lets say you'd like to setup multiple routers depending on the
 // request Host header, you could then do something as so:
 //
 // r := chi.NewRouter()
 // rSubdomain := chi.NewRouter()
 //
 // r.Use(middleware.RouteHeaders().
 //   Route("Host", "example.com", middleware.New(r)).
 //   Route("Host", "*.example.com", middleware.New(rSubdomain)).
 //   Handler)
 //
 // r.Get("/", h)
 // rSubdomain.Get("/", h2)
 //
 //
 // Another example, imagine you want to setup multiple CORS handlers, where for
 // your origin servers you allow authorized requests, but for third-party public
 // requests, authorization is disabled.
 //
 // r := chi.NewRouter()
 //
 // r.Use(middleware.RouteHeaders().
 //   Route("Origin", "https://app.skyweaver.net", cors.Handler(cors.Options{
 // 	   AllowedOrigins:   []string{"https://api.skyweaver.net"},
 // 	   AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
 // 	   AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type"},
 // 	   AllowCredentials: true, // <----------<<< allow credentials
 //   })).
 //   Route("Origin", "*", cors.Handler(cors.Options{
 // 	   AllowedOrigins:   []string{"*"},
 // 	   AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
 // 	   AllowedHeaders:   []string{"Accept", "Content-Type"},
 // 	   AllowCredentials: false, // <----------<<< do not allow credentials
 //   })).
 //   Handler)
 //
 func RouteHeaders() HeaderRouter {
 	return HeaderRouter{}
 }
 type HeaderRouter map[string][]HeaderRoute
 func (hr HeaderRouter) Route(header string, match string, middlewareHandler func(next http.Handler) http.Handler) HeaderRouter {
 	header = strings.ToLower(header)
 	k := hr[header]
 	if k == nil {
 		hr[header] = []HeaderRoute{}
 	}
 	hr[header] = append(hr[header], HeaderRoute{MatchOne: NewPattern(match), Middleware: middlewareHandler})
 	return hr
 }
 func (hr HeaderRouter) RouteAny(header string, match []string, middlewareHandler func(next http.Handler) http.Handler) HeaderRouter {
 	header = strings.ToLower(header)
 	k := hr[header]
 	if k == nil {
 		hr[header] = []HeaderRoute{}
 	}
 	patterns := []Pattern{}
 	for _, m := range match {
 		patterns = append(patterns, NewPattern(m))
 	}
 	hr[header] = append(hr[header], HeaderRoute{MatchAny: patterns, Middleware: middlewareHandler})
 	return hr
 }
 func (hr HeaderRouter) RouteDefault(handler func(next http.Handler) http.Handler) HeaderRouter {
 	hr["*"] = []HeaderRoute{{Middleware: handler}}
 	return hr
 }
 func (hr HeaderRouter) Handler(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if len(hr) == 0 {
 			// skip if no routes set
 			next.ServeHTTP(w, r)
 		}
 		// find first matching header route, and continue
 		for header, matchers := range hr {
 			headerValue := r.Header.Get(header)
 			if headerValue == "" {
 				continue
 			}
 			headerValue = strings.ToLower(headerValue)
 			for _, matcher := range matchers {
 				if matcher.IsMatch(headerValue) {
 					matcher.Middleware(next).ServeHTTP(w, r)
 					return
 				}
 			}
 		}
 		// if no match, check for "*" default route
 		matcher, ok := hr["*"]
 		if !ok || matcher[0].Middleware == nil {
 			next.ServeHTTP(w, r)
 			return
 		}
 		matcher[0].Middleware(next).ServeHTTP(w, r)
 	})
 }
 type HeaderRoute struct {
 	MatchAny   []Pattern
 	MatchOne   Pattern
 	Middleware func(next http.Handler) http.Handler
 }
 func (r HeaderRoute) IsMatch(value string) bool {
 	if len(r.MatchAny) > 0 {
 		for _, m := range r.MatchAny {
 			if m.Match(value) {
 				return true
 			}
 		}
 	} else if r.MatchOne.Match(value) {
 		return true
 	}
 	return false
 }
 type Pattern struct {
 	prefix   string
 	suffix   string
 	wildcard bool
 }
 func NewPattern(value string) Pattern {
 	p := Pattern{}
 	if i := strings.IndexByte(value, '*'); i >= 0 {
 		p.wildcard = true
 		p.prefix = value[0:i]
 		p.suffix = value[i+1:]
 	} else {
 		p.prefix = value
 	}
 	return p
 }
 func (p Pattern) Match(v string) bool {
 	if !p.wildcard {
 		if p.prefix == v {
 			return true
 		} else {
 			return false
 		}
 	}
 	return len(v) >= len(p.prefix+p.suffix) && strings.HasPrefix(v, p.prefix) && strings.HasSuffix(v, p.suffix)
 }
--- a/vendor/github.com/go-chi/chi/middleware/strip.go
+++ b/vendor/github.com/go-chi/chi/middleware/strip.go
@ -1,56 +0,0 @@
 package middleware
 import (
 	"fmt"
 	"net/http"
 	"github.com/go-chi/chi"
 )
 // StripSlashes is a middleware that will match request paths with a trailing
 // slash, strip it from the path and continue routing through the mux, if a route
 // matches, then it will serve the handler.
 func StripSlashes(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		var path string
 		rctx := chi.RouteContext(r.Context())
 		if rctx.RoutePath != "" {
 			path = rctx.RoutePath
 		} else {
 			path = r.URL.Path
 		}
 		if len(path) > 1 && path[len(path)-1] == '/' {
 			rctx.RoutePath = path[:len(path)-1]
 		}
 		next.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
 // RedirectSlashes is a middleware that will match request paths with a trailing
 // slash and redirect to the same path, less the trailing slash.
 //
 // NOTE: RedirectSlashes middleware is *incompatible* with http.FileServer,
 // see https://github.com/go-chi/chi/issues/343
 func RedirectSlashes(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		var path string
 		rctx := chi.RouteContext(r.Context())
 		if rctx.RoutePath != "" {
 			path = rctx.RoutePath
 		} else {
 			path = r.URL.Path
 		}
 		if len(path) > 1 && path[len(path)-1] == '/' {
 			if r.URL.RawQuery != "" {
 				path = fmt.Sprintf("%s?%s", path[:len(path)-1], r.URL.RawQuery)
 			} else {
 				path = path[:len(path)-1]
 			}
 			http.Redirect(w, r, path, 301)
 			return
 		}
 		next.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
--- a/vendor/github.com/go-chi/chi/middleware/terminal.go
+++ b/vendor/github.com/go-chi/chi/middleware/terminal.go
@ -1,63 +0,0 @@
 package middleware
 // Ported from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"fmt"
 	"io"
 	"os"
 )
 var (
 	// Normal colors
 	nBlack   = []byte{'\033', '[', '3', '0', 'm'}
 	nRed     = []byte{'\033', '[', '3', '1', 'm'}
 	nGreen   = []byte{'\033', '[', '3', '2', 'm'}
 	nYellow  = []byte{'\033', '[', '3', '3', 'm'}
 	nBlue    = []byte{'\033', '[', '3', '4', 'm'}
 	nMagenta = []byte{'\033', '[', '3', '5', 'm'}
 	nCyan    = []byte{'\033', '[', '3', '6', 'm'}
 	nWhite   = []byte{'\033', '[', '3', '7', 'm'}
 	// Bright colors
 	bBlack   = []byte{'\033', '[', '3', '0', ';', '1', 'm'}
 	bRed     = []byte{'\033', '[', '3', '1', ';', '1', 'm'}
 	bGreen   = []byte{'\033', '[', '3', '2', ';', '1', 'm'}
 	bYellow  = []byte{'\033', '[', '3', '3', ';', '1', 'm'}
 	bBlue    = []byte{'\033', '[', '3', '4', ';', '1', 'm'}
 	bMagenta = []byte{'\033', '[', '3', '5', ';', '1', 'm'}
 	bCyan    = []byte{'\033', '[', '3', '6', ';', '1', 'm'}
 	bWhite   = []byte{'\033', '[', '3', '7', ';', '1', 'm'}
 	reset = []byte{'\033', '[', '0', 'm'}
 )
 var IsTTY bool
 func init() {
 	// This is sort of cheating: if stdout is a character device, we assume
 	// that means it's a TTY. Unfortunately, there are many non-TTY
 	// character devices, but fortunately stdout is rarely set to any of
 	// them.
