fix(deps): update minor dependencies

fix(deps): update patch digest dependencies
fix(deps): update module google.golang.org/grpc to v1.74.2
2025-08-10 09:51:11 +00:00 · 2025-08-10 09:42:48 +00:00 · 2025-07-27 06:10:45 +00:00 · 2025-07-27 06:00:54 +00:00 · 2025-07-20 10:04:41 +00:00 · 2025-07-13 05:18:43 +00:00
735 changed files with 53723 additions and 22204 deletions
--- a/.coderabbit.yaml
+++ b/.coderabbit.yaml
@ -1,23 +0,0 @@
-# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
-language: "en-US"
-early_access: false
-reviews:
-  request_changes_workflow: false
-  high_level_summary: false
-  poem: false
-  review_status: true
-  collapse_walkthrough: false
-  auto_review:
-    enabled: true
-    ignore_title_keywords:
-      - "WIP"
-      - "DO NOT MERGE"
-    drafts: false
-    base_branches:
-      - master
-  path_filters:
-    - "!vendor/**"
-    - "!go.mod"
-    - "!go.sum"
-chat:
-  auto_reply: true
--- a/.github/workflows/backport-pr.yml
+++ b/.github/workflows/backport-pr.yml
@ -0,0 +1,12 @@
+name: Link-Backport-PR-Issue
+
+on:
+  pull_request:
+    types: [opened]
+    branches:
+      - master
+      - "v*"
+
+jobs:
+  call-workflow:
+    uses: longhorn/longhorn/.github/workflows/backport-pr.yml@master
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -7,14 +7,53 @@ on:
    tags:
    - v*
  pull_request:
+  workflow_dispatch:
 jobs:
  build:
    name: Build binaries
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
+    outputs:
+      version_major: ${{ steps.build_info.outputs.version_major }}
+      version_minor: ${{ steps.build_info.outputs.version_minor }}
+      version_patch: ${{ steps.build_info.outputs.version_patch }}
+      image_tag: ${{ steps.build_info.outputs.image_tag }}
+
    steps:
    - name: Checkout code
      uses: actions/checkout@v4

+    - id: build_info
+      name: Declare build info
+      run: |
+        version_major=''
+        version_minor=''
+        version_patch=''
+        image_tag=''
+
+        branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+        ref=${{ github.ref }}
+        if [[ "$ref" =~ 'refs/tags/' ]]; then
+          version=$(sed -E 's/^v([0-9]*\.[0-9]*\.[0-9]*).*$/\1/' <<<$ref )
+          version_major=$(cut -d. -f1 <<<$version)
+          version_minor=$(cut -d. -f2 <<<$version)
+          version_patch=$(cut -d. -f3 <<<$version)
+          image_tag=${{ github.ref_name }}
+        elif [[ "$ref" =~ 'refs/heads/' ]]; then
+          image_tag="${branch}-head"
+        fi
+
+        echo "version_major=${version_major}" >>$GITHUB_OUTPUT
+        echo "version_minor=${version_minor}" >>$GITHUB_OUTPUT
+        echo "version_patch=${version_patch}" >>$GITHUB_OUTPUT
+        echo "image_tag=${image_tag}" >>$GITHUB_OUTPUT
+
+        cat <<EOF
+        version_major=${version_major}
+        version_minor=${version_minor}
+        version_patch=${version_patch}
+        image_tag=${image_tag}
+        EOF
+
    # Build binaries
    - name: Run ci
      run: make ci
@ -25,45 +64,21 @@ jobs:
        flags: unittests
        token: ${{ secrets.CODECOV_TOKEN }}

-    - name: Upload binaries
-      uses: actions/upload-artifact@v4
-      with:
-        name: binaries_artifact
-        path: ./bin/*
-
  build_push_image:
    name: Build and push image
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
    needs: build
    if: ${{ startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/') }}
    steps:
    - name: Checkout code
      uses: actions/checkout@v4

-    - name: Download binaries
-      uses: actions/download-artifact@v4
-      with:
-        name: binaries_artifact
-        path: ./bin/
-
-    - name: Add executable permission
-      run: |
-        chmod +x ./bin/*
-
-    - name: Copy bin folder to package
-      run: |
-        cp -r ./bin ./package/
-
    # For multi-platform support
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v3
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3

-    - name: Declare branch
-      run: |
-        echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_ENV"
-
    - name: Login to Docker Hub
      uses: docker/login-action@v3
      with:
@ -71,24 +86,9 @@ jobs:
        password: ${{ secrets.DOCKER_PASSWORD }}

    # longhornio/longhorn-share-manager image
-    - name: docker-publish
-      if: ${{ startsWith(github.ref, 'refs/heads/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: ./
-        push: true
-        platforms: linux/amd64,linux/arm64
-        tags: longhornio/longhorn-share-manager:${{ env.branch }}-head
-        file: package/Dockerfile
-        sbom: true
-
-    - name: docker-publish-with-tag
-      if: ${{ startsWith(github.ref, 'refs/tags/') }}
-      uses: docker/build-push-action@v5
-      with:
-        context: ./
-        push: true
-        platforms: linux/amd64,linux/arm64
-        tags: longhornio/longhorn-share-manager:${{ github.ref_name }}
-        file: package/Dockerfile
-        sbom: true
+    - name: Build and publish image
+      env:
+        REPO: docker.io/longhornio
+        TAG: ${{ needs.build.outputs.image_tag }}
+        TARGET_PLATFORMS: linux/amd64,linux/arm64
+      run: make workflow-image-build-push
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@ -1,18 +1,21 @@
-FROM registry.suse.com/bci/golang:1.23
+FROM registry.suse.com/bci/golang:1.24

 ARG DAPPER_HOST_ARCH
+ARG SRC_BRANCH=master
+ARG SRC_TAG
+ARG CACHEBUST
 ARG http_proxy
 ARG https_proxy

