Merge pull request #671 from grant-he/master

Address various linter (staticcheck, modernize, etc.) comments.
Use string-typed rate limiters.
2025-08-15 01:05:14 -07:00 · 2025-08-14 18:32:31 +00:00 · 2025-08-14 08:05:55 +00:00 · 2025-08-13 02:45:10 -07:00 · 2025-08-13 10:58:39 +02:00 · 2025-08-12 08:31:08 -07:00
5072 changed files with 636512 additions and 127874 deletions
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@ -1,9 +1,29 @@
 version: 2
+enable-beta-ecosystems: true
 updates:
 - package-ecosystem: gomod
  directory: "/"
+  allow:
+  - dependency-type: "all"
  schedule:
-    interval: daily
+    interval: weekly
+  groups:
+    golang-dependencies:
+      patterns:
+        - "github.com/golang*"
+    k8s-dependencies:
+      patterns:
+        - "k8s.io*"
+        - "sigs.k8s.io*"
+        - "github.com/kubernetes-csi*"
+    github-dependencies:
+      patterns:
+        - "*"
+      exclude-patterns:
+        - "github.com/golang*"
+        - "k8s.io*"
+        - "sigs.k8s.io*"
+        - "github.com/kubernetes-csi*"
  labels:
    - "area/dependency"
    - "release-note-none"
--- a/.prow.sh
+++ b/.prow.sh
@ -2,26 +2,4 @@

 . release-tools/prow.sh

-# This check assumes that the current configuration uses a driver deployment
-# which has been updated to use v1 APIs that aren't available in Kubernetes < 1.17.
-# TODO: The check can be removed when all Prow jobs for Kubernetes < 1.17 are removed.
-if ! (version_gt "${CSI_PROW_KUBERNETES_VERSION}" "1.16.255" || [ "${CSI_PROW_KUBERNETES_VERSION}" == "latest" ]); then
-    filtered_tests=
-    skipped_tests=
-    for test in ${CSI_PROW_TESTS}; do
-	case "$test" in
-	    parallel | parallel | serial | parallel-alpha | serial-alpha)
-		skipped_tests="$skipped_tests $test"
-		;;
-	    *)
-		filtered_tests="$filtered_tests $test"
-		;;
-	esac
-    done
-    if [ "$skipped_tests" ]; then
-	info "Testing on Kubernetes ${CSI_PROW_KUBERNETES_VERSION} is no longer supported. Skipping CSI_PROW_TESTS: $skipped_tests."
-	CSI_PROW_TESTS="$filtered_tests"
-    fi
-fi
-
 main
--- a/CHANGELOG/CHANGELOG-4.4.md
+++ b/CHANGELOG/CHANGELOG-4.4.md
@ -0,0 +1,235 @@
+# Release notes for v4.4.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.3.0
+
+## Changes by Kind
+
+### Feature
+
+- Add --max-entries flag to limit ListVolumes request entries per page (#462, @kayrus)
+
+### Uncategorized
+
+- Update kubernetes dependencies to v1.28.0 (#475, @Sneha-at)
+
+## Dependencies
+
+### Added
+- github.com/alecthomas/kingpin/v2: [v2.3.2](https://github.com/alecthomas/kingpin/v2/tree/v2.3.2)
+- github.com/google/gnostic-models: [v0.6.8](https://github.com/google/gnostic-models/tree/v0.6.8)
+- github.com/xhit/go-str2duration/v2: [v2.1.0](https://github.com/xhit/go-str2duration/v2/tree/v2.1.0)
+- google.golang.org/genproto/googleapis/api: dd9d682
+- google.golang.org/genproto/googleapis/rpc: 28d5490
+
+### Changed
+- cloud.google.com/go/compute: v1.15.1 → v1.19.1
+- cloud.google.com/go: v0.105.0 → v0.34.0
+- github.com/alecthomas/units: [f65c72e → b94a6e3](https://github.com/alecthomas/units/compare/f65c72e...b94a6e3)
+- github.com/cenkalti/backoff/v4: [v4.1.3 → v4.2.1](https://github.com/cenkalti/backoff/v4/compare/v4.1.3...v4.2.1)
+- github.com/cncf/xds/go: [06c439d → e9ce688](https://github.com/cncf/xds/go/compare/06c439d...e9ce688)
+- github.com/envoyproxy/go-control-plane: [v0.10.3 → 9239064](https://github.com/envoyproxy/go-control-plane/compare/v0.10.3...9239064)
+- github.com/envoyproxy/protoc-gen-validate: [v0.9.1 → v0.10.1](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.9.1...v0.10.1)
+- github.com/go-kit/log: [v0.2.0 → v0.2.1](https://github.com/go-kit/log/compare/v0.2.0...v0.2.1)
+- github.com/go-logr/logr: [v1.2.3 → v1.2.4](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4)
+- github.com/go-openapi/jsonreference: [v0.20.1 → v0.20.2](https://github.com/go-openapi/jsonreference/compare/v0.20.1...v0.20.2)
+- github.com/go-task/slim-sprig: [348f09d → 52ccab3](https://github.com/go-task/slim-sprig/compare/348f09d...52ccab3)
+- github.com/golang/glog: [v1.0.0 → v1.1.0](https://github.com/golang/glog/compare/v1.0.0...v1.1.0)
+- github.com/google/gnostic: [v0.6.9 → v0.5.7-v3refs](https://github.com/google/gnostic/compare/v0.6.9...v0.5.7-v3refs)
+- github.com/inconshreveable/mousetrap: [v1.0.1 → v1.1.0](https://github.com/inconshreveable/mousetrap/compare/v1.0.1...v1.1.0)
+- github.com/kr/pretty: [v0.3.0 → v0.3.1](https://github.com/kr/pretty/compare/v0.3.0...v0.3.1)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.13.0 → v0.14.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.13.0...v0.14.0)
+- github.com/moby/term: [39b0c02 → 1aeaba8](https://github.com/moby/term/compare/39b0c02...1aeaba8)
+- github.com/onsi/ginkgo/v2: [v2.9.1 → v2.9.4](https://github.com/onsi/ginkgo/v2/compare/v2.9.1...v2.9.4)
+- github.com/onsi/gomega: [v1.27.4 → v1.27.6](https://github.com/onsi/gomega/compare/v1.27.4...v1.27.6)
+- github.com/prometheus/client_golang: [v1.14.0 → v1.16.0](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.16.0)
+- github.com/prometheus/client_model: [v0.3.0 → v0.4.0](https://github.com/prometheus/client_model/compare/v0.3.0...v0.4.0)
+- github.com/prometheus/common: [v0.37.0 → v0.44.0](https://github.com/prometheus/common/compare/v0.37.0...v0.44.0)
+- github.com/prometheus/procfs: [v0.8.0 → v0.10.1](https://github.com/prometheus/procfs/compare/v0.8.0...v0.10.1)
+- github.com/spf13/cobra: [v1.6.0 → v1.7.0](https://github.com/spf13/cobra/compare/v1.6.0...v1.7.0)
+- github.com/stretchr/testify: [v1.8.1 → v1.8.2](https://github.com/stretchr/testify/compare/v1.8.1...v1.8.2)
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.0 → v0.35.1
+- go.uber.org/atomic: v1.7.0 → v1.10.0
+- go.uber.org/goleak: v1.2.0 → v1.2.1
+- go.uber.org/multierr: v1.6.0 → v1.11.0
+- golang.org/x/crypto: 75b2880 → v0.11.0
+- golang.org/x/exp: 6cc2880 → 509febe
+- golang.org/x/lint: 738671d → d0100b6
+- golang.org/x/net: v0.8.0 → v0.13.0
+- golang.org/x/oauth2: v0.4.0 → v0.8.0
+- golang.org/x/sync: 0de741c → v0.2.0
+- golang.org/x/sys: v0.6.0 → v0.10.0
+- golang.org/x/term: v0.6.0 → v0.10.0
+- golang.org/x/text: v0.8.0 → v0.11.0
+- golang.org/x/time: v0.2.0 → v0.3.0
+- golang.org/x/tools: v0.7.0 → v0.8.0
+- google.golang.org/genproto: 76db087 → 0005af6
+- google.golang.org/grpc: v1.54.0 → v1.57.0
+- google.golang.org/protobuf: v1.28.1 → v1.30.0
+- honnef.co/go/tools: v0.0.1-2020.1.4 → ea95bdf
+- k8s.io/api: v0.27.1 → v0.28.1
+- k8s.io/apimachinery: v0.27.1 → v0.28.1
+- k8s.io/client-go: v0.27.1 → v0.28.1
+- k8s.io/component-base: v0.26.0 → v0.28.0
+- k8s.io/csi-translation-lib: v0.27.1 → v0.28.1
+- k8s.io/klog/v2: v2.90.1 → v2.100.1
+- k8s.io/kube-openapi: 15aac26 → 2695361
+- k8s.io/utils: a36077c → d93618c
+
+### Removed
+- cloud.google.com/go/accessapproval: v1.5.0
+- cloud.google.com/go/accesscontextmanager: v1.4.0
+- cloud.google.com/go/aiplatform: v1.27.0
+- cloud.google.com/go/analytics: v0.12.0
+- cloud.google.com/go/apigateway: v1.4.0
+- cloud.google.com/go/apigeeconnect: v1.4.0
+- cloud.google.com/go/appengine: v1.5.0
+- cloud.google.com/go/area120: v0.6.0
+- cloud.google.com/go/artifactregistry: v1.9.0
+- cloud.google.com/go/asset: v1.10.0
+- cloud.google.com/go/assuredworkloads: v1.9.0
+- cloud.google.com/go/automl: v1.8.0
+- cloud.google.com/go/baremetalsolution: v0.4.0
+- cloud.google.com/go/batch: v0.4.0
+- cloud.google.com/go/beyondcorp: v0.3.0
+- cloud.google.com/go/bigquery: v1.44.0
+- cloud.google.com/go/billing: v1.7.0
+- cloud.google.com/go/binaryauthorization: v1.4.0
+- cloud.google.com/go/certificatemanager: v1.4.0
+- cloud.google.com/go/channel: v1.9.0
+- cloud.google.com/go/cloudbuild: v1.4.0
+- cloud.google.com/go/clouddms: v1.4.0
+- cloud.google.com/go/cloudtasks: v1.8.0
+- cloud.google.com/go/contactcenterinsights: v1.4.0
+- cloud.google.com/go/container: v1.7.0
+- cloud.google.com/go/containeranalysis: v0.6.0
+- cloud.google.com/go/datacatalog: v1.8.0
+- cloud.google.com/go/dataflow: v0.7.0
+- cloud.google.com/go/dataform: v0.5.0
+- cloud.google.com/go/datafusion: v1.5.0
+- cloud.google.com/go/datalabeling: v0.6.0
+- cloud.google.com/go/dataplex: v1.4.0
+- cloud.google.com/go/dataproc: v1.8.0
+- cloud.google.com/go/dataqna: v0.6.0
+- cloud.google.com/go/datastore: v1.10.0
+- cloud.google.com/go/datastream: v1.5.0
+- cloud.google.com/go/deploy: v1.5.0
+- cloud.google.com/go/dialogflow: v1.19.0
+- cloud.google.com/go/dlp: v1.7.0
+- cloud.google.com/go/documentai: v1.10.0
+- cloud.google.com/go/domains: v0.7.0
+- cloud.google.com/go/edgecontainer: v0.2.0
+- cloud.google.com/go/errorreporting: v0.3.0
+- cloud.google.com/go/essentialcontacts: v1.4.0
+- cloud.google.com/go/eventarc: v1.8.0
+- cloud.google.com/go/filestore: v1.4.0
+- cloud.google.com/go/firestore: v1.9.0
+- cloud.google.com/go/functions: v1.9.0
+- cloud.google.com/go/gaming: v1.8.0
+- cloud.google.com/go/gkebackup: v0.3.0
+- cloud.google.com/go/gkeconnect: v0.6.0
+- cloud.google.com/go/gkehub: v0.10.0
+- cloud.google.com/go/gkemulticloud: v0.4.0
+- cloud.google.com/go/gsuiteaddons: v1.4.0
+- cloud.google.com/go/iam: v0.8.0
+- cloud.google.com/go/iap: v1.5.0
+- cloud.google.com/go/ids: v1.2.0
+- cloud.google.com/go/iot: v1.4.0
+- cloud.google.com/go/kms: v1.6.0
+- cloud.google.com/go/language: v1.8.0
+- cloud.google.com/go/lifesciences: v0.6.0
+- cloud.google.com/go/logging: v1.6.1
+- cloud.google.com/go/longrunning: v0.3.0
+- cloud.google.com/go/managedidentities: v1.4.0
+- cloud.google.com/go/maps: v0.1.0
+- cloud.google.com/go/mediatranslation: v0.6.0
+- cloud.google.com/go/memcache: v1.7.0
+- cloud.google.com/go/metastore: v1.8.0
+- cloud.google.com/go/monitoring: v1.8.0
+- cloud.google.com/go/networkconnectivity: v1.7.0
+- cloud.google.com/go/networkmanagement: v1.5.0
+- cloud.google.com/go/networksecurity: v0.6.0
+- cloud.google.com/go/notebooks: v1.5.0
+- cloud.google.com/go/optimization: v1.2.0
+- cloud.google.com/go/orchestration: v1.4.0
+- cloud.google.com/go/orgpolicy: v1.5.0
+- cloud.google.com/go/osconfig: v1.10.0
+- cloud.google.com/go/oslogin: v1.7.0
+- cloud.google.com/go/phishingprotection: v0.6.0
+- cloud.google.com/go/policytroubleshooter: v1.4.0
+- cloud.google.com/go/privatecatalog: v0.6.0
+- cloud.google.com/go/pubsub: v1.27.1
+- cloud.google.com/go/pubsublite: v1.5.0
+- cloud.google.com/go/recaptchaenterprise/v2: v2.5.0
+- cloud.google.com/go/recommendationengine: v0.6.0
+- cloud.google.com/go/recommender: v1.8.0
+- cloud.google.com/go/redis: v1.10.0
+- cloud.google.com/go/resourcemanager: v1.4.0
+- cloud.google.com/go/resourcesettings: v1.4.0
+- cloud.google.com/go/retail: v1.11.0
+- cloud.google.com/go/run: v0.3.0
+- cloud.google.com/go/scheduler: v1.7.0
+- cloud.google.com/go/secretmanager: v1.9.0
+- cloud.google.com/go/security: v1.10.0
+- cloud.google.com/go/securitycenter: v1.16.0
+- cloud.google.com/go/servicecontrol: v1.5.0
+- cloud.google.com/go/servicedirectory: v1.7.0
+- cloud.google.com/go/servicemanagement: v1.5.0
+- cloud.google.com/go/serviceusage: v1.4.0
+- cloud.google.com/go/shell: v1.4.0
+- cloud.google.com/go/spanner: v1.41.0
+- cloud.google.com/go/speech: v1.9.0
+- cloud.google.com/go/storage: v1.10.0
+- cloud.google.com/go/storagetransfer: v1.6.0
+- cloud.google.com/go/talent: v1.4.0
+- cloud.google.com/go/texttospeech: v1.5.0
+- cloud.google.com/go/tpu: v1.4.0
+- cloud.google.com/go/trace: v1.4.0
+- cloud.google.com/go/translate: v1.4.0
+- cloud.google.com/go/video: v1.9.0
+- cloud.google.com/go/videointelligence: v1.9.0
+- cloud.google.com/go/vision/v2: v2.5.0
+- cloud.google.com/go/vmmigration: v1.3.0
+- cloud.google.com/go/vmwareengine: v0.1.0
+- cloud.google.com/go/vpcaccess: v1.5.0
+- cloud.google.com/go/webrisk: v1.7.0
+- cloud.google.com/go/websecurityscanner: v1.4.0
+- cloud.google.com/go/workflows: v1.9.0
+- dmitri.shuralyov.com/gpu/mtl: 666a987
+- github.com/BurntSushi/xgb: [27f1227](https://github.com/BurntSushi/xgb/tree/27f1227)
+- github.com/OneOfOne/xxhash: [v1.2.2](https://github.com/OneOfOne/xxhash/tree/v1.2.2)
+- github.com/alecthomas/template: [fb15b89](https://github.com/alecthomas/template/tree/fb15b89)
+- github.com/buger/jsonparser: [v1.1.1](https://github.com/buger/jsonparser/tree/v1.1.1)
+- github.com/cespare/xxhash: [v1.1.0](https://github.com/cespare/xxhash/tree/v1.1.0)
+- github.com/docopt/docopt-go: [ee0de3b](https://github.com/docopt/docopt-go/tree/ee0de3b)
+- github.com/flowstack/go-jsonschema: [v0.1.1](https://github.com/flowstack/go-jsonschema/tree/v0.1.1)
+- github.com/go-gl/glfw/v3.3/glfw: [6f7a984](https://github.com/go-gl/glfw/v3.3/glfw/tree/6f7a984)
+- github.com/go-gl/glfw: [e6da0ac](https://github.com/go-gl/glfw/tree/e6da0ac)
+- github.com/go-kit/kit: [v0.9.0](https://github.com/go-kit/kit/tree/v0.9.0)
+- github.com/go-stack/stack: [v1.8.0](https://github.com/go-stack/stack/tree/v1.8.0)
+- github.com/google/martian/v3: [v3.0.0](https://github.com/google/martian/v3/tree/v3.0.0)
+- github.com/google/martian: [v2.1.0+incompatible](https://github.com/google/martian/tree/v2.1.0)
+- github.com/google/renameio: [v0.1.0](https://github.com/google/renameio/tree/v0.1.0)
+- github.com/googleapis/gax-go/v2: [v2.0.5](https://github.com/googleapis/gax-go/v2/tree/v2.0.5)
+- github.com/hashicorp/golang-lru: [v0.5.1](https://github.com/hashicorp/golang-lru/tree/v0.5.1)
+- github.com/jstemmer/go-junit-report: [v0.9.1](https://github.com/jstemmer/go-junit-report/tree/v0.9.1)
+- github.com/konsorten/go-windows-terminal-sequences: [v1.0.3](https://github.com/konsorten/go-windows-terminal-sequences/tree/v1.0.3)
+- github.com/kr/logfmt: [b84e30a](https://github.com/kr/logfmt/tree/b84e30a)
+- github.com/mitchellh/mapstructure: [v1.1.2](https://github.com/mitchellh/mapstructure/tree/v1.1.2)
+- github.com/sirupsen/logrus: [v1.6.0](https://github.com/sirupsen/logrus/tree/v1.6.0)
+- github.com/spaolacci/murmur3: [f09979e](https://github.com/spaolacci/murmur3/tree/f09979e)
+- github.com/stoewer/go-strcase: [v1.2.0](https://github.com/stoewer/go-strcase/tree/v1.2.0)
+- github.com/xeipuuv/gojsonpointer: [4e3ac27](https://github.com/xeipuuv/gojsonpointer/tree/4e3ac27)
+- github.com/xeipuuv/gojsonreference: [bd5ef7b](https://github.com/xeipuuv/gojsonreference/tree/bd5ef7b)
+- github.com/xeipuuv/gojsonschema: [v1.2.0](https://github.com/xeipuuv/gojsonschema/tree/v1.2.0)
+- go.opencensus.io: v0.22.4
+- golang.org/x/image: cff245a
+- golang.org/x/mobile: d2bd2a2
+- google.golang.org/api: v0.30.0
+- gopkg.in/alecthomas/kingpin.v2: v2.2.6
+- gopkg.in/errgo.v2: v2.1.0
+- gotest.tools/v3: v3.0.3
+- rsc.io/binaryregexp: v0.2.0
+- rsc.io/quote/v3: v3.1.0
+- rsc.io/sampler: v1.3.0
--- a/CHANGELOG/CHANGELOG-4.5.md
+++ b/CHANGELOG/CHANGELOG-4.5.md
@ -0,0 +1,96 @@
+# Release notes for v4.5.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.4.0
+
+## Changes by Kind
+
+### Uncategorized
+
+- CVE fixes:  CVE-2023-44487 ([#498](https://github.com/kubernetes-csi/external-attacher/pull/498), [@dannawang0221](https://github.com/dannawang0221))
+- Update kubernetes dependencies to v1.29.0 ([#519](https://github.com/kubernetes-csi/external-attacher/pull/519), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu))
+- Update kubernetes dependencies to v1.29.0-rc.1 ([#516](https://github.com/kubernetes-csi/external-attacher/pull/516), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu))
+
+## Dependencies
+
+### Added
+- github.com/gorilla/websocket: [v1.5.0](https://github.com/gorilla/websocket/tree/v1.5.0)
+- github.com/kubernetes-csi/csi-test/v5: [v5.2.0](https://github.com/kubernetes-csi/csi-test/v5/tree/v5.2.0)
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.44.0
+
+### Changed
+- cloud.google.com/go/compute: v1.19.1 → v1.23.0
+- github.com/container-storage-interface/spec: [v1.8.0 → v1.9.0](https://github.com/container-storage-interface/spec/compare/v1.8.0...v1.9.0)
+- github.com/emicklei/go-restful/v3: [v3.10.0 → v3.11.0](https://github.com/emicklei/go-restful/v3/compare/v3.10.0...v3.11.0)
+- github.com/envoyproxy/go-control-plane: [9239064 → v0.11.1](https://github.com/envoyproxy/go-control-plane/compare/9239064...v0.11.1)
+- github.com/envoyproxy/protoc-gen-validate: [v0.10.1 → v1.0.2](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.10.1...v1.0.2)
+- github.com/evanphx/json-patch: [v5.6.0+incompatible → v5.7.0+incompatible](https://github.com/evanphx/json-patch/compare/v5.6.0...v5.7.0)
+- github.com/go-logr/logr: [v1.2.4 → v1.3.0](https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0)
+- github.com/golang/glog: [v1.1.0 → v1.1.2](https://github.com/golang/glog/compare/v1.1.0...v1.1.2)
+- github.com/google/go-cmp: [v0.5.9 → v0.6.0](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)
+- github.com/google/uuid: [v1.3.0 → v1.4.0](https://github.com/google/uuid/compare/v1.3.0...v1.4.0)
+- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.7.0 → v2.16.0](https://github.com/grpc-ecosystem/grpc-gateway/v2/compare/v2.7.0...v2.16.0)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.14.0 → v0.17.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.14.0...v0.17.0)
+- github.com/onsi/ginkgo/v2: [v2.9.4 → v2.13.1](https://github.com/onsi/ginkgo/v2/compare/v2.9.4...v2.13.1)
+- github.com/onsi/gomega: [v1.27.6 → v1.30.0](https://github.com/onsi/gomega/compare/v1.27.6...v1.30.0)
+- github.com/stretchr/testify: [v1.8.2 → v1.8.4](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.4)
+- github.com/yuin/goldmark: [v1.3.5 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.3.5...v1.4.13)
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.1 → v0.44.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/metric: v0.31.0 → v1.19.0
+- go.opentelemetry.io/otel/sdk: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/trace: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel: v1.10.0 → v1.19.0
+- go.opentelemetry.io/proto/otlp: v0.19.0 → v1.0.0
+- golang.org/x/crypto: v0.11.0 → v0.15.0
+- golang.org/x/net: v0.13.0 → v0.18.0
+- golang.org/x/oauth2: v0.8.0 → v0.13.0
+- golang.org/x/sync: v0.2.0 → v0.4.0
+- golang.org/x/sys: v0.10.0 → v0.14.0
+- golang.org/x/term: v0.10.0 → v0.14.0
+- golang.org/x/text: v0.11.0 → v0.14.0
+- golang.org/x/tools: v0.8.0 → v0.14.0
+- google.golang.org/appengine: v1.6.7 → v1.6.8
+- google.golang.org/genproto/googleapis/api: dd9d682 → d307bd8
+- google.golang.org/genproto/googleapis/rpc: 28d5490 → bbf56f3
+- google.golang.org/genproto: 0005af6 → d783a09
+- google.golang.org/grpc: v1.57.0 → v1.60.1
+- google.golang.org/protobuf: v1.30.0 → v1.31.0
+- k8s.io/api: v0.28.1 → v0.29.0
+- k8s.io/apimachinery: v0.28.1 → v0.29.0
+- k8s.io/client-go: v0.28.1 → v0.29.0
+- k8s.io/component-base: v0.28.0 → v0.29.0
+- k8s.io/csi-translation-lib: v0.28.1 → v0.29.0
+- k8s.io/gengo: 485abfe → 9cce18d
+- k8s.io/klog/v2: v2.100.1 → v2.110.1
+- k8s.io/kube-openapi: 2695361 → 2dd684a
+- k8s.io/utils: d93618c → 3b25d92
+- sigs.k8s.io/structured-merge-diff/v4: v4.2.3 → v4.4.1
+
+### Removed
+- cloud.google.com/go: v0.34.0
+- github.com/BurntSushi/toml: [v0.3.1](https://github.com/BurntSushi/toml/tree/v0.3.1)
+- github.com/antihax/optional: [v1.0.0](https://github.com/antihax/optional/tree/v1.0.0)
+- github.com/chzyer/logex: [v1.1.10](https://github.com/chzyer/logex/tree/v1.1.10)
+- github.com/chzyer/readline: [2972be2](https://github.com/chzyer/readline/tree/2972be2)
+- github.com/chzyer/test: [a1ea475](https://github.com/chzyer/test/tree/a1ea475)
+- github.com/client9/misspell: [v0.3.4](https://github.com/client9/misspell/tree/v0.3.4)
+- github.com/fsnotify/fsnotify: [v1.4.9](https://github.com/fsnotify/fsnotify/tree/v1.4.9)
+- github.com/ghodss/yaml: [v1.0.0](https://github.com/ghodss/yaml/tree/v1.0.0)
+- github.com/google/gnostic: [v0.5.7-v3refs](https://github.com/google/gnostic/tree/v0.5.7-v3refs)
+- github.com/grpc-ecosystem/grpc-gateway: [v1.16.0](https://github.com/grpc-ecosystem/grpc-gateway/tree/v1.16.0)
+- github.com/hpcloud/tail: [v1.0.0](https://github.com/hpcloud/tail/tree/v1.0.0)
+- github.com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f)
+- github.com/kubernetes-csi/csi-test/v4: [v4.4.0](https://github.com/kubernetes-csi/csi-test/v4/tree/v4.4.0)
+- github.com/nxadm/tail: [v1.4.8](https://github.com/nxadm/tail/tree/v1.4.8)
+- github.com/onsi/ginkgo: [v1.16.5](https://github.com/onsi/ginkgo/tree/v1.16.5)
+- github.com/rogpeppe/fastuuid: [v1.2.0](https://github.com/rogpeppe/fastuuid/tree/v1.2.0)
+- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
+- go.uber.org/goleak: v1.2.1
+- golang.org/x/exp: 509febe
+- golang.org/x/lint: d0100b6
+- gopkg.in/fsnotify.v1: v1.4.7
+- gopkg.in/tomb.v1: dd63297
+- honnef.co/go/tools: ea95bdf
--- a/CHANGELOG/CHANGELOG-4.6.md
+++ b/CHANGELOG/CHANGELOG-4.6.md
@ -0,0 +1,100 @@
+# Release notes for v4.6.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.5.0
+
+## Changes by Kind
+
+### Feature
+
+- Added support for contextual logging. ([#549](https://github.com/kubernetes-csi/external-attacher/pull/549), [@bells17](https://github.com/bells17))
+- Updated Kubernetes deps to v1.30 ([#555](https://github.com/kubernetes-csi/external-attacher/pull/555), [@jsafrane](https://github.com/jsafrane))
+
+## Dependencies
+
+### Added
+- github.com/cpuguy83/go-md2man/v2: [v2.0.3](https://github.com/cpuguy83/go-md2man/v2/tree/v2.0.3)
+- github.com/fxamacker/cbor/v2: [v2.6.0](https://github.com/fxamacker/cbor/v2/tree/v2.6.0)
+- github.com/russross/blackfriday/v2: [v2.1.0](https://github.com/russross/blackfriday/v2/tree/v2.1.0)
+- github.com/x448/float16: [v0.8.4](https://github.com/x448/float16/tree/v0.8.4)
+- go.uber.org/goleak: v1.3.0
+- k8s.io/gengo/v2: 51d4e06
+
+### Changed
+- cloud.google.com/go/compute/metadata: v0.2.3 → v0.3.0
+- cloud.google.com/go/compute: v1.23.0 → v1.24.0
+- github.com/alecthomas/kingpin/v2: [v2.3.2 → v2.4.0](https://github.com/alecthomas/kingpin/v2/compare/v2.3.2...v2.4.0)
+- github.com/cespare/xxhash/v2: [v2.2.0 → v2.3.0](https://github.com/cespare/xxhash/v2/compare/v2.2.0...v2.3.0)
+- github.com/cncf/xds/go: [e9ce688 → 0fa0005](https://github.com/cncf/xds/go/compare/e9ce688...0fa0005)
+- github.com/emicklei/go-restful/v3: [v3.11.0 → v3.12.0](https://github.com/emicklei/go-restful/v3/compare/v3.11.0...v3.12.0)
+- github.com/envoyproxy/go-control-plane: [v0.11.1 → v0.12.0](https://github.com/envoyproxy/go-control-plane/compare/v0.11.1...v0.12.0)
+- github.com/envoyproxy/protoc-gen-validate: [v1.0.2 → v1.0.4](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.2...v1.0.4)
+- github.com/evanphx/json-patch: [v5.7.0+incompatible → v5.9.0+incompatible](https://github.com/evanphx/json-patch/compare/v5.7.0...v5.9.0)
+- github.com/go-logr/logr: [v1.3.0 → v1.4.1](https://github.com/go-logr/logr/compare/v1.3.0...v1.4.1)
+- github.com/go-logr/zapr: [v1.2.3 → v1.3.0](https://github.com/go-logr/zapr/compare/v1.2.3...v1.3.0)
+- github.com/go-openapi/jsonpointer: [v0.19.6 → v0.21.0](https://github.com/go-openapi/jsonpointer/compare/v0.19.6...v0.21.0)
+- github.com/go-openapi/jsonreference: [v0.20.2 → v0.21.0](https://github.com/go-openapi/jsonreference/compare/v0.20.2...v0.21.0)
+- github.com/go-openapi/swag: [v0.22.3 → v0.23.0](https://github.com/go-openapi/swag/compare/v0.22.3...v0.23.0)
+- github.com/golang/glog: [v1.1.2 → v1.2.0](https://github.com/golang/glog/compare/v1.1.2...v1.2.0)
+- github.com/golang/protobuf: [v1.5.3 → v1.5.4](https://github.com/golang/protobuf/compare/v1.5.3...v1.5.4)
+- github.com/google/uuid: [v1.4.0 → v1.6.0](https://github.com/google/uuid/compare/v1.4.0...v1.6.0)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.17.0 → v0.18.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.17.0...v0.18.0)
+- github.com/onsi/ginkgo/v2: [v2.13.1 → v2.15.0](https://github.com/onsi/ginkgo/v2/compare/v2.13.1...v2.15.0)
+- github.com/onsi/gomega: [v1.30.0 → v1.31.0](https://github.com/onsi/gomega/compare/v1.30.0...v1.31.0)
+- github.com/prometheus/client_golang: [v1.16.0 → v1.19.1](https://github.com/prometheus/client_golang/compare/v1.16.0...v1.19.1)
+- github.com/prometheus/client_model: [v0.4.0 → v0.6.1](https://github.com/prometheus/client_model/compare/v0.4.0...v0.6.1)
+- github.com/prometheus/common: [v0.44.0 → v0.53.0](https://github.com/prometheus/common/compare/v0.44.0...v0.53.0)
+- github.com/prometheus/procfs: [v0.10.1 → v0.14.0](https://github.com/prometheus/procfs/compare/v0.10.1...v0.14.0)
+- github.com/rogpeppe/go-internal: [v1.10.0 → v1.11.0](https://github.com/rogpeppe/go-internal/compare/v1.10.0...v1.11.0)
+- github.com/spf13/cobra: [v1.7.0 → v1.8.0](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0)
+- github.com/stretchr/objx: [v0.5.0 → v0.1.0](https://github.com/stretchr/objx/compare/v0.5.0...v0.1.0)
+- github.com/stretchr/testify: [v1.8.4 → v1.9.0](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)
+- github.com/yuin/goldmark: [v1.4.13 → v1.3.5](https://github.com/yuin/goldmark/compare/v1.4.13...v1.3.5)
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.44.0 → v0.51.0
+- go.opentelemetry.io/otel/metric: v1.19.0 → v1.26.0
+- go.opentelemetry.io/otel/trace: v1.19.0 → v1.26.0
+- go.opentelemetry.io/otel: v1.19.0 → v1.26.0
+- go.uber.org/zap: v1.19.0 → v1.27.0
+- golang.org/x/crypto: v0.15.0 → v0.23.0
+- golang.org/x/mod: v0.8.0 → v0.15.0
+- golang.org/x/net: v0.18.0 → v0.25.0
+- golang.org/x/oauth2: v0.13.0 → v0.20.0
+- golang.org/x/sync: v0.4.0 → v0.7.0
+- golang.org/x/sys: v0.14.0 → v0.20.0
+- golang.org/x/term: v0.14.0 → v0.20.0
+- golang.org/x/text: v0.14.0 → v0.15.0
+- golang.org/x/time: v0.3.0 → v0.5.0
+- golang.org/x/tools: v0.14.0 → v0.18.0
+- google.golang.org/genproto/googleapis/api: d307bd8 → 6ceb2ff
+- google.golang.org/genproto/googleapis/rpc: bbf56f3 → 6ceb2ff
+- google.golang.org/genproto: d783a09 → 6ceb2ff
+- google.golang.org/grpc: v1.60.1 → v1.63.2
+- google.golang.org/protobuf: v1.31.0 → v1.34.1
+- k8s.io/api: v0.29.0 → v0.30.0
+- k8s.io/apimachinery: v0.29.0 → v0.30.0
+- k8s.io/client-go: v0.29.0 → v0.30.0
+- k8s.io/component-base: v0.29.0 → v0.30.0
+- k8s.io/csi-translation-lib: v0.29.0 → v0.30.0
+- k8s.io/klog/v2: v2.110.1 → v2.120.1
+- k8s.io/kube-openapi: 2dd684a → 70dd376
+- sigs.k8s.io/yaml: v1.3.0 → v1.4.0
+
+### Removed
+- github.com/cncf/udpa/go: [c52dc94](https://github.com/cncf/udpa/go/tree/c52dc94)
+- github.com/creack/pty: [v1.1.9](https://github.com/creack/pty/tree/v1.1.9)
+- github.com/kr/pty: [v1.1.1](https://github.com/kr/pty/tree/v1.1.1)
+- go.uber.org/atomic: v1.10.0
+- k8s.io/gengo: 9cce18d
+com/ianlancetaylor/demangle: [28f6c0f](https://github.com/ianlancetaylor/demangle/tree/28f6c0f)
+- github.com/kubernetes-csi/csi-test/v4: [v4.4.0](https://github.com/kubernetes-csi/csi-test/v4/tree/v4.4.0)
+- github.com/nxadm/tail: [v1.4.8](https://github.com/nxadm/tail/tree/v1.4.8)
+- github.com/onsi/ginkgo: [v1.16.5](https://github.com/onsi/ginkgo/tree/v1.16.5)
+- github.com/rogpeppe/fastuuid: [v1.2.0](https://github.com/rogpeppe/fastuuid/tree/v1.2.0)
+- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0
+- go.uber.org/goleak: v1.2.1
+- golang.org/x/exp: 509febe
+- golang.org/x/lint: d0100b6
+- gopkg.in/fsnotify.v1: v1.4.7
+- gopkg.in/tomb.v1: dd63297
+- honnef.co/go/tools: ea95bdf
--- a/CHANGELOG/CHANGELOG-4.7.md
+++ b/CHANGELOG/CHANGELOG-4.7.md
@ -0,0 +1,86 @@
+# Release notes for v4.7.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.6.0
+
+## Changes by Kind
+
+### Bug or Regression
+
+- Fixed an issue where the attacher would see its context timeout on startup when calling the CSI driver. ([#561](https://github.com/kubernetes-csi/external-attacher/pull/561), [@Fricounet](https://github.com/Fricounet))
+
+### Other (Cleanup or Flake)
+
+- Update Kubernetes dependencies to 1.31.0 ([#577](https://github.com/kubernetes-csi/external-attacher/pull/577), [@dfajmon](https://github.com/dfajmon))
+- Updates Kubernetes dependencies to 1.31.0-rc.0 ([#573](https://github.com/kubernetes-csi/external-attacher/pull/573), [@dfajmon](https://github.com/dfajmon))
+
+## Dependencies
+
+### Added
+- cel.dev/expr: v0.15.0
+- github.com/go-task/slim-sprig/v3: [v3.0.0](https://github.com/go-task/slim-sprig/tree/v3.0.0)
+- github.com/klauspost/compress: [v1.17.9](https://github.com/klauspost/compress/tree/v1.17.9)
+- github.com/kylelemons/godebug: [v1.1.0](https://github.com/kylelemons/godebug/tree/v1.1.0)
+- gopkg.in/evanphx/json-patch.v4: v4.12.0
+
+### Changed
+- github.com/cenkalti/backoff/v4: [v4.2.1 → v4.3.0](https://github.com/cenkalti/backoff/compare/v4.2.1...v4.3.0)
+- github.com/cncf/xds/go: [8a4994d → 555b57e](https://github.com/cncf/xds/compare/8a4994d...555b57e)
+- github.com/container-storage-interface/spec: [v1.9.0 → v1.10.0](https://github.com/container-storage-interface/spec/compare/v1.9.0...v1.10.0)
+- github.com/cpuguy83/go-md2man/v2: [v2.0.3 → v2.0.4](https://github.com/cpuguy83/go-md2man/compare/v2.0.3...v2.0.4)
+- github.com/davecgh/go-spew: [v1.1.1 → d8f796a](https://github.com/davecgh/go-spew/compare/v1.1.1...d8f796a)
+- github.com/emicklei/go-restful/v3: [v3.12.0 → v3.12.1](https://github.com/emicklei/go-restful/compare/v3.12.0...v3.12.1)
+- github.com/felixge/httpsnoop: [v1.0.3 → v1.0.4](https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4)
+- github.com/fxamacker/cbor/v2: [v2.6.0 → v2.7.0](https://github.com/fxamacker/cbor/compare/v2.6.0...v2.7.0)
+- github.com/go-logr/logr: [v1.4.1 → v1.4.2](https://github.com/go-logr/logr/compare/v1.4.1...v1.4.2)
+- github.com/golang/glog: [v1.2.0 → v1.2.1](https://github.com/golang/glog/compare/v1.2.0...v1.2.1)
+- github.com/google/pprof: [4bb14d4 → 4bfdf5a](https://github.com/google/pprof/compare/4bb14d4...4bfdf5a)
+- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.16.0 → v2.20.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.16.0...v2.20.0)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.18.0 → v0.19.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.18.0...v0.19.0)
+- github.com/kubernetes-csi/csi-test/v5: [v5.2.0 → v5.3.0](https://github.com/kubernetes-csi/csi-test/compare/v5.2.0...v5.3.0)
+- github.com/moby/spdystream: [v0.2.0 → v0.4.0](https://github.com/moby/spdystream/compare/v0.2.0...v0.4.0)
+- github.com/moby/term: [1aeaba8 → v0.5.0](https://github.com/moby/term/compare/1aeaba8...v0.5.0)
+- github.com/onsi/ginkgo/v2: [v2.15.0 → v2.19.0](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.19.0)
+- github.com/onsi/gomega: [v1.31.0 → v1.33.1](https://github.com/onsi/gomega/compare/v1.31.0...v1.33.1)
+- github.com/pmezard/go-difflib: [v1.0.0 → 5d4384e](https://github.com/pmezard/go-difflib/compare/v1.0.0...5d4384e)
+- github.com/prometheus/client_golang: [v1.19.1 → v1.20.0](https://github.com/prometheus/client_golang/compare/v1.19.1...v1.20.0)
+- github.com/prometheus/common: [v0.53.0 → v0.55.0](https://github.com/prometheus/common/compare/v0.53.0...v0.55.0)
+- github.com/prometheus/procfs: [v0.15.0 → v0.15.1](https://github.com/prometheus/procfs/compare/v0.15.0...v0.15.1)
+- github.com/rogpeppe/go-internal: [v1.11.0 → v1.12.0](https://github.com/rogpeppe/go-internal/compare/v1.11.0...v1.12.0)
+- github.com/spf13/cobra: [v1.8.0 → v1.8.1](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1)
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.51.0 → v0.53.0
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.44.0 → v0.53.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.27.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.28.0
+- go.opentelemetry.io/otel/metric: v1.26.0 → v1.28.0
+- go.opentelemetry.io/otel/sdk: v1.19.0 → v1.28.0
+- go.opentelemetry.io/otel/trace: v1.26.0 → v1.28.0
+- go.opentelemetry.io/otel: v1.26.0 → v1.28.0
+- go.opentelemetry.io/proto/otlp: v1.0.0 → v1.3.1
+- golang.org/x/crypto: v0.23.0 → v0.26.0
+- golang.org/x/mod: v0.15.0 → v0.17.0
+- golang.org/x/net: v0.25.0 → v0.28.0
+- golang.org/x/oauth2: v0.20.0 → v0.22.0
+- golang.org/x/sync: v0.7.0 → v0.8.0
+- golang.org/x/sys: v0.20.0 → v0.24.0
+- golang.org/x/term: v0.20.0 → v0.23.0
+- golang.org/x/text: v0.15.0 → v0.17.0
+- golang.org/x/time: v0.5.0 → v0.6.0
+- golang.org/x/tools: v0.18.0 → e35e4cc
+- google.golang.org/genproto/googleapis/api: 94a12d6 → 5315273
+- google.golang.org/genproto/googleapis/rpc: 94a12d6 → f6361c8
+- google.golang.org/grpc: v1.64.0 → v1.65.0
+- google.golang.org/protobuf: v1.34.1 → v1.34.2
+- k8s.io/api: v0.30.0 → v0.31.0
+- k8s.io/apimachinery: v0.30.0 → v0.31.0
+- k8s.io/client-go: v0.30.0 → v0.31.0
+- k8s.io/component-base: v0.30.0 → v0.31.0
+- k8s.io/csi-translation-lib: v0.30.0 → v0.31.0
+- k8s.io/klog/v2: v2.120.1 → v2.130.1
+- k8s.io/utils: 3b25d92 → 18e509b
+
+### Removed
+- cloud.google.com/go/compute: v1.25.1
+- github.com/matttproud/golang_protobuf_extensions: [v1.0.4](https://github.com/matttproud/golang_protobuf_extensions/tree/v1.0.4)
+- google.golang.org/appengine: v1.6.8
--- a/CHANGELOG/CHANGELOG-4.8.md
+++ b/CHANGELOG/CHANGELOG-4.8.md
@ -0,0 +1,84 @@
+# Release notes for v4.8.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.7.0
+
+## Changes by Kind
+
+### Bug or Regression
+
+- Changing distroless image back to multiarch ([#267](https://github.com/kubernetes-csi/external-attacher/pull/267), [@namrata-ibm](https://github.com/namrata-ibm))
+
+### Other (Cleanup or Flake)
+
+- Update Kubernetes dependencies to 1.32.0 ([#613](https://github.com/kubernetes-csi/external-attacher/pull/613), [@dfajmon](https://github.com/dfajmon))
+
+## Dependencies
+
+### Added
+- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.24.2](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/tree/detectors/gcp/v1.24.2)
+- github.com/planetscale/vtprotobuf: [0393e58](https://github.com/planetscale/vtprotobuf/tree/0393e58)
+- go.opentelemetry.io/auto/sdk: v1.1.0
+- go.opentelemetry.io/contrib/detectors/gcp: v1.31.0
+- go.opentelemetry.io/otel/sdk/metric: v1.31.0
+
+### Changed
+- cel.dev/expr: v0.15.0 → v0.16.2
+- cloud.google.com/go/compute/metadata: v0.3.0 → v0.5.2
+- github.com/Azure/go-ansiterm: [d185dfc → 306776e](https://github.com/Azure/go-ansiterm/compare/d185dfc...306776e)
+- github.com/NYTimes/gziphandler: [56545f4 → v1.1.1](https://github.com/NYTimes/gziphandler/compare/56545f4...v1.1.1)
+- github.com/cncf/xds/go: [555b57e → b4127c9](https://github.com/cncf/xds/compare/555b57e...b4127c9)
+- github.com/container-storage-interface/spec: [v1.10.0 → v1.11.0](https://github.com/container-storage-interface/spec/compare/v1.10.0...v1.11.0)
+- github.com/envoyproxy/go-control-plane: [v0.12.0 → v0.13.1](https://github.com/envoyproxy/go-control-plane/compare/v0.12.0...v0.13.1)
+- github.com/envoyproxy/protoc-gen-validate: [v1.0.4 → v1.1.0](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.0.4...v1.1.0)
+- github.com/golang/glog: [v1.2.1 → v1.2.2](https://github.com/golang/glog/compare/v1.2.1...v1.2.2)
+- github.com/google/gnostic-models: [v0.6.8 → v0.6.9](https://github.com/google/gnostic-models/compare/v0.6.8...v0.6.9)
+- github.com/google/pprof: [4bfdf5a → d1b30fe](https://github.com/google/pprof/compare/4bfdf5a...d1b30fe)
+- github.com/gregjones/httpcache: [9cad4c3 → 901d907](https://github.com/gregjones/httpcache/compare/9cad4c3...901d907)
+- github.com/klauspost/compress: [v1.17.9 → v1.17.11](https://github.com/klauspost/compress/compare/v1.17.9...v1.17.11)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.19.0 → v0.20.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.19.0...v0.20.0)
+- github.com/kubernetes-csi/csi-test/v5: [v5.3.0 → v5.3.1](https://github.com/kubernetes-csi/csi-test/compare/v5.3.0...v5.3.1)
+- github.com/mailru/easyjson: [v0.7.7 → v0.9.0](https://github.com/mailru/easyjson/compare/v0.7.7...v0.9.0)
+- github.com/moby/spdystream: [v0.4.0 → v0.5.0](https://github.com/moby/spdystream/compare/v0.4.0...v0.5.0)
+- github.com/onsi/ginkgo/v2: [v2.19.0 → v2.21.0](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.21.0)
+- github.com/onsi/gomega: [v1.33.1 → v1.35.1](https://github.com/onsi/gomega/compare/v1.33.1...v1.35.1)
+- github.com/prometheus/client_golang: [v1.20.0 → v1.20.5](https://github.com/prometheus/client_golang/compare/v1.20.0...v1.20.5)
+- github.com/prometheus/common: [v0.55.0 → v0.61.0](https://github.com/prometheus/common/compare/v0.55.0...v0.61.0)
+- github.com/rogpeppe/go-internal: [v1.12.0 → v1.13.1](https://github.com/rogpeppe/go-internal/compare/v1.12.0...v1.13.1)
+- github.com/stretchr/testify: [v1.9.0 → v1.10.0](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0)
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.53.0 → v0.58.0
+- go.opentelemetry.io/otel/metric: v1.28.0 → v1.33.0
+- go.opentelemetry.io/otel/sdk: v1.28.0 → v1.31.0
+- go.opentelemetry.io/otel/trace: v1.28.0 → v1.33.0
+- go.opentelemetry.io/otel: v1.28.0 → v1.33.0
+- golang.org/x/crypto: v0.26.0 → v0.30.0
+- golang.org/x/mod: v0.17.0 → v0.20.0
+- golang.org/x/net: v0.28.0 → v0.32.0
+- golang.org/x/oauth2: v0.22.0 → v0.24.0
+- golang.org/x/sync: v0.8.0 → v0.10.0
+- golang.org/x/sys: v0.24.0 → v0.28.0
+- golang.org/x/term: v0.23.0 → v0.27.0
+- golang.org/x/text: v0.17.0 → v0.21.0
+- golang.org/x/time: v0.6.0 → v0.8.0
+- golang.org/x/tools: e35e4cc → v0.26.0
+- golang.org/x/xerrors: 04be3eb → 5ec99f8
+- google.golang.org/genproto/googleapis/api: 5315273 → 796eee8
+- google.golang.org/genproto/googleapis/rpc: f6361c8 → 9240e9c
+- google.golang.org/grpc: v1.65.0 → v1.69.0
+- google.golang.org/protobuf: v1.34.2 → v1.36.0
+- k8s.io/api: v0.31.0 → v0.32.0
+- k8s.io/apimachinery: v0.31.0 → v0.32.0
+- k8s.io/client-go: v0.31.0 → v0.32.0
+- k8s.io/component-base: v0.31.0 → v0.32.0
+- k8s.io/csi-translation-lib: v0.31.0 → v0.32.0
+- k8s.io/gengo/v2: 51d4e06 → a7b603a
+- k8s.io/kube-openapi: 70dd376 → 2c72e55
+- k8s.io/utils: 18e509b → 24370be
+- sigs.k8s.io/json: bc3834c → cfa47c3
+- sigs.k8s.io/structured-merge-diff/v4: v4.4.1 → v4.5.0
+
+### Removed
+- github.com/asaskevich/govalidator: [f61b66f](https://github.com/asaskevich/govalidator/tree/f61b66f)
+- github.com/golang/groupcache: [41bb18b](https://github.com/golang/groupcache/tree/41bb18b)
+- github.com/imdario/mergo: [v0.3.13](https://github.com/imdario/mergo/tree/v0.3.13)
--- a/CHANGELOG/CHANGELOG-4.9.md
+++ b/CHANGELOG/CHANGELOG-4.9.md
@ -0,0 +1,96 @@
+# Release notes for v4.9.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since v4.8.0
+
+## Changes by Kind
+
+### Feature
+
+- Add a new `--automaxprocs` flag to set the `GOMAXPROCS` environment variable to match the configured Linux container CPU quota. ([#650](https://github.com/kubernetes-csi/external-attacher/pull/650), [@nixpanic](https://github.com/nixpanic))
+- Serve additional leader election, work queue, process, and Go runtime metrics ([#630](https://github.com/kubernetes-csi/external-attacher/pull/630), [@AndrewSirenko](https://github.com/AndrewSirenko))
+
+### Bug or Regression
+
+- Fixed repeated call to ControllerUnpublishVolume by reordering its finalizer removal and marking VolumeAttachment as detached. The VolumeAttachment can now be deleted in the API server before it's marked as `attached: false`. ([#624](https://github.com/kubernetes-csi/external-attacher/pull/624), [@jsafrane](https://github.com/jsafrane))
+
+### Uncategorized
+
+- Update kubernetes dependencies to v1.33.0 ([#647](https://github.com/kubernetes-csi/external-attacher/pull/647), [@Aishwarya-Hebbar](https://github.com/Aishwarya-Hebbar))
+
+## Dependencies
+
+### Added
+- github.com/envoyproxy/go-control-plane/envoy: [v1.32.4](https://github.com/envoyproxy/go-control-plane/tree/envoy/v1.32.4)
+- github.com/envoyproxy/go-control-plane/ratelimit: [v0.1.0](https://github.com/envoyproxy/go-control-plane/tree/ratelimit/v0.1.0)
+- github.com/go-jose/go-jose/v4: [v4.0.4](https://github.com/go-jose/go-jose/tree/v4.0.4)
+- github.com/prashantv/gostub: [v1.1.0](https://github.com/prashantv/gostub/tree/v1.1.0)
+- github.com/spiffe/go-spiffe/v2: [v2.5.0](https://github.com/spiffe/go-spiffe/tree/v2.5.0)
+- github.com/zeebo/errs: [v1.4.0](https://github.com/zeebo/errs/tree/v1.4.0)
+- go.uber.org/automaxprocs: v1.6.0
+- sigs.k8s.io/randfill: v1.0.0
+
+### Changed
+- cel.dev/expr: v0.16.2 → v0.20.0
+- cloud.google.com/go/compute/metadata: v0.5.2 → v0.6.0
+- github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: [v1.24.2 → v1.26.0](https://github.com/GoogleCloudPlatform/opentelemetry-operations-go/compare/detectors/gcp/v1.24.2...detectors/gcp/v1.26.0)
+- github.com/cncf/xds/go: [b4127c9 → 2f00578](https://github.com/cncf/xds/compare/b4127c9...2f00578)
+- github.com/cpuguy83/go-md2man/v2: [v2.0.4 → v2.0.6](https://github.com/cpuguy83/go-md2man/compare/v2.0.4...v2.0.6)
+- github.com/emicklei/go-restful/v3: [v3.12.1 → v3.12.2](https://github.com/emicklei/go-restful/compare/v3.12.1...v3.12.2)
+- github.com/envoyproxy/go-control-plane: [v0.13.1 → v0.13.4](https://github.com/envoyproxy/go-control-plane/compare/v0.13.1...v0.13.4)
+- github.com/envoyproxy/protoc-gen-validate: [v1.1.0 → v1.2.1](https://github.com/envoyproxy/protoc-gen-validate/compare/v1.1.0...v1.2.1)
+- github.com/evanphx/json-patch: [v5.9.0+incompatible → v5.9.11+incompatible](https://github.com/evanphx/json-patch/compare/v5.9.0...v5.9.11)
+- github.com/fxamacker/cbor/v2: [v2.7.0 → v2.8.0](https://github.com/fxamacker/cbor/compare/v2.7.0...v2.8.0)
+- github.com/go-openapi/jsonpointer: [v0.21.0 → v0.21.1](https://github.com/go-openapi/jsonpointer/compare/v0.21.0...v0.21.1)
+- github.com/go-openapi/swag: [v0.23.0 → v0.23.1](https://github.com/go-openapi/swag/compare/v0.23.0...v0.23.1)
+- github.com/golang/glog: [v1.2.2 → v1.2.4](https://github.com/golang/glog/compare/v1.2.2...v1.2.4)
+- github.com/google/btree: [v1.0.1 → v1.1.3](https://github.com/google/btree/compare/v1.0.1...v1.1.3)
+- github.com/google/go-cmp: [v0.6.0 → v0.7.0](https://github.com/google/go-cmp/compare/v0.6.0...v0.7.0)
+- github.com/google/gofuzz: [v1.2.0 → v1.0.0](https://github.com/google/gofuzz/compare/v1.2.0...v1.0.0)
+- github.com/gorilla/websocket: [v1.5.0 → e064f32](https://github.com/gorilla/websocket/compare/v1.5.0...e064f32)
+- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.20.0 → v2.24.0](https://github.com/grpc-ecosystem/grpc-gateway/compare/v2.20.0...v2.24.0)
+- github.com/klauspost/compress: [v1.17.11 → v1.18.0](https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.20.0 → v0.22.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.20.0...v0.22.0)
+- github.com/prometheus/client_golang: [v1.20.5 → v1.22.0](https://github.com/prometheus/client_golang/compare/v1.20.5...v1.22.0)
+- github.com/prometheus/client_model: [v0.6.1 → v0.6.2](https://github.com/prometheus/client_model/compare/v0.6.1...v0.6.2)
+- github.com/prometheus/common: [v0.61.0 → v0.64.0](https://github.com/prometheus/common/compare/v0.61.0...v0.64.0)
+- github.com/prometheus/procfs: [v0.15.1 → v0.16.1](https://github.com/prometheus/procfs/compare/v0.15.1...v0.16.1)
+- github.com/spf13/cobra: [v1.8.1 → v1.9.1](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)
+- github.com/spf13/pflag: [v1.0.5 → v1.0.6](https://github.com/spf13/pflag/compare/v1.0.5...v1.0.6)
+- github.com/stretchr/objx: [v0.1.0 → v0.5.2](https://github.com/stretchr/objx/compare/v0.1.0...v0.5.2)
+- go.opentelemetry.io/contrib/detectors/gcp: v1.31.0 → v1.34.0
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.58.0 → v0.60.0
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.53.0 → v0.58.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.27.0 → v1.33.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.28.0 → v1.33.0
+- go.opentelemetry.io/otel/metric: v1.33.0 → v1.35.0
+- go.opentelemetry.io/otel/sdk/metric: v1.31.0 → v1.34.0
+- go.opentelemetry.io/otel/sdk: v1.31.0 → v1.34.0
+- go.opentelemetry.io/otel/trace: v1.33.0 → v1.35.0
+- go.opentelemetry.io/otel: v1.33.0 → v1.35.0
+- go.opentelemetry.io/proto/otlp: v1.3.1 → v1.4.0
+- golang.org/x/crypto: v0.30.0 → v0.38.0
+- golang.org/x/net: v0.32.0 → v0.40.0
+- golang.org/x/oauth2: v0.24.0 → v0.30.0
+- golang.org/x/sync: v0.10.0 → v0.14.0
+- golang.org/x/sys: v0.28.0 → v0.33.0
+- golang.org/x/term: v0.27.0 → v0.32.0
+- golang.org/x/text: v0.21.0 → v0.25.0
+- golang.org/x/time: v0.8.0 → v0.11.0
+- google.golang.org/genproto/googleapis/api: 796eee8 → 56aae31
+- google.golang.org/genproto/googleapis/rpc: 9240e9c → 56aae31
+- google.golang.org/grpc: v1.69.0 → v1.72.1
+- google.golang.org/protobuf: v1.36.0 → v1.36.6
+- k8s.io/api: v0.32.0 → v0.33.0
+- k8s.io/apimachinery: v0.32.0 → v0.33.0
+- k8s.io/client-go: v0.32.0 → v0.33.0
+- k8s.io/component-base: v0.32.0 → v0.33.0
+- k8s.io/csi-translation-lib: v0.32.0 → v0.33.0
+- k8s.io/kube-openapi: 2c72e55 → c8a335a
+- sigs.k8s.io/structured-merge-diff/v4: v4.5.0 → v4.7.0
+
+### Removed
+- github.com/census-instrumentation/opencensus-proto: [v0.4.1](https://github.com/census-instrumentation/opencensus-proto/tree/v0.4.1)
+- github.com/go-kit/log: [v0.2.1](https://github.com/go-kit/log/tree/v0.2.1)
+- github.com/go-logfmt/logfmt: [v0.5.1](https://github.com/go-logfmt/logfmt/tree/v0.5.1)
--- a/2
+++ b/2
@ -17,3 +17,5 @@ all: build

 include release-tools/build.make

+# Check contextual logging.
+test: test-logcheck
--- a/README.md
+++ b/README.md
@ -19,8 +19,8 @@ The external-attacher is an external controller that monitors `VolumeAttachment`
 This information reflects the head of this branch.

 | Compatible with CSI Version                                                                | Container Image                     | [Min K8s Version](https://kubernetes-csi.github.io/docs/kubernetes-compatibility.html#minimum-version) | [Recommended K8s Version](https://kubernetes-csi.github.io/docs/kubernetes-compatibility.html#recommended-version) |
-| ------------------------------------------------------------------------------------------ | ------------------------------------| ---- | ---- |
-| [CSI Spec v1.5.0](https://github.com/container-storage-interface/spec/releases/tag/v1.5.0) | k8s.gcr.io/sig-storage/csi-attacher | 1.17 | 1.22 |
+| ------------------------------------------------------------------------------------------ | -----------------------------------------| ---- | ---- |
+| [CSI Spec v1.5.0](https://github.com/container-storage-interface/spec/releases/tag/v1.5.0) | registry.k8s.io/sig-storage/csi-attacher | 1.17 | 1.22 |

 ## Feature Status

@ -63,6 +63,8 @@ Note that the external-attacher does not scale with more replicas. Only one exte

 * `--worker-threads`: The number of goroutines for processing VolumeAttachments. 10 workers is used by default.

+* `--max-entries`: The max number of entries per page for processing ListVolumes. 0 means no limit and it is the default value.
+
 * `--retry-interval-start`: The exponential backoff for failures. See [CSI error and timeout handling](#csi-error-and-timeout-handling) for details. 1 second is used by default.

 * `--retry-interval-max`: The exponential backoff maximum value. See [CSI error and timeout handling](#csi-error-and-timeout-handling) for details. 5 minutes is used by default.
@ -93,6 +95,8 @@ Note that the external-attacher does not scale with more replicas. Only one exte

 * `--resync <duration>`: Internal resync interval when the external-attacher re-evaluates all existing `VolumeAttachment` instances and tries to fulfill them, i.e. attach / detach corresponding volumes. It does not affect re-tries of failed CSI calls! It should be used only when there is a bug in Kubernetes watch logic.

+* `--automaxprocs`: Automatically set the `GOMAXPROCS` environment variable to match the configured Linux container CPU quota. Defaults to false.
+
 * `--version`: Prints current external-attacher version and quits.

 * All glog / klog arguments are supported, such as `-v <log level>` or `-alsologtostderr`.
--- a/cmd/csi-attacher/main.go
+++ b/cmd/csi-attacher/main.go
@ -22,13 +22,26 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"strings"
+	"sync"
 	"time"

+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/server"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	"k8s.io/client-go/util/workqueue"
+	utilflag "k8s.io/component-base/cli/flag"
+	"k8s.io/component-base/featuregate"
+	"k8s.io/component-base/logs"
+	logsapi "k8s.io/component-base/logs/api/v1"
+	_ "k8s.io/component-base/logs/json/register"
+	"k8s.io/component-base/metrics/legacyregistry"
+	_ "k8s.io/component-base/metrics/prometheus/clientgo/leaderelection" // register leader election in the default legacy registry
+	_ "k8s.io/component-base/metrics/prometheus/workqueue"               // register work queues in the default legacy registry
 	csitrans "k8s.io/csi-translation-lib"
 	"k8s.io/klog/v2"

@ -37,8 +50,10 @@ import (
 	"github.com/kubernetes-csi/csi-lib-utils/leaderelection"
 	"github.com/kubernetes-csi/csi-lib-utils/metrics"
 	"github.com/kubernetes-csi/csi-lib-utils/rpc"
+	"github.com/kubernetes-csi/csi-lib-utils/standardflags"
 	"github.com/kubernetes-csi/external-attacher/pkg/attacher"
 	"github.com/kubernetes-csi/external-attacher/pkg/controller"
+	"github.com/kubernetes-csi/external-attacher/pkg/features"
 	"google.golang.org/grpc"
 )

@ -56,6 +71,7 @@ var (
 	showVersion   = flag.Bool("version", false, "Show version.")
 	timeout       = flag.Duration("timeout", 15*time.Second, "Timeout for waiting for attaching or detaching the volume.")
 	workerThreads = flag.Uint("worker-threads", 10, "Number of attacher worker threads")
+	maxEntries    = flag.Int("max-entries", 0, "Max entries per each page in volume lister call, 0 means no limit.")

 	retryIntervalStart = flag.Duration("retry-interval-start", time.Second, "Initial retry interval of failed create volume or deletion. It doubles with each failure, up to retry-interval-max.")
 	retryIntervalMax   = flag.Duration("retry-interval-max", 5*time.Minute, "Maximum retry interval of failed create volume or deletion.")
@ -78,6 +94,8 @@ var (
 	kubeAPIBurst = flag.Int("kube-api-burst", 10, "Burst to use while communicating with the kubernetes apiserver. Defaults to 10.")

 	maxGRPCLogLength = flag.Int("max-grpc-log-length", -1, "The maximum amount of characters logged for every grpc responses. Defaults to no limit")
+
+	featureGates map[string]bool
 )

 var (
@ -85,19 +103,36 @@ var (
 )

 func main() {
-	klog.InitFlags(nil)
-	flag.Set("logtostderr", "true")
+	flag.Var(utilflag.NewMapStringBool(&featureGates), "feature-gates", "A set of key=value pairs that describe feature gates for alpha/experimental features. "+
+		"Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n"))
+
+	fg := featuregate.NewFeatureGate()
+	logsapi.AddFeatureGates(fg)
+	c := logsapi.NewLoggingConfiguration()
+	logsapi.AddGoFlags(c, flag.CommandLine)
+	logs.InitLogs()
+	standardflags.AddAutomaxprocs(klog.Infof)
 	flag.Parse()
+	logger := klog.Background()
+	if err := logsapi.ValidateAndApply(c, fg); err != nil {
+		logger.Error(err, "LoggingConfiguration is invalid")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
+	}
+
+	if err := utilfeature.DefaultMutableFeatureGate.SetFromMap(featureGates); err != nil {
+		logger.Error(err, "failed to store flag gates", "featureGates", featureGates)
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
+	}

 	if *showVersion {
 		fmt.Println(os.Args[0], version)
 		return
 	}
-	klog.Infof("Version: %s", version)
+	logger.Info("Version", "version", version)

 	if *metricsAddress != "" && *httpEndpoint != "" {
-		klog.Error("only one of `--metrics-address` and `--http-endpoint` can be set.")
-		os.Exit(1)
+		logger.Error(nil, "Only one of `--metrics-address` and `--http-endpoint` can be set")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 	addr := *metricsAddress
 	if addr == "" {
@ -107,21 +142,22 @@ func main() {
 	// Create the client config. Use kubeconfig if given, otherwise assume in-cluster.
 	config, err := buildConfig(*kubeconfig)
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to build a Kubernetes config")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 	config.QPS = (float32)(*kubeAPIQPS)
 	config.Burst = *kubeAPIBurst
+	config.ContentType = runtime.ContentTypeProtobuf

 	if *workerThreads == 0 {
-		klog.Error("option -worker-threads must be greater than zero")
-		os.Exit(1)
+		logger.Error(nil, "Option -worker-threads must be greater than zero")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}

 	clientset, err := kubernetes.NewForConfig(config)
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to create a Clientset")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}

 	factory := informers.NewSharedInformerFactory(clientset, *resync)
@ -130,64 +166,75 @@ func main() {

 	// Connect to CSI.
 	connection.SetMaxGRPCLogLength(*maxGRPCLogLength)
-	csiConn, err := connection.Connect(*csiAddress, metricsManager, connection.OnConnectionLoss(connection.ExitOnConnectionLoss()))
+	ctx := context.Background()
+	csiConn, err := connection.Connect(ctx, *csiAddress, metricsManager, connection.OnConnectionLoss(connection.ExitOnConnectionLoss()))
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to connect to the CSI driver", "csiAddress", *csiAddress)
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}

-	err = rpc.ProbeForever(csiConn, *timeout)
+	err = rpc.ProbeForever(ctx, csiConn, *timeout)
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to probe the CSI driver")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}

 	// Find driver name.
-	ctx, cancel := context.WithTimeout(context.Background(), csiTimeout)
+	cancelationCtx, cancel := context.WithTimeout(ctx, csiTimeout)
+	cancelationCtx = klog.NewContext(cancelationCtx, logger)
 	defer cancel()
-	csiAttacher, err := rpc.GetDriverName(ctx, csiConn)
+	csiAttacher, err := rpc.GetDriverName(cancelationCtx, csiConn)
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to get the CSI driver name")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
-	klog.V(2).Infof("CSI driver name: %q", csiAttacher)
+	logger = klog.LoggerWithValues(logger, "driver", csiAttacher)
+	logger.V(2).Info("CSI driver name")

 	translator := csitrans.New()
 	if translator.IsMigratedCSIDriverByName(csiAttacher) {
 		metricsManager = metrics.NewCSIMetricsManagerWithOptions(csiAttacher, metrics.WithMigration())
-		migratedCsiClient, err := connection.Connect(*csiAddress, metricsManager, connection.OnConnectionLoss(connection.ExitOnConnectionLoss()))
+		migratedCsiClient, err := connection.Connect(ctx, *csiAddress, metricsManager, connection.OnConnectionLoss(connection.ExitOnConnectionLoss()))
 		if err != nil {
-			klog.Error(err.Error())
-			os.Exit(1)
+			logger.Error(err, "Failed to connect to the CSI driver", "csiAddress", *csiAddress, "migrated", true)
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 		csiConn.Close()
 		csiConn = migratedCsiClient

-		err = rpc.ProbeForever(csiConn, *timeout)
+		err = rpc.ProbeForever(ctx, csiConn, *timeout)
 		if err != nil {
-			klog.Error(err.Error())
-			os.Exit(1)
+			logger.Error(err, "Failed to probe the CSI driver", "migrated", true)
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 	}

+	// Add default legacy registry so that metrics manager serves Go runtime and process metrics.
+	// Also registers the `k8s.io/component-base/` work queue and leader election metrics we anonymously import.
+	metricsManager.WithAdditionalRegistry(legacyregistry.DefaultGatherer)
+
 	// Prepare http endpoint for metrics + leader election healthz
 	mux := http.NewServeMux()
 	if addr != "" {
 		metricsManager.RegisterToServer(mux, *metricsPath)
 		metricsManager.SetDriverName(csiAttacher)
 		go func() {
-			klog.Infof("ServeMux listening at %q", addr)
+			logger.Info("ServeMux listening", "address", addr, "metricsPath", *metricsPath)
 			err := http.ListenAndServe(addr, mux)
 			if err != nil {
-				klog.Fatalf("Failed to start HTTP server at specified address (%q) and metrics path (%q): %s", addr, *metricsPath, err)
+				logger.Error(err, "Failed to start HTTP server at specified address and metrics path", "address", addr, "metricsPath", *metricsPath)
+				klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 			}
 		}()
 	}