 	//
 	// We could solve this properly by pulling in a dependency on
 	// code.google.com/p/go.crypto/ssh/terminal, for instance, but as a
 	// heuristic for whether to print in color or in black-and-white, I'd
 	// really rather not.
 	fi, err := os.Stdout.Stat()
 	if err == nil {
 		m := os.ModeDevice | os.ModeCharDevice
 		IsTTY = fi.Mode()&m == m
 	}
 }
 // colorWrite
 func cW(w io.Writer, useColor bool, color []byte, s string, args ...interface{}) {
 	if IsTTY && useColor {
 		w.Write(color)
 	}
 	fmt.Fprintf(w, s, args...)
 	if IsTTY && useColor {
 		w.Write(reset)
 	}
 }
--- a/vendor/github.com/go-chi/chi/middleware/throttle.go
+++ b/vendor/github.com/go-chi/chi/middleware/throttle.go
@ -1,132 +0,0 @@
 package middleware
 import (
 	"net/http"
 	"strconv"
 	"time"
 )
 const (
 	errCapacityExceeded = "Server capacity exceeded."
 	errTimedOut         = "Timed out while waiting for a pending request to complete."
 	errContextCanceled  = "Context was canceled."
 )
 var (
 	defaultBacklogTimeout = time.Second * 60
 )
 // ThrottleOpts represents a set of throttling options.
 type ThrottleOpts struct {
 	Limit          int
 	BacklogLimit   int
 	BacklogTimeout time.Duration
 	RetryAfterFn   func(ctxDone bool) time.Duration
 }
 // Throttle is a middleware that limits number of currently processed requests
 // at a time across all users. Note: Throttle is not a rate-limiter per user,
 // instead it just puts a ceiling on the number of currentl in-flight requests
 // being processed from the point from where the Throttle middleware is mounted.
 func Throttle(limit int) func(http.Handler) http.Handler {
 	return ThrottleWithOpts(ThrottleOpts{Limit: limit, BacklogTimeout: defaultBacklogTimeout})
 }
 // ThrottleBacklog is a middleware that limits number of currently processed
 // requests at a time and provides a backlog for holding a finite number of
 // pending requests.
 func ThrottleBacklog(limit int, backlogLimit int, backlogTimeout time.Duration) func(http.Handler) http.Handler {
 	return ThrottleWithOpts(ThrottleOpts{Limit: limit, BacklogLimit: backlogLimit, BacklogTimeout: backlogTimeout})
 }
 // ThrottleWithOpts is a middleware that limits number of currently processed requests using passed ThrottleOpts.
 func ThrottleWithOpts(opts ThrottleOpts) func(http.Handler) http.Handler {
 	if opts.Limit < 1 {
 		panic("chi/middleware: Throttle expects limit > 0")
 	}
 	if opts.BacklogLimit < 0 {
 		panic("chi/middleware: Throttle expects backlogLimit to be positive")
 	}
 	t := throttler{
 		tokens:         make(chan token, opts.Limit),
 		backlogTokens:  make(chan token, opts.Limit+opts.BacklogLimit),
 		backlogTimeout: opts.BacklogTimeout,
 		retryAfterFn:   opts.RetryAfterFn,
 	}
 	// Filling tokens.
 	for i := 0; i < opts.Limit+opts.BacklogLimit; i++ {
 		if i < opts.Limit {
 			t.tokens <- token{}
 		}
 		t.backlogTokens <- token{}
 	}
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx := r.Context()
 			select {
 			case <-ctx.Done():
 				t.setRetryAfterHeaderIfNeeded(w, true)
 				http.Error(w, errContextCanceled, http.StatusServiceUnavailable)
 				return
 			case btok := <-t.backlogTokens:
 				timer := time.NewTimer(t.backlogTimeout)
 				defer func() {
 					t.backlogTokens <- btok
 				}()
 				select {
 				case <-timer.C:
 					t.setRetryAfterHeaderIfNeeded(w, false)
 					http.Error(w, errTimedOut, http.StatusServiceUnavailable)
 					return
 				case <-ctx.Done():
 					timer.Stop()
 					t.setRetryAfterHeaderIfNeeded(w, true)
 					http.Error(w, errContextCanceled, http.StatusServiceUnavailable)
 					return
 				case tok := <-t.tokens:
 					defer func() {
 						timer.Stop()
 						t.tokens <- tok
 					}()
 					next.ServeHTTP(w, r)
 				}
 				return
 			default:
 				t.setRetryAfterHeaderIfNeeded(w, false)
 				http.Error(w, errCapacityExceeded, http.StatusServiceUnavailable)
 				return
 			}
 		}
 		return http.HandlerFunc(fn)
 	}
 }
 // token represents a request that is being processed.
 type token struct{}
 // throttler limits number of currently processed requests at a time.
 type throttler struct {
 	tokens         chan token
 	backlogTokens  chan token
 	backlogTimeout time.Duration
 	retryAfterFn   func(ctxDone bool) time.Duration
 }
 // setRetryAfterHeaderIfNeeded sets Retry-After HTTP header if corresponding retryAfterFn option of throttler is initialized.
 func (t throttler) setRetryAfterHeaderIfNeeded(w http.ResponseWriter, ctxDone bool) {
 	if t.retryAfterFn == nil {
 		return
 	}
 	w.Header().Set("Retry-After", strconv.Itoa(int(t.retryAfterFn(ctxDone).Seconds())))
 }
--- a/vendor/github.com/go-chi/chi/middleware/timeout.go
+++ b/vendor/github.com/go-chi/chi/middleware/timeout.go
@ -1,49 +0,0 @@
 package middleware
 import (
 	"context"
 	"net/http"
 	"time"
 )
 // Timeout is a middleware that cancels ctx after a given timeout and return
 // a 504 Gateway Timeout error to the client.
 //
 // It's required that you select the ctx.Done() channel to check for the signal
 // if the context has reached its deadline and return, otherwise the timeout
 // signal will be just ignored.
 //
 // ie. a route/handler may look like:
 //
 //  r.Get("/long", func(w http.ResponseWriter, r *http.Request) {
 // 	 ctx := r.Context()
 // 	 processTime := time.Duration(rand.Intn(4)+1) * time.Second
 //
 // 	 select {
 // 	 case <-ctx.Done():
 // 	 	return
 //
 // 	 case <-time.After(processTime):
 // 	 	 // The above channel simulates some hard work.
 // 	 }
 //
 // 	 w.Write([]byte("done"))
 //  })
 //
 func Timeout(timeout time.Duration) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			ctx, cancel := context.WithTimeout(r.Context(), timeout)
 			defer func() {
 				cancel()
 				if ctx.Err() == context.DeadlineExceeded {
 					w.WriteHeader(http.StatusGatewayTimeout)
 				}
 			}()
 			r = r.WithContext(ctx)
 			next.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
--- a/vendor/github.com/go-chi/chi/middleware/url_format.go
+++ b/vendor/github.com/go-chi/chi/middleware/url_format.go
@ -1,72 +0,0 @@
 package middleware
 import (
 	"context"
 	"net/http"
 	"strings"
 	"github.com/go-chi/chi"
 )
 var (
 	// URLFormatCtxKey is the context.Context key to store the URL format data
 	// for a request.
 	URLFormatCtxKey = &contextKey{"URLFormat"}
 )
 // URLFormat is a middleware that parses the url extension from a request path and stores it
 // on the context as a string under the key `middleware.URLFormatCtxKey`. The middleware will
 // trim the suffix from the routing path and continue routing.
 //
 // Routers should not include a url parameter for the suffix when using this middleware.