 ENV HOST_ARCH=${DAPPER_HOST_ARCH} ARCH=${DAPPER_HOST_ARCH}
 ENV PATH /go/bin:$PATH
 ENV DAPPER_DOCKER_SOCKET true
-ENV DAPPER_ENV TAG REPO DRONE_REPO DRONE_PULL_REQUEST DRONE_COMMIT_REF
+ENV DAPPER_ENV TAG REPO DRONE_REPO DRONE_PULL_REQUEST DRONE_COMMIT_REF ARCHS
 ENV DAPPER_OUTPUT bin coverage.out
 ENV DAPPER_RUN_ARGS --privileged -v /dev:/host/dev -v /proc:/host/proc
 ENV DAPPER_SOURCE /go/src/github.com/longhorn/longhorn-share-manager
-
-ENV GOLANGCI_LINT_VERSION="v1.60.3"
+ENV SRC_BRANCH ${SRC_BRANCH}
+ENV SRC_TAG ${SRC_TAG}

 WORKDIR ${DAPPER_SOURCE}
 ENTRYPOINT ["./scripts/entry"]
@ -26,7 +29,7 @@ RUN zypper -n install wget git jq tar gzip gcc linux-glibc-devel glibc-devel-sta
    rm -rf /var/cache/zypp/*

 # Install golangci-lint
-RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
+RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin latest

 # Install docker buildx: The docker version in dapper is too old to have buildx. Install it manually.
 RUN curl -sSfLO https://github.com/docker/buildx/releases/download/v0.13.1/buildx-v0.13.1.linux-${ARCH} && \
--- a/27
+++ b/27
@ -1,4 +1,15 @@
+PROJECT := longhorn-share-manager
 TARGETS := $(shell ls scripts)
+MACHINE := longhorn
+# Define the target platforms that can be used across the ecosystem.
+# Note that what would actually be used for a given project will be
+# defined in TARGET_PLATFORMS, and must be a subset of the below:
+DEFAULT_PLATFORMS := linux/amd64,linux/arm64
+
+export SRC_BRANCH := $(shell bash -c 'source <(curl -s "https://raw.githubusercontent.com/longhorn/dep-versions/master/scripts/common.sh") && get_branch')
+export SRC_TAG := $(shell git tag --points-at HEAD | head -n 1)
+
+export CACHEBUST := $(shell date +%s)

 .dapper:
 	@echo Downloading dapper
@ -10,6 +21,22 @@ TARGETS := $(shell ls scripts)
 $(TARGETS): .dapper
 	./.dapper $@

+.PHONY: buildx-machine
+buildx-machine:
+	@docker buildx create --name=$(MACHINE) --platform=$(DEFAULT_PLATFORMS) 2>/dev/null || true
+	docker buildx inspect $(MACHINE)
+
+# variables needed from GHA caller:
+# - REPO: image repo, include $registry/$repo_path
+# - TAG: image tag
+# - TARGET_PLATFORMS: optional, to be passed for buildx's --platform option
+# - IID_FILE_FLAG: optional, options to generate image ID file
+.PHONY: workflow-image-build-push workflow-image-build-push-secure
+workflow-image-build-push: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' IMAGE_NAME=$(PROJECT) bash scripts/package
+workflow-image-build-push-secure: buildx-machine
+	MACHINE=$(MACHINE) PUSH='true' IMAGE_NAME=$(PROJECT) IS_SECURE=true bash scripts/package
+
 .DEFAULT_GOAL := ci

 .PHONY: $(TARGETS)
--- a/app/cmd/server.go
+++ b/app/cmd/server.go
@ -1,6 +1,7 @@
 package cmd

 import (
+	"fmt"
 	"net"
 	"os"
 	"os/signal"
@ -16,6 +17,7 @@ import (

 	"github.com/longhorn/longhorn-share-manager/pkg/rpc"
 	"github.com/longhorn/longhorn-share-manager/pkg/server"
+	"github.com/longhorn/longhorn-share-manager/pkg/types"
 	"github.com/longhorn/longhorn-share-manager/pkg/util"
 	"github.com/longhorn/longhorn-share-manager/pkg/volume"
 )
@ -33,6 +35,11 @@ func ServerCmd() cli.Command {
 				Usage:    "The volume to export via the nfs server",
 				Required: true,
 			},
+			cli.StringFlag{
+				Name:     "data-engine",
+				Usage:    "The volume data engine",
+				Required: true,
+			},
 			cli.BoolFlag{
 				Name:     "encrypted",
 				Usage:    "signals that a volume is encrypted",
@ -84,6 +91,7 @@ func ServerCmd() cli.Command {
 		Action: func(c *cli.Context) {
 			vol := volume.Volume{
 				Name:            c.String("volume"),
+				DataEngine:      c.String("data-engine"),
 				Passphrase:      c.String("passphrase"),
 				CryptoKeyCipher: c.String("crytpokeycipher"),
 				CryptoKeyHash:   c.String("crytpokeyhash"),
@ -106,6 +114,11 @@ func ServerCmd() cli.Command {

 func start(vol volume.Volume) error {
 	logger := util.NewLogger()
+	if vol.DataEngine != types.DataEngineTypeV1 && vol.DataEngine != types.DataEngineTypeV2 {
+		logger.Errorf("Invalid data engine value: %s", vol.DataEngine)
+		return fmt.Errorf("invalid data engine value: %s", vol.DataEngine)
+	}
+
 	manager, err := server.NewShareManager(logger, vol)
 	if err != nil {
 		return err
--- a/go.mod
+++ b/go.mod
@ -1,8 +1,8 @@
 module github.com/longhorn/longhorn-share-manager