-	supportsService, err := supportsPluginControllerService(ctx, csiConn)
+	cancelationCtx, cancel = context.WithTimeout(ctx, csiTimeout)
+	cancelationCtx = klog.NewContext(cancelationCtx, logger)
+	defer cancel()
+	supportsService, err := supportsPluginControllerService(cancelationCtx, csiConn)
 	if err != nil {
-		klog.Error(err.Error())
-		os.Exit(1)
+		logger.Error(err, "Failed to check if the CSI Driver supports the CONTROLLER_SERVICE")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}

 	var (
@ -198,12 +245,12 @@ func main() {
 	)
 	if !supportsService {
 		handler = controller.NewTrivialHandler(clientset)
-		klog.V(2).Infof("CSI driver does not support Plugin Controller Service, using trivial handler")
+		logger.V(2).Info("CSI driver does not support Plugin Controller Service, using trivial handler")
 	} else {
-		supportsAttach, supportsReadOnly, supportsListVolumesPublishedNodes, supportsSingleNodeMultiWriter, err = supportsControllerCapabilities(ctx, csiConn)
+		supportsAttach, supportsReadOnly, supportsListVolumesPublishedNodes, supportsSingleNodeMultiWriter, err = supportsControllerCapabilities(cancelationCtx, csiConn)
 		if err != nil {
-			klog.Error(err.Error())
-			os.Exit(1)
+			logger.Error(err, "Failed to controller capability check")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}

 		if supportsAttach {
@ -211,7 +258,7 @@ func main() {
 			vaLister := factory.Storage().V1().VolumeAttachments().Lister()
 			csiNodeLister := factory.Storage().V1().CSINodes().Lister()
 			volAttacher := attacher.NewAttacher(csiConn)
-			CSIVolumeLister := attacher.NewVolumeLister(csiConn)
+			CSIVolumeLister := attacher.NewVolumeLister(csiConn, *maxEntries)
 			handler = controller.NewCSIHandler(
 				clientset,
 				csiAttacher,
@ -226,44 +273,75 @@ func main() {
 				csitrans.New(),
 				*defaultFSType,
 			)
-			klog.V(2).Infof("CSI driver supports ControllerPublishUnpublish, using real CSI handler")
+			logger.V(2).Info("CSI driver supports ControllerPublishUnpublish, using real CSI handler")
 		} else {
 			handler = controller.NewTrivialHandler(clientset)
-			klog.V(2).Infof("CSI driver does not support ControllerPublishUnpublish, using trivial handler")
+			logger.V(2).Info("CSI driver does not support ControllerPublishUnpublish, using trivial handler")
 		}
 	}

 	if supportsListVolumesPublishedNodes {
-		klog.V(2).Infof("CSI driver supports list volumes published nodes. Using capability to reconcile volume attachment objects with actual backend state")
+		logger.V(2).Info("CSI driver supports list volumes published nodes. Using capability to reconcile volume attachment objects with actual backend state")
 	}

 	ctrl := controller.NewCSIAttachController(
+		logger,
 		clientset,
 		csiAttacher,
 		handler,
 		factory.Storage().V1().VolumeAttachments(),
 		factory.Core().V1().PersistentVolumes(),
-		workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax),
-		workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax),
+		workqueue.NewTypedItemExponentialFailureRateLimiter[string](*retryIntervalStart, *retryIntervalMax),
+		workqueue.NewTypedItemExponentialFailureRateLimiter[string](*retryIntervalStart, *retryIntervalMax),
 		supportsListVolumesPublishedNodes,
 		*reconcileSync,
 	)
+	// handle SIGTERM and SIGINT by cancelling the context.
+	var (
+		terminate       func()          // called when all controllers are finished
+		controllerCtx   context.Context // shuts down all controllers on a signal
+		shutdownHandler <-chan struct{} // called when the signal is received
+	)
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.ReleaseLeaderElectionOnExit) {
+		ctx, terminate = context.WithCancel(ctx) // shuts down the whole process, incl. leader election
+		var cancelControllerCtx context.CancelFunc
+		controllerCtx, cancelControllerCtx = context.WithCancel(ctx)
+		shutdownHandler = server.SetupSignalHandler()
+
+		defer terminate()
+
+		go func() {
+			defer cancelControllerCtx()
+			<-shutdownHandler
+			logger.Info("Received SIGTERM or SIGINT signal, shutting down controller.")
+		}()
+	}

 	run := func(ctx context.Context) {
-		stopCh := ctx.Done()
-		factory.Start(stopCh)
-		ctrl.Run(int(*workerThreads), stopCh)
+		if utilfeature.DefaultFeatureGate.Enabled(features.ReleaseLeaderElectionOnExit) {
+			var wg sync.WaitGroup
+			factory.Start(shutdownHandler)
+			ctrl.Run(controllerCtx, int(*workerThreads), &wg)
+			wg.Wait()
+			terminate()
+		} else {
+			stopCh := ctx.Done()
+			factory.Start(stopCh)
+			ctrl.Run(ctx, int(*workerThreads), nil)
+		}
 	}

 	if !*enableLeaderElection {
-		run(context.TODO())
+		run(klog.NewContext(context.Background(), logger))
 	} else {
 		// Create a new clientset for leader election. When the attacher
 		// gets busy and its client gets throttled, the leader election
 		// can proceed without issues.
 		leClientset, err := kubernetes.NewForConfig(config)
 		if err != nil {
-			klog.Fatalf("Failed to create leaderelection client: %v", err)
+			logger.Error(err, "Failed to create leaderelection client")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}

 		// Name of config map with leader election lock
@ -280,9 +358,14 @@ func main() {
 		le.WithLeaseDuration(*leaderElectionLeaseDuration)
 		le.WithRenewDeadline(*leaderElectionRenewDeadline)
 		le.WithRetryPeriod(*leaderElectionRetryPeriod)
+		if utilfeature.DefaultFeatureGate.Enabled(features.ReleaseLeaderElectionOnExit) {
+			le.WithReleaseOnCancel(true)
+			le.WithContext(ctx)
+		}

 		if err := le.Run(); err != nil {
-			klog.Fatalf("failed to initialize leader election: %v", err)
+			logger.Error(err, "Failed to initialize leader election")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 	}
 }
--- a/go.mod
+++ b/go.mod
@ -1,68 +1,118 @@
 module github.com/kubernetes-csi/external-attacher

-go 1.20
+go 1.24.0
+
+toolchain go1.24.2

 require (
-	github.com/container-storage-interface/spec v1.8.0
-	github.com/davecgh/go-spew v1.1.1
-	github.com/evanphx/json-patch v5.6.0+incompatible
+	github.com/container-storage-interface/spec v1.11.0
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
+	github.com/evanphx/json-patch v5.9.11+incompatible
 	github.com/golang/mock v1.6.0
-	github.com/golang/protobuf v1.5.3
-	github.com/kubernetes-csi/csi-lib-utils v0.13.0
-	github.com/kubernetes-csi/csi-test/v4 v4.4.0
-	google.golang.org/grpc v1.54.0
-	k8s.io/api v0.27.1
-	k8s.io/apimachinery v0.27.1
-	k8s.io/client-go v0.27.1
-	k8s.io/csi-translation-lib v0.27.1
-	k8s.io/klog/v2 v2.90.1
+	github.com/kubernetes-csi/csi-lib-utils v0.22.0
+	github.com/kubernetes-csi/csi-test/v5 v5.3.1
+	google.golang.org/grpc v1.72.1
+	google.golang.org/protobuf v1.36.6
+	k8s.io/api v0.33.3
+	k8s.io/apimachinery v0.33.3
+	k8s.io/apiserver v0.33.3
+	k8s.io/client-go v0.33.3
+	k8s.io/component-base v0.33.3
+	k8s.io/csi-translation-lib v0.33.0
+	k8s.io/klog/v2 v2.130.1
 )

 require (
+	cel.dev/expr v0.20.0 // indirect
+	github.com/NYTimes/gziphandler v1.1.1 // indirect
+	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
+	github.com/coreos/go-semver v0.3.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-logr/zapr v1.3.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.1 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/google/gnostic v0.6.9 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/cel-go v0.23.2 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
-	github.com/prometheus/common v0.37.0 // indirect
-	github.com/prometheus/procfs v0.8.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/oauth2 v0.4.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/time v0.2.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	github.com/prometheus/client_golang v1.22.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.64.0 // indirect
+	github.com/prometheus/procfs v0.16.1 // indirect
+	github.com/spf13/cobra v1.9.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.21 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.21 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.21 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
+	go.opentelemetry.io/otel v1.35.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.35.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.35.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
+	go.uber.org/automaxprocs v1.6.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	go.yaml.in/yaml/v2 v2.4.2 // indirect
+	golang.org/x/crypto v0.38.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/net v0.40.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
+	golang.org/x/text v0.25.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/component-base v0.26.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect
-	k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	k8s.io/utils v0.0.0-20241210054802-24370beab758 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.7.0 // indirect
+	sigs.k8s.io/yaml v1.6.0 // indirect
 )
+
+replace k8s.io/api => k8s.io/api v0.33.0
+
+replace k8s.io/apimachinery => k8s.io/apimachinery v0.33.0
+
+replace k8s.io/client-go => k8s.io/client-go v0.33.0
+
+replace k8s.io/component-base => k8s.io/component-base v0.33.0
+
+replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.33.0
--- a/go.sum
+++ b/go.sum
@ -1,682 +1,324 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI=
+cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
+github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
+github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
+github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
-github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
-github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/container-storage-interface/spec v1.6.0/go.mod h1:8K96oQNkJ7pFcC2R9Z1ynGGBB1I93kcS6PGg3SsOk8s=
-github.com/container-storage-interface/spec v1.8.0 h1:D0vhF3PLIZwlwZEf2eNbpujGCNwspwTYf2idJRJx4xI=
-github.com/container-storage-interface/spec v1.8.0/go.mod h1:ROLik+GhPslwwWRNFF1KasPzroNARibH2rfz1rkg4H0=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/container-storage-interface/spec v1.11.0 h1:H/YKTOeUZwHtyPOr9raR+HgFmGluGCklulxDYxSdVNM=
+github.com/container-storage-interface/spec v1.11.0/go.mod h1:DtUvaQszPml1YJfIK7c00mlv6/g4wNMLanLgiUbKFRI=
+github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
+github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
-github.com/emicklei/go-restful/v3 v3.10.0 h1:X4gma4HM7hFm6WMeAsTfqA0GOfdNoCzBIkHGoRLGXuM=
-github.com/emicklei/go-restful/v3 v3.10.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
-github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8=
-github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
+github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/evanphx/json-patch v5.9.11+incompatible h1:ixHHqfcGvxhWkniF1tWxBHA0yb4Z+d1UQi45df52xW8=
+github.com/evanphx/json-patch v5.9.11+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
+github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
+github.com/go-openapi/jsonpointer v0.21.1 h1:whnzv/pNXtK2FbX/W9yJfRmE2gsmkfahjMKB0fZvcic=
+github.com/go-openapi/jsonpointer v0.21.1/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU=
+github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0=
-github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/cel-go v0.23.2 h1:UdEe3CvQh3Nv+E/j9r1Y//WO0K0cSyD7/y0bzyLIMI4=
+github.com/google/cel-go v0.23.2/go.mod h1:52Pb6QsDbC5kvgxvZhiL9QX1oZEkcUF/ZqaPx1J5Wwo=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
+github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw=
+github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=
+github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kubernetes-csi/csi-lib-utils v0.13.0 h1:QrTdZVZbHlaSUBN9ReayBPnnF1N0edFIpUKBwVIBW3w=
-github.com/kubernetes-csi/csi-lib-utils v0.13.0/go.mod h1:JS9eDIZmSjx4F9o0bLTVK/qfhIIOifdjEfVXzxWapfE=
-github.com/kubernetes-csi/csi-test/v4 v4.4.0 h1:r0mnAwDURI24Vw3a/LyA/ga11yD5ZGuU7+REO35Na9s=
-github.com/kubernetes-csi/csi-test/v4 v4.4.0/go.mod h1:t1RzseMZJKy313nezI/d7TolbbiKpUZM3SXQvXxOX0w=
-github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
-github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/kubernetes-csi/csi-lib-utils v0.22.0 h1:EUAs1+uHGps3OtVj4XVx16urhpI02eu+Z8Vps6plpHY=
+github.com/kubernetes-csi/csi-lib-utils v0.22.0/go.mod h1:f+PalKyS4Ujsjb9+m6Rj0W6c28y3nfea3paQ/VqjI28=
+github.com/kubernetes-csi/csi-test/v5 v5.3.1 h1:Wiukp1In+kif+BFo6q2ExjgB+MbrAz4jZWzGfijypuY=
+github.com/kubernetes-csi/csi-test/v5 v5.3.1/go.mod h1:7hA2cSYJ6T8CraEZPA6zqkLZwemjBD54XAnPsPC3VpA=
+github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
+github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
-github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
-github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk=
-github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
-github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
+github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
+github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
+github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.64.0 h1:pdZeA+g617P7oGv1CzdTzyeShxAGrTBsolKNOLQPGO4=
+github.com/prometheus/common v0.64.0/go.mod h1:0gZns+BLRQ3V6NdaerOhMbwwRbNh9hkGINtQAsP5GS8=
+github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
+github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
+github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
+github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
-github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
-github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
+github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk=
+github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
+go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
+go.etcd.io/etcd/api/v3 v3.5.21 h1:A6O2/JDb3tvHhiIz3xf9nJ7REHvtEFJJ3veW3FbCnS8=
+go.etcd.io/etcd/api/v3 v3.5.21/go.mod h1:c3aH5wcvXv/9dqIw2Y810LDXJfhSYdHQ0vxmP3CCHVY=
+go.etcd.io/etcd/client/pkg/v3 v3.5.21 h1:lPBu71Y7osQmzlflM9OfeIV2JlmpBjqBNlLtcoBqUTc=
+go.etcd.io/etcd/client/pkg/v3 v3.5.21/go.mod h1:BgqT/IXPjK9NkeSDjbzwsHySX3yIle2+ndz28nVsjUs=
+go.etcd.io/etcd/client/v2 v2.305.21 h1:eLiFfexc2mE+pTLz9WwnoEsX5JTTpLCYVivKkmVXIRA=
+go.etcd.io/etcd/client/v2 v2.305.21/go.mod h1:OKkn4hlYNf43hpjEM3Ke3aRdUkhSl8xjKjSf8eCq2J8=
+go.etcd.io/etcd/client/v3 v3.5.21 h1:T6b1Ow6fNjOLOtM0xSoKNQt1ASPCLWrF9XMHcH9pEyY=
+go.etcd.io/etcd/client/v3 v3.5.21/go.mod h1:mFYy67IOqmbRf/kRUvsHixzo3iG+1OF2W2+jVIQRAnU=
+go.etcd.io/etcd/pkg/v3 v3.5.21 h1:jUItxeKyrDuVuWhdh0HtjUANwyuzcb7/FAeUfABmQsk=
+go.etcd.io/etcd/pkg/v3 v3.5.21/go.mod h1:wpZx8Egv1g4y+N7JAsqi2zoUiBIUWznLjqJbylDjWgU=
+go.etcd.io/etcd/raft/v3 v3.5.21 h1:dOmE0mT55dIUsX77TKBLq+RgyumsQuYeiRQnW/ylugk=
+go.etcd.io/etcd/raft/v3 v3.5.21/go.mod h1:fmcuY5R2SNkklU4+fKVBQi2biVp5vafMrWUEj4TJ4Cs=
+go.etcd.io/etcd/server/v3 v3.5.21 h1:9w0/k12majtgarGmlMVuhwXRI2ob3/d1Ik3X5TKo0yU=
+go.etcd.io/etcd/server/v3 v3.5.21/go.mod h1:G1mOzdwuzKT1VRL7SqRchli/qcFrtLBTAQ4lV20sXXo=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 h1:x7wzEgXfnzJcHDwStJT+mxOz4etr2EcexjqhBvmoakw=
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
+go.opentelemetry.io/otel v1.35.0 h1:xKWKPxrxB6OtMCbmMY021CqC45J+3Onta9MqjhnusiQ=
+go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA=
+go.opentelemetry.io/otel/metric v1.35.0 h1:0znxYu2SNyuMSQT4Y9WDWej0VpcsxkuklLa4/siN90M=
+go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE=
+go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
+go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
+go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
+go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
+go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg=
+go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
+go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
+go.yaml.in/yaml/v3 v3.0.3 h1:bXOww4E/J3f66rav3pX3m8w6jDE4knZjGOw8b5Y6iNE=
+go.yaml.in/yaml/v3 v3.0.3/go.mod h1:tBHosrYAkRZjRAOREWbDnBXUf08JOwYq++0QNwQiWzI=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
+golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.4.0 h1:NF0gk8LVPg1Ml7SSbGyySuoxdsXitj7TvgvuRxIMc/M=
-golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
+golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
+golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
+golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.2.0 h1:52I/1L54xyEQAYdtcSuxtiT84KGYTBGXwayxmIpNJhE=
-golang.org/x/time v0.2.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
+golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
+golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201209185603-f92720507ed4/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
-google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
-google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
-google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a h1:nwKuGPlUAt+aR+pcrkfFRrTU1BVrSmYyYMxYbUIVHr0=
+google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a h1:51aaUVRocpvUOSQKM6Q7VuoaktNIaMCLuhZB6DKksq4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a/go.mod h1:uRxBH1mhmO8PGhU89cMcHaXKZqO+OfakD8QQO0oYwlQ=
+google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
+google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
+gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.27.1 h1:Z6zUGQ1Vd10tJ+gHcNNNgkV5emCyW+v2XTmn+CLjSd0=
-k8s.io/api v0.27.1/go.mod h1:z5g/BpAiD+f6AArpqNjkY+cji8ueZDU/WV1jcj5Jk4E=
-k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc=
-k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM=
-k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8=
-k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA=
-k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs=
-k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8=
-k8s.io/csi-translation-lib v0.27.1 h1:D9Hw2iBZzFPriFH0FDyUFdfflYAW6S032P6Yps9sKq8=
-k8s.io/csi-translation-lib v0.27.1/go.mod h1:MyBDHVDz24OOSc4FdmSZA2nkfNu+Ysu8BqjdOAcKoT8=
-k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw=
-k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg=
-k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY=
-k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
-sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
+k8s.io/api v0.33.0 h1:yTgZVn1XEe6opVpP1FylmNrIFWuDqe2H0V8CT5gxfIU=
+k8s.io/api v0.33.0/go.mod h1:CTO61ECK/KU7haa3qq8sarQ0biLq2ju405IZAd9zsiM=
+k8s.io/apimachinery v0.33.0 h1:1a6kHrJxb2hs4t8EE5wuR/WxKDwGN1FKH3JvDtA0CIQ=
+k8s.io/apimachinery v0.33.0/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4=
+k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E=
+k8s.io/client-go v0.33.0 h1:UASR0sAYVUzs2kYuKn/ZakZlcs2bEHaizrrHUZg0G98=
+k8s.io/client-go v0.33.0/go.mod h1:kGkd+l/gNGg8GYWAPr0xF1rRKvVWvzh9vmZAMXtaKOg=
+k8s.io/component-base v0.33.0 h1:Ot4PyJI+0JAD9covDhwLp9UNkUja209OzsJ4FzScBNk=
+k8s.io/component-base v0.33.0/go.mod h1:aXYZLbw3kihdkOPMDhWbjGCO6sg+luw554KP51t8qCU=
+k8s.io/csi-translation-lib v0.33.0 h1:kW3xVPCTXmHmK5v/8PEVZCUZSdNRndiQat0SbN31qEM=
+k8s.io/csi-translation-lib v0.33.0/go.mod h1:Ldx85t1WxFStKQ2p5Xaimv39IkTc7/m8yNMkt8MlyoQ=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0 h1:qPrZsv1cwQiFeieFlRqT627fVZ+tyfou/+S5S0H5ua0=
+sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
+sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
+sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
+sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
+sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
--- a/pkg/attacher/attacher.go
+++ b/pkg/attacher/attacher.go
@ -40,8 +40,7 @@ type Attacher interface {
 }

 type attacher struct {
-	client       csi.ControllerClient
-	capabilities []csi.ControllerServiceCapability
+	client csi.ControllerClient
 }

 var (
--- a/pkg/attacher/attacher_test.go
+++ b/pkg/attacher/attacher_test.go
@ -19,7 +19,6 @@ package attacher
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@ -27,20 +26,20 @@ import (

 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"github.com/golang/mock/gomock"
-	"github.com/golang/protobuf/proto"
 	"github.com/kubernetes-csi/csi-lib-utils/connection"
 	"github.com/kubernetes-csi/csi-lib-utils/metrics"
-	"github.com/kubernetes-csi/csi-test/v4/driver"
+	"github.com/kubernetes-csi/csi-test/v5/driver"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"google.golang.org/protobuf/proto"
 )

 type pbMatcher struct {
 	x proto.Message
 }

-func (p pbMatcher) Matches(x interface{}) bool {
+func (p pbMatcher) Matches(x any) bool {
 	y := x.(proto.Message)
 	return proto.Equal(p.x, y)
 }
@ -49,13 +48,13 @@ func (p pbMatcher) String() string {
 	return fmt.Sprintf("pb equal to %v", p.x)
 }

-func pbMatch(x interface{}) gomock.Matcher {
+func pbMatch(x any) gomock.Matcher {
 	v := x.(proto.Message)
 	return &pbMatcher{v}
 }

 func tempDir(t *testing.T) string {
-	dir, err := ioutil.TempDir("", "external-attacher-test-")
+	dir, err := os.MkdirTemp("", "external-attacher-test-")
 	if err != nil {
 		t.Fatalf("Cannot create temporary directory: %s", err)
 	}
@ -77,7 +76,8 @@ func createMockServer(t *testing.T, tmpdir string) (*gomock.Controller, *driver.
 	// Create a client connection to it
 	addr := drv.Address()
 	t.Logf("adds: %s", addr)
-	csiConn, err := connection.Connect(addr, metricsManager)
+	ctx := context.Background()
+	csiConn, err := connection.Connect(ctx, addr, metricsManager)
 	if err != nil {
 		return nil, nil, nil, nil, nil, err
 	}
--- a/pkg/attacher/lister.go
+++ b/pkg/attacher/lister.go
@ -26,13 +26,15 @@ import (
 )

 type CSIVolumeLister struct {
-	client csi.ControllerClient
+	client     csi.ControllerClient
+	maxEntries int32
 }

 // NewVolumeLister provides a new VolumeLister object.
-func NewVolumeLister(conn *grpc.ClientConn) *CSIVolumeLister {
+func NewVolumeLister(conn *grpc.ClientConn, maxEntries int) *CSIVolumeLister {
 	return &CSIVolumeLister{
-		client: csi.NewControllerClient(conn),
+		client:     csi.NewControllerClient(conn),
+		maxEntries: int32(maxEntries),
 	}
 }

@ -43,13 +45,18 @@ func (a *CSIVolumeLister) ListVolumes(ctx context.Context) (map[string]([]string
 	for {
 		rsp, err := a.client.ListVolumes(ctx, &csi.ListVolumesRequest{
 			StartingToken: tok,
+			MaxEntries:    a.maxEntries,
 		})
 		if err != nil {
 			return nil, fmt.Errorf("failed to list volumes: %v", err)
 		}

 		for _, e := range rsp.Entries {
-			p[e.GetVolume().VolumeId] = e.Status.PublishedNodeIds
+			if e.GetVolume() == nil || e.GetStatus() == nil {
+				continue
+			}
+
+			p[e.GetVolume().VolumeId] = e.GetStatus().GetPublishedNodeIds()
 		}
 		tok = rsp.NextToken

--- a/pkg/controller/controller.go
+++ b/pkg/controller/controller.go
@ -17,24 +17,24 @@ limitations under the License.
 package controller

 import (
-	"fmt"
+	"context"
+	"sync"
 	"time"

+	"github.com/kubernetes-csi/external-attacher/pkg/features"
 	v1 "k8s.io/api/core/v1"
 	storage "k8s.io/api/storage/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
 	apierrs "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	coreinformers "k8s.io/client-go/informers/core/v1"
 	storageinformers "k8s.io/client-go/informers/storage/v1"
 	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/kubernetes/scheme"
-	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 	corelisters "k8s.io/client-go/listers/core/v1"
 	storagelisters "k8s.io/client-go/listers/storage/v1"
 	"k8s.io/client-go/tools/cache"
-	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/workqueue"
 	csitrans "k8s.io/csi-translation-lib"
 	"k8s.io/klog/v2"
@ -46,12 +46,11 @@ const (

 // CSIAttachController is a controller that attaches / detaches CSI volumes using provided Handler interface
 type CSIAttachController struct {
-	client        kubernetes.Interface
-	attacherName  string
-	handler       Handler
-	eventRecorder record.EventRecorder
-	vaQueue       workqueue.RateLimitingInterface
-	pvQueue       workqueue.RateLimitingInterface
+	client       kubernetes.Interface
+	attacherName string
+	handler      Handler
+	vaQueue      workqueue.TypedRateLimitingInterface[string]
+	pvQueue      workqueue.TypedRateLimitingInterface[string]

 	vaLister       storagelisters.VolumeAttachmentLister
 	vaListerSynced cache.InformerSynced
@ -61,13 +60,11 @@ type CSIAttachController struct {
 	shouldReconcileVolumeAttachment bool
 	reconcileSync                   time.Duration
 	translator                      AttacherCSITranslator
-
-	defaultFSType string
 }

 // Handler is responsible for handling VolumeAttachment events from informer.
 type Handler interface {
-	Init(vaQueue workqueue.RateLimitingInterface, pvQueue workqueue.RateLimitingInterface)
+	Init(vaQueue workqueue.TypedRateLimitingInterface[string], pvQueue workqueue.TypedRateLimitingInterface[string])

 	// SyncNewOrUpdatedVolumeAttachment processes one Add/Updated event from
 	// VolumeAttachment informers. It runs in a workqueue, guaranting that only
@ -76,27 +73,31 @@ type Handler interface {
 	// VolumeAttachment either as forgotten (resets exponential backoff) or
 	// re-queue it into the vaQueue to process it after exponential
 	// backoff.
-	SyncNewOrUpdatedVolumeAttachment(va *storage.VolumeAttachment)
+	SyncNewOrUpdatedVolumeAttachment(ctx context.Context, va *storage.VolumeAttachment)

-	SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume)
+	SyncNewOrUpdatedPersistentVolume(ctx context.Context, pv *v1.PersistentVolume)

-	ReconcileVA() error
+	ReconcileVA(ctx context.Context) error
 }

 // NewCSIAttachController returns a new *CSIAttachController
-func NewCSIAttachController(client kubernetes.Interface, attacherName string, handler Handler, volumeAttachmentInformer storageinformers.VolumeAttachmentInformer, pvInformer coreinformers.PersistentVolumeInformer, vaRateLimiter, paRateLimiter workqueue.RateLimiter, shouldReconcileVolumeAttachment bool, reconcileSync time.Duration) *CSIAttachController {
-	broadcaster := record.NewBroadcaster()
-	broadcaster.StartRecordingToSink(&corev1.EventSinkImpl{Interface: client.CoreV1().Events(v1.NamespaceAll)})
-	var eventRecorder record.EventRecorder
-	eventRecorder = broadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: fmt.Sprintf("csi-attacher %s", attacherName)})
-
+func NewCSIAttachController(
+	logger klog.Logger,
+	client kubernetes.Interface,
+	attacherName string,
+	handler Handler,
+	volumeAttachmentInformer storageinformers.VolumeAttachmentInformer,
+	pvInformer coreinformers.PersistentVolumeInformer,
+	vaRateLimiter, paRateLimiter workqueue.TypedRateLimiter[string],
+	shouldReconcileVolumeAttachment bool,
+	reconcileSync time.Duration,
+) *CSIAttachController {
 	ctrl := &CSIAttachController{
 		client:                          client,
 		attacherName:                    attacherName,
 		handler:                         handler,
-		eventRecorder:                   eventRecorder,
-		vaQueue:                         workqueue.NewNamedRateLimitingQueue(vaRateLimiter, "csi-attacher-va"),
-		pvQueue:                         workqueue.NewNamedRateLimitingQueue(paRateLimiter, "csi-attacher-pv"),
+		vaQueue:                         workqueue.NewTypedRateLimitingQueueWithConfig(vaRateLimiter, workqueue.TypedRateLimitingQueueConfig[string]{Name: "csi-attacher-va"}),
+		pvQueue:                         workqueue.NewTypedRateLimitingQueueWithConfig(paRateLimiter, workqueue.TypedRateLimitingQueueConfig[string]{Name: "csi-attacher-pv"}),
 		shouldReconcileVolumeAttachment: shouldReconcileVolumeAttachment,
 		reconcileSync:                   reconcileSync,
 		translator:                      csitrans.New(),
@ -104,7 +105,7 @@ func NewCSIAttachController(client kubernetes.Interface, attacherName string, ha

 	volumeAttachmentInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc:    ctrl.vaAdded,
-		UpdateFunc: ctrl.vaUpdated,
+		UpdateFunc: ctrl.vaUpdatedFunc(logger),
 		DeleteFunc: ctrl.vaDeleted,
 	})
 	ctrl.vaLister = volumeAttachmentInformer.Lister()
@ -123,53 +124,84 @@ func NewCSIAttachController(client kubernetes.Interface, attacherName string, ha
 }

 // Run starts CSI attacher and listens on channel events
-func (ctrl *CSIAttachController) Run(workers int, stopCh <-chan struct{}) {
+func (ctrl *CSIAttachController) Run(ctx context.Context, workers int, wg *sync.WaitGroup) {
 	defer ctrl.vaQueue.ShutDown()
 	defer ctrl.pvQueue.ShutDown()

-	klog.Infof("Starting CSI attacher")
-	defer klog.Infof("Shutting CSI attacher")
+	logger := klog.FromContext(ctx)
+	logger.Info("Starting CSI attacher")
+	defer logger.Info("Shutting CSI attacher")

-	if !cache.WaitForCacheSync(stopCh, ctrl.vaListerSynced, ctrl.pvListerSynced) {
-		klog.Errorf("Cannot sync caches")
+	if !cache.WaitForCacheSync(ctx.Done(), ctrl.vaListerSynced, ctrl.pvListerSynced) {
+		logger.Error(nil, "Cannot sync caches")
 		return
 	}
-	for i := 0; i < workers; i++ {
-		go wait.Until(ctrl.syncVA, 0, stopCh)
-		go wait.Until(ctrl.syncPV, 0, stopCh)
+	if utilfeature.DefaultFeatureGate.Enabled(features.ReleaseLeaderElectionOnExit) {
+		for i := 0; i < workers; i++ {
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				wait.UntilWithContext(ctx, ctrl.syncVA, 0)
+			}()
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				wait.UntilWithContext(ctx, ctrl.syncPV, 0)
+			}()
+		}
+
+		if ctrl.shouldReconcileVolumeAttachment {
+			wg.Add(1)
+			go func() {
+				defer wg.Done()
+				wait.UntilWithContext(ctx, func(ctx context.Context) {
+					err := ctrl.handler.ReconcileVA(ctx)
+					if err != nil {
+						logger.Error(err, "Failed to reconcile VolumeAttachment")
+					}
+				}, ctrl.reconcileSync)
+			}()
+		}
+	} else {
+		for range workers {
+			go wait.UntilWithContext(ctx, ctrl.syncVA, 0)
+			go wait.UntilWithContext(ctx, ctrl.syncPV, 0)
+		}
+
+		if ctrl.shouldReconcileVolumeAttachment {
+			go wait.UntilWithContext(ctx, func(ctx context.Context) {
+				err := ctrl.handler.ReconcileVA(ctx)
+				if err != nil {
+					logger.Error(err, "Failed to reconcile VolumeAttachment")
+				}
+			}, ctrl.reconcileSync)
+		}
 	}

-	if ctrl.shouldReconcileVolumeAttachment {
-		go wait.Until(func() {
-			err := ctrl.handler.ReconcileVA()
-			if err != nil {
-				klog.Errorf("Failed to reconcile volume attachments: %v", err)
-			}
-		}, ctrl.reconcileSync, stopCh)
-	}
-
-	<-stopCh
+	<-ctx.Done()
 }

 // vaAdded reacts to a VolumeAttachment creation
-func (ctrl *CSIAttachController) vaAdded(obj interface{}) {
+func (ctrl *CSIAttachController) vaAdded(obj any) {
 	va := obj.(*storage.VolumeAttachment)
 	ctrl.vaQueue.Add(va.Name)
 }

-// vaUpdated reacts to a VolumeAttachment update
-func (ctrl *CSIAttachController) vaUpdated(old, new interface{}) {
-	oldVA := old.(*storage.VolumeAttachment)
-	newVA := new.(*storage.VolumeAttachment)
-	if shouldEnqueueVAChange(oldVA, newVA) {
-		ctrl.vaQueue.Add(newVA.Name)
-	} else {
-		klog.V(3).Infof("Ignoring VolumeAttachment %q change", newVA.Name)
+// vaUpdated return a function that reacts to a VolumeAttachment update
+func (ctrl *CSIAttachController) vaUpdatedFunc(logger klog.Logger) func(old, new any) {
+	return func(old, new any) {
+		oldVA := old.(*storage.VolumeAttachment)
+		newVA := new.(*storage.VolumeAttachment)
+		if shouldEnqueueVAChange(oldVA, newVA) {
+			ctrl.vaQueue.Add(newVA.Name)
+		} else {
+			logger.V(3).Info("Ignoring VolumeAttachment change", "VolumeAttachment", newVA.Name)
+		}
 	}
 }

 // vaDeleted reacts to a VolumeAttachment deleted
-func (ctrl *CSIAttachController) vaDeleted(obj interface{}) {
+func (ctrl *CSIAttachController) vaDeleted(obj any) {
 	if unknown, ok := obj.(cache.DeletedFinalStateUnknown); ok && unknown.Obj != nil {
 		obj = unknown.Obj
 	}
@ -181,7 +213,7 @@ func (ctrl *CSIAttachController) vaDeleted(obj interface{}) {
 }

 // pvAdded reacts to a PV creation
-func (ctrl *CSIAttachController) pvAdded(obj interface{}) {
+func (ctrl *CSIAttachController) pvAdded(obj any) {
 	pv := obj.(*v1.PersistentVolume)
 	if !ctrl.processFinalizers(pv) {
 		return
@ -190,7 +222,7 @@ func (ctrl *CSIAttachController) pvAdded(obj interface{}) {
 }

 // pvUpdated reacts to a PV update
-func (ctrl *CSIAttachController) pvUpdated(old, new interface{}) {
+func (ctrl *CSIAttachController) pvUpdated(old, new any) {
 	pv := new.(*v1.PersistentVolume)
 	if !ctrl.processFinalizers(pv) {
 		return
@ -199,33 +231,34 @@ func (ctrl *CSIAttachController) pvUpdated(old, new interface{}) {
 }

 // syncVA deals with one key off the queue.  It returns false when it's time to quit.
-func (ctrl *CSIAttachController) syncVA() {
-	key, quit := ctrl.vaQueue.Get()
+func (ctrl *CSIAttachController) syncVA(ctx context.Context) {
+	vaName, quit := ctrl.vaQueue.Get()
 	if quit {
 		return
 	}
-	defer ctrl.vaQueue.Done(key)
+	defer ctrl.vaQueue.Done(vaName)

-	vaName := key.(string)
-	klog.V(4).Infof("Started VA processing %q", vaName)
+	logger := klog.LoggerWithValues(klog.FromContext(ctx), "VolumeAttachment", vaName)
+	ctx = klog.NewContext(ctx, logger)
+	logger.V(4).Info("Started VolumeAttachment processing")

 	// get VolumeAttachment to process
 	va, err := ctrl.vaLister.Get(vaName)
 	if err != nil {
 		if apierrs.IsNotFound(err) {
 			// VolumeAttachment was deleted in the meantime, ignore.
-			klog.V(3).Infof("VA %q deleted, ignoring", vaName)
+			logger.V(3).Info("VolumeAttachment was deleted, ignoring")
 			return
 		}
-		klog.Errorf("Error getting VolumeAttachment %q: %v", vaName, err)
+		logger.Error(err, "Error getting VolumeAttachment")
 		ctrl.vaQueue.AddRateLimited(vaName)
 		return
 	}
 	if va.Spec.Attacher != ctrl.attacherName {
-		klog.V(4).Infof("Skipping VolumeAttachment %s for attacher %s", va.Name, va.Spec.Attacher)
+		logger.V(4).Info("Skipping VolumeAttachment for attacher", "attacher", va.Spec.Attacher)
 		return
 	}
-	ctrl.handler.SyncNewOrUpdatedVolumeAttachment(va)
+	ctrl.handler.SyncNewOrUpdatedVolumeAttachment(ctx, va)
 }

 func (ctrl *CSIAttachController) processFinalizers(pv *v1.PersistentVolume) bool {
@ -250,29 +283,30 @@ func (ctrl *CSIAttachController) processFinalizers(pv *v1.PersistentVolume) bool
 }

 // syncPV deals with one key off the queue.  It returns false when it's time to quit.
-func (ctrl *CSIAttachController) syncPV() {
-	key, quit := ctrl.pvQueue.Get()
+func (ctrl *CSIAttachController) syncPV(ctx context.Context) {
+	pvName, quit := ctrl.pvQueue.Get()
 	if quit {
 		return
 	}
-	defer ctrl.pvQueue.Done(key)
+	defer ctrl.pvQueue.Done(pvName)

-	pvName := key.(string)
-	klog.V(4).Infof("Started PV processing %q", pvName)
+	logger := klog.LoggerWithValues(klog.FromContext(ctx), "PersistentVolume", pvName)
+	ctx = klog.NewContext(ctx, logger)
+	logger.V(4).Info("Started PersistentVolume processing")

 	// get PV to process
 	pv, err := ctrl.pvLister.Get(pvName)
 	if err != nil {
 		if apierrs.IsNotFound(err) {
 			// PV was deleted in the meantime, ignore.
-			klog.V(3).Infof("PV %q deleted, ignoring", pvName)
+			logger.V(3).Info("PersistentVolume was deleted, ignoring")
 			return
 		}
-		klog.Errorf("Error getting PersistentVolume %q: %v", pvName, err)
+		logger.Error(err, "Error getting PersistentVolume")
 		ctrl.pvQueue.AddRateLimited(pvName)
 		return
 	}
-	ctrl.handler.SyncNewOrUpdatedPersistentVolume(pv)
+	ctrl.handler.SyncNewOrUpdatedPersistentVolume(ctx, pv)
 }

 // shouldEnqueueVAChange checks if a changed VolumeAttachment should be enqueued.
--- a/pkg/controller/csi_handler.go
+++ b/pkg/controller/csi_handler.go
@ -20,17 +20,21 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"strconv"
 	"sync"
 	"time"

 	"github.com/kubernetes-csi/csi-lib-utils/connection"
 	"github.com/kubernetes-csi/external-attacher/pkg/attacher"
+	"github.com/kubernetes-csi/external-attacher/pkg/features"
+	"google.golang.org/grpc/status"
 	v1 "k8s.io/api/core/v1"
 	storage "k8s.io/api/storage/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/types"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/kubernetes"
 	corelisters "k8s.io/client-go/listers/core/v1"
 	storagelisters "k8s.io/client-go/listers/storage/v1"
@ -39,7 +43,7 @@ import (
 )

 type AttacherCSITranslator interface {
-	TranslateInTreePVToCSI(pv *v1.PersistentVolume) (*v1.PersistentVolume, error)
+	TranslateInTreePVToCSI(logger klog.Logger, pv *v1.PersistentVolume) (*v1.PersistentVolume, error)
 	IsPVMigratable(pv *v1.PersistentVolume) bool
 	RepairVolumeHandle(pluginName, volumeHandle, nodeID string) (string, error)
 }
@ -65,7 +69,7 @@ type csiHandler struct {
 	pvLister                      corelisters.PersistentVolumeLister
 	csiNodeLister                 storagelisters.CSINodeLister
 	vaLister                      storagelisters.VolumeAttachmentLister
-	vaQueue, pvQueue              workqueue.RateLimitingInterface
+	vaQueue, pvQueue              workqueue.TypedRateLimitingInterface[string]
 	forceSync                     map[string]bool
 	forceSyncMux                  sync.Mutex
 	timeout                       time.Duration
@ -110,7 +114,7 @@ func NewCSIHandler(
 	}
 }

-func (h *csiHandler) Init(vaQueue workqueue.RateLimitingInterface, pvQueue workqueue.RateLimitingInterface) {
+func (h *csiHandler) Init(vaQueue workqueue.TypedRateLimitingInterface[string], pvQueue workqueue.TypedRateLimitingInterface[string]) {
 	h.vaQueue = vaQueue
 	h.pvQueue = pvQueue
 }
@ -119,10 +123,11 @@ func (h *csiHandler) Init(vaQueue workqueue.RateLimitingInterface, pvQueue workq
 // status with the corresponding VolumeAttachment object. If the attachment
 // status of the volume is different from the state on the VolumeAttachment the
 // VolumeAttachment object is patched to the correct state.
-func (h *csiHandler) ReconcileVA() error {
-	klog.V(4).Info("Reconciling VolumeAttachments with driver backend state")
+func (h *csiHandler) ReconcileVA(ctx context.Context) error {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Reconciling VolumeAttachments with driver backend state")

-	ctx, cancel := context.WithTimeout(context.Background(), h.timeout)
+	ctx, cancel := context.WithTimeout(ctx, h.timeout)
 	defer cancel()

 	// Loop over all volume attachment objects
@ -137,26 +142,26 @@ func (h *csiHandler) ReconcileVA() error {
 	}

 	for _, va := range vas {
-		nodeID, err := h.getNodeID(h.attacherName, va.Spec.NodeName, va)
+		nodeID, err := h.getNodeID(logger, h.attacherName, va.Spec.NodeName, va)
 		if err != nil {
-			klog.Warningf("Failed to find node ID err: %v", err)
+			logger.Error(err, "Failed to find node ID err")
 			continue
 		}
-		pvSpec, err := h.getProcessedPVSpec(va)
+		pvSpec, err := h.getProcessedPVSpec(ctx, va)
 		if err != nil {
-			klog.Warningf("Failed to get PV Spec: %v", err)
+			logger.Error(err, "Failed to get PV Spec")
 			continue
 		}

 		source, err := getCSISource(pvSpec)
 		if err != nil {
-			klog.Warningf("Failed to get CSI Source: %v", err)
+			logger.Error(err, "Failed to get CSI Source")
 			continue
 		}

 		volumeHandle, _, err := GetVolumeHandle(source)
 		if err != nil {
-			klog.Warningf("Failed to get volume handle: %v", err)
+			logger.Error(err, "Failed to get volume handle")
 			continue
 		}
 		attachedStatus := va.Status.Attached
@ -164,29 +169,30 @@ func (h *csiHandler) ReconcileVA() error {
 		// If volume driver has corresponding in-tree plugin, generate a correct volumehandle
 		isMig, err := h.isMigratable(va)
 		if err != nil {
-			klog.Warningf("Failed to check if migratable for volume handle %s (driver %s): %v", volumeHandle, source.Driver, err)
+			logger.Error(err, "Failed to check if migratable for volume handle", "volumeHandle", volumeHandle, "sourceDriver", source.Driver)
 			continue
 		}
 		if isMig {
 			volumeHandle, err = h.translator.RepairVolumeHandle(source.Driver, volumeHandle, nodeID)
 			if err != nil {
-				klog.Warningf("Failed to repair volume handle %s for driver %s: %v", volumeHandle, source.Driver, err)
+				logger.Error(err, "Failed to repair volume handle for driver", "volumeHandle", volumeHandle, "sourceDriver", source.Driver)
 				continue
 			}
 		}

 		// Check whether the volume is published to this node
-		found := false
-		for _, gotNodeID := range published[volumeHandle] {
-			if gotNodeID == nodeID {
-				found = true
-				break
-			}
-		}
+		found := slices.Contains(published[volumeHandle], nodeID)

 		// If ListVolumes Attached Status is different, add to shared workQueue.
 		if attachedStatus != found {
-			klog.Warningf("VA %s for volume %s has attached status %v but actual state %v. Adding back to VA queue for forced reprocessing", va.Name, volumeHandle, attachedStatus, found)
+			logger.Error(
+				nil,
+				"VolumeAttachment attached status and actual state do not match. Adding back to VolumeAttachment queue for forced reprocessing",
+				"VolumeAttachment", va.Name,
+				"volumeHandle", volumeHandle,
+				"attachedStatus", attachedStatus,
+				"found", found,
+			)
 			// Add this item to the vaQueue with forceSync so that it is force
 			// processed again, we avoid UPDATE on the VA or forcing a direct
 			// attach/detach as to avoid race conditions with the main attacher
@ -220,102 +226,103 @@ func (h *csiHandler) consumeForceSync(vaName string) bool {
 	return s
 }

-func (h *csiHandler) SyncNewOrUpdatedVolumeAttachment(va *storage.VolumeAttachment) {
-	klog.V(4).Infof("CSIHandler: processing VA %q", va.Name)
+func (h *csiHandler) SyncNewOrUpdatedVolumeAttachment(ctx context.Context, va *storage.VolumeAttachment) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("CSIHandler: processing VolumeAttachment")

 	var err error
 	if va.DeletionTimestamp == nil {
-		err = h.syncAttach(va)
+		err = h.syncAttach(ctx, va)
 	} else {
-		err = h.syncDetach(va)
+		err = h.syncDetach(ctx, va)
 	}
 	if err != nil {
 		// Re-queue with exponential backoff
-		klog.V(2).Infof("Error processing %q: %s", va.Name, err)
+		logger.V(2).Info("Error processing", "err", err)
 		h.vaQueue.AddRateLimited(va.Name)
 		return
 	}
 	// The operation has finished successfully, reset exponential backoff
 	h.vaQueue.Forget(va.Name)
-	klog.V(4).Infof("CSIHandler: finished processing %q", va.Name)
+	logger.V(4).Info("CSIHandler: finished processing")
 }

-func (h *csiHandler) syncAttach(va *storage.VolumeAttachment) error {
+func (h *csiHandler) syncAttach(ctx context.Context, va *storage.VolumeAttachment) error {
+	logger := klog.FromContext(ctx)
 	if !h.consumeForceSync(va.Name) && va.Status.Attached {
 		// Volume is attached and no force sync, there is nothing to be done.
-		klog.V(4).Infof("%q is already attached", va.Name)
+		logger.V(4).Info("VolumeAttachment is already attached")
 		return nil
 	}

 	// Attach and report any error
-	klog.V(2).Infof("Attaching %q", va.Name)
-	va, metadata, err := h.csiAttach(va)
+	logger.V(2).Info("Attaching")
+	va, metadata, err := h.csiAttach(ctx, va)
 	if err != nil {
-		var saveErr error
-		va, saveErr = h.saveAttachError(va, err)
+		_, saveErr := h.saveAttachError(ctx, va, err)
 		if saveErr != nil {
 			// Just log it, propagate the attach error.
-			klog.V(2).Infof("Failed to save attach error to %q: %s", va.Name, saveErr.Error())
+			logger.V(2).Info("Failed to save attach error to VolumeAttachment", "err", saveErr.Error())
 		}
 		// Add context to the error for logging
 		err := fmt.Errorf("failed to attach: %s", err)
 		return err
 	}
-	klog.V(2).Infof("Attached %q", va.Name)
+	logger.V(2).Info("Attached")

 	// Mark as attached
-	if _, err := markAsAttached(h.client, va, metadata); err != nil {
+	if _, err := markAsAttached(ctx, h.client, va, metadata); err != nil {
 		return fmt.Errorf("failed to mark as attached: %s", err)
 	}
-	klog.V(4).Infof("Fully attached %q", va.Name)
+	logger.V(4).Info("Fully attached")
 	return nil
 }

-func (h *csiHandler) syncDetach(va *storage.VolumeAttachment) error {
-	klog.V(4).Infof("Starting detach operation for %q", va.Name)
+func (h *csiHandler) syncDetach(ctx context.Context, va *storage.VolumeAttachment) error {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Starting detach operation")
 	if !h.consumeForceSync(va.Name) && !h.hasVAFinalizer(va) {
-		klog.V(4).Infof("%q is already detached", va.Name)
+		logger.V(4).Info("VolumeAttachment is already detached")
 		return nil
 	}

 	// Detach and report any error
-	klog.V(2).Infof("Detaching %q", va.Name)
-	va, err := h.csiDetach(va)
+	logger.V(2).Info("Detaching")
+	va, err := h.csiDetach(ctx, va)
 	if err != nil {
 		var saveErr error
-		va, saveErr = h.saveDetachError(va, err)
+		_, saveErr = h.saveDetachError(ctx, va, err)
 		if saveErr != nil {
 			// Just log it, propagate the detach error.
-			klog.V(2).Infof("Failed to save detach error to %q: %s", va.Name, saveErr.Error())
+			logger.V(2).Info("Failed to save detach error to VolumeAttachment", "err", saveErr.Error())
 		}
 		// Add context to the error for logging
 		err := fmt.Errorf("failed to detach: %s", err)
 		return err
 	}
-	klog.V(4).Infof("Fully detached %q", va.Name)
+	logger.V(4).Info("Fully detached")
 	return nil
 }

-func (h *csiHandler) prepareVAFinalizer(va *storage.VolumeAttachment) (newVA *storage.VolumeAttachment, modified bool) {
+func (h *csiHandler) prepareVAFinalizer(logger klog.Logger, va *storage.VolumeAttachment) (newVA *storage.VolumeAttachment, modified bool) {
 	finalizerName := GetFinalizerName(h.attacherName)
-	for _, f := range va.Finalizers {
-		if f == finalizerName {
-			// Finalizer is already present
-			klog.V(4).Infof("VA finalizer is already set on %q", va.Name)
-			return va, false
-		}
+	if slices.Contains(va.Finalizers, finalizerName) {
+		// Finalizer is already present
+		logger.V(4).Info("VolumeAttachment finalizer is already set")
+		return va, false
 	}

 	// Finalizer is not present, add it
 	clone := va.DeepCopy()
 	clone.Finalizers = append(clone.Finalizers, finalizerName)
-	klog.V(4).Infof("VA finalizer added to %q", va.Name)
+	logger.V(4).Info("VolumeAttachment finalizer added")
 	return clone, true
 }

-func (h *csiHandler) prepareVANodeID(va *storage.VolumeAttachment, nodeID string) (newVA *storage.VolumeAttachment, modified bool) {
+func (h *csiHandler) prepareVANodeID(logger klog.Logger, va *storage.VolumeAttachment, nodeID string) (newVA *storage.VolumeAttachment, modified bool) {
+	logger = klog.LoggerWithValues(logger, "nodeID", nodeID)
 	if existingID, ok := va.Annotations[vaNodeIDAnnotation]; ok && existingID == nodeID {
-		klog.V(4).Infof("NodeID annotation is already set on %q", va.Name)
+		logger.V(4).Info("NodeID annotation is already set")
 		return va, false
 	}
 	clone := va.DeepCopy()
@ -323,42 +330,36 @@ func (h *csiHandler) prepareVANodeID(va *storage.VolumeAttachment, nodeID string
 		clone.Annotations = map[string]string{}
 	}
 	clone.Annotations[vaNodeIDAnnotation] = nodeID
-	klog.V(4).Infof("NodeID annotation added to %q", va.Name)
+	logger.V(4).Info("NodeID annotation added")
 	return clone, true
 }

-func (h *csiHandler) addPVFinalizer(pv *v1.PersistentVolume) (*v1.PersistentVolume, error) {
+func (h *csiHandler) addPVFinalizer(ctx context.Context, pv *v1.PersistentVolume) (*v1.PersistentVolume, error) {
+	logger := klog.LoggerWithValues(klog.FromContext(ctx), "PersistentVolume", pv.Name)
 	finalizerName := GetFinalizerName(h.attacherName)
-	for _, f := range pv.Finalizers {
-		if f == finalizerName {
-			// Finalizer is already present
-			klog.V(4).Infof("PV finalizer is already set on %q", pv.Name)
-			return pv, nil
-		}
+	if slices.Contains(pv.Finalizers, finalizerName) {
+		// Finalizer is already present
+		logger.V(4).Info("PersistentVolume finalizer is already set")
+		return pv, nil
 	}

 	// Finalizer is not present, add it
-	klog.V(4).Infof("Adding finalizer to PV %q", pv.Name)
+	logger.V(4).Info("Adding finalizer to PersistentVolume")
 	clone := pv.DeepCopy()
 	clone.Finalizers = append(clone.Finalizers, finalizerName)

-	newPV, err := h.patchPV(pv, clone)
+	newPV, err := h.patchPV(ctx, pv, clone)
 	if err != nil {
 		return pv, err
 	}

-	klog.V(4).Infof("PV finalizer added to %q", pv.Name)
+	logger.V(4).Info("PersistentVolume finalizer added")
 	return newPV, nil
 }

 func (h *csiHandler) hasVAFinalizer(va *storage.VolumeAttachment) bool {
 	finalizerName := GetFinalizerName(h.attacherName)
-	for _, f := range va.Finalizers {
-		if f == finalizerName {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(va.Finalizers, finalizerName)
 }

 // Checks if the PV (or) the inline-volume corresponding to the VA could have migrated from
@ -390,7 +391,10 @@ func getCSISource(pvSpec *v1.PersistentVolumeSpec) (*v1.CSIPersistentVolumeSourc
 	return nil, errors.New("pv spec contained non-csi source that was not migrated")
 }

-func (h *csiHandler) getProcessedPVSpec(va *storage.VolumeAttachment) (*v1.PersistentVolumeSpec, error) {
+func (h *csiHandler) getProcessedPVSpec(ctx context.Context, va *storage.VolumeAttachment) (*v1.PersistentVolumeSpec, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Starting processing PVSpec operation")
+
 	if va.Spec.Source.PersistentVolumeName != nil {
 		if va.Spec.Source.InlineVolumeSpec != nil {
 			return nil, errors.New("both InlineCSIVolumeSource and PersistentVolumeName specified in VA source")
@ -400,7 +404,7 @@ func (h *csiHandler) getProcessedPVSpec(va *storage.VolumeAttachment) (*v1.Persi
 			return nil, err
 		}
 		if h.translator.IsPVMigratable(pv) {
-			pv, err = h.translator.TranslateInTreePVToCSI(pv)
+			pv, err = h.translator.TranslateInTreePVToCSI(logger, pv)
 			if err != nil {
 				return nil, fmt.Errorf("failed to TranslateInTreePVToCSI(%v): %v", pv, err)
 			}
@ -417,8 +421,9 @@ func (h *csiHandler) getProcessedPVSpec(va *storage.VolumeAttachment) (*v1.Persi
 	}
 }

-func (h *csiHandler) csiAttach(va *storage.VolumeAttachment) (*storage.VolumeAttachment, map[string]string, error) {
-	klog.V(4).Infof("Starting attach operation for %q", va.Name)
+func (h *csiHandler) csiAttach(ctx context.Context, va *storage.VolumeAttachment) (*storage.VolumeAttachment, map[string]string, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Starting attach operation")
 	// Check as much as possible before adding VA finalizer - it would block
 	// deletion of VA on error.

@ -437,13 +442,13 @@ func (h *csiHandler) csiAttach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 		if pv.DeletionTimestamp != nil {
 			return va, nil, fmt.Errorf("PersistentVolume %q is marked for deletion", pv.Name)
 		}
-		pv, err = h.addPVFinalizer(pv)
+		pv, err = h.addPVFinalizer(ctx, pv)
 		if err != nil {
 			return va, nil, fmt.Errorf("could not add PersistentVolume finalizer: %s", err)
 		}

 		if h.translator.IsPVMigratable(pv) {
-			pv, err = h.translator.TranslateInTreePVToCSI(pv)
+			pv, err = h.translator.TranslateInTreePVToCSI(logger, pv)
 			if err != nil {
 				return va, nil, fmt.Errorf("failed to translate in tree pv to CSI: %v", err)
 			}
@ -485,32 +490,32 @@ func (h *csiHandler) csiAttach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 		readOnly = false
 	}

-	volumeCapabilities, err := GetVolumeCapabilities(pvSpec, h.supportsSingleNodeMultiWriter, h.defaultFSType)
+	volumeCapabilities, err := GetVolumeCapabilities(logger, pvSpec, h.supportsSingleNodeMultiWriter, h.defaultFSType)
 	if err != nil {
 		return va, nil, err
 	}

-	secrets, err := h.getCredentialsFromPV(csiSource)
+	secrets, err := h.getCredentialsFromPV(ctx, csiSource)
 	if err != nil {
 		return va, nil, err
 	}

-	nodeID, err := h.getNodeID(h.attacherName, va.Spec.NodeName, nil)
+	nodeID, err := h.getNodeID(logger, h.attacherName, va.Spec.NodeName, nil)
 	if err != nil {
 		return va, nil, err
 	}

 	originalVA := va
-	va, finalizerAdded := h.prepareVAFinalizer(va)
-	va, nodeIDAdded := h.prepareVANodeID(va, nodeID)
+	va, finalizerAdded := h.prepareVAFinalizer(logger, va)
+	va, nodeIDAdded := h.prepareVANodeID(logger, va, nodeID)

 	if finalizerAdded || nodeIDAdded {
-		if va, err = h.patchVA(originalVA, va); err != nil {
+		if va, err = h.patchVA(ctx, originalVA, va); err != nil {
 			return originalVA, nil, fmt.Errorf("could not save VolumeAttachment: %s", err)
 		}
 	}

-	ctx, cancel := context.WithTimeout(context.Background(), h.timeout)
+	ctx, cancel := context.WithTimeout(ctx, h.timeout)
 	ctx = markAsMigrated(ctx, migratable)
 	defer cancel()
 	// We're not interested in `detached` return value, the controller will
@ -523,7 +528,10 @@ func (h *csiHandler) csiAttach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 	return va, publishInfo, nil
 }

-func (h *csiHandler) csiDetach(va *storage.VolumeAttachment) (*storage.VolumeAttachment, error) {
+func (h *csiHandler) csiDetach(ctx context.Context, va *storage.VolumeAttachment) (*storage.VolumeAttachment, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Starting detach operation")
+
 	var csiSource *v1.CSIPersistentVolumeSource
 	var migratable bool
 	if va.Spec.Source.PersistentVolumeName != nil {
@ -535,7 +543,7 @@ func (h *csiHandler) csiDetach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 			return va, err
 		}
 		if h.translator.IsPVMigratable(pv) {
-			pv, err = h.translator.TranslateInTreePVToCSI(pv)
+			pv, err = h.translator.TranslateInTreePVToCSI(logger, pv)
 			if err != nil {
 				return va, fmt.Errorf("failed to translate in tree pv to CSI: %v", err)
 			}
@ -559,17 +567,17 @@ func (h *csiHandler) csiDetach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 	if err != nil {
 		return va, err
 	}
-	secrets, err := h.getCredentialsFromPV(csiSource)
+	secrets, err := h.getCredentialsFromPV(ctx, csiSource)
 	if err != nil {
 		return va, err
 	}

-	nodeID, err := h.getNodeID(h.attacherName, va.Spec.NodeName, va)
+	nodeID, err := h.getNodeID(logger, h.attacherName, va.Spec.NodeName, va)
 	if err != nil {
 		return va, err
 	}

-	ctx, cancel := context.WithTimeout(context.Background(), h.timeout)
+	ctx, cancel := context.WithTimeout(ctx, h.timeout)
 	ctx = markAsMigrated(ctx, migratable)
 	defer cancel()
 	err = h.attacher.Detach(ctx, volumeHandle, nodeID, secrets)
@ -578,33 +586,45 @@ func (h *csiHandler) csiDetach(va *storage.VolumeAttachment) (*storage.VolumeAtt
 		// after backoff.
 		return va, err
 	}
-	klog.V(2).Infof("Detached %q", va.Name)
+	logger.V(2).Info("Detached")

-	if va, err := markAsDetached(h.client, va); err != nil {
+	if va, err := markAsDetached(ctx, h.client, va); err != nil {
 		return va, fmt.Errorf("could not mark as detached: %s", err)
 	}

 	return va, nil
 }

-func (h *csiHandler) saveAttachError(va *storage.VolumeAttachment, err error) (*storage.VolumeAttachment, error) {
-	klog.V(4).Infof("Saving attach error to %q", va.Name)
+func (h *csiHandler) saveAttachError(ctx context.Context, va *storage.VolumeAttachment, err error) (*storage.VolumeAttachment, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Saving attach error")
 	clone := va.DeepCopy()
-	clone.Status.AttachError = &storage.VolumeError{
+
+	volumeError := &storage.VolumeError{
 		Message: err.Error(),
 		Time:    metav1.Now(),
 	}

+	if utilfeature.DefaultFeatureGate.Enabled(features.MutableCSINodeAllocatableCount) {
+		if st, ok := status.FromError(err); ok {
+			errorCode := int32(st.Code())
+			volumeError.ErrorCode = &errorCode
+		}
+	}
+
+	clone.Status.AttachError = volumeError
+
 	var newVa *storage.VolumeAttachment
-	if newVa, err = h.patchVA(va, clone, "status"); err != nil {
+	if newVa, err = h.patchVA(ctx, va, clone, "status"); err != nil {
 		return va, err
 	}
-	klog.V(4).Infof("Saved attach error to %q", va.Name)
+	logger.V(4).Info("Saved attach error")
 	return newVa, nil
 }

-func (h *csiHandler) saveDetachError(va *storage.VolumeAttachment, err error) (*storage.VolumeAttachment, error) {
-	klog.V(4).Infof("Saving detach error to %q", va.Name)
+func (h *csiHandler) saveDetachError(ctx context.Context, va *storage.VolumeAttachment, err error) (*storage.VolumeAttachment, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Saving detach error")
 	clone := va.DeepCopy()
 	clone.Status.DetachError = &storage.VolumeError{
 		Message: err.Error(),
@ -612,15 +632,16 @@ func (h *csiHandler) saveDetachError(va *storage.VolumeAttachment, err error) (*
 	}

 	var newVa *storage.VolumeAttachment
-	if newVa, err = h.patchVA(va, clone, "status"); err != nil {
+	if newVa, err = h.patchVA(ctx, va, clone, "status"); err != nil {
 		return va, err
 	}
-	klog.V(4).Infof("Saved detach error to %q", va.Name)
+	logger.V(4).Info("Saved detach error")
 	return newVa, nil
 }

-func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {
-	klog.V(4).Infof("CSIHandler: processing PV %q", pv.Name)
+func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(ctx context.Context, pv *v1.PersistentVolume) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("CSIHandler: processing PersistentVolume")
 	// Sync and remove finalizer on given PV
 	if pv.DeletionTimestamp == nil {
 		ignore := true
@ -633,16 +654,18 @@ func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {
 				if migratedToDriver := ann[annMigratedTo]; migratedToDriver == h.attacherName {
 					ignore = true
 				} else {
-					klog.V(4).Infof("CSIHandler: PV %q is an in-tree PV but does not have migrated-to annotation "+
-						"or the annotation does not match. Expect %v, Get %v. Remove the finalizer for this PV ",
-						pv.Name, h.attacherName, migratedToDriver)
+					logger.V(4).Info(
+						"CSIHandler: PersistentVolume is an in-tree PV but does not have migrated-to annotation or the annotation does not match. Remove the finalizer for this PersistentVolume",
+						"expect", h.attacherName,
+						"get", migratedToDriver,
+					)
 				}
 			}
 		}

 		if ignore {
 			// Don't process anything that has no deletion timestamp.
-			klog.V(4).Infof("CSIHandler: processing PV %q: no deletion timestamp, ignoring", pv.Name)
+			logger.V(4).Info("CSIHandler: processing PersistentVolume: no deletion timestamp, ignoring")
 			h.pvQueue.Forget(pv.Name)
 			return
 		}
@ -650,16 +673,10 @@ func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {

 	// Check if the PV has finalizer
 	finalizer := GetFinalizerName(h.attacherName)
-	found := false
-	for _, f := range pv.Finalizers {
-		if f == finalizer {
-			found = true
-			break
-		}
-	}
+	found := slices.Contains(pv.Finalizers, finalizer)
 	if !found {
 		// No finalizer -> no action required
-		klog.V(4).Infof("CSIHandler: processing PV %q: no finalizer, ignoring", pv.Name)
+		logger.V(4).Info("CSIHandler: processing PersistentVolume: no finalizer, ignoring")
 		h.pvQueue.Forget(pv.Name)
 		return
 	}
@ -668,20 +685,20 @@ func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {
 	vas, err := h.vaLister.List(labels.Everything())
 	if err != nil {
 		// Failed listing VAs? Try again with exp. backoff
-		klog.Errorf("Failed to list VolumeAttachments for PV %q: %s", pv.Name, err.Error())
+		logger.Error(err, "Failed to list VolumeAttachments for PersistentVolume")
 		h.pvQueue.AddRateLimited(pv.Name)
 		return
 	}
 	for _, va := range vas {
 		if va.Spec.Source.PersistentVolumeName != nil && *va.Spec.Source.PersistentVolumeName == pv.Name {
 			// This PV is needed by this VA, don't remove finalizer
-			klog.V(4).Infof("CSIHandler: processing PV %q: VA %q found", pv.Name, va.Name)
+			logger.V(4).Info("CSIHandler: processing PersistentVolume: VolumeAttachment was found", "VolumeAttachment", va.Name)
 			h.pvQueue.Forget(pv.Name)
 			return
 		}
 	}
 	// No VA found -> remove finalizer
-	klog.V(4).Infof("CSIHandler: processing PV %q: no VA found, removing finalizer", pv.Name)
+	logger.V(4).Info("CSIHandler: processing PersistentVolume: no VolumeAttachment found, removing finalizer")
 	clone := pv.DeepCopy()
 	newFinalizers := []string{}
 	for _, f := range pv.Finalizers {
@ -697,19 +714,17 @@ func (h *csiHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {
 	}
 	clone.Finalizers = newFinalizers

-	if _, err = h.patchPV(pv, clone); err != nil {
-		klog.Errorf("Failed to remove finalizer from PV %q: %s", pv.Name, err.Error())
+	if _, err = h.patchPV(ctx, pv, clone); err != nil {
+		logger.Error(err, "Failed to remove finalizer from PersistentVolume")
 		h.pvQueue.AddRateLimited(pv.Name)
 		return
 	}

-	klog.V(2).Infof("Removed finalizer from PV %q", pv.Name)
+	logger.V(2).Info("Removed finalizer from PersistentVolume")
 	h.pvQueue.Forget(pv.Name)
-
-	return
 }

-func (h *csiHandler) getCredentialsFromPV(csiSource *v1.CSIPersistentVolumeSource) (map[string]string, error) {
+func (h *csiHandler) getCredentialsFromPV(ctx context.Context, csiSource *v1.CSIPersistentVolumeSource) (map[string]string, error) {
 	if csiSource == nil {
 		return nil, fmt.Errorf("CSI volume source was nil")
 	}
@ -718,7 +733,7 @@ func (h *csiHandler) getCredentialsFromPV(csiSource *v1.CSIPersistentVolumeSourc
 		return nil, nil
 	}

-	secret, err := h.client.CoreV1().Secrets(secretRef.Namespace).Get(context.TODO(), secretRef.Name, metav1.GetOptions{})
+	secret, err := h.client.CoreV1().Secrets(secretRef.Namespace).Get(ctx, secretRef.Name, metav1.GetOptions{})
 	if err != nil {
 		return nil, fmt.Errorf("failed to load secret \"%s/%s\": %s", secretRef.Namespace, secretRef.Name, err)
 	}
@ -732,23 +747,23 @@ func (h *csiHandler) getCredentialsFromPV(csiSource *v1.CSIPersistentVolumeSourc

 // getNodeID finds node ID from CSINode API object. If caller wants, it can find
 // node ID stored in VolumeAttachment annotation.
-func (h *csiHandler) getNodeID(driver string, nodeName string, va *storage.VolumeAttachment) (string, error) {
+func (h *csiHandler) getNodeID(logger klog.Logger, driver string, nodeName string, va *storage.VolumeAttachment) (string, error) {
 	// Try to find CSINode first.
 	csiNode, err := h.csiNodeLister.Get(nodeName)
 	if err == nil {
 		if nodeID, found := GetNodeIDFromCSINode(driver, csiNode); found {
-			klog.V(4).Infof("Found NodeID %s in CSINode %s", nodeID, nodeName)
+			logger.V(4).Info("Found nodeID in CSINode", "nodeID", nodeID, "CSINode", nodeName)
 			return nodeID, nil
 		}
 		// CSINode exists, but does not have the requested driver; this can happen if the CSI pod is not running, for
 		// example the node might be currently shut down. We don't want to block the controller unpublish in that scenario.
 		// We should treat missing driver in the same way as missing CSINode; attempt to use the node ID from the volume
 		// attachment.
-		err = errors.New(fmt.Sprintf("CSINode %s does not contain driver %s", nodeName, driver))
+		err = fmt.Errorf("CSINode %s does not contain driver %s", nodeName, driver)
 	}

 	// Can't get CSINode, check Volume Attachment.
-	klog.V(4).Infof("Can't get nodeID from CSINode %s: %s", nodeName, err)
+	logger.V(4).Info("Failed to get nodeID from CSINode", "nodeName", nodeName, "err", err.Error())

 	// Check VolumeAttachment annotation as the last resort if caller wants so (i.e. has provided one).
 	if va == nil {
@ -762,28 +777,27 @@ func (h *csiHandler) getNodeID(driver string, nodeName string, va *storage.Volum
 	return "", err
 }

-func (h *csiHandler) patchVA(va, clone *storage.VolumeAttachment, subresources ...string) (*storage.VolumeAttachment,
+func (h *csiHandler) patchVA(ctx context.Context, va, clone *storage.VolumeAttachment, subresources ...string) (*storage.VolumeAttachment,
 	error) {
 	patch, err := createMergePatch(va, clone)
 	if err != nil {
 		return va, err
 	}

-	newVa, err := h.client.StorageV1().VolumeAttachments().Patch(context.TODO(), va.Name, types.MergePatchType, patch,
-		metav1.PatchOptions{}, subresources...)
+	newVa, err := h.client.StorageV1().VolumeAttachments().Patch(ctx, va.Name, types.MergePatchType, patch, metav1.PatchOptions{}, subresources...)
 	if err != nil {
 		return va, err
 	}
 	return newVa, nil
 }

-func (h *csiHandler) patchPV(pv, clone *v1.PersistentVolume) (*v1.PersistentVolume, error) {
+func (h *csiHandler) patchPV(ctx context.Context, pv, clone *v1.PersistentVolume) (*v1.PersistentVolume, error) {
 	patch, err := createMergePatch(pv, clone)
 	if err != nil {
 		return pv, err
 	}

-	newPV, err := h.client.CoreV1().PersistentVolumes().Patch(context.TODO(), pv.Name, types.MergePatchType, patch, metav1.PatchOptions{})
+	newPV, err := h.client.CoreV1().PersistentVolumes().Patch(ctx, pv.Name, types.MergePatchType, patch, metav1.PatchOptions{})
 	if err != nil {
 		return pv, err
 	}
--- a/pkg/controller/csi_handler_test.go
+++ b/pkg/controller/csi_handler_test.go
@ -23,9 +23,12 @@ import (
 	"testing"
 	"time"

+	"google.golang.org/grpc/codes"
+
 	"github.com/kubernetes-csi/csi-lib-utils/connection"
 	"github.com/kubernetes-csi/external-attacher/pkg/attacher"
-
+	"github.com/kubernetes-csi/external-attacher/pkg/features"
+	"google.golang.org/grpc/status"
 	v1 "k8s.io/api/core/v1"
 	storage "k8s.io/api/storage/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -33,11 +36,14 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	core "k8s.io/client-go/testing"
+	featuregatetesting "k8s.io/component-base/featuregate/testing"
 	csitranslator "k8s.io/csi-translation-lib"
 	"k8s.io/klog/v2"
+	_ "k8s.io/klog/v2/ktesting/init"
 )

 const (
@ -259,15 +265,25 @@ func secret() *v1.Secret {
 	}
 }

-func patch(original, new interface{}) []byte {
+func patch(original, new any) []byte {
 	patch, err := createMergePatch(original, new)
 	if err != nil {
-		klog.Fatalf("Failed to create patch %+v", err)
+		klog.Background().Error(err, "Failed to create patch")
 		return nil
 	}
 	return patch
 }