 //
 // Sample usage.. for url paths: `/articles/1`, `/articles/1.json` and `/articles/1.xml`
 //
 //  func routes() http.Handler {
 //    r := chi.NewRouter()
 //    r.Use(middleware.URLFormat)
 //
 //    r.Get("/articles/{id}", ListArticles)
 //
 //    return r
 //  }
 //
 //  func ListArticles(w http.ResponseWriter, r *http.Request) {
 // 	  urlFormat, _ := r.Context().Value(middleware.URLFormatCtxKey).(string)
 //
 // 	  switch urlFormat {
 // 	  case "json":
 // 	  	render.JSON(w, r, articles)
 // 	  case "xml:"
 // 	  	render.XML(w, r, articles)
 // 	  default:
 // 	  	render.JSON(w, r, articles)
 // 	  }
 // }
 //
 func URLFormat(next http.Handler) http.Handler {
 	fn := func(w http.ResponseWriter, r *http.Request) {
 		ctx := r.Context()
 		var format string
 		path := r.URL.Path
 		if strings.Index(path, ".") > 0 {
 			base := strings.LastIndex(path, "/")
 			idx := strings.Index(path[base:], ".")
 			if idx > 0 {
 				idx += base
 				format = path[idx+1:]
 				rctx := chi.RouteContext(r.Context())
 				rctx.RoutePath = path[:idx]
 			}
 		}
 		r = r.WithContext(context.WithValue(ctx, URLFormatCtxKey, format))
 		next.ServeHTTP(w, r)
 	}
 	return http.HandlerFunc(fn)
 }
--- a/vendor/github.com/go-chi/chi/middleware/value.go
+++ b/vendor/github.com/go-chi/chi/middleware/value.go
@ -1,17 +0,0 @@
 package middleware
 import (
 	"context"
 	"net/http"
 )
 // WithValue is a middleware that sets a given key/value in a context chain.
 func WithValue(key interface{}, val interface{}) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		fn := func(w http.ResponseWriter, r *http.Request) {
 			r = r.WithContext(context.WithValue(r.Context(), key, val))
 			next.ServeHTTP(w, r)
 		}
 		return http.HandlerFunc(fn)
 	}
 }
--- a/vendor/github.com/go-chi/chi/middleware/wrap_writer.go
+++ b/vendor/github.com/go-chi/chi/middleware/wrap_writer.go
@ -1,180 +0,0 @@
 package middleware
 // The original work was derived from Goji's middleware, source:
 // https://github.com/zenazn/goji/tree/master/web/middleware
 import (
 	"bufio"
 	"io"
 	"net"
 	"net/http"
 )
 // NewWrapResponseWriter wraps an http.ResponseWriter, returning a proxy that allows you to
 // hook into various parts of the response process.
 func NewWrapResponseWriter(w http.ResponseWriter, protoMajor int) WrapResponseWriter {
 	_, fl := w.(http.Flusher)
 	bw := basicWriter{ResponseWriter: w}
 	if protoMajor == 2 {
 		_, ps := w.(http.Pusher)
 		if fl && ps {
 			return &http2FancyWriter{bw}
 		}
 	} else {
 		_, hj := w.(http.Hijacker)
 		_, rf := w.(io.ReaderFrom)
 		if fl && hj && rf {
 			return &httpFancyWriter{bw}
 		}
 	}
 	if fl {
 		return &flushWriter{bw}
 	}
 	return &bw
 }
 // WrapResponseWriter is a proxy around an http.ResponseWriter that allows you to hook
 // into various parts of the response process.
 type WrapResponseWriter interface {
 	http.ResponseWriter
 	// Status returns the HTTP status of the request, or 0 if one has not
 	// yet been sent.
 	Status() int
 	// BytesWritten returns the total number of bytes sent to the client.
 	BytesWritten() int
 	// Tee causes the response body to be written to the given io.Writer in
 	// addition to proxying the writes through. Only one io.Writer can be
 	// tee'd to at once: setting a second one will overwrite the first.
 	// Writes will be sent to the proxy before being written to this
 	// io.Writer. It is illegal for the tee'd writer to be modified
 	// concurrently with writes.
 	Tee(io.Writer)
 	// Unwrap returns the original proxied target.
 	Unwrap() http.ResponseWriter
 }
 // basicWriter wraps a http.ResponseWriter that implements the minimal
 // http.ResponseWriter interface.
 type basicWriter struct {
 	http.ResponseWriter
 	wroteHeader bool
 	code        int
 	bytes       int
 	tee         io.Writer
 }
 func (b *basicWriter) WriteHeader(code int) {
 	if !b.wroteHeader {
 		b.code = code
 		b.wroteHeader = true
 		b.ResponseWriter.WriteHeader(code)
 	}
 }
 func (b *basicWriter) Write(buf []byte) (int, error) {
 	b.maybeWriteHeader()
 	n, err := b.ResponseWriter.Write(buf)
 	if b.tee != nil {
 		_, err2 := b.tee.Write(buf[:n])
 		// Prefer errors generated by the proxied writer.
 		if err == nil {
 			err = err2
 		}
 	}
 	b.bytes += n
 	return n, err
 }
 func (b *basicWriter) maybeWriteHeader() {
 	if !b.wroteHeader {
 		b.WriteHeader(http.StatusOK)
 	}
 }
 func (b *basicWriter) Status() int {
 	return b.code
 }
 func (b *basicWriter) BytesWritten() int {
 	return b.bytes
 }
 func (b *basicWriter) Tee(w io.Writer) {
 	b.tee = w
 }
 func (b *basicWriter) Unwrap() http.ResponseWriter {
 	return b.ResponseWriter
 }
 type flushWriter struct {
 	basicWriter
 }
 func (f *flushWriter) Flush() {
 	f.wroteHeader = true
 	fl := f.basicWriter.ResponseWriter.(http.Flusher)
 	fl.Flush()
 }
 var _ http.Flusher = &flushWriter{}
 // httpFancyWriter is a HTTP writer that additionally satisfies
 // http.Flusher, http.Hijacker, and io.ReaderFrom. It exists for the common case
 // of wrapping the http.ResponseWriter that package http gives you, in order to
 // make the proxied object support the full method set of the proxied object.
 type httpFancyWriter struct {
 	basicWriter
 }
 func (f *httpFancyWriter) Flush() {
 	f.wroteHeader = true
 	fl := f.basicWriter.ResponseWriter.(http.Flusher)
 	fl.Flush()
 }
 func (f *httpFancyWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
 	hj := f.basicWriter.ResponseWriter.(http.Hijacker)
 	return hj.Hijack()
 }
 func (f *http2FancyWriter) Push(target string, opts *http.PushOptions) error {
 	return f.basicWriter.ResponseWriter.(http.Pusher).Push(target, opts)
 }
 func (f *httpFancyWriter) ReadFrom(r io.Reader) (int64, error) {
 	if f.basicWriter.tee != nil {
 		n, err := io.Copy(&f.basicWriter, r)
 		f.basicWriter.bytes += int(n)
 		return n, err
 	}
 	rf := f.basicWriter.ResponseWriter.(io.ReaderFrom)
 	f.basicWriter.maybeWriteHeader()
 	n, err := rf.ReadFrom(r)
 	f.basicWriter.bytes += int(n)
 	return n, err
 }
 var _ http.Flusher = &httpFancyWriter{}
 var _ http.Hijacker = &httpFancyWriter{}
 var _ http.Pusher = &http2FancyWriter{}
 var _ io.ReaderFrom = &httpFancyWriter{}
 // http2FancyWriter is a HTTP2 writer that additionally satisfies
 // http.Flusher, and io.ReaderFrom. It exists for the common case
 // of wrapping the http.ResponseWriter that package http gives you, in order to
 // make the proxied object support the full method set of the proxied object.
 type http2FancyWriter struct {
 	basicWriter
 }
 func (f *http2FancyWriter) Flush() {
 	f.wroteHeader = true
 	fl := f.basicWriter.ResponseWriter.(http.Flusher)
 	fl.Flush()
 }
 var _ http.Flusher = &http2FancyWriter{}
--- a/vendor/github.com/go-chi/chi/mux.go
+++ b/vendor/github.com/go-chi/chi/mux.go
@ -1,466 +0,0 @@
 package chi
 import (
 	"context"
 	"fmt"
 	"net/http"
 	"strings"
 	"sync"
 )
 var _ Router = &Mux{}
 // Mux is a simple HTTP route multiplexer that parses a request path,
 // records any URL params, and executes an end handler. It implements
 // the http.Handler interface and is friendly with the standard library.