-go 1.23.0
+go 1.24.0

-toolchain go1.23.4
+toolchain go1.24.6

 // Replace directives are required for dependencies in this section because:
 // - This module imports k8s.io/kubernetes.
@ -19,80 +19,76 @@ toolchain go1.23.4
 // the portions of k8s.io/kubernetes code this module actually uses, not all of the replace directives may strictly be
 // necessary. However, it is better to include all of them for consistency.
 replace (
-	k8s.io/api => k8s.io/api v0.32.0
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.32.0
-	k8s.io/apimachinery => k8s.io/apimachinery v0.32.0
-	k8s.io/apiserver => k8s.io/apiserver v0.32.0
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.32.0
-	k8s.io/client-go => k8s.io/client-go v0.32.0
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.32.0
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.32.0
-	k8s.io/code-generator => k8s.io/code-generator v0.32.0
-	k8s.io/component-base => k8s.io/component-base v0.32.0
-	k8s.io/component-helpers => k8s.io/component-helpers v0.32.0
-	k8s.io/controller-manager => k8s.io/controller-manager v0.32.0
-	k8s.io/cri-api => k8s.io/cri-api v0.32.0
-	k8s.io/cri-client => k8s.io/cri-client v0.32.0
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.32.0
-	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.32.0
-	k8s.io/endpointslice => k8s.io/endpointslice v0.32.0
-	k8s.io/kms => k8s.io/kms v0.32.0
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.32.0
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.32.0
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.32.0
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.32.0
-	k8s.io/kubectl => k8s.io/kubectl v0.32.0
-	k8s.io/kubelet => k8s.io/kubelet v0.32.0
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.8
-	k8s.io/metrics => k8s.io/metrics v0.32.0
-	k8s.io/mount-utils => k8s.io/mount-utils v0.32.0
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.32.0
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.32.0
+	k8s.io/api => k8s.io/api v0.33.3
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.33.3
+	k8s.io/apimachinery => k8s.io/apimachinery v0.33.3
+	k8s.io/apiserver => k8s.io/apiserver v0.33.3
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.33.3
+	k8s.io/client-go => k8s.io/client-go v0.33.3
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.33.3
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.33.3
+	k8s.io/code-generator => k8s.io/code-generator v0.33.3
+	k8s.io/component-base => k8s.io/component-base v0.33.3
+	k8s.io/component-helpers => k8s.io/component-helpers v0.33.3
+	k8s.io/controller-manager => k8s.io/controller-manager v0.33.3
+	k8s.io/cri-api => k8s.io/cri-api v0.33.3
+	k8s.io/cri-client => k8s.io/cri-client v0.33.3
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.33.3
+	k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.33.3
+	k8s.io/endpointslice => k8s.io/endpointslice v0.33.3
+	k8s.io/kms => k8s.io/kms v0.33.3
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.33.3
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.33.3
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.33.3
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.33.3
+	k8s.io/kubectl => k8s.io/kubectl v0.33.3
+	k8s.io/kubelet => k8s.io/kubelet v0.33.3
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.14
+	k8s.io/metrics => k8s.io/metrics v0.33.3
+	k8s.io/mount-utils => k8s.io/mount-utils v0.33.3
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.33.3
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.33.3
 )

 require (
 	github.com/google/fscrypt v0.3.5
-	github.com/longhorn/go-common-libs v0.0.0-20241217170247-b8a12cee7f65
-	github.com/longhorn/types v0.0.0-20241217083824-2e0ecb487ccf
+	github.com/longhorn/go-common-libs v0.0.0-20250809060702-aec53ac032f0
+	github.com/longhorn/types v0.0.0-20250710112743-e3a1e9e2a9c1
 	github.com/mitchellh/go-ps v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
-	github.com/urfave/cli v1.22.16
-	golang.org/x/net v0.33.0
-	golang.org/x/sys v0.28.0
-	google.golang.org/grpc v1.69.0
-	google.golang.org/protobuf v1.36.0
-	k8s.io/api v0.32.0
-	k8s.io/apimachinery v0.32.0
-	k8s.io/client-go v0.32.0
-	k8s.io/kubernetes v1.32.0
-	k8s.io/mount-utils v0.32.0
-	k8s.io/utils v0.0.0-20241210054802-24370beab758
+	github.com/urfave/cli v1.22.17
+	golang.org/x/net v0.43.0
+	golang.org/x/sys v0.35.0
+	google.golang.org/grpc v1.74.2
+	google.golang.org/protobuf v1.36.7
+	k8s.io/api v0.33.3
+	k8s.io/apimachinery v0.33.3
+	k8s.io/client-go v0.33.3
+	k8s.io/kubernetes v1.33.3
+	k8s.io/mount-utils v0.33.3
+	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
 )