+func vaWithAttachErrorAndCode(va *storage.VolumeAttachment, message string, code codes.Code) *storage.VolumeAttachment {
+	errorCode := int32(code)
+	va.Status.AttachError = &storage.VolumeError{
+		Message:   message,
+		Time:      metav1.Time{},
+		ErrorCode: &errorCode,
+	}
+	return va
+}
+
 func TestCSIHandler(t *testing.T) {
 	vaGroupResourceVersion := schema.GroupVersionResource{
 		Group:    storage.GroupName,
@ -936,12 +952,12 @@ func TestCSIHandler(t *testing.T) {
 			initialObjects: []runtime.Object{pvWithFinalizer(), csiNode()},
 			addedVA:        deleted(va(true, fin, ann)),
 			expectedActions: []core.Action{
+				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(va(true, fin, ann)),
+						deleted(va(true /*attached*/, "", ann)))),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(va(true, "", ann)),
 						deleted(va(false /*attached*/, "", ann))), "status"),
-				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(false, fin, ann)),
-						deleted(va(false /*attached*/, "", ann)))),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, success, ignored, noMetadata, 0},
@ -952,12 +968,12 @@ func TestCSIHandler(t *testing.T) {
 			initialObjects: []runtime.Object{csiNode()},
 			addedVA:        deleted(vaWithInlineSpec(va(true, fin, ann))),
 			expectedActions: []core.Action{
+				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaWithInlineSpec(va(true, fin, ann))),
+						deleted(vaWithInlineSpec(va(true /*attached*/, "", ann))))),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(vaWithInlineSpec(va(true, "", ann))),
 						deleted(vaWithInlineSpec(va(false /*attached*/, "", ann)))), "status"),
-				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(vaWithInlineSpec(va(false, fin, ann))),
-						deleted(vaWithInlineSpec(va(false /*attached*/, "", ann))))),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, success, ignored, noMetadata, 0},
@ -969,12 +985,12 @@ func TestCSIHandler(t *testing.T) {
 			addedVA:        deleted(va(true, fin, ann)),
 			expectedActions: []core.Action{
 				core.NewGetAction(secretGroupResourceVersion, "default", "secret"),
+				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaWithInlineSpec(va(true, fin, ann))),
+						deleted(vaWithInlineSpec(va(true /*attached*/, "", ann))))),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(va(true, "", ann)),
 						deleted(va(false /*attached*/, "", ann))), "status"),
-				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(vaWithInlineSpec(va(false, fin, ann))),
-						deleted(vaWithInlineSpec(va(false /*attached*/, "", ann))))),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, map[string]string{"foo": "bar"}, readWrite, success, ignored, noMetadata, 0},
@ -986,14 +1002,14 @@ func TestCSIHandler(t *testing.T) {
 			addedVA:        deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, fin, ann)), "secret")),
 			expectedActions: []core.Action{
 				core.NewGetAction(secretGroupResourceVersion, "default", "secret"),
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, fin, ann)), "secret")),
+						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true /*attached*/, "", ann)),
+							"secret"))), ""),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, "", ann)), "secret")),
 						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false /*attached*/, "", ann)),
 							"secret"))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false, fin, ann)), "secret")),
-						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false /*attached*/, "", ann)),
-							"secret"))), ""),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, map[string]string{"foo": "bar"}, readWrite, success, ignored, noMetadata, 0},
@ -1005,12 +1021,12 @@ func TestCSIHandler(t *testing.T) {
 			addedVA:        deleted(va(true, fin, ann)),
 			expectedActions: []core.Action{
 				core.NewGetAction(secretGroupResourceVersion, "default", "emptySecret"),
+				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(va(true, fin, ann)),
+						deleted(va(true /*attached*/, "", ann)))),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(va(true, "", ann)),
 						deleted(va(false /*attached*/, "", ann))), "status"),
-				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(false, fin, ann)),
-						deleted(va(false /*attached*/, "", ann)))),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, map[string]string{}, readWrite, success, ignored, noMetadata, 0},
@ -1022,16 +1038,16 @@ func TestCSIHandler(t *testing.T) {
 			addedVA:        deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, fin, ann)), "emptySecret")),
 			expectedActions: []core.Action{
 				core.NewGetAction(secretGroupResourceVersion, "default", "emptySecret"),
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
+					testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, fin, ann)), "emptySecret")),
+						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true /*attached*/, "", ann)),
+							"emptySecret"))), ""),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
 					testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(true, "", ann)), "emptySecret")),
 						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false /*attached*/, "", ann)),
 							"emptySecret"))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
-					testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false, fin, ann)), "emptySecret")),
-						deleted(vaInlineSpecWithSecret(vaWithInlineSpec(va(false /*attached*/, "", ann)),
-							"emptySecret"))), ""),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, map[string]string{}, readWrite, success, ignored, noMetadata, 0},
@ -1061,12 +1077,12 @@ func TestCSIHandler(t *testing.T) {
 					testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(va(true, "", ann)),
 						deleted(vaWithDetachError(va(true, "", ann), "mock error"))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(true, "", ann)),
-						deleted(va(false, "", ann))), "status"),
 				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(false, fin, ann)),
-						deleted(va(false, "", ann)))),
+					types.MergePatchType, patch(deleted(va(true, fin, ann)),
+						deleted(va(true, "", ann)))),
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaWithDetachError(va(true, "", ann), "mock error")),
+						deleted(va(false, "", ann))), "status"),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, fmt.Errorf("mock error"), ignored, noMetadata, 0},
@ -1082,12 +1098,12 @@ func TestCSIHandler(t *testing.T) {
 					testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(deleted(va(true, "", ann)),
 						deleted(vaWithDetachError(va(true, "", ann), "context deadline exceeded"))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(true, "", ann)),
-						deleted(va(false /*attached*/, "", ann))), "status"),
 				core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(deleted(va(false, fin, ann)),
-						deleted(va(false /*attached*/, "", ann)))),
+					types.MergePatchType, patch(deleted(va(true, fin, ann)),
+						deleted(va(true /*attached*/, "", ann)))),
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(deleted(vaWithDetachError(va(true, "", ann), "context deadline exceeded")),
+						deleted(va(false /*attached*/, "", ann))), "status"),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, success, ignored, noMetadata, 500 * time.Millisecond},
@ -1204,25 +1220,25 @@ func TestCSIHandler(t *testing.T) {
 			initialObjects: []runtime.Object{pvWithFinalizer()},
 			addedVA:        deleted(va(true, fin, map[string]string{vaNodeIDAnnotation: "annotatedNodeID"})),
 			expectedActions: []core.Action{
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(
+						deleted(va(true, fin, map[string]string{vaNodeIDAnnotation: "annotatedNodeID"})),
+						deleted(va(true /*attached*/, "",
+							map[string]string{vaNodeIDAnnotation: "annotatedNodeID"}))), ""),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
 						deleted(va(true, "", map[string]string{vaNodeIDAnnotation: "annotatedNodeID"})),
 						deleted(va(false /*attached*/, "",
 							map[string]string{vaNodeIDAnnotation: "annotatedNodeID"}))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(
-						deleted(va(false, fin, map[string]string{vaNodeIDAnnotation: "annotatedNodeID"})),
-						deleted(va(false /*attached*/, "",
-							map[string]string{vaNodeIDAnnotation: "annotatedNodeID"}))), ""),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, "annotatedNodeID", noAttrs, noSecrets, readWrite, success, detached, noMetadata, 0},
 			},
 		},
 		{
-			name:           "failed write with attached=false -> controller retries",
+			name:           "failed write with finalizer removal -> controller retries",
 			initialObjects: []runtime.Object{pvWithFinalizer(), csiNode()},
-			addedVA:        deleted(va(false, fin, ann)),
+			addedVA:        deleted(va(true, fin, ann)),
 			reactors: []reaction{
 				{
 					verb:     "patch",
@ -1241,28 +1257,29 @@ func TestCSIHandler(t *testing.T) {
 			},
 			expectedActions: []core.Action{
 				// This fails
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
-					testPVName+"-"+testNodeName,
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
-						deleted(va(false, "", ann)),
-						deleted(va(false, "", ann))), "status"),
+						deleted(va(true, fin, ann)),
+						deleted(va(true, "", ann))), ""),
 				// Saving error succeeds
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
 					testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
-						deleted(va(false, "", ann)),
-						vaWithDetachError(deleted(va(false, "", ann)),
+						deleted(va(true, fin, ann)),
+						vaWithDetachError(deleted(va(true, fin, ann)),
 							"could not mark as detached: volumeattachments.storage.k8s."+
 								"io \"pv1-node1\" is forbidden: mock error")), "status"),
 				// Second save of attached=false succeeds and the finalizer is subsequently deleted.
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
-						deleted(va(false, "", ann)),
-						deleted(va(false, "", ann))), "status"),
+						deleted(va(true, fin, ann)),
+						deleted(va(true, "", ann))), ""),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
-						deleted(va(false, fin, ann)),
-						deleted(va(false, "", ann))), ""),
+						vaWithDetachError(deleted(va(true, "", ann)),
+							"could not mark as detached: volumeattachments.storage.k8s."+
+								"io \"pv1-node1\" is forbidden: mock error"),
+						deleted(va(false, "", ann))), "status"),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, success, detached, noMetadata, 0},
@ -1274,15 +1291,14 @@ func TestCSIHandler(t *testing.T) {
 			initialObjects: []runtime.Object{gcePDPVWithFinalizer(), csiNode()},
 			addedVA:        deleted(va(true /*attached*/, fin /*finalizer*/, ann)),
 			expectedActions: []core.Action{
-				// Finalizer is saved first
+				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+					types.MergePatchType, patch(
+						deleted(va(true, fin, ann)),
+						deleted(va(true /*attached*/, "", ann))), ""),
 				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
 					types.MergePatchType, patch(
 						deleted(va(true, "", ann)),
 						deleted(va(false /*attached*/, "", ann))), "status"),
-				core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
-					types.MergePatchType, patch(
-						deleted(va(false, fin, ann)),
-						deleted(va(false /*attached*/, "", ann))), ""),
 			},
 			expectedCSICalls: []csiCall{
 				{"detach", "projects/UNSPECIFIED/zones/testZone/disks/testpd", testNodeID,
@ -1402,6 +1418,61 @@ func TestCSIHandler(t *testing.T) {
 	runTests(t, csiHandlerFactory, tests)
 }

+func TestVolumeAttachmentWithErrorCode(t *testing.T) {
+	featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.MutableCSINodeAllocatableCount, true)
+
+	vaGroupResourceVersion := schema.GroupVersionResource{
+		Group:    storage.GroupName,
+		Version:  "v1",
+		Resource: "volumeattachments",
+	}
+
+	var noMetadata map[string]string
+	var noAttrs map[string]string
+	var noSecrets map[string]string
+	var notDetached = false
+	var success error
+	var readWrite = false
+
+	test := testCase{
+		name:           "CSI attach fails with gRPC error -> controller saves ErrorCode and retries",
+		initialObjects: []runtime.Object{pvWithFinalizer(), csiNode()},
+		addedVA:        va(false, "", nil),
+		expectedActions: []core.Action{
+			core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+				types.MergePatchType, patch(va(false, "", nil), va(false, fin, ann))),
+
+			// The CSI call fails, so the controller saves the error status.
+			core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
+				testPVName+"-"+testNodeName,
+				types.MergePatchType, patch(va(false, fin, ann),
+					vaWithAttachErrorAndCode(va(false, fin, ann), "rpc error: code = ResourceExhausted desc = mock rpc error", codes.ResourceExhausted)), "status"),
+
+			// On retry, the controller reads the original VA again and tries to re-apply the finalizer/annotation.
+			core.NewPatchAction(vaGroupResourceVersion, metav1.NamespaceNone, testPVName+"-"+testNodeName,
+				types.MergePatchType, patch(
+					vaWithAttachErrorAndCode(va(false, "", nil), "rpc error: code = ResourceExhausted desc = mock rpc error", codes.ResourceExhausted),
+					vaWithAttachErrorAndCode(va(false, fin, ann), "rpc error: code = ResourceExhausted desc = mock rpc error", codes.ResourceExhausted),
+				)),
+
+			// The CSI call succeeds now, and the controller clears the error and marks the VA as attached.
+			core.NewPatchSubresourceAction(vaGroupResourceVersion, metav1.NamespaceNone,
+				testPVName+"-"+testNodeName,
+				types.MergePatchType, patch(
+					vaWithAttachErrorAndCode(va(false, fin, ann), "rpc error: code = ResourceExhausted desc = mock rpc error", codes.ResourceExhausted),
+					va(true /*attached*/, fin, ann),
+				),
+				"status"),
+		},
+		expectedCSICalls: []csiCall{
+			{"attach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, status.Error(codes.ResourceExhausted, "mock rpc error"), notDetached, noMetadata, 0},
+			{"attach", testVolumeHandle, testNodeID, noAttrs, noSecrets, readWrite, success, notDetached, noMetadata, 0},
+		},
+	}
+
+	runTests(t, csiHandlerFactory, []testCase{test})
+}
+
 func TestCSIHandlerReconcileVA(t *testing.T) {
 	nID := map[string]string{
 		vaNodeIDAnnotation: testNodeID,
@ -1440,7 +1511,7 @@ func TestCSIHandlerReconcileVA(t *testing.T) {
 				pvWithFinalizer(),
 			},
 			listerResponse: map[string][]string{
-				testVolumeHandle: []string{testNodeID},
+				testVolumeHandle: {testNodeID},
 			},
 			expectedActions: []core.Action{
 				// Intentionally empty
@ -1453,7 +1524,7 @@ func TestCSIHandlerReconcileVA(t *testing.T) {
 				pvWithFinalizer(),
 			},
 			listerResponse: map[string][]string{
-				testVolumeHandle: []string{testNodeID},
+				testVolumeHandle: {testNodeID},
 			},
 			expectedActions: []core.Action{},
 			expectedCSICalls: []csiCall{
@ -1464,7 +1535,7 @@ func TestCSIHandlerReconcileVA(t *testing.T) {
 			name:           "no volume attachments but existing lister response results in no action",
 			initialObjects: []runtime.Object{},
 			listerResponse: map[string][]string{
-				testVolumeHandle: []string{testNodeID},
+				testVolumeHandle: {testNodeID},
 			},
 			expectedActions: []core.Action{},
 		},
--- a/pkg/controller/framework_test.go
+++ b/pkg/controller/framework_test.go
@ -39,6 +39,8 @@ import (
 	core "k8s.io/client-go/testing"
 	"k8s.io/client-go/util/workqueue"
 	"k8s.io/klog/v2"
+	"k8s.io/klog/v2/ktesting"
+	_ "k8s.io/klog/v2/ktesting/init"
 )

 // This is an unit test framework. It is heavily inspired by serviceaccount
@ -106,208 +108,214 @@ type handlerFactory func(client kubernetes.Interface, informerFactory informers.

 func runTests(t *testing.T, handlerFactory handlerFactory, tests []testCase) {
 	for _, test := range tests {
-		klog.Infof("Test %q: started", test.name)
-		objs := test.initialObjects
-		if test.addedVA != nil {
-			objs = append(objs, test.addedVA)
-		}
-		if test.updatedVA != nil {
-			objs = append(objs, test.updatedVA)
-		}
-		if test.updatedPV != nil {
-			objs = append(objs, test.updatedPV)
-		}
-
-		coreObjs := []runtime.Object{}
-		csiObjs := []runtime.Object{}
-		for _, obj := range objs {
-			switch obj.(type) {
-			case *storage.CSINode:
-				csiObjs = append(csiObjs, obj)
-			default:
-				coreObjs = append(coreObjs, obj)
+		t.Run(test.name, func(t *testing.T) {
+			logger, ctx := ktesting.NewTestContext(t)
+			logger = klog.LoggerWithValues(logger, "test", test.name)
+			ctx = klog.NewContext(ctx, logger)
+			logger.Info("Starting test")
+			objs := test.initialObjects
+			if test.addedVA != nil {
+				objs = append(objs, test.addedVA)
 			}
-		}
-
-		// Create client and informers
-		client := fake.NewSimpleClientset(coreObjs...)
-		informers := informers.NewSharedInformerFactory(client, time.Hour /* disable resync*/)
-		vaInformer := informers.Storage().V1().VolumeAttachments()
-		pvInformer := informers.Core().V1().PersistentVolumes()
-		nodeInformer := informers.Core().V1().Nodes()
-		csiNodeInformer := informers.Storage().V1().CSINodes()
-		// Fill the informers with initial objects so controller can Get() them
-		for _, obj := range objs {
-			switch obj.(type) {
-			case *v1.PersistentVolume:
-				pvInformer.Informer().GetStore().Add(obj)
-			case *v1.Node:
-				nodeInformer.Informer().GetStore().Add(obj)
-			case *storage.VolumeAttachment:
-				vaInformer.Informer().GetStore().Add(obj)
-			case *v1.Secret:
-				// Secrets are not cached in any informer
-			case *storage.CSINode:
-				csiNodeInformer.Informer().GetStore().Add(obj)
-			default:
-				t.Fatalf("Unknown initalObject type: %+v", obj)
+			if test.updatedVA != nil {
+				objs = append(objs, test.updatedVA)
 			}
-		}
-		// This reactor makes sure that all updates that the controller does are
-		// reflected in its informers so Lister.Get() finds them. This does not
-		// enqueue events!
-		client.Fake.PrependReactor("update", "*", func(action core.Action) (bool, runtime.Object, error) {
-			if action.GetVerb() == "update" {
-				switch action.GetResource().Resource {
-				case "volumeattachments":
-					klog.V(5).Infof("Test reactor: updated VA")
-					vaInformer.Informer().GetStore().Update(action.(core.UpdateAction).GetObject())
-				case "persistentvolumes":
-					klog.V(5).Infof("Test reactor: updated PV")
-					pvInformer.Informer().GetStore().Update(action.(core.UpdateAction).GetObject())
+			if test.updatedPV != nil {
+				objs = append(objs, test.updatedPV)
+			}
+
+			coreObjs := []runtime.Object{}
+			for _, obj := range objs {
+				switch obj.(type) {
+				case *storage.CSINode:
 				default:
-					t.Errorf("Unknown update resource: %s", action.GetResource())
-				}
-			}
-			return false, nil, nil
-		})
-		// Run any reactors that the test needs *before* the above one.
-		for _, reactor := range test.reactors {
-			client.Fake.PrependReactor(reactor.verb, reactor.resource, reactor.reactor(t))
-		}
-
-		// Construct controller
-		lister := &fakeLister{t: t, publishedNodes: test.listerResponse}
-		csiConnection := &fakeCSIConnection{t: t, calls: test.expectedCSICalls, lister: lister}
-		handler := handlerFactory(client, informers, csiConnection, lister)
-		ctrl := NewCSIAttachController(client, testAttacherName, handler, vaInformer, pvInformer, workqueue.DefaultControllerRateLimiter(), workqueue.DefaultControllerRateLimiter(), test.listerResponse != nil, 1*time.Minute)
-
-		// Start the test by enqueueing the right event
-		if test.addedVA != nil {
-			ctrl.vaAdded(test.addedVA)
-		}
-		if test.updatedVA != nil {
-			ctrl.vaUpdated(test.updatedVA, test.updatedVA)
-		}
-		if test.deletedVA != nil {
-			ctrl.vaDeleted(test.deletedVA)
-		}
-		if test.updatedPV != nil {
-			ctrl.pvUpdated(test.updatedPV, test.updatedPV)
-		}
-
-		// Process the queue until we get expected results
-		timeout := time.Now().Add(10 * time.Second)
-		lastReportedActionCount := 0
-		for {
-			if time.Now().After(timeout) {
-				t.Errorf("Test %q: timed out", test.name)
-				break
-			}
-			if ctrl.vaQueue.Len() > 0 {
-				klog.V(5).Infof("Test %q: %d events in VA queue, processing one", test.name, ctrl.vaQueue.Len())
-				ctrl.syncVA()
-			}
-			if ctrl.pvQueue.Len() > 0 {
-				klog.V(5).Infof("Test %q: %d events in PV queue, processing one", test.name, ctrl.vaQueue.Len())
-				ctrl.syncPV()
-			}
-			if ctrl.vaQueue.Len() > 0 || ctrl.pvQueue.Len() > 0 {
-				// There is still some work in the queue, process it now
-				continue
-			}
-			if test.listerResponse != nil {
-				// Reconcile VA with the actual state
-				err := ctrl.handler.ReconcileVA()
-				if err != nil {
-					t.Errorf("Failed to reconcile Volume Attachment objects: %v", err)
-				}
-			}
-			if ctrl.vaQueue.Len() > 0 || ctrl.pvQueue.Len() > 0 {
-				// Reconciler created some work, process the queues once again
-				continue
-			}
-			currentActionCount := len(client.Actions())
-			if currentActionCount < len(test.expectedActions) {
-				if lastReportedActionCount < currentActionCount {
-					klog.V(5).Infof("Test %q: got %d actions out of %d, waiting for the rest", test.name, currentActionCount, len(test.expectedActions))
-					lastReportedActionCount = currentActionCount
-				}
-				// The test expected more to happen, wait for them
-				time.Sleep(10 * time.Millisecond)
-				continue
-			}
-			break
-		}
-
-		actions := client.Actions()
-		for i, action := range actions {
-			if len(test.expectedActions) < i+1 {
-				t.Errorf("Test %q: %d unexpected actions: %+v", test.name, len(actions)-len(test.expectedActions), spew.Sdump(actions[i:]))
-				break
-			}
-
-			// Sanitize time in attach/detach errors
-			if action.GetVerb() == "update" && action.GetResource().Resource == "volumeattachments" {
-				obj := action.(core.UpdateAction).GetObject()
-				o := obj.(*storage.VolumeAttachment)
-				if o.Status.AttachError != nil {
-					o.Status.AttachError.Time = metav1.Time{}
-				}
-				if o.Status.DetachError != nil {
-					o.Status.DetachError.Time = metav1.Time{}
+					coreObjs = append(coreObjs, obj)
 				}
 			}

-			if action.GetVerb() == "patch" && action.GetResource().Resource == "volumeattachments" {
-				patchAction := action.(core.PatchActionImpl)
-				patch := patchAction.GetPatch()
-				var va storage.VolumeAttachment
-				err := json.Unmarshal(patch, &va)
-				if va.Status.AttachError != nil {
-					va.Status.AttachError.Time = metav1.Time{}
+			// Create client and informers
+			client := fake.NewSimpleClientset(coreObjs...)
+			informers := informers.NewSharedInformerFactory(client, time.Hour /* disable resync*/)
+			vaInformer := informers.Storage().V1().VolumeAttachments()
+			pvInformer := informers.Core().V1().PersistentVolumes()
+			nodeInformer := informers.Core().V1().Nodes()
+			csiNodeInformer := informers.Storage().V1().CSINodes()
+			// Fill the informers with initial objects so controller can Get() them
+			for _, obj := range objs {
+				switch obj.(type) {
+				case *v1.PersistentVolume:
+					pvInformer.Informer().GetStore().Add(obj)
+				case *v1.Node:
+					nodeInformer.Informer().GetStore().Add(obj)
+				case *storage.VolumeAttachment:
+					vaInformer.Informer().GetStore().Add(obj)
+				case *v1.Secret:
+					// Secrets are not cached in any informer
+				case *storage.CSINode:
+					csiNodeInformer.Informer().GetStore().Add(obj)
+				default:
+					t.Fatalf("Unknown initalObject type: %+v", obj)
 				}
-				if va.Status.DetachError != nil {
-					va.Status.DetachError.Time = metav1.Time{}
-				}
-
-				if va.Status.AttachError != nil || va.Status.DetachError != nil {
-
-					patch, err = createMergePatch(storage.VolumeAttachment{}, va)
-					if err != nil {
-						t.Errorf("Test %q create patch failed", t.Name())
+			}
+			// This reactor makes sure that all updates that the controller does are
+			// reflected in its informers so Lister.Get() finds them. This does not
+			// enqueue events!
+			client.Fake.PrependReactor("update", "*", func(action core.Action) (bool, runtime.Object, error) {
+				if action.GetVerb() == "update" {
+					switch action.GetResource().Resource {
+					case "volumeattachments":
+						logger.V(5).Info("Test reactor: updated VA")
+						vaInformer.Informer().GetStore().Update(action.(core.UpdateAction).GetObject())
+					case "persistentvolumes":
+						logger.V(5).Info("Test reactor: updated PV")
+						pvInformer.Informer().GetStore().Update(action.(core.UpdateAction).GetObject())
+					default:
+						t.Errorf("Unknown update resource: %s", action.GetResource())
 					}
-					patchAction.Patch = patch
-					action = patchAction
+				}
+				return false, nil, nil
+			})
+			// Run any reactors that the test needs *before* the above one.
+			for _, reactor := range test.reactors {
+				client.Fake.PrependReactor(reactor.verb, reactor.resource, reactor.reactor(t))
+			}
+
+			// Construct controller
+			lister := &fakeLister{t: t, publishedNodes: test.listerResponse}
+			csiConnection := &fakeCSIConnection{t: t, calls: test.expectedCSICalls, lister: lister}
+			handler := handlerFactory(client, informers, csiConnection, lister)
+			ctrl := NewCSIAttachController(logger, client, testAttacherName, handler, vaInformer, pvInformer, workqueue.DefaultTypedControllerRateLimiter[string](), workqueue.DefaultTypedControllerRateLimiter[string](), test.listerResponse != nil, 1*time.Minute)
+
+			// Start the test by enqueueing the right event
+			if test.addedVA != nil {
+				ctrl.vaAdded(test.addedVA)
+			}
+			if test.updatedVA != nil {
+				ctrl.vaUpdatedFunc(logger)(test.updatedVA, test.updatedVA)
+			}
+			if test.deletedVA != nil {
+				ctrl.vaDeleted(test.deletedVA)
+			}
+			if test.updatedPV != nil {
+				ctrl.pvUpdated(test.updatedPV, test.updatedPV)
+			}
+
+			// Process the queue until we get expected results
+			timeout := time.Now().Add(10 * time.Second)
+			lastReportedActionCount := 0
+			for {
+				if time.Now().After(timeout) {
+					t.Errorf("Test %q: timed out", test.name)
+					break
+				}
+				if ctrl.vaQueue.Len() > 0 {
+					logger.V(5).Info("VA queue, processing one", "queueLength", ctrl.vaQueue.Len())
+					ctrl.syncVA(ctx)
+				}
+				if ctrl.pvQueue.Len() > 0 {
+					logger.V(5).Info("PV queue, processing one", "queueLength", ctrl.pvQueue.Len())
+					ctrl.syncPV(ctx)
+				}
+				if ctrl.vaQueue.Len() > 0 || ctrl.pvQueue.Len() > 0 {
+					// There is still some work in the queue, process it now
+					continue
+				}
+				if test.listerResponse != nil {
+					// Reconcile VA with the actual state
+					err := ctrl.handler.ReconcileVA(ctx)
+					if err != nil {
+						t.Errorf("Failed to reconcile Volume Attachment objects: %v", err)
+					}
+				}
+				if ctrl.vaQueue.Len() > 0 || ctrl.pvQueue.Len() > 0 {
+					// Reconciler created some work, process the queues once again
+					continue
+				}
+				currentActionCount := len(client.Actions())
+				if currentActionCount < len(test.expectedActions) {
+					if lastReportedActionCount < currentActionCount {
+						logger.V(5).Info("Waiting for the rest", "currentActionCount", currentActionCount, "expectedActionsCount", len(test.expectedActions))
+						lastReportedActionCount = currentActionCount
+					}
+					// The test expected more to happen, wait for them
+					time.Sleep(10 * time.Millisecond)
+					continue
+				}
+				break
+			}
+
+			actions := client.Actions()
+			for i, action := range actions {
+				if len(test.expectedActions) < i+1 {
+					t.Errorf("Test %q: %d unexpected actions: %+v", test.name, len(actions)-len(test.expectedActions), spew.Sdump(actions[i:]))
+					break
 				}

+				// Sanitize time in attach/detach errors
+				if action.GetVerb() == "update" && action.GetResource().Resource == "volumeattachments" {
+					obj := action.(core.UpdateAction).GetObject()
+					o := obj.(*storage.VolumeAttachment)
+					if o.Status.AttachError != nil {
+						o.Status.AttachError.Time = metav1.Time{}
+					}
+					if o.Status.DetachError != nil {
+						o.Status.DetachError.Time = metav1.Time{}
+					}
+				}
+
+				if action.GetVerb() == "patch" && action.GetResource().Resource == "volumeattachments" {
+					patchAction := action.(core.PatchActionImpl)
+					patch := patchAction.GetPatch()
+					var va storage.VolumeAttachment
+					err := json.Unmarshal(patch, &va)
+					if err != nil {
+						t.Errorf("Failed to unmarshal: %v", err)
+					}
+					if va.Status.AttachError != nil {
+						va.Status.AttachError.Time = metav1.Time{}
+					}
+					if va.Status.DetachError != nil {
+						va.Status.DetachError.Time = metav1.Time{}
+					}
+
+					if va.Status.AttachError != nil || va.Status.DetachError != nil {
+
+						patch, err = createMergePatch(storage.VolumeAttachment{}, va)
+						if err != nil {
+							t.Errorf("Test %q create patch failed", t.Name())
+						}
+						patchAction.Patch = patch
+						action = patchAction
+					}
+
+				}
+
+				expectedAction := test.expectedActions[i]
+				if !reflect.DeepEqual(expectedAction, action) {
+					t.Errorf("Test %q: action %d\nExpected:\n%s\ngot:\n%s", test.name, i, spew.Sdump(expectedAction), spew.Sdump(action))
+					continue
+				}
 			}

-			expectedAction := test.expectedActions[i]
-			if !reflect.DeepEqual(expectedAction, action) {
-				t.Errorf("Test %q: action %d\nExpected:\n%s\ngot:\n%s", test.name, i, spew.Sdump(expectedAction), spew.Sdump(action))
-				continue
+			if len(test.expectedActions) > len(actions) {
+				t.Errorf("Test %q: %d additional expected actions", test.name, len(test.expectedActions)-len(actions))
+				for _, a := range test.expectedActions[len(actions):] {
+					t.Logf("    %+v", a)
+				}
 			}
-		}

-		if len(test.expectedActions) > len(actions) {
-			t.Errorf("Test %q: %d additional expected actions", test.name, len(test.expectedActions)-len(actions))
-			for _, a := range test.expectedActions[len(actions):] {
-				t.Logf("    %+v", a)
+			if test.additionalCheck != nil {
+				test.additionalCheck(t, test)
 			}
-		}
-
-		if test.additionalCheck != nil {
-			test.additionalCheck(t, test)
-		}
-		// makesure all the csi calls were executed.
-		if csiConnection.index < len(csiConnection.calls) {
-			t.Errorf("Test %q: %d additional expected CSI calls", test.name, len(csiConnection.calls)-csiConnection.index)
-			for _, a := range csiConnection.calls[csiConnection.index:] {
-				t.Logf("   %+v", a)
+			// makesure all the csi calls were executed.
+			if csiConnection.index < len(csiConnection.calls) {
+				t.Errorf("Test %q: %d additional expected CSI calls", test.name, len(csiConnection.calls)-csiConnection.index)
+				for _, a := range csiConnection.calls[csiConnection.index:] {
+					t.Logf("   %+v", a)
+				}
 			}
-		}
-		klog.Infof("Test %q: finished \n\n", test.name)
+			logger.Info("Test was finished")
+		})
 	}
 }

@ -381,7 +389,7 @@ func vaWithNoPVReferenceNorInlineVolumeSpec(va *storage.VolumeAttachment) *stora
 	return va
 }

-func vaWithInvalidDriver(va *storage.VolumeAttachment) *storage.VolumeAttachment {
+func vaWithInvalidDriver(_ *storage.VolumeAttachment) *storage.VolumeAttachment {
 	return createVolumeAttachment("unknownDriver", testPVName, testNodeName, false, "", nil)
 }

--- a/pkg/controller/trivial_handler.go
+++ b/pkg/controller/trivial_handler.go
@ -17,6 +17,8 @@ limitations under the License.
 package controller

 import (
+	"context"
+
 	v1 "k8s.io/api/core/v1"
 	storage "k8s.io/api/storage/v1"
 	"k8s.io/client-go/kubernetes"
@ -30,7 +32,7 @@ import (
 // nothing to detach).
 type trivialHandler struct {
 	client           kubernetes.Interface
-	vaQueue, pvQueue workqueue.RateLimitingInterface
+	vaQueue, pvQueue workqueue.TypedRateLimitingInterface[string]
 }

 var _ Handler = &trivialHandler{}
@ -40,29 +42,30 @@ func NewTrivialHandler(client kubernetes.Interface) Handler {
 	return &trivialHandler{client: client}
 }

-func (h *trivialHandler) Init(vaQueue workqueue.RateLimitingInterface, pvQueue workqueue.RateLimitingInterface) {
+func (h *trivialHandler) Init(vaQueue workqueue.TypedRateLimitingInterface[string], pvQueue workqueue.TypedRateLimitingInterface[string]) {
 	h.vaQueue = vaQueue
 	h.pvQueue = pvQueue
 }

-func (h *trivialHandler) ReconcileVA() error {
+func (h *trivialHandler) ReconcileVA(ctx context.Context) error {
 	return nil
 }

-func (h *trivialHandler) SyncNewOrUpdatedVolumeAttachment(va *storage.VolumeAttachment) {
-	klog.V(4).Infof("Trivial sync[%s] started", va.Name)
+func (h *trivialHandler) SyncNewOrUpdatedVolumeAttachment(ctx context.Context, va *storage.VolumeAttachment) {
+	logger := klog.FromContext(ctx)
+	ctx = klog.NewContext(ctx, logger)
+	logger.V(4).Info("Trivial sync started")
 	if !va.Status.Attached {
 		// mark as attached
-		if _, err := markAsAttached(h.client, va, nil); err != nil {
-			klog.Warningf("Error saving VolumeAttachment %s as attached: %s", va.Name, err)
+		if _, err := markAsAttached(ctx, h.client, va, nil); err != nil {
+			logger.Error(err, "Error saving VolumeAttachment as attached")
 			h.vaQueue.AddRateLimited(va.Name)
 			return
 		}
-		klog.V(2).Infof("Marked VolumeAttachment %s as attached", va.Name)
+		logger.V(2).Info("Marked VolumeAttachment as attached")
 	}
 	h.vaQueue.Forget(va.Name)
 }

-func (h *trivialHandler) SyncNewOrUpdatedPersistentVolume(pv *v1.PersistentVolume) {
-	return
+func (h *trivialHandler) SyncNewOrUpdatedPersistentVolume(ctx context.Context, pv *v1.PersistentVolume) {
 }
--- a/pkg/controller/util.go
+++ b/pkg/controller/util.go
@ -28,14 +28,16 @@ import (
 	"github.com/kubernetes-csi/csi-lib-utils/accessmodes"
 	v1 "k8s.io/api/core/v1"
 	storage "k8s.io/api/storage/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/klog/v2"
 )

-func markAsAttached(client kubernetes.Interface, va *storage.VolumeAttachment, metadata map[string]string) (*storage.VolumeAttachment, error) {
-	klog.V(4).Infof("Marking as attached %q", va.Name)
+func markAsAttached(ctx context.Context, client kubernetes.Interface, va *storage.VolumeAttachment, metadata map[string]string) (*storage.VolumeAttachment, error) {
+	logger := klog.FromContext(ctx)
+	logger.V(4).Info("Marking as attached")
 	clone := va.DeepCopy()
 	clone.Status.Attached = true
 	clone.Status.AttachmentMetadata = metadata
@ -44,40 +46,60 @@ func markAsAttached(client kubernetes.Interface, va *storage.VolumeAttachment, m
 	if err != nil {
 		return va, err
 	}
-	newVA, err := client.StorageV1().VolumeAttachments().Patch(context.TODO(), va.Name, types.MergePatchType, patch,
+	newVA, err := client.StorageV1().VolumeAttachments().Patch(ctx, va.Name, types.MergePatchType, patch,
 		metav1.PatchOptions{}, "status")
 	if err != nil {
 		return va, err
 	}
-	klog.V(4).Infof("Marked as attached %q", va.Name)
+	logger.V(4).Info("Marked as attached")
 	return newVA, nil
 }

-func markAsDetached(client kubernetes.Interface, va *storage.VolumeAttachment) (*storage.VolumeAttachment, error) {
+func markAsDetached(ctx context.Context, client kubernetes.Interface, va *storage.VolumeAttachment) (*storage.VolumeAttachment, error) {
+	logger := klog.FromContext(ctx)
 	finalizerName := GetFinalizerName(va.Spec.Attacher)

 	// Prepare new array of finalizers
 	newFinalizers := make([]string, 0, len(va.Finalizers))
-	found := false
+	finalizerFound := false
 	for _, f := range va.Finalizers {
 		if f == finalizerName {
-			found = true
+			finalizerFound = true
 			continue
 		}
 		newFinalizers = append(newFinalizers, f)
 	}
+	if !finalizerFound && !va.Status.Attached {
+		// Finalizer was not present, nothing to update
+		logger.V(4).Info("Already fully detached")
+		return va, nil
+	}
 	// Mostly to simplify unit tests, but it won't harm in production too
 	if len(newFinalizers) == 0 {
 		newFinalizers = nil
 	}

-	if !found && !va.Status.Attached {
-		// Finalizer was not present, nothing to update
-		klog.V(4).Infof("Already fully detached %q", va.Name)
-		return va, nil
+	// Remove the finalizer first. A VolumeAttachment with DeletionTimestamp and without Finalizer will be considered as detached
+	// even when status says `attached: true`. Therefore the attacher won't re-try detaching already detached volume.
+	// The other way around (mark as detached and then remove the finalizer) leads to a second ControllerUnpublish call,
+	// because a VolumeAttachment with the finalizer present and `attached: false` could mean the attachment could have timed out
+	// previously and the attacher needs to confirm the volume is detached with ControllerUnpublish.
+	if finalizerFound {
+		clone := va.DeepCopy()
+		clone.Finalizers = newFinalizers
+		patch, err := createMergePatch(va, clone)
+		if err != nil {
+			return va, err
+		}
+		newVA, err := client.StorageV1().VolumeAttachments().Patch(ctx, va.Name, types.MergePatchType, patch, metav1.PatchOptions{})
+		if err != nil {
+			return va, err
+		}
+		logger.V(4).Info("Finalizer removed")
+		va = newVA
 	}

-	klog.V(4).Infof("Marking as detached %q", va.Name)
+	logger.V(4).Info("Marking as detached")
 	clone := va.DeepCopy()
 	clone.Status.Attached = false
 	clone.Status.DetachError = nil
@ -86,24 +108,15 @@ func markAsDetached(client kubernetes.Interface, va *storage.VolumeAttachment) (
 	if err != nil {
 		return va, err
 	}
-	newVA, err := client.StorageV1().VolumeAttachments().Patch(context.TODO(), va.Name, types.MergePatchType, patch,
-		metav1.PatchOptions{}, "status")
+	newVA, err := client.StorageV1().VolumeAttachments().Patch(ctx, va.Name, types.MergePatchType, patch, metav1.PatchOptions{}, "status")
 	if err != nil {
+		if apierrors.IsNotFound(err) {
+			// The VolumeAttachment does not have any finalizer, it might have been deleted by the API server.
+			return va, nil
+		}
 		return va, err
 	}

-	// As Finalizers is not in the status subresource it must be patched separately. It is removed after the status update so the resource is not prematurely deleted.
-	clone = newVA.DeepCopy()
-	clone.Finalizers = newFinalizers
-	patch, err = createMergePatch(newVA, clone)
-	if err != nil {
-		return newVA, err
-	}
-	newVA, err = client.StorageV1().VolumeAttachments().Patch(context.TODO(), newVA.Name, types.MergePatchType, patch, metav1.PatchOptions{}, "")
-	if err != nil {
-		return newVA, err
-	}
-	klog.V(4).Infof("Finalizer removed from %q", va.Name)
 	return newVA, nil
 }

@ -139,7 +152,7 @@ func GetNodeIDFromCSINode(driver string, csiNode *storage.CSINode) (string, bool

 // GetVolumeCapabilities returns a VolumeCapability from the PV spec. Which access mode will be set depends if the driver supports the
 // SINGLE_NODE_MULTI_WRITER capability.
-func GetVolumeCapabilities(pvSpec *v1.PersistentVolumeSpec, singleNodeMultiWriterCapable bool, defaultFSType string) (*csi.VolumeCapability, error) {
+func GetVolumeCapabilities(logger klog.Logger, pvSpec *v1.PersistentVolumeSpec, singleNodeMultiWriterCapable bool, defaultFSType string) (*csi.VolumeCapability, error) {
 	if pvSpec.CSI == nil {
 		return nil, errors.New("CSI volume source was nil")
 	}
@ -157,7 +170,7 @@ func GetVolumeCapabilities(pvSpec *v1.PersistentVolumeSpec, singleNodeMultiWrite
 		fsType := pvSpec.CSI.FSType
 		if len(fsType) == 0 {
 			fsType = defaultFSType
-			klog.V(4).Infof("Filesystem type not found in PV spec. Using defaultFSType: %v.", fsType)
+			logger.V(4).Info("Filesystem type not found in PV spec. Using defaultFSType", "defaultFSType", fsType)
 		}

 		cap = &csi.VolumeCapability{
@ -197,7 +210,7 @@ func GetVolumeAttributes(csiSource *v1.CSIPersistentVolumeSource) (map[string]st
 }

 // createMergePatch return patch generated from original and new interfaces
-func createMergePatch(original, new interface{}) ([]byte, error) {
+func createMergePatch(original, new any) ([]byte, error) {
 	pvByte, err := json.Marshal(original)
 	if err != nil {
 		return nil, err
--- a/pkg/controller/util_test.go
+++ b/pkg/controller/util_test.go
@ -22,6 +22,8 @@ import (

 	"github.com/container-storage-interface/spec/lib/go/csi"
 	v1 "k8s.io/api/core/v1"
+	"k8s.io/klog/v2/ktesting"
+	_ "k8s.io/klog/v2/ktesting/init"
 )

 func createBlockCapability(mode csi.VolumeCapability_AccessMode_Mode) *csi.VolumeCapability {
@ -50,6 +52,7 @@ func createMountCapability(fsType string, mode csi.VolumeCapability_AccessMode_M
 }

 func TestGetVolumeCapabilities(t *testing.T) {
+	logger, _ := ktesting.NewTestContext(t)
 	blockVolumeMode := v1.PersistentVolumeMode(v1.PersistentVolumeBlock)
 	filesystemVolumeMode := v1.PersistentVolumeMode(v1.PersistentVolumeFilesystem)
 	defaultFSType := "ext4"
@ -207,7 +210,7 @@ func TestGetVolumeCapabilities(t *testing.T) {
 				},
 			},
 		}
-		cap, err := GetVolumeCapabilities(&pv.Spec, test.supportsSingleNodeMultiWriter, defaultFSType)
+		cap, err := GetVolumeCapabilities(logger, &pv.Spec, test.supportsSingleNodeMultiWriter, defaultFSType)

 		if err == nil && test.expectError {
 			t.Errorf("test %s: expected error, got none", test.name)
--- a/pkg/features/features.go
+++ b/pkg/features/features.go
@ -0,0 +1,51 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package features
+
+import (
+	"k8s.io/apiserver/pkg/util/feature"
+	"k8s.io/component-base/featuregate"
+)
+
+const (
+	// owner: @torredil @gnufied @msau42
+	// kep: https://kep.k8s.io/4876
+	// alpha: v1.33
+	// beta: v1.34
+	//
+	// Makes CSINode.Spec.Drivers[*].Allocatable.Count mutable, allowing CSI drivers to
+	// update the number of volumes that can be allocated on a node. Additionally, enables
+	// setting ErrorCode field in VolumeAttachment status.
+	MutableCSINodeAllocatableCount featuregate.Feature = "MutableCSINodeAllocatableCount"
+
+	// owner: @rhrmo
+	// alpha: v1.35
+	//
+	// Releases leader election lease on sigterm / sigint.
+	ReleaseLeaderElectionOnExit featuregate.Feature = "ReleaseLeaderElectionOnExit"
+)
+
+func init() {
+	feature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates)
+}
+
+// defaultKubernetesFeatureGates consists of all known feature keys specific to external-attacher.
+// To add a new feature, define a key for it above and add it here.
+var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{
+	ReleaseLeaderElectionOnExit:    {Default: false, PreRelease: featuregate.Alpha},
+	MutableCSINodeAllocatableCount: {Default: false, PreRelease: featuregate.Beta},
+}
--- a/release-tools/.github/dependabot.yaml
+++ b/release-tools/.github/dependabot.yaml
@ -0,0 +1,12 @@
+version: 2
+enable-beta-ecosystems: true
+updates:
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+      interval: "daily"
+  labels:
+    - "area/dependency"
+    - "release-note-none"
+    - "ok-to-test"
+  open-pull-requests-limit: 10
--- a/release-tools/.github/workflows/codespell.yml
+++ b/release-tools/.github/workflows/codespell.yml
@ -0,0 +1,15 @@
+# GitHub Action to automate the identification of common misspellings in text files.
+# https://github.com/codespell-project/actions-codespell
+# https://github.com/codespell-project/codespell
+name: codespell
+on: [push, pull_request]
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: codespell-project/actions-codespell@master
+        with:
+          check_filenames: true
+          skip: "*.png,*.jpg,*.svg,*.sum,./.git,./.github/workflows/codespell.yml,./prow.sh"
--- a/release-tools/.github/workflows/trivy.yaml
+++ b/release-tools/.github/workflows/trivy.yaml
@ -0,0 +1,29 @@
+name: Run Trivy scanner for Go version vulnerabilities
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+jobs:
+  trivy:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Go version
+        id: go-version
+        run: |
+          GO_VERSION=$(cat prow.sh  | grep "configvar CSI_PROW_GO_VERSION_BUILD" | awk '{print $3}' | sed 's/"//g')
+          echo "version=$GO_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Run Trivy scanner for Go version vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'golang:${{ steps.go-version.outputs.version }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'library'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN'
--- a/release-tools/KUBERNETES_CSI_OWNERS_ALIASES
+++ b/release-tools/KUBERNETES_CSI_OWNERS_ALIASES
@ -18,6 +18,7 @@ aliases:
  # when they are temporarily unable to review PRs.
  kubernetes-csi-reviewers:
  - andyzhangx
+  - carlory
  - chrishenzie
  - ggriffiths
  - gnufied
--- a/release-tools/SIDECAR_RELEASE_PROCESS.md
+++ b/release-tools/SIDECAR_RELEASE_PROCESS.md
@ -17,7 +17,7 @@ The release manager must:
 Whenever a new Kubernetes minor version is released, our kubernetes-csi CI jobs
 must be updated.

-[Our CI jobs](https://k8s-testgrid.appspot.com/sig-storage-csi-ci) have the
+[Our CI jobs](https://testgrid.k8s.io/sig-storage-csi-ci) have the
 naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.

 1. Jobs should be actively monitored to find and fix failures in sidecars and
@ -46,54 +46,51 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
 ## Release Process
 1. Identify all issues and ongoing PRs that should go into the release, and
  drive them to resolution.
-1. Download the latest version of the
-   [K8s release notes generator](https://github.com/kubernetes/release/tree/HEAD/cmd/release-notes)
-1. Create a
-   [Github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
-   with `repo:public_repo` access
-1. Generate release notes for the release. Replace arguments with the relevant
-   information.
-    * Clean up old cached information (also needed if you are generating release
-      notes for multiple repos)
-      ```bash
-      rm -rf /tmp/k8s-repo
-      ```
-    * For new minor releases on master:
-        ```bash
-        GITHUB_TOKEN=<token> release-notes \
-          --discover=mergebase-to-latest \
-          --org=kubernetes-csi \
-          --repo=external-provisioner \
-          --required-author="" \
-          --markdown-links \
-          --output out.md
-        ```
-    * For new patch releases on a release branch:
-        ```bash
-        GITHUB_TOKEN=<token> release-notes \
-          --discover=patch-to-latest \
-          --branch=release-1.1 \
-          --org=kubernetes-csi \
-          --repo=external-provisioner \
-          --required-author="" \
-          --markdown-links \
-          --output out.md
-        ```
-1. Compare the generated output to the new commits for the release to check if
-   any notable change missed a release note.
-1. Reword release notes as needed. Make sure to check notes for breaking
-   changes and deprecations.
-1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md`
-   file. Otherwise, add the release notes to the top of the existing CHANGELOG
-   file for that minor version.
-1. Submit a PR for the CHANGELOG changes.
-1. Submit a PR for README changes, in particular, Compatibility, Feature status,
-   and any other sections that may need updating.
+1. Update dependencies for sidecars
+    1. For new minor versions, use
+   [go-modules-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-update.sh),
+    1. For CVE fixes on patch versions, use
+   [go-modules-targeted-update.sh](https://github.com/kubernetes-csi/csi-release-tools/blob/HEAD/go-modules-targeted-update.sh),
+       Read the instructions at the top of the script.
 1. Check that all [canary CI
-  jobs](https://k8s-testgrid.appspot.com/sig-storage-csi-ci) are passing,
+  jobs](https://testgrid.k8s.io/sig-storage-csi-ci) are passing,
  and that test coverage is adequate for the changes that are going into the release.
 1. Check that the post-\<sidecar\>-push-images builds are succeeding.
-   [Example](https://k8s-testgrid.appspot.com/sig-storage-image-build#post-external-snapshotter-push-images)
+   [Example](https://testgrid.k8s.io/sig-storage-image-build#post-external-snapshotter-push-images)
+1. Generate release notes.
+    1.  Download the latest version of the [K8s release notes generator](https://github.com/kubernetes/release/tree/HEAD/cmd/release-notes)
+    1. Create a
+       [Github personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)
+       with `repo:public_repo` access
+    1. For patch release, use the script generate_patch_release_notes.sh. Read the instructions at the top of the
+       script. The script also creates PRs for each branch.
+    1. For new minor releases, follow these steps and replace arguments with the relevant
+       information.
+        * Clean up old cached information (also needed if you are generating release
+          notes for multiple repos)
+          ```bash
+          rm -rf /tmp/k8s-repo
+          ```
+        * For new minor releases on master:
+            ```bash
+            GITHUB_TOKEN=<token> release-notes \
+              --discover=mergebase-to-latest \
+              --org=kubernetes-csi \
+              --repo=external-provisioner \
+              --required-author="" \
+              --markdown-links \
+              --output out.md
+            ```
+    1. Compare the generated output to the new commits for the release to check if
+       any notable change missed a release note.
+    1. Reword release notes as needed, ideally in the original PRs so that the
+       release notes can be regenerated. Make sure to check notes for breaking
+       changes and deprecations.
+    1. If release is a new major/minor version, create a new `CHANGELOG-<major>.<minor>.md`
+       file.
+    1. Submit a PR for the CHANGELOG changes.
+1. Submit a PR for README changes, in particular, Compatibility, Feature status,
+   and any other sections that may need updating.
 1. Make sure that no new PRs have merged in the meantime, and no PRs are in
   flight and soon to be merged.
 1. Create a new release following a previous release as a template. Be sure to select the correct
@ -101,8 +98,8 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.
   [external-provisioner example](https://github.com/kubernetes-csi/external-provisioner/releases/new)
 1. If release was a new major/minor version, create a new `release-<minor>`
   branch at that commit.
-1. Check [image build status](https://k8s-testgrid.appspot.com/sig-storage-image-build).
-1. Promote images from k8s-staging-sig-storage to k8s.gcr.io/sig-storage. From
+1. Check [image build status](https://testgrid.k8s.io/sig-storage-image-build).
+1. Promote images from k8s-staging-sig-storage to registry.k8s.io/sig-storage. From
   the [k8s image
   repo](https://github.com/kubernetes/k8s.io/tree/HEAD/registry.k8s.io/images/k8s-staging-sig-storage),
   run `./generate.sh > images.yaml`, and send a PR with the updated images.
@ -120,7 +117,7 @@ naming convention `<hostpath-deployment-version>-on-<kubernetes-version>`.

 The following jobs are triggered after tagging to produce the corresponding
 image(s):
-https://k8s-testgrid.appspot.com/sig-storage-image-build
+https://testgrid.k8s.io/sig-storage-image-build

 Clicking on a failed build job opens that job in https://prow.k8s.io. Next to
 the job title is a rerun icon (circle with arrow). Clicking it opens a popup
--- a/release-tools/build.make
+++ b/release-tools/build.make
@ -45,9 +45,10 @@ REV=$(shell git describe --long --tags --match='v*' --dirty 2>/dev/null || git r
 # Determined dynamically.
 IMAGE_TAGS=

-# A "canary" image gets built if the current commit is the head of the remote "master" branch.
+# A "canary" image gets built if the current commit is the head of the remote "master" or "main" branch.
 # That branch does not exist when building some other branch in TravisCI.
 IMAGE_TAGS+=$(shell if [ "$$(git rev-list -n1 HEAD)" = "$$(git rev-list -n1 origin/master 2>/dev/null)" ]; then echo "canary"; fi)
+IMAGE_TAGS+=$(shell if [ "$$(git rev-list -n1 HEAD)" = "$$(git rev-list -n1 origin/main 2>/dev/null)" ]; then echo "canary"; fi)

 # A "X.Y.Z-canary" image gets built if the current commit is the head of a "origin/release-X.Y.Z" branch.
 # The actual suffix does not matter, only the "release-" prefix is checked.
@ -62,9 +63,9 @@ IMAGE_NAME=$(REGISTRY_NAME)/$*

 ifdef V
 # Adding "-alsologtostderr" assumes that all test binaries contain glog. This is not guaranteed.
-TESTARGS = -v -args -alsologtostderr -v 5
+TESTARGS = -race -v -args -alsologtostderr -v 5
 else
-TESTARGS =
+TESTARGS = -race
 endif

 # Specific packages can be excluded from each of the tests below by setting the *_FILTER_CMD variables
@ -143,7 +144,7 @@ DOCKER_BUILDX_CREATE_ARGS ?=
 # Windows binaries can be built before adding a Dockerfile for it.
 #
 # BUILD_PLATFORMS determines which individual images are included in the multiarch image.
-# PULL_BASE_REF must be set to 'master', 'release-x.y', or a tag name, and determines
+# PULL_BASE_REF must be set to 'master', 'main', 'release-x.y', or a tag name, and determines
 # the tag for the resulting multiarch image.
 $(CMDS:%=push-multiarch-%): push-multiarch-%: check-pull-base-ref build-%
 	set -ex; \
@ -191,7 +192,7 @@ $(CMDS:%=push-multiarch-%): push-multiarch-%: check-pull-base-ref build-%
 		done; \
 		docker manifest push -p $(IMAGE_NAME):$$tag; \
 	}; \
-	if [ $(PULL_BASE_REF) = "master" ]; then \
+	if [ $(PULL_BASE_REF) = "master" ] || [ $(PULL_BASE_REF) = "main" ]; then \
 			: "creating or overwriting canary image"; \
 			pushMultiArch canary; \
 	elif echo $(PULL_BASE_REF) | grep -q -e 'release-*' ; then \
@ -209,7 +210,7 @@ $(CMDS:%=push-multiarch-%): push-multiarch-%: check-pull-base-ref build-%
 .PHONY: check-pull-base-ref
 check-pull-base-ref:
 	if ! [ "$(PULL_BASE_REF)" ]; then \
-		echo >&2 "ERROR: PULL_BASE_REF must be set to 'master', 'release-x.y', or a tag name."; \
+		echo >&2 "ERROR: PULL_BASE_REF must be set to 'master', 'main', 'release-x.y', or a tag name."; \
 		exit 1; \
 	fi

@ -322,3 +323,10 @@ test-spelling:
 test-boilerplate:
 	@ echo; echo "### $@:"
 	@ ./release-tools/verify-boilerplate.sh "$(pwd)"
+
+# Test klog usage. This test is optional and must be explicitly added to `test` target in the main Makefile:
+# test: test-logcheck
+.PHONY: test-logcheck
+test-logcheck:
+	@ echo; echo "### $@:"
+	@ ./release-tools/verify-logcheck.sh
--- a/release-tools/cloudbuild.yaml
+++ b/release-tools/cloudbuild.yaml
@ -13,7 +13,7 @@
 # See https://github.com/kubernetes/test-infra/blob/HEAD/config/jobs/image-pushing/README.md
 # for more details on image pushing process in Kubernetes.
 #
-# To promote release images, see https://github.com/kubernetes/k8s.io/tree/HEAD/k8s.gcr.io/images/k8s-staging-sig-storage.
+# To promote release images, see https://github.com/kubernetes/k8s.io/tree/HEAD/registry.k8s.io/images/k8s-staging-sig-storage.

 # This must be specified in seconds. If omitted, defaults to 600s (10 mins).
 # Building three images in external-snapshotter takes more than an hour.
@ -26,7 +26,7 @@ steps:
  # The image must contain bash and curl. Ideally it should also contain
  # the desired version of Go (currently defined in release-tools/prow.sh),
  # but that just speeds up the build and is not required.
-  - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20230424-910a2a439d'
+  - name: 'gcr.io/k8s-testimages/gcb-docker-gcloud:v20240718-5ef92b5c36'
    entrypoint: ./.cloudbuild.sh
    env:
    - GIT_TAG=${_GIT_TAG}
--- a/release-tools/contrib/get_supported_version_csi-sidecar.py
+++ b/release-tools/contrib/get_supported_version_csi-sidecar.py
@ -0,0 +1,170 @@
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import datetime
+import re
+from collections import defaultdict
+import subprocess
+import shutil
+from dateutil.relativedelta import relativedelta
+
+def check_gh_command():
+    """
+    Pretty much everything is processed from `gh`
+    Check that the `gh` command is in the path before anything else
+    """
+    if not shutil.which('gh'):
+        print("Error: The `gh` command is not available in the PATH.")
+        print("Please install the GitHub CLI (https://cli.github.com/) and try again.")
+        exit(1)
+
+def duration_ago(dt):
+    """
+    Humanize duration outputs
+    """
+    delta = relativedelta(datetime.datetime.now(), dt)
+    if delta.years > 0:
+        return f"{delta.years} year{'s' if delta.years > 1 else ''} ago"
+    elif delta.months > 0:
+        return f"{delta.months} month{'s' if delta.months > 1 else ''} ago"
+    elif delta.days > 0:
+        return f"{delta.days} day{'s' if delta.days > 1 else ''} ago"
+    elif delta.hours > 0:
+        return f"{delta.hours} hour{'s' if delta.hours > 1 else ''} ago"
+    elif delta.minutes > 0:
+        return f"{delta.minutes} minute{'s' if delta.minutes > 1 else ''} ago"
+    else:
+        return "just now"
+
+def parse_version(version):
+    """
+    Parse version assuming it is in the form of v1.2.3
+    """
+    pattern = r"v(\d+)\.(\d+)\.(\d+)"
+    match = re.match(pattern, version)
+    if match:
+        major, minor, patch =  map(int, match.groups())
+        return (major, minor, patch)
+
+def end_of_life_grouped_versions(versions):
+    """
+    Calculate the end of life date for a minor release version according to : https://kubernetes-csi.github.io/docs/project-policies.html#support
+
+    The input is an array of tuples of:
+      * grouped versions (e.g. 1.0, 1.1)
+      * array of that contains all versions and their release date (e.g. 1.0.0, 01-01-2013)
+
+    versions structure example :
+      [((3, 5), [('v3.5.0', datetime.datetime(2023, 4, 27, 22, 28, 6))]),
+       ((3, 4),
+       [('v3.4.1', datetime.datetime(2023, 4, 5, 17, 41, 15)),
+        ('v3.4.0', datetime.datetime(2022, 12, 27, 23, 43, 41))])]
+    """
+    supported_versions = []
+    # Prepare dates for later calculation
+    now          = datetime.datetime.now()
+    one_year     = datetime.timedelta(days=365)
+    three_months = datetime.timedelta(days=90)
+
+    # get the newer versions on top
+    sorted_versions_list = sorted(versions.items(), key=lambda x: x[0], reverse=True)
+
+    # the latest version is always supported no matter the release date
+    latest = sorted_versions_list.pop(0)
+    supported_versions.append(latest[1][-1])
+
+    for v in sorted_versions_list:
+        first_release = v[1][-1]
+        last_release  = v[1][0]
+        # if the release is less than a year old we support the latest patch version
+        if now - first_release[1] < one_year:
+            supported_versions.append(last_release)
+        # if the main release is older than a year and has a recent path, this is supported
+        elif now - last_release[1] < three_months:
+            supported_versions.append(last_release)
+    return supported_versions
+
+def get_release_docker_image(repo, version):
+    """
+    Extract docker image name from the release page documentation
+    """
+    output = subprocess.check_output(['gh', 'release', '-R', repo, 'view', version], text=True)
+    #Extract matching image name excluding `
+    match = re.search(r"docker pull ([\.\/\-\:\w\d]*)", output)
+    docker_image = match.group(1) if match else ''
+    return((version, docker_image))
+
+def get_versions_from_releases(repo):
+    """
+    Using `gh` cli get the github releases page details then
+    create a list of grouped version on major.minor 
+    and for each give all major.minor.patch with release dates
+    """
+    # Run the `gh release` command to get the release list
+    output = subprocess.check_output(['gh', 'release', '-R', repo, 'list'], text=True)
+    # Parse the output and group by major and minor version numbers
+    versions = defaultdict(lambda: [])
+    for line in output.strip().split('\n'):
+        parts = line.split('\t')
+        # pprint.pprint(parts)
+        version = parts[0]
+        parsed_version = parse_version(version)
+        if parsed_version is None:
+            continue
+        major, minor, patch = parsed_version
+
+        published = datetime.datetime.strptime(parts[3], '%Y-%m-%dT%H:%M:%SZ')
+        versions[(major, minor)].append((version, published))
+    return(versions)
+
+
+def main():
+    manual = """
+    This script lists the supported versions Github releases according to https://kubernetes-csi.github.io/docs/project-policies.html#support
+    It has been designed to help to update the tables from : https://kubernetes-csi.github.io/docs/sidecar-containers.html\n\n
+    It can take multiple repos as argument, for all CSI sidecars details you can run:
+    ./get_supported_version_csi-sidecar.py -R kubernetes-csi/external-attacher -R kubernetes-csi/external-provisioner -R kubernetes-csi/external-resizer -R kubernetes-csi/external-snapshotter -R kubernetes-csi/livenessprobe -R kubernetes-csi/node-driver-registrar -R kubernetes-csi/external-health-monitor\n
+    With the output you can then update the documentation manually.
+    """
+    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter, description=manual)
+    parser.add_argument('--repo', '-R', required=True, action='append', dest='repos', help='The name of the repository in the format owner/repo.')
+    parser.add_argument('--display', '-d', action='store_true', help='(default) Display EOL versions with their dates', default=True)
+    parser.add_argument('--doc', '-D', action='store_true', help='Helper to https://kubernetes-csi.github.io/docs/ that prints Docker image for each EOL version')
+
+    args = parser.parse_args()
+
+    # Verify pre-reqs
+    check_gh_command()
+
+    # Process all repos
+    for repo in args.repos:
+        versions = get_versions_from_releases(repo)
+        eol_versions = end_of_life_grouped_versions(versions)
+
+        if args.display:
+            print(f"Supported versions with release date and age of `{repo}`:\n")
+            for version in eol_versions:
+                print(f"{version[0]}\t{version[1].strftime('%Y-%m-%d')}\t{duration_ago(version[1])}")
+
+        # TODO : generate proper doc output for the tables of: https://kubernetes-csi.github.io/docs/sidecar-containers.html
+        if args.doc:
+            print("\nSupported Versions with docker images for each end of life version:\n")
+            for version in eol_versions:
+                _, image = get_release_docker_image(repo, version[0])
+                print(f"{version[0]}\t{image}")
+        print()
+
+if __name__ == '__main__':
+    main()
--- a/release-tools/generate-patch-release-notes.sh
+++ b/release-tools/generate-patch-release-notes.sh
@ -0,0 +1,114 @@
+#!/bin/bash
+
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Usage: generate_patch_release_notes.sh
+#
+# Generates and creates PRs for kubernetes-csi patch releases.
+#
+# Required environment variables
+# CSI_RELEASE_TOKEN: Github token needed for generating release notes
+# GITHUB_USER: Github username to create PRs with
+#
+# Required tools:
+# - gh
+# - release-notes (https://github.com/kubernetes/release/blob/master/cmd/release-notes/README.md)
+# 
+# Instructions:
+# 1. Install the required tools
+# 2. Login with "gh auth login"
+# 3. Copy this script to the kubernetes-csi directory (one directory above the repos)
+# 4. Update the repos and versions in the $releases array
+# 5. Set environment variables
+# 6. Run script from the kubernetes-csi directory
+#
+# Caveats:
+# - This script doesn't handle regenerating and updating existing PRs yet.
+#   It might work if you comment out the PR creation line
+
+set -e
+set -x
+
+releases=(
+#  "external-attacher 4.4.1"
+#  "external-provisioner 3.6.1"
+#  "external-snapshotter 6.2.3"
+)
+
+function gen_patch_relnotes() {
+  rm out.md || true
+  rm -rf /tmp/k8s-repo || true
+  GITHUB_TOKEN="$CSI_RELEASE_TOKEN" \
+  release-notes --start-rev="$3" --end-rev="$2" --branch="$2" \
+    --org=kubernetes-csi --repo="$1" \
+    --required-author="" --markdown-links --output out.md
+}
+
+for rel in "${releases[@]}"; do
+  read -r repo version <<< "$rel"
+
+  # Parse minor version
+  minorPatchPattern="(^[[:digit:]]+\.[[:digit:]]+)\.([[:digit:]]+)"
+  [[ "$version" =~ $minorPatchPattern ]]
+  minor="${BASH_REMATCH[1]}"
+  patch="${BASH_REMATCH[2]}"
+
+  echo "$repo $version $minor $patch"
+  prevPatch="$((patch-1))"
+  prevVer="v$minor.$prevPatch"
+
+  pushd "$repo/CHANGELOG"
+
+  git fetch upstream
+
+  # Create branch
+  branch="changelog-release-$minor"
+  git checkout master
+  git branch -D "$branch" || true
+  git checkout --track "upstream/release-$minor" -b "$branch"
+
+  # Generate release notes
+  gen_patch_relnotes "$repo" "release-$minor" "$prevVer"
+  cat > tmp.md <<EOF
+# Release notes for v$version
+
+[Documentation](https://kubernetes-csi.github.io)
+
+EOF
+
+  cat out.md >> tmp.md
+  echo >> tmp.md
+  rm out.md
+
+  file="CHANGELOG-$minor.md"
+  cat "$file" >> tmp.md
+  mv tmp.md "$file"
+
+  git add -u
+  git commit -m "Add changelog for $version"
+  git push -f origin "$branch"
+
+  # Create PR
+prbody=$(cat <<EOF
+\`\`\`release-note
+NONE
+\`\`\`
+EOF
+)
+  gh pr create --title="Changelog for v$version" --body "$prbody"  --head "$GITHUB_USER:$branch" --base "release-$minor" --repo="kubernetes-csi/$repo"
+
+  popd
+done
--- a/release-tools/go-modules-targeted-update.sh
+++ b/release-tools/go-modules-targeted-update.sh
@ -0,0 +1,96 @@
+#!/bin/bash
+
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Usage: go-modules-targeted-update.sh
+#
+# Batch update specific dependencies for sidecars.
+#
+# Required environment variables
+# CSI_RELEASE_TOKEN: Github token needed for generating release notes
+# GITHUB_USER: Github username to create PRs with
+#
+# Instructions:
+# 1. Login with "gh auth login"
+# 2. Copy this script to the Github org directory (one directory above the
+# repos)
+# 3. Change $modules, $releases and $org if needed.
+# 4. Set environment variables
+# 5. Run script from the Github org directory
+#
+# Caveats:
+# - This script doesn't handle interface incompatibility of updates.
+#   You need to resolve interface incompatibility case by case. The
+#   most frequent case is to update the interface(new parameters,  
+#   name change of the method, etc.)in the sidecar repo and make sure
+#   the build and test pass.
+
+
+set -e
+set -x
+
+org="kubernetes-csi"
+
+modules=(
+"github.com/kubernetes-csi/csi-lib-utils@v0.15.1"
+)
+
+releases=(
+#"external-attacher release-4.4"
+#"external-provisioner release-3.6"
+#"external-resizer release-1.9"
+#"external-snapshotter release-6.3"
+#"node-driver-registrar release-2.9"
+)
+
+for rel in "${releases[@]}"; do
+
+    read -r repo branch <<< "$rel"
+    if [ "$repo" != "#" ]; then
+    (
+        cd "$repo"
+        git fetch upstream
+
+        if [ "$(git rev-parse --verify "module-update-$branch" 2>/dev/null)" ]; then
+            git checkout master && git branch -D "module-update-$branch"
+        fi
+        git checkout -B "module-update-$branch" "upstream/$branch"
+
+        for mod in "${modules[@]}"; do
+          go get "$mod"
+        done
+        go mod tidy
+        go mod vendor
+
+        git add --all
+        git commit -m "Update go modules"
+        git push origin "module-update-$branch" --force
+
+            # Create PR
+prbody=$(cat <<EOF
+Updated the following go modules:
+
+${modules[@]}
+
+\`\`\`release-note
+NONE
+\`\`\`
+EOF
+)
+        gh pr create --title="[$branch] Update go modules" --body "$prbody"  --head "$GITHUB_USER:module-update-$branch" --base "$branch" --repo="$org/$repo"
+    )
+    fi
+done
--- a/release-tools/go-modules-update.sh
+++ b/release-tools/go-modules-update.sh
@ -0,0 +1,129 @@
+#!/bin/sh
+
+# Copyright 2023 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Usage: go-modules-update.sh
+#
+# Batch update dependencies for sidecars.
+#
+# Required environment variables
+# CSI_RELEASE_TOKEN: Github token needed for generating release notes
+# GITHUB_USER: Github username to create PRs with
+#
+# Instructions:
+# 1. Login with "gh auth login"
+# 2. Copy this script to the kubernetes-csi directory (one directory above the
+# repos)
+# 3. Update the repos and master branch so locally it has the latest upstream
+# change
+# 4. Set environment variables
+# 5. Run script from the kubernetes-csi directory
+#
+# Caveats:
+# - This script doesn't handle interface incompatibility of updates.
+#   You need to resolve interface incompatibility case by case. The
+#   most frequent case is to update the interface(new parameters,  
+#   name change of the method, etc.)in the sidecar repo and make sure
+#   the build and test pass.
+
+
+set -e
+set -x
+
+MAX_RETRY=10
+
+# Get the options
+while getopts ":u:v:" option; do
+   case $option in
+      u) # Set username
+         username=$OPTARG;;
+      v) # Set version
+         v=$OPTARG;;
+     \?) # Invalid option
+         echo "Error: Invalid option: $OPTARG"
+         exit;;
+   esac
+done
+
+# Only need to do this once
+gh auth login
+
+while read -r repo branches; do
+    if [ "$repo" != "#" ]; then
+    (
+        cd "$repo"
+        git fetch origin
+        for i in $branches; do
+            if [ "$(git rev-parse --verify "module-update-$i" 2>/dev/null)" ]; then
+                git checkout master && git branch -d "module-update-$i"
+            fi
+            git checkout -B "module-update-$i" "origin/$i"
+            rm -rf .git/MERGE*
+            if ! git subtree pull --squash --prefix=release-tools https://github.com/kubernetes-csi/csi-release-tools.git master; then
+                # Sometimes "--squash" leads to merge conflicts. Because we know that "release-tools"
+                # is an unmodified copy of csi-release-tools, we can automatically resolve that
+                # by replacing it completely.
+                if [ -e .git/MERGE_MSG ] && [ -e .git/FETCH_HEAD ] && grep -q "^# Conflict" .git/MERGE_MSG; then
+                    rm -rf release-tools
+                    mkdir release-tools
+                    git archive FETCH_HEAD  | tar -C release-tools -xf -
+                    git add release-tools
+                    git commit --file=.git/MERGE_MSG
+                else
+                    exit 1
+                fi
+            fi
+            RETRY=0
+            while ! ./release-tools/go-get-kubernetes.sh -p "$v" && RETRY < $MAX_RETRY
+                do
+                  RETRY=$((RETRY+1))
+                  go mod tidy && go mod vendor && go mod tidy
+            done   
+            go mod tidy && go mod vendor && go mod tidy
+            git add --all
+            git commit -m "Update dependency go modules for k8s v$v"
+            git remote set-url origin "https://github.com/$username/$repo.git"
+            make test
+            git push origin "module-update-$i" --force
+            # Create PR
+prbody=$(cat <<EOF
+Ran kubernetes-csi/csi-release-tools go-get-kubernetes.sh -p ${v}.
+
+
+\`\`\`release-note
+Update kubernetes dependencies to v${v}
+\`\`\`
+EOF
+)
+            gh pr create --title="Update dependency go modules for k8s v$v" --body "$prbody"  --head "$username:module-update-master" --base "master" --repo="kubernetes-csi/$repo"
+        done  
+    )
+    fi
+done <<EOF
+csi-driver-host-path master
+csi-driver-iscsi master
+csi-driver-nfs master
+csi-lib-utils master
+csi-proxy master
+csi-test master
+external-attacher master
+external-health-monitor master
+external-provisioner master
+external-resizer master
+external-snapshotter master
+livenessprobe master
+node-driver-registrar master
+EOF
--- a/release-tools/prow.sh
+++ b/release-tools/prow.sh
@ -78,7 +78,7 @@ version_to_git () {
 # the list of windows versions was matched from:
 # - https://hub.docker.com/_/microsoft-windows-nanoserver
 # - https://hub.docker.com/_/microsoft-windows-servercore
-configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -ppc64le; linux s390x s390x -s390x; linux arm arm -arm; linux arm64 arm64 -arm64; linux arm arm/v7 -armv7; windows amd64 amd64 .exe nanoserver:1809 servercore:ltsc2019; windows amd64 amd64 .exe nanoserver:20H2 servercore:20H2; windows amd64 amd64 .exe nanoserver:ltsc2022 servercore:ltsc2022" "Go target platforms (= GOOS + GOARCH) and file suffix of the resulting binaries"
+configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -ppc64le; linux s390x s390x -s390x; linux arm arm -arm; linux arm64 arm64 -arm64; linux arm arm/v7 -armv7; windows amd64 amd64 .exe nanoserver:1809 servercore:ltsc2019; windows amd64 amd64 .exe nanoserver:ltsc2022 servercore:ltsc2022" "Go target platforms (= GOOS + GOARCH) and file suffix of the resulting binaries"