 //
 // Mux is designed to be fast, minimal and offer a powerful API for building
 // modular and composable HTTP services with a large set of handlers. It's
 // particularly useful for writing large REST API services that break a handler
 // into many smaller parts composed of middlewares and end handlers.
 type Mux struct {
 	// The radix trie router
 	tree *node
 	// The middleware stack
 	middlewares []func(http.Handler) http.Handler
 	// Controls the behaviour of middleware chain generation when a mux
 	// is registered as an inline group inside another mux.
 	inline bool
 	parent *Mux
 	// The computed mux handler made of the chained middleware stack and
 	// the tree router
 	handler http.Handler
 	// Routing context pool
 	pool *sync.Pool
 	// Custom route not found handler
 	notFoundHandler http.HandlerFunc
 	// Custom method not allowed handler
 	methodNotAllowedHandler http.HandlerFunc
 }
 // NewMux returns a newly initialized Mux object that implements the Router
 // interface.
 func NewMux() *Mux {
 	mux := &Mux{tree: &node{}, pool: &sync.Pool{}}
 	mux.pool.New = func() interface{} {
 		return NewRouteContext()
 	}
 	return mux
 }
 // ServeHTTP is the single method of the http.Handler interface that makes
 // Mux interoperable with the standard library. It uses a sync.Pool to get and
 // reuse routing contexts for each request.
 func (mx *Mux) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Ensure the mux has some routes defined on the mux
 	if mx.handler == nil {
 		mx.NotFoundHandler().ServeHTTP(w, r)
 		return
 	}
 	// Check if a routing context already exists from a parent router.
 	rctx, _ := r.Context().Value(RouteCtxKey).(*Context)
 	if rctx != nil {
 		mx.handler.ServeHTTP(w, r)
 		return
 	}
 	// Fetch a RouteContext object from the sync pool, and call the computed
 	// mx.handler that is comprised of mx.middlewares + mx.routeHTTP.
 	// Once the request is finished, reset the routing context and put it back
 	// into the pool for reuse from another request.
 	rctx = mx.pool.Get().(*Context)
 	rctx.Reset()
 	rctx.Routes = mx
 	// NOTE: r.WithContext() causes 2 allocations and context.WithValue() causes 1 allocation
 	r = r.WithContext(context.WithValue(r.Context(), RouteCtxKey, rctx))
 	// Serve the request and once its done, put the request context back in the sync pool
 	mx.handler.ServeHTTP(w, r)
 	mx.pool.Put(rctx)
 }
 // Use appends a middleware handler to the Mux middleware stack.
 //
 // The middleware stack for any Mux will execute before searching for a matching
 // route to a specific handler, which provides opportunity to respond early,
 // change the course of the request execution, or set request-scoped values for
 // the next http.Handler.
 func (mx *Mux) Use(middlewares ...func(http.Handler) http.Handler) {
 	if mx.handler != nil {
 		panic("chi: all middlewares must be defined before routes on a mux")
 	}
 	mx.middlewares = append(mx.middlewares, middlewares...)
 }
 // Handle adds the route `pattern` that matches any http method to
 // execute the `handler` http.Handler.
 func (mx *Mux) Handle(pattern string, handler http.Handler) {
 	mx.handle(mALL, pattern, handler)
 }
 // HandleFunc adds the route `pattern` that matches any http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) HandleFunc(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mALL, pattern, handlerFn)
 }
 // Method adds the route `pattern` that matches `method` http method to
 // execute the `handler` http.Handler.
 func (mx *Mux) Method(method, pattern string, handler http.Handler) {
 	m, ok := methodMap[strings.ToUpper(method)]
 	if !ok {
 		panic(fmt.Sprintf("chi: '%s' http method is not supported.", method))
 	}
 	mx.handle(m, pattern, handler)
 }
 // MethodFunc adds the route `pattern` that matches `method` http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) MethodFunc(method, pattern string, handlerFn http.HandlerFunc) {
 	mx.Method(method, pattern, handlerFn)
 }
 // Connect adds the route `pattern` that matches a CONNECT http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Connect(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mCONNECT, pattern, handlerFn)
 }
 // Delete adds the route `pattern` that matches a DELETE http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Delete(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mDELETE, pattern, handlerFn)
 }
 // Get adds the route `pattern` that matches a GET http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Get(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mGET, pattern, handlerFn)
 }
 // Head adds the route `pattern` that matches a HEAD http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Head(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mHEAD, pattern, handlerFn)
 }
 // Options adds the route `pattern` that matches a OPTIONS http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Options(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mOPTIONS, pattern, handlerFn)
 }
 // Patch adds the route `pattern` that matches a PATCH http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Patch(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mPATCH, pattern, handlerFn)
 }
 // Post adds the route `pattern` that matches a POST http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Post(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mPOST, pattern, handlerFn)
 }
 // Put adds the route `pattern` that matches a PUT http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Put(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mPUT, pattern, handlerFn)
 }
 // Trace adds the route `pattern` that matches a TRACE http method to
 // execute the `handlerFn` http.HandlerFunc.
 func (mx *Mux) Trace(pattern string, handlerFn http.HandlerFunc) {
 	mx.handle(mTRACE, pattern, handlerFn)
 }
 // NotFound sets a custom http.HandlerFunc for routing paths that could
 // not be found. The default 404 handler is `http.NotFound`.
 func (mx *Mux) NotFound(handlerFn http.HandlerFunc) {
 	// Build NotFound handler chain
 	m := mx
 	hFn := handlerFn
 	if mx.inline && mx.parent != nil {
 		m = mx.parent
 		hFn = Chain(mx.middlewares...).HandlerFunc(hFn).ServeHTTP
 	}
 	// Update the notFoundHandler from this point forward
 	m.notFoundHandler = hFn
 	m.updateSubRoutes(func(subMux *Mux) {
 		if subMux.notFoundHandler == nil {
 			subMux.NotFound(hFn)
 		}
 	})
 }
 // MethodNotAllowed sets a custom http.HandlerFunc for routing paths where the
 // method is unresolved. The default handler returns a 405 with an empty body.
 func (mx *Mux) MethodNotAllowed(handlerFn http.HandlerFunc) {
 	// Build MethodNotAllowed handler chain
 	m := mx
 	hFn := handlerFn
 	if mx.inline && mx.parent != nil {
 		m = mx.parent
 		hFn = Chain(mx.middlewares...).HandlerFunc(hFn).ServeHTTP
 	}
 	// Update the methodNotAllowedHandler from this point forward
 	m.methodNotAllowedHandler = hFn
 	m.updateSubRoutes(func(subMux *Mux) {
 		if subMux.methodNotAllowedHandler == nil {
 			subMux.MethodNotAllowed(hFn)
 		}
 	})
 }
 // With adds inline middlewares for an endpoint handler.
 func (mx *Mux) With(middlewares ...func(http.Handler) http.Handler) Router {
 	// Similarly as in handle(), we must build the mux handler once additional
 	// middleware registration isn't allowed for this stack, like now.
 	if !mx.inline && mx.handler == nil {
 		mx.buildRouteHandler()
 	}
 	// Copy middlewares from parent inline muxs
 	var mws Middlewares
 	if mx.inline {
 		mws = make(Middlewares, len(mx.middlewares))
 		copy(mws, mx.middlewares)
 	}
 	mws = append(mws, middlewares...)
 	im := &Mux{
 		pool: mx.pool, inline: true, parent: mx, tree: mx.tree, middlewares: mws,
 		notFoundHandler: mx.notFoundHandler, methodNotAllowedHandler: mx.methodNotAllowedHandler,
 	}
 	return im
 }
 // Group creates a new inline-Mux with a fresh middleware stack. It's useful
 // for a group of handlers along the same routing path that use an additional
 // set of middlewares. See _examples/.
 func (mx *Mux) Group(fn func(r Router)) Router {
 	im := mx.With().(*Mux)
 	if fn != nil {
 		fn(im)
 	}
 	return im
 }
 // Route creates a new Mux with a fresh middleware stack and mounts it
 // along the `pattern` as a subrouter. Effectively, this is a short-hand
 // call to Mount. See _examples/.
 func (mx *Mux) Route(pattern string, fn func(r Router)) Router {
 	subRouter := NewRouter()
 	if fn != nil {
 		fn(subRouter)
 	}
 	mx.Mount(pattern, subRouter)
 	return subRouter
 }
 // Mount attaches another http.Handler or chi Router as a subrouter along a routing
 // path. It's very useful to split up a large API as many independent routers and
 // compose them as a single service using Mount. See _examples/.