 require (
 	github.com/c9s/goprocinfo v0.0.0-20210130143923-c95fcf8c64a8 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/moby/sys/mountinfo v0.7.2 // indirect
-	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
@ -102,18 +98,19 @@ require (
 	github.com/shirou/gopsutil/v3 v3.24.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
+	golang.org/x/exp v0.0.0-20250808145144-a408d31f581a // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/term v0.34.0 // indirect
+	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/time v0.9.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,10 +1,8 @@
-github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/c9s/goprocinfo v0.0.0-20210130143923-c95fcf8c64a8 h1:SjZ2GvvOononHOpK84APFuMvxqsk3tEIaKH/z4Rpu3g=
 github.com/c9s/goprocinfo v0.0.0-20210130143923-c95fcf8c64a8/go.mod h1:uEyr4WpAH4hio6LFriaPkL938XnrvLpNPmQHBdrmbIE=
-github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
-github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
+github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -12,12 +10,10 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
 github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
@ -38,14 +34,12 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/fscrypt v0.3.5 h1:RunYtVg2Z79hfh1W1ZP1k7TaSMYkbELUyMMzAmikyTc=
 github.com/google/fscrypt v0.3.5/go.mod h1:HyY8Z/kUPrnIKAwuhjrn2tSTM5/s9zfRRTqRMG0mHks=
-github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
-github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
+github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
 github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
@ -63,18 +57,16 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/longhorn/go-common-libs v0.0.0-20241217170247-b8a12cee7f65 h1:8lLw5EGeU3roroeg+fN6B2LCnm0Z425tWpwbA8vzmZk=
-github.com/longhorn/go-common-libs v0.0.0-20241217170247-b8a12cee7f65/go.mod h1:LiwSR56HRbeCok7CXYUO3lOwgAW7Spg73qIkM3ZyTJw=
-github.com/longhorn/types v0.0.0-20241217083824-2e0ecb487ccf h1:7TFVWpGl0MB9osrliT+j6+Jdr1cAuR/U2noPx0H9yYY=
-github.com/longhorn/types v0.0.0-20241217083824-2e0ecb487ccf/go.mod h1:3jHuVDtpkXQzpnp4prguDBskVRric2kmF8aSPkRJ4jw=
+github.com/longhorn/go-common-libs v0.0.0-20250809060702-aec53ac032f0 h1:AwMOBDw2ZwQb6rlUh8eHJVaaoUNq82160klizoo+l6o=
+github.com/longhorn/go-common-libs v0.0.0-20250809060702-aec53ac032f0/go.mod h1:Vnwia0RtGsDJ/lgYCXtIGgMTtpROsHQcDi7Hs7+BZgM=
+github.com/longhorn/types v0.0.0-20250710112743-e3a1e9e2a9c1 h1:Lox/NlebN9jOc9JXokB270iyeMlyUw9gRePBy5LKwz0=
+github.com/longhorn/types v0.0.0-20250710112743-e3a1e9e2a9c1/go.mod h1:3bhH8iUZGZT3kA/B1DYMGzpdzfacqeexOt4SHo4/C2I=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc=
 github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg=
 github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
 github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
-github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
-github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@ -90,13 +82,12 @@ github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jD
 github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
@ -108,6 +99,7 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@ -115,43 +107,45 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ=
-github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/urfave/cli v1.22.17 h1:SYzXoiPfQjHBbkYxbew5prZHS1TOLT3ierW8SYLqtVQ=
+github.com/urfave/cli v1.22.17/go.mod h1:b0ht0aqgH/6pBYzzxURyrM4xXNgsoT/n2ZzwQiEhNVo=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
-go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
-go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
-go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
-go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
-go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
-go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
-go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
-go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
-go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg=
+go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E=
+go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE=
+go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
+go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
+go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
+go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
+go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
+go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
+go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
-golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
-golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
+golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4=
+golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc=
+golang.org/x/exp v0.0.0-20250808145144-a408d31f581a h1:Y+7uR/b1Mw2iSXZ3G//1haIiSElDQZ8KWh0h+sZPG90=
+golang.org/x/exp v0.0.0-20250808145144-a408d31f581a/go.mod h1:rT6SFzZ7oxADUDx58pcaKFTcZ+inxAa9fTrYx/uVYwg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
-golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
+golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -161,32 +155,32 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
-golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
+golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
-google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI=
-google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
-google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ=
-google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1:v2PbRU4K3llS09c7zodFpNePeamkAwG3mPrAery9VeE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
+google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4=
+google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM=
+google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A=
+google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
@ -198,25 +192,28 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
-k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
-k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
-k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
-k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
-k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
+k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
+k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
+k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
+k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
+k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
-k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
-k8s.io/kubernetes v1.32.0 h1:4BDBWSolqPrv8GC3YfZw0CJvh5kA1TPnoX0FxDVd+qc=
-k8s.io/kubernetes v1.32.0/go.mod h1:tiIKO63GcdPRBHW2WiUFm3C0eoLczl3f7qi56Dm1W8I=
-k8s.io/mount-utils v0.32.0 h1:KOQAhPzJICATXnc6XCkWoexKbkOexRnMCUW8APFfwg4=
-k8s.io/mount-utils v0.32.0/go.mod h1:Kun5c2svjAPx0nnvJKYQWhfeNW+O0EpzHgRhDcYoSY0=
-k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
-k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
+k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
+k8s.io/kubernetes v1.33.3 h1:dBx5Z2ZhR8kNzAwCoCz4j1niUbUrNUDVxeSj4/Ienu0=
+k8s.io/kubernetes v1.33.3/go.mod h1:nrt8sldmckKz2fCZhgRX3SKfS2e+CzXATPv6ITNkU00=
+k8s.io/mount-utils v0.33.3 h1:Q1jsnqdS4LdtJSYSXgiQv/XNrRHQncLk3gMYjKNSZrE=
+k8s.io/mount-utils v0.33.3/go.mod h1:1JR4rKymg8B8bCPo618hpSAdrpO6XLh0Acqok/xVwPE=
+k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
+k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
+sigs.k8s.io/randfill v0.0.0-20250304075658-069ef1bbf016/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
+sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0 h1:IUA9nvMmnKWcj5jl84xn+T5MnlZKThmUW1TdblaLVAc=
+sigs.k8s.io/structured-merge-diff/v4 v4.6.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/package/Dockerfile
+++ b/package/Dockerfile
@ -1,6 +1,21 @@
-# syntax=docker/dockerfile:1.12.1
+# syntax=docker/dockerfile:1.17.1
+FROM registry.suse.com/bci/golang:1.24 AS app_builder

-FROM registry.suse.com/bci/bci-base:15.6 AS build
+WORKDIR /app
+
+# Copy the build script and source code
+COPY . /app
+
+# Make the build script executable
+RUN chmod +x /app/scripts/build
+
+# Run the build script
+RUN /app/scripts/build
+
+FROM registry.suse.com/bci/bci-base:15.7 AS lib_builder
+
+ARG SRC_BRANCH=master
+ARG SRC_TAG

 RUN zypper -n ref && \
    zypper update -y
@ -14,43 +29,30 @@ RUN zypper -n addrepo --refresh https://download.opensuse.org/repositories/syste

 RUN zypper -n install autoconf bison curl cmake doxygen make git gcc14 gcc14-c++ flex Mesa-libGL-devel libdbus-1-3 \
    nfsidmap-devel liburcu-devel libblkid-devel e2fsprogs e2fsprogs-devel xfsprogs xfsprogs-devel \
-    tar gzip dbus-1-devel lsb-release graphviz-devel libnsl-devel libcurl-devel libjson-c-devel libacl-devel && \
+    tar gzip dbus-1-devel lsb-release graphviz-devel libnsl-devel libcurl-devel libjson-c-devel libacl-devel jq && \
    rm -rf /var/cache/zypp/*

-RUN curl -L https://github.com/rancher/nfs-ganesha/archive/refs/tags/v6_20241216.tar.gz | tar zx \
-	  && curl -L https://github.com/nfs-ganesha/ntirpc/archive/refs/tags/v6.0.1.tar.gz | tar zx \
-	  && mv nfs-ganesha-6_20241216 nfs-ganesha \
-	  && rm -r nfs-ganesha/src/libntirpc \
-	  && mv ntirpc-6.0.1 nfs-ganesha/src/libntirpc
-WORKDIR /nfs-ganesha
+RUN git clone https://github.com/longhorn/dep-versions.git -b ${SRC_BRANCH} /usr/src/dep-versions && \
+    cd /usr/src/dep-versions && \
+    if [ -n "${SRC_TAG}" ] && git show-ref --tags ${SRC_TAG} > /dev/null 2>&1; then \
+        echo "Checking out tag ${SRC_TAG}"; \
+        cd /usr/src/dep-versions && git checkout tags/${SRC_TAG}; \
+    fi