 # If we have a vendor directory, then use it. We must be careful to only
 # use this for "make" invocations inside the project's repo itself because
@ -86,7 +86,7 @@ configvar CSI_PROW_BUILD_PLATFORMS "linux amd64 amd64; linux ppc64le ppc64le -pp
 # which is disabled with GOFLAGS=-mod=vendor).
 configvar GOFLAGS_VENDOR "$( [ -d vendor ] && echo '-mod=vendor' )" "Go flags for using the vendor directory"

-configvar CSI_PROW_GO_VERSION_BUILD "1.20" "Go version for building the component" # depends on component's source code
+configvar CSI_PROW_GO_VERSION_BUILD "1.24.2" "Go version for building the component" # depends on component's source code
 configvar CSI_PROW_GO_VERSION_E2E "" "override Go version for building the Kubernetes E2E test suite" # normally doesn't need to be set, see install_e2e
 configvar CSI_PROW_GO_VERSION_SANITY "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building the csi-sanity test suite" # depends on CSI_PROW_SANITY settings below
 configvar CSI_PROW_GO_VERSION_KIND "${CSI_PROW_GO_VERSION_BUILD}" "Go version for building 'kind'" # depends on CSI_PROW_KIND_VERSION below
@ -101,7 +101,10 @@ configvar CSI_PROW_GINKGO_VERSION v1.7.0 "Ginkgo"

 # Ginkgo runs the E2E test in parallel. The default is based on the number
 # of CPUs, but typically this can be set to something higher in the job.
-configvar CSI_PROW_GINKO_PARALLEL "-p" "Ginko parallelism parameter(s)"
+configvar CSI_PROW_GINKGO_PARALLEL "-p" "Ginkgo parallelism parameter(s)"
+
+# Timeout value for the overall ginkgo test suite.
+configvar CSI_PROW_GINKGO_TIMEOUT "1h" "Ginkgo timeout"

 # Enables building the code in the repository. On by default, can be
 # disabled in jobs which only use pre-built components.
@ -141,7 +144,7 @@ kind_version_default () {
        latest|master)
            echo main;;
        *)
-            echo v0.14.0;;
+            echo v0.25.0;;
    esac
 }

@ -152,13 +155,13 @@ configvar CSI_PROW_KIND_VERSION "$(kind_version_default)" "kind"

 # kind images to use. Must match the kind version.
 # The release notes of each kind release list the supported images.
-configvar CSI_PROW_KIND_IMAGES "kindest/node:v1.24.0@sha256:0866296e693efe1fed79d5e6c7af8df71fc73ae45e3679af05342239cdc5bc8e
-kindest/node:v1.23.6@sha256:b1fa224cc6c7ff32455e0b1fd9cbfd3d3bc87ecaa8fcb06961ed1afb3db0f9ae
-kindest/node:v1.22.9@sha256:8135260b959dfe320206eb36b3aeda9cffcb262f4b44cda6b33f7bb73f453105
-kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207
-kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248
-kindest/node:v1.19.16@sha256:d9c819e8668de8d5030708e484a9fdff44d95ec4675d136ef0a0a584e587f65c
-kindest/node:v1.18.20@sha256:738cdc23ed4be6cc0b7ea277a2ebcc454c8373d7d8fb991a7fcdbd126188e6d7" "kind images"
+configvar CSI_PROW_KIND_IMAGES "kindest/node:v1.32.0@sha256:2458b423d635d7b01637cac2d6de7e1c1dca1148a2ba2e90975e214ca849e7cb
+kindest/node:v1.31.2@sha256:18fbefc20a7113353c7b75b5c869d7145a6abd6269154825872dc59c1329912e
+kindest/node:v1.30.6@sha256:b6d08db72079ba5ae1f4a88a09025c0a904af3b52387643c285442afb05ab994
+kindest/node:v1.29.10@sha256:3b2d8c31753e6c8069d4fc4517264cd20e86fd36220671fb7d0a5855103aa84b
+kindest/node:v1.28.15@sha256:a7c05c7ae043a0b8c818f5a06188bc2c4098f6cb59ca7d1856df00375d839251
+kindest/node:v1.27.16@sha256:2d21a61643eafc439905e18705b8186f3296384750a835ad7a005dceb9546d20
+kindest/node:v1.26.15@sha256:c79602a44b4056d7e48dc20f7504350f1e87530fe953428b792def00bc1076dd" "kind images"

 # By default, this script tests sidecars with the CSI hostpath driver,
 # using the install_csi_driver function. That function depends on
@ -196,7 +199,7 @@ kindest/node:v1.18.20@sha256:738cdc23ed4be6cc0b7ea277a2ebcc454c8373d7d8fb991a7fc
 # If the deployment script is called with CSI_PROW_TEST_DRIVER=<file name> as
 # environment variable, then it must write a suitable test driver configuration
 # into that file in addition to installing the driver.
-configvar CSI_PROW_DRIVER_VERSION "v1.11.0" "CSI driver version"
+configvar CSI_PROW_DRIVER_VERSION "v1.15.0" "CSI driver version"
 configvar CSI_PROW_DRIVER_REPO https://github.com/kubernetes-csi/csi-driver-host-path "CSI driver repo"
 configvar CSI_PROW_DEPLOYMENT "" "deployment"
 configvar CSI_PROW_DEPLOYMENT_SUFFIX "" "additional suffix in kubernetes-x.yy[suffix].yaml files"
@ -228,8 +231,11 @@ configvar CSI_PROW_E2E_VERSION "$(version_to_git "${CSI_PROW_KUBERNETES_VERSION}
 configvar CSI_PROW_E2E_REPO "https://github.com/kubernetes/kubernetes" "E2E repo"
 configvar CSI_PROW_E2E_IMPORT_PATH "k8s.io/kubernetes" "E2E package"

-# Local path for e2e tests. Set to "none" to disable.
-configvar CSI_PROW_SIDECAR_E2E_IMPORT_PATH "none" "CSI Sidecar E2E package"
+# Local path & package path for e2e tests. Set to "none" to disable.
+# When using versioned go modules, the import path is the module path whereas the path
+# should not contain the version and be the directory where the module is checked out.
+configvar CSI_PROW_SIDECAR_E2E_IMPORT_PATH "none" "CSI Sidecar E2E package (go import path)"
+configvar CSI_PROW_SIDECAR_E2E_PATH "${CSI_PROW_SIDECAR_E2E_IMPORT_PATH}" "CSI Sidecar E2E path (directory)"

 # csi-sanity testing from the csi-test repo can be run against the installed
 # CSI driver. For this to work, deploying the driver must expose the Unix domain
@ -237,7 +243,7 @@ configvar CSI_PROW_SIDECAR_E2E_IMPORT_PATH "none" "CSI Sidecar E2E package"
 # of the cluster. The alternative would have been to (cross-)compile csi-sanity
 # and install it inside the cluster, which is not necessarily easier.
 configvar CSI_PROW_SANITY_REPO https://github.com/kubernetes-csi/csi-test "csi-test repo"
-configvar CSI_PROW_SANITY_VERSION v5.0.0 "csi-test version"
+configvar CSI_PROW_SANITY_VERSION v5.3.1 "csi-test version"
 configvar CSI_PROW_SANITY_PACKAGE_PATH github.com/kubernetes-csi/csi-test "csi-test package"
 configvar CSI_PROW_SANITY_SERVICE "hostpath-service" "Kubernetes TCP service name that exposes csi.sock"
 configvar CSI_PROW_SANITY_POD "csi-hostpathplugin-0" "Kubernetes pod with CSI driver"
@ -419,7 +425,7 @@ die () {
    exit 1
 }

-# Ensure that PATH has the desired version of the Go tools, then run command given as argument.
+# Ensure we use the desired version of the Go tools, then run command given as argument.
 # Empty parameter uses the already installed Go. In Prow, that version is kept up-to-date by
 # bumping the container image regularly.
 run_with_go () {
@ -427,15 +433,16 @@ run_with_go () {
    version="$1"
    shift

-    if ! [ "$version" ] || go version 2>/dev/null | grep -q "go$version"; then
-        run "$@"
-    else
-        if ! [ -d "${CSI_PROW_WORK}/go-$version" ];  then
-            run curl --fail --location "https://dl.google.com/go/go$version.linux-amd64.tar.gz" | tar -C "${CSI_PROW_WORK}" -zxf - || die "installation of Go $version failed"
-            mv "${CSI_PROW_WORK}/go" "${CSI_PROW_WORK}/go-$version"
+    if [ "$version" ]; then
+        version=go$version
+        if [ "$(GOTOOLCHAIN=$version go version | cut -d' ' -f3)" != "$version" ]; then
+            die "Please install Go 1.21+"
        fi
-        PATH="${CSI_PROW_WORK}/go-$version/bin:$PATH" run "$@"
+    else
+        version=local
    fi
+    # Set GOMODCACHE to make sure Kubernetes does not need to download again.
+    GOTOOLCHAIN=$version GOMODCACHE="$(go env GOMODCACHE)" run "$@"
 }

 # Ensure that we have the desired version of kind.
@ -561,7 +568,15 @@ go_version_for_kubernetes () (
    local version="$2"
    local go_version

-    # We use the minimal Go version specified for each K8S release (= minimum_go_version in hack/lib/golang.sh).
+    # Try to get the version for .go-version
+    go_version="$( cat "$path/.go-version" )"
+    if [ "$go_version" ]; then
+        echo "$go_version"
+        return
+    fi
+
+    # Fall back to hack/lib/golang.sh parsing.
+    # This is necessary in v1.26.0 and older Kubernetes releases that do not have .go-version.
    # More recent versions might also work, but we don't want to count on that.
    go_version="$(grep minimum_go_version= "$path/hack/lib/golang.sh" | sed -e 's/.*=go//')"
    if ! [ "$go_version" ]; then
@ -610,7 +625,7 @@ start_cluster () {
            go_version="$(go_version_for_kubernetes "${CSI_PROW_WORK}/src/kubernetes" "$version")" || die "cannot proceed without knowing Go version for Kubernetes"
            # Changing into the Kubernetes source code directory is a workaround for https://github.com/kubernetes-sigs/kind/issues/1910
            # shellcheck disable=SC2046
-            (cd "${CSI_PROW_WORK}/src/kubernetes" && run_with_go "$go_version" kind build node-image --image csiprow/node:latest --kube-root "${CSI_PROW_WORK}/src/kubernetes") || die "'kind build node-image' failed"
+            (cd "${CSI_PROW_WORK}/src/kubernetes" && run_with_go "$go_version" kind build node-image "${CSI_PROW_WORK}/src/kubernetes" --image csiprow/node:latest) || die "'kind build node-image' failed"
            csi_prow_kind_have_kubernetes=true
        fi
        image="csiprow/node:latest"
@ -872,10 +887,17 @@ install_snapshot_controller() {
  cnt=0
  expected_running_pods=$(kubectl apply --dry-run=client -o "jsonpath={.spec.replicas}" -f "$SNAPSHOT_CONTROLLER_YAML")
  expected_namespace=$(kubectl apply --dry-run=client -o "jsonpath={.metadata.namespace}" -f "$SNAPSHOT_CONTROLLER_YAML")
-  while [ "$(kubectl get pods -n "$expected_namespace" -l app=snapshot-controller | grep 'Running' -c)" -lt "$expected_running_pods" ]; do
+  expect_key='app\.kubernetes\.io/name'
+  expected_label=$(kubectl apply --dry-run=client -o "jsonpath={.spec.template.metadata.labels['$expect_key']}" -f "$SNAPSHOT_CONTROLLER_YAML")
+  if [ -z "${expected_label}" ]; then
+    expect_key='app'
+    expected_label=$(kubectl apply --dry-run=client -o "jsonpath={.spec.template.metadata.labels['$expect_key']}" -f "$SNAPSHOT_CONTROLLER_YAML")
+  fi
+  expect_key=${expect_key//\\/}
+  while [ "$(kubectl get pods -n "$expected_namespace" -l "$expect_key"="$expected_label" | grep 'Running' -c)" -lt "$expected_running_pods" ]; do
    if [ $cnt -gt 30 ]; then
        echo "snapshot-controller pod status:"
-        kubectl describe pods -n "$expected_namespace" -l app=snapshot-controller
+        kubectl describe pods -n "$expected_namespace" -l "$expect_key"="$expected_label"
        echo >&2 "ERROR: snapshot controller not ready after over 5 min"
        exit 1
    fi
@ -1017,11 +1039,11 @@ run_e2e () (
    trap move_junit EXIT

    if [ "${name}" == "local" ]; then
-        cd "${GOPATH}/src/${CSI_PROW_SIDECAR_E2E_IMPORT_PATH}" &&
-        run_with_loggers env KUBECONFIG="$KUBECONFIG" KUBE_TEST_REPO_LIST="$(if [ -e "${CSI_PROW_WORK}/e2e-repo-list" ]; then echo "${CSI_PROW_WORK}/e2e-repo-list"; fi)" ginkgo -v "$@" "${CSI_PROW_WORK}/e2e-local.test" -- -report-dir "${ARTIFACTS}" -report-prefix local
+        cd "${GOPATH}/src/${CSI_PROW_SIDECAR_E2E_PATH}" &&
+        run_with_loggers env KUBECONFIG="$KUBECONFIG" KUBE_TEST_REPO_LIST="$(if [ -e "${CSI_PROW_WORK}/e2e-repo-list" ]; then echo "${CSI_PROW_WORK}/e2e-repo-list"; fi)" ginkgo --timeout="${CSI_PROW_GINKGO_TIMEOUT}" -v "$@" "${CSI_PROW_WORK}/e2e-local.test" -- -report-dir "${ARTIFACTS}" -report-prefix local
    else
        cd "${GOPATH}/src/${CSI_PROW_E2E_IMPORT_PATH}" &&
-        run_with_loggers env KUBECONFIG="$KUBECONFIG" KUBE_TEST_REPO_LIST="$(if [ -e "${CSI_PROW_WORK}/e2e-repo-list" ]; then echo "${CSI_PROW_WORK}/e2e-repo-list"; fi)" ginkgo -v "$@" "${CSI_PROW_WORK}/e2e.test" -- -report-dir "${ARTIFACTS}" -storage.testdriver="${CSI_PROW_WORK}/test-driver.yaml"
+        run_with_loggers env KUBECONFIG="$KUBECONFIG" KUBE_TEST_REPO_LIST="$(if [ -e "${CSI_PROW_WORK}/e2e-repo-list" ]; then echo "${CSI_PROW_WORK}/e2e-repo-list"; fi)" ginkgo --timeout="${CSI_PROW_GINKGO_TIMEOUT}" -v "$@" "${CSI_PROW_WORK}/e2e.test" -- -report-dir "${ARTIFACTS}" -storage.testdriver="${CSI_PROW_WORK}/test-driver.yaml"
    fi
 )

@ -1310,7 +1332,7 @@ main () {
                if tests_enabled "parallel"; then
                    # Ignore: Double quote to prevent globbing and word splitting.
                    # shellcheck disable=SC2086
-                    if ! run_e2e parallel ${CSI_PROW_GINKO_PARALLEL} \
+                    if ! run_e2e parallel ${CSI_PROW_GINKGO_PARALLEL} \
                         -focus="$focus" \
                         -skip="$(regex_join "${CSI_PROW_E2E_SERIAL}" "${CSI_PROW_E2E_ALPHA}" "${CSI_PROW_E2E_SKIP}")"; then
                        warn "E2E parallel failed"
@ -1320,7 +1342,7 @@ main () {
                    # Run tests that are feature tagged, but non-alpha
                    # Ignore: Double quote to prevent globbing and word splitting.
                    # shellcheck disable=SC2086
-                    if ! run_e2e parallel-features ${CSI_PROW_GINKO_PARALLEL} \
+                    if ! run_e2e parallel-features ${CSI_PROW_GINKGO_PARALLEL} \
                         -focus="$focus.*($(regex_join "${CSI_PROW_E2E_FOCUS}"))" \
                         -skip="$(regex_join "${CSI_PROW_E2E_SERIAL}")"; then
                        warn "E2E parallel features failed"
@ -1368,7 +1390,7 @@ main () {
                if tests_enabled "parallel-alpha"; then
                    # Ignore: Double quote to prevent globbing and word splitting.
                    # shellcheck disable=SC2086
-                    if ! run_e2e parallel-alpha ${CSI_PROW_GINKO_PARALLEL} \
+                    if ! run_e2e parallel-alpha ${CSI_PROW_GINKGO_PARALLEL} \
                         -focus="$focus.*($(regex_join "${CSI_PROW_E2E_ALPHA}"))" \
                         -skip="$(regex_join "${CSI_PROW_E2E_SERIAL}" "${CSI_PROW_E2E_SKIP}")"; then
                        warn "E2E parallel alpha failed"
--- a/release-tools/pull-test.sh
+++ b/release-tools/pull-test.sh
@ -20,11 +20,17 @@

 set -ex

+# Prow checks out repos with --filter=blob:none. This breaks
+# "git subtree pull" unless we enable fetching missing file content.
+GIT_NO_LAZY_FETCH=0
+export GIT_NO_LAZY_FETCH
+
 # It must be called inside the updated csi-release-tools repo.
 CSI_RELEASE_TOOLS_DIR="$(pwd)"

 # Update the other repo.
 cd "$PULL_TEST_REPO_DIR"
+git reset --hard # Shouldn't be necessary, but somehow is to avoid "fatal: working tree has modifications.  Cannot add." (https://stackoverflow.com/questions/3623351/git-subtree-pull-says-that-the-working-tree-has-modifications-but-git-status-sa)
 git subtree pull --squash --prefix=release-tools "$CSI_RELEASE_TOOLS_DIR" master
 git log -n2