 //
 // Note that Mount() simply sets a wildcard along the `pattern` that will continue
 // routing at the `handler`, which in most cases is another chi.Router. As a result,
 // if you define two Mount() routes on the exact same pattern the mount will panic.
 func (mx *Mux) Mount(pattern string, handler http.Handler) {
 	// Provide runtime safety for ensuring a pattern isn't mounted on an existing
 	// routing pattern.
 	if mx.tree.findPattern(pattern+"*") || mx.tree.findPattern(pattern+"/*") {
 		panic(fmt.Sprintf("chi: attempting to Mount() a handler on an existing path, '%s'", pattern))
 	}
 	// Assign sub-Router's with the parent not found & method not allowed handler if not specified.
 	subr, ok := handler.(*Mux)
 	if ok && subr.notFoundHandler == nil && mx.notFoundHandler != nil {
 		subr.NotFound(mx.notFoundHandler)
 	}
 	if ok && subr.methodNotAllowedHandler == nil && mx.methodNotAllowedHandler != nil {
 		subr.MethodNotAllowed(mx.methodNotAllowedHandler)
 	}
 	mountHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		rctx := RouteContext(r.Context())
 		rctx.RoutePath = mx.nextRoutePath(rctx)
 		handler.ServeHTTP(w, r)
 	})
 	if pattern == "" || pattern[len(pattern)-1] != '/' {
 		mx.handle(mALL|mSTUB, pattern, mountHandler)
 		mx.handle(mALL|mSTUB, pattern+"/", mountHandler)
 		pattern += "/"
 	}
 	method := mALL
 	subroutes, _ := handler.(Routes)
 	if subroutes != nil {
 		method |= mSTUB
 	}
 	n := mx.handle(method, pattern+"*", mountHandler)
 	if subroutes != nil {
 		n.subroutes = subroutes
 	}
 }
 // Routes returns a slice of routing information from the tree,
 // useful for traversing available routes of a router.
 func (mx *Mux) Routes() []Route {
 	return mx.tree.routes()
 }
 // Middlewares returns a slice of middleware handler functions.
 func (mx *Mux) Middlewares() Middlewares {
 	return mx.middlewares
 }
 // Match searches the routing tree for a handler that matches the method/path.
 // It's similar to routing a http request, but without executing the handler
 // thereafter.
 //
 // Note: the *Context state is updated during execution, so manage
 // the state carefully or make a NewRouteContext().
 func (mx *Mux) Match(rctx *Context, method, path string) bool {
 	m, ok := methodMap[method]
 	if !ok {
 		return false
 	}
 	node, _, h := mx.tree.FindRoute(rctx, m, path)
 	if node != nil && node.subroutes != nil {
 		rctx.RoutePath = mx.nextRoutePath(rctx)
 		return node.subroutes.Match(rctx, method, rctx.RoutePath)
 	}
 	return h != nil
 }
 // NotFoundHandler returns the default Mux 404 responder whenever a route
 // cannot be found.
 func (mx *Mux) NotFoundHandler() http.HandlerFunc {
 	if mx.notFoundHandler != nil {
 		return mx.notFoundHandler
 	}
 	return http.NotFound
 }
 // MethodNotAllowedHandler returns the default Mux 405 responder whenever
 // a method cannot be resolved for a route.
 func (mx *Mux) MethodNotAllowedHandler() http.HandlerFunc {
 	if mx.methodNotAllowedHandler != nil {
 		return mx.methodNotAllowedHandler
 	}
 	return methodNotAllowedHandler
 }
 // buildRouteHandler builds the single mux handler that is a chain of the middleware
 // stack, as defined by calls to Use(), and the tree router (Mux) itself. After this
 // point, no other middlewares can be registered on this Mux's stack. But you can still
 // compose additional middlewares via Group()'s or using a chained middleware handler.
 func (mx *Mux) buildRouteHandler() {
 	mx.handler = chain(mx.middlewares, http.HandlerFunc(mx.routeHTTP))
 }
 // handle registers a http.Handler in the routing tree for a particular http method
 // and routing pattern.
 func (mx *Mux) handle(method methodTyp, pattern string, handler http.Handler) *node {
 	if len(pattern) == 0 || pattern[0] != '/' {
 		panic(fmt.Sprintf("chi: routing pattern must begin with '/' in '%s'", pattern))
 	}
 	// Build the computed routing handler for this routing pattern.
 	if !mx.inline && mx.handler == nil {
 		mx.buildRouteHandler()
 	}
 	// Build endpoint handler with inline middlewares for the route
 	var h http.Handler
 	if mx.inline {
 		mx.handler = http.HandlerFunc(mx.routeHTTP)
 		h = Chain(mx.middlewares...).Handler(handler)
 	} else {
 		h = handler
 	}
 	// Add the endpoint to the tree and return the node
 	return mx.tree.InsertRoute(method, pattern, h)
 }
 // routeHTTP routes a http.Request through the Mux routing tree to serve
 // the matching handler for a particular http method.
 func (mx *Mux) routeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Grab the route context object
 	rctx := r.Context().Value(RouteCtxKey).(*Context)
 	// The request routing path
 	routePath := rctx.RoutePath
 	if routePath == "" {
 		if r.URL.RawPath != "" {
 			routePath = r.URL.RawPath
 		} else {
 			routePath = r.URL.Path
 		}
 	}
 	// Check if method is supported by chi
 	if rctx.RouteMethod == "" {
 		rctx.RouteMethod = r.Method
 	}
 	method, ok := methodMap[rctx.RouteMethod]
 	if !ok {
 		mx.MethodNotAllowedHandler().ServeHTTP(w, r)
 		return
 	}
 	// Find the route
 	if _, _, h := mx.tree.FindRoute(rctx, method, routePath); h != nil {
 		h.ServeHTTP(w, r)
 		return
 	}
 	if rctx.methodNotAllowed {
 		mx.MethodNotAllowedHandler().ServeHTTP(w, r)
 	} else {
 		mx.NotFoundHandler().ServeHTTP(w, r)
 	}
 }
 func (mx *Mux) nextRoutePath(rctx *Context) string {
 	routePath := "/"
 	nx := len(rctx.routeParams.Keys) - 1 // index of last param in list
 	if nx >= 0 && rctx.routeParams.Keys[nx] == "*" && len(rctx.routeParams.Values) > nx {
 		routePath = "/" + rctx.routeParams.Values[nx]
 	}
 	return routePath
 }
 // Recursively update data on child routers.
 func (mx *Mux) updateSubRoutes(fn func(subMux *Mux)) {
 	for _, r := range mx.tree.routes() {
 		subMux, ok := r.SubRoutes.(*Mux)
 		if !ok {
 			continue
 		}
 		fn(subMux)
 	}
 }
 // methodNotAllowedHandler is a helper function to respond with a 405,
 // method not allowed.
 func methodNotAllowedHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(405)
 	w.Write(nil)
 }
--- a/vendor/github.com/go-chi/chi/tree.go
+++ b/vendor/github.com/go-chi/chi/tree.go
@ -1,865 +0,0 @@
 package chi
 // Radix tree implementation below is a based on the original work by
 // Armon Dadgar in https://github.com/armon/go-radix/blob/master/radix.go
 // (MIT licensed). It's been heavily modified for use as a HTTP routing tree.