-# build ganesha only supporting nfsv4 and vfs
-# Set NFS_V4_RECOV_ROOT to /tmp we don't support recovery in this release
-# we disable dbus (-DUSE_DBUS=OFF) for the single share manager since we don't use dynamic exports
-ENV CC=/usr/bin/gcc-14 \
-    CXX=/usr/bin/g++-14
-RUN mkdir -p /usr/local \
-    && cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_CONFIG=vfs_only \
-    -DUSE_DBUS=OFF -DUSE_NLM=OFF -DUSE_RQUOTA=OFF -DUSE_9P=OFF -D_MSPAC_SUPPORT=OFF -DRPCBIND=OFF \
-    -DUSE_RADOS_RECOV=OFF -DRADOS_URLS=OFF -DUSE_FSAL_VFS=ON -DUSE_FSAL_XFS=OFF \
-    -DUSE_FSAL_PROXY_V4=OFF -DUSE_FSAL_PROXY_V3=OFF -DUSE_FSAL_LUSTRE=OFF -DUSE_FSAL_LIZARDFS=OFF \
-    -DUSE_FSAL_KVSFS=OFF -DUSE_FSAL_CEPH=OFF -DUSE_FSAL_GPFS=OFF -DUSE_FSAL_PANFS=OFF -DUSE_FSAL_GLUSTER=OFF \
-    -DUSE_GSS=NO -DHAVE_ACL_GET_FD_NP=ON -DHAVE_ACL_SET_FD_NP=ON \
-    -DCMAKE_INSTALL_PREFIX=/usr/local src/ \
-	  && make \
-	  && make install
-RUN mkdir -p /ganesha-extra \
-    && mkdir -p /ganesha-extra/etc/dbus-1/system.d \
-    && cp src/scripts/ganeshactl/org.ganesha.nfsd.conf /ganesha-extra/etc/dbus-1/system.d/
+# Build nfs-ganesha
+RUN export REPO_OVERRIDE="" && \
+    export COMMIT_ID_OVERRIDE="" && \
+    bash /usr/src/dep-versions/scripts/build-nfs-ganesha.sh "${REPO_OVERRIDE}" "${COMMIT_ID_OVERRIDE}"

-FROM registry.suse.com/bci/bci-base:15.6
+
+FROM registry.suse.com/bci/bci-base:15.7 AS release

 ARG TARGETPLATFORM
 RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
    exit 1; \
    fi
-ENV ARCH ${TARGETPLATFORM#linux/}
+ENV ARCH=${TARGETPLATFORM#linux/}

 RUN zypper -n ref && \
    zypper update -y
@ -59,7 +61,8 @@ RUN zypper addrepo --refresh https://download.opensuse.org/repositories/system:/
    zypper --gpg-auto-import-keys ref

 # RUN microdnf install -y nano tar lsof e2fsprogs fuse-libs libss libblkid userspace-rcu dbus-x11 rpcbind hostname nfs-utils xfsprogs jemalloc libnfsidmap && microdnf clean all
-RUN zypper -n install rpcbind hostname libblkid1 liburcu6 libjson-c* dbus-1-x11 dbus-1 nfsidmap-devel nfs-kernel-server nfs-client nfs4-acl-tools xfsprogs e2fsprogs awk && \
+RUN zypper -n install rpcbind hostname libblkid1 liburcu6 libjson-c* dbus-1-x11 dbus-1 nfsidmap-devel \
+    nfs-kernel-server nfs-client nfs4-acl-tools xfsprogs e2fsprogs awk && \
    rm -rf /var/cache/zypp/*

 RUN mkdir -p /var/run/dbus && mkdir -p /export
@ -73,9 +76,9 @@ RUN sed -i s/systemd// /etc/nsswitch.conf
 # ganesha reads /etc/mtab for mounted volumes
 RUN ln -sf /proc/self/mounts /etc/mtab

-COPY --from=build /usr/local /usr/local/
-COPY --from=build /ganesha-extra /
-COPY package/bin/longhorn-share-manager-${ARCH} /longhorn-share-manager
+COPY --from=lib_builder /usr/local /usr/local/
+COPY --from=lib_builder /ganesha-extra /
+COPY --from=app_builder /app/bin/longhorn-share-manager-${ARCH} /longhorn-share-manager

 # run ldconfig after libs have been copied
 RUN ldconfig
--- a/pkg/crypto/crypto.go
+++ b/pkg/crypto/crypto.go
@ -29,8 +29,9 @@ func EncryptVolume(devicePath, passphrase, keyCipher, keyHash, keySize, pbkdf st
 }

 // OpenVolume opens volume so that it can be used by the client.
-func OpenVolume(volume, devicePath, passphrase string) error {
-	devPath := types.GetVolumeDevicePath(volume, true)
+// devicePath is the path of the volume on the host that will be opened for instance '/dev/longhorn/volume1'
+func OpenVolume(volume, dataEngine, devicePath, passphrase string) error {
+	devPath := types.GetVolumeDevicePath(volume, dataEngine, true)
 	if isOpen, _ := IsDeviceOpen(devPath); isOpen {
 		logrus.Debugf("Device %s is already opened at %s", devicePath, devPath)
 		return nil
@ -42,33 +43,36 @@ func OpenVolume(volume, devicePath, passphrase string) error {
 		return err
 	}

-	logrus.Debugf("Opening device %s with LUKS on %s", devicePath, volume)
-	_, err = nsexec.LuksOpen(volume, devicePath, passphrase, lhtypes.LuksTimeout)
+	encryptedDevName := types.GetEncryptVolumeName(volume, dataEngine)
+	logrus.Debugf("Opening device %s with LUKS on %s", devicePath, encryptedDevName)
+	_, err = nsexec.LuksOpen(encryptedDevName, devicePath, passphrase, lhtypes.LuksTimeout)
 	if err != nil {
-		logrus.WithError(err).Warnf("Failed to open LUKS device %s", devicePath)
+		logrus.WithError(err).Warnf("Failed to open LUKS device %s to %s", devicePath, encryptedDevName)
 	}
 	return err
 }