--- a/release-tools/verify-logcheck.sh
+++ b/release-tools/verify-logcheck.sh
@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script uses the logcheck tool to analyze the source code
+# for proper usage of klog contextual logging.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+LOGCHECK_VERSION=${1:-0.8.2}
+
+# This will canonicalize the path
+CSI_LIB_UTIL_ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd -P)
+
+# Create a temporary directory for installing logcheck and
+# set up a trap command to remove it when the script exits.
+CSI_LIB_UTIL_TEMP=$(mktemp -d 2>/dev/null || mktemp -d -t csi-lib-utils.XXXXXX)
+trap 'rm -rf "${CSI_LIB_UTIL_TEMP}"' EXIT
+
+echo "Installing logcheck to temp dir: sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
+GOBIN="${CSI_LIB_UTIL_TEMP}" go install "sigs.k8s.io/logtools/logcheck@v${LOGCHECK_VERSION}"
+echo "Verifying logcheck: ${CSI_LIB_UTIL_TEMP}/logcheck -check-contextual ${CSI_LIB_UTIL_ROOT}/..."
+"${CSI_LIB_UTIL_TEMP}/logcheck" -check-contextual -check-with-helpers "${CSI_LIB_UTIL_ROOT}/..."
--- a/vendor/cel.dev/expr/.bazelversion
+++ b/vendor/cel.dev/expr/.bazelversion
@ -0,0 +1,2 @@
+7.0.1
+# Keep this pinned version in parity with cel-go
--- a/vendor/cel.dev/expr/.gitattributes
+++ b/vendor/cel.dev/expr/.gitattributes
@ -0,0 +1,2 @@
+*.pb.go linguist-generated=true
+*.pb.go -diff -merge
--- a/vendor/cel.dev/expr/.gitignore
+++ b/vendor/cel.dev/expr/.gitignore
@ -0,0 +1,2 @@
+bazel-*
+MODULE.bazel.lock
--- a/vendor/cel.dev/expr/BUILD.bazel
+++ b/vendor/cel.dev/expr/BUILD.bazel
@ -0,0 +1,34 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])  # Apache 2.0
+
+go_library(
+    name = "expr",
+    srcs = [
+        "checked.pb.go",
+        "eval.pb.go",
+        "explain.pb.go",
+        "syntax.pb.go",
+        "value.pb.go",
+    ],
+    importpath = "cel.dev/expr",
+    visibility = ["//visibility:public"],
+    deps = [
+        "@org_golang_google_genproto_googleapis_rpc//status:go_default_library",
+        "@org_golang_google_protobuf//reflect/protoreflect",
+        "@org_golang_google_protobuf//runtime/protoimpl",
+        "@org_golang_google_protobuf//types/known/anypb",
+        "@org_golang_google_protobuf//types/known/durationpb",
+        "@org_golang_google_protobuf//types/known/emptypb",
+        "@org_golang_google_protobuf//types/known/structpb",
+        "@org_golang_google_protobuf//types/known/timestamppb",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":expr",
+    visibility = ["//visibility:public"],
+)
--- a/vendor/cel.dev/expr/CODE_OF_CONDUCT.md
+++ b/vendor/cel.dev/expr/CODE_OF_CONDUCT.md
@ -0,0 +1,25 @@
+# Contributor Code of Conduct
+## Version 0.1.1 (adapted from 0.3b-angular)
+
+As contributors and maintainers of the Common Expression Language
+(CEL) project, we pledge to respect everyone who contributes by
+posting issues, updating documentation, submitting pull requests,
+providing feedback in comments, and any other activities.
+
+Communication through any of CEL's channels (GitHub, Gitter, IRC,
+mailing lists, Google+, Twitter, etc.) must be constructive and never
+resort to personal attacks, trolling, public or private harassment,
+insults, or other unprofessional conduct.
+
+We promise to extend courtesy and respect to everyone involved in this
+project regardless of gender, gender identity, sexual orientation,
+disability, age, race, ethnicity, religion, or level of experience. We
+expect anyone contributing to the project to do the same.
+
+If any member of the community violates this code of conduct, the
+maintainers of the CEL project may take action, removing issues,
+comments, and PRs or blocking accounts as deemed appropriate.
+
+If you are subject to or witness unacceptable behavior, or have any
+other concerns, please email us at
+[cel-conduct@google.com](mailto:cel-conduct@google.com).
--- a/vendor/cel.dev/expr/CONTRIBUTING.md
+++ b/vendor/cel.dev/expr/CONTRIBUTING.md
@ -0,0 +1,32 @@
+# How to Contribute
+
+We'd love to accept your patches and contributions to this project. There are a
+few guidelines you need to follow.
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement. You (or your employer) retain the copyright to your contribution,
+this simply gives us permission to use and redistribute your contributions as
+part of the project. Head over to <https://cla.developers.google.com/> to see
+your current agreements on file or to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
+
+## Code reviews
+
+All submissions, including submissions by project members, require review. We
+use GitHub pull requests for this purpose. Consult
+[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
+information on using pull requests.
+
+## What to expect from maintainers
+
+Expect maintainers to respond to new issues or pull requests within a week.
+For outstanding and ongoing issues and particularly for long-running
+pull requests, expect the maintainers to review within a week of a
+contributor asking for a new review. There is no commitment to resolution --
+merging or closing a pull request, or fixing or closing an issue -- because some
+issues will require more discussion than others.
--- a/vendor/cel.dev/expr/GOVERNANCE.md
+++ b/vendor/cel.dev/expr/GOVERNANCE.md
@ -0,0 +1,43 @@
+# Project Governance
+
+This document defines the governance process for the CEL language. CEL is
+Google-developed, but openly governed. Major contributors to the CEL
+specification and its corresponding implementations constitute the CEL
+Language Council. New members may be added by a unanimous vote of the
+Council.
+
+The MAINTAINERS.md file lists the members of the CEL Language Council, and
+unofficially indicates the "areas of expertise" of each member with respect
+to the publicly available CEL repos.
+
+## Code Changes
+
+Code changes must follow the standard pull request (PR) model documented in the
+CONTRIBUTING.md for each CEL repo. All fixes and features must be reviewed by a
+maintainer. The maintainer reserves the right to request that any feature
+request (FR) or PR be reviewed by the language council.
+
+## Syntax and Semantic Changes
+
+Syntactic and semantic changes must be reviewed by the CEL Language Council.
+Maintainers may also request language council review at their discretion.
+
+The review process is as follows:
+
+- Create a Feature Request in the CEL-Spec repo. The feature description will
+  serve as an abstract for the detailed design document.
+- Co-develop a design document with the Language Council.
+- Once the proposer gives the design document approval, the document will be
+  linked to the FR in the CEL-Spec repo and opened for comments to members of
+  the cel-lang-discuss@googlegroups.com.
+- The Language Council will review the design doc at the next council meeting
+  (once every three weeks) and the council decision included in the document.
+
+If the proposal is approved, the spec will be updated by a maintainer (if
+applicable) and a rationale will be included in the CEL-Spec wiki to ensure
+future developers may follow CEL's growth and direction over time.
+
+Approved proposals may be implemented by the proposer or by the maintainers as
+the parties see fit. At the discretion of the maintainer, changes from the
+approved design are permitted during implementation if they improve the user
+experience and clarity of the feature.
--- a/vendor/github.com/google/gofuzz/LICENSE
+++ b/vendor/github.com/google/gofuzz/LICENSE
--- a/vendor/cel.dev/expr/MAINTAINERS.md
+++ b/vendor/cel.dev/expr/MAINTAINERS.md
@ -0,0 +1,13 @@
+# CEL Language Council
+
+| Name            | Company      | Area of Expertise |
+|-----------------|--------------|-------------------|
+| Alfred Fuller   | Facebook     | cel-cpp, cel-spec |
+| Jim Larson      | Google       | cel-go, cel-spec  |
+| Matthais Blume  | Google       | cel-spec          |
+| Tristan Swadell | Google       | cel-go, cel-spec  |
+
+## Emeritus
+
+* Sanjay Ghemawat (Google)
+* Wolfgang Grieskamp (Facebook)
--- a/vendor/cel.dev/expr/MODULE.bazel
+++ b/vendor/cel.dev/expr/MODULE.bazel
@ -0,0 +1,70 @@
+module(
+    name = "cel-spec",
+)
+
+bazel_dep(
+    name = "bazel_skylib",
+    version = "1.7.1",
+)
+bazel_dep(
+    name = "gazelle",
+    version = "0.36.0",
+    repo_name = "bazel_gazelle",
+)
+bazel_dep(
+    name = "googleapis",
+    version = "0.0.0-20240819-fe8ba054a",
+    repo_name = "com_google_googleapis",
+)
+bazel_dep(
+    name = "protobuf",
+    version = "26.0",
+    repo_name = "com_google_protobuf",
+)
+bazel_dep(
+    name = "rules_cc",
+    version = "0.0.9",
+)
+bazel_dep(
+    name = "rules_go",
+    version = "0.49.0",
+    repo_name = "io_bazel_rules_go",
+)
+bazel_dep(
+    name = "rules_java",
+    version = "7.6.5",
+)
+bazel_dep(
+    name = "rules_proto",
+    version = "6.0.0",
+)
+bazel_dep(
+    name = "rules_python",
+    version = "0.35.0",
+)
+
+### PYTHON ###
+python = use_extension("@rules_python//python/extensions:python.bzl", "python")
+python.toolchain(
+    ignore_root_user_error = True,
+    python_version = "3.11",
+)
+
+switched_rules = use_extension("@com_google_googleapis//:extensions.bzl", "switched_rules")
+switched_rules.use_languages(
+    cc = True,
+    go = True,
+    java = True,
+)
+use_repo(switched_rules, "com_google_googleapis_imports")
+
+go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk")
+go_sdk.download(version = "1.21.1")
+
+go_deps = use_extension("@bazel_gazelle//:extensions.bzl", "go_deps")
+go_deps.from_file(go_mod = "//:go.mod")
+use_repo(
+    go_deps,
+    "org_golang_google_genproto_googleapis_rpc",
+    "org_golang_google_protobuf",
+)
--- a/vendor/cel.dev/expr/README.md
+++ b/vendor/cel.dev/expr/README.md
@ -0,0 +1,71 @@
+# Common Expression Language
+
+The Common Expression Language (CEL) implements common semantics for expression
+evaluation, enabling different applications to more easily interoperate.
+
+Key Applications
+
+*   Security policy: organizations have complex infrastructure and need common
+    tooling to reason about the system as a whole
+*   Protocols: expressions are a useful data type and require interoperability
+    across programming languages and platforms.
+
+
+Guiding philosophy:
+
+1.  Keep it small & fast.
+    *   CEL evaluates in linear time, is mutation free, and not Turing-complete.
+        This limitation is a feature of the language design, which allows the
+        implementation to evaluate orders of magnitude faster than equivalently
+        sandboxed JavaScript.
+2.  Make it extensible.
+    *   CEL is designed to be embedded in applications, and allows for
+        extensibility via its context which allows for functions and data to be
+        provided by the software that embeds it.
+3.  Developer-friendly.
+    *   The language is approachable to developers. The initial spec was based
+        on the experience of developing Firebase Rules and usability testing
+        many prior iterations.
+    *   The library itself and accompanying toolings should be easy to adopt by
+        teams that seek to integrate CEL into their platforms.
+
+The required components of a system that supports CEL are:
+
+*   The textual representation of an expression as written by a developer. It is
+    of similar syntax to expressions in C/C++/Java/JavaScript
+*   A representation of the program's abstract syntax tree (AST).
+*   A compiler library that converts the textual representation to the binary
+    representation. This can be done ahead of time (in the control plane) or
+    just before evaluation (in the data plane).
+*   A context containing one or more typed variables, often protobuf messages.
+    Most use-cases will use `attribute_context.proto`
+*   An evaluator library that takes the binary format in the context and
+    produces a result, usually a Boolean.
+
+For use cases which require persistence or cross-process communcation, it is
+highly recommended to serialize the type-checked expression as a protocol
+buffer. The CEL team will maintains canonical protocol buffers for ASTs and
+will keep these versions identical and wire-compatible in perpetuity:
+
+*  [CEL canonical](https://github.com/google/cel-spec/tree/master/proto/cel/expr)
+*  [CEL v1alpha1](https://github.com/googleapis/googleapis/tree/master/google/api/expr/v1alpha1)
+
+
+Example of boolean conditions and object construction:
+
+``` c
+// Condition
+account.balance >= transaction.withdrawal
+    || (account.overdraftProtection
+    && account.overdraftLimit >= transaction.withdrawal  - account.balance)
+
+// Object construction
+common.GeoPoint{ latitude: 10.0, longitude: -5.5 }
+```
+
+For more detail, see:
+
+*   [Introduction](doc/intro.md)
+*   [Language Definition](doc/langdef.md)
+
+Released under the [Apache License](LICENSE).
--- a/vendor/cel.dev/expr/WORKSPACE
+++ b/vendor/cel.dev/expr/WORKSPACE
@ -0,0 +1,145 @@
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "io_bazel_rules_go",
+    sha256 = "099a9fb96a376ccbbb7d291ed4ecbdfd42f6bc822ab77ae6f1b5cb9e914e94fa",
+    urls = [
+        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip",
+        "https://github.com/bazelbuild/rules_go/releases/download/v0.35.0/rules_go-v0.35.0.zip",
+    ],
+)
+
+http_archive(
+    name = "bazel_gazelle",
+    sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
+    urls = [
+        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
+        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
+    ],
+)
+
+http_archive(
+    name = "rules_proto",
+    sha256 = "e017528fd1c91c5a33f15493e3a398181a9e821a804eb7ff5acdd1d2d6c2b18d",
+    strip_prefix = "rules_proto-4.0.0-3.20.0",
+    urls = [
+        "https://github.com/bazelbuild/rules_proto/archive/refs/tags/4.0.0-3.20.0.tar.gz",
+    ],
+)
+
+# googleapis as of 09/16/2024
+http_archive(
+    name = "com_google_googleapis",
+    strip_prefix = "googleapis-4082d5e51e8481f6ccc384cacd896f4e78f19dee",
+    sha256 = "57319889d47578b3c89bf1b3f34888d796a8913d63b32d750a4cd12ed303c4e8",
+    urls = [
+        "https://github.com/googleapis/googleapis/archive/4082d5e51e8481f6ccc384cacd896f4e78f19dee.tar.gz",
+    ],
+)
+
+# protobuf
+http_archive(
+    name = "com_google_protobuf",
+    sha256 = "8242327e5df8c80ba49e4165250b8f79a76bd11765facefaaecfca7747dc8da2",
+    strip_prefix = "protobuf-3.21.5",
+    urls = ["https://github.com/protocolbuffers/protobuf/archive/v3.21.5.zip"],
+)
+
+# googletest
+http_archive(
+     name = "com_google_googletest",
+     urls = ["https://github.com/google/googletest/archive/master.zip"],
+     strip_prefix = "googletest-master",
+)
+
+# gflags
+http_archive(
+    name = "com_github_gflags_gflags",
+    sha256 = "6e16c8bc91b1310a44f3965e616383dbda48f83e8c1eaa2370a215057b00cabe",
+    strip_prefix = "gflags-77592648e3f3be87d6c7123eb81cbad75f9aef5a",
+    urls = [
+        "https://mirror.bazel.build/github.com/gflags/gflags/archive/77592648e3f3be87d6c7123eb81cbad75f9aef5a.tar.gz",
+        "https://github.com/gflags/gflags/archive/77592648e3f3be87d6c7123eb81cbad75f9aef5a.tar.gz",
+    ],
+)
+
+# glog
+http_archive(
+    name = "com_google_glog",
+    sha256 = "1ee310e5d0a19b9d584a855000434bb724aa744745d5b8ab1855c85bff8a8e21",
+    strip_prefix = "glog-028d37889a1e80e8a07da1b8945ac706259e5fd8",
+    urls = [
+        "https://mirror.bazel.build/github.com/google/glog/archive/028d37889a1e80e8a07da1b8945ac706259e5fd8.tar.gz",
+        "https://github.com/google/glog/archive/028d37889a1e80e8a07da1b8945ac706259e5fd8.tar.gz",
+    ],
+)
+
+# absl
+http_archive(
+    name = "com_google_absl",
+    strip_prefix = "abseil-cpp-master",
+    urls = ["https://github.com/abseil/abseil-cpp/archive/master.zip"],
+)
+
+load("@io_bazel_rules_go//go:deps.bzl", "go_rules_dependencies", "go_register_toolchains")
+load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
+load("@com_google_googleapis//:repository_rules.bzl", "switched_rules_by_language")
+load("@rules_proto//proto:repositories.bzl", "rules_proto_dependencies", "rules_proto_toolchains")
+load("@com_google_protobuf//:protobuf_deps.bzl", "protobuf_deps")
+
+switched_rules_by_language(
+    name = "com_google_googleapis_imports",
+    cc = True,
+)
+
+# Do *not* call *_dependencies(), etc, yet.  See comment at the end.
+
+# Generated Google APIs protos for Golang
+# Generated Google APIs protos for Golang 08/26/2024
+go_repository(
+    name = "org_golang_google_genproto_googleapis_api",
+    build_file_proto_mode = "disable_global",
+    importpath = "google.golang.org/genproto/googleapis/api",
+    sum = "h1:YcyjlL1PRr2Q17/I0dPk2JmYS5CDXfcdb2Z3YRioEbw=",
+    version = "v0.0.0-20240826202546-f6391c0de4c7",
+)
+
+# Generated Google APIs protos for Golang 08/26/2024
+go_repository(
+    name = "org_golang_google_genproto_googleapis_rpc",
+    build_file_proto_mode = "disable_global",
+    importpath = "google.golang.org/genproto/googleapis/rpc",
+    sum = "h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs=",
+    version = "v0.0.0-20240826202546-f6391c0de4c7",
+)
+
+# gRPC deps
+go_repository(
+    name = "org_golang_google_grpc",
+    build_file_proto_mode = "disable_global",
+    importpath = "google.golang.org/grpc",
+    tag = "v1.49.0",
+)
+
+go_repository(
+    name = "org_golang_x_net",
+    importpath = "golang.org/x/net",
+    sum = "h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=",
+    version = "v0.0.0-20190311183353-d8887717615a",
+)
+
+go_repository(
+    name = "org_golang_x_text",
+    importpath = "golang.org/x/text",
+    sum = "h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=",
+    version = "v0.3.2",
+)
+
+# Run the dependencies at the end.  These will silently try to import some
+# of the above repositories but at different versions, so ours must come first.
+go_rules_dependencies()
+go_register_toolchains(version = "1.19.1")
+gazelle_dependencies()
+rules_proto_dependencies()
+rules_proto_toolchains()
+protobuf_deps()
--- a/vendor/cel.dev/expr/WORKSPACE.bzlmod
+++ b/vendor/cel.dev/expr/WORKSPACE.bzlmod
--- a/vendor/cel.dev/expr/checked.pb.go
+++ b/vendor/cel.dev/expr/checked.pb.go
--- a/vendor/cel.dev/expr/cloudbuild.yaml
+++ b/vendor/cel.dev/expr/cloudbuild.yaml
@ -0,0 +1,9 @@
+steps:
+- name: 'gcr.io/cloud-builders/bazel:7.0.1'
+  entrypoint: bazel
+  args: ['build', '...']
+  id: bazel-build
+  waitFor: ['-']
+timeout: 15m
+options:
+  machineType: 'N1_HIGHCPU_32'
--- a/vendor/cel.dev/expr/eval.pb.go
+++ b/vendor/cel.dev/expr/eval.pb.go
@ -0,0 +1,490 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.5
+// source: cel/expr/eval.proto
+
+package expr
+
+import (
+	status "google.golang.org/genproto/googleapis/rpc/status"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type EvalState struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Values  []*ExprValue        `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+	Results []*EvalState_Result `protobuf:"bytes,3,rep,name=results,proto3" json:"results,omitempty"`
+}
+
+func (x *EvalState) Reset() {
+	*x = EvalState{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_eval_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EvalState) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EvalState) ProtoMessage() {}
+
+func (x *EvalState) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_eval_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EvalState.ProtoReflect.Descriptor instead.
+func (*EvalState) Descriptor() ([]byte, []int) {
+	return file_cel_expr_eval_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *EvalState) GetValues() []*ExprValue {
+	if x != nil {
+		return x.Values
+	}
+	return nil
+}
+
+func (x *EvalState) GetResults() []*EvalState_Result {
+	if x != nil {
+		return x.Results
+	}
+	return nil
+}
+
+type ExprValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Kind:
+	//
+	//	*ExprValue_Value
+	//	*ExprValue_Error
+	//	*ExprValue_Unknown
+	Kind isExprValue_Kind `protobuf_oneof:"kind"`
+}
+
+func (x *ExprValue) Reset() {
+	*x = ExprValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_eval_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExprValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExprValue) ProtoMessage() {}
+
+func (x *ExprValue) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_eval_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExprValue.ProtoReflect.Descriptor instead.
+func (*ExprValue) Descriptor() ([]byte, []int) {
+	return file_cel_expr_eval_proto_rawDescGZIP(), []int{1}
+}
+
+func (m *ExprValue) GetKind() isExprValue_Kind {
+	if m != nil {
+		return m.Kind
+	}
+	return nil
+}
+
+func (x *ExprValue) GetValue() *Value {
+	if x, ok := x.GetKind().(*ExprValue_Value); ok {
+		return x.Value
+	}
+	return nil
+}
+
+func (x *ExprValue) GetError() *ErrorSet {
+	if x, ok := x.GetKind().(*ExprValue_Error); ok {
+		return x.Error
+	}
+	return nil
+}
+
+func (x *ExprValue) GetUnknown() *UnknownSet {
+	if x, ok := x.GetKind().(*ExprValue_Unknown); ok {
+		return x.Unknown
+	}
+	return nil
+}
+
+type isExprValue_Kind interface {
+	isExprValue_Kind()
+}
+
+type ExprValue_Value struct {
+	Value *Value `protobuf:"bytes,1,opt,name=value,proto3,oneof"`
+}
+
+type ExprValue_Error struct {
+	Error *ErrorSet `protobuf:"bytes,2,opt,name=error,proto3,oneof"`
+}
+
+type ExprValue_Unknown struct {
+	Unknown *UnknownSet `protobuf:"bytes,3,opt,name=unknown,proto3,oneof"`
+}
+
+func (*ExprValue_Value) isExprValue_Kind() {}
+
+func (*ExprValue_Error) isExprValue_Kind() {}
+
+func (*ExprValue_Unknown) isExprValue_Kind() {}
+
+type ErrorSet struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Errors []*status.Status `protobuf:"bytes,1,rep,name=errors,proto3" json:"errors,omitempty"`
+}
+
+func (x *ErrorSet) Reset() {
+	*x = ErrorSet{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_eval_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ErrorSet) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ErrorSet) ProtoMessage() {}
+
+func (x *ErrorSet) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_eval_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ErrorSet.ProtoReflect.Descriptor instead.
+func (*ErrorSet) Descriptor() ([]byte, []int) {
+	return file_cel_expr_eval_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ErrorSet) GetErrors() []*status.Status {
+	if x != nil {
+		return x.Errors
+	}
+	return nil
+}
+
+type UnknownSet struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Exprs []int64 `protobuf:"varint,1,rep,packed,name=exprs,proto3" json:"exprs,omitempty"`
+}
+
+func (x *UnknownSet) Reset() {
+	*x = UnknownSet{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_eval_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UnknownSet) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UnknownSet) ProtoMessage() {}
+
+func (x *UnknownSet) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_eval_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UnknownSet.ProtoReflect.Descriptor instead.
+func (*UnknownSet) Descriptor() ([]byte, []int) {
+	return file_cel_expr_eval_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *UnknownSet) GetExprs() []int64 {
+	if x != nil {
+		return x.Exprs
+	}
+	return nil
+}
+
+type EvalState_Result struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Expr  int64 `protobuf:"varint,1,opt,name=expr,proto3" json:"expr,omitempty"`
+	Value int64 `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *EvalState_Result) Reset() {
+	*x = EvalState_Result{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_eval_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EvalState_Result) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EvalState_Result) ProtoMessage() {}
+
+func (x *EvalState_Result) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_eval_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EvalState_Result.ProtoReflect.Descriptor instead.
+func (*EvalState_Result) Descriptor() ([]byte, []int) {
+	return file_cel_expr_eval_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *EvalState_Result) GetExpr() int64 {
+	if x != nil {
+		return x.Expr
+	}
+	return 0
+}
+
+func (x *EvalState_Result) GetValue() int64 {
+	if x != nil {
+		return x.Value
+	}
+	return 0
+}
+
+var File_cel_expr_eval_proto protoreflect.FileDescriptor
+
+var file_cel_expr_eval_proto_rawDesc = []byte{
+	0x0a, 0x13, 0x63, 0x65, 0x6c, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x65, 0x76, 0x61, 0x6c, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x1a,
+	0x14, 0x63, 0x65, 0x6c, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70,
+	0x63, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa2,
+	0x01, 0x0a, 0x09, 0x45, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2b, 0x0a, 0x06,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63,
+	0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x07, 0x72, 0x65, 0x73,
+	0x75, 0x6c, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x65, 0x6c,
+	0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x45, 0x76, 0x61, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e,
+	0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x1a,
+	0x32, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x65, 0x78, 0x70,
+	0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x65, 0x78, 0x70, 0x72, 0x12, 0x14, 0x0a,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x22, 0x9a, 0x01, 0x0a, 0x09, 0x45, 0x78, 0x70, 0x72, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x12, 0x27, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x0f, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x72,
+	0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x65, 0x6c, 0x2e,
+	0x65, 0x78, 0x70, 0x72, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52,
+	0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x30, 0x0a, 0x07, 0x75, 0x6e, 0x6b, 0x6e, 0x6f, 0x77,
+	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78,
+	0x70, 0x72, 0x2e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x53, 0x65, 0x74, 0x48, 0x00, 0x52,
+	0x07, 0x75, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64,
+	0x22, 0x36, 0x0a, 0x08, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x2a, 0x0a, 0x06,
+	0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+	0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x22, 0x22, 0x0a, 0x0a, 0x55, 0x6e, 0x6b, 0x6e,
+	0x6f, 0x77, 0x6e, 0x53, 0x65, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, 0x70, 0x72, 0x73, 0x18,
+	0x01, 0x20, 0x03, 0x28, 0x03, 0x52, 0x05, 0x65, 0x78, 0x70, 0x72, 0x73, 0x42, 0x2c, 0x0a, 0x0c,
+	0x64, 0x65, 0x76, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x42, 0x09, 0x45, 0x76,
+	0x61, 0x6c, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x0c, 0x63, 0x65, 0x6c, 0x2e, 0x64,
+	0x65, 0x76, 0x2f, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_cel_expr_eval_proto_rawDescOnce sync.Once
+	file_cel_expr_eval_proto_rawDescData = file_cel_expr_eval_proto_rawDesc
+)
+
+func file_cel_expr_eval_proto_rawDescGZIP() []byte {
+	file_cel_expr_eval_proto_rawDescOnce.Do(func() {
+		file_cel_expr_eval_proto_rawDescData = protoimpl.X.CompressGZIP(file_cel_expr_eval_proto_rawDescData)
+	})
+	return file_cel_expr_eval_proto_rawDescData
+}
+
+var file_cel_expr_eval_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_cel_expr_eval_proto_goTypes = []interface{}{
+	(*EvalState)(nil),        // 0: cel.expr.EvalState
+	(*ExprValue)(nil),        // 1: cel.expr.ExprValue
+	(*ErrorSet)(nil),         // 2: cel.expr.ErrorSet
+	(*UnknownSet)(nil),       // 3: cel.expr.UnknownSet
+	(*EvalState_Result)(nil), // 4: cel.expr.EvalState.Result
+	(*Value)(nil),            // 5: cel.expr.Value
+	(*status.Status)(nil),    // 6: google.rpc.Status
+}
+var file_cel_expr_eval_proto_depIdxs = []int32{
+	1, // 0: cel.expr.EvalState.values:type_name -> cel.expr.ExprValue
+	4, // 1: cel.expr.EvalState.results:type_name -> cel.expr.EvalState.Result
+	5, // 2: cel.expr.ExprValue.value:type_name -> cel.expr.Value
+	2, // 3: cel.expr.ExprValue.error:type_name -> cel.expr.ErrorSet
+	3, // 4: cel.expr.ExprValue.unknown:type_name -> cel.expr.UnknownSet
+	6, // 5: cel.expr.ErrorSet.errors:type_name -> google.rpc.Status
+	6, // [6:6] is the sub-list for method output_type
+	6, // [6:6] is the sub-list for method input_type
+	6, // [6:6] is the sub-list for extension type_name
+	6, // [6:6] is the sub-list for extension extendee
+	0, // [0:6] is the sub-list for field type_name
+}
+
+func init() { file_cel_expr_eval_proto_init() }
+func file_cel_expr_eval_proto_init() {
+	if File_cel_expr_eval_proto != nil {
+		return
+	}
+	file_cel_expr_value_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_cel_expr_eval_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EvalState); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_eval_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ExprValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_eval_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ErrorSet); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_eval_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UnknownSet); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_eval_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EvalState_Result); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_cel_expr_eval_proto_msgTypes[1].OneofWrappers = []interface{}{
+		(*ExprValue_Value)(nil),
+		(*ExprValue_Error)(nil),
+		(*ExprValue_Unknown)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_cel_expr_eval_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   5,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_cel_expr_eval_proto_goTypes,
+		DependencyIndexes: file_cel_expr_eval_proto_depIdxs,
+		MessageInfos:      file_cel_expr_eval_proto_msgTypes,
+	}.Build()
+	File_cel_expr_eval_proto = out.File
+	file_cel_expr_eval_proto_rawDesc = nil
+	file_cel_expr_eval_proto_goTypes = nil
+	file_cel_expr_eval_proto_depIdxs = nil
+}
--- a/vendor/cel.dev/expr/explain.pb.go
+++ b/vendor/cel.dev/expr/explain.pb.go
@ -0,0 +1,236 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.5
+// source: cel/expr/explain.proto
+
+package expr
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Deprecated: Do not use.
+type Explain struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Values    []*Value            `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+	ExprSteps []*Explain_ExprStep `protobuf:"bytes,2,rep,name=expr_steps,json=exprSteps,proto3" json:"expr_steps,omitempty"`
+}
+
+func (x *Explain) Reset() {
+	*x = Explain{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_explain_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Explain) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Explain) ProtoMessage() {}
+
+func (x *Explain) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_explain_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Explain.ProtoReflect.Descriptor instead.
+func (*Explain) Descriptor() ([]byte, []int) {
+	return file_cel_expr_explain_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *Explain) GetValues() []*Value {
+	if x != nil {
+		return x.Values
+	}
+	return nil
+}
+
+func (x *Explain) GetExprSteps() []*Explain_ExprStep {
+	if x != nil {
+		return x.ExprSteps
+	}
+	return nil
+}
+
+type Explain_ExprStep struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Id         int64 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
+	ValueIndex int32 `protobuf:"varint,2,opt,name=value_index,json=valueIndex,proto3" json:"value_index,omitempty"`
+}
+
+func (x *Explain_ExprStep) Reset() {
+	*x = Explain_ExprStep{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_explain_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Explain_ExprStep) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Explain_ExprStep) ProtoMessage() {}
+
+func (x *Explain_ExprStep) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_explain_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Explain_ExprStep.ProtoReflect.Descriptor instead.
+func (*Explain_ExprStep) Descriptor() ([]byte, []int) {
+	return file_cel_expr_explain_proto_rawDescGZIP(), []int{0, 0}
+}
+
+func (x *Explain_ExprStep) GetId() int64 {
+	if x != nil {
+		return x.Id
+	}
+	return 0
+}
+
+func (x *Explain_ExprStep) GetValueIndex() int32 {
+	if x != nil {
+		return x.ValueIndex
+	}
+	return 0
+}
+
+var File_cel_expr_explain_proto protoreflect.FileDescriptor
+
+var file_cel_expr_explain_proto_rawDesc = []byte{
+	0x0a, 0x16, 0x63, 0x65, 0x6c, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x65, 0x78, 0x70, 0x6c, 0x61,
+	0x69, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78,
+	0x70, 0x72, 0x1a, 0x14, 0x63, 0x65, 0x6c, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xae, 0x01, 0x0a, 0x07, 0x45, 0x78, 0x70,
+	0x6c, 0x61, 0x69, 0x6e, 0x12, 0x27, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e,
+	0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x39, 0x0a,
+	0x0a, 0x65, 0x78, 0x70, 0x72, 0x5f, 0x73, 0x74, 0x65, 0x70, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x45, 0x78, 0x70,
+	0x6c, 0x61, 0x69, 0x6e, 0x2e, 0x45, 0x78, 0x70, 0x72, 0x53, 0x74, 0x65, 0x70, 0x52, 0x09, 0x65,
+	0x78, 0x70, 0x72, 0x53, 0x74, 0x65, 0x70, 0x73, 0x1a, 0x3b, 0x0a, 0x08, 0x45, 0x78, 0x70, 0x72,
+	0x53, 0x74, 0x65, 0x70, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03,
+	0x52, 0x02, 0x69, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x69, 0x6e,
+	0x64, 0x65, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x49, 0x6e, 0x64, 0x65, 0x78, 0x3a, 0x02, 0x18, 0x01, 0x42, 0x2f, 0x0a, 0x0c, 0x64, 0x65, 0x76,
+	0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x42, 0x0c, 0x45, 0x78, 0x70, 0x6c, 0x61,
+	0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x0c, 0x63, 0x65, 0x6c, 0x2e, 0x64,
+	0x65, 0x76, 0x2f, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
+}
+
+var (
+	file_cel_expr_explain_proto_rawDescOnce sync.Once
+	file_cel_expr_explain_proto_rawDescData = file_cel_expr_explain_proto_rawDesc
+)
+
+func file_cel_expr_explain_proto_rawDescGZIP() []byte {
+	file_cel_expr_explain_proto_rawDescOnce.Do(func() {
+		file_cel_expr_explain_proto_rawDescData = protoimpl.X.CompressGZIP(file_cel_expr_explain_proto_rawDescData)
+	})
+	return file_cel_expr_explain_proto_rawDescData
+}
+
+var file_cel_expr_explain_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_cel_expr_explain_proto_goTypes = []interface{}{
+	(*Explain)(nil),          // 0: cel.expr.Explain
+	(*Explain_ExprStep)(nil), // 1: cel.expr.Explain.ExprStep
+	(*Value)(nil),            // 2: cel.expr.Value
+}
+var file_cel_expr_explain_proto_depIdxs = []int32{
+	2, // 0: cel.expr.Explain.values:type_name -> cel.expr.Value
+	1, // 1: cel.expr.Explain.expr_steps:type_name -> cel.expr.Explain.ExprStep
+	2, // [2:2] is the sub-list for method output_type
+	2, // [2:2] is the sub-list for method input_type
+	2, // [2:2] is the sub-list for extension type_name
+	2, // [2:2] is the sub-list for extension extendee
+	0, // [0:2] is the sub-list for field type_name
+}
+
+func init() { file_cel_expr_explain_proto_init() }
+func file_cel_expr_explain_proto_init() {
+	if File_cel_expr_explain_proto != nil {
+		return
+	}
+	file_cel_expr_value_proto_init()
+	if !protoimpl.UnsafeEnabled {
+		file_cel_expr_explain_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Explain); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_explain_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Explain_ExprStep); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_cel_expr_explain_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   2,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_cel_expr_explain_proto_goTypes,
+		DependencyIndexes: file_cel_expr_explain_proto_depIdxs,
+		MessageInfos:      file_cel_expr_explain_proto_msgTypes,
+	}.Build()
+	File_cel_expr_explain_proto = out.File
+	file_cel_expr_explain_proto_rawDesc = nil
+	file_cel_expr_explain_proto_goTypes = nil
+	file_cel_expr_explain_proto_depIdxs = nil
+}
--- a/vendor/cel.dev/expr/regen_go_proto.sh
+++ b/vendor/cel.dev/expr/regen_go_proto.sh
@ -0,0 +1,9 @@
+#!/bin/sh
+bazel build //proto/cel/expr/conformance/...
+files=($(bazel aquery 'kind(proto, //proto/cel/expr/conformance/...)' | grep Outputs | grep "[.]pb[.]go" | sed 's/Outputs: \[//' | sed 's/\]//' | tr "," "\n"))
+for src in ${files[@]};
+do
+  dst=$(echo $src | sed 's/\(.*\/cel.dev\/expr\/\(.*\)\)/\2/')
+  echo "copying $dst"
+  $(cp $src $dst)
+done
--- a/vendor/cel.dev/expr/regen_go_proto_canonical_protos.sh
+++ b/vendor/cel.dev/expr/regen_go_proto_canonical_protos.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+bazel build //proto/cel/expr:all
+
+rm -vf ./*.pb.go
+
+files=( $(bazel cquery //proto/cel/expr:expr_go_proto --output=starlark --starlark:expr="'\n'.join([f.path for f in target.output_groups.go_generated_srcs.to_list()])") )
+for src in "${files[@]}";
+do
+  cp -v "${src}" ./
+done
--- a/vendor/cel.dev/expr/syntax.pb.go
+++ b/vendor/cel.dev/expr/syntax.pb.go
--- a/vendor/cel.dev/expr/value.pb.go
+++ b/vendor/cel.dev/expr/value.pb.go
@ -0,0 +1,653 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.28.1
+// 	protoc        v3.21.5
+// source: cel/expr/value.proto
+
+package expr
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	anypb "google.golang.org/protobuf/types/known/anypb"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+	reflect "reflect"
+	sync "sync"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+type Value struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Types that are assignable to Kind:
+	//
+	//	*Value_NullValue
+	//	*Value_BoolValue
+	//	*Value_Int64Value
+	//	*Value_Uint64Value
+	//	*Value_DoubleValue
+	//	*Value_StringValue
+	//	*Value_BytesValue
+	//	*Value_EnumValue
+	//	*Value_ObjectValue
+	//	*Value_MapValue
+	//	*Value_ListValue
+	//	*Value_TypeValue
+	Kind isValue_Kind `protobuf_oneof:"kind"`
+}
+
+func (x *Value) Reset() {
+	*x = Value{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_value_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Value) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Value) ProtoMessage() {}
+
+func (x *Value) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_value_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Value.ProtoReflect.Descriptor instead.
+func (*Value) Descriptor() ([]byte, []int) {
+	return file_cel_expr_value_proto_rawDescGZIP(), []int{0}
+}
+
+func (m *Value) GetKind() isValue_Kind {
+	if m != nil {
+		return m.Kind
+	}
+	return nil
+}
+
+func (x *Value) GetNullValue() structpb.NullValue {
+	if x, ok := x.GetKind().(*Value_NullValue); ok {
+		return x.NullValue
+	}
+	return structpb.NullValue(0)
+}
+
+func (x *Value) GetBoolValue() bool {
+	if x, ok := x.GetKind().(*Value_BoolValue); ok {
+		return x.BoolValue
+	}
+	return false
+}
+
+func (x *Value) GetInt64Value() int64 {
+	if x, ok := x.GetKind().(*Value_Int64Value); ok {
+		return x.Int64Value
+	}
+	return 0
+}
+
+func (x *Value) GetUint64Value() uint64 {
+	if x, ok := x.GetKind().(*Value_Uint64Value); ok {
+		return x.Uint64Value
+	}
+	return 0
+}
+
+func (x *Value) GetDoubleValue() float64 {
+	if x, ok := x.GetKind().(*Value_DoubleValue); ok {
+		return x.DoubleValue
+	}
+	return 0
+}
+
+func (x *Value) GetStringValue() string {
+	if x, ok := x.GetKind().(*Value_StringValue); ok {
+		return x.StringValue
+	}
+	return ""
+}
+
+func (x *Value) GetBytesValue() []byte {
+	if x, ok := x.GetKind().(*Value_BytesValue); ok {
+		return x.BytesValue
+	}
+	return nil
+}
+
+func (x *Value) GetEnumValue() *EnumValue {
+	if x, ok := x.GetKind().(*Value_EnumValue); ok {
+		return x.EnumValue
+	}
+	return nil
+}
+
+func (x *Value) GetObjectValue() *anypb.Any {
+	if x, ok := x.GetKind().(*Value_ObjectValue); ok {
+		return x.ObjectValue
+	}
+	return nil
+}
+
+func (x *Value) GetMapValue() *MapValue {
+	if x, ok := x.GetKind().(*Value_MapValue); ok {
+		return x.MapValue
+	}
+	return nil
+}
+
+func (x *Value) GetListValue() *ListValue {
+	if x, ok := x.GetKind().(*Value_ListValue); ok {
+		return x.ListValue
+	}
+	return nil
+}
+
+func (x *Value) GetTypeValue() string {
+	if x, ok := x.GetKind().(*Value_TypeValue); ok {
+		return x.TypeValue
+	}
+	return ""
+}
+
+type isValue_Kind interface {
+	isValue_Kind()
+}
+
+type Value_NullValue struct {
+	NullValue structpb.NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=google.protobuf.NullValue,oneof"`
+}
+
+type Value_BoolValue struct {
+	BoolValue bool `protobuf:"varint,2,opt,name=bool_value,json=boolValue,proto3,oneof"`
+}
+
+type Value_Int64Value struct {
+	Int64Value int64 `protobuf:"varint,3,opt,name=int64_value,json=int64Value,proto3,oneof"`
+}
+
+type Value_Uint64Value struct {
+	Uint64Value uint64 `protobuf:"varint,4,opt,name=uint64_value,json=uint64Value,proto3,oneof"`
+}
+
+type Value_DoubleValue struct {
+	DoubleValue float64 `protobuf:"fixed64,5,opt,name=double_value,json=doubleValue,proto3,oneof"`
+}
+
+type Value_StringValue struct {
+	StringValue string `protobuf:"bytes,6,opt,name=string_value,json=stringValue,proto3,oneof"`
+}
+
+type Value_BytesValue struct {
+	BytesValue []byte `protobuf:"bytes,7,opt,name=bytes_value,json=bytesValue,proto3,oneof"`
+}
+
+type Value_EnumValue struct {
+	EnumValue *EnumValue `protobuf:"bytes,9,opt,name=enum_value,json=enumValue,proto3,oneof"`
+}
+
+type Value_ObjectValue struct {
+	ObjectValue *anypb.Any `protobuf:"bytes,10,opt,name=object_value,json=objectValue,proto3,oneof"`
+}
+
+type Value_MapValue struct {
+	MapValue *MapValue `protobuf:"bytes,11,opt,name=map_value,json=mapValue,proto3,oneof"`
+}
+
+type Value_ListValue struct {
+	ListValue *ListValue `protobuf:"bytes,12,opt,name=list_value,json=listValue,proto3,oneof"`
+}
+
+type Value_TypeValue struct {
+	TypeValue string `protobuf:"bytes,15,opt,name=type_value,json=typeValue,proto3,oneof"`
+}
+
+func (*Value_NullValue) isValue_Kind() {}
+
+func (*Value_BoolValue) isValue_Kind() {}
+
+func (*Value_Int64Value) isValue_Kind() {}
+
+func (*Value_Uint64Value) isValue_Kind() {}
+
+func (*Value_DoubleValue) isValue_Kind() {}
+
+func (*Value_StringValue) isValue_Kind() {}
+
+func (*Value_BytesValue) isValue_Kind() {}
+
+func (*Value_EnumValue) isValue_Kind() {}
+
+func (*Value_ObjectValue) isValue_Kind() {}
+
+func (*Value_MapValue) isValue_Kind() {}
+
+func (*Value_ListValue) isValue_Kind() {}
+
+func (*Value_TypeValue) isValue_Kind() {}
+
+type EnumValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Type  string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Value int32  `protobuf:"varint,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *EnumValue) Reset() {
+	*x = EnumValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_value_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumValue) ProtoMessage() {}
+
+func (x *EnumValue) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_value_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumValue.ProtoReflect.Descriptor instead.
+func (*EnumValue) Descriptor() ([]byte, []int) {
+	return file_cel_expr_value_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *EnumValue) GetType() string {
+	if x != nil {
+		return x.Type
+	}
+	return ""
+}
+
+func (x *EnumValue) GetValue() int32 {
+	if x != nil {
+		return x.Value
+	}
+	return 0
+}
+
+type ListValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
+}
+
+func (x *ListValue) Reset() {
+	*x = ListValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_value_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListValue) ProtoMessage() {}
+
+func (x *ListValue) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_value_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListValue.ProtoReflect.Descriptor instead.
+func (*ListValue) Descriptor() ([]byte, []int) {
+	return file_cel_expr_value_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *ListValue) GetValues() []*Value {
+	if x != nil {
+		return x.Values
+	}
+	return nil
+}
+
+type MapValue struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Entries []*MapValue_Entry `protobuf:"bytes,1,rep,name=entries,proto3" json:"entries,omitempty"`
+}
+
+func (x *MapValue) Reset() {
+	*x = MapValue{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_value_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MapValue) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MapValue) ProtoMessage() {}
+
+func (x *MapValue) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_value_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MapValue.ProtoReflect.Descriptor instead.
+func (*MapValue) Descriptor() ([]byte, []int) {
+	return file_cel_expr_value_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *MapValue) GetEntries() []*MapValue_Entry {
+	if x != nil {
+		return x.Entries
+	}
+	return nil
+}
+
+type MapValue_Entry struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Key   *Value `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
+	Value *Value `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+}
+
+func (x *MapValue_Entry) Reset() {
+	*x = MapValue_Entry{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_cel_expr_value_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MapValue_Entry) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MapValue_Entry) ProtoMessage() {}
+
+func (x *MapValue_Entry) ProtoReflect() protoreflect.Message {
+	mi := &file_cel_expr_value_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MapValue_Entry.ProtoReflect.Descriptor instead.
+func (*MapValue_Entry) Descriptor() ([]byte, []int) {
+	return file_cel_expr_value_proto_rawDescGZIP(), []int{3, 0}
+}
+
+func (x *MapValue_Entry) GetKey() *Value {
+	if x != nil {
+		return x.Key
+	}
+	return nil
+}
+
+func (x *MapValue_Entry) GetValue() *Value {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+var File_cel_expr_value_proto protoreflect.FileDescriptor
+
+var file_cel_expr_value_proto_rawDesc = []byte{
+	0x0a, 0x14, 0x63, 0x65, 0x6c, 0x2f, 0x65, 0x78, 0x70, 0x72, 0x2f, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72,
+	0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72,
+	0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x04, 0x0a, 0x05, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x75, 0x6c, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4e, 0x75, 0x6c, 0x6c, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x75, 0x6c, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x12, 0x1f, 0x0a, 0x0a, 0x62, 0x6f, 0x6f, 0x6c, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x09, 0x62, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x12, 0x21, 0x0a, 0x0b, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x48, 0x00, 0x52, 0x0a, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x56,
+	0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x75, 0x69, 0x6e, 0x74, 0x36, 0x34, 0x5f, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x48, 0x00, 0x52, 0x0b, 0x75, 0x69,
+	0x6e, 0x74, 0x36, 0x34, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23, 0x0a, 0x0c, 0x64, 0x6f, 0x75,
+	0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x01, 0x48,
+	0x00, 0x52, 0x0b, 0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x23,
+	0x0a, 0x0c, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0b, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0a, 0x62, 0x79, 0x74, 0x65,
+	0x73, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x34, 0x0a, 0x0a, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x63, 0x65, 0x6c,
+	0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48,
+	0x00, 0x52, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x39, 0x0a, 0x0c,
+	0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0a, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x48, 0x00, 0x52, 0x0b, 0x6f, 0x62, 0x6a, 0x65,
+	0x63, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x31, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f, 0x76,
+	0x61, 0x6c, 0x75, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x63, 0x65, 0x6c,
+	0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x4d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x48, 0x00,
+	0x52, 0x08, 0x6d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x34, 0x0a, 0x0a, 0x6c, 0x69,
+	0x73, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13,
+	0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x48, 0x00, 0x52, 0x09, 0x6c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x12, 0x1f, 0x0a, 0x0a, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x0f,
+	0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x74, 0x79, 0x70, 0x65, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x42, 0x06, 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x22, 0x35, 0x0a, 0x09, 0x45, 0x6e, 0x75,
+	0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61,
+	0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x22, 0x34, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27, 0x0a,
+	0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0f, 0x2e,
+	0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x22, 0x91, 0x01, 0x0a, 0x08, 0x4d, 0x61, 0x70, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x12, 0x32, 0x0a, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e,
+	0x4d, 0x61, 0x70, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x2e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07,
+	0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x1a, 0x51, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x21, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0f, 0x2e,
+	0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x03,
+	0x6b, 0x65, 0x79, 0x12, 0x25, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x0f, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x2e, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x2d, 0x0a, 0x0c, 0x64, 0x65,
+	0x76, 0x2e, 0x63, 0x65, 0x6c, 0x2e, 0x65, 0x78, 0x70, 0x72, 0x42, 0x0a, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x0c, 0x63, 0x65, 0x6c, 0x2e, 0x64, 0x65,
+	0x76, 0x2f, 0x65, 0x78, 0x70, 0x72, 0xf8, 0x01, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
+}
+
+var (
+	file_cel_expr_value_proto_rawDescOnce sync.Once
+	file_cel_expr_value_proto_rawDescData = file_cel_expr_value_proto_rawDesc
+)
+
+func file_cel_expr_value_proto_rawDescGZIP() []byte {
+	file_cel_expr_value_proto_rawDescOnce.Do(func() {
+		file_cel_expr_value_proto_rawDescData = protoimpl.X.CompressGZIP(file_cel_expr_value_proto_rawDescData)
+	})
+	return file_cel_expr_value_proto_rawDescData
+}
+
+var file_cel_expr_value_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_cel_expr_value_proto_goTypes = []interface{}{
+	(*Value)(nil),           // 0: cel.expr.Value
+	(*EnumValue)(nil),       // 1: cel.expr.EnumValue
+	(*ListValue)(nil),       // 2: cel.expr.ListValue
+	(*MapValue)(nil),        // 3: cel.expr.MapValue
+	(*MapValue_Entry)(nil),  // 4: cel.expr.MapValue.Entry
+	(structpb.NullValue)(0), // 5: google.protobuf.NullValue
+	(*anypb.Any)(nil),       // 6: google.protobuf.Any
+}
+var file_cel_expr_value_proto_depIdxs = []int32{
+	5, // 0: cel.expr.Value.null_value:type_name -> google.protobuf.NullValue
+	1, // 1: cel.expr.Value.enum_value:type_name -> cel.expr.EnumValue
+	6, // 2: cel.expr.Value.object_value:type_name -> google.protobuf.Any
+	3, // 3: cel.expr.Value.map_value:type_name -> cel.expr.MapValue
+	2, // 4: cel.expr.Value.list_value:type_name -> cel.expr.ListValue
+	0, // 5: cel.expr.ListValue.values:type_name -> cel.expr.Value
+	4, // 6: cel.expr.MapValue.entries:type_name -> cel.expr.MapValue.Entry
+	0, // 7: cel.expr.MapValue.Entry.key:type_name -> cel.expr.Value
+	0, // 8: cel.expr.MapValue.Entry.value:type_name -> cel.expr.Value
+	9, // [9:9] is the sub-list for method output_type
+	9, // [9:9] is the sub-list for method input_type
+	9, // [9:9] is the sub-list for extension type_name
+	9, // [9:9] is the sub-list for extension extendee
+	0, // [0:9] is the sub-list for field type_name
+}
+
+func init() { file_cel_expr_value_proto_init() }
+func file_cel_expr_value_proto_init() {
+	if File_cel_expr_value_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_cel_expr_value_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Value); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_value_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_value_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_value_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MapValue); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_cel_expr_value_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MapValue_Entry); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	file_cel_expr_value_proto_msgTypes[0].OneofWrappers = []interface{}{
+		(*Value_NullValue)(nil),
+		(*Value_BoolValue)(nil),
+		(*Value_Int64Value)(nil),
+		(*Value_Uint64Value)(nil),
+		(*Value_DoubleValue)(nil),
+		(*Value_StringValue)(nil),
+		(*Value_BytesValue)(nil),
+		(*Value_EnumValue)(nil),
+		(*Value_ObjectValue)(nil),
+		(*Value_MapValue)(nil),
+		(*Value_ListValue)(nil),
+		(*Value_TypeValue)(nil),
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_cel_expr_value_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   5,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_cel_expr_value_proto_goTypes,
+		DependencyIndexes: file_cel_expr_value_proto_depIdxs,
+		MessageInfos:      file_cel_expr_value_proto_msgTypes,
+	}.Build()
+	File_cel_expr_value_proto = out.File
+	file_cel_expr_value_proto_rawDesc = nil
+	file_cel_expr_value_proto_goTypes = nil
+	file_cel_expr_value_proto_depIdxs = nil
+}
--- a/vendor/github.com/NYTimes/gziphandler/.gitignore
+++ b/vendor/github.com/NYTimes/gziphandler/.gitignore
@ -0,0 +1 @@
+*.swp
--- a/vendor/github.com/NYTimes/gziphandler/.travis.yml
+++ b/vendor/github.com/NYTimes/gziphandler/.travis.yml
@ -0,0 +1,10 @@
+language: go
+go:
+  - 1.x
+  - tip
+env:
+  - GO111MODULE=on
+install:
+  - go mod download
+script:
+  - go test -race -v
--- a/vendor/github.com/NYTimes/gziphandler/CODE_OF_CONDUCT.md
+++ b/vendor/github.com/NYTimes/gziphandler/CODE_OF_CONDUCT.md
@ -0,0 +1,75 @@
+---
+layout: code-of-conduct
+version: v1.0
+---
+
+This code of conduct outlines our expectations for participants within the **NYTimes/gziphandler** community, as well as steps to reporting unacceptable behavior. We are committed to providing a welcoming and inspiring community for all and expect our code of conduct to be honored. Anyone who violates this code of conduct may be banned from the community.
+
+Our open source community strives to:
+
+* **Be friendly and patient.**
+* **Be welcoming**: We strive to be a community that welcomes and supports people of all backgrounds and identities. This includes, but is not limited to members of any race, ethnicity, culture, national origin, colour, immigration status, social and economic class, educational level, sex, sexual orientation, gender identity and expression, age, size, family status, political belief, religion, and mental and physical ability.
+* **Be considerate**: Your work will be used by other people, and you in turn will depend on the work of others. Any decision you take will affect users and colleagues, and you should take those consequences into account when making decisions. Remember that we're a world-wide community, so you might not be communicating in someone else's primary language.
+* **Be respectful**:  Not all of us will agree all the time, but disagreement is no excuse for poor behavior and poor manners. We might all experience some frustration now and then, but we cannot allow that frustration to turn into a personal attack. It’s important to remember that a community where people feel uncomfortable or threatened is not a productive one.
+* **Be careful in the words that we choose**: we are a community of professionals, and we conduct ourselves professionally. Be kind to others. Do not insult or put down other participants. Harassment and other exclusionary behavior aren't acceptable.
+* **Try to understand why we disagree**: Disagreements, both social and technical, happen all the time. It is important that we resolve disagreements and differing views constructively. Remember that we’re different. The strength of our community comes from its diversity, people from a wide range of backgrounds. Different people have different perspectives on issues. Being unable to understand why someone holds a viewpoint doesn’t mean that they’re wrong. Don’t forget that it is human to err and blaming each other doesn’t get us anywhere. Instead, focus on helping to resolve issues and learning from mistakes.
+
+## Definitions
+
+Harassment includes, but is not limited to:
+
+- Offensive comments related to gender, gender identity and expression, sexual orientation, disability, mental illness, neuro(a)typicality, physical appearance, body size, race, age, regional discrimination, political or religious affiliation
+- Unwelcome comments regarding a person’s lifestyle choices and practices, including those related to food, health, parenting, drugs, and employment
+- Deliberate misgendering. This includes deadnaming or persistently using a pronoun that does not correctly reflect a person's gender identity. You must address people by the name they give you when not addressing them by their username or handle
+- Physical contact and simulated physical contact (eg, textual descriptions like “*hug*” or “*backrub*”) without consent or after a request to stop
+- Threats of violence, both physical and psychological
+- Incitement of violence towards any individual, including encouraging a person to commit suicide or to engage in self-harm
+- Deliberate intimidation
+- Stalking or following
+- Harassing photography or recording, including logging online activity for harassment purposes
+- Sustained disruption of discussion
+- Unwelcome sexual attention, including gratuitous or off-topic sexual images or behaviour
+- Pattern of inappropriate social contact, such as requesting/assuming inappropriate levels of intimacy with others
+- Continued one-on-one communication after requests to cease
+- Deliberate “outing” of any aspect of a person’s identity without their consent except as necessary to protect others from intentional abuse
+- Publication of non-harassing private communication
+
+Our open source community prioritizes marginalized people’s safety over privileged people’s comfort. We will not act on complaints regarding:
+
+- ‘Reverse’ -isms, including ‘reverse racism,’ ‘reverse sexism,’ and ‘cisphobia’
+- Reasonable communication of boundaries, such as “leave me alone,” “go away,” or “I’m not discussing this with you”
+- Refusal to explain or debate social justice concepts
+- Communicating in a ‘tone’ you don’t find congenial
+- Criticizing racist, sexist, cissexist, or otherwise oppressive behavior or assumptions
+
+
+### Diversity Statement
+
+We encourage everyone to participate and are committed to building a community for all. Although we will fail at times, we seek to treat everyone both as fairly and equally as possible. Whenever a participant has made a mistake, we expect them to take responsibility for it. If someone has been harmed or offended, it is our responsibility to listen carefully and respectfully, and do our best to right the wrong.
+
+Although this list cannot be exhaustive, we explicitly honor diversity in age, gender, gender identity or expression, culture, ethnicity, language, national origin, political beliefs, profession, race, religion, sexual orientation, socioeconomic status, and technical ability. We will not tolerate discrimination based on any of the protected
+characteristics above, including participants with disabilities.
+
+### Reporting Issues
+
+If you experience or witness unacceptable behavior—or have any other concerns—please report it by contacting us via **code@nytimes.com**. All reports will be handled with discretion. In your report please include:
+
+- Your contact information.
+- Names (real, nicknames, or pseudonyms) of any individuals involved. If there are additional witnesses, please
+include them as well. Your account of what occurred, and if you believe the incident is ongoing. If there is a publicly available record (e.g. a mailing list archive or a public IRC logger), please include a link.
+- Any additional information that may be helpful.
+
+After filing a report, a representative will contact you personally, review the incident, follow up with any additional questions, and make a decision as to how to respond. If the person who is harassing you is part of the response team, they will recuse themselves from handling your incident. If the complaint originates from a member of the response team, it will be handled by a different member of the response team. We will respect confidentiality requests for the purpose of protecting victims of abuse.
+
+### Attribution & Acknowledgements
+
+We all stand on the shoulders of giants across many open source communities.  We'd like to thank the communities and projects that established code of conducts and diversity statements as our inspiration:
+
+* [Django](https://www.djangoproject.com/conduct/reporting/)
+* [Python](https://www.python.org/community/diversity/)
+* [Ubuntu](http://www.ubuntu.com/about/about-ubuntu/conduct)
+* [Contributor Covenant](http://contributor-covenant.org/)
+* [Geek Feminism](http://geekfeminism.org/about/code-of-conduct/)
+* [Citizen Code of Conduct](http://citizencodeofconduct.org/)
+
+This Code of Conduct was based on https://github.com/todogroup/opencodeofconduct
--- a/vendor/github.com/NYTimes/gziphandler/CONTRIBUTING.md
+++ b/vendor/github.com/NYTimes/gziphandler/CONTRIBUTING.md
@ -0,0 +1,30 @@
+# Contributing to NYTimes/gziphandler
+
+This is an open source project started by handful of developers at The New York Times and open to the entire Go community.
+
+We really appreciate your help!
+
+## Filing issues
+
+When filing an issue, make sure to answer these five questions:
+
+1. What version of Go are you using (`go version`)?
+2. What operating system and processor architecture are you using?
+3. What did you do?
+4. What did you expect to see?
+5. What did you see instead?
+
+## Contributing code
+
+Before submitting changes, please follow these guidelines:
+
+1. Check the open issues and pull requests for existing discussions.
+2. Open an issue to discuss a new feature.
+3. Write tests.
+4. Make sure code follows the ['Go Code Review Comments'](https://github.com/golang/go/wiki/CodeReviewComments).
+5. Make sure your changes pass `go test`.
+6. Make sure the entire test suite passes locally and on Travis CI.
+7. Open a Pull Request.
+8. [Squash your commits](http://gitready.com/advanced/2009/02/10/squashing-commits-with-rebase.html) after receiving feedback and add a [great commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
+
+Unless otherwise noted, the gziphandler source files are distributed under the Apache 2.0-style license found in the LICENSE.md file.
--- a/vendor/github.com/NYTimes/gziphandler/LICENSE
+++ b/vendor/github.com/NYTimes/gziphandler/LICENSE
@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2016-2017 The New York Times Company
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- a/vendor/github.com/NYTimes/gziphandler/README.md
+++ b/vendor/github.com/NYTimes/gziphandler/README.md
@ -0,0 +1,56 @@
+Gzip Handler
+============
+
+This is a tiny Go package which wraps HTTP handlers to transparently gzip the
+response body, for clients which support it. Although it's usually simpler to
+leave that to a reverse proxy (like nginx or Varnish), this package is useful
+when that's undesirable.
+
+## Install
+```bash
+go get -u github.com/NYTimes/gziphandler
+```
+
+## Usage
+
+Call `GzipHandler` with any handler (an object which implements the
+`http.Handler` interface), and it'll return a new handler which gzips the
+response. For example:
+
+```go
+package main
+
+import (
+	"io"
+	"net/http"
+	"github.com/NYTimes/gziphandler"
+)
+
+func main() {
+	withoutGz := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "text/plain")
+		io.WriteString(w, "Hello, World")
+	})
+
+	withGz := gziphandler.GzipHandler(withoutGz)
+
+	http.Handle("/", withGz)
+	http.ListenAndServe("0.0.0.0:8000", nil)
+}
+```
+
+
+## Documentation
+
+The docs can be found at [godoc.org][docs], as usual.
+
+
+## License
+
+[Apache 2.0][license].
+
+
+
+
+[docs]:     https://godoc.org/github.com/NYTimes/gziphandler
+[license]:  https://github.com/NYTimes/gziphandler/blob/master/LICENSE
--- a/vendor/github.com/NYTimes/gziphandler/gzip.go
+++ b/vendor/github.com/NYTimes/gziphandler/gzip.go
@ -0,0 +1,532 @@
+package gziphandler // import "github.com/NYTimes/gziphandler"
+
+import (
+	"bufio"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"mime"
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+	"sync"
+)
+
+const (
+	vary            = "Vary"
+	acceptEncoding  = "Accept-Encoding"
+	contentEncoding = "Content-Encoding"
+	contentType     = "Content-Type"
+	contentLength   = "Content-Length"
+)
+
+type codings map[string]float64
+
+const (
+	// DefaultQValue is the default qvalue to assign to an encoding if no explicit qvalue is set.
+	// This is actually kind of ambiguous in RFC 2616, so hopefully it's correct.
+	// The examples seem to indicate that it is.
+	DefaultQValue = 1.0
+
+	// DefaultMinSize is the default minimum size until we enable gzip compression.
+	// 1500 bytes is the MTU size for the internet since that is the largest size allowed at the network layer.
+	// If you take a file that is 1300 bytes and compress it to 800 bytes, it’s still transmitted in that same 1500 byte packet regardless, so you’ve gained nothing.
+	// That being the case, you should restrict the gzip compression to files with a size greater than a single packet, 1400 bytes (1.4KB) is a safe value.
+	DefaultMinSize = 1400
+)
+
+// gzipWriterPools stores a sync.Pool for each compression level for reuse of
+// gzip.Writers. Use poolIndex to covert a compression level to an index into
+// gzipWriterPools.
+var gzipWriterPools [gzip.BestCompression - gzip.BestSpeed + 2]*sync.Pool
+
+func init() {
+	for i := gzip.BestSpeed; i <= gzip.BestCompression; i++ {
+		addLevelPool(i)
+	}
+	addLevelPool(gzip.DefaultCompression)
+}
+
+// poolIndex maps a compression level to its index into gzipWriterPools. It
+// assumes that level is a valid gzip compression level.
+func poolIndex(level int) int {
+	// gzip.DefaultCompression == -1, so we need to treat it special.
+	if level == gzip.DefaultCompression {
+		return gzip.BestCompression - gzip.BestSpeed + 1
+	}
+	return level - gzip.BestSpeed
+}
+
+func addLevelPool(level int) {
+	gzipWriterPools[poolIndex(level)] = &sync.Pool{
+		New: func() interface{} {
+			// NewWriterLevel only returns error on a bad level, we are guaranteeing
+			// that this will be a valid level so it is okay to ignore the returned
+			// error.
+			w, _ := gzip.NewWriterLevel(nil, level)
+			return w
+		},
+	}
+}
+
+// GzipResponseWriter provides an http.ResponseWriter interface, which gzips
+// bytes before writing them to the underlying response. This doesn't close the
+// writers, so don't forget to do that.
+// It can be configured to skip response smaller than minSize.
+type GzipResponseWriter struct {
+	http.ResponseWriter
+	index int // Index for gzipWriterPools.
+	gw    *gzip.Writer
+
+	code int // Saves the WriteHeader value.
+
+	minSize int    // Specifed the minimum response size to gzip. If the response length is bigger than this value, it is compressed.
+	buf     []byte // Holds the first part of the write before reaching the minSize or the end of the write.
+	ignore  bool   // If true, then we immediately passthru writes to the underlying ResponseWriter.
+
+	contentTypes []parsedContentType // Only compress if the response is one of these content-types. All are accepted if empty.
+}
+
+type GzipResponseWriterWithCloseNotify struct {
+	*GzipResponseWriter
+}
+
+func (w GzipResponseWriterWithCloseNotify) CloseNotify() <-chan bool {
+	return w.ResponseWriter.(http.CloseNotifier).CloseNotify()
+}
+
+// Write appends data to the gzip writer.
+func (w *GzipResponseWriter) Write(b []byte) (int, error) {
+	// GZIP responseWriter is initialized. Use the GZIP responseWriter.
+	if w.gw != nil {
+		return w.gw.Write(b)
+	}
+
+	// If we have already decided not to use GZIP, immediately passthrough.
+	if w.ignore {
+		return w.ResponseWriter.Write(b)
+	}
+
+	// Save the write into a buffer for later use in GZIP responseWriter (if content is long enough) or at close with regular responseWriter.
+	// On the first write, w.buf changes from nil to a valid slice
+	w.buf = append(w.buf, b...)
+
+	var (
+		cl, _ = strconv.Atoi(w.Header().Get(contentLength))
+		ct    = w.Header().Get(contentType)
+		ce    = w.Header().Get(contentEncoding)
+	)
+	// Only continue if they didn't already choose an encoding or a known unhandled content length or type.
+	if ce == "" && (cl == 0 || cl >= w.minSize) && (ct == "" || handleContentType(w.contentTypes, ct)) {
+		// If the current buffer is less than minSize and a Content-Length isn't set, then wait until we have more data.
+		if len(w.buf) < w.minSize && cl == 0 {
+			return len(b), nil
+		}
+		// If the Content-Length is larger than minSize or the current buffer is larger than minSize, then continue.
+		if cl >= w.minSize || len(w.buf) >= w.minSize {
+			// If a Content-Type wasn't specified, infer it from the current buffer.
+			if ct == "" {
+				ct = http.DetectContentType(w.buf)
+				w.Header().Set(contentType, ct)
+			}
+			// If the Content-Type is acceptable to GZIP, initialize the GZIP writer.
+			if handleContentType(w.contentTypes, ct) {
+				if err := w.startGzip(); err != nil {
+					return 0, err
+				}
+				return len(b), nil
+			}
+		}
+	}
+	// If we got here, we should not GZIP this response.
+	if err := w.startPlain(); err != nil {
+		return 0, err
+	}
+	return len(b), nil
+}
+
+// startGzip initializes a GZIP writer and writes the buffer.
+func (w *GzipResponseWriter) startGzip() error {
+	// Set the GZIP header.
+	w.Header().Set(contentEncoding, "gzip")
+
+	// if the Content-Length is already set, then calls to Write on gzip
+	// will fail to set the Content-Length header since its already set
+	// See: https://github.com/golang/go/issues/14975.
+	w.Header().Del(contentLength)
+
+	// Write the header to gzip response.
+	if w.code != 0 {
+		w.ResponseWriter.WriteHeader(w.code)
+		// Ensure that no other WriteHeader's happen
+		w.code = 0
+	}
+
+	// Initialize and flush the buffer into the gzip response if there are any bytes.
+	// If there aren't any, we shouldn't initialize it yet because on Close it will
+	// write the gzip header even if nothing was ever written.
+	if len(w.buf) > 0 {
+		// Initialize the GZIP response.
+		w.init()
+		n, err := w.gw.Write(w.buf)
+
+		// This should never happen (per io.Writer docs), but if the write didn't
+		// accept the entire buffer but returned no specific error, we have no clue
+		// what's going on, so abort just to be safe.
+		if err == nil && n < len(w.buf) {
+			err = io.ErrShortWrite
+		}
+		return err
+	}
+	return nil
+}
+
+// startPlain writes to sent bytes and buffer the underlying ResponseWriter without gzip.
+func (w *GzipResponseWriter) startPlain() error {
+	if w.code != 0 {
+		w.ResponseWriter.WriteHeader(w.code)
+		// Ensure that no other WriteHeader's happen
+		w.code = 0
+	}
+	w.ignore = true
+	// If Write was never called then don't call Write on the underlying ResponseWriter.
+	if w.buf == nil {
+		return nil
+	}
+	n, err := w.ResponseWriter.Write(w.buf)
+	w.buf = nil
+	// This should never happen (per io.Writer docs), but if the write didn't
+	// accept the entire buffer but returned no specific error, we have no clue
+	// what's going on, so abort just to be safe.
+	if err == nil && n < len(w.buf) {
+		err = io.ErrShortWrite
+	}
+	return err
+}
+
+// WriteHeader just saves the response code until close or GZIP effective writes.
+func (w *GzipResponseWriter) WriteHeader(code int) {
+	if w.code == 0 {
+		w.code = code
+	}
+}
+
+// init graps a new gzip writer from the gzipWriterPool and writes the correct
+// content encoding header.
+func (w *GzipResponseWriter) init() {
+	// Bytes written during ServeHTTP are redirected to this gzip writer
+	// before being written to the underlying response.
+	gzw := gzipWriterPools[w.index].Get().(*gzip.Writer)
+	gzw.Reset(w.ResponseWriter)
+	w.gw = gzw
+}
+
+// Close will close the gzip.Writer and will put it back in the gzipWriterPool.
+func (w *GzipResponseWriter) Close() error {
+	if w.ignore {
+		return nil
+	}
+
+	if w.gw == nil {
+		// GZIP not triggered yet, write out regular response.
+		err := w.startPlain()
+		// Returns the error if any at write.
+		if err != nil {
+			err = fmt.Errorf("gziphandler: write to regular responseWriter at close gets error: %q", err.Error())
+		}
+		return err
+	}
+
+	err := w.gw.Close()
+	gzipWriterPools[w.index].Put(w.gw)
+	w.gw = nil
+	return err
+}
+
+// Flush flushes the underlying *gzip.Writer and then the underlying
+// http.ResponseWriter if it is an http.Flusher. This makes GzipResponseWriter
+// an http.Flusher.
+func (w *GzipResponseWriter) Flush() {
+	if w.gw == nil && !w.ignore {
+		// Only flush once startGzip or startPlain has been called.
+		//
+		// Flush is thus a no-op until we're certain whether a plain
+		// or gzipped response will be served.
+		return
+	}
+
+	if w.gw != nil {
+		w.gw.Flush()
+	}
+
+	if fw, ok := w.ResponseWriter.(http.Flusher); ok {
+		fw.Flush()
+	}
+}
+
+// Hijack implements http.Hijacker. If the underlying ResponseWriter is a
+// Hijacker, its Hijack method is returned. Otherwise an error is returned.
+func (w *GzipResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
+	if hj, ok := w.ResponseWriter.(http.Hijacker); ok {
+		return hj.Hijack()
+	}
+	return nil, nil, fmt.Errorf("http.Hijacker interface is not supported")
+}
+
+// verify Hijacker interface implementation
+var _ http.Hijacker = &GzipResponseWriter{}
+
+// MustNewGzipLevelHandler behaves just like NewGzipLevelHandler except that in
+// an error case it panics rather than returning an error.
+func MustNewGzipLevelHandler(level int) func(http.Handler) http.Handler {
+	wrap, err := NewGzipLevelHandler(level)
+	if err != nil {
+		panic(err)
+	}
+	return wrap
+}
+
+// NewGzipLevelHandler returns a wrapper function (often known as middleware)
+// which can be used to wrap an HTTP handler to transparently gzip the response
+// body if the client supports it (via the Accept-Encoding header). Responses will
+// be encoded at the given gzip compression level. An error will be returned only
+// if an invalid gzip compression level is given, so if one can ensure the level
+// is valid, the returned error can be safely ignored.
+func NewGzipLevelHandler(level int) (func(http.Handler) http.Handler, error) {
+	return NewGzipLevelAndMinSize(level, DefaultMinSize)
+}
+
+// NewGzipLevelAndMinSize behave as NewGzipLevelHandler except it let the caller
+// specify the minimum size before compression.
+func NewGzipLevelAndMinSize(level, minSize int) (func(http.Handler) http.Handler, error) {
+	return GzipHandlerWithOpts(CompressionLevel(level), MinSize(minSize))
+}
+
+func GzipHandlerWithOpts(opts ...option) (func(http.Handler) http.Handler, error) {
+	c := &config{
+		level:   gzip.DefaultCompression,
+		minSize: DefaultMinSize,
+	}
+
+	for _, o := range opts {
+		o(c)
+	}
+
+	if err := c.validate(); err != nil {
+		return nil, err
+	}
+
+	return func(h http.Handler) http.Handler {
+		index := poolIndex(c.level)
+
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Add(vary, acceptEncoding)
+			if acceptsGzip(r) {
+				gw := &GzipResponseWriter{
+					ResponseWriter: w,
+					index:          index,
+					minSize:        c.minSize,
+					contentTypes:   c.contentTypes,
+				}
+				defer gw.Close()
+
+				if _, ok := w.(http.CloseNotifier); ok {
+					gwcn := GzipResponseWriterWithCloseNotify{gw}
+					h.ServeHTTP(gwcn, r)
+				} else {
+					h.ServeHTTP(gw, r)
+				}
+
+			} else {
+				h.ServeHTTP(w, r)
+			}
+		})
+	}, nil
+}
+
+// Parsed representation of one of the inputs to ContentTypes.
+// See https://golang.org/pkg/mime/#ParseMediaType
+type parsedContentType struct {
+	mediaType string
+	params    map[string]string
+}
+
+// equals returns whether this content type matches another content type.
+func (pct parsedContentType) equals(mediaType string, params map[string]string) bool {
+	if pct.mediaType != mediaType {
+		return false
+	}
+	// if pct has no params, don't care about other's params
+	if len(pct.params) == 0 {
+		return true
+	}
+
+	// if pct has any params, they must be identical to other's.
+	if len(pct.params) != len(params) {
+		return false
+	}
+	for k, v := range pct.params {
+		if w, ok := params[k]; !ok || v != w {
+			return false
+		}
+	}
+	return true
+}
+
+// Used for functional configuration.
+type config struct {
+	minSize      int
+	level        int
+	contentTypes []parsedContentType
+}
+
+func (c *config) validate() error {
+	if c.level != gzip.DefaultCompression && (c.level < gzip.BestSpeed || c.level > gzip.BestCompression) {
+		return fmt.Errorf("invalid compression level requested: %d", c.level)
+	}
+
+	if c.minSize < 0 {
+		return fmt.Errorf("minimum size must be more than zero")
+	}
+
+	return nil
+}
+
+type option func(c *config)
+
+func MinSize(size int) option {
+	return func(c *config) {
+		c.minSize = size
+	}
+}
+
+func CompressionLevel(level int) option {
+	return func(c *config) {
+		c.level = level
+	}
+}
+
+// ContentTypes specifies a list of content types to compare
+// the Content-Type header to before compressing. If none
+// match, the response will be returned as-is.
+//
+// Content types are compared in a case-insensitive, whitespace-ignored
+// manner.
+//
+// A MIME type without any other directive will match a content type
+// that has the same MIME type, regardless of that content type's other
+// directives. I.e., "text/html" will match both "text/html" and
+// "text/html; charset=utf-8".
+//
+// A MIME type with any other directive will only match a content type
+// that has the same MIME type and other directives. I.e.,
+// "text/html; charset=utf-8" will only match "text/html; charset=utf-8".
+//
+// By default, responses are gzipped regardless of
+// Content-Type.
+func ContentTypes(types []string) option {
+	return func(c *config) {
+		c.contentTypes = []parsedContentType{}
+		for _, v := range types {
+			mediaType, params, err := mime.ParseMediaType(v)
+			if err == nil {
+				c.contentTypes = append(c.contentTypes, parsedContentType{mediaType, params})
+			}
+		}
+	}
+}
+
+// GzipHandler wraps an HTTP handler, to transparently gzip the response body if
+// the client supports it (via the Accept-Encoding header). This will compress at
+// the default compression level.
+func GzipHandler(h http.Handler) http.Handler {
+	wrapper, _ := NewGzipLevelHandler(gzip.DefaultCompression)
+	return wrapper(h)
+}
+
+// acceptsGzip returns true if the given HTTP request indicates that it will
+// accept a gzipped response.
+func acceptsGzip(r *http.Request) bool {
+	acceptedEncodings, _ := parseEncodings(r.Header.Get(acceptEncoding))
+	return acceptedEncodings["gzip"] > 0.0
+}
+
+// returns true if we've been configured to compress the specific content type.
+func handleContentType(contentTypes []parsedContentType, ct string) bool {
+	// If contentTypes is empty we handle all content types.
+	if len(contentTypes) == 0 {
+		return true