 import (
 	"fmt"
 	"math"
 	"net/http"
 	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 )
 type methodTyp int
 const (
 	mSTUB methodTyp = 1 << iota
 	mCONNECT
 	mDELETE
 	mGET
 	mHEAD
 	mOPTIONS
 	mPATCH
 	mPOST
 	mPUT
 	mTRACE
 )
 var mALL = mCONNECT | mDELETE | mGET | mHEAD |
 	mOPTIONS | mPATCH | mPOST | mPUT | mTRACE
 var methodMap = map[string]methodTyp{
 	http.MethodConnect: mCONNECT,
 	http.MethodDelete:  mDELETE,
 	http.MethodGet:     mGET,
 	http.MethodHead:    mHEAD,
 	http.MethodOptions: mOPTIONS,
 	http.MethodPatch:   mPATCH,
 	http.MethodPost:    mPOST,
 	http.MethodPut:     mPUT,
 	http.MethodTrace:   mTRACE,
 }
 // RegisterMethod adds support for custom HTTP method handlers, available
 // via Router#Method and Router#MethodFunc
 func RegisterMethod(method string) {
 	if method == "" {
 		return
 	}
 	method = strings.ToUpper(method)
 	if _, ok := methodMap[method]; ok {
 		return
 	}
 	n := len(methodMap)
 	if n > strconv.IntSize {
 		panic(fmt.Sprintf("chi: max number of methods reached (%d)", strconv.IntSize))
 	}
 	mt := methodTyp(math.Exp2(float64(n)))
 	methodMap[method] = mt
 	mALL |= mt
 }
 type nodeTyp uint8
 const (
 	ntStatic   nodeTyp = iota // /home
 	ntRegexp                  // /{id:[0-9]+}
 	ntParam                   // /{user}
 	ntCatchAll                // /api/v1/*
 )
 type node struct {
 	// node type: static, regexp, param, catchAll
 	typ nodeTyp
 	// first byte of the prefix
 	label byte
 	// first byte of the child prefix
 	tail byte
 	// prefix is the common prefix we ignore
 	prefix string
 	// regexp matcher for regexp nodes
 	rex *regexp.Regexp
 	// HTTP handler endpoints on the leaf node
 	endpoints endpoints
 	// subroutes on the leaf node
 	subroutes Routes
 	// child nodes should be stored in-order for iteration,
 	// in groups of the node type.
 	children [ntCatchAll + 1]nodes
 }
 // endpoints is a mapping of http method constants to handlers
 // for a given route.
 type endpoints map[methodTyp]*endpoint
 type endpoint struct {
 	// endpoint handler
 	handler http.Handler
 	// pattern is the routing pattern for handler nodes
 	pattern string
 	// parameter keys recorded on handler nodes
 	paramKeys []string
 }
 func (s endpoints) Value(method methodTyp) *endpoint {
 	mh, ok := s[method]
 	if !ok {
 		mh = &endpoint{}
 		s[method] = mh
 	}
 	return mh
 }
 func (n *node) InsertRoute(method methodTyp, pattern string, handler http.Handler) *node {
 	var parent *node
 	search := pattern
 	for {
 		// Handle key exhaustion
 		if len(search) == 0 {
 			// Insert or update the node's leaf handler
 			n.setEndpoint(method, handler, pattern)
 			return n
 		}
 		// We're going to be searching for a wild node next,
 		// in this case, we need to get the tail
 		var label = search[0]
 		var segTail byte
 		var segEndIdx int
 		var segTyp nodeTyp
 		var segRexpat string
 		if label == '{' || label == '*' {
 			segTyp, _, segRexpat, segTail, _, segEndIdx = patNextSegment(search)
 		}
 		var prefix string
 		if segTyp == ntRegexp {
 			prefix = segRexpat
 		}
 		// Look for the edge to attach to
 		parent = n
 		n = n.getEdge(segTyp, label, segTail, prefix)
 		// No edge, create one
 		if n == nil {
 			child := &node{label: label, tail: segTail, prefix: search}
 			hn := parent.addChild(child, search)
 			hn.setEndpoint(method, handler, pattern)
 			return hn
 		}
 		// Found an edge to match the pattern
 		if n.typ > ntStatic {
 			// We found a param node, trim the param from the search path and continue.
 			// This param/wild pattern segment would already be on the tree from a previous
 			// call to addChild when creating a new node.
 			search = search[segEndIdx:]
 			continue
 		}
 		// Static nodes fall below here.
 		// Determine longest prefix of the search key on match.
 		commonPrefix := longestPrefix(search, n.prefix)
 		if commonPrefix == len(n.prefix) {
 			// the common prefix is as long as the current node's prefix we're attempting to insert.
 			// keep the search going.
 			search = search[commonPrefix:]
 			continue
 		}
 		// Split the node
 		child := &node{
 			typ:    ntStatic,
 			prefix: search[:commonPrefix],
 		}
 		parent.replaceChild(search[0], segTail, child)
 		// Restore the existing node
 		n.label = n.prefix[commonPrefix]
 		n.prefix = n.prefix[commonPrefix:]
 		child.addChild(n, n.prefix)
 		// If the new key is a subset, set the method/handler on this node and finish.
 		search = search[commonPrefix:]
 		if len(search) == 0 {
 			child.setEndpoint(method, handler, pattern)
 			return child
 		}
 		// Create a new edge for the node
 		subchild := &node{
 			typ:    ntStatic,
 			label:  search[0],
 			prefix: search,
 		}
 		hn := child.addChild(subchild, search)
 		hn.setEndpoint(method, handler, pattern)
 		return hn
 	}
 }
 // addChild appends the new `child` node to the tree using the `pattern` as the trie key.
 // For a URL router like chi's, we split the static, param, regexp and wildcard segments
 // into different nodes. In addition, addChild will recursively call itself until every
 // pattern segment is added to the url pattern tree as individual nodes, depending on type.
 func (n *node) addChild(child *node, prefix string) *node {
 	search := prefix
 	// handler leaf node added to the tree is the child.
 	// this may be overridden later down the flow
 	hn := child
 	// Parse next segment
 	segTyp, _, segRexpat, segTail, segStartIdx, segEndIdx := patNextSegment(search)
 	// Add child depending on next up segment
 	switch segTyp {
 	case ntStatic:
 		// Search prefix is all static (that is, has no params in path)
 		// noop
 	default:
 		// Search prefix contains a param, regexp or wildcard
 		if segTyp == ntRegexp {
 			rex, err := regexp.Compile(segRexpat)
 			if err != nil {
 				panic(fmt.Sprintf("chi: invalid regexp pattern '%s' in route param", segRexpat))
 			}
 			child.prefix = segRexpat
 			child.rex = rex
 		}
 		if segStartIdx == 0 {
 			// Route starts with a param
 			child.typ = segTyp
 			if segTyp == ntCatchAll {
 				segStartIdx = -1
 			} else {
 				segStartIdx = segEndIdx
 			}
 			if segStartIdx < 0 {
 				segStartIdx = len(search)
 			}
 			child.tail = segTail // for params, we set the tail
 			if segStartIdx != len(search) {
 				// add static edge for the remaining part, split the end.