 // CloseVolume closes encrypted volume so it can be detached.
-func CloseVolume(volume string) error {
+func CloseVolume(volume, dataEngine string) error {
 	namespaces := []lhtypes.Namespace{lhtypes.NamespaceMnt, lhtypes.NamespaceIpc}
 	nsexec, err := lhns.NewNamespaceExecutor(lhtypes.ProcessNone, lhtypes.HostProcDirectory, namespaces)
 	if err != nil {
 		return err
 	}

-	logrus.Debugf("Closing LUKS device %s", volume)
-	_, err = nsexec.LuksClose(volume, lhtypes.LuksTimeout)
+	deviceName := types.GetEncryptVolumeName(volume, dataEngine)
+	logrus.Debugf("Closing LUKS device %s", deviceName)
+	_, err = nsexec.LuksClose(deviceName, lhtypes.LuksTimeout)
 	return err
 }

-func ResizeEncryptoDevice(volume, passphrase string) error {
-	devPath := types.GetVolumeDevicePath(volume, true)
+func ResizeEncryptoDevice(volume, dataEngine, passphrase string) error {
+	// devPath is the full path of the encrypted device on the host that will be resized
+	devPath := types.GetVolumeDevicePath(volume, dataEngine, true)
 	if isOpen, err := IsDeviceOpen(devPath); err != nil {
 		return err
 	} else if !isOpen {
-		return fmt.Errorf("volume %v encrypto device is closed for resizing", volume)
+		return fmt.Errorf("volume %v encrypto device %s is closed for resizing", volume, devPath)
 	}

 	namespaces := []lhtypes.Namespace{lhtypes.NamespaceMnt, lhtypes.NamespaceIpc}
@ -77,7 +81,7 @@ func ResizeEncryptoDevice(volume, passphrase string) error {
 		return err
 	}

-	_, err = nsexec.LuksResize(volume, passphrase, lhtypes.LuksTimeout)
+	_, err = nsexec.LuksResize(types.GetEncryptVolumeName(volume, dataEngine), passphrase, lhtypes.LuksTimeout)
 	return err
 }

@ -101,6 +105,17 @@ func DeviceEncryptionStatus(devicePath string) (mappedDevice, mapper string, err
 		return devicePath, "", err
 	}

+	// Check the mapper device using `cryptsetup status`. Sample output:
+	//   /dev/mapper/pvc-e2a1c50a-9409-4afd-9e7d-3c1f5a9afa7f is active and is in use.
+	//     type:    LUKS2
+	//     cipher:  aes-xts-plain64
+	//     keysize: 256 bits
+	//     key location: keyring
+	//     device:  /dev/sda
+	//     sector size:  512
+	//     offset:  32768 sectors
+	//     size:    110592 sectors
+	//     mode:    read/write
 	volume := strings.TrimPrefix(devicePath, types.MapperDevPath+"/")
 	stdout, err := nsexec.LuksStatus(volume, lhtypes.LuksTimeout)
 	if err != nil {
@ -111,7 +126,11 @@ func DeviceEncryptionStatus(devicePath string) (mappedDevice, mapper string, err
 	if len(lines) < 1 {
 		return "", "", fmt.Errorf("device encryption status returned no stdout for %s", devicePath)
 	}
-	if !strings.HasSuffix(lines[0], " is active.") {
+
+	// There are two possible cases to an encrypted mapper device:
+	// - "/path/to/device is active.": the mapper device is activated by `cryptsetup luksOpen`
+	// - "/path/to/device is active and is in use.": the activated device is mounted or exposed (e.g., NFS)
+	if !strings.Contains(lines[0], " is active") {
 		// Implies this is not a LUKS device
 		return devicePath, "", nil
 	}
--- a/pkg/rpc/server.go
+++ b/pkg/rpc/server.go
@ -69,7 +69,7 @@ func (s *ShareManagerServer) FilesystemTrim(ctx context.Context, req *smrpc.File
 		}
 	}()

-	devicePath := types.GetVolumeDevicePath(vol.Name, req.EncryptedDevice)
+	devicePath := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, req.EncryptedDevice)
 	if !volume.CheckDeviceValid(devicePath) {
 		return &emptypb.Empty{}, grpcstatus.Errorf(grpccodes.FailedPrecondition, "volume %v is not valid", vol.Name)
 	}
@ -134,7 +134,7 @@ func (s *ShareManagerServer) FilesystemResize(ctx context.Context, req *emptypb.
 		}
 	}()

-	devicePath := types.GetVolumeDevicePath(vol.Name, vol.IsEncrypted())
+	devicePath := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, vol.IsEncrypted())
 	if !volume.CheckDeviceValid(devicePath) {
 		return &emptypb.Empty{}, grpcstatus.Errorf(grpccodes.FailedPrecondition, "volume %v is not valid", vol.Name)
 	}
@ -151,17 +151,18 @@ func (s *ShareManagerServer) FilesystemResize(ctx context.Context, req *emptypb.

 	// Note that cryptsetup resize is only necessary for volumes resized while online.  For offline, it will happen automatically during 'open'.
 	if vol.IsEncrypted() {
-		diskFormat, err := volume.GetDiskFormat(devicePath)
+		rawDevicePath := types.GetRawVolumeDevicePath(vol.Name)
+		diskFormat, err := volume.GetDiskFormat(rawDevicePath)
 		if err != nil {
 			return &emptypb.Empty{}, grpcstatus.Errorf(grpccodes.Internal, "failed to determine disk format of volume %v: %v", vol.Name, err)
 		}
-		log.Infof("Device %v contains filesystem of format %v", devicePath, diskFormat)
+		log.WithField("mappedDevice", devicePath).Infof("Encrypted volume device %v contains filesystem of format %v", rawDevicePath, diskFormat)

 		if diskFormat != "crypto_LUKS" {
 			return &emptypb.Empty{}, grpcstatus.Errorf(grpccodes.InvalidArgument, "unsupported disk encryption format %v", diskFormat)
 		}

-		if err = crypto.ResizeEncryptoDevice(vol.Name, vol.Passphrase); err != nil {
+		if err = crypto.ResizeEncryptoDevice(vol.Name, vol.DataEngine, vol.Passphrase); err != nil {
 			return &emptypb.Empty{}, grpcstatus.Errorf(grpccodes.Internal, "failed to resize crypto device %v for volume %v node expansion: %v", devicePath, vol.Name, err)
 		}
 	}
@ -309,7 +310,7 @@ func (s *ShareManagerServer) Mount(ctx context.Context, req *emptypb.Empty) (res

 	log.Info("Mounting and exporting volume")