+	}
+
+	mediaType, params, err := mime.ParseMediaType(ct)
+	if err != nil {
+		return false
+	}
+
+	for _, c := range contentTypes {
+		if c.equals(mediaType, params) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// parseEncodings attempts to parse a list of codings, per RFC 2616, as might
+// appear in an Accept-Encoding header. It returns a map of content-codings to
+// quality values, and an error containing the errors encountered. It's probably
+// safe to ignore those, because silently ignoring errors is how the internet
+// works.
+//
+// See: http://tools.ietf.org/html/rfc2616#section-14.3.
+func parseEncodings(s string) (codings, error) {
+	c := make(codings)
+	var e []string
+
+	for _, ss := range strings.Split(s, ",") {
+		coding, qvalue, err := parseCoding(ss)
+
+		if err != nil {
+			e = append(e, err.Error())
+		} else {
+			c[coding] = qvalue
+		}
+	}
+
+	// TODO (adammck): Use a proper multi-error struct, so the individual errors
+	//                 can be extracted if anyone cares.
+	if len(e) > 0 {
+		return c, fmt.Errorf("errors while parsing encodings: %s", strings.Join(e, ", "))
+	}
+
+	return c, nil
+}
+
+// parseCoding parses a single conding (content-coding with an optional qvalue),
+// as might appear in an Accept-Encoding header. It attempts to forgive minor
+// formatting errors.
+func parseCoding(s string) (coding string, qvalue float64, err error) {
+	for n, part := range strings.Split(s, ";") {
+		part = strings.TrimSpace(part)
+		qvalue = DefaultQValue
+
+		if n == 0 {
+			coding = strings.ToLower(part)
+		} else if strings.HasPrefix(part, "q=") {
+			qvalue, err = strconv.ParseFloat(strings.TrimPrefix(part, "q="), 64)
+
+			if qvalue < 0.0 {
+				qvalue = 0.0
+			} else if qvalue > 1.0 {
+				qvalue = 1.0
+			}
+		}
+	}
+
+	if coding == "" {
+		err = fmt.Errorf("empty content-coding")
+	}
+
+	return
+}
--- a/vendor/github.com/NYTimes/gziphandler/gzip_go18.go
+++ b/vendor/github.com/NYTimes/gziphandler/gzip_go18.go
@ -0,0 +1,43 @@
+// +build go1.8
+
+package gziphandler
+
+import "net/http"
+
+// Push initiates an HTTP/2 server push.
+// Push returns ErrNotSupported if the client has disabled push or if push
+// is not supported on the underlying connection.
+func (w *GzipResponseWriter) Push(target string, opts *http.PushOptions) error {
+	pusher, ok := w.ResponseWriter.(http.Pusher)
+	if ok && pusher != nil {
+		return pusher.Push(target, setAcceptEncodingForPushOptions(opts))
+	}
+	return http.ErrNotSupported
+}
+
+// setAcceptEncodingForPushOptions sets "Accept-Encoding" : "gzip" for PushOptions without overriding existing headers.
+func setAcceptEncodingForPushOptions(opts *http.PushOptions) *http.PushOptions {
+
+	if opts == nil {
+		opts = &http.PushOptions{
+			Header: http.Header{
+				acceptEncoding: []string{"gzip"},
+			},
+		}
+		return opts
+	}
+
+	if opts.Header == nil {
+		opts.Header = http.Header{
+			acceptEncoding: []string{"gzip"},
+		}
+		return opts
+	}
+
+	if encoding := opts.Header.Get(acceptEncoding); encoding == "" {
+		opts.Header.Add(acceptEncoding, "gzip")
+		return opts
+	}
+
+	return opts
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/.gitignore
+++ b/vendor/github.com/antlr4-go/antlr/v4/.gitignore
@ -0,0 +1,18 @@
+### Go template
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+
+# Go workspace file
+go.work
+
+# No Goland stuff in this repo
+.idea
--- a/vendor/github.com/antlr4-go/antlr/v4/LICENSE
+++ b/vendor/github.com/antlr4-go/antlr/v4/LICENSE
@ -0,0 +1,28 @@
+Copyright (c) 2012-2023 The ANTLR Project. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+3. Neither name of copyright holders nor the names of its contributors
+may be used to endorse or promote products derived from this software
+without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/antlr4-go/antlr/v4/README.md
+++ b/vendor/github.com/antlr4-go/antlr/v4/README.md
@ -0,0 +1,54 @@
+[![Go Report Card](https://goreportcard.com/badge/github.com/antlr4-go/antlr?style=flat-square)](https://goreportcard.com/report/github.com/antlr4-go/antlr)
+[![PkgGoDev](https://pkg.go.dev/badge/github.com/github.com/antlr4-go/antlr)](https://pkg.go.dev/github.com/antlr4-go/antlr)
+[![Release](https://img.shields.io/github/v/release/antlr4-go/antlr?sort=semver&style=flat-square)](https://github.com/antlr4-go/antlr/releases/latest)
+[![Release](https://img.shields.io/github/go-mod/go-version/antlr4-go/antlr?style=flat-square)](https://github.com/antlr4-go/antlr/releases/latest)
+[![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg?style=flat-square)](https://github.com/antlr4-go/antlr/commit-activity)
+[![License](https://img.shields.io/badge/License-BSD_3--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause)
+[![GitHub stars](https://img.shields.io/github/stars/antlr4-go/antlr?style=flat-square&label=Star&maxAge=2592000)](https://GitHub.com/Naereen/StrapDown.js/stargazers/)
+# ANTLR4 Go Runtime Module Repo
+
+IMPORTANT: Please submit PRs via a clone of the https://github.com/antlr/antlr4 repo, and not here.
+
+  - Do not submit PRs or any change requests to this repo
+  - This repo is read only and is updated by the ANTLR team to create a new release of the Go Runtime for ANTLR
+  - This repo contains the Go runtime that your generated projects should import
+
+## Introduction
+
+This repo contains the official modules for the Go Runtime for ANTLR. It is a copy of the runtime maintained
+at: https://github.com/antlr/antlr4/tree/master/runtime/Go/antlr and is automatically updated by the ANTLR team to create
+the official Go runtime release only. No development work is carried out in this repo and PRs are not accepted here.
+
+The dev branch of this repo is kept in sync with the dev branch of the main ANTLR repo and is updated periodically.
+
+### Why?
+
+The `go get` command is unable to retrieve the Go runtime when it is embedded so
+deeply in the main repo. A `go get` against the `antlr/antlr4` repo, while retrieving the correct source code for the runtime,
+does not correctly resolve tags and will create a reference in your `go.mod` file that is unclear, will not upgrade smoothly and
+causes confusion.
+
+For instance, the current Go runtime release, which is tagged with v4.13.0 in `antlr/antlr4` is retrieved by go get as:
+
+```sh
+require (
+	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230219212500-1f9a474cc2dc
+)
+```
+
+Where you would expect to see:
+
+```sh
+require (
+    github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.13.0
+)
+```
+
+The decision was taken to create a separate org in a separate repo to hold the official Go runtime for ANTLR and
+from whence users can expect `go get` to behave as expected.
+
+
+# Documentation
+Please read the official documentation at: https://github.com/antlr/antlr4/blob/master/doc/index.md for tips on
+migrating existing projects to use the new module location and for information on how to use the Go runtime in
+general.
--- a/vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/antlrdoc.go
@ -0,0 +1,102 @@
+/*
+Package antlr implements the Go version of the ANTLR 4 runtime.
+
+# The ANTLR Tool
+
+ANTLR (ANother Tool for Language Recognition) is a powerful parser generator for reading, processing, executing,
+or translating structured text or binary files. It's widely used to build languages, tools, and frameworks.
+From a grammar, ANTLR generates a parser that can build parse trees and also generates a listener interface
+(or visitor) that makes it easy to respond to the recognition of phrases of interest.
+
+# Go Runtime
+
+At version 4.11.x and prior, the Go runtime was not properly versioned for go modules. After this point, the runtime
+source code to be imported was held in the `runtime/Go/antlr/v4` directory, and the go.mod file was updated to reflect the version of
+ANTLR4 that it is compatible with (I.E. uses the /v4 path).
+
+However, this was found to be problematic, as it meant that with the runtime embedded so far underneath the root
+of the repo, the `go get` and related commands could not properly resolve the location of the go runtime source code.
+This meant that the reference to the runtime in your `go.mod` file would refer to the correct source code, but would not
+list the release tag such as @4.12.0 - this was confusing, to say the least.
+
+As of 4.12.1, the runtime is now available as a go module in its own repo, and can be imported as `github.com/antlr4-go/antlr`
+(the go get command should also be used with this path). See the main documentation for the ANTLR4 project for more information,
+which is available at [ANTLR docs]. The documentation for using the Go runtime is available at [Go runtime docs].
+
+This means that if you are using the source code without modules, you should also use the source code in the [new repo].
+Though we highly recommend that you use go modules, as they are now idiomatic for Go.
+
+I am aware that this change will prove Hyrum's Law, but am prepared to live with it for the common good.
+
+Go runtime author: [Jim Idle] jimi@idle.ws
+
+# Code Generation
+
+ANTLR supports the generation of code in a number of [target languages], and the generated code is supported by a
+runtime library, written specifically to support the generated code in the target language. This library is the
+runtime for the Go target.
+
+To generate code for the go target, it is generally recommended to place the source grammar files in a package of
+their own, and use the `.sh` script method of generating code, using the go generate directive. In that same directory
+it is usual, though not required, to place the antlr tool that should be used to generate the code. That does mean
+that the antlr tool JAR file will be checked in to your source code control though, so you are, of course, free to use any other
+way of specifying the version of the ANTLR tool to use, such as aliasing in `.zshrc` or equivalent, or a profile in
+your IDE, or configuration in your CI system. Checking in the jar does mean that it is easy to reproduce the build as
+it was at any point in its history.
+
+Here is a general/recommended template for an ANTLR based recognizer in Go:
+
+	.
+	├── parser
+	│     ├── mygrammar.g4
+	│     ├── antlr-4.12.1-complete.jar
+	│     ├── generate.go
+	│     └── generate.sh
+	├── parsing   - generated code goes here
+	│     └── error_listeners.go
+	├── go.mod
+	├── go.sum
+	├── main.go
+	└── main_test.go
+
+Make sure that the package statement in your grammar file(s) reflects the go package the generated code will exist in.
+
+The generate.go file then looks like this:
+
+	package parser
+
+	//go:generate ./generate.sh
+
+And the generate.sh file will look similar to this:
+
+	#!/bin/sh
+
+	alias antlr4='java -Xmx500M -cp "./antlr4-4.12.1-complete.jar:$CLASSPATH" org.antlr.v4.Tool'
+	antlr4 -Dlanguage=Go -no-visitor -package parsing *.g4
+
+depending on whether you want visitors or listeners or any other ANTLR options. Not that another option here
+is to generate the code into a
+
+From the command line at the root of your source package (location of go.mo)d) you can then simply issue the command:
+
+	go generate ./...
+
+Which will generate the code for the parser, and place it in the parsing package. You can then use the generated code
+by importing the parsing package.
+
+There are no hard and fast rules on this. It is just a recommendation. You can generate the code in any way and to anywhere you like.
+
+# Copyright Notice
+
+Copyright (c) 2012-2023 The ANTLR Project. All rights reserved.
+
+Use of this file is governed by the BSD 3-clause license, which can be found in the [LICENSE.txt] file in the project root.
+
+[target languages]: https://github.com/antlr/antlr4/tree/master/runtime
+[LICENSE.txt]: https://github.com/antlr/antlr4/blob/master/LICENSE.txt
+[ANTLR docs]: https://github.com/antlr/antlr4/blob/master/doc/index.md
+[new repo]: https://github.com/antlr4-go/antlr
+[Jim Idle]: https://github.com/jimidle
+[Go runtime docs]: https://github.com/antlr/antlr4/blob/master/doc/go-target.md
+*/
+package antlr
--- a/vendor/github.com/antlr4-go/antlr/v4/atn.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn.go
@ -0,0 +1,179 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import "sync"
+
+// ATNInvalidAltNumber is used to represent an ALT number that has yet to be calculated or
+// which is invalid for a particular struct such as [*antlr.BaseRuleContext]
+var ATNInvalidAltNumber int
+
+// ATN represents an “[Augmented Transition Network]”, though general in ANTLR the term
+// “Augmented Recursive Transition Network” though there are some descriptions of “[Recursive Transition Network]”
+// in existence.
+//
+// ATNs represent the main networks in the system and are serialized by the code generator and support [ALL(*)].
+//
+// [Augmented Transition Network]: https://en.wikipedia.org/wiki/Augmented_transition_network
+// [ALL(*)]: https://www.antlr.org/papers/allstar-techreport.pdf
+// [Recursive Transition Network]: https://en.wikipedia.org/wiki/Recursive_transition_network
+type ATN struct {
+
+	// DecisionToState is the decision points for all rules, sub-rules, optional
+	// blocks, ()+, ()*, etc. Each sub-rule/rule is a decision point, and we must track them, so we
+	// can go back later and build DFA predictors for them.  This includes
+	// all the rules, sub-rules, optional blocks, ()+, ()* etc...
+	DecisionToState []DecisionState
+
+	// grammarType is the ATN type and is used for deserializing ATNs from strings.
+	grammarType int
+
+	// lexerActions is referenced by action transitions in the ATN for lexer ATNs.
+	lexerActions []LexerAction
+
+	// maxTokenType is the maximum value for any symbol recognized by a transition in the ATN.
+	maxTokenType int
+
+	modeNameToStartState map[string]*TokensStartState
+
+	modeToStartState []*TokensStartState
+
+	// ruleToStartState maps from rule index to starting state number.
+	ruleToStartState []*RuleStartState
+
+	// ruleToStopState maps from rule index to stop state number.
+	ruleToStopState []*RuleStopState
+
+	// ruleToTokenType maps the rule index to the resulting token type for lexer
+	// ATNs. For parser ATNs, it maps the rule index to the generated bypass token
+	// type if ATNDeserializationOptions.isGenerateRuleBypassTransitions was
+	// specified, and otherwise is nil.
+	ruleToTokenType []int
+
+	// ATNStates is a list of all states in the ATN, ordered by state number.
+	//
+	states []ATNState
+
+	mu      sync.Mutex
+	stateMu sync.RWMutex
+	edgeMu  sync.RWMutex
+}
+
+// NewATN returns a new ATN struct representing the given grammarType and is used
+// for runtime deserialization of ATNs from the code generated by the ANTLR tool
+func NewATN(grammarType int, maxTokenType int) *ATN {
+	return &ATN{
+		grammarType:          grammarType,
+		maxTokenType:         maxTokenType,
+		modeNameToStartState: make(map[string]*TokensStartState),
+	}
+}
+
+// NextTokensInContext computes and returns the set of valid tokens that can occur starting
+// in state s. If ctx is nil, the set of tokens will not include what can follow
+// the rule surrounding s. In other words, the set will be restricted to tokens
+// reachable staying within the rule of s.
+func (a *ATN) NextTokensInContext(s ATNState, ctx RuleContext) *IntervalSet {
+	return NewLL1Analyzer(a).Look(s, nil, ctx)
+}
+
+// NextTokensNoContext computes and returns the set of valid tokens that can occur starting
+// in state s and staying in same rule. [antlr.Token.EPSILON] is in set if we reach end of
+// rule.
+func (a *ATN) NextTokensNoContext(s ATNState) *IntervalSet {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+	iset := s.GetNextTokenWithinRule()
+	if iset == nil {
+		iset = a.NextTokensInContext(s, nil)
+		iset.readOnly = true
+		s.SetNextTokenWithinRule(iset)
+	}
+	return iset
+}
+
+// NextTokens computes and returns the set of valid tokens starting in state s, by
+// calling either [NextTokensNoContext] (ctx == nil)  or [NextTokensInContext] (ctx != nil).
+func (a *ATN) NextTokens(s ATNState, ctx RuleContext) *IntervalSet {
+	if ctx == nil {
+		return a.NextTokensNoContext(s)
+	}
+
+	return a.NextTokensInContext(s, ctx)
+}
+
+func (a *ATN) addState(state ATNState) {
+	if state != nil {
+		state.SetATN(a)
+		state.SetStateNumber(len(a.states))
+	}
+
+	a.states = append(a.states, state)
+}
+
+func (a *ATN) removeState(state ATNState) {
+	a.states[state.GetStateNumber()] = nil // Just free the memory; don't shift states in the slice
+}
+
+func (a *ATN) defineDecisionState(s DecisionState) int {
+	a.DecisionToState = append(a.DecisionToState, s)
+	s.setDecision(len(a.DecisionToState) - 1)
+
+	return s.getDecision()
+}
+
+func (a *ATN) getDecisionState(decision int) DecisionState {
+	if len(a.DecisionToState) == 0 {
+		return nil
+	}
+
+	return a.DecisionToState[decision]
+}
+
+// getExpectedTokens computes the set of input symbols which could follow ATN
+// state number stateNumber in the specified full parse context ctx and returns
+// the set of potentially valid input symbols which could follow the specified
+// state in the specified context. This method considers the complete parser
+// context, but does not evaluate semantic predicates (i.e. all predicates
+// encountered during the calculation are assumed true). If a path in the ATN
+// exists from the starting state to the RuleStopState of the outermost context
+// without Matching any symbols, Token.EOF is added to the returned set.
+//
+// A nil ctx defaults to ParserRuleContext.EMPTY.
+//
+// It panics if the ATN does not contain state stateNumber.
+func (a *ATN) getExpectedTokens(stateNumber int, ctx RuleContext) *IntervalSet {
+	if stateNumber < 0 || stateNumber >= len(a.states) {
+		panic("Invalid state number.")
+	}
+
+	s := a.states[stateNumber]
+	following := a.NextTokens(s, nil)
+
+	if !following.contains(TokenEpsilon) {
+		return following
+	}
+
+	expected := NewIntervalSet()
+
+	expected.addSet(following)
+	expected.removeOne(TokenEpsilon)
+
+	for ctx != nil && ctx.GetInvokingState() >= 0 && following.contains(TokenEpsilon) {
+		invokingState := a.states[ctx.GetInvokingState()]
+		rt := invokingState.GetTransitions()[0]
+
+		following = a.NextTokens(rt.(*RuleTransition).followState, nil)
+		expected.addSet(following)
+		expected.removeOne(TokenEpsilon)
+		ctx = ctx.GetParent().(RuleContext)
+	}
+
+	if following.contains(TokenEpsilon) {
+		expected.addOne(TokenEOF)
+	}
+
+	return expected
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_config.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_config.go
@ -0,0 +1,335 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+)
+
+const (
+	lexerConfig  = iota // Indicates that this ATNConfig is for a lexer
+	parserConfig        // Indicates that this ATNConfig is for a parser
+)
+
+// ATNConfig is a tuple: (ATN state, predicted alt, syntactic, semantic
+// context). The syntactic context is a graph-structured stack node whose
+// path(s) to the root is the rule invocation(s) chain used to arrive in the
+// state. The semantic context is the tree of semantic predicates encountered
+// before reaching an ATN state.
+type ATNConfig struct {
+	precedenceFilterSuppressed     bool
+	state                          ATNState
+	alt                            int
+	context                        *PredictionContext
+	semanticContext                SemanticContext
+	reachesIntoOuterContext        int
+	cType                          int // lexerConfig or parserConfig
+	lexerActionExecutor            *LexerActionExecutor
+	passedThroughNonGreedyDecision bool
+}
+
+// NewATNConfig6 creates a new ATNConfig instance given a state, alt and context only
+func NewATNConfig6(state ATNState, alt int, context *PredictionContext) *ATNConfig {
+	return NewATNConfig5(state, alt, context, SemanticContextNone)
+}
+
+// NewATNConfig5 creates a new ATNConfig instance given a state, alt, context and semantic context
+func NewATNConfig5(state ATNState, alt int, context *PredictionContext, semanticContext SemanticContext) *ATNConfig {
+	if semanticContext == nil {
+		panic("semanticContext cannot be nil") // TODO: Necessary?
+	}
+
+	pac := &ATNConfig{}
+	pac.state = state
+	pac.alt = alt
+	pac.context = context
+	pac.semanticContext = semanticContext
+	pac.cType = parserConfig
+	return pac
+}
+
+// NewATNConfig4 creates a new ATNConfig instance given an existing config, and a state only
+func NewATNConfig4(c *ATNConfig, state ATNState) *ATNConfig {
+	return NewATNConfig(c, state, c.GetContext(), c.GetSemanticContext())
+}
+
+// NewATNConfig3 creates a new ATNConfig instance given an existing config, a state and a semantic context
+func NewATNConfig3(c *ATNConfig, state ATNState, semanticContext SemanticContext) *ATNConfig {
+	return NewATNConfig(c, state, c.GetContext(), semanticContext)
+}
+
+// NewATNConfig2 creates a new ATNConfig instance given an existing config, and a context only
+func NewATNConfig2(c *ATNConfig, semanticContext SemanticContext) *ATNConfig {
+	return NewATNConfig(c, c.GetState(), c.GetContext(), semanticContext)
+}
+
+// NewATNConfig1 creates a new ATNConfig instance given an existing config, a state, and a context only
+func NewATNConfig1(c *ATNConfig, state ATNState, context *PredictionContext) *ATNConfig {
+	return NewATNConfig(c, state, context, c.GetSemanticContext())
+}
+
+// NewATNConfig creates a new ATNConfig instance given an existing config, a state, a context and a semantic context, other 'constructors'
+// are just wrappers around this one.
+func NewATNConfig(c *ATNConfig, state ATNState, context *PredictionContext, semanticContext SemanticContext) *ATNConfig {
+	if semanticContext == nil {
+		panic("semanticContext cannot be nil") // TODO: Remove this - probably put here for some bug that is now fixed
+	}
+	b := &ATNConfig{}
+	b.InitATNConfig(c, state, c.GetAlt(), context, semanticContext)
+	b.cType = parserConfig
+	return b
+}
+
+func (a *ATNConfig) InitATNConfig(c *ATNConfig, state ATNState, alt int, context *PredictionContext, semanticContext SemanticContext) {
+
+	a.state = state
+	a.alt = alt
+	a.context = context
+	a.semanticContext = semanticContext
+	a.reachesIntoOuterContext = c.GetReachesIntoOuterContext()
+	a.precedenceFilterSuppressed = c.getPrecedenceFilterSuppressed()
+}
+
+func (a *ATNConfig) getPrecedenceFilterSuppressed() bool {
+	return a.precedenceFilterSuppressed
+}
+
+func (a *ATNConfig) setPrecedenceFilterSuppressed(v bool) {
+	a.precedenceFilterSuppressed = v
+}
+
+// GetState returns the ATN state associated with this configuration
+func (a *ATNConfig) GetState() ATNState {
+	return a.state
+}
+
+// GetAlt returns the alternative associated with this configuration
+func (a *ATNConfig) GetAlt() int {
+	return a.alt
+}
+
+// SetContext sets the rule invocation stack associated with this configuration
+func (a *ATNConfig) SetContext(v *PredictionContext) {
+	a.context = v
+}
+
+// GetContext returns the rule invocation stack associated with this configuration
+func (a *ATNConfig) GetContext() *PredictionContext {
+	return a.context
+}
+
+// GetSemanticContext returns the semantic context associated with this configuration
+func (a *ATNConfig) GetSemanticContext() SemanticContext {
+	return a.semanticContext
+}
+
+// GetReachesIntoOuterContext returns the count of references to an outer context from this configuration
+func (a *ATNConfig) GetReachesIntoOuterContext() int {
+	return a.reachesIntoOuterContext
+}
+
+// SetReachesIntoOuterContext sets the count of references to an outer context from this configuration
+func (a *ATNConfig) SetReachesIntoOuterContext(v int) {
+	a.reachesIntoOuterContext = v
+}
+
+// Equals is the default comparison function for an ATNConfig when no specialist implementation is required
+// for a collection.
+//
+// An ATN configuration is equal to another if both have the same state, they
+// predict the same alternative, and syntactic/semantic contexts are the same.
+func (a *ATNConfig) Equals(o Collectable[*ATNConfig]) bool {
+	switch a.cType {
+	case lexerConfig:
+		return a.LEquals(o)
+	case parserConfig:
+		return a.PEquals(o)
+	default:
+		panic("Invalid ATNConfig type")
+	}
+}
+
+// PEquals is the default comparison function for a Parser ATNConfig when no specialist implementation is required
+// for a collection.
+//
+// An ATN configuration is equal to another if both have the same state, they
+// predict the same alternative, and syntactic/semantic contexts are the same.
+func (a *ATNConfig) PEquals(o Collectable[*ATNConfig]) bool {
+	var other, ok = o.(*ATNConfig)
+
+	if !ok {
+		return false
+	}
+	if a == other {
+		return true
+	} else if other == nil {
+		return false
+	}
+
+	var equal bool
+
+	if a.context == nil {
+		equal = other.context == nil
+	} else {
+		equal = a.context.Equals(other.context)
+	}
+
+	var (
+		nums = a.state.GetStateNumber() == other.state.GetStateNumber()
+		alts = a.alt == other.alt
+		cons = a.semanticContext.Equals(other.semanticContext)
+		sups = a.precedenceFilterSuppressed == other.precedenceFilterSuppressed
+	)
+
+	return nums && alts && cons && sups && equal
+}
+
+// Hash is the default hash function for a parser ATNConfig, when no specialist hash function
+// is required for a collection
+func (a *ATNConfig) Hash() int {
+	switch a.cType {
+	case lexerConfig:
+		return a.LHash()
+	case parserConfig:
+		return a.PHash()
+	default:
+		panic("Invalid ATNConfig type")
+	}
+}
+
+// PHash is the default hash function for a parser ATNConfig, when no specialist hash function
+// is required for a collection
+func (a *ATNConfig) PHash() int {
+	var c int
+	if a.context != nil {
+		c = a.context.Hash()
+	}
+
+	h := murmurInit(7)
+	h = murmurUpdate(h, a.state.GetStateNumber())
+	h = murmurUpdate(h, a.alt)
+	h = murmurUpdate(h, c)
+	h = murmurUpdate(h, a.semanticContext.Hash())
+	return murmurFinish(h, 4)
+}
+
+// String returns a string representation of the ATNConfig, usually used for debugging purposes
+func (a *ATNConfig) String() string {
+	var s1, s2, s3 string
+
+	if a.context != nil {
+		s1 = ",[" + fmt.Sprint(a.context) + "]"
+	}
+
+	if a.semanticContext != SemanticContextNone {
+		s2 = "," + fmt.Sprint(a.semanticContext)
+	}
+
+	if a.reachesIntoOuterContext > 0 {
+		s3 = ",up=" + fmt.Sprint(a.reachesIntoOuterContext)
+	}
+
+	return fmt.Sprintf("(%v,%v%v%v%v)", a.state, a.alt, s1, s2, s3)
+}
+
+func NewLexerATNConfig6(state ATNState, alt int, context *PredictionContext) *ATNConfig {
+	lac := &ATNConfig{}
+	lac.state = state
+	lac.alt = alt
+	lac.context = context
+	lac.semanticContext = SemanticContextNone
+	lac.cType = lexerConfig
+	return lac
+}
+
+func NewLexerATNConfig4(c *ATNConfig, state ATNState) *ATNConfig {
+	lac := &ATNConfig{}
+	lac.lexerActionExecutor = c.lexerActionExecutor
+	lac.passedThroughNonGreedyDecision = checkNonGreedyDecision(c, state)
+	lac.InitATNConfig(c, state, c.GetAlt(), c.GetContext(), c.GetSemanticContext())
+	lac.cType = lexerConfig
+	return lac
+}
+
+func NewLexerATNConfig3(c *ATNConfig, state ATNState, lexerActionExecutor *LexerActionExecutor) *ATNConfig {
+	lac := &ATNConfig{}
+	lac.lexerActionExecutor = lexerActionExecutor
+	lac.passedThroughNonGreedyDecision = checkNonGreedyDecision(c, state)
+	lac.InitATNConfig(c, state, c.GetAlt(), c.GetContext(), c.GetSemanticContext())
+	lac.cType = lexerConfig
+	return lac
+}
+
+func NewLexerATNConfig2(c *ATNConfig, state ATNState, context *PredictionContext) *ATNConfig {
+	lac := &ATNConfig{}
+	lac.lexerActionExecutor = c.lexerActionExecutor
+	lac.passedThroughNonGreedyDecision = checkNonGreedyDecision(c, state)
+	lac.InitATNConfig(c, state, c.GetAlt(), context, c.GetSemanticContext())
+	lac.cType = lexerConfig
+	return lac
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewLexerATNConfig1(state ATNState, alt int, context *PredictionContext) *ATNConfig {
+	lac := &ATNConfig{}
+	lac.state = state
+	lac.alt = alt
+	lac.context = context
+	lac.semanticContext = SemanticContextNone
+	lac.cType = lexerConfig
+	return lac
+}
+
+// LHash is the default hash function for Lexer ATNConfig objects, it can be used directly or via
+// the default comparator [ObjEqComparator].
+func (a *ATNConfig) LHash() int {
+	var f int
+	if a.passedThroughNonGreedyDecision {
+		f = 1
+	} else {
+		f = 0
+	}
+	h := murmurInit(7)
+	h = murmurUpdate(h, a.state.GetStateNumber())
+	h = murmurUpdate(h, a.alt)
+	h = murmurUpdate(h, a.context.Hash())
+	h = murmurUpdate(h, a.semanticContext.Hash())
+	h = murmurUpdate(h, f)
+	h = murmurUpdate(h, a.lexerActionExecutor.Hash())
+	h = murmurFinish(h, 6)
+	return h
+}
+
+// LEquals is the default comparison function for Lexer ATNConfig objects, it can be used directly or via
+// the default comparator [ObjEqComparator].
+func (a *ATNConfig) LEquals(other Collectable[*ATNConfig]) bool {
+	var otherT, ok = other.(*ATNConfig)
+	if !ok {
+		return false
+	} else if a == otherT {
+		return true
+	} else if a.passedThroughNonGreedyDecision != otherT.passedThroughNonGreedyDecision {
+		return false
+	}
+
+	switch {
+	case a.lexerActionExecutor == nil && otherT.lexerActionExecutor == nil:
+		return true
+	case a.lexerActionExecutor != nil && otherT.lexerActionExecutor != nil:
+		if !a.lexerActionExecutor.Equals(otherT.lexerActionExecutor) {
+			return false
+		}
+	default:
+		return false // One but not both, are nil
+	}
+
+	return a.PEquals(otherT)
+}
+
+func checkNonGreedyDecision(source *ATNConfig, target ATNState) bool {
+	var ds, ok = target.(DecisionState)
+
+	return source.passedThroughNonGreedyDecision || (ok && ds.getNonGreedy())
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_config_set.go
@ -0,0 +1,301 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+)
+
+// ATNConfigSet is a specialized set of ATNConfig that tracks information
+// about its elements and can combine similar configurations using a
+// graph-structured stack.
+type ATNConfigSet struct {
+	cachedHash int
+
+	// configLookup is used to determine whether two ATNConfigSets are equal. We
+	// need all configurations with the same (s, i, _, semctx) to be equal. A key
+	// effectively doubles the number of objects associated with ATNConfigs. All
+	// keys are hashed by (s, i, _, pi), not including the context. Wiped out when
+	// read-only because a set becomes a DFA state.
+	configLookup *JStore[*ATNConfig, Comparator[*ATNConfig]]
+
+	// configs is the added elements that did not match an existing key in configLookup
+	configs []*ATNConfig
+
+	// TODO: These fields make me pretty uncomfortable, but it is nice to pack up
+	// info together because it saves re-computation. Can we track conflicts as they
+	// are added to save scanning configs later?
+	conflictingAlts *BitSet
+
+	// dipsIntoOuterContext is used by parsers and lexers. In a lexer, it indicates
+	// we hit a pred while computing a closure operation. Do not make a DFA state
+	// from the ATNConfigSet in this case. TODO: How is this used by parsers?
+	dipsIntoOuterContext bool
+
+	// fullCtx is whether it is part of a full context LL prediction. Used to
+	// determine how to merge $. It is a wildcard with SLL, but not for an LL
+	// context merge.
+	fullCtx bool
+
+	// Used in parser and lexer. In lexer, it indicates we hit a pred
+	// while computing a closure operation. Don't make a DFA state from this set.
+	hasSemanticContext bool
+
+	// readOnly is whether it is read-only. Do not
+	// allow any code to manipulate the set if true because DFA states will point at
+	// sets and those must not change. It not, protect other fields; conflictingAlts
+	// in particular, which is assigned after readOnly.
+	readOnly bool
+
+	// TODO: These fields make me pretty uncomfortable, but it is nice to pack up
+	// info together because it saves re-computation. Can we track conflicts as they
+	// are added to save scanning configs later?
+	uniqueAlt int
+}
+
+// Alts returns the combined set of alts for all the configurations in this set.
+func (b *ATNConfigSet) Alts() *BitSet {
+	alts := NewBitSet()
+	for _, it := range b.configs {
+		alts.add(it.GetAlt())
+	}
+	return alts
+}
+
+// NewATNConfigSet creates a new ATNConfigSet instance.
+func NewATNConfigSet(fullCtx bool) *ATNConfigSet {
+	return &ATNConfigSet{
+		cachedHash:   -1,
+		configLookup: NewJStore[*ATNConfig, Comparator[*ATNConfig]](aConfCompInst, ATNConfigLookupCollection, "NewATNConfigSet()"),
+		fullCtx:      fullCtx,
+	}
+}
+
+// Add merges contexts with existing configs for (s, i, pi, _),
+// where 's' is the ATNConfig.state, 'i' is the ATNConfig.alt, and
+// 'pi' is the [ATNConfig].semanticContext.
+//
+// We use (s,i,pi) as the key.
+// Updates dipsIntoOuterContext and hasSemanticContext when necessary.
+func (b *ATNConfigSet) Add(config *ATNConfig, mergeCache *JPCMap) bool {
+	if b.readOnly {
+		panic("set is read-only")
+	}
+
+	if config.GetSemanticContext() != SemanticContextNone {
+		b.hasSemanticContext = true
+	}
+
+	if config.GetReachesIntoOuterContext() > 0 {
+		b.dipsIntoOuterContext = true
+	}
+
+	existing, present := b.configLookup.Put(config)
+
+	// The config was not already in the set
+	//
+	if !present {
+		b.cachedHash = -1
+		b.configs = append(b.configs, config) // Track order here
+		return true
+	}
+
+	// Merge a previous (s, i, pi, _) with it and save the result
+	rootIsWildcard := !b.fullCtx
+	merged := merge(existing.GetContext(), config.GetContext(), rootIsWildcard, mergeCache)
+
+	// No need to check for existing.context because config.context is in the cache,
+	// since the only way to create new graphs is the "call rule" and here. We cache
+	// at both places.
+	existing.SetReachesIntoOuterContext(intMax(existing.GetReachesIntoOuterContext(), config.GetReachesIntoOuterContext()))
+
+	// Preserve the precedence filter suppression during the merge
+	if config.getPrecedenceFilterSuppressed() {
+		existing.setPrecedenceFilterSuppressed(true)
+	}
+
+	// Replace the context because there is no need to do alt mapping
+	existing.SetContext(merged)
+
+	return true
+}
+
+// GetStates returns the set of states represented by all configurations in this config set
+func (b *ATNConfigSet) GetStates() *JStore[ATNState, Comparator[ATNState]] {
+
+	// states uses the standard comparator and Hash() provided by the ATNState instance
+	//
+	states := NewJStore[ATNState, Comparator[ATNState]](aStateEqInst, ATNStateCollection, "ATNConfigSet.GetStates()")
+
+	for i := 0; i < len(b.configs); i++ {
+		states.Put(b.configs[i].GetState())
+	}
+
+	return states
+}
+
+func (b *ATNConfigSet) GetPredicates() []SemanticContext {
+	predicates := make([]SemanticContext, 0)
+
+	for i := 0; i < len(b.configs); i++ {
+		c := b.configs[i].GetSemanticContext()
+
+		if c != SemanticContextNone {
+			predicates = append(predicates, c)
+		}
+	}
+
+	return predicates
+}
+
+func (b *ATNConfigSet) OptimizeConfigs(interpreter *BaseATNSimulator) {
+	if b.readOnly {
+		panic("set is read-only")
+	}
+
+	// Empty indicate no optimization is possible
+	if b.configLookup == nil || b.configLookup.Len() == 0 {
+		return
+	}
+
+	for i := 0; i < len(b.configs); i++ {
+		config := b.configs[i]
+		config.SetContext(interpreter.getCachedContext(config.GetContext()))
+	}
+}
+
+func (b *ATNConfigSet) AddAll(coll []*ATNConfig) bool {
+	for i := 0; i < len(coll); i++ {
+		b.Add(coll[i], nil)
+	}
+
+	return false
+}
+
+// Compare The configs are only equal if they are in the same order and their Equals function returns true.
+// Java uses ArrayList.equals(), which requires the same order.
+func (b *ATNConfigSet) Compare(bs *ATNConfigSet) bool {
+	if len(b.configs) != len(bs.configs) {
+		return false
+	}
+	for i := 0; i < len(b.configs); i++ {
+		if !b.configs[i].Equals(bs.configs[i]) {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b *ATNConfigSet) Equals(other Collectable[ATNConfig]) bool {
+	if b == other {
+		return true
+	} else if _, ok := other.(*ATNConfigSet); !ok {
+		return false
+	}
+
+	other2 := other.(*ATNConfigSet)
+	var eca bool
+	switch {
+	case b.conflictingAlts == nil && other2.conflictingAlts == nil:
+		eca = true
+	case b.conflictingAlts != nil && other2.conflictingAlts != nil:
+		eca = b.conflictingAlts.equals(other2.conflictingAlts)
+	}
+	return b.configs != nil &&
+		b.fullCtx == other2.fullCtx &&
+		b.uniqueAlt == other2.uniqueAlt &&
+		eca &&
+		b.hasSemanticContext == other2.hasSemanticContext &&
+		b.dipsIntoOuterContext == other2.dipsIntoOuterContext &&
+		b.Compare(other2)
+}
+
+func (b *ATNConfigSet) Hash() int {
+	if b.readOnly {
+		if b.cachedHash == -1 {
+			b.cachedHash = b.hashCodeConfigs()
+		}
+
+		return b.cachedHash
+	}
+
+	return b.hashCodeConfigs()
+}
+
+func (b *ATNConfigSet) hashCodeConfigs() int {
+	h := 1
+	for _, config := range b.configs {
+		h = 31*h + config.Hash()
+	}
+	return h
+}
+
+func (b *ATNConfigSet) Contains(item *ATNConfig) bool {
+	if b.readOnly {
+		panic("not implemented for read-only sets")
+	}
+	if b.configLookup == nil {
+		return false
+	}
+	return b.configLookup.Contains(item)
+}
+
+func (b *ATNConfigSet) ContainsFast(item *ATNConfig) bool {
+	return b.Contains(item)
+}
+
+func (b *ATNConfigSet) Clear() {
+	if b.readOnly {
+		panic("set is read-only")
+	}
+	b.configs = make([]*ATNConfig, 0)
+	b.cachedHash = -1
+	b.configLookup = NewJStore[*ATNConfig, Comparator[*ATNConfig]](aConfCompInst, ATNConfigLookupCollection, "NewATNConfigSet()")
+}
+
+func (b *ATNConfigSet) String() string {
+
+	s := "["
+
+	for i, c := range b.configs {
+		s += c.String()
+
+		if i != len(b.configs)-1 {
+			s += ", "
+		}
+	}
+
+	s += "]"
+
+	if b.hasSemanticContext {
+		s += ",hasSemanticContext=" + fmt.Sprint(b.hasSemanticContext)
+	}
+
+	if b.uniqueAlt != ATNInvalidAltNumber {
+		s += ",uniqueAlt=" + fmt.Sprint(b.uniqueAlt)
+	}
+
+	if b.conflictingAlts != nil {
+		s += ",conflictingAlts=" + b.conflictingAlts.String()
+	}
+
+	if b.dipsIntoOuterContext {
+		s += ",dipsIntoOuterContext"
+	}
+
+	return s
+}
+
+// NewOrderedATNConfigSet creates a config set with a slightly different Hash/Equal pair
+// for use in lexers.
+func NewOrderedATNConfigSet() *ATNConfigSet {
+	return &ATNConfigSet{
+		cachedHash: -1,
+		// This set uses the standard Hash() and Equals() from ATNConfig
+		configLookup: NewJStore[*ATNConfig, Comparator[*ATNConfig]](aConfEqInst, ATNConfigCollection, "ATNConfigSet.NewOrderedATNConfigSet()"),
+		fullCtx:      false,
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_deserialization_options.go
@ -0,0 +1,62 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import "errors"
+
+var defaultATNDeserializationOptions = ATNDeserializationOptions{true, true, false}
+
+type ATNDeserializationOptions struct {
+	readOnly                      bool
+	verifyATN                     bool
+	generateRuleBypassTransitions bool
+}
+
+func (opts *ATNDeserializationOptions) ReadOnly() bool {
+	return opts.readOnly
+}
+
+func (opts *ATNDeserializationOptions) SetReadOnly(readOnly bool) {
+	if opts.readOnly {
+		panic(errors.New("cannot mutate read only ATNDeserializationOptions"))
+	}
+	opts.readOnly = readOnly
+}
+
+func (opts *ATNDeserializationOptions) VerifyATN() bool {
+	return opts.verifyATN
+}
+
+func (opts *ATNDeserializationOptions) SetVerifyATN(verifyATN bool) {
+	if opts.readOnly {
+		panic(errors.New("cannot mutate read only ATNDeserializationOptions"))
+	}
+	opts.verifyATN = verifyATN
+}
+
+func (opts *ATNDeserializationOptions) GenerateRuleBypassTransitions() bool {
+	return opts.generateRuleBypassTransitions
+}
+
+func (opts *ATNDeserializationOptions) SetGenerateRuleBypassTransitions(generateRuleBypassTransitions bool) {
+	if opts.readOnly {
+		panic(errors.New("cannot mutate read only ATNDeserializationOptions"))
+	}
+	opts.generateRuleBypassTransitions = generateRuleBypassTransitions
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func DefaultATNDeserializationOptions() *ATNDeserializationOptions {
+	return NewATNDeserializationOptions(&defaultATNDeserializationOptions)
+}
+
+func NewATNDeserializationOptions(other *ATNDeserializationOptions) *ATNDeserializationOptions {
+	o := new(ATNDeserializationOptions)
+	if other != nil {
+		*o = *other
+		o.readOnly = false
+	}
+	return o
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_deserializer.go
@ -0,0 +1,684 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"strconv"
+)
+
+const serializedVersion = 4
+
+type loopEndStateIntPair struct {
+	item0 *LoopEndState
+	item1 int
+}
+
+type blockStartStateIntPair struct {
+	item0 BlockStartState
+	item1 int
+}
+
+type ATNDeserializer struct {
+	options *ATNDeserializationOptions
+	data    []int32
+	pos     int
+}
+
+func NewATNDeserializer(options *ATNDeserializationOptions) *ATNDeserializer {
+	if options == nil {
+		options = &defaultATNDeserializationOptions
+	}
+
+	return &ATNDeserializer{options: options}
+}
+
+//goland:noinspection GoUnusedFunction
+func stringInSlice(a string, list []string) int {
+	for i, b := range list {
+		if b == a {
+			return i
+		}
+	}
+
+	return -1
+}
+
+func (a *ATNDeserializer) Deserialize(data []int32) *ATN {
+	a.data = data
+	a.pos = 0
+	a.checkVersion()
+
+	atn := a.readATN()
+
+	a.readStates(atn)
+	a.readRules(atn)
+	a.readModes(atn)
+
+	sets := a.readSets(atn, nil)
+
+	a.readEdges(atn, sets)
+	a.readDecisions(atn)
+	a.readLexerActions(atn)
+	a.markPrecedenceDecisions(atn)
+	a.verifyATN(atn)
+
+	if a.options.GenerateRuleBypassTransitions() && atn.grammarType == ATNTypeParser {
+		a.generateRuleBypassTransitions(atn)
+		// Re-verify after modification
+		a.verifyATN(atn)
+	}
+
+	return atn
+
+}
+
+func (a *ATNDeserializer) checkVersion() {
+	version := a.readInt()
+
+	if version != serializedVersion {
+		panic("Could not deserialize ATN with version " + strconv.Itoa(version) + " (expected " + strconv.Itoa(serializedVersion) + ").")
+	}
+}
+
+func (a *ATNDeserializer) readATN() *ATN {
+	grammarType := a.readInt()
+	maxTokenType := a.readInt()
+
+	return NewATN(grammarType, maxTokenType)
+}
+
+func (a *ATNDeserializer) readStates(atn *ATN) {
+	nstates := a.readInt()
+
+	// Allocate worst case size.
+	loopBackStateNumbers := make([]loopEndStateIntPair, 0, nstates)
+	endStateNumbers := make([]blockStartStateIntPair, 0, nstates)
+
+	// Preallocate states slice.
+	atn.states = make([]ATNState, 0, nstates)
+
+	for i := 0; i < nstates; i++ {
+		stype := a.readInt()
+
+		// Ignore bad types of states
+		if stype == ATNStateInvalidType {
+			atn.addState(nil)
+			continue
+		}
+
+		ruleIndex := a.readInt()
+
+		s := a.stateFactory(stype, ruleIndex)
+
+		if stype == ATNStateLoopEnd {
+			loopBackStateNumber := a.readInt()
+
+			loopBackStateNumbers = append(loopBackStateNumbers, loopEndStateIntPair{s.(*LoopEndState), loopBackStateNumber})
+		} else if s2, ok := s.(BlockStartState); ok {
+			endStateNumber := a.readInt()
+
+			endStateNumbers = append(endStateNumbers, blockStartStateIntPair{s2, endStateNumber})
+		}
+
+		atn.addState(s)
+	}
+
+	// Delay the assignment of loop back and end states until we know all the state
+	// instances have been initialized
+	for _, pair := range loopBackStateNumbers {
+		pair.item0.loopBackState = atn.states[pair.item1]
+	}
+
+	for _, pair := range endStateNumbers {
+		pair.item0.setEndState(atn.states[pair.item1].(*BlockEndState))
+	}
+
+	numNonGreedyStates := a.readInt()
+	for j := 0; j < numNonGreedyStates; j++ {
+		stateNumber := a.readInt()
+
+		atn.states[stateNumber].(DecisionState).setNonGreedy(true)
+	}
+
+	numPrecedenceStates := a.readInt()
+	for j := 0; j < numPrecedenceStates; j++ {
+		stateNumber := a.readInt()
+
+		atn.states[stateNumber].(*RuleStartState).isPrecedenceRule = true
+	}
+}
+
+func (a *ATNDeserializer) readRules(atn *ATN) {
+	nrules := a.readInt()
+
+	if atn.grammarType == ATNTypeLexer {
+		atn.ruleToTokenType = make([]int, nrules)
+	}
+
+	atn.ruleToStartState = make([]*RuleStartState, nrules)
+
+	for i := range atn.ruleToStartState {
+		s := a.readInt()
+		startState := atn.states[s].(*RuleStartState)
+
+		atn.ruleToStartState[i] = startState
+
+		if atn.grammarType == ATNTypeLexer {
+			tokenType := a.readInt()
+
+			atn.ruleToTokenType[i] = tokenType
+		}
+	}
+
+	atn.ruleToStopState = make([]*RuleStopState, nrules)
+
+	for _, state := range atn.states {
+		if s2, ok := state.(*RuleStopState); ok {
+			atn.ruleToStopState[s2.ruleIndex] = s2
+			atn.ruleToStartState[s2.ruleIndex].stopState = s2
+		}
+	}
+}
+
+func (a *ATNDeserializer) readModes(atn *ATN) {
+	nmodes := a.readInt()
+	atn.modeToStartState = make([]*TokensStartState, nmodes)
+
+	for i := range atn.modeToStartState {
+		s := a.readInt()
+
+		atn.modeToStartState[i] = atn.states[s].(*TokensStartState)
+	}
+}
+
+func (a *ATNDeserializer) readSets(_ *ATN, sets []*IntervalSet) []*IntervalSet {
+	m := a.readInt()
+
+	// Preallocate the needed capacity.
+	if cap(sets)-len(sets) < m {
+		isets := make([]*IntervalSet, len(sets), len(sets)+m)
+		copy(isets, sets)
+		sets = isets
+	}
+
+	for i := 0; i < m; i++ {
+		iset := NewIntervalSet()
+
+		sets = append(sets, iset)
+
+		n := a.readInt()
+		containsEOF := a.readInt()
+
+		if containsEOF != 0 {
+			iset.addOne(-1)
+		}
+
+		for j := 0; j < n; j++ {
+			i1 := a.readInt()
+			i2 := a.readInt()
+
+			iset.addRange(i1, i2)
+		}
+	}
+
+	return sets
+}
+
+func (a *ATNDeserializer) readEdges(atn *ATN, sets []*IntervalSet) {
+	nedges := a.readInt()
+
+	for i := 0; i < nedges; i++ {
+		var (
+			src      = a.readInt()
+			trg      = a.readInt()
+			ttype    = a.readInt()
+			arg1     = a.readInt()
+			arg2     = a.readInt()
+			arg3     = a.readInt()
+			trans    = a.edgeFactory(atn, ttype, src, trg, arg1, arg2, arg3, sets)
+			srcState = atn.states[src]
+		)
+
+		srcState.AddTransition(trans, -1)
+	}
+
+	// Edges for rule stop states can be derived, so they are not serialized
+	for _, state := range atn.states {
+		for _, t := range state.GetTransitions() {
+			var rt, ok = t.(*RuleTransition)
+
+			if !ok {
+				continue
+			}
+
+			outermostPrecedenceReturn := -1
+
+			if atn.ruleToStartState[rt.getTarget().GetRuleIndex()].isPrecedenceRule {
+				if rt.precedence == 0 {
+					outermostPrecedenceReturn = rt.getTarget().GetRuleIndex()
+				}
+			}
+
+			trans := NewEpsilonTransition(rt.followState, outermostPrecedenceReturn)
+
+			atn.ruleToStopState[rt.getTarget().GetRuleIndex()].AddTransition(trans, -1)
+		}
+	}
+
+	for _, state := range atn.states {
+		if s2, ok := state.(BlockStartState); ok {
+			// We need to know the end state to set its start state
+			if s2.getEndState() == nil {
+				panic("IllegalState")
+			}
+
+			// Block end states can only be associated to a single block start state
+			if s2.getEndState().startState != nil {
+				panic("IllegalState")
+			}
+
+			s2.getEndState().startState = state
+		}
+
+		if s2, ok := state.(*PlusLoopbackState); ok {
+			for _, t := range s2.GetTransitions() {
+				if t2, ok := t.getTarget().(*PlusBlockStartState); ok {
+					t2.loopBackState = state
+				}
+			}
+		} else if s2, ok := state.(*StarLoopbackState); ok {
+			for _, t := range s2.GetTransitions() {
+				if t2, ok := t.getTarget().(*StarLoopEntryState); ok {
+					t2.loopBackState = state
+				}
+			}
+		}
+	}
+}
+
+func (a *ATNDeserializer) readDecisions(atn *ATN) {
+	ndecisions := a.readInt()
+
+	for i := 0; i < ndecisions; i++ {
+		s := a.readInt()
+		decState := atn.states[s].(DecisionState)
+
+		atn.DecisionToState = append(atn.DecisionToState, decState)
+		decState.setDecision(i)
+	}
+}
+
+func (a *ATNDeserializer) readLexerActions(atn *ATN) {
+	if atn.grammarType == ATNTypeLexer {
+		count := a.readInt()
+
+		atn.lexerActions = make([]LexerAction, count)
+
+		for i := range atn.lexerActions {
+			actionType := a.readInt()
+			data1 := a.readInt()
+			data2 := a.readInt()
+			atn.lexerActions[i] = a.lexerActionFactory(actionType, data1, data2)
+		}
+	}
+}
+
+func (a *ATNDeserializer) generateRuleBypassTransitions(atn *ATN) {
+	count := len(atn.ruleToStartState)
+
+	for i := 0; i < count; i++ {
+		atn.ruleToTokenType[i] = atn.maxTokenType + i + 1
+	}
+
+	for i := 0; i < count; i++ {
+		a.generateRuleBypassTransition(atn, i)
+	}
+}
+
+func (a *ATNDeserializer) generateRuleBypassTransition(atn *ATN, idx int) {
+	bypassStart := NewBasicBlockStartState()
+
+	bypassStart.ruleIndex = idx
+	atn.addState(bypassStart)
+
+	bypassStop := NewBlockEndState()
+
+	bypassStop.ruleIndex = idx
+	atn.addState(bypassStop)
+
+	bypassStart.endState = bypassStop
+
+	atn.defineDecisionState(&bypassStart.BaseDecisionState)
+
+	bypassStop.startState = bypassStart
+
+	var excludeTransition Transition
+	var endState ATNState
+
+	if atn.ruleToStartState[idx].isPrecedenceRule {
+		// Wrap from the beginning of the rule to the StarLoopEntryState
+		endState = nil
+
+		for i := 0; i < len(atn.states); i++ {
+			state := atn.states[i]
+
+			if a.stateIsEndStateFor(state, idx) != nil {
+				endState = state
+				excludeTransition = state.(*StarLoopEntryState).loopBackState.GetTransitions()[0]
+
+				break
+			}
+		}
+
+		if excludeTransition == nil {
+			panic("Couldn't identify final state of the precedence rule prefix section.")
+		}
+	} else {
+		endState = atn.ruleToStopState[idx]
+	}
+
+	// All non-excluded transitions that currently target end state need to target
+	// blockEnd instead
+	for i := 0; i < len(atn.states); i++ {
+		state := atn.states[i]
+
+		for j := 0; j < len(state.GetTransitions()); j++ {
+			transition := state.GetTransitions()[j]
+
+			if transition == excludeTransition {
+				continue
+			}
+
+			if transition.getTarget() == endState {
+				transition.setTarget(bypassStop)
+			}
+		}
+	}
+
+	// All transitions leaving the rule start state need to leave blockStart instead
+	ruleToStartState := atn.ruleToStartState[idx]
+	count := len(ruleToStartState.GetTransitions())
+
+	for count > 0 {
+		bypassStart.AddTransition(ruleToStartState.GetTransitions()[count-1], -1)
+		ruleToStartState.SetTransitions([]Transition{ruleToStartState.GetTransitions()[len(ruleToStartState.GetTransitions())-1]})
+	}
+
+	// Link the new states
+	atn.ruleToStartState[idx].AddTransition(NewEpsilonTransition(bypassStart, -1), -1)
+	bypassStop.AddTransition(NewEpsilonTransition(endState, -1), -1)
+
+	MatchState := NewBasicState()
+
+	atn.addState(MatchState)
+	MatchState.AddTransition(NewAtomTransition(bypassStop, atn.ruleToTokenType[idx]), -1)
+	bypassStart.AddTransition(NewEpsilonTransition(MatchState, -1), -1)
+}
+
+func (a *ATNDeserializer) stateIsEndStateFor(state ATNState, idx int) ATNState {
+	if state.GetRuleIndex() != idx {
+		return nil
+	}
+
+	if _, ok := state.(*StarLoopEntryState); !ok {
+		return nil
+	}
+
+	maybeLoopEndState := state.GetTransitions()[len(state.GetTransitions())-1].getTarget()
+
+	if _, ok := maybeLoopEndState.(*LoopEndState); !ok {
+		return nil
+	}
+
+	var _, ok = maybeLoopEndState.GetTransitions()[0].getTarget().(*RuleStopState)
+
+	if maybeLoopEndState.(*LoopEndState).epsilonOnlyTransitions && ok {
+		return state
+	}
+
+	return nil
+}
+
+// markPrecedenceDecisions analyzes the StarLoopEntryState states in the
+// specified ATN to set the StarLoopEntryState.precedenceRuleDecision field to
+// the correct value.
+func (a *ATNDeserializer) markPrecedenceDecisions(atn *ATN) {
+	for _, state := range atn.states {
+		if _, ok := state.(*StarLoopEntryState); !ok {
+			continue
+		}
+
+		// We analyze the [ATN] to determine if an ATN decision state is the
+		// decision for the closure block that determines whether a
+		// precedence rule should continue or complete.
+		if atn.ruleToStartState[state.GetRuleIndex()].isPrecedenceRule {
+			maybeLoopEndState := state.GetTransitions()[len(state.GetTransitions())-1].getTarget()
+
+			if s3, ok := maybeLoopEndState.(*LoopEndState); ok {
+				var _, ok2 = maybeLoopEndState.GetTransitions()[0].getTarget().(*RuleStopState)
+
+				if s3.epsilonOnlyTransitions && ok2 {
+					state.(*StarLoopEntryState).precedenceRuleDecision = true
+				}
+			}
+		}
+	}
+}
+
+func (a *ATNDeserializer) verifyATN(atn *ATN) {
+	if !a.options.VerifyATN() {
+		return
+	}
+
+	// Verify assumptions
+	for _, state := range atn.states {
+		if state == nil {
+			continue
+		}
+
+		a.checkCondition(state.GetEpsilonOnlyTransitions() || len(state.GetTransitions()) <= 1, "")
+
+		switch s2 := state.(type) {
+		case *PlusBlockStartState:
+			a.checkCondition(s2.loopBackState != nil, "")
+
+		case *StarLoopEntryState:
+			a.checkCondition(s2.loopBackState != nil, "")
+			a.checkCondition(len(s2.GetTransitions()) == 2, "")
+
+			switch s2.transitions[0].getTarget().(type) {
+			case *StarBlockStartState:
+				_, ok := s2.transitions[1].getTarget().(*LoopEndState)
+
+				a.checkCondition(ok, "")
+				a.checkCondition(!s2.nonGreedy, "")
+
+			case *LoopEndState:
+				var _, ok = s2.transitions[1].getTarget().(*StarBlockStartState)
+
+				a.checkCondition(ok, "")
+				a.checkCondition(s2.nonGreedy, "")
+
+			default:
+				panic("IllegalState")
+			}
+
+		case *StarLoopbackState:
+			a.checkCondition(len(state.GetTransitions()) == 1, "")
+
+			var _, ok = state.GetTransitions()[0].getTarget().(*StarLoopEntryState)
+
+			a.checkCondition(ok, "")
+
+		case *LoopEndState:
+			a.checkCondition(s2.loopBackState != nil, "")
+
+		case *RuleStartState:
+			a.checkCondition(s2.stopState != nil, "")
+
+		case BlockStartState:
+			a.checkCondition(s2.getEndState() != nil, "")
+
+		case *BlockEndState:
+			a.checkCondition(s2.startState != nil, "")
+
+		case DecisionState:
+			a.checkCondition(len(s2.GetTransitions()) <= 1 || s2.getDecision() >= 0, "")
+
+		default:
+			var _, ok = s2.(*RuleStopState)
+
+			a.checkCondition(len(s2.GetTransitions()) <= 1 || ok, "")
+		}
+	}
+}
+
+func (a *ATNDeserializer) checkCondition(condition bool, message string) {
+	if !condition {
+		if message == "" {
+			message = "IllegalState"
+		}
+
+		panic(message)
+	}
+}
+
+func (a *ATNDeserializer) readInt() int {
+	v := a.data[a.pos]
+
+	a.pos++
+
+	return int(v) // data is 32 bits but int is at least that big
+}
+
+func (a *ATNDeserializer) edgeFactory(atn *ATN, typeIndex, _, trg, arg1, arg2, arg3 int, sets []*IntervalSet) Transition {
+	target := atn.states[trg]
+
+	switch typeIndex {
+	case TransitionEPSILON:
+		return NewEpsilonTransition(target, -1)
+
+	case TransitionRANGE:
+		if arg3 != 0 {
+			return NewRangeTransition(target, TokenEOF, arg2)
+		}
+
+		return NewRangeTransition(target, arg1, arg2)
+
+	case TransitionRULE:
+		return NewRuleTransition(atn.states[arg1], arg2, arg3, target)
+
+	case TransitionPREDICATE:
+		return NewPredicateTransition(target, arg1, arg2, arg3 != 0)
+
+	case TransitionPRECEDENCE:
+		return NewPrecedencePredicateTransition(target, arg1)
+
+	case TransitionATOM:
+		if arg3 != 0 {
+			return NewAtomTransition(target, TokenEOF)
+		}
+
+		return NewAtomTransition(target, arg1)
+
+	case TransitionACTION:
+		return NewActionTransition(target, arg1, arg2, arg3 != 0)
+
+	case TransitionSET:
+		return NewSetTransition(target, sets[arg1])
+
+	case TransitionNOTSET:
+		return NewNotSetTransition(target, sets[arg1])
+
+	case TransitionWILDCARD:
+		return NewWildcardTransition(target)
+	}
+
+	panic("The specified transition type is not valid.")
+}
+
+func (a *ATNDeserializer) stateFactory(typeIndex, ruleIndex int) ATNState {
+	var s ATNState
+
+	switch typeIndex {
+	case ATNStateInvalidType:
+		return nil
+
+	case ATNStateBasic:
+		s = NewBasicState()
+
+	case ATNStateRuleStart:
+		s = NewRuleStartState()
+
+	case ATNStateBlockStart:
+		s = NewBasicBlockStartState()
+
+	case ATNStatePlusBlockStart:
+		s = NewPlusBlockStartState()
+
+	case ATNStateStarBlockStart:
+		s = NewStarBlockStartState()
+
+	case ATNStateTokenStart:
+		s = NewTokensStartState()
+
+	case ATNStateRuleStop:
+		s = NewRuleStopState()
+
+	case ATNStateBlockEnd:
+		s = NewBlockEndState()
+
+	case ATNStateStarLoopBack:
+		s = NewStarLoopbackState()
+
+	case ATNStateStarLoopEntry:
+		s = NewStarLoopEntryState()
+
+	case ATNStatePlusLoopBack:
+		s = NewPlusLoopbackState()
+
+	case ATNStateLoopEnd:
+		s = NewLoopEndState()
+
+	default:
+		panic(fmt.Sprintf("state type %d is invalid", typeIndex))
+	}
+
+	s.SetRuleIndex(ruleIndex)
+
+	return s
+}
+
+func (a *ATNDeserializer) lexerActionFactory(typeIndex, data1, data2 int) LexerAction {
+	switch typeIndex {
+	case LexerActionTypeChannel:
+		return NewLexerChannelAction(data1)
+
+	case LexerActionTypeCustom:
+		return NewLexerCustomAction(data1, data2)
+
+	case LexerActionTypeMode:
+		return NewLexerModeAction(data1)
+
+	case LexerActionTypeMore:
+		return LexerMoreActionINSTANCE
+
+	case LexerActionTypePopMode:
+		return LexerPopModeActionINSTANCE
+
+	case LexerActionTypePushMode:
+		return NewLexerPushModeAction(data1)
+
+	case LexerActionTypeSkip:
+		return LexerSkipActionINSTANCE
+
+	case LexerActionTypeType:
+		return NewLexerTypeAction(data1)
+
+	default:
+		panic(fmt.Sprintf("lexer action %d is invalid", typeIndex))
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_simulator.go
@ -0,0 +1,41 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+var ATNSimulatorError = NewDFAState(0x7FFFFFFF, NewATNConfigSet(false))
+
+type IATNSimulator interface {
+	SharedContextCache() *PredictionContextCache
+	ATN() *ATN
+	DecisionToDFA() []*DFA
+}
+
+type BaseATNSimulator struct {
+	atn                *ATN
+	sharedContextCache *PredictionContextCache
+	decisionToDFA      []*DFA
+}
+
+func (b *BaseATNSimulator) getCachedContext(context *PredictionContext) *PredictionContext {
+	if b.sharedContextCache == nil {
+		return context
+	}
+
+	//visited := NewJMap[*PredictionContext, *PredictionContext, Comparator[*PredictionContext]](pContextEqInst, PredictionVisitedCollection, "Visit map in getCachedContext()")
+	visited := NewVisitRecord()
+	return getCachedBasePredictionContext(context, b.sharedContextCache, visited)
+}
+
+func (b *BaseATNSimulator) SharedContextCache() *PredictionContextCache {
+	return b.sharedContextCache
+}
+
+func (b *BaseATNSimulator) ATN() *ATN {
+	return b.atn
+}
+
+func (b *BaseATNSimulator) DecisionToDFA() []*DFA {
+	return b.decisionToDFA
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_state.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_state.go
@ -0,0 +1,461 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+)
+
+// Constants for serialization.
+const (
+	ATNStateInvalidType    = 0
+	ATNStateBasic          = 1
+	ATNStateRuleStart      = 2
+	ATNStateBlockStart     = 3
+	ATNStatePlusBlockStart = 4
+	ATNStateStarBlockStart = 5
+	ATNStateTokenStart     = 6
+	ATNStateRuleStop       = 7
+	ATNStateBlockEnd       = 8
+	ATNStateStarLoopBack   = 9
+	ATNStateStarLoopEntry  = 10
+	ATNStatePlusLoopBack   = 11
+	ATNStateLoopEnd        = 12
+
+	ATNStateInvalidStateNumber = -1
+)
+
+//goland:noinspection GoUnusedGlobalVariable
+var ATNStateInitialNumTransitions = 4
+
+type ATNState interface {
+	GetEpsilonOnlyTransitions() bool
+
+	GetRuleIndex() int
+	SetRuleIndex(int)
+
+	GetNextTokenWithinRule() *IntervalSet
+	SetNextTokenWithinRule(*IntervalSet)
+
+	GetATN() *ATN
+	SetATN(*ATN)
+
+	GetStateType() int
+
+	GetStateNumber() int
+	SetStateNumber(int)
+
+	GetTransitions() []Transition
+	SetTransitions([]Transition)
+	AddTransition(Transition, int)
+
+	String() string
+	Hash() int
+	Equals(Collectable[ATNState]) bool
+}
+
+type BaseATNState struct {
+	// NextTokenWithinRule caches lookahead during parsing. Not used during construction.
+	NextTokenWithinRule *IntervalSet
+
+	// atn is the current ATN.
+	atn *ATN
+
+	epsilonOnlyTransitions bool
+
+	// ruleIndex tracks the Rule index because there are no Rule objects at runtime.
+	ruleIndex int
+
+	stateNumber int
+
+	stateType int
+
+	// Track the transitions emanating from this ATN state.
+	transitions []Transition
+}
+
+func NewATNState() *BaseATNState {
+	return &BaseATNState{stateNumber: ATNStateInvalidStateNumber, stateType: ATNStateInvalidType}
+}
+
+func (as *BaseATNState) GetRuleIndex() int {
+	return as.ruleIndex
+}
+
+func (as *BaseATNState) SetRuleIndex(v int) {
+	as.ruleIndex = v
+}
+func (as *BaseATNState) GetEpsilonOnlyTransitions() bool {
+	return as.epsilonOnlyTransitions
+}
+
+func (as *BaseATNState) GetATN() *ATN {
+	return as.atn
+}
+
+func (as *BaseATNState) SetATN(atn *ATN) {
+	as.atn = atn
+}
+
+func (as *BaseATNState) GetTransitions() []Transition {
+	return as.transitions
+}
+
+func (as *BaseATNState) SetTransitions(t []Transition) {
+	as.transitions = t
+}
+
+func (as *BaseATNState) GetStateType() int {
+	return as.stateType
+}
+
+func (as *BaseATNState) GetStateNumber() int {
+	return as.stateNumber
+}
+
+func (as *BaseATNState) SetStateNumber(stateNumber int) {
+	as.stateNumber = stateNumber
+}
+
+func (as *BaseATNState) GetNextTokenWithinRule() *IntervalSet {
+	return as.NextTokenWithinRule
+}
+
+func (as *BaseATNState) SetNextTokenWithinRule(v *IntervalSet) {
+	as.NextTokenWithinRule = v
+}
+
+func (as *BaseATNState) Hash() int {
+	return as.stateNumber
+}
+
+func (as *BaseATNState) String() string {
+	return strconv.Itoa(as.stateNumber)
+}
+
+func (as *BaseATNState) Equals(other Collectable[ATNState]) bool {
+	if ot, ok := other.(ATNState); ok {
+		return as.stateNumber == ot.GetStateNumber()
+	}
+
+	return false
+}
+
+func (as *BaseATNState) isNonGreedyExitState() bool {
+	return false
+}
+
+func (as *BaseATNState) AddTransition(trans Transition, index int) {
+	if len(as.transitions) == 0 {
+		as.epsilonOnlyTransitions = trans.getIsEpsilon()
+	} else if as.epsilonOnlyTransitions != trans.getIsEpsilon() {
+		_, _ = fmt.Fprintf(os.Stdin, "ATN state %d has both epsilon and non-epsilon transitions.\n", as.stateNumber)
+		as.epsilonOnlyTransitions = false
+	}
+
+	// TODO: Check code for already present compared to the Java equivalent
+	//alreadyPresent := false
+	//for _, t := range as.transitions {
+	//	if t.getTarget().GetStateNumber() == trans.getTarget().GetStateNumber() {
+	//		if t.getLabel() != nil && trans.getLabel() != nil && trans.getLabel().Equals(t.getLabel()) {
+	//			alreadyPresent = true
+	//			break
+	//		}
+	//	} else if t.getIsEpsilon() && trans.getIsEpsilon() {
+	//		alreadyPresent = true
+	//		break
+	//	}
+	//}
+	//if !alreadyPresent {
+	if index == -1 {
+		as.transitions = append(as.transitions, trans)
+	} else {
+		as.transitions = append(as.transitions[:index], append([]Transition{trans}, as.transitions[index:]...)...)
+		// TODO: as.transitions.splice(index, 1, trans)
+	}
+	//} else {
+	//	_, _ = fmt.Fprintf(os.Stderr, "Transition already present in state %d\n", as.stateNumber)
+	//}
+}
+
+type BasicState struct {
+	BaseATNState
+}
+
+func NewBasicState() *BasicState {
+	return &BasicState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateBasic,
+		},
+	}
+}
+
+type DecisionState interface {
+	ATNState
+
+	getDecision() int
+	setDecision(int)
+
+	getNonGreedy() bool
+	setNonGreedy(bool)
+}
+
+type BaseDecisionState struct {
+	BaseATNState
+	decision  int
+	nonGreedy bool
+}
+
+func NewBaseDecisionState() *BaseDecisionState {
+	return &BaseDecisionState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateBasic,
+		},
+		decision: -1,
+	}
+}
+
+func (s *BaseDecisionState) getDecision() int {
+	return s.decision
+}
+
+func (s *BaseDecisionState) setDecision(b int) {
+	s.decision = b
+}
+
+func (s *BaseDecisionState) getNonGreedy() bool {
+	return s.nonGreedy
+}
+
+func (s *BaseDecisionState) setNonGreedy(b bool) {
+	s.nonGreedy = b
+}
+
+type BlockStartState interface {
+	DecisionState
+
+	getEndState() *BlockEndState
+	setEndState(*BlockEndState)
+}
+
+// BaseBlockStartState is the start of a regular (...) block.
+type BaseBlockStartState struct {
+	BaseDecisionState
+	endState *BlockEndState
+}
+
+func NewBlockStartState() *BaseBlockStartState {
+	return &BaseBlockStartState{
+		BaseDecisionState: BaseDecisionState{
+			BaseATNState: BaseATNState{
+				stateNumber: ATNStateInvalidStateNumber,
+				stateType:   ATNStateBasic,
+			},
+			decision: -1,
+		},
+	}
+}
+
+func (s *BaseBlockStartState) getEndState() *BlockEndState {
+	return s.endState
+}
+
+func (s *BaseBlockStartState) setEndState(b *BlockEndState) {
+	s.endState = b
+}
+
+type BasicBlockStartState struct {
+	BaseBlockStartState
+}
+
+func NewBasicBlockStartState() *BasicBlockStartState {
+	return &BasicBlockStartState{
+		BaseBlockStartState: BaseBlockStartState{
+			BaseDecisionState: BaseDecisionState{
+				BaseATNState: BaseATNState{
+					stateNumber: ATNStateInvalidStateNumber,
+					stateType:   ATNStateBlockStart,
+				},
+			},
+		},
+	}
+}
+
+var _ BlockStartState = &BasicBlockStartState{}
+
+// BlockEndState is a terminal node of a simple (a|b|c) block.
+type BlockEndState struct {
+	BaseATNState
+	startState ATNState
+}
+
+func NewBlockEndState() *BlockEndState {
+	return &BlockEndState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateBlockEnd,
+		},
+		startState: nil,
+	}
+}
+
+// RuleStopState is the last node in the ATN for a rule, unless that rule is the
+// start symbol. In that case, there is one transition to EOF. Later, we might
+// encode references to all calls to this rule to compute FOLLOW sets for error
+// handling.
+type RuleStopState struct {
+	BaseATNState
+}
+
+func NewRuleStopState() *RuleStopState {
+	return &RuleStopState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateRuleStop,
+		},
+	}
+}
+
+type RuleStartState struct {
+	BaseATNState
+	stopState        ATNState
+	isPrecedenceRule bool
+}
+
+func NewRuleStartState() *RuleStartState {
+	return &RuleStartState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateRuleStart,
+		},
+	}
+}
+
+// PlusLoopbackState is a decision state for A+ and (A|B)+. It has two
+// transitions: one to the loop back to start of the block, and one to exit.
+type PlusLoopbackState struct {
+	BaseDecisionState
+}
+
+func NewPlusLoopbackState() *PlusLoopbackState {
+	return &PlusLoopbackState{
+		BaseDecisionState: BaseDecisionState{
+			BaseATNState: BaseATNState{
+				stateNumber: ATNStateInvalidStateNumber,
+				stateType:   ATNStatePlusLoopBack,
+			},
+		},
+	}
+}
+
+// PlusBlockStartState is the start of a (A|B|...)+ loop. Technically it is a
+// decision state; we don't use it for code generation. Somebody might need it,
+// it is included for completeness. In reality, PlusLoopbackState is the real
+// decision-making node for A+.
+type PlusBlockStartState struct {
+	BaseBlockStartState
+	loopBackState ATNState
+}
+
+func NewPlusBlockStartState() *PlusBlockStartState {
+	return &PlusBlockStartState{
+		BaseBlockStartState: BaseBlockStartState{
+			BaseDecisionState: BaseDecisionState{
+				BaseATNState: BaseATNState{
+					stateNumber: ATNStateInvalidStateNumber,
+					stateType:   ATNStatePlusBlockStart,
+				},
+			},
+		},
+	}
+}
+
+var _ BlockStartState = &PlusBlockStartState{}
+
+// StarBlockStartState is the block that begins a closure loop.
+type StarBlockStartState struct {
+	BaseBlockStartState
+}
+
+func NewStarBlockStartState() *StarBlockStartState {
+	return &StarBlockStartState{
+		BaseBlockStartState: BaseBlockStartState{
+			BaseDecisionState: BaseDecisionState{
+				BaseATNState: BaseATNState{
+					stateNumber: ATNStateInvalidStateNumber,
+					stateType:   ATNStateStarBlockStart,
+				},
+			},
+		},
+	}
+}
+
+var _ BlockStartState = &StarBlockStartState{}
+
+type StarLoopbackState struct {
+	BaseATNState
+}
+
+func NewStarLoopbackState() *StarLoopbackState {
+	return &StarLoopbackState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateStarLoopBack,
+		},
+	}
+}
+
+type StarLoopEntryState struct {
+	BaseDecisionState
+	loopBackState          ATNState
+	precedenceRuleDecision bool
+}
+
+func NewStarLoopEntryState() *StarLoopEntryState {
+	// False precedenceRuleDecision indicates whether s state can benefit from a precedence DFA during SLL decision making.
+	return &StarLoopEntryState{
+		BaseDecisionState: BaseDecisionState{
+			BaseATNState: BaseATNState{
+				stateNumber: ATNStateInvalidStateNumber,
+				stateType:   ATNStateStarLoopEntry,
+			},
+		},
+	}
+}
+
+// LoopEndState marks the end of a * or + loop.
+type LoopEndState struct {
+	BaseATNState
+	loopBackState ATNState
+}
+
+func NewLoopEndState() *LoopEndState {
+	return &LoopEndState{
+		BaseATNState: BaseATNState{
+			stateNumber: ATNStateInvalidStateNumber,
+			stateType:   ATNStateLoopEnd,
+		},
+	}
+}
+
+// TokensStartState is the Tokens rule start state linking to each lexer rule start state.
+type TokensStartState struct {
+	BaseDecisionState
+}
+
+func NewTokensStartState() *TokensStartState {
+	return &TokensStartState{
+		BaseDecisionState: BaseDecisionState{
+			BaseATNState: BaseATNState{
+				stateNumber: ATNStateInvalidStateNumber,
+				stateType:   ATNStateTokenStart,
+			},
+		},
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/atn_type.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/atn_type.go
@ -0,0 +1,11 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+// Represent the type of recognizer an ATN applies to.
+const (
+	ATNTypeLexer  = 0
+	ATNTypeParser = 1
+)
--- a/vendor/github.com/antlr4-go/antlr/v4/char_stream.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/char_stream.go
@ -0,0 +1,12 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+type CharStream interface {
+	IntStream
+	GetText(int, int) string
+	GetTextFromTokens(start, end Token) string
+	GetTextFromInterval(Interval) string
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/common_token_factory.go
@ -0,0 +1,56 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+// TokenFactory creates CommonToken objects.
+type TokenFactory interface {
+	Create(source *TokenSourceCharStreamPair, ttype int, text string, channel, start, stop, line, column int) Token
+}
+
+// CommonTokenFactory is the default TokenFactory implementation.
+type CommonTokenFactory struct {
+	// copyText indicates whether CommonToken.setText should be called after
+	// constructing tokens to explicitly set the text. This is useful for cases
+	// where the input stream might not be able to provide arbitrary substrings of
+	// text from the input after the lexer creates a token (e.g. the
+	// implementation of CharStream.GetText in UnbufferedCharStream panics an
+	// UnsupportedOperationException). Explicitly setting the token text allows
+	// Token.GetText to be called at any time regardless of the input stream
+	// implementation.
+	//
+	// The default value is false to avoid the performance and memory overhead of
+	// copying text for every token unless explicitly requested.
+	copyText bool
+}
+
+func NewCommonTokenFactory(copyText bool) *CommonTokenFactory {
+	return &CommonTokenFactory{copyText: copyText}
+}
+
+// CommonTokenFactoryDEFAULT is the default CommonTokenFactory. It does not
+// explicitly copy token text when constructing tokens.
+var CommonTokenFactoryDEFAULT = NewCommonTokenFactory(false)
+
+func (c *CommonTokenFactory) Create(source *TokenSourceCharStreamPair, ttype int, text string, channel, start, stop, line, column int) Token {
+	t := NewCommonToken(source, ttype, channel, start, stop)
+
+	t.line = line
+	t.column = column
+
+	if text != "" {
+		t.SetText(text)
+	} else if c.copyText && source.charStream != nil {
+		t.SetText(source.charStream.GetTextFromInterval(NewInterval(start, stop)))
+	}
+
+	return t
+}
+
+func (c *CommonTokenFactory) createThin(ttype int, text string) Token {
+	t := NewCommonToken(nil, ttype, TokenDefaultChannel, -1, -1)
+	t.SetText(text)
+
+	return t
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/common_token_stream.go
@ -0,0 +1,450 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"strconv"
+)
+
+// CommonTokenStream is an implementation of TokenStream that loads tokens from
+// a TokenSource on-demand and places the tokens in a buffer to provide access
+// to any previous token by index. This token stream ignores the value of
+// Token.getChannel. If your parser requires the token stream filter tokens to
+// only those on a particular channel, such as Token.DEFAULT_CHANNEL or
+// Token.HIDDEN_CHANNEL, use a filtering token stream such a CommonTokenStream.
+type CommonTokenStream struct {
+	channel int
+
+	// fetchedEOF indicates whether the Token.EOF token has been fetched from
+	// tokenSource and added to tokens. This field improves performance for the
+	// following cases:
+	//
+	// consume: The lookahead check in consume to preven consuming the EOF symbol is
+	// optimized by checking the values of fetchedEOF and p instead of calling LA.
+	//
+	// fetch: The check to prevent adding multiple EOF symbols into tokens is
+	// trivial with bt field.
+	fetchedEOF bool
+
+	// index into [tokens] of the current token (next token to consume).
+	// tokens[p] should be LT(1). It is set to -1 when the stream is first
+	// constructed or when SetTokenSource is called, indicating that the first token
+	// has not yet been fetched from the token source. For additional information,
+	// see the documentation of [IntStream] for a description of initializing methods.
+	index int
+
+	// tokenSource is the [TokenSource] from which tokens for the bt stream are
+	// fetched.
+	tokenSource TokenSource
+
+	// tokens contains all tokens fetched from the token source. The list is considered a
+	// complete view of the input once fetchedEOF is set to true.
+	tokens []Token
+}
+
+// NewCommonTokenStream creates a new CommonTokenStream instance using the supplied lexer to produce
+// tokens and will pull tokens from the given lexer channel.
+func NewCommonTokenStream(lexer Lexer, channel int) *CommonTokenStream {
+	return &CommonTokenStream{
+		channel:     channel,
+		index:       -1,
+		tokenSource: lexer,
+		tokens:      make([]Token, 0),
+	}
+}
+
+// GetAllTokens returns all tokens currently pulled from the token source.
+func (c *CommonTokenStream) GetAllTokens() []Token {
+	return c.tokens
+}
+
+func (c *CommonTokenStream) Mark() int {
+	return 0
+}
+
+func (c *CommonTokenStream) Release(_ int) {}
+
+func (c *CommonTokenStream) Reset() {
+	c.fetchedEOF = false
+	c.tokens = make([]Token, 0)
+	c.Seek(0)
+}
+
+func (c *CommonTokenStream) Seek(index int) {
+	c.lazyInit()
+	c.index = c.adjustSeekIndex(index)
+}
+
+func (c *CommonTokenStream) Get(index int) Token {
+	c.lazyInit()
+
+	return c.tokens[index]
+}
+
+func (c *CommonTokenStream) Consume() {
+	SkipEOFCheck := false
+
+	if c.index >= 0 {
+		if c.fetchedEOF {
+			// The last token in tokens is EOF. Skip the check if p indexes any fetched.
+			// token except the last.
+			SkipEOFCheck = c.index < len(c.tokens)-1
+		} else {
+			// No EOF token in tokens. Skip the check if p indexes a fetched token.
+			SkipEOFCheck = c.index < len(c.tokens)
+		}
+	} else {
+		// Not yet initialized
+		SkipEOFCheck = false
+	}
+
+	if !SkipEOFCheck && c.LA(1) == TokenEOF {
+		panic("cannot consume EOF")
+	}
+
+	if c.Sync(c.index + 1) {
+		c.index = c.adjustSeekIndex(c.index + 1)
+	}
+}
+
+// Sync makes sure index i in tokens has a token and returns true if a token is
+// located at index i and otherwise false.
+func (c *CommonTokenStream) Sync(i int) bool {
+	n := i - len(c.tokens) + 1 // How many more elements do we need?
+
+	if n > 0 {
+		fetched := c.fetch(n)
+		return fetched >= n
+	}
+
+	return true
+}
+
+// fetch adds n elements to buffer and returns the actual number of elements
+// added to the buffer.
+func (c *CommonTokenStream) fetch(n int) int {
+	if c.fetchedEOF {
+		return 0
+	}
+
+	for i := 0; i < n; i++ {
+		t := c.tokenSource.NextToken()
+
+		t.SetTokenIndex(len(c.tokens))
+		c.tokens = append(c.tokens, t)
+
+		if t.GetTokenType() == TokenEOF {
+			c.fetchedEOF = true
+
+			return i + 1
+		}
+	}
+
+	return n
+}
+
+// GetTokens gets all tokens from start to stop inclusive.
+func (c *CommonTokenStream) GetTokens(start int, stop int, types *IntervalSet) []Token {
+	if start < 0 || stop < 0 {
+		return nil
+	}
+
+	c.lazyInit()
+
+	subset := make([]Token, 0)
+
+	if stop >= len(c.tokens) {
+		stop = len(c.tokens) - 1
+	}
+
+	for i := start; i < stop; i++ {
+		t := c.tokens[i]
+
+		if t.GetTokenType() == TokenEOF {
+			break
+		}
+
+		if types == nil || types.contains(t.GetTokenType()) {
+			subset = append(subset, t)
+		}
+	}
+
+	return subset
+}
+
+func (c *CommonTokenStream) LA(i int) int {
+	return c.LT(i).GetTokenType()
+}
+
+func (c *CommonTokenStream) lazyInit() {
+	if c.index == -1 {
+		c.setup()
+	}
+}
+
+func (c *CommonTokenStream) setup() {
+	c.Sync(0)
+	c.index = c.adjustSeekIndex(0)
+}
+
+func (c *CommonTokenStream) GetTokenSource() TokenSource {
+	return c.tokenSource
+}
+
+// SetTokenSource resets the c token stream by setting its token source.
+func (c *CommonTokenStream) SetTokenSource(tokenSource TokenSource) {
+	c.tokenSource = tokenSource
+	c.tokens = make([]Token, 0)
+	c.index = -1
+	c.fetchedEOF = false
+}
+
+// NextTokenOnChannel returns the index of the next token on channel given a
+// starting index. Returns i if tokens[i] is on channel. Returns -1 if there are
+// no tokens on channel between 'i' and [TokenEOF].
+func (c *CommonTokenStream) NextTokenOnChannel(i, _ int) int {
+	c.Sync(i)
+
+	if i >= len(c.tokens) {
+		return -1
+	}
+
+	token := c.tokens[i]
+
+	for token.GetChannel() != c.channel {
+		if token.GetTokenType() == TokenEOF {
+			return -1
+		}
+
+		i++
+		c.Sync(i)
+		token = c.tokens[i]
+	}
+
+	return i
+}
+
+// previousTokenOnChannel returns the index of the previous token on channel
+// given a starting index. Returns i if tokens[i] is on channel. Returns -1 if
+// there are no tokens on channel between i and 0.
+func (c *CommonTokenStream) previousTokenOnChannel(i, channel int) int {
+	for i >= 0 && c.tokens[i].GetChannel() != channel {
+		i--
+	}
+
+	return i
+}
+
+// GetHiddenTokensToRight collects all tokens on a specified channel to the
+// right of the current token up until we see a token on DEFAULT_TOKEN_CHANNEL
+// or EOF. If channel is -1, it finds any non-default channel token.
+func (c *CommonTokenStream) GetHiddenTokensToRight(tokenIndex, channel int) []Token {
+	c.lazyInit()
+
+	if tokenIndex < 0 || tokenIndex >= len(c.tokens) {
+		panic(strconv.Itoa(tokenIndex) + " not in 0.." + strconv.Itoa(len(c.tokens)-1))
+	}
+
+	nextOnChannel := c.NextTokenOnChannel(tokenIndex+1, LexerDefaultTokenChannel)
+	from := tokenIndex + 1
+
+	// If no onChannel to the right, then nextOnChannel == -1, so set 'to' to the last token
+	var to int
+
+	if nextOnChannel == -1 {
+		to = len(c.tokens) - 1
+	} else {
+		to = nextOnChannel
+	}
+
+	return c.filterForChannel(from, to, channel)
+}
+
+// GetHiddenTokensToLeft collects all tokens on channel to the left of the
+// current token until we see a token on DEFAULT_TOKEN_CHANNEL. If channel is
+// -1, it finds any non default channel token.
+func (c *CommonTokenStream) GetHiddenTokensToLeft(tokenIndex, channel int) []Token {
+	c.lazyInit()
+
+	if tokenIndex < 0 || tokenIndex >= len(c.tokens) {
+		panic(strconv.Itoa(tokenIndex) + " not in 0.." + strconv.Itoa(len(c.tokens)-1))
+	}
+
+	prevOnChannel := c.previousTokenOnChannel(tokenIndex-1, LexerDefaultTokenChannel)
+
+	if prevOnChannel == tokenIndex-1 {
+		return nil
+	}
+
+	// If there are none on channel to the left and prevOnChannel == -1 then from = 0
+	from := prevOnChannel + 1
+	to := tokenIndex - 1
+
+	return c.filterForChannel(from, to, channel)
+}
+
+func (c *CommonTokenStream) filterForChannel(left, right, channel int) []Token {
+	hidden := make([]Token, 0)
+
+	for i := left; i < right+1; i++ {
+		t := c.tokens[i]
+
+		if channel == -1 {
+			if t.GetChannel() != LexerDefaultTokenChannel {
+				hidden = append(hidden, t)
+			}
+		} else if t.GetChannel() == channel {
+			hidden = append(hidden, t)
+		}
+	}
+
+	if len(hidden) == 0 {
+		return nil
+	}
+