 				// its not possible to have adjacent param nodes, so its certainly
 				// going to be a static node next.
 				search = search[segStartIdx:] // advance search position
 				nn := &node{
 					typ:    ntStatic,
 					label:  search[0],
 					prefix: search,
 				}
 				hn = child.addChild(nn, search)
 			}
 		} else if segStartIdx > 0 {
 			// Route has some param
 			// starts with a static segment
 			child.typ = ntStatic
 			child.prefix = search[:segStartIdx]
 			child.rex = nil
 			// add the param edge node
 			search = search[segStartIdx:]
 			nn := &node{
 				typ:   segTyp,
 				label: search[0],
 				tail:  segTail,
 			}
 			hn = child.addChild(nn, search)
 		}
 	}
 	n.children[child.typ] = append(n.children[child.typ], child)
 	n.children[child.typ].Sort()
 	return hn
 }
 func (n *node) replaceChild(label, tail byte, child *node) {
 	for i := 0; i < len(n.children[child.typ]); i++ {
 		if n.children[child.typ][i].label == label && n.children[child.typ][i].tail == tail {
 			n.children[child.typ][i] = child
 			n.children[child.typ][i].label = label
 			n.children[child.typ][i].tail = tail
 			return
 		}
 	}
 	panic("chi: replacing missing child")
 }
 func (n *node) getEdge(ntyp nodeTyp, label, tail byte, prefix string) *node {
 	nds := n.children[ntyp]
 	for i := 0; i < len(nds); i++ {
 		if nds[i].label == label && nds[i].tail == tail {
 			if ntyp == ntRegexp && nds[i].prefix != prefix {
 				continue
 			}
 			return nds[i]
 		}
 	}
 	return nil
 }
 func (n *node) setEndpoint(method methodTyp, handler http.Handler, pattern string) {
 	// Set the handler for the method type on the node
 	if n.endpoints == nil {
 		n.endpoints = make(endpoints)
 	}
 	paramKeys := patParamKeys(pattern)
 	if method&mSTUB == mSTUB {
 		n.endpoints.Value(mSTUB).handler = handler
 	}
 	if method&mALL == mALL {
 		h := n.endpoints.Value(mALL)
 		h.handler = handler
 		h.pattern = pattern
 		h.paramKeys = paramKeys
 		for _, m := range methodMap {
 			h := n.endpoints.Value(m)
 			h.handler = handler
 			h.pattern = pattern
 			h.paramKeys = paramKeys
 		}
 	} else {
 		h := n.endpoints.Value(method)
 		h.handler = handler
 		h.pattern = pattern
 		h.paramKeys = paramKeys
 	}
 }
 func (n *node) FindRoute(rctx *Context, method methodTyp, path string) (*node, endpoints, http.Handler) {
 	// Reset the context routing pattern and params
 	rctx.routePattern = ""
 	rctx.routeParams.Keys = rctx.routeParams.Keys[:0]
 	rctx.routeParams.Values = rctx.routeParams.Values[:0]
 	// Find the routing handlers for the path
 	rn := n.findRoute(rctx, method, path)
 	if rn == nil {
 		return nil, nil, nil
 	}
 	// Record the routing params in the request lifecycle
 	rctx.URLParams.Keys = append(rctx.URLParams.Keys, rctx.routeParams.Keys...)
 	rctx.URLParams.Values = append(rctx.URLParams.Values, rctx.routeParams.Values...)
 	// Record the routing pattern in the request lifecycle
 	if rn.endpoints[method].pattern != "" {
 		rctx.routePattern = rn.endpoints[method].pattern
 		rctx.RoutePatterns = append(rctx.RoutePatterns, rctx.routePattern)
 	}
 	return rn, rn.endpoints, rn.endpoints[method].handler
 }
 // Recursive edge traversal by checking all nodeTyp groups along the way.
 // It's like searching through a multi-dimensional radix trie.
 func (n *node) findRoute(rctx *Context, method methodTyp, path string) *node {
 	nn := n
 	search := path
 	for t, nds := range nn.children {
 		ntyp := nodeTyp(t)
 		if len(nds) == 0 {
 			continue
 		}
 		var xn *node
 		xsearch := search
 		var label byte
 		if search != "" {
 			label = search[0]
 		}
 		switch ntyp {
 		case ntStatic:
 			xn = nds.findEdge(label)
 			if xn == nil || !strings.HasPrefix(xsearch, xn.prefix) {
 				continue
 			}
 			xsearch = xsearch[len(xn.prefix):]
 		case ntParam, ntRegexp:
 			// short-circuit and return no matching route for empty param values
 			if xsearch == "" {
 				continue
 			}
 			// serially loop through each node grouped by the tail delimiter
 			for idx := 0; idx < len(nds); idx++ {
 				xn = nds[idx]
 				// label for param nodes is the delimiter byte
 				p := strings.IndexByte(xsearch, xn.tail)
 				if p < 0 {
 					if xn.tail == '/' {
 						p = len(xsearch)
 					} else {
 						continue
 					}
 				}
 				if ntyp == ntRegexp && xn.rex != nil {
 					if !xn.rex.Match([]byte(xsearch[:p])) {
 						continue
 					}
 				} else if strings.IndexByte(xsearch[:p], '/') != -1 {
 					// avoid a match across path segments
 					continue
 				}
 				prevlen := len(rctx.routeParams.Values)
 				rctx.routeParams.Values = append(rctx.routeParams.Values, xsearch[:p])
 				xsearch = xsearch[p:]
 				if len(xsearch) == 0 {
 					if xn.isLeaf() {
 						h := xn.endpoints[method]
 						if h != nil && h.handler != nil {
 							rctx.routeParams.Keys = append(rctx.routeParams.Keys, h.paramKeys...)
 							return xn
 						}
 						// flag that the routing context found a route, but not a corresponding
 						// supported method
 						rctx.methodNotAllowed = true
 					}
 				}
 				// recursively find the next node on this branch
 				fin := xn.findRoute(rctx, method, xsearch)
 				if fin != nil {
 					return fin
 				}
 				// not found on this branch, reset vars
 				rctx.routeParams.Values = rctx.routeParams.Values[:prevlen]
 				xsearch = search
 			}
 			rctx.routeParams.Values = append(rctx.routeParams.Values, "")
 		default:
 			// catch-all nodes
 			rctx.routeParams.Values = append(rctx.routeParams.Values, search)
 			xn = nds[0]
 			xsearch = ""
 		}
 		if xn == nil {
 			continue
 		}
 		// did we find it yet?
 		if len(xsearch) == 0 {
 			if xn.isLeaf() {
 				h := xn.endpoints[method]
 				if h != nil && h.handler != nil {
 					rctx.routeParams.Keys = append(rctx.routeParams.Keys, h.paramKeys...)
 					return xn
 				}
 				// flag that the routing context found a route, but not a corresponding
 				// supported method
 				rctx.methodNotAllowed = true
 			}
 		}
 		// recursively find the next node..