-	devicePath := types.GetVolumeDevicePath(vol.Name, false)
+	devicePath := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, false)
 	mountPath := types.GetMountPath(vol.Name)

 	defer func() {
@ -388,6 +389,16 @@ func (s *ShareManagerHealthCheckServer) Watch(req *healthpb.HealthCheckRequest,
 	}
 }

+func (s *ShareManagerHealthCheckServer) List(context.Context, *healthpb.HealthListRequest) (*healthpb.HealthListResponse, error) {
+	return &healthpb.HealthListResponse{
+		Statuses: map[string]*healthpb.HealthCheckResponse{
+			"grpc": {
+				Status: healthpb.HealthCheckResponse_SERVING,
+			},
+		},
+	}, nil
+}
+
 func nfsServerIsRunning() bool {
 	_, err := util.FindProcessByName("ganesha.nfsd")
 	return err == nil
--- a/pkg/server/nfs/export.go
+++ b/pkg/server/nfs/export.go
@ -11,6 +11,7 @@ import (
 	"syscall"

 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"

 	"github.com/longhorn/longhorn-share-manager/pkg/util"
 )
@ -67,12 +68,12 @@ func (e *Exporter) GetExportMap() ExportMap {
 	defer e.mapMutex.RUnlock()

 	volToID := map[string]uint16{}
-	for vol, id := range e.ExportMap.volumeToid {
+	for vol, id := range e.volumeToid {
 		volToID[vol] = id
 	}

 	idToVol := map[uint16]string{}
-	for id, vol := range e.ExportMap.idToVolume {
+	for id, vol := range e.idToVolume {
 		idToVol[id] = vol
 	}

@ -223,7 +224,11 @@ func (e *Exporter) addToConfig(block string) error {
 	if err != nil {
 		return err
 	}
-	defer config.Close()
+	defer func() {
+		if errClose := config.Close(); errClose != nil {
+			logrus.WithError(errClose).Error("Failed to close config file")
+		}
+	}()

 	if _, err = config.WriteString(block); err != nil {
 		return err
@ -243,7 +248,7 @@ func (e *Exporter) removeFromConfig(block string) error {
 		return err
 	}

-	newConfig := strings.Replace(string(config), block, "", -1)
+	newConfig := strings.ReplaceAll(string(config), block, "")
 	err = os.WriteFile(e.configPath, []byte(newConfig), 0)
 	if err != nil {
 		return err
--- a/pkg/server/share_manager.go
+++ b/pkg/server/share_manager.go
@ -37,6 +37,7 @@ const shareManagerPrefix = "share-manager-"
 const EnvKeyFastFailover = "FAST_FAILOVER"
 const EnvKeyLeaseLifetime = "LEASE_LIFETIME"
 const EnvKeyGracePeriod = "GRACE_PERIOD"
+const EnvKeyFormatOptions = "FS_FORMAT_OPTIONS"
 const defaultLeaseLifetime = 60
 const defaultGracePeriod = 90

@ -103,7 +104,7 @@ func NewShareManager(logger logrus.FieldLogger, volume volume.Volume) (*ShareMan
 func (m *ShareManager) Run() error {
 	vol := m.volume
 	mountPath := types.GetMountPath(vol.Name)
-	devicePath := types.GetVolumeDevicePath(vol.Name, false)
+	devicePath := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, false)

 	defer func() {
 		// if the server is exiting, try to unmount & teardown device before we terminate the container
@ -201,9 +202,9 @@ func (m *ShareManager) setupDevice(vol volume.Volume, devicePath string) (string
 			}
 		}

-		cryptoDevice := types.GetVolumeDevicePath(vol.Name, true)
+		cryptoDevice := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, true)
 		m.logger.Infof("Volume %s requires crypto device %s", vol.Name, cryptoDevice)
-		if err := crypto.OpenVolume(vol.Name, devicePath, vol.Passphrase); err != nil {
+		if err := crypto.OpenVolume(vol.Name, vol.DataEngine, devicePath, vol.Passphrase); err != nil {
 			m.logger.WithError(err).Error("Failed to open encrypted volume")
 			return "", err
 		}
@ -217,12 +218,12 @@ func (m *ShareManager) setupDevice(vol volume.Volume, devicePath string) (string

 func (m *ShareManager) tearDownDevice(vol volume.Volume) error {
 	// close any matching crypto device for this volume
-	cryptoDevice := types.GetVolumeDevicePath(vol.Name, true)
+	cryptoDevice := types.GetVolumeDevicePath(vol.Name, vol.DataEngine, true)
 	if isOpen, err := crypto.IsDeviceOpen(cryptoDevice); err != nil {
 		return err
 	} else if isOpen {
 		m.logger.Infof("Volume %s has active crypto device %s", vol.Name, cryptoDevice)
-		if err := crypto.CloseVolume(vol.Name); err != nil {
+		if err := crypto.CloseVolume(vol.Name, vol.DataEngine); err != nil {
 			return err
 		}
 		m.logger.Infof("Volume %s closed active crypto device %s", vol.Name, cryptoDevice)
@ -234,6 +235,7 @@ func (m *ShareManager) tearDownDevice(vol volume.Volume) error {
 func (m *ShareManager) MountVolume(vol volume.Volume, devicePath, mountPath string) error {
 	fsType := vol.FsType
 	mountOptions := vol.MountOptions
+	formatOptions := m.getFormatOptions()

 	// https://github.com/longhorn/longhorn/issues/2991
 	// pre v1.2 we ignored the fsType and always formatted as ext4
@ -251,7 +253,16 @@ func (m *ShareManager) MountVolume(vol volume.Volume, devicePath, mountPath stri
 		fsType = diskFormat
 	}