+	return hidden
+}
+
+func (c *CommonTokenStream) GetSourceName() string {
+	return c.tokenSource.GetSourceName()
+}
+
+func (c *CommonTokenStream) Size() int {
+	return len(c.tokens)
+}
+
+func (c *CommonTokenStream) Index() int {
+	return c.index
+}
+
+func (c *CommonTokenStream) GetAllText() string {
+	c.Fill()
+	return c.GetTextFromInterval(NewInterval(0, len(c.tokens)-1))
+}
+
+func (c *CommonTokenStream) GetTextFromTokens(start, end Token) string {
+	if start == nil || end == nil {
+		return ""
+	}
+
+	return c.GetTextFromInterval(NewInterval(start.GetTokenIndex(), end.GetTokenIndex()))
+}
+
+func (c *CommonTokenStream) GetTextFromRuleContext(interval RuleContext) string {
+	return c.GetTextFromInterval(interval.GetSourceInterval())
+}
+
+func (c *CommonTokenStream) GetTextFromInterval(interval Interval) string {
+	c.lazyInit()
+	c.Sync(interval.Stop)
+
+	start := interval.Start
+	stop := interval.Stop
+
+	if start < 0 || stop < 0 {
+		return ""
+	}
+
+	if stop >= len(c.tokens) {
+		stop = len(c.tokens) - 1
+	}
+
+	s := ""
+
+	for i := start; i < stop+1; i++ {
+		t := c.tokens[i]
+
+		if t.GetTokenType() == TokenEOF {
+			break
+		}
+
+		s += t.GetText()
+	}
+
+	return s
+}
+
+// Fill gets all tokens from the lexer until EOF.
+func (c *CommonTokenStream) Fill() {
+	c.lazyInit()
+
+	for c.fetch(1000) == 1000 {
+		continue
+	}
+}
+
+func (c *CommonTokenStream) adjustSeekIndex(i int) int {
+	return c.NextTokenOnChannel(i, c.channel)
+}
+
+func (c *CommonTokenStream) LB(k int) Token {
+	if k == 0 || c.index-k < 0 {
+		return nil
+	}
+
+	i := c.index
+	n := 1
+
+	// Find k good tokens looking backward
+	for n <= k {
+		// Skip off-channel tokens
+		i = c.previousTokenOnChannel(i-1, c.channel)
+		n++
+	}
+
+	if i < 0 {
+		return nil
+	}
+
+	return c.tokens[i]
+}
+
+func (c *CommonTokenStream) LT(k int) Token {
+	c.lazyInit()
+
+	if k == 0 {
+		return nil
+	}
+
+	if k < 0 {
+		return c.LB(-k)
+	}
+
+	i := c.index
+	n := 1 // We know tokens[n] is valid
+
+	// Find k good tokens
+	for n < k {
+		// Skip off-channel tokens, but make sure to not look past EOF
+		if c.Sync(i + 1) {
+			i = c.NextTokenOnChannel(i+1, c.channel)
+		}
+
+		n++
+	}
+
+	return c.tokens[i]
+}
+
+// getNumberOfOnChannelTokens counts EOF once.
+func (c *CommonTokenStream) getNumberOfOnChannelTokens() int {
+	var n int
+
+	c.Fill()
+
+	for i := 0; i < len(c.tokens); i++ {
+		t := c.tokens[i]
+
+		if t.GetChannel() == c.channel {
+			n++
+		}
+
+		if t.GetTokenType() == TokenEOF {
+			break
+		}
+	}
+
+	return n
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/comparators.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/comparators.go
@ -0,0 +1,150 @@
+package antlr
+
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+// This file contains all the implementations of custom comparators used for generic collections when the
+// Hash() and Equals() funcs supplied by the struct objects themselves need to be overridden. Normally, we would
+// put the comparators in the source file for the struct themselves, but given the organization of this code is
+// sorta kinda based upon the Java code, I found it confusing trying to find out which comparator was where and used by
+// which instantiation of a collection. For instance, an Array2DHashSet in the Java source, when used with ATNConfig
+// collections requires three different comparators depending on what the collection is being used for. Collecting - pun intended -
+// all the comparators here, makes it much easier to see which implementation of hash and equals is used by which collection.
+// It also makes it easy to verify that the Hash() and Equals() functions marry up with the Java implementations.
+
+// ObjEqComparator is the equivalent of the Java ObjectEqualityComparator, which is the default instance of
+// Equality comparator. We do not have inheritance in Go, only interfaces, so we use generics to enforce some
+// type safety and avoid having to implement this for every type that we want to perform comparison on.
+//
+// This comparator works by using the standard Hash() and Equals() methods of the type T that is being compared. Which
+// allows us to use it in any collection instance that does not require a special hash or equals implementation.
+type ObjEqComparator[T Collectable[T]] struct{}
+
+var (
+	aStateEqInst = &ObjEqComparator[ATNState]{}
+	aConfEqInst  = &ObjEqComparator[*ATNConfig]{}
+
+	// aConfCompInst is the comparator used for the ATNConfigSet for the configLookup cache
+	aConfCompInst   = &ATNConfigComparator[*ATNConfig]{}
+	atnConfCompInst = &BaseATNConfigComparator[*ATNConfig]{}
+	dfaStateEqInst  = &ObjEqComparator[*DFAState]{}
+	semctxEqInst    = &ObjEqComparator[SemanticContext]{}
+	atnAltCfgEqInst = &ATNAltConfigComparator[*ATNConfig]{}
+	pContextEqInst  = &ObjEqComparator[*PredictionContext]{}
+)
+
+// Equals2 delegates to the Equals() method of type T
+func (c *ObjEqComparator[T]) Equals2(o1, o2 T) bool {
+	return o1.Equals(o2)
+}
+
+// Hash1 delegates to the Hash() method of type T
+func (c *ObjEqComparator[T]) Hash1(o T) int {
+
+	return o.Hash()
+}
+
+type SemCComparator[T Collectable[T]] struct{}
+
+// ATNConfigComparator is used as the comparator for the configLookup field of an ATNConfigSet
+// and has a custom Equals() and Hash() implementation, because equality is not based on the
+// standard Hash() and Equals() methods of the ATNConfig type.
+type ATNConfigComparator[T Collectable[T]] struct {
+}
+
+// Equals2 is a custom comparator for ATNConfigs specifically for configLookup
+func (c *ATNConfigComparator[T]) Equals2(o1, o2 *ATNConfig) bool {
+
+	// Same pointer, must be equal, even if both nil
+	//
+	if o1 == o2 {
+		return true
+
+	}
+
+	// If either are nil, but not both, then the result is false
+	//
+	if o1 == nil || o2 == nil {
+		return false
+	}
+
+	return o1.GetState().GetStateNumber() == o2.GetState().GetStateNumber() &&
+		o1.GetAlt() == o2.GetAlt() &&
+		o1.GetSemanticContext().Equals(o2.GetSemanticContext())
+}
+
+// Hash1 is custom hash implementation for ATNConfigs specifically for configLookup
+func (c *ATNConfigComparator[T]) Hash1(o *ATNConfig) int {
+
+	hash := 7
+	hash = 31*hash + o.GetState().GetStateNumber()
+	hash = 31*hash + o.GetAlt()
+	hash = 31*hash + o.GetSemanticContext().Hash()
+	return hash
+}
+
+// ATNAltConfigComparator is used as the comparator for mapping configs to Alt Bitsets
+type ATNAltConfigComparator[T Collectable[T]] struct {
+}
+
+// Equals2 is a custom comparator for ATNConfigs specifically for configLookup
+func (c *ATNAltConfigComparator[T]) Equals2(o1, o2 *ATNConfig) bool {
+
+	// Same pointer, must be equal, even if both nil
+	//
+	if o1 == o2 {
+		return true
+
+	}
+
+	// If either are nil, but not both, then the result is false
+	//
+	if o1 == nil || o2 == nil {
+		return false
+	}
+
+	return o1.GetState().GetStateNumber() == o2.GetState().GetStateNumber() &&
+		o1.GetContext().Equals(o2.GetContext())
+}
+
+// Hash1 is custom hash implementation for ATNConfigs specifically for configLookup
+func (c *ATNAltConfigComparator[T]) Hash1(o *ATNConfig) int {
+	h := murmurInit(7)
+	h = murmurUpdate(h, o.GetState().GetStateNumber())
+	h = murmurUpdate(h, o.GetContext().Hash())
+	return murmurFinish(h, 2)
+}
+
+// BaseATNConfigComparator is used as the comparator for the configLookup field of a ATNConfigSet
+// and has a custom Equals() and Hash() implementation, because equality is not based on the
+// standard Hash() and Equals() methods of the ATNConfig type.
+type BaseATNConfigComparator[T Collectable[T]] struct {
+}
+
+// Equals2 is a custom comparator for ATNConfigs specifically for baseATNConfigSet
+func (c *BaseATNConfigComparator[T]) Equals2(o1, o2 *ATNConfig) bool {
+
+	// Same pointer, must be equal, even if both nil
+	//
+	if o1 == o2 {
+		return true
+
+	}
+
+	// If either are nil, but not both, then the result is false
+	//
+	if o1 == nil || o2 == nil {
+		return false
+	}
+
+	return o1.GetState().GetStateNumber() == o2.GetState().GetStateNumber() &&
+		o1.GetAlt() == o2.GetAlt() &&
+		o1.GetSemanticContext().Equals(o2.GetSemanticContext())
+}
+
+// Hash1 is custom hash implementation for ATNConfigs specifically for configLookup, but in fact just
+// delegates to the standard Hash() method of the ATNConfig type.
+func (c *BaseATNConfigComparator[T]) Hash1(o *ATNConfig) int {
+	return o.Hash()
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/configuration.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/configuration.go
@ -0,0 +1,214 @@
+package antlr
+
+type runtimeConfiguration struct {
+	statsTraceStacks              bool
+	lexerATNSimulatorDebug        bool
+	lexerATNSimulatorDFADebug     bool
+	parserATNSimulatorDebug       bool
+	parserATNSimulatorTraceATNSim bool
+	parserATNSimulatorDFADebug    bool
+	parserATNSimulatorRetryDebug  bool
+	lRLoopEntryBranchOpt          bool
+	memoryManager                 bool
+}
+
+// Global runtime configuration
+var runtimeConfig = runtimeConfiguration{
+	lRLoopEntryBranchOpt: true,
+}
+
+type runtimeOption func(*runtimeConfiguration) error
+
+// ConfigureRuntime allows the runtime to be configured globally setting things like trace and statistics options.
+// It uses the functional options pattern for go. This is a package global function as it operates on the runtime
+// configuration regardless of the instantiation of anything higher up such as a parser or lexer. Generally this is
+// used for debugging/tracing/statistics options, which are usually used by the runtime maintainers (or rather the
+// only maintainer). However, it is possible that you might want to use this to set a global option concerning the
+// memory allocation type used by the runtime such as sync.Pool or not.
+//
+// The options are applied in the order they are passed in, so the last option will override any previous options.
+//
+// For example, if you want to turn on the collection create point stack flag to true, you can do:
+//
+//	antlr.ConfigureRuntime(antlr.WithStatsTraceStacks(true))
+//
+// If you want to turn it off, you can do:
+//
+//	antlr.ConfigureRuntime(antlr.WithStatsTraceStacks(false))
+func ConfigureRuntime(options ...runtimeOption) error {
+	for _, option := range options {
+		err := option(&runtimeConfig)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// WithStatsTraceStacks sets the global flag indicating whether to collect stack traces at the create-point of
+// certain structs, such as collections, or the use point of certain methods such as Put().
+// Because this can be expensive, it is turned off by default. However, it
+// can be useful to track down exactly where memory is being created and used.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithStatsTraceStacks(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithStatsTraceStacks(false))
+func WithStatsTraceStacks(trace bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.statsTraceStacks = trace
+		return nil
+	}
+}
+
+// WithLexerATNSimulatorDebug sets the global flag indicating whether to log debug information from the lexer [ATN]
+// simulator. This is useful for debugging lexer issues by comparing the output with the Java runtime. Only useful
+// to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithLexerATNSimulatorDebug(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithLexerATNSimulatorDebug(false))
+func WithLexerATNSimulatorDebug(debug bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.lexerATNSimulatorDebug = debug
+		return nil
+	}
+}
+
+// WithLexerATNSimulatorDFADebug sets the global flag indicating whether to log debug information from the lexer [ATN] [DFA]
+// simulator. This is useful for debugging lexer issues by comparing the output with the Java runtime. Only useful
+// to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithLexerATNSimulatorDFADebug(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithLexerATNSimulatorDFADebug(false))
+func WithLexerATNSimulatorDFADebug(debug bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.lexerATNSimulatorDFADebug = debug
+		return nil
+	}
+}
+
+// WithParserATNSimulatorDebug sets the global flag indicating whether to log debug information from the parser [ATN]
+// simulator. This is useful for debugging parser issues by comparing the output with the Java runtime. Only useful
+// to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorDebug(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorDebug(false))
+func WithParserATNSimulatorDebug(debug bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.parserATNSimulatorDebug = debug
+		return nil
+	}
+}
+
+// WithParserATNSimulatorTraceATNSim sets the global flag indicating whether to log trace information from the parser [ATN] simulator
+// [DFA]. This is useful for debugging parser issues by comparing the output with the Java runtime. Only useful
+// to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorTraceATNSim(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorTraceATNSim(false))
+func WithParserATNSimulatorTraceATNSim(trace bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.parserATNSimulatorTraceATNSim = trace
+		return nil
+	}
+}
+
+// WithParserATNSimulatorDFADebug sets the global flag indicating whether to log debug information from the parser [ATN] [DFA]
+// simulator. This is useful for debugging parser issues by comparing the output with the Java runtime. Only useful
+// to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorDFADebug(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorDFADebug(false))
+func WithParserATNSimulatorDFADebug(debug bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.parserATNSimulatorDFADebug = debug
+		return nil
+	}
+}
+
+// WithParserATNSimulatorRetryDebug sets the global flag indicating whether to log debug information from the parser [ATN] [DFA]
+// simulator when retrying a decision. This is useful for debugging parser issues by comparing the output with the Java runtime.
+// Only useful to the runtime maintainers.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorRetryDebug(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithParserATNSimulatorRetryDebug(false))
+func WithParserATNSimulatorRetryDebug(debug bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.parserATNSimulatorRetryDebug = debug
+		return nil
+	}
+}
+
+// WithLRLoopEntryBranchOpt sets the global flag indicating whether let recursive loop operations should be
+// optimized or not. This is useful for debugging parser issues by comparing the output with the Java runtime.
+// It turns off the functionality of [canDropLoopEntryEdgeInLeftRecursiveRule] in [ParserATNSimulator].
+//
+// Note that default is to use this optimization.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithLRLoopEntryBranchOpt(true))
+//
+// You can turn it off at any time using:
+//
+//	antlr.ConfigureRuntime(antlr.WithLRLoopEntryBranchOpt(false))
+func WithLRLoopEntryBranchOpt(off bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.lRLoopEntryBranchOpt = off
+		return nil
+	}
+}
+
+// WithMemoryManager sets the global flag indicating whether to use the memory manager or not. This is useful
+// for poorly constructed grammars that create a lot of garbage. It turns on the functionality of [memoryManager], which
+// will intercept garbage collection and cause available memory to be reused. At the end of the day, this is no substitute
+// for fixing your grammar by ridding yourself of extreme ambiguity. BUt if you are just trying to reuse an opensource
+// grammar, this may help make it more practical.
+//
+// Note that default is to use normal Go memory allocation and not pool memory.
+//
+// Use:
+//
+//	antlr.ConfigureRuntime(antlr.WithMemoryManager(true))
+//
+// Note that if you turn this on, you should probably leave it on. You should use only one memory strategy or the other
+// and should remember to nil out any references to the parser or lexer when you are done with them.
+func WithMemoryManager(use bool) runtimeOption {
+	return func(config *runtimeConfiguration) error {
+		config.memoryManager = use
+		return nil
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/dfa.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/dfa.go
@ -0,0 +1,175 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+// DFA represents the Deterministic Finite Automaton used by the recognizer, including all the states it can
+// reach and the transitions between them.
+type DFA struct {
+	// atnStartState is the ATN state in which this was created
+	atnStartState DecisionState
+
+	decision int
+
+	// states is all the DFA states. Use Map to get the old state back; Set can only
+	// indicate whether it is there. Go maps implement key hash collisions and so on and are very
+	// good, but the DFAState is an object and can't be used directly as the key as it can in say Java
+	// amd C#, whereby if the hashcode is the same for two objects, then Equals() is called against them
+	// to see if they really are the same object. Hence, we have our own map storage.
+	//
+	states *JStore[*DFAState, *ObjEqComparator[*DFAState]]
+
+	numstates int
+
+	s0 *DFAState
+
+	// precedenceDfa is the backing field for isPrecedenceDfa and setPrecedenceDfa.
+	// True if the DFA is for a precedence decision and false otherwise.
+	precedenceDfa bool
+}
+
+func NewDFA(atnStartState DecisionState, decision int) *DFA {
+	dfa := &DFA{
+		atnStartState: atnStartState,
+		decision:      decision,
+		states:        nil, // Lazy initialize
+	}
+	if s, ok := atnStartState.(*StarLoopEntryState); ok && s.precedenceRuleDecision {
+		dfa.precedenceDfa = true
+		dfa.s0 = NewDFAState(-1, NewATNConfigSet(false))
+		dfa.s0.isAcceptState = false
+		dfa.s0.requiresFullContext = false
+	}
+	return dfa
+}
+
+// getPrecedenceStartState gets the start state for the current precedence and
+// returns the start state corresponding to the specified precedence if a start
+// state exists for the specified precedence and nil otherwise. d must be a
+// precedence DFA. See also isPrecedenceDfa.
+func (d *DFA) getPrecedenceStartState(precedence int) *DFAState {
+	if !d.getPrecedenceDfa() {
+		panic("only precedence DFAs may contain a precedence start state")
+	}
+
+	// s0.edges is never nil for a precedence DFA
+	if precedence < 0 || precedence >= len(d.getS0().getEdges()) {
+		return nil
+	}
+
+	return d.getS0().getIthEdge(precedence)
+}
+
+// setPrecedenceStartState sets the start state for the current precedence. d
+// must be a precedence DFA. See also isPrecedenceDfa.
+func (d *DFA) setPrecedenceStartState(precedence int, startState *DFAState) {
+	if !d.getPrecedenceDfa() {
+		panic("only precedence DFAs may contain a precedence start state")
+	}
+
+	if precedence < 0 {
+		return
+	}
+
+	// Synchronization on s0 here is ok. When the DFA is turned into a
+	// precedence DFA, s0 will be initialized once and not updated again. s0.edges
+	// is never nil for a precedence DFA.
+	s0 := d.getS0()
+	if precedence >= s0.numEdges() {
+		edges := append(s0.getEdges(), make([]*DFAState, precedence+1-s0.numEdges())...)
+		s0.setEdges(edges)
+		d.setS0(s0)
+	}
+
+	s0.setIthEdge(precedence, startState)
+}
+
+func (d *DFA) getPrecedenceDfa() bool {
+	return d.precedenceDfa
+}
+
+// setPrecedenceDfa sets whether d is a precedence DFA. If precedenceDfa differs
+// from the current DFA configuration, then d.states is cleared, the initial
+// state s0 is set to a new DFAState with an empty outgoing DFAState.edges to
+// store the start states for individual precedence values if precedenceDfa is
+// true or nil otherwise, and d.precedenceDfa is updated.
+func (d *DFA) setPrecedenceDfa(precedenceDfa bool) {
+	if d.getPrecedenceDfa() != precedenceDfa {
+		d.states = nil // Lazy initialize
+		d.numstates = 0
+
+		if precedenceDfa {
+			precedenceState := NewDFAState(-1, NewATNConfigSet(false))
+			precedenceState.setEdges(make([]*DFAState, 0))
+			precedenceState.isAcceptState = false
+			precedenceState.requiresFullContext = false
+			d.setS0(precedenceState)
+		} else {
+			d.setS0(nil)
+		}
+
+		d.precedenceDfa = precedenceDfa
+	}
+}
+
+// Len returns the number of states in d. We use this instead of accessing states directly so that we can implement lazy
+// instantiation of the states JMap.
+func (d *DFA) Len() int {
+	if d.states == nil {
+		return 0
+	}
+	return d.states.Len()
+}
+
+// Get returns a state that matches s if it is present in the DFA state set. We defer to this
+// function instead of accessing states directly so that we can implement lazy instantiation of the states JMap.
+func (d *DFA) Get(s *DFAState) (*DFAState, bool) {
+	if d.states == nil {
+		return nil, false
+	}
+	return d.states.Get(s)
+}
+
+func (d *DFA) Put(s *DFAState) (*DFAState, bool) {
+	if d.states == nil {
+		d.states = NewJStore[*DFAState, *ObjEqComparator[*DFAState]](dfaStateEqInst, DFAStateCollection, "DFA via DFA.Put")
+	}
+	return d.states.Put(s)
+}
+
+func (d *DFA) getS0() *DFAState {
+	return d.s0
+}
+
+func (d *DFA) setS0(s *DFAState) {
+	d.s0 = s
+}
+
+// sortedStates returns the states in d sorted by their state number, or an empty set if d.states is nil.
+func (d *DFA) sortedStates() []*DFAState {
+	if d.states == nil {
+		return []*DFAState{}
+	}
+	vs := d.states.SortedSlice(func(i, j *DFAState) bool {
+		return i.stateNumber < j.stateNumber
+	})
+
+	return vs
+}
+
+func (d *DFA) String(literalNames []string, symbolicNames []string) string {
+	if d.getS0() == nil {
+		return ""
+	}
+
+	return NewDFASerializer(d, literalNames, symbolicNames).String()
+}
+
+func (d *DFA) ToLexerString() string {
+	if d.getS0() == nil {
+		return ""
+	}
+
+	return NewLexerDFASerializer(d).String()
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/dfa_serializer.go
@ -0,0 +1,158 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// DFASerializer is a DFA walker that knows how to dump the DFA states to serialized
+// strings.
+type DFASerializer struct {
+	dfa           *DFA
+	literalNames  []string
+	symbolicNames []string
+}
+
+func NewDFASerializer(dfa *DFA, literalNames, symbolicNames []string) *DFASerializer {
+	if literalNames == nil {
+		literalNames = make([]string, 0)
+	}
+
+	if symbolicNames == nil {
+		symbolicNames = make([]string, 0)
+	}
+
+	return &DFASerializer{
+		dfa:           dfa,
+		literalNames:  literalNames,
+		symbolicNames: symbolicNames,
+	}
+}
+
+func (d *DFASerializer) String() string {
+	if d.dfa.getS0() == nil {
+		return ""
+	}
+
+	buf := ""
+	states := d.dfa.sortedStates()
+
+	for _, s := range states {
+		if s.edges != nil {
+			n := len(s.edges)
+
+			for j := 0; j < n; j++ {
+				t := s.edges[j]
+
+				if t != nil && t.stateNumber != 0x7FFFFFFF {
+					buf += d.GetStateString(s)
+					buf += "-"
+					buf += d.getEdgeLabel(j)
+					buf += "->"
+					buf += d.GetStateString(t)
+					buf += "\n"
+				}
+			}
+		}
+	}
+
+	if len(buf) == 0 {
+		return ""
+	}
+
+	return buf
+}
+
+func (d *DFASerializer) getEdgeLabel(i int) string {
+	if i == 0 {
+		return "EOF"
+	} else if d.literalNames != nil && i-1 < len(d.literalNames) {
+		return d.literalNames[i-1]
+	} else if d.symbolicNames != nil && i-1 < len(d.symbolicNames) {
+		return d.symbolicNames[i-1]
+	}
+
+	return strconv.Itoa(i - 1)
+}
+
+func (d *DFASerializer) GetStateString(s *DFAState) string {
+	var a, b string
+
+	if s.isAcceptState {
+		a = ":"
+	}
+
+	if s.requiresFullContext {
+		b = "^"
+	}
+
+	baseStateStr := a + "s" + strconv.Itoa(s.stateNumber) + b
+
+	if s.isAcceptState {
+		if s.predicates != nil {
+			return baseStateStr + "=>" + fmt.Sprint(s.predicates)
+		}
+
+		return baseStateStr + "=>" + fmt.Sprint(s.prediction)
+	}
+
+	return baseStateStr
+}
+
+type LexerDFASerializer struct {
+	*DFASerializer
+}
+
+func NewLexerDFASerializer(dfa *DFA) *LexerDFASerializer {
+	return &LexerDFASerializer{DFASerializer: NewDFASerializer(dfa, nil, nil)}
+}
+
+func (l *LexerDFASerializer) getEdgeLabel(i int) string {
+	var sb strings.Builder
+	sb.Grow(6)
+	sb.WriteByte('\'')
+	sb.WriteRune(rune(i))
+	sb.WriteByte('\'')
+	return sb.String()
+}
+
+func (l *LexerDFASerializer) String() string {
+	if l.dfa.getS0() == nil {
+		return ""
+	}
+
+	buf := ""
+	states := l.dfa.sortedStates()
+
+	for i := 0; i < len(states); i++ {
+		s := states[i]
+
+		if s.edges != nil {
+			n := len(s.edges)
+
+			for j := 0; j < n; j++ {
+				t := s.edges[j]
+
+				if t != nil && t.stateNumber != 0x7FFFFFFF {
+					buf += l.GetStateString(s)
+					buf += "-"
+					buf += l.getEdgeLabel(j)
+					buf += "->"
+					buf += l.GetStateString(t)
+					buf += "\n"
+				}
+			}
+		}
+	}
+
+	if len(buf) == 0 {
+		return ""
+	}
+
+	return buf
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/dfa_state.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/dfa_state.go
@ -0,0 +1,170 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+)
+
+// PredPrediction maps a predicate to a predicted alternative.
+type PredPrediction struct {
+	alt  int
+	pred SemanticContext
+}
+
+func NewPredPrediction(pred SemanticContext, alt int) *PredPrediction {
+	return &PredPrediction{alt: alt, pred: pred}
+}
+
+func (p *PredPrediction) String() string {
+	return "(" + fmt.Sprint(p.pred) + ", " + fmt.Sprint(p.alt) + ")"
+}
+
+// DFAState represents a set of possible [ATN] configurations. As Aho, Sethi,
+// Ullman p. 117 says: "The DFA uses its state to keep track of all possible
+// states the ATN can be in after reading each input symbol. That is to say,
+// after reading input a1, a2,..an, the DFA is in a state that represents the
+// subset T of the states of the ATN that are reachable from the ATN's start
+// state along some path labeled a1a2..an."
+//
+// In conventional NFA-to-DFA conversion, therefore, the subset T would be a bitset representing the set of
+// states the [ATN] could be in. We need to track the alt predicted by each state
+// as well, however. More importantly, we need to maintain a stack of states,
+// tracking the closure operations as they jump from rule to rule, emulating
+// rule invocations (method calls). I have to add a stack to simulate the proper
+// lookahead sequences for the underlying LL grammar from which the ATN was
+// derived.
+//
+// I use a set of [ATNConfig] objects, not simple states. An [ATNConfig] is both a
+// state (ala normal conversion) and a [RuleContext] describing the chain of rules
+// (if any) followed to arrive at that state.
+//
+// A [DFAState] may have multiple references to a particular state, but with
+// different [ATN] contexts (with same or different alts) meaning that state was
+// reached via a different set of rule invocations.
+type DFAState struct {
+	stateNumber int
+	configs     *ATNConfigSet
+
+	// edges elements point to the target of the symbol. Shift up by 1 so (-1)
+	// Token.EOF maps to the first element.
+	edges []*DFAState
+
+	isAcceptState bool
+
+	// prediction is the 'ttype' we match or alt we predict if the state is 'accept'.
+	// Set to ATN.INVALID_ALT_NUMBER when predicates != nil or
+	// requiresFullContext.
+	prediction int
+
+	lexerActionExecutor *LexerActionExecutor
+
+	// requiresFullContext indicates it was created during an SLL prediction that
+	// discovered a conflict between the configurations in the state. Future
+	// ParserATNSimulator.execATN invocations immediately jump doing
+	// full context prediction if true.
+	requiresFullContext bool
+
+	// predicates is the predicates associated with the ATN configurations of the
+	// DFA state during SLL parsing. When we have predicates, requiresFullContext
+	// is false, since full context prediction evaluates predicates on-the-fly. If
+	// d is
+	// not nil, then prediction is ATN.INVALID_ALT_NUMBER.
+	//
+	// We only use these for non-requiresFullContext but conflicting states. That
+	// means we know from the context (it's $ or we don't dip into outer context)
+	// that it's an ambiguity not a conflict.
+	//
+	// This list is computed by
+	// ParserATNSimulator.predicateDFAState.
+	predicates []*PredPrediction
+}
+
+func NewDFAState(stateNumber int, configs *ATNConfigSet) *DFAState {
+	if configs == nil {
+		configs = NewATNConfigSet(false)
+	}
+
+	return &DFAState{configs: configs, stateNumber: stateNumber}
+}
+
+// GetAltSet gets the set of all alts mentioned by all ATN configurations in d.
+func (d *DFAState) GetAltSet() []int {
+	var alts []int
+
+	if d.configs != nil {
+		for _, c := range d.configs.configs {
+			alts = append(alts, c.GetAlt())
+		}
+	}
+
+	if len(alts) == 0 {
+		return nil
+	}
+
+	return alts
+}
+
+func (d *DFAState) getEdges() []*DFAState {
+	return d.edges
+}
+
+func (d *DFAState) numEdges() int {
+	return len(d.edges)
+}
+
+func (d *DFAState) getIthEdge(i int) *DFAState {
+	return d.edges[i]
+}
+
+func (d *DFAState) setEdges(newEdges []*DFAState) {
+	d.edges = newEdges
+}
+
+func (d *DFAState) setIthEdge(i int, edge *DFAState) {
+	d.edges[i] = edge
+}
+
+func (d *DFAState) setPrediction(v int) {
+	d.prediction = v
+}
+
+func (d *DFAState) String() string {
+	var s string
+	if d.isAcceptState {
+		if d.predicates != nil {
+			s = "=>" + fmt.Sprint(d.predicates)
+		} else {
+			s = "=>" + fmt.Sprint(d.prediction)
+		}
+	}
+
+	return fmt.Sprintf("%d:%s%s", d.stateNumber, fmt.Sprint(d.configs), s)
+}
+
+func (d *DFAState) Hash() int {
+	h := murmurInit(7)
+	h = murmurUpdate(h, d.configs.Hash())
+	return murmurFinish(h, 1)
+}
+
+// Equals returns whether d equals other. Two DFAStates are equal if their ATN
+// configuration sets are the same. This method is used to see if a state
+// already exists.
+//
+// Because the number of alternatives and number of ATN configurations are
+// finite, there is a finite number of DFA states that can be processed. This is
+// necessary to show that the algorithm terminates.
+//
+// Cannot test the DFA state numbers here because in
+// ParserATNSimulator.addDFAState we need to know if any other state exists that
+// has d exact set of ATN configurations. The stateNumber is irrelevant.
+func (d *DFAState) Equals(o Collectable[*DFAState]) bool {
+	if d == o {
+		return true
+	}
+
+	return d.configs.Equals(o.(*DFAState).configs)
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/diagnostic_error_listener.go
@ -0,0 +1,110 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"strconv"
+)
+
+//
+// This implementation of {@link ANTLRErrorListener} can be used to identify
+// certain potential correctness and performance problems in grammars. "reports"
+// are made by calling {@link Parser//NotifyErrorListeners} with the appropriate
+// message.
+//
+// <ul>
+// <li><b>Ambiguities</b>: These are cases where more than one path through the
+// grammar can Match the input.</li>
+// <li><b>Weak context sensitivity</b>: These are cases where full-context
+// prediction resolved an SLL conflict to a unique alternative which equaled the
+// minimum alternative of the SLL conflict.</li>
+// <li><b>Strong (forced) context sensitivity</b>: These are cases where the
+// full-context prediction resolved an SLL conflict to a unique alternative,
+// <em>and</em> the minimum alternative of the SLL conflict was found to not be
+// a truly viable alternative. Two-stage parsing cannot be used for inputs where
+// d situation occurs.</li>
+// </ul>
+
+type DiagnosticErrorListener struct {
+	*DefaultErrorListener
+
+	exactOnly bool
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewDiagnosticErrorListener(exactOnly bool) *DiagnosticErrorListener {
+
+	n := new(DiagnosticErrorListener)
+
+	// whether all ambiguities or only exact ambiguities are Reported.
+	n.exactOnly = exactOnly
+	return n
+}
+
+func (d *DiagnosticErrorListener) ReportAmbiguity(recognizer Parser, dfa *DFA, startIndex, stopIndex int, exact bool, ambigAlts *BitSet, configs *ATNConfigSet) {
+	if d.exactOnly && !exact {
+		return
+	}
+	msg := "reportAmbiguity d=" +
+		d.getDecisionDescription(recognizer, dfa) +
+		": ambigAlts=" +
+		d.getConflictingAlts(ambigAlts, configs).String() +
+		", input='" +
+		recognizer.GetTokenStream().GetTextFromInterval(NewInterval(startIndex, stopIndex)) + "'"
+	recognizer.NotifyErrorListeners(msg, nil, nil)
+}
+
+func (d *DiagnosticErrorListener) ReportAttemptingFullContext(recognizer Parser, dfa *DFA, startIndex, stopIndex int, _ *BitSet, _ *ATNConfigSet) {
+
+	msg := "reportAttemptingFullContext d=" +
+		d.getDecisionDescription(recognizer, dfa) +
+		", input='" +
+		recognizer.GetTokenStream().GetTextFromInterval(NewInterval(startIndex, stopIndex)) + "'"
+	recognizer.NotifyErrorListeners(msg, nil, nil)
+}
+
+func (d *DiagnosticErrorListener) ReportContextSensitivity(recognizer Parser, dfa *DFA, startIndex, stopIndex, _ int, _ *ATNConfigSet) {
+	msg := "reportContextSensitivity d=" +
+		d.getDecisionDescription(recognizer, dfa) +
+		", input='" +
+		recognizer.GetTokenStream().GetTextFromInterval(NewInterval(startIndex, stopIndex)) + "'"
+	recognizer.NotifyErrorListeners(msg, nil, nil)
+}
+
+func (d *DiagnosticErrorListener) getDecisionDescription(recognizer Parser, dfa *DFA) string {
+	decision := dfa.decision
+	ruleIndex := dfa.atnStartState.GetRuleIndex()
+
+	ruleNames := recognizer.GetRuleNames()
+	if ruleIndex < 0 || ruleIndex >= len(ruleNames) {
+		return strconv.Itoa(decision)
+	}
+	ruleName := ruleNames[ruleIndex]
+	if ruleName == "" {
+		return strconv.Itoa(decision)
+	}
+	return strconv.Itoa(decision) + " (" + ruleName + ")"
+}
+
+// Computes the set of conflicting or ambiguous alternatives from a
+// configuration set, if that information was not already provided by the
+// parser.
+//
+// @param ReportedAlts The set of conflicting or ambiguous alternatives, as
+// Reported by the parser.
+// @param configs The conflicting or ambiguous configuration set.
+// @return Returns {@code ReportedAlts} if it is not {@code nil}, otherwise
+// returns the set of alternatives represented in {@code configs}.
+func (d *DiagnosticErrorListener) getConflictingAlts(ReportedAlts *BitSet, set *ATNConfigSet) *BitSet {
+	if ReportedAlts != nil {
+		return ReportedAlts
+	}
+	result := NewBitSet()
+	for _, c := range set.configs {
+		result.add(c.GetAlt())
+	}
+
+	return result
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/error_listener.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/error_listener.go
@ -0,0 +1,100 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+)
+
+// Provides an empty default implementation of {@link ANTLRErrorListener}. The
+// default implementation of each method does nothing, but can be overridden as
+// necessary.
+
+type ErrorListener interface {
+	SyntaxError(recognizer Recognizer, offendingSymbol interface{}, line, column int, msg string, e RecognitionException)
+	ReportAmbiguity(recognizer Parser, dfa *DFA, startIndex, stopIndex int, exact bool, ambigAlts *BitSet, configs *ATNConfigSet)
+	ReportAttemptingFullContext(recognizer Parser, dfa *DFA, startIndex, stopIndex int, conflictingAlts *BitSet, configs *ATNConfigSet)
+	ReportContextSensitivity(recognizer Parser, dfa *DFA, startIndex, stopIndex, prediction int, configs *ATNConfigSet)
+}
+
+type DefaultErrorListener struct {
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewDefaultErrorListener() *DefaultErrorListener {
+	return new(DefaultErrorListener)
+}
+
+func (d *DefaultErrorListener) SyntaxError(_ Recognizer, _ interface{}, _, _ int, _ string, _ RecognitionException) {
+}
+
+func (d *DefaultErrorListener) ReportAmbiguity(_ Parser, _ *DFA, _, _ int, _ bool, _ *BitSet, _ *ATNConfigSet) {
+}
+
+func (d *DefaultErrorListener) ReportAttemptingFullContext(_ Parser, _ *DFA, _, _ int, _ *BitSet, _ *ATNConfigSet) {
+}
+
+func (d *DefaultErrorListener) ReportContextSensitivity(_ Parser, _ *DFA, _, _, _ int, _ *ATNConfigSet) {
+}
+
+type ConsoleErrorListener struct {
+	*DefaultErrorListener
+}
+
+func NewConsoleErrorListener() *ConsoleErrorListener {
+	return new(ConsoleErrorListener)
+}
+
+// ConsoleErrorListenerINSTANCE provides a default instance of {@link ConsoleErrorListener}.
+var ConsoleErrorListenerINSTANCE = NewConsoleErrorListener()
+
+// SyntaxError prints messages to System.err containing the
+// values of line, charPositionInLine, and msg using
+// the following format:
+//
+//	line <line>:<charPositionInLine> <msg>
+func (c *ConsoleErrorListener) SyntaxError(_ Recognizer, _ interface{}, line, column int, msg string, _ RecognitionException) {
+	_, _ = fmt.Fprintln(os.Stderr, "line "+strconv.Itoa(line)+":"+strconv.Itoa(column)+" "+msg)
+}
+
+type ProxyErrorListener struct {
+	*DefaultErrorListener
+	delegates []ErrorListener
+}
+
+func NewProxyErrorListener(delegates []ErrorListener) *ProxyErrorListener {
+	if delegates == nil {
+		panic("delegates is not provided")
+	}
+	l := new(ProxyErrorListener)
+	l.delegates = delegates
+	return l
+}
+
+func (p *ProxyErrorListener) SyntaxError(recognizer Recognizer, offendingSymbol interface{}, line, column int, msg string, e RecognitionException) {
+	for _, d := range p.delegates {
+		d.SyntaxError(recognizer, offendingSymbol, line, column, msg, e)
+	}
+}
+
+func (p *ProxyErrorListener) ReportAmbiguity(recognizer Parser, dfa *DFA, startIndex, stopIndex int, exact bool, ambigAlts *BitSet, configs *ATNConfigSet) {
+	for _, d := range p.delegates {
+		d.ReportAmbiguity(recognizer, dfa, startIndex, stopIndex, exact, ambigAlts, configs)
+	}
+}
+
+func (p *ProxyErrorListener) ReportAttemptingFullContext(recognizer Parser, dfa *DFA, startIndex, stopIndex int, conflictingAlts *BitSet, configs *ATNConfigSet) {
+	for _, d := range p.delegates {
+		d.ReportAttemptingFullContext(recognizer, dfa, startIndex, stopIndex, conflictingAlts, configs)
+	}
+}
+
+func (p *ProxyErrorListener) ReportContextSensitivity(recognizer Parser, dfa *DFA, startIndex, stopIndex, prediction int, configs *ATNConfigSet) {
+	for _, d := range p.delegates {
+		d.ReportContextSensitivity(recognizer, dfa, startIndex, stopIndex, prediction, configs)
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/error_strategy.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/error_strategy.go
@ -0,0 +1,702 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+)
+
+type ErrorStrategy interface {
+	reset(Parser)
+	RecoverInline(Parser) Token
+	Recover(Parser, RecognitionException)
+	Sync(Parser)
+	InErrorRecoveryMode(Parser) bool
+	ReportError(Parser, RecognitionException)
+	ReportMatch(Parser)
+}
+
+// DefaultErrorStrategy is the default implementation of ANTLRErrorStrategy used for
+// error reporting and recovery in ANTLR parsers.
+type DefaultErrorStrategy struct {
+	errorRecoveryMode bool
+	lastErrorIndex    int
+	lastErrorStates   *IntervalSet
+}
+
+var _ ErrorStrategy = &DefaultErrorStrategy{}
+
+func NewDefaultErrorStrategy() *DefaultErrorStrategy {
+
+	d := new(DefaultErrorStrategy)
+
+	// Indicates whether the error strategy is currently "recovering from an
+	// error". This is used to suppress Reporting multiple error messages while
+	// attempting to recover from a detected syntax error.
+	//
+	// @see //InErrorRecoveryMode
+	//
+	d.errorRecoveryMode = false
+
+	// The index into the input stream where the last error occurred.
+	// This is used to prevent infinite loops where an error is found
+	// but no token is consumed during recovery...another error is found,
+	// ad nauseam. This is a failsafe mechanism to guarantee that at least
+	// one token/tree node is consumed for two errors.
+	//
+	d.lastErrorIndex = -1
+	d.lastErrorStates = nil
+	return d
+}
+
+// <p>The default implementation simply calls {@link //endErrorCondition} to
+// ensure that the handler is not in error recovery mode.</p>
+func (d *DefaultErrorStrategy) reset(recognizer Parser) {
+	d.endErrorCondition(recognizer)
+}
+
+// This method is called to enter error recovery mode when a recognition
+// exception is Reported.
+func (d *DefaultErrorStrategy) beginErrorCondition(_ Parser) {
+	d.errorRecoveryMode = true
+}
+
+func (d *DefaultErrorStrategy) InErrorRecoveryMode(_ Parser) bool {
+	return d.errorRecoveryMode
+}
+
+// This method is called to leave error recovery mode after recovering from
+// a recognition exception.
+func (d *DefaultErrorStrategy) endErrorCondition(_ Parser) {
+	d.errorRecoveryMode = false
+	d.lastErrorStates = nil
+	d.lastErrorIndex = -1
+}
+
+// ReportMatch is the default implementation of error matching and simply calls endErrorCondition.
+func (d *DefaultErrorStrategy) ReportMatch(recognizer Parser) {
+	d.endErrorCondition(recognizer)
+}
+
+// ReportError is the default implementation of error reporting.
+// It returns immediately if the handler is already
+// in error recovery mode. Otherwise, it calls [beginErrorCondition]
+// and dispatches the Reporting task based on the runtime type of e
+// according to the following table.
+//
+//		 [NoViableAltException]     : Dispatches the call to [ReportNoViableAlternative]
+//		 [InputMisMatchException]   : Dispatches the call to [ReportInputMisMatch]
+//	  [FailedPredicateException] : Dispatches the call to [ReportFailedPredicate]
+//	  All other types            : Calls [NotifyErrorListeners] to Report the exception
+func (d *DefaultErrorStrategy) ReportError(recognizer Parser, e RecognitionException) {
+	// if we've already Reported an error and have not Matched a token
+	// yet successfully, don't Report any errors.
+	if d.InErrorRecoveryMode(recognizer) {
+		return // don't Report spurious errors
+	}
+	d.beginErrorCondition(recognizer)
+
+	switch t := e.(type) {
+	default:
+		fmt.Println("unknown recognition error type: " + reflect.TypeOf(e).Name())
+		//            fmt.Println(e.stack)
+		recognizer.NotifyErrorListeners(e.GetMessage(), e.GetOffendingToken(), e)
+	case *NoViableAltException:
+		d.ReportNoViableAlternative(recognizer, t)
+	case *InputMisMatchException:
+		d.ReportInputMisMatch(recognizer, t)
+	case *FailedPredicateException:
+		d.ReportFailedPredicate(recognizer, t)
+	}
+}
+
+// Recover is the default recovery implementation.
+// It reSynchronizes the parser by consuming tokens until we find one in the reSynchronization set -
+// loosely the set of tokens that can follow the current rule.
+func (d *DefaultErrorStrategy) Recover(recognizer Parser, _ RecognitionException) {
+
+	if d.lastErrorIndex == recognizer.GetInputStream().Index() &&
+		d.lastErrorStates != nil && d.lastErrorStates.contains(recognizer.GetState()) {
+		// uh oh, another error at same token index and previously-Visited
+		// state in ATN must be a case where LT(1) is in the recovery
+		// token set so nothing got consumed. Consume a single token
+		// at least to prevent an infinite loop d is a failsafe.
+		recognizer.Consume()
+	}
+	d.lastErrorIndex = recognizer.GetInputStream().Index()
+	if d.lastErrorStates == nil {
+		d.lastErrorStates = NewIntervalSet()
+	}
+	d.lastErrorStates.addOne(recognizer.GetState())
+	followSet := d.GetErrorRecoverySet(recognizer)
+	d.consumeUntil(recognizer, followSet)
+}
+
+// Sync is the default implementation of error strategy synchronization.
+//
+// This Sync makes sure that the current lookahead symbol is consistent with what were expecting
+// at this point in the [ATN]. You can call this anytime but ANTLR only
+// generates code to check before sub-rules/loops and each iteration.
+//
+// Implements [Jim Idle]'s magic Sync mechanism in closures and optional
+// sub-rules. E.g.:
+//
+//	a    : Sync ( stuff Sync )*
+//	Sync : {consume to what can follow Sync}
+//
+// At the start of a sub-rule upon error, Sync performs single
+// token deletion, if possible. If it can't do that, it bails on the current
+// rule and uses the default error recovery, which consumes until the
+// reSynchronization set of the current rule.
+//
+// If the sub-rule is optional
+//
+//	({@code (...)?}, {@code (...)*},
+//
+// or a block with an empty alternative), then the expected set includes what follows
+// the sub-rule.
+//
+// During loop iteration, it consumes until it sees a token that can start a
+// sub-rule or what follows loop. Yes, that is pretty aggressive. We opt to
+// stay in the loop as long as possible.
+//
+// # Origins
+//
+// Previous versions of ANTLR did a poor job of their recovery within loops.
+// A single mismatch token or missing token would force the parser to bail
+// out of the entire rules surrounding the loop. So, for rule:
+//
+//	classfunc : 'class' ID '{' member* '}'
+//
+// input with an extra token between members would force the parser to
+// consume until it found the next class definition rather than the next
+// member definition of the current class.
+//
+// This functionality cost a bit of effort because the parser has to
+// compare the token set at the start of the loop and at each iteration. If for
+// some reason speed is suffering for you, you can turn off this
+// functionality by simply overriding this method as empty:
+//
+//	{ }
+//
+// [Jim Idle]: https://github.com/jimidle
+func (d *DefaultErrorStrategy) Sync(recognizer Parser) {
+	// If already recovering, don't try to Sync
+	if d.InErrorRecoveryMode(recognizer) {
+		return
+	}
+
+	s := recognizer.GetInterpreter().atn.states[recognizer.GetState()]
+	la := recognizer.GetTokenStream().LA(1)
+
+	// try cheaper subset first might get lucky. seems to shave a wee bit off
+	nextTokens := recognizer.GetATN().NextTokens(s, nil)
+	if nextTokens.contains(TokenEpsilon) || nextTokens.contains(la) {
+		return
+	}
+
+	switch s.GetStateType() {
+	case ATNStateBlockStart, ATNStateStarBlockStart, ATNStatePlusBlockStart, ATNStateStarLoopEntry:
+		// Report error and recover if possible
+		if d.SingleTokenDeletion(recognizer) != nil {
+			return
+		}
+		recognizer.SetError(NewInputMisMatchException(recognizer))
+	case ATNStatePlusLoopBack, ATNStateStarLoopBack:
+		d.ReportUnwantedToken(recognizer)
+		expecting := NewIntervalSet()
+		expecting.addSet(recognizer.GetExpectedTokens())
+		whatFollowsLoopIterationOrRule := expecting.addSet(d.GetErrorRecoverySet(recognizer))
+		d.consumeUntil(recognizer, whatFollowsLoopIterationOrRule)
+	default:
+		// do nothing if we can't identify the exact kind of ATN state
+	}
+}
+
+// ReportNoViableAlternative is called by [ReportError] when the exception is a [NoViableAltException].
+//
+// See also [ReportError]
+func (d *DefaultErrorStrategy) ReportNoViableAlternative(recognizer Parser, e *NoViableAltException) {
+	tokens := recognizer.GetTokenStream()
+	var input string
+	if tokens != nil {
+		if e.startToken.GetTokenType() == TokenEOF {
+			input = "<EOF>"
+		} else {
+			input = tokens.GetTextFromTokens(e.startToken, e.offendingToken)
+		}
+	} else {
+		input = "<unknown input>"
+	}
+	msg := "no viable alternative at input " + d.escapeWSAndQuote(input)
+	recognizer.NotifyErrorListeners(msg, e.offendingToken, e)
+}
+
+// ReportInputMisMatch is called by [ReportError] when the exception is an [InputMisMatchException]
+//
+// See also: [ReportError]
+func (d *DefaultErrorStrategy) ReportInputMisMatch(recognizer Parser, e *InputMisMatchException) {
+	msg := "mismatched input " + d.GetTokenErrorDisplay(e.offendingToken) +
+		" expecting " + e.getExpectedTokens().StringVerbose(recognizer.GetLiteralNames(), recognizer.GetSymbolicNames(), false)
+	recognizer.NotifyErrorListeners(msg, e.offendingToken, e)
+}
+
+// ReportFailedPredicate is called by [ReportError] when the exception is a [FailedPredicateException].
+//
+// See also: [ReportError]
+func (d *DefaultErrorStrategy) ReportFailedPredicate(recognizer Parser, e *FailedPredicateException) {
+	ruleName := recognizer.GetRuleNames()[recognizer.GetParserRuleContext().GetRuleIndex()]
+	msg := "rule " + ruleName + " " + e.message
+	recognizer.NotifyErrorListeners(msg, e.offendingToken, e)
+}
+
+// ReportUnwantedToken is called to report a syntax error that requires the removal
+// of a token from the input stream. At the time d method is called, the
+// erroneous symbol is the current LT(1) symbol and has not yet been
+// removed from the input stream. When this method returns,
+// recognizer is in error recovery mode.
+//
+// This method is called when singleTokenDeletion identifies
+// single-token deletion as a viable recovery strategy for a mismatched
+// input error.
+//
+// The default implementation simply returns if the handler is already in
+// error recovery mode. Otherwise, it calls beginErrorCondition to
+// enter error recovery mode, followed by calling
+// [NotifyErrorListeners]
+func (d *DefaultErrorStrategy) ReportUnwantedToken(recognizer Parser) {
+	if d.InErrorRecoveryMode(recognizer) {
+		return
+	}
+	d.beginErrorCondition(recognizer)
+	t := recognizer.GetCurrentToken()
+	tokenName := d.GetTokenErrorDisplay(t)
+	expecting := d.GetExpectedTokens(recognizer)
+	msg := "extraneous input " + tokenName + " expecting " +
+		expecting.StringVerbose(recognizer.GetLiteralNames(), recognizer.GetSymbolicNames(), false)
+	recognizer.NotifyErrorListeners(msg, t, nil)
+}
+
+// ReportMissingToken is called to report a syntax error which requires the
+// insertion of a missing token into the input stream. At the time this
+// method is called, the missing token has not yet been inserted. When this
+// method returns, recognizer is in error recovery mode.
+//
+// This method is called when singleTokenInsertion identifies
+// single-token insertion as a viable recovery strategy for a mismatched
+// input error.
+//
+// The default implementation simply returns if the handler is already in
+// error recovery mode. Otherwise, it calls beginErrorCondition to
+// enter error recovery mode, followed by calling [NotifyErrorListeners]
+func (d *DefaultErrorStrategy) ReportMissingToken(recognizer Parser) {
+	if d.InErrorRecoveryMode(recognizer) {
+		return
+	}
+	d.beginErrorCondition(recognizer)
+	t := recognizer.GetCurrentToken()
+	expecting := d.GetExpectedTokens(recognizer)
+	msg := "missing " + expecting.StringVerbose(recognizer.GetLiteralNames(), recognizer.GetSymbolicNames(), false) +
+		" at " + d.GetTokenErrorDisplay(t)
+	recognizer.NotifyErrorListeners(msg, t, nil)
+}
+
+// The RecoverInline default implementation attempts to recover from the mismatched input
+// by using single token insertion and deletion as described below. If the
+// recovery attempt fails, this method panics with [InputMisMatchException}.
+// TODO: Not sure that panic() is the right thing to do here - JI
+//
+// # EXTRA TOKEN (single token deletion)
+//
+// LA(1) is not what we are looking for. If LA(2) has the
+// right token, however, then assume LA(1) is some extra spurious
+// token and delete it. Then consume and return the next token (which was
+// the LA(2) token) as the successful result of the Match operation.
+//
+// # This recovery strategy is implemented by singleTokenDeletion
+//
+// # MISSING TOKEN (single token insertion)
+//
+// If current token  -at LA(1) - is consistent with what could come
+// after the expected LA(1) token, then assume the token is missing
+// and use the parser's [TokenFactory] to create it on the fly. The
+// “insertion” is performed by returning the created token as the successful
+// result of the Match operation.
+//
+// This recovery strategy is implemented by [SingleTokenInsertion].
+//
+// # Example
+//
+// For example, Input i=(3 is clearly missing the ')'. When
+// the parser returns from the nested call to expr, it will have
+// call the chain:
+//
+//	stat → expr → atom
+//
+// and it will be trying to Match the ')' at this point in the
+// derivation:
+//
+//	  : ID '=' '(' INT ')' ('+' atom)* ';'
+//		                ^
+//
+// The attempt to [Match] ')' will fail when it sees ';' and
+// call [RecoverInline]. To recover, it sees that LA(1)==';'
+// is in the set of tokens that can follow the ')' token reference
+// in rule atom. It can assume that you forgot the ')'.
+func (d *DefaultErrorStrategy) RecoverInline(recognizer Parser) Token {
+	// SINGLE TOKEN DELETION
+	MatchedSymbol := d.SingleTokenDeletion(recognizer)
+	if MatchedSymbol != nil {
+		// we have deleted the extra token.
+		// now, move past ttype token as if all were ok
+		recognizer.Consume()
+		return MatchedSymbol
+	}
+	// SINGLE TOKEN INSERTION
+	if d.SingleTokenInsertion(recognizer) {
+		return d.GetMissingSymbol(recognizer)
+	}
+	// even that didn't work must panic the exception
+	recognizer.SetError(NewInputMisMatchException(recognizer))
+	return nil
+}
+
+// SingleTokenInsertion implements the single-token insertion inline error recovery
+// strategy. It is called by [RecoverInline] if the single-token
+// deletion strategy fails to recover from the mismatched input. If this
+// method returns {@code true}, {@code recognizer} will be in error recovery
+// mode.
+//
+// This method determines whether single-token insertion is viable by
+// checking if the LA(1) input symbol could be successfully Matched
+// if it were instead the LA(2) symbol. If this method returns
+// {@code true}, the caller is responsible for creating and inserting a
+// token with the correct type to produce this behavior.</p>
+//
+// This func returns true if single-token insertion is a viable recovery
+// strategy for the current mismatched input.
+func (d *DefaultErrorStrategy) SingleTokenInsertion(recognizer Parser) bool {
+	currentSymbolType := recognizer.GetTokenStream().LA(1)
+	// if current token is consistent with what could come after current
+	// ATN state, then we know we're missing a token error recovery
+	// is free to conjure up and insert the missing token
+	atn := recognizer.GetInterpreter().atn
+	currentState := atn.states[recognizer.GetState()]
+	next := currentState.GetTransitions()[0].getTarget()
+	expectingAtLL2 := atn.NextTokens(next, recognizer.GetParserRuleContext())
+	if expectingAtLL2.contains(currentSymbolType) {
+		d.ReportMissingToken(recognizer)
+		return true
+	}
+
+	return false
+}
+
+// SingleTokenDeletion implements the single-token deletion inline error recovery
+// strategy. It is called by [RecoverInline] to attempt to recover
+// from mismatched input. If this method returns nil, the parser and error
+// handler state will not have changed. If this method returns non-nil,
+// recognizer will not be in error recovery mode since the
+// returned token was a successful Match.
+//
+// If the single-token deletion is successful, this method calls
+// [ReportUnwantedToken] to Report the error, followed by
+// [Consume] to actually “delete” the extraneous token. Then,
+// before returning, [ReportMatch] is called to signal a successful
+// Match.
+//
+// The func returns the successfully Matched [Token] instance if single-token
+// deletion successfully recovers from the mismatched input, otherwise nil.
+func (d *DefaultErrorStrategy) SingleTokenDeletion(recognizer Parser) Token {
+	NextTokenType := recognizer.GetTokenStream().LA(2)
+	expecting := d.GetExpectedTokens(recognizer)
+	if expecting.contains(NextTokenType) {
+		d.ReportUnwantedToken(recognizer)
+		// print("recoverFromMisMatchedToken deleting " \
+		// + str(recognizer.GetTokenStream().LT(1)) \
+		// + " since " + str(recognizer.GetTokenStream().LT(2)) \
+		// + " is what we want", file=sys.stderr)
+		recognizer.Consume() // simply delete extra token
+		// we want to return the token we're actually Matching
+		MatchedSymbol := recognizer.GetCurrentToken()
+		d.ReportMatch(recognizer) // we know current token is correct
+		return MatchedSymbol
+	}
+
+	return nil
+}
+
+// GetMissingSymbol conjures up a missing token during error recovery.
+//
+// The recognizer attempts to recover from single missing
+// symbols. But, actions might refer to that missing symbol.
+// For example:
+//
+//	x=ID {f($x)}.
+//
+// The action clearly assumes
+// that there has been an identifier Matched previously and that
+// $x points at that token. If that token is missing, but
+// the next token in the stream is what we want we assume that
+// this token is missing, and we keep going. Because we
+// have to return some token to replace the missing token,
+// we have to conjure one up. This method gives the user control
+// over the tokens returned for missing tokens. Mostly,
+// you will want to create something special for identifier
+// tokens. For literals such as '{' and ',', the default
+// action in the parser or tree parser works. It simply creates
+// a [CommonToken] of the appropriate type. The text will be the token name.
+// If you need to change which tokens must be created by the lexer,
+// override this method to create the appropriate tokens.
+func (d *DefaultErrorStrategy) GetMissingSymbol(recognizer Parser) Token {
+	currentSymbol := recognizer.GetCurrentToken()
+	expecting := d.GetExpectedTokens(recognizer)
+	expectedTokenType := expecting.first()
+	var tokenText string
+
+	if expectedTokenType == TokenEOF {
+		tokenText = "<missing EOF>"
+	} else {
+		ln := recognizer.GetLiteralNames()
+		if expectedTokenType > 0 && expectedTokenType < len(ln) {
+			tokenText = "<missing " + recognizer.GetLiteralNames()[expectedTokenType] + ">"
+		} else {
+			tokenText = "<missing undefined>" // TODO: matches the JS impl
+		}
+	}
+	current := currentSymbol
+	lookback := recognizer.GetTokenStream().LT(-1)
+	if current.GetTokenType() == TokenEOF && lookback != nil {
+		current = lookback
+	}
+
+	tf := recognizer.GetTokenFactory()
+
+	return tf.Create(current.GetSource(), expectedTokenType, tokenText, TokenDefaultChannel, -1, -1, current.GetLine(), current.GetColumn())
+}
+
+func (d *DefaultErrorStrategy) GetExpectedTokens(recognizer Parser) *IntervalSet {
+	return recognizer.GetExpectedTokens()
+}
+
+// GetTokenErrorDisplay determines how  a token should be displayed in an error message.
+// The default is to display just the text, but during development you might
+// want to have a lot of information spit out. Override this func in that case
+// to use t.String() (which, for [CommonToken], dumps everything about
+// the token). This is better than forcing you to override a method in
+// your token objects because you don't have to go modify your lexer
+// so that it creates a new type.
+func (d *DefaultErrorStrategy) GetTokenErrorDisplay(t Token) string {
+	if t == nil {
+		return "<no token>"
+	}
+	s := t.GetText()
+	if s == "" {
+		if t.GetTokenType() == TokenEOF {
+			s = "<EOF>"
+		} else {
+			s = "<" + strconv.Itoa(t.GetTokenType()) + ">"
+		}
+	}
+	return d.escapeWSAndQuote(s)
+}
+
+func (d *DefaultErrorStrategy) escapeWSAndQuote(s string) string {
+	s = strings.Replace(s, "\t", "\\t", -1)
+	s = strings.Replace(s, "\n", "\\n", -1)
+	s = strings.Replace(s, "\r", "\\r", -1)
+	return "'" + s + "'"
+}
+
+// GetErrorRecoverySet computes the error recovery set for the current rule. During
+// rule invocation, the parser pushes the set of tokens that can
+// follow that rule reference on the stack. This amounts to
+// computing FIRST of what follows the rule reference in the
+// enclosing rule. See LinearApproximator.FIRST().
+//
+// This local follow set only includes tokens
+// from within the rule i.e., the FIRST computation done by
+// ANTLR stops at the end of a rule.
+//
+// # Example
+//
+// When you find a "no viable alt exception", the input is not
+// consistent with any of the alternatives for rule r. The best
+// thing to do is to consume tokens until you see something that
+// can legally follow a call to r or any rule that called r.
+// You don't want the exact set of viable next tokens because the
+// input might just be missing a token--you might consume the
+// rest of the input looking for one of the missing tokens.
+//
+// Consider the grammar:
+//
+//		a : '[' b ']'
+//		  | '(' b ')'
+//		  ;
+//
+//		b : c '^' INT
+//	      ;
+//
+//		c : ID
+//		  | INT
+//		  ;
+//
+// At each rule invocation, the set of tokens that could follow
+// that rule is pushed on a stack. Here are the various
+// context-sensitive follow sets:
+//
+//	FOLLOW(b1_in_a) = FIRST(']') = ']'
+//	FOLLOW(b2_in_a) = FIRST(')') = ')'
+//	FOLLOW(c_in_b)  = FIRST('^') = '^'
+//
+// Upon erroneous input “[]”, the call chain is
+//
+//	a → b → c
+//
+// and, hence, the follow context stack is:
+//
+//	Depth Follow set   Start of rule execution
+//	  0   <EOF>        a (from main())
+//	  1   ']'          b
+//	  2   '^'          c
+//
+// Notice that ')' is not included, because b would have to have
+// been called from a different context in rule a for ')' to be
+// included.
+//
+// For error recovery, we cannot consider FOLLOW(c)
+// (context-sensitive or otherwise). We need the combined set of
+// all context-sensitive FOLLOW sets - the set of all tokens that
+// could follow any reference in the call chain. We need to
+// reSync to one of those tokens. Note that FOLLOW(c)='^' and if
+// we reSync'd to that token, we'd consume until EOF. We need to
+// Sync to context-sensitive FOLLOWs for a, b, and c:
+//
+//	{']','^'}
+//
+// In this case, for input "[]", LA(1) is ']' and in the set, so we would
+// not consume anything. After printing an error, rule c would
+// return normally. Rule b would not find the required '^' though.
+// At this point, it gets a mismatched token error and panics an
+// exception (since LA(1) is not in the viable following token
+// set). The rule exception handler tries to recover, but finds
+// the same recovery set and doesn't consume anything. Rule b
+// exits normally returning to rule a. Now it finds the ']' (and
+// with the successful Match exits errorRecovery mode).
+//
+// So, you can see that the parser walks up the call chain looking
+// for the token that was a member of the recovery set.
+//
+// Errors are not generated in errorRecovery mode.
+//
+// ANTLR's error recovery mechanism is based upon original ideas:
+//
+// [Algorithms + Data Structures = Programs] by Niklaus Wirth and
+// [A note on error recovery in recursive descent parsers].
+//
+// Later, Josef Grosch had some good ideas in [Efficient and Comfortable Error Recovery in Recursive Descent
+// Parsers]
+//
+// Like Grosch I implement context-sensitive FOLLOW sets that are combined  at run-time upon error to avoid overhead
+// during parsing. Later, the runtime Sync was improved for loops/sub-rules see [Sync] docs
+//
+// [A note on error recovery in recursive descent parsers]: http://portal.acm.org/citation.cfm?id=947902.947905
+// [Algorithms + Data Structures = Programs]: https://t.ly/5QzgE
+// [Efficient and Comfortable Error Recovery in Recursive Descent Parsers]: ftp://www.cocolab.com/products/cocktail/doca4.ps/ell.ps.zip
+func (d *DefaultErrorStrategy) GetErrorRecoverySet(recognizer Parser) *IntervalSet {
+	atn := recognizer.GetInterpreter().atn
+	ctx := recognizer.GetParserRuleContext()
+	recoverSet := NewIntervalSet()
+	for ctx != nil && ctx.GetInvokingState() >= 0 {
+		// compute what follows who invoked us
+		invokingState := atn.states[ctx.GetInvokingState()]
+		rt := invokingState.GetTransitions()[0]
+		follow := atn.NextTokens(rt.(*RuleTransition).followState, nil)
+		recoverSet.addSet(follow)
+		ctx = ctx.GetParent().(ParserRuleContext)
+	}
+	recoverSet.removeOne(TokenEpsilon)
+	return recoverSet
+}
+
+// Consume tokens until one Matches the given token set.//
+func (d *DefaultErrorStrategy) consumeUntil(recognizer Parser, set *IntervalSet) {
+	ttype := recognizer.GetTokenStream().LA(1)
+	for ttype != TokenEOF && !set.contains(ttype) {
+		recognizer.Consume()
+		ttype = recognizer.GetTokenStream().LA(1)
+	}
+}
+
+// The BailErrorStrategy implementation of ANTLRErrorStrategy responds to syntax errors
+// by immediately canceling the parse operation with a
+// [ParseCancellationException]. The implementation ensures that the
+// [ParserRuleContext//exception] field is set for all parse tree nodes
+// that were not completed prior to encountering the error.
+//
+// This error strategy is useful in the following scenarios.
+//
+//   - Two-stage parsing: This error strategy allows the first
+//     stage of two-stage parsing to immediately terminate if an error is
+//     encountered, and immediately fall back to the second stage. In addition to
+//     avoiding wasted work by attempting to recover from errors here, the empty
+//     implementation of [BailErrorStrategy.Sync] improves the performance of
+//     the first stage.
+//
+//   - Silent validation: When syntax errors are not being
+//     Reported or logged, and the parse result is simply ignored if errors occur,
+//     the [BailErrorStrategy] avoids wasting work on recovering from errors
+//     when the result will be ignored either way.
+//
+//     myparser.SetErrorHandler(NewBailErrorStrategy())
+//
+// See also: [Parser.SetErrorHandler(ANTLRErrorStrategy)]
+type BailErrorStrategy struct {
+	*DefaultErrorStrategy
+}
+
+var _ ErrorStrategy = &BailErrorStrategy{}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewBailErrorStrategy() *BailErrorStrategy {
+
+	b := new(BailErrorStrategy)
+
+	b.DefaultErrorStrategy = NewDefaultErrorStrategy()
+
+	return b
+}
+
+// Recover Instead of recovering from exception e, re-panic it wrapped
+// in a [ParseCancellationException] so it is not caught by the
+// rule func catches. Use Exception.GetCause() to get the
+// original [RecognitionException].
+func (b *BailErrorStrategy) Recover(recognizer Parser, e RecognitionException) {
+	context := recognizer.GetParserRuleContext()
+	for context != nil {
+		context.SetException(e)
+		if parent, ok := context.GetParent().(ParserRuleContext); ok {
+			context = parent
+		} else {
+			context = nil
+		}
+	}
+	recognizer.SetError(NewParseCancellationException()) // TODO: we don't emit e properly
+}
+
+// RecoverInline makes sure we don't attempt to recover inline if the parser
+// successfully recovers, it won't panic an exception.
+func (b *BailErrorStrategy) RecoverInline(recognizer Parser) Token {
+	b.Recover(recognizer, NewInputMisMatchException(recognizer))
+
+	return nil
+}
+
+// Sync makes sure we don't attempt to recover from problems in sub-rules.
+func (b *BailErrorStrategy) Sync(_ Parser) {
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/errors.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/errors.go
@ -0,0 +1,259 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+// The root of the ANTLR exception hierarchy. In general, ANTLR tracks just
+//  3 kinds of errors: prediction errors, failed predicate errors, and
+//  mismatched input errors. In each case, the parser knows where it is
+//  in the input, where it is in the ATN, the rule invocation stack,
+//  and what kind of problem occurred.
+
+type RecognitionException interface {
+	GetOffendingToken() Token
+	GetMessage() string
+	GetInputStream() IntStream
+}
+
+type BaseRecognitionException struct {
+	message        string
+	recognizer     Recognizer
+	offendingToken Token
+	offendingState int
+	ctx            RuleContext
+	input          IntStream
+}
+
+func NewBaseRecognitionException(message string, recognizer Recognizer, input IntStream, ctx RuleContext) *BaseRecognitionException {
+
+	// todo
+	//	Error.call(this)
+	//
+	//	if (!!Error.captureStackTrace) {
+	//        Error.captureStackTrace(this, RecognitionException)
+	//	} else {
+	//		stack := NewError().stack
+	//	}
+	// TODO: may be able to use - "runtime" func Stack(buf []byte, all bool) int
+
+	t := new(BaseRecognitionException)
+
+	t.message = message
+	t.recognizer = recognizer
+	t.input = input
+	t.ctx = ctx
+
+	// The current Token when an error occurred. Since not all streams
+	// support accessing symbols by index, we have to track the {@link Token}
+	// instance itself.
+	//
+	t.offendingToken = nil
+
+	// Get the ATN state number the parser was in at the time the error
+	// occurred. For NoViableAltException and LexerNoViableAltException exceptions, this is the
+	// DecisionState number. For others, it is the state whose outgoing edge we couldn't Match.
+	//
+	t.offendingState = -1
+	if t.recognizer != nil {
+		t.offendingState = t.recognizer.GetState()
+	}
+
+	return t
+}
+
+func (b *BaseRecognitionException) GetMessage() string {
+	return b.message
+}
+
+func (b *BaseRecognitionException) GetOffendingToken() Token {
+	return b.offendingToken
+}
+
+func (b *BaseRecognitionException) GetInputStream() IntStream {
+	return b.input
+}
+
+// <p>If the state number is not known, b method returns -1.</p>
+
+// getExpectedTokens gets the set of input symbols which could potentially follow the
+// previously Matched symbol at the time this exception was raised.
+//
+// If the set of expected tokens is not known and could not be computed,
+// this method returns nil.
+//
+// The func returns the set of token types that could potentially follow the current
+// state in the {ATN}, or nil if the information is not available.
+
+func (b *BaseRecognitionException) getExpectedTokens() *IntervalSet {
+	if b.recognizer != nil {
+		return b.recognizer.GetATN().getExpectedTokens(b.offendingState, b.ctx)
+	}
+
+	return nil
+}
+
+func (b *BaseRecognitionException) String() string {
+	return b.message
+}
+
+type LexerNoViableAltException struct {
+	*BaseRecognitionException
+
+	startIndex     int
+	deadEndConfigs *ATNConfigSet
+}
+
+func NewLexerNoViableAltException(lexer Lexer, input CharStream, startIndex int, deadEndConfigs *ATNConfigSet) *LexerNoViableAltException {
+
+	l := new(LexerNoViableAltException)
+
+	l.BaseRecognitionException = NewBaseRecognitionException("", lexer, input, nil)
+
+	l.startIndex = startIndex
+	l.deadEndConfigs = deadEndConfigs
+
+	return l
+}
+
+func (l *LexerNoViableAltException) String() string {
+	symbol := ""
+	if l.startIndex >= 0 && l.startIndex < l.input.Size() {
+		symbol = l.input.(CharStream).GetTextFromInterval(NewInterval(l.startIndex, l.startIndex))
+	}
+	return "LexerNoViableAltException" + symbol
+}
+
+type NoViableAltException struct {
+	*BaseRecognitionException
+
+	startToken     Token
+	offendingToken Token
+	ctx            ParserRuleContext
+	deadEndConfigs *ATNConfigSet
+}
+
+// NewNoViableAltException creates an exception indicating that the parser could not decide which of two or more paths
+// to take based upon the remaining input. It tracks the starting token
+// of the offending input and also knows where the parser was
+// in the various paths when the error.
+//
+// Reported by [ReportNoViableAlternative]
+func NewNoViableAltException(recognizer Parser, input TokenStream, startToken Token, offendingToken Token, deadEndConfigs *ATNConfigSet, ctx ParserRuleContext) *NoViableAltException {
+
+	if ctx == nil {
+		ctx = recognizer.GetParserRuleContext()
+	}
+
+	if offendingToken == nil {
+		offendingToken = recognizer.GetCurrentToken()
+	}
+
+	if startToken == nil {
+		startToken = recognizer.GetCurrentToken()
+	}
+
+	if input == nil {
+		input = recognizer.GetInputStream().(TokenStream)
+	}
+
+	n := new(NoViableAltException)
+	n.BaseRecognitionException = NewBaseRecognitionException("", recognizer, input, ctx)
+
+	// Which configurations did we try at input.Index() that couldn't Match
+	// input.LT(1)
+	n.deadEndConfigs = deadEndConfigs
+
+	// The token object at the start index the input stream might
+	// not be buffering tokens so get a reference to it.
+	//
+	// At the time the error occurred, of course the stream needs to keep a
+	// buffer of all the tokens, but later we might not have access to those.
+	n.startToken = startToken
+	n.offendingToken = offendingToken
+
+	return n
+}
+
+type InputMisMatchException struct {
+	*BaseRecognitionException
+}
+
+// NewInputMisMatchException creates an exception that signifies any kind of mismatched input exceptions such as
+// when the current input does not Match the expected token.
+func NewInputMisMatchException(recognizer Parser) *InputMisMatchException {
+
+	i := new(InputMisMatchException)
+	i.BaseRecognitionException = NewBaseRecognitionException("", recognizer, recognizer.GetInputStream(), recognizer.GetParserRuleContext())
+
+	i.offendingToken = recognizer.GetCurrentToken()
+
+	return i
+
+}
+
+// FailedPredicateException indicates that a semantic predicate failed during validation. Validation of predicates
+// occurs when normally parsing the alternative just like Matching a token.
+// Disambiguating predicate evaluation occurs when we test a predicate during
+// prediction.
+type FailedPredicateException struct {
+	*BaseRecognitionException
+
+	ruleIndex      int
+	predicateIndex int
+	predicate      string
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewFailedPredicateException(recognizer Parser, predicate string, message string) *FailedPredicateException {
+
+	f := new(FailedPredicateException)
+
+	f.BaseRecognitionException = NewBaseRecognitionException(f.formatMessage(predicate, message), recognizer, recognizer.GetInputStream(), recognizer.GetParserRuleContext())
+
+	s := recognizer.GetInterpreter().atn.states[recognizer.GetState()]
+	trans := s.GetTransitions()[0]
+	if trans2, ok := trans.(*PredicateTransition); ok {
+		f.ruleIndex = trans2.ruleIndex
+		f.predicateIndex = trans2.predIndex
+	} else {
+		f.ruleIndex = 0
+		f.predicateIndex = 0
+	}
+	f.predicate = predicate
+	f.offendingToken = recognizer.GetCurrentToken()
+
+	return f
+}
+
+func (f *FailedPredicateException) formatMessage(predicate, message string) string {
+	if message != "" {
+		return message
+	}
+
+	return "failed predicate: {" + predicate + "}?"
+}
+
+type ParseCancellationException struct {
+}
+
+func (p ParseCancellationException) GetOffendingToken() Token {
+	//TODO implement me
+	panic("implement me")
+}
+
+func (p ParseCancellationException) GetMessage() string {
+	//TODO implement me
+	panic("implement me")
+}
+
+func (p ParseCancellationException) GetInputStream() IntStream {
+	//TODO implement me
+	panic("implement me")
+}
+
+func NewParseCancellationException() *ParseCancellationException {
+	//	Error.call(this)
+	//	Error.captureStackTrace(this, ParseCancellationException)
+	return new(ParseCancellationException)
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/file_stream.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/file_stream.go
@ -0,0 +1,67 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"bufio"
+	"os"
+)
+
+//  This is an InputStream that is loaded from a file all at once
+//  when you construct the object.
+
+type FileStream struct {
+	InputStream
+	filename string
+}
+
+//goland:noinspection GoUnusedExportedFunction
+func NewFileStream(fileName string) (*FileStream, error) {
+
+	f, err := os.Open(fileName)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func(f *os.File) {
+		errF := f.Close()
+		if errF != nil {
+		}
+	}(f)
+
+	reader := bufio.NewReader(f)
+	fInfo, err := f.Stat()
+	if err != nil {
+		return nil, err
+	}
+
+	fs := &FileStream{
+		InputStream: InputStream{
+			index: 0,
+			name:  fileName,
+		},
+		filename: fileName,
+	}
+
+	// Pre-build the buffer and read runes efficiently
+	//
+	fs.data = make([]rune, 0, fInfo.Size())
+	for {
+		r, _, err := reader.ReadRune()
+		if err != nil {
+			break
+		}
+		fs.data = append(fs.data, r)
+	}
+	fs.size = len(fs.data) // Size in runes
+
+	// All done.
+	//
+	return fs, nil
+}
+
+func (f *FileStream) GetSourceName() string {
+	return f.filename
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/input_stream.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/input_stream.go
@ -0,0 +1,157 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"bufio"
+	"io"
+)
+
+type InputStream struct {
+	name  string
+	index int
+	data  []rune
+	size  int
+}
+
+// NewIoStream creates a new input stream from the given io.Reader reader.
+// Note that the reader is read completely into memory and so it must actually
+// have a stopping point - you cannot pass in a reader on an open-ended source such
+// as a socket for instance.
+func NewIoStream(reader io.Reader) *InputStream {
+
+	rReader := bufio.NewReader(reader)
+
+	is := &InputStream{
+		name:  "<empty>",
+		index: 0,
+	}
+
+	// Pre-build the buffer and read runes reasonably efficiently given that
+	// we don't exactly know how big the input is.
+	//
+	is.data = make([]rune, 0, 512)
+	for {
+		r, _, err := rReader.ReadRune()
+		if err != nil {
+			break
+		}
+		is.data = append(is.data, r)
+	}
+	is.size = len(is.data) // number of runes
+	return is
+}
+
+// NewInputStream creates a new input stream from the given string
+func NewInputStream(data string) *InputStream {
+
+	is := &InputStream{
+		name:  "<empty>",
+		index: 0,
+		data:  []rune(data), // This is actually the most efficient way
+	}
+	is.size = len(is.data) // number of runes, but we could also use len(data), which is efficient too
+	return is
+}
+
+func (is *InputStream) reset() {
+	is.index = 0
+}
+
+// Consume moves the input pointer to the next character in the input stream
+func (is *InputStream) Consume() {
+	if is.index >= is.size {
+		// assert is.LA(1) == TokenEOF
+		panic("cannot consume EOF")
+	}
+	is.index++
+}
+
+// LA returns the character at the given offset from the start of the input stream
+func (is *InputStream) LA(offset int) int {
+
+	if offset == 0 {
+		return 0 // nil
+	}
+	if offset < 0 {
+		offset++ // e.g., translate LA(-1) to use offset=0
+	}
+	pos := is.index + offset - 1
+
+	if pos < 0 || pos >= is.size { // invalid
+		return TokenEOF
+	}
+
+	return int(is.data[pos])
+}
+
+// LT returns the character at the given offset from the start of the input stream
+func (is *InputStream) LT(offset int) int {
+	return is.LA(offset)
+}
+
+// Index returns the current offset in to the input stream
+func (is *InputStream) Index() int {
+	return is.index
+}
+
+// Size returns the total number of characters in the input stream
+func (is *InputStream) Size() int {
+	return is.size
+}
+
+// Mark does nothing here as we have entire buffer
+func (is *InputStream) Mark() int {
+	return -1
+}
+
+// Release does nothing here as we have entire buffer
+func (is *InputStream) Release(_ int) {
+}
+
+// Seek the input point to the provided index offset
+func (is *InputStream) Seek(index int) {
+	if index <= is.index {
+		is.index = index // just jump don't update stream state (line,...)
+		return
+	}
+	// seek forward
+	is.index = intMin(index, is.size)
+}
+
+// GetText returns the text from the input stream from the start to the stop index
+func (is *InputStream) GetText(start int, stop int) string {
+	if stop >= is.size {
+		stop = is.size - 1
+	}
+	if start >= is.size {
+		return ""
+	}
+
+	return string(is.data[start : stop+1])
+}
+
+// GetTextFromTokens returns the text from the input stream from the first character of the start token to the last
+// character of the stop token
+func (is *InputStream) GetTextFromTokens(start, stop Token) string {
+	if start != nil && stop != nil {
+		return is.GetTextFromInterval(NewInterval(start.GetTokenIndex(), stop.GetTokenIndex()))
+	}
+
+	return ""
+}
+
+func (is *InputStream) GetTextFromInterval(i Interval) string {
+	return is.GetText(i.Start, i.Stop)
+}
+
+func (*InputStream) GetSourceName() string {
+	return ""
+}
+
+// String returns the entire input stream as a string
+func (is *InputStream) String() string {
+	return string(is.data)
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/int_stream.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/int_stream.go
@ -0,0 +1,16 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+type IntStream interface {
+	Consume()
+	LA(int) int
+	Mark() int
+	Release(marker int)
+	Index() int
+	Seek(index int)
+	Size() int
+	GetSourceName() string
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/interval_set.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/interval_set.go
@ -0,0 +1,330 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"strconv"
+	"strings"
+)
+
+type Interval struct {