 		fin := xn.findRoute(rctx, method, xsearch)
 		if fin != nil {
 			return fin
 		}
 		// Did not find final handler, let's remove the param here if it was set
 		if xn.typ > ntStatic {
 			if len(rctx.routeParams.Values) > 0 {
 				rctx.routeParams.Values = rctx.routeParams.Values[:len(rctx.routeParams.Values)-1]
 			}
 		}
 	}
 	return nil
 }
 func (n *node) findEdge(ntyp nodeTyp, label byte) *node {
 	nds := n.children[ntyp]
 	num := len(nds)
 	idx := 0
 	switch ntyp {
 	case ntStatic, ntParam, ntRegexp:
 		i, j := 0, num-1
 		for i <= j {
 			idx = i + (j-i)/2
 			if label > nds[idx].label {
 				i = idx + 1
 			} else if label < nds[idx].label {
 				j = idx - 1
 			} else {
 				i = num // breaks cond
 			}
 		}
 		if nds[idx].label != label {
 			return nil
 		}
 		return nds[idx]
 	default: // catch all
 		return nds[idx]
 	}
 }
 func (n *node) isLeaf() bool {
 	return n.endpoints != nil
 }
 func (n *node) findPattern(pattern string) bool {
 	nn := n
 	for _, nds := range nn.children {
 		if len(nds) == 0 {
 			continue
 		}
 		n = nn.findEdge(nds[0].typ, pattern[0])
 		if n == nil {
 			continue
 		}
 		var idx int
 		var xpattern string
 		switch n.typ {
 		case ntStatic:
 			idx = longestPrefix(pattern, n.prefix)
 			if idx < len(n.prefix) {
 				continue
 			}
 		case ntParam, ntRegexp:
 			idx = strings.IndexByte(pattern, '}') + 1
 		case ntCatchAll:
 			idx = longestPrefix(pattern, "*")
 		default:
 			panic("chi: unknown node type")
 		}
 		xpattern = pattern[idx:]
 		if len(xpattern) == 0 {
 			return true
 		}
 		return n.findPattern(xpattern)
 	}
 	return false
 }
 func (n *node) routes() []Route {
 	rts := []Route{}
 	n.walk(func(eps endpoints, subroutes Routes) bool {
 		if eps[mSTUB] != nil && eps[mSTUB].handler != nil && subroutes == nil {
 			return false
 		}
 		// Group methodHandlers by unique patterns
 		pats := make(map[string]endpoints)
 		for mt, h := range eps {
 			if h.pattern == "" {
 				continue
 			}
 			p, ok := pats[h.pattern]
 			if !ok {
 				p = endpoints{}
 				pats[h.pattern] = p
 			}
 			p[mt] = h
 		}
 		for p, mh := range pats {
 			hs := make(map[string]http.Handler)
 			if mh[mALL] != nil && mh[mALL].handler != nil {
 				hs["*"] = mh[mALL].handler
 			}
 			for mt, h := range mh {
 				if h.handler == nil {
 					continue
 				}
 				m := methodTypString(mt)
 				if m == "" {
 					continue
 				}
 				hs[m] = h.handler
 			}
 			rt := Route{p, hs, subroutes}
 			rts = append(rts, rt)
 		}
 		return false
 	})
 	return rts
 }
 func (n *node) walk(fn func(eps endpoints, subroutes Routes) bool) bool {
 	// Visit the leaf values if any
 	if (n.endpoints != nil || n.subroutes != nil) && fn(n.endpoints, n.subroutes) {
 		return true
 	}
 	// Recurse on the children
 	for _, ns := range n.children {
 		for _, cn := range ns {
 			if cn.walk(fn) {
 				return true
 			}
 		}
 	}
 	return false
 }
 // patNextSegment returns the next segment details from a pattern:
 // node type, param key, regexp string, param tail byte, param starting index, param ending index
 func patNextSegment(pattern string) (nodeTyp, string, string, byte, int, int) {
 	ps := strings.Index(pattern, "{")
 	ws := strings.Index(pattern, "*")
 	if ps < 0 && ws < 0 {
 		return ntStatic, "", "", 0, 0, len(pattern) // we return the entire thing
 	}
 	// Sanity check
 	if ps >= 0 && ws >= 0 && ws < ps {
 		panic("chi: wildcard '*' must be the last pattern in a route, otherwise use a '{param}'")
 	}
 	var tail byte = '/' // Default endpoint tail to / byte
 	if ps >= 0 {
 		// Param/Regexp pattern is next
 		nt := ntParam
 		// Read to closing } taking into account opens and closes in curl count (cc)
 		cc := 0
 		pe := ps
 		for i, c := range pattern[ps:] {
 			if c == '{' {
 				cc++
 			} else if c == '}' {
 				cc--
 				if cc == 0 {
 					pe = ps + i
 					break
 				}
 			}
 		}
 		if pe == ps {
 			panic("chi: route param closing delimiter '}' is missing")
 		}
 		key := pattern[ps+1 : pe]
 		pe++ // set end to next position
 		if pe < len(pattern) {
 			tail = pattern[pe]
 		}
 		var rexpat string
 		if idx := strings.Index(key, ":"); idx >= 0 {
 			nt = ntRegexp
 			rexpat = key[idx+1:]
 			key = key[:idx]
 		}
 		if len(rexpat) > 0 {
 			if rexpat[0] != '^' {
 				rexpat = "^" + rexpat
 			}
 			if rexpat[len(rexpat)-1] != '$' {
 				rexpat += "$"
 			}
 		}
 		return nt, key, rexpat, tail, ps, pe
 	}
 	// Wildcard pattern as finale
 	if ws < len(pattern)-1 {
 		panic("chi: wildcard '*' must be the last value in a route. trim trailing text or use a '{param}' instead")
 	}
 	return ntCatchAll, "*", "", 0, ws, len(pattern)
 }
 func patParamKeys(pattern string) []string {
 	pat := pattern
 	paramKeys := []string{}
 	for {
 		ptyp, paramKey, _, _, _, e := patNextSegment(pat)
 		if ptyp == ntStatic {
 			return paramKeys
 		}
 		for i := 0; i < len(paramKeys); i++ {
 			if paramKeys[i] == paramKey {
 				panic(fmt.Sprintf("chi: routing pattern '%s' contains duplicate param key, '%s'", pattern, paramKey))
 			}
 		}
 		paramKeys = append(paramKeys, paramKey)
 		pat = pat[e:]
 	}
 }
 // longestPrefix finds the length of the shared prefix
 // of two strings
 func longestPrefix(k1, k2 string) int {
 	max := len(k1)
 	if l := len(k2); l < max {
 		max = l
 	}
 	var i int
 	for i = 0; i < max; i++ {
 		if k1[i] != k2[i] {
 			break
 		}
 	}
 	return i
 }
 func methodTypString(method methodTyp) string {
 	for s, t := range methodMap {
 		if method == t {
 			return s
 		}
 	}
 	return ""
 }
 type nodes []*node
 // Sort the list of nodes by label
 func (ns nodes) Sort()              { sort.Sort(ns); ns.tailSort() }
 func (ns nodes) Len() int           { return len(ns) }
 func (ns nodes) Swap(i, j int)      { ns[i], ns[j] = ns[j], ns[i] }
 func (ns nodes) Less(i, j int) bool { return ns[i].label < ns[j].label }
 // tailSort pushes nodes with '/' as the tail to the end of the list for param nodes.
 // The list order determines the traversal order.
 func (ns nodes) tailSort() {
 	for i := len(ns) - 1; i >= 0; i-- {
 		if ns[i].typ > ntStatic && ns[i].tail == '/' {
 			ns.Swap(i, len(ns)-1)
 			return
 		}
 	}
 }
 func (ns nodes) findEdge(label byte) *node {
 	num := len(ns)
 	idx := 0
 	i, j := 0, num-1
 	for i <= j {
 		idx = i + (j-i)/2
 		if label > ns[idx].label {
 			i = idx + 1
 		} else if label < ns[idx].label {
 			j = idx - 1
 		} else {
 			i = num // breaks cond
 		}
 	}
 	if ns[idx].label != label {
 		return nil
 	}
 	return ns[idx]
 }
 // Route describes the details of a routing handler.
 // Handlers map key is an HTTP method
 type Route struct {
 	Pattern   string
 	Handlers  map[string]http.Handler
 	SubRoutes Routes
 }
 // WalkFunc is the type of the function called for each method and route visited by Walk.
 type WalkFunc func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error
 // Walk walks any router tree that implements Routes interface.
 func Walk(r Routes, walkFn WalkFunc) error {
 	return walk(r, walkFn, "")
 }
 func walk(r Routes, walkFn WalkFunc, parentRoute string, parentMw ...func(http.Handler) http.Handler) error {
 	for _, route := range r.Routes() {
 		mws := make([]func(http.Handler) http.Handler, len(parentMw))
 		copy(mws, parentMw)
 		mws = append(mws, r.Middlewares()...)
 		if route.SubRoutes != nil {
 			if err := walk(route.SubRoutes, walkFn, parentRoute+route.Pattern, mws...); err != nil {
 				return err
 			}
 			continue
 		}
 		for method, handler := range route.Handlers {
 			if method == "*" {
 				// Ignore a "catchAll" method, since we pass down all the specific methods for each route.
 				continue
 			}
 			fullRoute := parentRoute + route.Pattern
 			fullRoute = strings.Replace(fullRoute, "/*/", "/", -1)
 			if chain, ok := handler.(*ChainHandler); ok {
 				if err := walkFn(method, fullRoute, chain.Endpoint, append(mws, chain.Middlewares...)...); err != nil {
 					return err
 				}
 			} else {
 				if err := walkFn(method, fullRoute, handler, mws...); err != nil {
 					return err
 				}
 			}
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/go-playground/locales/.gitignore
+++ b/vendor/github.com/go-playground/locales/.gitignore
@ -1,24 +0,0 @@
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
 *.so
 # Folders
 _obj
 _test
 # Architecture specific extensions/prefixes
 *.[568vq]
 [568vq].out
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
 _cgo_gotypes.go
 _cgo_export.*
 _testmain.go
 *.exe
 *.test
 *.prof
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`// This package contains Win32 filesystem functionality.`
							`package fs`