+	Start int
+	Stop  int
+}
+
+// NewInterval creates a new interval with the given start and stop values.
+func NewInterval(start, stop int) Interval {
+	return Interval{
+		Start: start,
+		Stop:  stop,
+	}
+}
+
+// Contains returns true if the given item is contained within the interval.
+func (i Interval) Contains(item int) bool {
+	return item >= i.Start && item < i.Stop
+}
+
+// String generates a string representation of the interval.
+func (i Interval) String() string {
+	if i.Start == i.Stop-1 {
+		return strconv.Itoa(i.Start)
+	}
+
+	return strconv.Itoa(i.Start) + ".." + strconv.Itoa(i.Stop-1)
+}
+
+// Length returns the length of the interval.
+func (i Interval) Length() int {
+	return i.Stop - i.Start
+}
+
+// IntervalSet represents a collection of [Intervals], which may be read-only.
+type IntervalSet struct {
+	intervals []Interval
+	readOnly  bool
+}
+
+// NewIntervalSet creates a new empty, writable, interval set.
+func NewIntervalSet() *IntervalSet {
+
+	i := new(IntervalSet)
+
+	i.intervals = nil
+	i.readOnly = false
+
+	return i
+}
+
+func (i *IntervalSet) Equals(other *IntervalSet) bool {
+	if len(i.intervals) != len(other.intervals) {
+		return false
+	}
+
+	for k, v := range i.intervals {
+		if v.Start != other.intervals[k].Start || v.Stop != other.intervals[k].Stop {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (i *IntervalSet) first() int {
+	if len(i.intervals) == 0 {
+		return TokenInvalidType
+	}
+
+	return i.intervals[0].Start
+}
+
+func (i *IntervalSet) addOne(v int) {
+	i.addInterval(NewInterval(v, v+1))
+}
+
+func (i *IntervalSet) addRange(l, h int) {
+	i.addInterval(NewInterval(l, h+1))
+}
+
+func (i *IntervalSet) addInterval(v Interval) {
+	if i.intervals == nil {
+		i.intervals = make([]Interval, 0)
+		i.intervals = append(i.intervals, v)
+	} else {
+		// find insert pos
+		for k, interval := range i.intervals {
+			// distinct range -> insert
+			if v.Stop < interval.Start {
+				i.intervals = append(i.intervals[0:k], append([]Interval{v}, i.intervals[k:]...)...)
+				return
+			} else if v.Stop == interval.Start {
+				i.intervals[k].Start = v.Start
+				return
+			} else if v.Start <= interval.Stop {
+				i.intervals[k] = NewInterval(intMin(interval.Start, v.Start), intMax(interval.Stop, v.Stop))
+
+				// if not applying to end, merge potential overlaps
+				if k < len(i.intervals)-1 {
+					l := i.intervals[k]
+					r := i.intervals[k+1]
+					// if r contained in l
+					if l.Stop >= r.Stop {
+						i.intervals = append(i.intervals[0:k+1], i.intervals[k+2:]...)
+					} else if l.Stop >= r.Start { // partial overlap
+						i.intervals[k] = NewInterval(l.Start, r.Stop)
+						i.intervals = append(i.intervals[0:k+1], i.intervals[k+2:]...)
+					}
+				}
+				return
+			}
+		}
+		// greater than any exiting
+		i.intervals = append(i.intervals, v)
+	}
+}
+
+func (i *IntervalSet) addSet(other *IntervalSet) *IntervalSet {
+	if other.intervals != nil {
+		for k := 0; k < len(other.intervals); k++ {
+			i2 := other.intervals[k]
+			i.addInterval(NewInterval(i2.Start, i2.Stop))
+		}
+	}
+	return i
+}
+
+func (i *IntervalSet) complement(start int, stop int) *IntervalSet {
+	result := NewIntervalSet()
+	result.addInterval(NewInterval(start, stop+1))
+	for j := 0; j < len(i.intervals); j++ {
+		result.removeRange(i.intervals[j])
+	}
+	return result
+}
+
+func (i *IntervalSet) contains(item int) bool {
+	if i.intervals == nil {
+		return false
+	}
+	for k := 0; k < len(i.intervals); k++ {
+		if i.intervals[k].Contains(item) {
+			return true
+		}
+	}
+	return false
+}
+
+func (i *IntervalSet) length() int {
+	iLen := 0
+
+	for _, v := range i.intervals {
+		iLen += v.Length()
+	}
+
+	return iLen
+}
+
+func (i *IntervalSet) removeRange(v Interval) {
+	if v.Start == v.Stop-1 {
+		i.removeOne(v.Start)
+	} else if i.intervals != nil {
+		k := 0
+		for n := 0; n < len(i.intervals); n++ {
+			ni := i.intervals[k]
+			// intervals are ordered
+			if v.Stop <= ni.Start {
+				return
+			} else if v.Start > ni.Start && v.Stop < ni.Stop {
+				i.intervals[k] = NewInterval(ni.Start, v.Start)
+				x := NewInterval(v.Stop, ni.Stop)
+				// i.intervals.splice(k, 0, x)
+				i.intervals = append(i.intervals[0:k], append([]Interval{x}, i.intervals[k:]...)...)
+				return
+			} else if v.Start <= ni.Start && v.Stop >= ni.Stop {
+				//                i.intervals.splice(k, 1)
+				i.intervals = append(i.intervals[0:k], i.intervals[k+1:]...)
+				k = k - 1 // need another pass
+			} else if v.Start < ni.Stop {
+				i.intervals[k] = NewInterval(ni.Start, v.Start)
+			} else if v.Stop < ni.Stop {
+				i.intervals[k] = NewInterval(v.Stop, ni.Stop)
+			}
+			k++
+		}
+	}
+}
+
+func (i *IntervalSet) removeOne(v int) {
+	if i.intervals != nil {
+		for k := 0; k < len(i.intervals); k++ {
+			ki := i.intervals[k]
+			// intervals i ordered
+			if v < ki.Start {
+				return
+			} else if v == ki.Start && v == ki.Stop-1 {
+				//				i.intervals.splice(k, 1)
+				i.intervals = append(i.intervals[0:k], i.intervals[k+1:]...)
+				return
+			} else if v == ki.Start {
+				i.intervals[k] = NewInterval(ki.Start+1, ki.Stop)
+				return
+			} else if v == ki.Stop-1 {
+				i.intervals[k] = NewInterval(ki.Start, ki.Stop-1)
+				return
+			} else if v < ki.Stop-1 {
+				x := NewInterval(ki.Start, v)
+				ki.Start = v + 1
+				//				i.intervals.splice(k, 0, x)
+				i.intervals = append(i.intervals[0:k], append([]Interval{x}, i.intervals[k:]...)...)
+				return
+			}
+		}
+	}
+}
+
+func (i *IntervalSet) String() string {
+	return i.StringVerbose(nil, nil, false)
+}
+
+func (i *IntervalSet) StringVerbose(literalNames []string, symbolicNames []string, elemsAreChar bool) string {
+
+	if i.intervals == nil {
+		return "{}"
+	} else if literalNames != nil || symbolicNames != nil {
+		return i.toTokenString(literalNames, symbolicNames)
+	} else if elemsAreChar {
+		return i.toCharString()
+	}
+
+	return i.toIndexString()
+}
+
+func (i *IntervalSet) GetIntervals() []Interval {
+	return i.intervals
+}
+
+func (i *IntervalSet) toCharString() string {
+	names := make([]string, len(i.intervals))
+
+	var sb strings.Builder
+
+	for j := 0; j < len(i.intervals); j++ {
+		v := i.intervals[j]
+		if v.Stop == v.Start+1 {
+			if v.Start == TokenEOF {
+				names = append(names, "<EOF>")
+			} else {
+				sb.WriteByte('\'')
+				sb.WriteRune(rune(v.Start))
+				sb.WriteByte('\'')
+				names = append(names, sb.String())
+				sb.Reset()
+			}
+		} else {
+			sb.WriteByte('\'')
+			sb.WriteRune(rune(v.Start))
+			sb.WriteString("'..'")
+			sb.WriteRune(rune(v.Stop - 1))
+			sb.WriteByte('\'')
+			names = append(names, sb.String())
+			sb.Reset()
+		}
+	}
+	if len(names) > 1 {
+		return "{" + strings.Join(names, ", ") + "}"
+	}
+
+	return names[0]
+}
+
+func (i *IntervalSet) toIndexString() string {
+
+	names := make([]string, 0)
+	for j := 0; j < len(i.intervals); j++ {
+		v := i.intervals[j]
+		if v.Stop == v.Start+1 {
+			if v.Start == TokenEOF {
+				names = append(names, "<EOF>")
+			} else {
+				names = append(names, strconv.Itoa(v.Start))
+			}
+		} else {
+			names = append(names, strconv.Itoa(v.Start)+".."+strconv.Itoa(v.Stop-1))
+		}
+	}
+	if len(names) > 1 {
+		return "{" + strings.Join(names, ", ") + "}"
+	}
+
+	return names[0]
+}
+
+func (i *IntervalSet) toTokenString(literalNames []string, symbolicNames []string) string {
+	names := make([]string, 0)
+	for _, v := range i.intervals {
+		for j := v.Start; j < v.Stop; j++ {
+			names = append(names, i.elementName(literalNames, symbolicNames, j))
+		}
+	}
+	if len(names) > 1 {
+		return "{" + strings.Join(names, ", ") + "}"
+	}
+
+	return names[0]
+}
+
+func (i *IntervalSet) elementName(literalNames []string, symbolicNames []string, a int) string {
+	if a == TokenEOF {
+		return "<EOF>"
+	} else if a == TokenEpsilon {
+		return "<EPSILON>"
+	} else {
+		if a < len(literalNames) && literalNames[a] != "" {
+			return literalNames[a]
+		}
+
+		return symbolicNames[a]
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/jcollect.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/jcollect.go
@ -0,0 +1,685 @@
+package antlr
+
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+import (
+	"container/list"
+	"runtime/debug"
+	"sort"
+	"sync"
+)
+
+// Collectable is an interface that a struct should implement if it is to be
+// usable as a key in these collections.
+type Collectable[T any] interface {
+	Hash() int
+	Equals(other Collectable[T]) bool
+}
+
+type Comparator[T any] interface {
+	Hash1(o T) int
+	Equals2(T, T) bool
+}
+
+type CollectionSource int
+type CollectionDescriptor struct {
+	SybolicName string
+	Description string
+}
+
+const (
+	UnknownCollection CollectionSource = iota
+	ATNConfigLookupCollection
+	ATNStateCollection
+	DFAStateCollection
+	ATNConfigCollection
+	PredictionContextCollection
+	SemanticContextCollection
+	ClosureBusyCollection
+	PredictionVisitedCollection
+	MergeCacheCollection
+	PredictionContextCacheCollection
+	AltSetCollection
+	ReachSetCollection
+)
+
+var CollectionDescriptors = map[CollectionSource]CollectionDescriptor{
+	UnknownCollection: {
+		SybolicName: "UnknownCollection",
+		Description: "Unknown collection type. Only used if the target author thought it was an unimportant collection.",
+	},
+	ATNConfigCollection: {
+		SybolicName: "ATNConfigCollection",
+		Description: "ATNConfig collection. Used to store the ATNConfigs for a particular state in the ATN." +
+			"For instance, it is used to store the results of the closure() operation in the ATN.",
+	},
+	ATNConfigLookupCollection: {
+		SybolicName: "ATNConfigLookupCollection",
+		Description: "ATNConfigLookup collection. Used to store the ATNConfigs for a particular state in the ATN." +
+			"This is used to prevent duplicating equivalent states in an ATNConfigurationSet.",
+	},
+	ATNStateCollection: {
+		SybolicName: "ATNStateCollection",
+		Description: "ATNState collection. This is used to store the states of the ATN.",
+	},
+	DFAStateCollection: {
+		SybolicName: "DFAStateCollection",
+		Description: "DFAState collection. This is used to store the states of the DFA.",
+	},
+	PredictionContextCollection: {
+		SybolicName: "PredictionContextCollection",
+		Description: "PredictionContext collection. This is used to store the prediction contexts of the ATN and cache computes.",
+	},
+	SemanticContextCollection: {
+		SybolicName: "SemanticContextCollection",
+		Description: "SemanticContext collection. This is used to store the semantic contexts of the ATN.",
+	},
+	ClosureBusyCollection: {
+		SybolicName: "ClosureBusyCollection",
+		Description: "ClosureBusy collection. This is used to check and prevent infinite recursion right recursive rules." +
+			"It stores ATNConfigs that are currently being processed in the closure() operation.",
+	},
+	PredictionVisitedCollection: {
+		SybolicName: "PredictionVisitedCollection",
+		Description: "A map that records whether we have visited a particular context when searching through cached entries.",
+	},
+	MergeCacheCollection: {
+		SybolicName: "MergeCacheCollection",
+		Description: "A map that records whether we have already merged two particular contexts and can save effort by not repeating it.",
+	},
+	PredictionContextCacheCollection: {
+		SybolicName: "PredictionContextCacheCollection",
+		Description: "A map that records whether we have already created a particular context and can save effort by not computing it again.",
+	},
+	AltSetCollection: {
+		SybolicName: "AltSetCollection",
+		Description: "Used to eliminate duplicate alternatives in an ATN config set.",
+	},
+	ReachSetCollection: {
+		SybolicName: "ReachSetCollection",
+		Description: "Used as merge cache to prevent us needing to compute the merge of two states if we have already done it.",
+	},
+}
+
+// JStore implements a container that allows the use of a struct to calculate the key
+// for a collection of values akin to map. This is not meant to be a full-blown HashMap but just
+// serve the needs of the ANTLR Go runtime.
+//
+// For ease of porting the logic of the runtime from the master target (Java), this collection
+// operates in a similar way to Java, in that it can use any struct that supplies a Hash() and Equals()
+// function as the key. The values are stored in a standard go map which internally is a form of hashmap
+// itself, the key for the go map is the hash supplied by the key object. The collection is able to deal with
+// hash conflicts by using a simple slice of values associated with the hash code indexed bucket. That isn't
+// particularly efficient, but it is simple, and it works. As this is specifically for the ANTLR runtime, and
+// we understand the requirements, then this is fine - this is not a general purpose collection.
+type JStore[T any, C Comparator[T]] struct {
+	store      map[int][]T
+	len        int
+	comparator Comparator[T]
+	stats      *JStatRec
+}
+
+func NewJStore[T any, C Comparator[T]](comparator Comparator[T], cType CollectionSource, desc string) *JStore[T, C] {
+
+	if comparator == nil {
+		panic("comparator cannot be nil")
+	}
+
+	s := &JStore[T, C]{
+		store:      make(map[int][]T, 1),
+		comparator: comparator,
+	}
+	if collectStats {
+		s.stats = &JStatRec{
+			Source:      cType,
+			Description: desc,
+		}
+
+		// Track where we created it from  if we are being asked to do so
+		if runtimeConfig.statsTraceStacks {
+			s.stats.CreateStack = debug.Stack()
+		}
+		Statistics.AddJStatRec(s.stats)
+	}
+	return s
+}
+
+// Put will store given value in the collection. Note that the key for storage is generated from
+// the value itself - this is specifically because that is what ANTLR needs - this would not be useful
+// as any kind of general collection.
+//
+// If the key has a hash conflict, then the value will be added to the slice of values associated with the
+// hash, unless the value is already in the slice, in which case the existing value is returned. Value equivalence is
+// tested by calling the equals() method on the key.
+//
+// # If the given value is already present in the store, then the existing value is returned as v and exists is set to true
+//
+// If the given value is not present in the store, then the value is added to the store and returned as v and exists is set to false.
+func (s *JStore[T, C]) Put(value T) (v T, exists bool) {
+
+	if collectStats {
+		s.stats.Puts++
+	}
+	kh := s.comparator.Hash1(value)
+
+	var hClash bool
+	for _, v1 := range s.store[kh] {
+		hClash = true
+		if s.comparator.Equals2(value, v1) {
+			if collectStats {
+				s.stats.PutHits++
+				s.stats.PutHashConflicts++
+			}
+			return v1, true
+		}
+		if collectStats {
+			s.stats.PutMisses++
+		}
+	}
+	if collectStats && hClash {
+		s.stats.PutHashConflicts++
+	}
+	s.store[kh] = append(s.store[kh], value)
+
+	if collectStats {
+		if len(s.store[kh]) > s.stats.MaxSlotSize {
+			s.stats.MaxSlotSize = len(s.store[kh])
+		}
+	}
+	s.len++
+	if collectStats {
+		s.stats.CurSize = s.len
+		if s.len > s.stats.MaxSize {
+			s.stats.MaxSize = s.len
+		}
+	}
+	return value, false
+}
+
+// Get will return the value associated with the key - the type of the key is the same type as the value
+// which would not generally be useful, but this is a specific thing for ANTLR where the key is
+// generated using the object we are going to store.
+func (s *JStore[T, C]) Get(key T) (T, bool) {
+	if collectStats {
+		s.stats.Gets++
+	}
+	kh := s.comparator.Hash1(key)
+	var hClash bool
+	for _, v := range s.store[kh] {
+		hClash = true
+		if s.comparator.Equals2(key, v) {
+			if collectStats {
+				s.stats.GetHits++
+				s.stats.GetHashConflicts++
+			}
+			return v, true
+		}
+		if collectStats {
+			s.stats.GetMisses++
+		}
+	}
+	if collectStats {
+		if hClash {
+			s.stats.GetHashConflicts++
+		}
+		s.stats.GetNoEnt++
+	}
+	return key, false
+}
+
+// Contains returns true if the given key is present in the store
+func (s *JStore[T, C]) Contains(key T) bool {
+	_, present := s.Get(key)
+	return present
+}
+
+func (s *JStore[T, C]) SortedSlice(less func(i, j T) bool) []T {
+	vs := make([]T, 0, len(s.store))
+	for _, v := range s.store {
+		vs = append(vs, v...)
+	}
+	sort.Slice(vs, func(i, j int) bool {
+		return less(vs[i], vs[j])
+	})
+
+	return vs
+}
+
+func (s *JStore[T, C]) Each(f func(T) bool) {
+	for _, e := range s.store {
+		for _, v := range e {
+			f(v)
+		}
+	}
+}
+
+func (s *JStore[T, C]) Len() int {
+	return s.len
+}
+
+func (s *JStore[T, C]) Values() []T {
+	vs := make([]T, 0, len(s.store))
+	for _, e := range s.store {
+		vs = append(vs, e...)
+	}
+	return vs
+}
+
+type entry[K, V any] struct {
+	key K
+	val V
+}
+
+type JMap[K, V any, C Comparator[K]] struct {
+	store      map[int][]*entry[K, V]
+	len        int
+	comparator Comparator[K]
+	stats      *JStatRec
+}
+
+func NewJMap[K, V any, C Comparator[K]](comparator Comparator[K], cType CollectionSource, desc string) *JMap[K, V, C] {
+	m := &JMap[K, V, C]{
+		store:      make(map[int][]*entry[K, V], 1),
+		comparator: comparator,
+	}
+	if collectStats {
+		m.stats = &JStatRec{
+			Source:      cType,
+			Description: desc,
+		}
+		// Track where we created it from  if we are being asked to do so
+		if runtimeConfig.statsTraceStacks {
+			m.stats.CreateStack = debug.Stack()
+		}
+		Statistics.AddJStatRec(m.stats)
+	}
+	return m
+}
+
+func (m *JMap[K, V, C]) Put(key K, val V) (V, bool) {
+	if collectStats {
+		m.stats.Puts++
+	}
+	kh := m.comparator.Hash1(key)
+
+	var hClash bool
+	for _, e := range m.store[kh] {
+		hClash = true
+		if m.comparator.Equals2(e.key, key) {
+			if collectStats {
+				m.stats.PutHits++
+				m.stats.PutHashConflicts++
+			}
+			return e.val, true
+		}
+		if collectStats {
+			m.stats.PutMisses++
+		}
+	}
+	if collectStats {
+		if hClash {
+			m.stats.PutHashConflicts++
+		}
+	}
+	m.store[kh] = append(m.store[kh], &entry[K, V]{key, val})
+	if collectStats {
+		if len(m.store[kh]) > m.stats.MaxSlotSize {
+			m.stats.MaxSlotSize = len(m.store[kh])
+		}
+	}
+	m.len++
+	if collectStats {
+		m.stats.CurSize = m.len
+		if m.len > m.stats.MaxSize {
+			m.stats.MaxSize = m.len
+		}
+	}
+	return val, false
+}
+
+func (m *JMap[K, V, C]) Values() []V {
+	vs := make([]V, 0, len(m.store))
+	for _, e := range m.store {
+		for _, v := range e {
+			vs = append(vs, v.val)
+		}
+	}
+	return vs
+}
+
+func (m *JMap[K, V, C]) Get(key K) (V, bool) {
+	if collectStats {
+		m.stats.Gets++
+	}
+	var none V
+	kh := m.comparator.Hash1(key)
+	var hClash bool
+	for _, e := range m.store[kh] {
+		hClash = true
+		if m.comparator.Equals2(e.key, key) {
+			if collectStats {
+				m.stats.GetHits++
+				m.stats.GetHashConflicts++
+			}
+			return e.val, true
+		}
+		if collectStats {
+			m.stats.GetMisses++
+		}
+	}
+	if collectStats {
+		if hClash {
+			m.stats.GetHashConflicts++
+		}
+		m.stats.GetNoEnt++
+	}
+	return none, false
+}
+
+func (m *JMap[K, V, C]) Len() int {
+	return m.len
+}
+
+func (m *JMap[K, V, C]) Delete(key K) {
+	kh := m.comparator.Hash1(key)
+	for i, e := range m.store[kh] {
+		if m.comparator.Equals2(e.key, key) {
+			m.store[kh] = append(m.store[kh][:i], m.store[kh][i+1:]...)
+			m.len--
+			return
+		}
+	}
+}
+
+func (m *JMap[K, V, C]) Clear() {
+	m.store = make(map[int][]*entry[K, V])
+}
+
+type JPCMap struct {
+	store *JMap[*PredictionContext, *JMap[*PredictionContext, *PredictionContext, *ObjEqComparator[*PredictionContext]], *ObjEqComparator[*PredictionContext]]
+	size  int
+	stats *JStatRec
+}
+
+func NewJPCMap(cType CollectionSource, desc string) *JPCMap {
+	m := &JPCMap{
+		store: NewJMap[*PredictionContext, *JMap[*PredictionContext, *PredictionContext, *ObjEqComparator[*PredictionContext]], *ObjEqComparator[*PredictionContext]](pContextEqInst, cType, desc),
+	}
+	if collectStats {
+		m.stats = &JStatRec{
+			Source:      cType,
+			Description: desc,
+		}
+		// Track where we created it from  if we are being asked to do so
+		if runtimeConfig.statsTraceStacks {
+			m.stats.CreateStack = debug.Stack()
+		}
+		Statistics.AddJStatRec(m.stats)
+	}
+	return m
+}
+
+func (pcm *JPCMap) Get(k1, k2 *PredictionContext) (*PredictionContext, bool) {
+	if collectStats {
+		pcm.stats.Gets++
+	}
+	// Do we have a map stored by k1?
+	//
+	m2, present := pcm.store.Get(k1)
+	if present {
+		if collectStats {
+			pcm.stats.GetHits++
+		}
+		// We found a map of values corresponding to k1, so now we need to look up k2 in that map
+		//
+		return m2.Get(k2)
+	}
+	if collectStats {
+		pcm.stats.GetMisses++
+	}
+	return nil, false
+}
+
+func (pcm *JPCMap) Put(k1, k2, v *PredictionContext) {
+
+	if collectStats {
+		pcm.stats.Puts++
+	}
+	// First does a map already exist for k1?
+	//
+	if m2, present := pcm.store.Get(k1); present {
+		if collectStats {
+			pcm.stats.PutHits++
+		}
+		_, present = m2.Put(k2, v)
+		if !present {
+			pcm.size++
+			if collectStats {
+				pcm.stats.CurSize = pcm.size
+				if pcm.size > pcm.stats.MaxSize {
+					pcm.stats.MaxSize = pcm.size
+				}
+			}
+		}
+	} else {
+		// No map found for k1, so we create it, add in our value, then store is
+		//
+		if collectStats {
+			pcm.stats.PutMisses++
+			m2 = NewJMap[*PredictionContext, *PredictionContext, *ObjEqComparator[*PredictionContext]](pContextEqInst, pcm.stats.Source, pcm.stats.Description+" map entry")
+		} else {
+			m2 = NewJMap[*PredictionContext, *PredictionContext, *ObjEqComparator[*PredictionContext]](pContextEqInst, PredictionContextCacheCollection, "map entry")
+		}
+
+		m2.Put(k2, v)
+		pcm.store.Put(k1, m2)
+		pcm.size++
+	}
+}
+
+type JPCMap2 struct {
+	store map[int][]JPCEntry
+	size  int
+	stats *JStatRec
+}
+
+type JPCEntry struct {
+	k1, k2, v *PredictionContext
+}
+
+func NewJPCMap2(cType CollectionSource, desc string) *JPCMap2 {
+	m := &JPCMap2{
+		store: make(map[int][]JPCEntry, 1000),
+	}
+	if collectStats {
+		m.stats = &JStatRec{
+			Source:      cType,
+			Description: desc,
+		}
+		// Track where we created it from  if we are being asked to do so
+		if runtimeConfig.statsTraceStacks {
+			m.stats.CreateStack = debug.Stack()
+		}
+		Statistics.AddJStatRec(m.stats)
+	}
+	return m
+}
+
+func dHash(k1, k2 *PredictionContext) int {
+	return k1.cachedHash*31 + k2.cachedHash
+}
+
+func (pcm *JPCMap2) Get(k1, k2 *PredictionContext) (*PredictionContext, bool) {
+	if collectStats {
+		pcm.stats.Gets++
+	}
+
+	h := dHash(k1, k2)
+	var hClash bool
+	for _, e := range pcm.store[h] {
+		hClash = true
+		if e.k1.Equals(k1) && e.k2.Equals(k2) {
+			if collectStats {
+				pcm.stats.GetHits++
+				pcm.stats.GetHashConflicts++
+			}
+			return e.v, true
+		}
+		if collectStats {
+			pcm.stats.GetMisses++
+		}
+	}
+	if collectStats {
+		if hClash {
+			pcm.stats.GetHashConflicts++
+		}
+		pcm.stats.GetNoEnt++
+	}
+	return nil, false
+}
+
+func (pcm *JPCMap2) Put(k1, k2, v *PredictionContext) (*PredictionContext, bool) {
+	if collectStats {
+		pcm.stats.Puts++
+	}
+	h := dHash(k1, k2)
+	var hClash bool
+	for _, e := range pcm.store[h] {
+		hClash = true
+		if e.k1.Equals(k1) && e.k2.Equals(k2) {
+			if collectStats {
+				pcm.stats.PutHits++
+				pcm.stats.PutHashConflicts++
+			}
+			return e.v, true
+		}
+		if collectStats {
+			pcm.stats.PutMisses++
+		}
+	}
+	if collectStats {
+		if hClash {
+			pcm.stats.PutHashConflicts++
+		}
+	}
+	pcm.store[h] = append(pcm.store[h], JPCEntry{k1, k2, v})
+	pcm.size++
+	if collectStats {
+		pcm.stats.CurSize = pcm.size
+		if pcm.size > pcm.stats.MaxSize {
+			pcm.stats.MaxSize = pcm.size
+		}
+	}
+	return nil, false
+}
+
+type VisitEntry struct {
+	k *PredictionContext
+	v *PredictionContext
+}
+type VisitRecord struct {
+	store map[*PredictionContext]*PredictionContext
+	len   int
+	stats *JStatRec
+}
+
+type VisitList struct {
+	cache *list.List
+	lock  sync.RWMutex
+}
+
+var visitListPool = VisitList{
+	cache: list.New(),
+	lock:  sync.RWMutex{},
+}
+
+// NewVisitRecord returns a new VisitRecord instance from the pool if available.
+// Note that this "map" uses a pointer as a key because we are emulating the behavior of
+// IdentityHashMap in Java, which uses the `==` operator to compare whether the keys are equal,
+// which means is the key the same reference to an object rather than is it .equals() to another
+// object.
+func NewVisitRecord() *VisitRecord {
+	visitListPool.lock.Lock()
+	el := visitListPool.cache.Front()
+	defer visitListPool.lock.Unlock()
+	var vr *VisitRecord
+	if el == nil {
+		vr = &VisitRecord{
+			store: make(map[*PredictionContext]*PredictionContext),
+		}
+		if collectStats {
+			vr.stats = &JStatRec{
+				Source:      PredictionContextCacheCollection,
+				Description: "VisitRecord",
+			}
+			// Track where we created it from  if we are being asked to do so
+			if runtimeConfig.statsTraceStacks {
+				vr.stats.CreateStack = debug.Stack()
+			}
+		}
+	} else {
+		vr = el.Value.(*VisitRecord)
+		visitListPool.cache.Remove(el)
+		vr.store = make(map[*PredictionContext]*PredictionContext)
+	}
+	if collectStats {
+		Statistics.AddJStatRec(vr.stats)
+	}
+	return vr
+}
+
+func (vr *VisitRecord) Release() {
+	vr.len = 0
+	vr.store = nil
+	if collectStats {
+		vr.stats.MaxSize = 0
+		vr.stats.CurSize = 0
+		vr.stats.Gets = 0
+		vr.stats.GetHits = 0
+		vr.stats.GetMisses = 0
+		vr.stats.GetHashConflicts = 0
+		vr.stats.GetNoEnt = 0
+		vr.stats.Puts = 0
+		vr.stats.PutHits = 0
+		vr.stats.PutMisses = 0
+		vr.stats.PutHashConflicts = 0
+		vr.stats.MaxSlotSize = 0
+	}
+	visitListPool.lock.Lock()
+	visitListPool.cache.PushBack(vr)
+	visitListPool.lock.Unlock()
+}
+
+func (vr *VisitRecord) Get(k *PredictionContext) (*PredictionContext, bool) {
+	if collectStats {
+		vr.stats.Gets++
+	}
+	v := vr.store[k]
+	if v != nil {
+		if collectStats {
+			vr.stats.GetHits++
+		}
+		return v, true
+	}
+	if collectStats {
+		vr.stats.GetNoEnt++
+	}
+	return nil, false
+}
+
+func (vr *VisitRecord) Put(k, v *PredictionContext) (*PredictionContext, bool) {
+	if collectStats {
+		vr.stats.Puts++
+	}
+	vr.store[k] = v
+	vr.len++
+	if collectStats {
+		vr.stats.CurSize = vr.len
+		if vr.len > vr.stats.MaxSize {
+			vr.stats.MaxSize = vr.len
+		}
+	}
+	return v, false
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/lexer.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/lexer.go
@ -0,0 +1,426 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"strconv"
+)
+
+// A lexer is recognizer that draws input symbols from a character stream.
+//  lexer grammars result in a subclass of this object. A Lexer object
+//  uses simplified Match() and error recovery mechanisms in the interest
+//  of speed.
+///
+
+type Lexer interface {
+	TokenSource
+	Recognizer
+
+	Emit() Token
+
+	SetChannel(int)
+	PushMode(int)
+	PopMode() int
+	SetType(int)
+	SetMode(int)
+}
+
+type BaseLexer struct {
+	*BaseRecognizer
+
+	Interpreter         ILexerATNSimulator
+	TokenStartCharIndex int
+	TokenStartLine      int
+	TokenStartColumn    int
+	ActionType          int
+	Virt                Lexer // The most derived lexer implementation. Allows virtual method calls.
+
+	input                  CharStream
+	factory                TokenFactory
+	tokenFactorySourcePair *TokenSourceCharStreamPair
+	token                  Token
+	hitEOF                 bool
+	channel                int
+	thetype                int
+	modeStack              IntStack
+	mode                   int
+	text                   string
+}
+
+func NewBaseLexer(input CharStream) *BaseLexer {
+
+	lexer := new(BaseLexer)
+
+	lexer.BaseRecognizer = NewBaseRecognizer()
+
+	lexer.input = input
+	lexer.factory = CommonTokenFactoryDEFAULT
+	lexer.tokenFactorySourcePair = &TokenSourceCharStreamPair{lexer, input}
+
+	lexer.Virt = lexer
+
+	lexer.Interpreter = nil // child classes must populate it
+
+	// The goal of all lexer rules/methods is to create a token object.
+	// l is an instance variable as multiple rules may collaborate to
+	// create a single token. NextToken will return l object after
+	// Matching lexer rule(s). If you subclass to allow multiple token
+	// emissions, then set l to the last token to be Matched or
+	// something non nil so that the auto token emit mechanism will not
+	// emit another token.
+	lexer.token = nil
+
+	// What character index in the stream did the current token start at?
+	// Needed, for example, to get the text for current token. Set at
+	// the start of NextToken.
+	lexer.TokenStartCharIndex = -1
+
+	// The line on which the first character of the token resides///
+	lexer.TokenStartLine = -1
+
+	// The character position of first character within the line///
+	lexer.TokenStartColumn = -1
+
+	// Once we see EOF on char stream, next token will be EOF.
+	// If you have DONE : EOF  then you see DONE EOF.
+	lexer.hitEOF = false
+
+	// The channel number for the current token///
+	lexer.channel = TokenDefaultChannel
+
+	// The token type for the current token///
+	lexer.thetype = TokenInvalidType
+
+	lexer.modeStack = make([]int, 0)
+	lexer.mode = LexerDefaultMode
+
+	// You can set the text for the current token to override what is in
+	// the input char buffer. Use setText() or can set l instance var.
+	// /
+	lexer.text = ""
+
+	return lexer
+}
+
+const (
+	LexerDefaultMode = 0
+	LexerMore        = -2
+	LexerSkip        = -3
+)
+
+//goland:noinspection GoUnusedConst
+const (
+	LexerDefaultTokenChannel = TokenDefaultChannel
+	LexerHidden              = TokenHiddenChannel
+	LexerMinCharValue        = 0x0000
+	LexerMaxCharValue        = 0x10FFFF
+)
+
+func (b *BaseLexer) Reset() {
+	// wack Lexer state variables
+	if b.input != nil {
+		b.input.Seek(0) // rewind the input
+	}
+	b.token = nil
+	b.thetype = TokenInvalidType
+	b.channel = TokenDefaultChannel
+	b.TokenStartCharIndex = -1
+	b.TokenStartColumn = -1
+	b.TokenStartLine = -1
+	b.text = ""
+
+	b.hitEOF = false
+	b.mode = LexerDefaultMode
+	b.modeStack = make([]int, 0)
+
+	b.Interpreter.reset()
+}
+
+func (b *BaseLexer) GetInterpreter() ILexerATNSimulator {
+	return b.Interpreter
+}
+
+func (b *BaseLexer) GetInputStream() CharStream {
+	return b.input
+}
+
+func (b *BaseLexer) GetSourceName() string {
+	return b.GrammarFileName
+}
+
+func (b *BaseLexer) SetChannel(v int) {
+	b.channel = v
+}
+
+func (b *BaseLexer) GetTokenFactory() TokenFactory {
+	return b.factory
+}
+
+func (b *BaseLexer) setTokenFactory(f TokenFactory) {
+	b.factory = f
+}
+
+func (b *BaseLexer) safeMatch() (ret int) {
+	defer func() {
+		if e := recover(); e != nil {
+			if re, ok := e.(RecognitionException); ok {
+				b.notifyListeners(re) // Report error
+				b.Recover(re)
+				ret = LexerSkip // default
+			}
+		}
+	}()
+
+	return b.Interpreter.Match(b.input, b.mode)
+}
+
+// NextToken returns a token from the lexer input source i.e., Match a token on the source char stream.
+func (b *BaseLexer) NextToken() Token {
+	if b.input == nil {
+		panic("NextToken requires a non-nil input stream.")
+	}
+
+	tokenStartMarker := b.input.Mark()
+
+	// previously in finally block
+	defer func() {
+		// make sure we release marker after Match or
+		// unbuffered char stream will keep buffering
+		b.input.Release(tokenStartMarker)
+	}()
+
+	for {
+		if b.hitEOF {
+			b.EmitEOF()
+			return b.token
+		}
+		b.token = nil
+		b.channel = TokenDefaultChannel
+		b.TokenStartCharIndex = b.input.Index()
+		b.TokenStartColumn = b.Interpreter.GetCharPositionInLine()
+		b.TokenStartLine = b.Interpreter.GetLine()
+		b.text = ""
+		continueOuter := false
+		for {
+			b.thetype = TokenInvalidType
+
+			ttype := b.safeMatch()
+
+			if b.input.LA(1) == TokenEOF {
+				b.hitEOF = true
+			}
+			if b.thetype == TokenInvalidType {
+				b.thetype = ttype
+			}
+			if b.thetype == LexerSkip {
+				continueOuter = true
+				break
+			}
+			if b.thetype != LexerMore {
+				break
+			}
+		}
+
+		if continueOuter {
+			continue
+		}
+		if b.token == nil {
+			b.Virt.Emit()
+		}
+		return b.token
+	}
+}
+
+// Skip instructs the lexer to Skip creating a token for current lexer rule
+// and look for another token. [NextToken] knows to keep looking when
+// a lexer rule finishes with token set to [SKIPTOKEN]. Recall that
+// if token==nil at end of any token rule, it creates one for you
+// and emits it.
+func (b *BaseLexer) Skip() {
+	b.thetype = LexerSkip
+}
+
+func (b *BaseLexer) More() {
+	b.thetype = LexerMore
+}
+
+// SetMode changes the lexer to a new mode. The lexer will use this mode from hereon in and the rules for that mode
+// will be in force.
+func (b *BaseLexer) SetMode(m int) {
+	b.mode = m
+}
+
+// PushMode saves the current lexer mode so that it can be restored later. See [PopMode], then sets the
+// current lexer mode to the supplied mode m.
+func (b *BaseLexer) PushMode(m int) {
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("pushMode " + strconv.Itoa(m))
+	}
+	b.modeStack.Push(b.mode)
+	b.mode = m
+}
+
+// PopMode restores the lexer mode saved by a call to [PushMode]. It is a panic error if there is no saved mode to
+// return to.
+func (b *BaseLexer) PopMode() int {
+	if len(b.modeStack) == 0 {
+		panic("Empty Stack")
+	}
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("popMode back to " + fmt.Sprint(b.modeStack[0:len(b.modeStack)-1]))
+	}
+	i, _ := b.modeStack.Pop()
+	b.mode = i
+	return b.mode
+}
+
+func (b *BaseLexer) inputStream() CharStream {
+	return b.input
+}
+
+// SetInputStream resets the lexer input stream and associated lexer state.
+func (b *BaseLexer) SetInputStream(input CharStream) {
+	b.input = nil
+	b.tokenFactorySourcePair = &TokenSourceCharStreamPair{b, b.input}
+	b.Reset()
+	b.input = input
+	b.tokenFactorySourcePair = &TokenSourceCharStreamPair{b, b.input}
+}
+
+func (b *BaseLexer) GetTokenSourceCharStreamPair() *TokenSourceCharStreamPair {
+	return b.tokenFactorySourcePair
+}
+
+// EmitToken by default does not support multiple emits per [NextToken] invocation
+// for efficiency reasons. Subclass and override this func, [NextToken],
+// and [GetToken] (to push tokens into a list and pull from that list
+// rather than a single variable as this implementation does).
+func (b *BaseLexer) EmitToken(token Token) {
+	b.token = token
+}
+
+// Emit is the standard method called to automatically emit a token at the
+// outermost lexical rule. The token object should point into the
+// char buffer start..stop. If there is a text override in 'text',
+// use that to set the token's text. Override this method to emit
+// custom [Token] objects or provide a new factory.
+// /
+func (b *BaseLexer) Emit() Token {
+	t := b.factory.Create(b.tokenFactorySourcePair, b.thetype, b.text, b.channel, b.TokenStartCharIndex, b.GetCharIndex()-1, b.TokenStartLine, b.TokenStartColumn)
+	b.EmitToken(t)
+	return t
+}
+
+// EmitEOF emits an EOF token. By default, this is the last token emitted
+func (b *BaseLexer) EmitEOF() Token {
+	cpos := b.GetCharPositionInLine()
+	lpos := b.GetLine()
+	eof := b.factory.Create(b.tokenFactorySourcePair, TokenEOF, "", TokenDefaultChannel, b.input.Index(), b.input.Index()-1, lpos, cpos)
+	b.EmitToken(eof)
+	return eof
+}
+
+// GetCharPositionInLine returns the current position in the current line as far as the lexer is concerned.
+func (b *BaseLexer) GetCharPositionInLine() int {
+	return b.Interpreter.GetCharPositionInLine()
+}
+
+func (b *BaseLexer) GetLine() int {
+	return b.Interpreter.GetLine()
+}
+
+func (b *BaseLexer) GetType() int {
+	return b.thetype
+}
+
+func (b *BaseLexer) SetType(t int) {
+	b.thetype = t
+}
+
+// GetCharIndex returns the index of the current character of lookahead
+func (b *BaseLexer) GetCharIndex() int {
+	return b.input.Index()
+}
+
+// GetText returns the text Matched so far for the current token or any text override.
+func (b *BaseLexer) GetText() string {
+	if b.text != "" {
+		return b.text
+	}
+
+	return b.Interpreter.GetText(b.input)
+}
+
+// SetText sets the complete text of this token; it wipes any previous changes to the text.
+func (b *BaseLexer) SetText(text string) {
+	b.text = text
+}
+
+// GetATN returns the ATN used by the lexer.
+func (b *BaseLexer) GetATN() *ATN {
+	return b.Interpreter.ATN()
+}
+
+// GetAllTokens returns a list of all [Token] objects in input char stream.
+// Forces a load of all tokens that can be made from the input char stream.
+//
+// Does not include EOF token.
+func (b *BaseLexer) GetAllTokens() []Token {
+	vl := b.Virt
+	tokens := make([]Token, 0)
+	t := vl.NextToken()
+	for t.GetTokenType() != TokenEOF {
+		tokens = append(tokens, t)
+		t = vl.NextToken()
+	}
+	return tokens
+}
+
+func (b *BaseLexer) notifyListeners(e RecognitionException) {
+	start := b.TokenStartCharIndex
+	stop := b.input.Index()
+	text := b.input.GetTextFromInterval(NewInterval(start, stop))
+	msg := "token recognition error at: '" + text + "'"
+	listener := b.GetErrorListenerDispatch()
+	listener.SyntaxError(b, nil, b.TokenStartLine, b.TokenStartColumn, msg, e)
+}
+
+func (b *BaseLexer) getErrorDisplayForChar(c rune) string {
+	if c == TokenEOF {
+		return "<EOF>"
+	} else if c == '\n' {
+		return "\\n"
+	} else if c == '\t' {
+		return "\\t"
+	} else if c == '\r' {
+		return "\\r"
+	} else {
+		return string(c)
+	}
+}
+
+func (b *BaseLexer) getCharErrorDisplay(c rune) string {
+	return "'" + b.getErrorDisplayForChar(c) + "'"
+}
+
+// Recover can normally Match any char in its vocabulary after Matching
+// a token, so here we do the easy thing and just kill a character and hope
+// it all works out. You can instead use the rule invocation stack
+// to do sophisticated error recovery if you are in a fragment rule.
+//
+// In general, lexers should not need to recover and should have rules that cover any eventuality, such as
+// a character that makes no sense to the recognizer.
+func (b *BaseLexer) Recover(re RecognitionException) {
+	if b.input.LA(1) != TokenEOF {
+		if _, ok := re.(*LexerNoViableAltException); ok {
+			// Skip a char and try again
+			b.Interpreter.Consume(b.input)
+		} else {
+			// TODO: Do we lose character or line position information?
+			b.input.Consume()
+		}
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/lexer_action.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/lexer_action.go
@ -0,0 +1,452 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import "strconv"
+
+const (
+	// LexerActionTypeChannel represents a [LexerChannelAction] action.
+	LexerActionTypeChannel = 0
+
+	// LexerActionTypeCustom represents a [LexerCustomAction] action.
+	LexerActionTypeCustom = 1
+
+	// LexerActionTypeMode represents a [LexerModeAction] action.
+	LexerActionTypeMode = 2
+
+	// LexerActionTypeMore represents a [LexerMoreAction] action.
+	LexerActionTypeMore = 3
+
+	// LexerActionTypePopMode represents a [LexerPopModeAction] action.
+	LexerActionTypePopMode = 4
+
+	// LexerActionTypePushMode represents a [LexerPushModeAction] action.
+	LexerActionTypePushMode = 5
+
+	// LexerActionTypeSkip represents a [LexerSkipAction] action.
+	LexerActionTypeSkip = 6
+
+	// LexerActionTypeType represents a [LexerTypeAction] action.
+	LexerActionTypeType = 7
+)
+
+type LexerAction interface {
+	getActionType() int
+	getIsPositionDependent() bool
+	execute(lexer Lexer)
+	Hash() int
+	Equals(other LexerAction) bool
+}
+
+type BaseLexerAction struct {
+	actionType          int
+	isPositionDependent bool
+}
+
+func NewBaseLexerAction(action int) *BaseLexerAction {
+	la := new(BaseLexerAction)
+
+	la.actionType = action
+	la.isPositionDependent = false
+
+	return la
+}
+
+func (b *BaseLexerAction) execute(_ Lexer) {
+	panic("Not implemented")
+}
+
+func (b *BaseLexerAction) getActionType() int {
+	return b.actionType
+}
+
+func (b *BaseLexerAction) getIsPositionDependent() bool {
+	return b.isPositionDependent
+}
+
+func (b *BaseLexerAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, b.actionType)
+	return murmurFinish(h, 1)
+}
+
+func (b *BaseLexerAction) Equals(other LexerAction) bool {
+	return b.actionType == other.getActionType()
+}
+
+// LexerSkipAction implements the [BaseLexerAction.Skip] lexer action by calling [Lexer.Skip].
+//
+// The Skip command does not have any parameters, so this action is
+// implemented as a singleton instance exposed by the [LexerSkipActionINSTANCE].
+type LexerSkipAction struct {
+	*BaseLexerAction
+}
+
+func NewLexerSkipAction() *LexerSkipAction {
+	la := new(LexerSkipAction)
+	la.BaseLexerAction = NewBaseLexerAction(LexerActionTypeSkip)
+	return la
+}
+
+// LexerSkipActionINSTANCE provides a singleton instance of this parameterless lexer action.
+var LexerSkipActionINSTANCE = NewLexerSkipAction()
+
+func (l *LexerSkipAction) execute(lexer Lexer) {
+	lexer.Skip()
+}
+
+// String returns a string representation of the current [LexerSkipAction].
+func (l *LexerSkipAction) String() string {
+	return "skip"
+}
+
+func (b *LexerSkipAction) Equals(other LexerAction) bool {
+	return other.getActionType() == LexerActionTypeSkip
+}
+
+//	Implements the {@code type} lexer action by calling {@link Lexer//setType}
+//
+// with the assigned type.
+type LexerTypeAction struct {
+	*BaseLexerAction
+
+	thetype int
+}
+
+func NewLexerTypeAction(thetype int) *LexerTypeAction {
+	l := new(LexerTypeAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypeType)
+	l.thetype = thetype
+	return l
+}
+
+func (l *LexerTypeAction) execute(lexer Lexer) {
+	lexer.SetType(l.thetype)
+}
+
+func (l *LexerTypeAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.actionType)
+	h = murmurUpdate(h, l.thetype)
+	return murmurFinish(h, 2)
+}
+
+func (l *LexerTypeAction) Equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerTypeAction); !ok {
+		return false
+	} else {
+		return l.thetype == other.(*LexerTypeAction).thetype
+	}
+}
+
+func (l *LexerTypeAction) String() string {
+	return "actionType(" + strconv.Itoa(l.thetype) + ")"
+}
+
+// LexerPushModeAction implements the pushMode lexer action by calling
+// [Lexer.pushMode] with the assigned mode.
+type LexerPushModeAction struct {
+	*BaseLexerAction
+	mode int
+}
+
+func NewLexerPushModeAction(mode int) *LexerPushModeAction {
+
+	l := new(LexerPushModeAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypePushMode)
+
+	l.mode = mode
+	return l
+}
+
+// <p>This action is implemented by calling {@link Lexer//pushMode} with the
+// value provided by {@link //getMode}.</p>
+func (l *LexerPushModeAction) execute(lexer Lexer) {
+	lexer.PushMode(l.mode)
+}
+
+func (l *LexerPushModeAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.actionType)
+	h = murmurUpdate(h, l.mode)
+	return murmurFinish(h, 2)
+}
+
+func (l *LexerPushModeAction) Equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerPushModeAction); !ok {
+		return false
+	} else {
+		return l.mode == other.(*LexerPushModeAction).mode
+	}
+}
+
+func (l *LexerPushModeAction) String() string {
+	return "pushMode(" + strconv.Itoa(l.mode) + ")"
+}
+
+// LexerPopModeAction implements the popMode lexer action by calling [Lexer.popMode].
+//
+// The popMode command does not have any parameters, so this action is
+// implemented as a singleton instance exposed by [LexerPopModeActionINSTANCE]
+type LexerPopModeAction struct {
+	*BaseLexerAction
+}
+
+func NewLexerPopModeAction() *LexerPopModeAction {
+
+	l := new(LexerPopModeAction)
+
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypePopMode)
+
+	return l
+}
+
+var LexerPopModeActionINSTANCE = NewLexerPopModeAction()
+
+// <p>This action is implemented by calling {@link Lexer//popMode}.</p>
+func (l *LexerPopModeAction) execute(lexer Lexer) {
+	lexer.PopMode()
+}
+
+func (l *LexerPopModeAction) String() string {
+	return "popMode"
+}
+
+// Implements the {@code more} lexer action by calling {@link Lexer//more}.
+//
+// <p>The {@code more} command does not have any parameters, so l action is
+// implemented as a singleton instance exposed by {@link //INSTANCE}.</p>
+
+type LexerMoreAction struct {
+	*BaseLexerAction
+}
+
+func NewLexerMoreAction() *LexerMoreAction {
+	l := new(LexerMoreAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypeMore)
+
+	return l
+}
+
+var LexerMoreActionINSTANCE = NewLexerMoreAction()
+
+// <p>This action is implemented by calling {@link Lexer//popMode}.</p>
+func (l *LexerMoreAction) execute(lexer Lexer) {
+	lexer.More()
+}
+
+func (l *LexerMoreAction) String() string {
+	return "more"
+}
+
+// LexerModeAction implements the mode lexer action by calling [Lexer.mode] with
+// the assigned mode.
+type LexerModeAction struct {
+	*BaseLexerAction
+	mode int
+}
+
+func NewLexerModeAction(mode int) *LexerModeAction {
+	l := new(LexerModeAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypeMode)
+	l.mode = mode
+	return l
+}
+
+// <p>This action is implemented by calling {@link Lexer//mode} with the
+// value provided by {@link //getMode}.</p>
+func (l *LexerModeAction) execute(lexer Lexer) {
+	lexer.SetMode(l.mode)
+}
+
+func (l *LexerModeAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.actionType)
+	h = murmurUpdate(h, l.mode)
+	return murmurFinish(h, 2)
+}
+
+func (l *LexerModeAction) Equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerModeAction); !ok {
+		return false
+	} else {
+		return l.mode == other.(*LexerModeAction).mode
+	}
+}
+
+func (l *LexerModeAction) String() string {
+	return "mode(" + strconv.Itoa(l.mode) + ")"
+}
+
+// Executes a custom lexer action by calling {@link Recognizer//action} with the
+// rule and action indexes assigned to the custom action. The implementation of
+// a custom action is added to the generated code for the lexer in an override
+// of {@link Recognizer//action} when the grammar is compiled.
+//
+// <p>This class may represent embedded actions created with the <code>{...}</code>
+// syntax in ANTLR 4, as well as actions created for lexer commands where the
+// command argument could not be evaluated when the grammar was compiled.</p>
+
+// Constructs a custom lexer action with the specified rule and action
+// indexes.
+//
+// @param ruleIndex The rule index to use for calls to
+// {@link Recognizer//action}.
+// @param actionIndex The action index to use for calls to
+// {@link Recognizer//action}.
+
+type LexerCustomAction struct {
+	*BaseLexerAction
+	ruleIndex, actionIndex int
+}
+
+func NewLexerCustomAction(ruleIndex, actionIndex int) *LexerCustomAction {
+	l := new(LexerCustomAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypeCustom)
+	l.ruleIndex = ruleIndex
+	l.actionIndex = actionIndex
+	l.isPositionDependent = true
+	return l
+}
+
+// <p>Custom actions are implemented by calling {@link Lexer//action} with the
+// appropriate rule and action indexes.</p>
+func (l *LexerCustomAction) execute(lexer Lexer) {
+	lexer.Action(nil, l.ruleIndex, l.actionIndex)
+}
+
+func (l *LexerCustomAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.actionType)
+	h = murmurUpdate(h, l.ruleIndex)
+	h = murmurUpdate(h, l.actionIndex)
+	return murmurFinish(h, 3)
+}
+
+func (l *LexerCustomAction) Equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerCustomAction); !ok {
+		return false
+	} else {
+		return l.ruleIndex == other.(*LexerCustomAction).ruleIndex &&
+			l.actionIndex == other.(*LexerCustomAction).actionIndex
+	}
+}
+
+// LexerChannelAction implements the channel lexer action by calling
+// [Lexer.setChannel] with the assigned channel.
+//
+// Constructs a new channel action with the specified channel value.
+type LexerChannelAction struct {
+	*BaseLexerAction
+	channel int
+}
+
+// NewLexerChannelAction creates a channel lexer action by calling
+// [Lexer.setChannel] with the assigned channel.
+//
+// Constructs a new channel action with the specified channel value.
+func NewLexerChannelAction(channel int) *LexerChannelAction {
+	l := new(LexerChannelAction)
+	l.BaseLexerAction = NewBaseLexerAction(LexerActionTypeChannel)
+	l.channel = channel
+	return l
+}
+
+// <p>This action is implemented by calling {@link Lexer//setChannel} with the
+// value provided by {@link //getChannel}.</p>
+func (l *LexerChannelAction) execute(lexer Lexer) {
+	lexer.SetChannel(l.channel)
+}
+
+func (l *LexerChannelAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.actionType)
+	h = murmurUpdate(h, l.channel)
+	return murmurFinish(h, 2)
+}
+
+func (l *LexerChannelAction) Equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerChannelAction); !ok {
+		return false
+	} else {
+		return l.channel == other.(*LexerChannelAction).channel
+	}
+}
+
+func (l *LexerChannelAction) String() string {
+	return "channel(" + strconv.Itoa(l.channel) + ")"
+}
+
+// This implementation of {@link LexerAction} is used for tracking input offsets
+// for position-dependent actions within a {@link LexerActionExecutor}.
+//
+// <p>This action is not serialized as part of the ATN, and is only required for
+// position-dependent lexer actions which appear at a location other than the
+// end of a rule. For more information about DFA optimizations employed for
+// lexer actions, see {@link LexerActionExecutor//append} and
+// {@link LexerActionExecutor//fixOffsetBeforeMatch}.</p>
+
+type LexerIndexedCustomAction struct {
+	*BaseLexerAction
+	offset              int
+	lexerAction         LexerAction
+	isPositionDependent bool
+}
+
+// NewLexerIndexedCustomAction constructs a new indexed custom action by associating a character offset
+// with a [LexerAction].
+//
+// Note: This class is only required for lexer actions for which
+// [LexerAction.isPositionDependent] returns true.
+//
+// The offset points into the input [CharStream], relative to
+// the token start index, at which the specified lexerAction should be
+// executed.
+func NewLexerIndexedCustomAction(offset int, lexerAction LexerAction) *LexerIndexedCustomAction {
+
+	l := new(LexerIndexedCustomAction)
+	l.BaseLexerAction = NewBaseLexerAction(lexerAction.getActionType())
+
+	l.offset = offset
+	l.lexerAction = lexerAction
+	l.isPositionDependent = true
+
+	return l
+}
+
+// <p>This method calls {@link //execute} on the result of {@link //getAction}
+// using the provided {@code lexer}.</p>
+func (l *LexerIndexedCustomAction) execute(lexer Lexer) {
+	// assume the input stream position was properly set by the calling code
+	l.lexerAction.execute(lexer)
+}
+
+func (l *LexerIndexedCustomAction) Hash() int {
+	h := murmurInit(0)
+	h = murmurUpdate(h, l.offset)
+	h = murmurUpdate(h, l.lexerAction.Hash())
+	return murmurFinish(h, 2)
+}
+
+func (l *LexerIndexedCustomAction) equals(other LexerAction) bool {
+	if l == other {
+		return true
+	} else if _, ok := other.(*LexerIndexedCustomAction); !ok {
+		return false
+	} else {
+		return l.offset == other.(*LexerIndexedCustomAction).offset &&
+			l.lexerAction.Equals(other.(*LexerIndexedCustomAction).lexerAction)
+	}
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/lexer_action_executor.go
@ -0,0 +1,173 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import "golang.org/x/exp/slices"
+
+// Represents an executor for a sequence of lexer actions which traversed during
+// the Matching operation of a lexer rule (token).
+//
+// <p>The executor tracks position information for position-dependent lexer actions
+// efficiently, ensuring that actions appearing only at the end of the rule do
+// not cause bloating of the {@link DFA} created for the lexer.</p>
+
+type LexerActionExecutor struct {
+	lexerActions []LexerAction
+	cachedHash   int
+}
+
+func NewLexerActionExecutor(lexerActions []LexerAction) *LexerActionExecutor {
+
+	if lexerActions == nil {
+		lexerActions = make([]LexerAction, 0)
+	}
+
+	l := new(LexerActionExecutor)
+
+	l.lexerActions = lexerActions
+
+	// Caches the result of {@link //hashCode} since the hash code is an element
+	// of the performance-critical {@link ATNConfig//hashCode} operation.
+	l.cachedHash = murmurInit(0)
+	for _, a := range lexerActions {
+		l.cachedHash = murmurUpdate(l.cachedHash, a.Hash())
+	}
+	l.cachedHash = murmurFinish(l.cachedHash, len(lexerActions))
+
+	return l
+}
+
+// LexerActionExecutorappend creates a [LexerActionExecutor] which executes the actions for
+// the input [LexerActionExecutor] followed by a specified
+// [LexerAction].
+// TODO: This does not match the Java code
+func LexerActionExecutorappend(lexerActionExecutor *LexerActionExecutor, lexerAction LexerAction) *LexerActionExecutor {
+	if lexerActionExecutor == nil {
+		return NewLexerActionExecutor([]LexerAction{lexerAction})
+	}
+
+	return NewLexerActionExecutor(append(lexerActionExecutor.lexerActions, lexerAction))
+}
+
+// fixOffsetBeforeMatch creates a [LexerActionExecutor] which encodes the current offset
+// for position-dependent lexer actions.
+//
+// Normally, when the executor encounters lexer actions where
+// [LexerAction.isPositionDependent] returns true, it calls
+// [IntStream.Seek] on the input [CharStream] to set the input
+// position to the end of the current token. This behavior provides
+// for efficient [DFA] representation of lexer actions which appear at the end
+// of a lexer rule, even when the lexer rule Matches a variable number of
+// characters.
+//
+// Prior to traversing a Match transition in the [ATN], the current offset
+// from the token start index is assigned to all position-dependent lexer
+// actions which have not already been assigned a fixed offset. By storing
+// the offsets relative to the token start index, the [DFA] representation of
+// lexer actions which appear in the middle of tokens remains efficient due
+// to sharing among tokens of the same Length, regardless of their absolute
+// position in the input stream.
+//
+// If the current executor already has offsets assigned to all
+// position-dependent lexer actions, the method returns this instance.
+//
+// The offset is assigned to all position-dependent
+// lexer actions which do not already have offsets assigned.
+//
+// The func returns a [LexerActionExecutor] that stores input stream offsets
+// for all position-dependent lexer actions.
+func (l *LexerActionExecutor) fixOffsetBeforeMatch(offset int) *LexerActionExecutor {
+	var updatedLexerActions []LexerAction
+	for i := 0; i < len(l.lexerActions); i++ {
+		_, ok := l.lexerActions[i].(*LexerIndexedCustomAction)
+		if l.lexerActions[i].getIsPositionDependent() && !ok {
+			if updatedLexerActions == nil {
+				updatedLexerActions = make([]LexerAction, 0, len(l.lexerActions))
+				updatedLexerActions = append(updatedLexerActions, l.lexerActions...)
+			}
+			updatedLexerActions[i] = NewLexerIndexedCustomAction(offset, l.lexerActions[i])
+		}
+	}
+	if updatedLexerActions == nil {
+		return l
+	}
+
+	return NewLexerActionExecutor(updatedLexerActions)
+}
+
+// Execute the actions encapsulated by l executor within the context of a
+// particular {@link Lexer}.
+//
+// <p>This method calls {@link IntStream//seek} to set the position of the
+// {@code input} {@link CharStream} prior to calling
+// {@link LexerAction//execute} on a position-dependent action. Before the
+// method returns, the input position will be restored to the same position
+// it was in when the method was invoked.</p>
+//
+// @param lexer The lexer instance.
+// @param input The input stream which is the source for the current token.
+// When l method is called, the current {@link IntStream//index} for
+// {@code input} should be the start of the following token, i.e. 1
+// character past the end of the current token.
+// @param startIndex The token start index. This value may be passed to
+// {@link IntStream//seek} to set the {@code input} position to the beginning
+// of the token.
+// /
+func (l *LexerActionExecutor) execute(lexer Lexer, input CharStream, startIndex int) {
+	requiresSeek := false
+	stopIndex := input.Index()
+
+	defer func() {
+		if requiresSeek {
+			input.Seek(stopIndex)
+		}
+	}()
+
+	for i := 0; i < len(l.lexerActions); i++ {
+		lexerAction := l.lexerActions[i]
+		if la, ok := lexerAction.(*LexerIndexedCustomAction); ok {
+			offset := la.offset
+			input.Seek(startIndex + offset)
+			lexerAction = la.lexerAction
+			requiresSeek = (startIndex + offset) != stopIndex
+		} else if lexerAction.getIsPositionDependent() {
+			input.Seek(stopIndex)
+			requiresSeek = false
+		}
+		lexerAction.execute(lexer)
+	}
+}
+
+func (l *LexerActionExecutor) Hash() int {
+	if l == nil {
+		// TODO: Why is this here? l should not be nil
+		return 61
+	}
+
+	// TODO: This is created from the action itself when the struct is created - will this be an issue at some point? Java uses the runtime assign hashcode
+	return l.cachedHash
+}
+
+func (l *LexerActionExecutor) Equals(other interface{}) bool {
+	if l == other {
+		return true
+	}
+	othert, ok := other.(*LexerActionExecutor)
+	if !ok {
+		return false
+	}
+	if othert == nil {
+		return false
+	}
+	if l.cachedHash != othert.cachedHash {
+		return false
+	}
+	if len(l.lexerActions) != len(othert.lexerActions) {
+		return false
+	}
+	return slices.EqualFunc(l.lexerActions, othert.lexerActions, func(i, j LexerAction) bool {
+		return i.Equals(j)
+	})
+}
--- a/vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go
+++ b/vendor/github.com/antlr4-go/antlr/v4/lexer_atn_simulator.go
@ -0,0 +1,677 @@
+// Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+// Use of this file is governed by the BSD 3-clause license that
+// can be found in the LICENSE.txt file in the project root.
+
+package antlr
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+//goland:noinspection GoUnusedGlobalVariable
+var (
+	LexerATNSimulatorMinDFAEdge = 0
+	LexerATNSimulatorMaxDFAEdge = 127 // forces unicode to stay in ATN
+
+	LexerATNSimulatorMatchCalls = 0
+)
+
+type ILexerATNSimulator interface {
+	IATNSimulator
+
+	reset()
+	Match(input CharStream, mode int) int
+	GetCharPositionInLine() int
+	GetLine() int
+	GetText(input CharStream) string
+	Consume(input CharStream)
+}
+
+type LexerATNSimulator struct {
+	BaseATNSimulator
+
+	recog              Lexer
+	predictionMode     int
+	mergeCache         *JPCMap2
+	startIndex         int
+	Line               int
+	CharPositionInLine int
+	mode               int
+	prevAccept         *SimState
+	MatchCalls         int
+}
+
+func NewLexerATNSimulator(recog Lexer, atn *ATN, decisionToDFA []*DFA, sharedContextCache *PredictionContextCache) *LexerATNSimulator {
+	l := &LexerATNSimulator{
+		BaseATNSimulator: BaseATNSimulator{
+			atn:                atn,
+			sharedContextCache: sharedContextCache,
+		},
+	}
+
+	l.decisionToDFA = decisionToDFA
+	l.recog = recog
+
+	// The current token's starting index into the character stream.
+	// Shared across DFA to ATN simulation in case the ATN fails and the
+	// DFA did not have a previous accept state. In l case, we use the
+	// ATN-generated exception object.
+	l.startIndex = -1
+
+	// line number 1..n within the input
+	l.Line = 1
+
+	// The index of the character relative to the beginning of the line
+	// 0..n-1
+	l.CharPositionInLine = 0
+
+	l.mode = LexerDefaultMode
+
+	// Used during DFA/ATN exec to record the most recent accept configuration
+	// info
+	l.prevAccept = NewSimState()
+
+	return l
+}
+
+func (l *LexerATNSimulator) copyState(simulator *LexerATNSimulator) {
+	l.CharPositionInLine = simulator.CharPositionInLine
+	l.Line = simulator.Line
+	l.mode = simulator.mode
+	l.startIndex = simulator.startIndex
+}
+
+func (l *LexerATNSimulator) Match(input CharStream, mode int) int {
+	l.MatchCalls++
+	l.mode = mode
+	mark := input.Mark()
+
+	defer func() {
+		input.Release(mark)
+	}()
+
+	l.startIndex = input.Index()
+	l.prevAccept.reset()
+
+	dfa := l.decisionToDFA[mode]
+
+	var s0 *DFAState
+	l.atn.stateMu.RLock()
+	s0 = dfa.getS0()
+	l.atn.stateMu.RUnlock()
+
+	if s0 == nil {
+		return l.MatchATN(input)
+	}
+
+	return l.execATN(input, s0)
+}
+
+func (l *LexerATNSimulator) reset() {
+	l.prevAccept.reset()
+	l.startIndex = -1
+	l.Line = 1
+	l.CharPositionInLine = 0
+	l.mode = LexerDefaultMode
+}
+
+func (l *LexerATNSimulator) MatchATN(input CharStream) int {
+	startState := l.atn.modeToStartState[l.mode]
+
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("MatchATN mode " + strconv.Itoa(l.mode) + " start: " + startState.String())
+	}
+	oldMode := l.mode
+	s0Closure := l.computeStartState(input, startState)
+	suppressEdge := s0Closure.hasSemanticContext
+	s0Closure.hasSemanticContext = false
+
+	next := l.addDFAState(s0Closure, suppressEdge)
+
+	predict := l.execATN(input, next)
+
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("DFA after MatchATN: " + l.decisionToDFA[oldMode].ToLexerString())
+	}
+	return predict
+}
+
+func (l *LexerATNSimulator) execATN(input CharStream, ds0 *DFAState) int {
+
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("start state closure=" + ds0.configs.String())
+	}
+	if ds0.isAcceptState {
+		// allow zero-Length tokens
+		l.captureSimState(l.prevAccept, input, ds0)
+	}
+	t := input.LA(1)
+	s := ds0 // s is current/from DFA state
+
+	for { // while more work
+		if runtimeConfig.lexerATNSimulatorDebug {
+			fmt.Println("execATN loop starting closure: " + s.configs.String())
+		}
+
+		// As we move src->trg, src->trg, we keep track of the previous trg to
+		// avoid looking up the DFA state again, which is expensive.
+		// If the previous target was already part of the DFA, we might
+		// be able to avoid doing a reach operation upon t. If s!=nil,
+		// it means that semantic predicates didn't prevent us from
+		// creating a DFA state. Once we know s!=nil, we check to see if
+		// the DFA state has an edge already for t. If so, we can just reuse
+		// it's configuration set there's no point in re-computing it.
+		// This is kind of like doing DFA simulation within the ATN
+		// simulation because DFA simulation is really just a way to avoid
+		// computing reach/closure sets. Technically, once we know that
+		// we have a previously added DFA state, we could jump over to
+		// the DFA simulator. But, that would mean popping back and forth
+		// a lot and making things more complicated algorithmically.
+		// This optimization makes a lot of sense for loops within DFA.
+		// A character will take us back to an existing DFA state
+		// that already has lots of edges out of it. e.g., .* in comments.
+		target := l.getExistingTargetState(s, t)
+		if target == nil {
+			target = l.computeTargetState(input, s, t)
+			// print("Computed:" + str(target))
+		}
+		if target == ATNSimulatorError {
+			break
+		}
+		// If l is a consumable input element, make sure to consume before
+		// capturing the accept state so the input index, line, and char
+		// position accurately reflect the state of the interpreter at the
+		// end of the token.
+		if t != TokenEOF {
+			l.Consume(input)
+		}
+		if target.isAcceptState {
+			l.captureSimState(l.prevAccept, input, target)
+			if t == TokenEOF {
+				break
+			}
+		}
+		t = input.LA(1)
+		s = target // flip current DFA target becomes new src/from state
+	}
+
+	return l.failOrAccept(l.prevAccept, input, s.configs, t)
+}
+
+// Get an existing target state for an edge in the DFA. If the target state
+// for the edge has not yet been computed or is otherwise not available,
+// l method returns {@code nil}.
+//
+// @param s The current DFA state
+// @param t The next input symbol
+// @return The existing target DFA state for the given input symbol
+// {@code t}, or {@code nil} if the target state for l edge is not
+// already cached
+func (l *LexerATNSimulator) getExistingTargetState(s *DFAState, t int) *DFAState {
+	if t < LexerATNSimulatorMinDFAEdge || t > LexerATNSimulatorMaxDFAEdge {
+		return nil
+	}
+
+	l.atn.edgeMu.RLock()
+	defer l.atn.edgeMu.RUnlock()
+	if s.getEdges() == nil {
+		return nil
+	}
+	target := s.getIthEdge(t - LexerATNSimulatorMinDFAEdge)
+	if runtimeConfig.lexerATNSimulatorDebug && target != nil {
+		fmt.Println("reuse state " + strconv.Itoa(s.stateNumber) + " edge to " + strconv.Itoa(target.stateNumber))
+	}
+	return target
+}
+
+// computeTargetState computes a target state for an edge in the [DFA], and attempt to add the
+// computed state and corresponding edge to the [DFA].
+//
+// The func returns the computed target [DFA] state for the given input symbol t.
+// If this does not lead to a valid [DFA] state, this method
+// returns ATNSimulatorError.
+func (l *LexerATNSimulator) computeTargetState(input CharStream, s *DFAState, t int) *DFAState {
+	reach := NewOrderedATNConfigSet()
+
+	// if we don't find an existing DFA state
+	// Fill reach starting from closure, following t transitions
+	l.getReachableConfigSet(input, s.configs, reach, t)
+
+	if len(reach.configs) == 0 { // we got nowhere on t from s
+		if !reach.hasSemanticContext {
+			// we got nowhere on t, don't panic out l knowledge it'd
+			// cause a fail-over from DFA later.
+			l.addDFAEdge(s, t, ATNSimulatorError, nil)
+		}
+		// stop when we can't Match any more char
+		return ATNSimulatorError
+	}
+	// Add an edge from s to target DFA found/created for reach
+	return l.addDFAEdge(s, t, nil, reach)
+}
+
+func (l *LexerATNSimulator) failOrAccept(prevAccept *SimState, input CharStream, reach *ATNConfigSet, t int) int {
+	if l.prevAccept.dfaState != nil {
+		lexerActionExecutor := prevAccept.dfaState.lexerActionExecutor
+		l.accept(input, lexerActionExecutor, l.startIndex, prevAccept.index, prevAccept.line, prevAccept.column)
+		return prevAccept.dfaState.prediction
+	}
+
+	// if no accept and EOF is first char, return EOF
+	if t == TokenEOF && input.Index() == l.startIndex {
+		return TokenEOF
+	}
+
+	panic(NewLexerNoViableAltException(l.recog, input, l.startIndex, reach))
+}
+
+// getReachableConfigSet when given a starting configuration set, figures out all [ATN] configurations
+// we can reach upon input t.
+//
+// Parameter reach is a return parameter.
+func (l *LexerATNSimulator) getReachableConfigSet(input CharStream, closure *ATNConfigSet, reach *ATNConfigSet, t int) {
+	// l is used to Skip processing for configs which have a lower priority
+	// than a runtimeConfig that already reached an accept state for the same rule
+	SkipAlt := ATNInvalidAltNumber
+
+	for _, cfg := range closure.configs {
+		currentAltReachedAcceptState := cfg.GetAlt() == SkipAlt
+		if currentAltReachedAcceptState && cfg.passedThroughNonGreedyDecision {
+			continue
+		}
+
+		if runtimeConfig.lexerATNSimulatorDebug {
+
+			fmt.Printf("testing %s at %s\n", l.GetTokenName(t), cfg.String())
+		}
+
+		for _, trans := range cfg.GetState().GetTransitions() {
+			target := l.getReachableTarget(trans, t)
+			if target != nil {
+				lexerActionExecutor := cfg.lexerActionExecutor
+				if lexerActionExecutor != nil {
+					lexerActionExecutor = lexerActionExecutor.fixOffsetBeforeMatch(input.Index() - l.startIndex)
+				}
+				treatEOFAsEpsilon := t == TokenEOF
+				config := NewLexerATNConfig3(cfg, target, lexerActionExecutor)
+				if l.closure(input, config, reach,
+					currentAltReachedAcceptState, true, treatEOFAsEpsilon) {
+					// any remaining configs for l alt have a lower priority
+					// than the one that just reached an accept state.
+					SkipAlt = cfg.GetAlt()
+				}
+			}
+		}
+	}
+}
+
+func (l *LexerATNSimulator) accept(input CharStream, lexerActionExecutor *LexerActionExecutor, startIndex, index, line, charPos int) {
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Printf("ACTION %v\n", lexerActionExecutor)
+	}
+	// seek to after last char in token
+	input.Seek(index)
+	l.Line = line
+	l.CharPositionInLine = charPos
+	if lexerActionExecutor != nil && l.recog != nil {
+		lexerActionExecutor.execute(l.recog, input, startIndex)
+	}
+}
+
+func (l *LexerATNSimulator) getReachableTarget(trans Transition, t int) ATNState {
+	if trans.Matches(t, 0, LexerMaxCharValue) {
+		return trans.getTarget()
+	}
+
+	return nil
+}
+
+func (l *LexerATNSimulator) computeStartState(input CharStream, p ATNState) *ATNConfigSet {
+	configs := NewOrderedATNConfigSet()
+	for i := 0; i < len(p.GetTransitions()); i++ {
+		target := p.GetTransitions()[i].getTarget()
+		cfg := NewLexerATNConfig6(target, i+1, BasePredictionContextEMPTY)
+		l.closure(input, cfg, configs, false, false, false)
+	}
+
+	return configs
+}
+
+// closure since the alternatives within any lexer decision are ordered by
+// preference, this method stops pursuing the closure as soon as an accept
+// state is reached. After the first accept state is reached by depth-first
+// search from runtimeConfig, all other (potentially reachable) states for
+// this rule would have a lower priority.
+//
+// The func returns true if an accept state is reached.
+func (l *LexerATNSimulator) closure(input CharStream, config *ATNConfig, configs *ATNConfigSet,
+	currentAltReachedAcceptState, speculative, treatEOFAsEpsilon bool) bool {
+
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("closure(" + config.String() + ")")
+	}
+
+	_, ok := config.state.(*RuleStopState)
+	if ok {
+
+		if runtimeConfig.lexerATNSimulatorDebug {
+			if l.recog != nil {
+				fmt.Printf("closure at %s rule stop %s\n", l.recog.GetRuleNames()[config.state.GetRuleIndex()], config)
+			} else {
+				fmt.Printf("closure at rule stop %s\n", config)
+			}
+		}
+
+		if config.context == nil || config.context.hasEmptyPath() {
+			if config.context == nil || config.context.isEmpty() {
+				configs.Add(config, nil)
+				return true
+			}
+
+			configs.Add(NewLexerATNConfig2(config, config.state, BasePredictionContextEMPTY), nil)
+			currentAltReachedAcceptState = true
+		}
+		if config.context != nil && !config.context.isEmpty() {
+			for i := 0; i < config.context.length(); i++ {
+				if config.context.getReturnState(i) != BasePredictionContextEmptyReturnState {
+					newContext := config.context.GetParent(i) // "pop" return state
+					returnState := l.atn.states[config.context.getReturnState(i)]
+					cfg := NewLexerATNConfig2(config, returnState, newContext)
+					currentAltReachedAcceptState = l.closure(input, cfg, configs, currentAltReachedAcceptState, speculative, treatEOFAsEpsilon)
+				}
+			}
+		}
+		return currentAltReachedAcceptState
+	}
+	// optimization
+	if !config.state.GetEpsilonOnlyTransitions() {
+		if !currentAltReachedAcceptState || !config.passedThroughNonGreedyDecision {
+			configs.Add(config, nil)
+		}
+	}
+	for j := 0; j < len(config.state.GetTransitions()); j++ {
+		trans := config.state.GetTransitions()[j]
+		cfg := l.getEpsilonTarget(input, config, trans, configs, speculative, treatEOFAsEpsilon)
+		if cfg != nil {
+			currentAltReachedAcceptState = l.closure(input, cfg, configs,
+				currentAltReachedAcceptState, speculative, treatEOFAsEpsilon)
+		}
+	}
+	return currentAltReachedAcceptState
+}
+
+// side-effect: can alter configs.hasSemanticContext
+func (l *LexerATNSimulator) getEpsilonTarget(input CharStream, config *ATNConfig, trans Transition,
+	configs *ATNConfigSet, speculative, treatEOFAsEpsilon bool) *ATNConfig {
+
+	var cfg *ATNConfig
+
+	if trans.getSerializationType() == TransitionRULE {
+
+		rt := trans.(*RuleTransition)
+		newContext := SingletonBasePredictionContextCreate(config.context, rt.followState.GetStateNumber())
+		cfg = NewLexerATNConfig2(config, trans.getTarget(), newContext)
+
+	} else if trans.getSerializationType() == TransitionPRECEDENCE {
+		panic("Precedence predicates are not supported in lexers.")
+	} else if trans.getSerializationType() == TransitionPREDICATE {
+		// Track traversing semantic predicates. If we traverse,
+		// we cannot add a DFA state for l "reach" computation
+		// because the DFA would not test the predicate again in the
+		// future. Rather than creating collections of semantic predicates
+		// like v3 and testing them on prediction, v4 will test them on the
+		// fly all the time using the ATN not the DFA. This is slower but
+		// semantically it's not used that often. One of the key elements to
+		// l predicate mechanism is not adding DFA states that see
+		// predicates immediately afterwards in the ATN. For example,
+
+		// a : ID {p1}? | ID {p2}?
+
+		// should create the start state for rule 'a' (to save start state
+		// competition), but should not create target of ID state. The
+		// collection of ATN states the following ID references includes
+		// states reached by traversing predicates. Since l is when we
+		// test them, we cannot cash the DFA state target of ID.
+
+		pt := trans.(*PredicateTransition)
+
+		if runtimeConfig.lexerATNSimulatorDebug {
+			fmt.Println("EVAL rule " + strconv.Itoa(trans.(*PredicateTransition).ruleIndex) + ":" + strconv.Itoa(pt.predIndex))
+		}
+		configs.hasSemanticContext = true
+		if l.evaluatePredicate(input, pt.ruleIndex, pt.predIndex, speculative) {
+			cfg = NewLexerATNConfig4(config, trans.getTarget())
+		}
+	} else if trans.getSerializationType() == TransitionACTION {
+		if config.context == nil || config.context.hasEmptyPath() {
+			// execute actions anywhere in the start rule for a token.
+			//
+			// TODO: if the entry rule is invoked recursively, some
+			// actions may be executed during the recursive call. The
+			// problem can appear when hasEmptyPath() is true but
+			// isEmpty() is false. In this case, the config needs to be
+			// split into two contexts - one with just the empty path
+			// and another with everything but the empty path.
+			// Unfortunately, the current algorithm does not allow
+			// getEpsilonTarget to return two configurations, so
+			// additional modifications are needed before we can support
+			// the split operation.
+			lexerActionExecutor := LexerActionExecutorappend(config.lexerActionExecutor, l.atn.lexerActions[trans.(*ActionTransition).actionIndex])
+			cfg = NewLexerATNConfig3(config, trans.getTarget(), lexerActionExecutor)
+		} else {
+			// ignore actions in referenced rules
+			cfg = NewLexerATNConfig4(config, trans.getTarget())
+		}
+	} else if trans.getSerializationType() == TransitionEPSILON {
+		cfg = NewLexerATNConfig4(config, trans.getTarget())
+	} else if trans.getSerializationType() == TransitionATOM ||
+		trans.getSerializationType() == TransitionRANGE ||
+		trans.getSerializationType() == TransitionSET {
+		if treatEOFAsEpsilon {
+			if trans.Matches(TokenEOF, 0, LexerMaxCharValue) {
+				cfg = NewLexerATNConfig4(config, trans.getTarget())
+			}
+		}
+	}
+	return cfg
+}
+
+// evaluatePredicate eEvaluates a predicate specified in the lexer.
+//
+// If speculative is true, this method was called before
+// [consume] for the Matched character. This method should call
+// [consume] before evaluating the predicate to ensure position
+// sensitive values, including [GetText], [GetLine],
+// and [GetColumn], properly reflect the current
+// lexer state. This method should restore input and the simulator
+// to the original state before returning, i.e. undo the actions made by the
+// call to [Consume].
+//
+// The func returns true if the specified predicate evaluates to true.
+func (l *LexerATNSimulator) evaluatePredicate(input CharStream, ruleIndex, predIndex int, speculative bool) bool {
+	// assume true if no recognizer was provided
+	if l.recog == nil {
+		return true
+	}
+	if !speculative {
+		return l.recog.Sempred(nil, ruleIndex, predIndex)
+	}
+	savedcolumn := l.CharPositionInLine
+	savedLine := l.Line
+	index := input.Index()
+	marker := input.Mark()
+
+	defer func() {
+		l.CharPositionInLine = savedcolumn
+		l.Line = savedLine
+		input.Seek(index)
+		input.Release(marker)
+	}()
+
+	l.Consume(input)
+	return l.recog.Sempred(nil, ruleIndex, predIndex)
+}
+
+func (l *LexerATNSimulator) captureSimState(settings *SimState, input CharStream, dfaState *DFAState) {
+	settings.index = input.Index()
+	settings.line = l.Line
+	settings.column = l.CharPositionInLine
+	settings.dfaState = dfaState
+}
+
+func (l *LexerATNSimulator) addDFAEdge(from *DFAState, tk int, to *DFAState, cfgs *ATNConfigSet) *DFAState {
+	if to == nil && cfgs != nil {
+		// leading to l call, ATNConfigSet.hasSemanticContext is used as a
+		// marker indicating dynamic predicate evaluation makes l edge
+		// dependent on the specific input sequence, so the static edge in the
+		// DFA should be omitted. The target DFAState is still created since
+		// execATN has the ability to reSynchronize with the DFA state cache
+		// following the predicate evaluation step.
+		//
+		// TJP notes: next time through the DFA, we see a pred again and eval.
+		// If that gets us to a previously created (but dangling) DFA
+		// state, we can continue in pure DFA mode from there.
+		//
+		suppressEdge := cfgs.hasSemanticContext
+		cfgs.hasSemanticContext = false
+		to = l.addDFAState(cfgs, true)
+
+		if suppressEdge {
+			return to
+		}
+	}
+	// add the edge
+	if tk < LexerATNSimulatorMinDFAEdge || tk > LexerATNSimulatorMaxDFAEdge {
+		// Only track edges within the DFA bounds
+		return to
+	}
+	if runtimeConfig.lexerATNSimulatorDebug {
+		fmt.Println("EDGE " + from.String() + " -> " + to.String() + " upon " + strconv.Itoa(tk))
+	}
+	l.atn.edgeMu.Lock()
+	defer l.atn.edgeMu.Unlock()
+	if from.getEdges() == nil {
+		// make room for tokens 1..n and -1 masquerading as index 0
+		from.setEdges(make([]*DFAState, LexerATNSimulatorMaxDFAEdge-LexerATNSimulatorMinDFAEdge+1))
+	}
+	from.setIthEdge(tk-LexerATNSimulatorMinDFAEdge, to) // connect
+
+	return to
+}
+
+// Add a NewDFA state if there isn't one with l set of
+// configurations already. This method also detects the first
+// configuration containing an ATN rule stop state. Later, when
+// traversing the DFA, we will know which rule to accept.
+func (l *LexerATNSimulator) addDFAState(configs *ATNConfigSet, suppressEdge bool) *DFAState {
+
+	proposed := NewDFAState(-1, configs)
+	var firstConfigWithRuleStopState *ATNConfig
+
+	for _, cfg := range configs.configs {
+		_, ok := cfg.GetState().(*RuleStopState)
+
+		if ok {
+			firstConfigWithRuleStopState = cfg
+			break
+		}
+	}
+	if firstConfigWithRuleStopState != nil {
+		proposed.isAcceptState = true
+		proposed.lexerActionExecutor = firstConfigWithRuleStopState.lexerActionExecutor
+		proposed.setPrediction(l.atn.ruleToTokenType[firstConfigWithRuleStopState.GetState().GetRuleIndex()])
+	}
+	dfa := l.decisionToDFA[l.mode]
+
+	l.atn.stateMu.Lock()
+	defer l.atn.stateMu.Unlock()
+	existing, present := dfa.Get(proposed)
+	if present {
+
+		// This state was already present, so just return it.
+		//
+		proposed = existing
+	} else {
+
+		// We need to add the new state
+		//
+		proposed.stateNumber = dfa.Len()
+		configs.readOnly = true
+		configs.configLookup = nil // Not needed now
+		proposed.configs = configs
+		dfa.Put(proposed)
+	}
+	if !suppressEdge {
+		dfa.setS0(proposed)
+	}
+	return proposed
+}
+
+func (l *LexerATNSimulator) getDFA(mode int) *DFA {
+	return l.decisionToDFA[mode]
+}
+
+// GetText returns the text [Match]ed so far for the current token.
+func (l *LexerATNSimulator) GetText(input CharStream) string {
+	// index is first lookahead char, don't include.
+	return input.GetTextFromInterval(NewInterval(l.startIndex, input.Index()-1))
+}
+
+func (l *LexerATNSimulator) Consume(input CharStream) {
+	curChar := input.LA(1)
+	if curChar == int('\n') {
+		l.Line++
+		l.CharPositionInLine = 0
+	} else {
+		l.CharPositionInLine++
+	}
+	input.Consume()
+}
+
+func (l *LexerATNSimulator) GetCharPositionInLine() int {
+	return l.CharPositionInLine
+}
+
+func (l *LexerATNSimulator) GetLine() int {
+	return l.Line
+}
+
+func (l *LexerATNSimulator) GetTokenName(tt int) string {
+	if tt == -1 {
+		return "EOF"
+	}
+
+	var sb strings.Builder
+	sb.Grow(6)
+	sb.WriteByte('\'')
+	sb.WriteRune(rune(tt))
+	sb.WriteByte('\'')
+
+	return sb.String()
+}
+
+func resetSimState(sim *SimState) {
+	sim.index = -1
+	sim.line = 0
+	sim.column = -1
+	sim.dfaState = nil
+}
+
+type SimState struct {
+	index    int
+	line     int
+	column   int
+	dfaState *DFAState
+}
+
+func NewSimState() *SimState {
+	s := new(SimState)
+	resetSimState(s)
+	return s
+}
+
+func (s *SimState) reset() {
+	resetSimState(s)
+}
--- a/Show More
+++ b/Show More