-	return volume.MountVolume(devicePath, mountPath, fsType, mountOptions)
+	return volume.MountVolume(devicePath, mountPath, fsType, mountOptions, formatOptions)
+}
+
+func (m *ShareManager) getFormatOptions() []string {
+	env := os.Getenv(EnvKeyFormatOptions)
+	if env == "" {
+		return nil
+	}
+
+	return strings.Split(env, ":")
 }

 func (m *ShareManager) resizeVolume(devicePath, mountPath string) error {
--- a/pkg/types/types.go
+++ b/pkg/types/types.go
@ -12,13 +12,35 @@ const (
 	DevPath       = "/dev"
 	MapperDevPath = "/dev/mapper"

+	// The suffix for dm device name of the encrypted v2 volume.
+	MapperV2VolumeSuffix = "-encrypted"
+
 	ExportPath = "/export"
+
+	DataEngineTypeV1 = "v1"
+	DataEngineTypeV2 = "v2"
 )

-func GetVolumeDevicePath(volumeName string, EncryptedDevice bool) string {
+func GetEncryptVolumeName(volume, dataEngine string) string {
+	if dataEngine == DataEngineTypeV2 {
+		return volume + MapperV2VolumeSuffix
+	}
+	return volume
+}
+
+func GetVolumeDevicePath(volumeName, dataEngine string, EncryptedDevice bool) string {
 	if EncryptedDevice {
+		if dataEngine == DataEngineTypeV2 {
+			// v2 volume will use a dm device as default to control IO path when attaching. This dm device will be created with the same name as the volume name.
+			// The encrypted volume will be created with the volume name with "-encrypted" suffix to resolve the naming conflict.
+			return path.Join(MapperDevPath, GetEncryptVolumeName(volumeName, dataEngine))
+		}
 		return path.Join(MapperDevPath, volumeName)
 	}
+	return GetRawVolumeDevicePath(volumeName)
+}
+
+func GetRawVolumeDevicePath(volumeName string) string {
 	return filepath.Join(DevPath, "longhorn", volumeName)
 }

--- a/pkg/volume/volume.go
+++ b/pkg/volume/volume.go
@ -11,6 +11,7 @@ import (

 type Volume struct {
 	Name            string
+	DataEngine      string
 	Passphrase      string
 	CryptoKeyCipher string
 	CryptoKeyHash   string
@ -39,7 +40,7 @@ func CheckMountValid(mountPath string) bool {
 	return err == nil && isMountPoint
 }

-func MountVolume(devicePath, mountPath, fsType string, mountOptions []string) error {
+func MountVolume(devicePath, mountPath, fsType string, mountOptions []string, formatOptions []string) error {
 	if !CheckDeviceValid(devicePath) {
 		return fmt.Errorf("cannot mount device %v to %v invalid device", devicePath, mountPath)
 	}
@ -60,7 +61,8 @@ func MountVolume(devicePath, mountPath, fsType string, mountOptions []string) er
 		}
 	}

-	return mounter.FormatAndMount(devicePath, mountPath, fsType, mountOptions)
+	return mounter.FormatAndMountSensitiveWithFormatOptions(devicePath, mountPath, fsType,
+		mountOptions, nil, formatOptions)
 }

 func ResizeVolume(devicePath, mountPath string) (bool, error) {
--- a/scripts/build
+++ b/scripts/build
@ -19,7 +19,23 @@ fi
 cd $(dirname $0)/..

 mkdir -p bin
-archs=("amd64" "arm64")
-for arch in "${archs[@]}"; do
-    CGO_ENABLED=0 GOARCH="$arch" go build -o "bin/longhorn-share-manager-$arch" -ldflags "$LINKFLAGS" $COVER $COVERPKG
+
+ARCHS=${ARCHS:-''}
+if [[ -z "${ARCHS}" ]]; then
+    case $(uname -m) in
+    aarch64 | arm64)
+        ARCHS=(arm64)
+        ;;
+    x86_64)
+        ARCHS=(amd64)
+        ;;
+    *)
+        echo "$(uname -a): unsupported architecture"
+        exit 1
+    esac
+else
+    IFS=' ' read -r -a ARCHS <<<"${ARCHS}"
+fi
+for arch in "${ARCHS[@]}"; do
+    CGO_ENABLED=0 GOARCH="${arch}" go build -o "bin/longhorn-share-manager-${arch}" -ldflags "${LINKFLAGS}" ${COVER} ${COVERPKG}
 done
--- a/scripts/package
+++ b/scripts/package
@ -5,25 +5,92 @@ source $(dirname $0)/version

 cd $(dirname $0)/..

-PROJECT=`basename "$PWD"`
+PROJECT=$(basename "${PWD}")

-if [ ! -x ./bin/longhorn ]; then
-    ./scripts/build
+command -v buildx >/dev/null && BUILD_CMD=(buildx) || BUILD_CMD=(docker buildx)
+
+# read configurable parameters
+REPO=${REPO:-longhornio}
+IMAGE_NAME=${IMAGE_NAME:-${PROJECT}}
+TAG=${TAG:-''}
+PUSH=${PUSH:-'false'}
+IS_SECURE=${IS_SECURE:-'false'}
+MACHINE=${MACHINE:-''}
+TARGET_PLATFORMS=${TARGET_PLATFORMS:-''}
+IID_FILE=${IID_FILE:-''}
+IID_FILE_FLAG=${IID_FILE_FLAG:-''}
+SRC_BRANCH=${SRC_BRANCH:-''}
+SRC_TAG=${SRC_TAG:-''}
+
+BUILDER_ARGS=()
+[[ $MACHINE ]] && BUILDER_ARGS+=('--builder' "$MACHINE")
+
+BUILDX_ARGS=()
+
+case $(uname -m) in
+aarch64 | arm64)
+    BUILDERARCH=arm64
+    ;;
+x86_64)
+    BUILDERARCH=amd64
+    ;;
+*)
+    echo "$(uname -a): unsupported architecture"
+    exit 1
+esac
+
+if [[ ${TARGET_PLATFORMS} ]] ; then
+    IFS='/' read -r OS ARCH <<<"${TARGET_PLATFORMS}"
+    BUILDX_ARGS+=('--platform' "${TARGET_PLATFORMS}")
+else
+    BUILDX_ARGS+=('--platform' "linux/${BUILDERARCH}")
 fi

-cp -r bin package/
+if [[ -z $TAG ]]; then
+    if API_VERSION=$(./bin/longhorn-share-manager-"${BUILDERARCH}" version --client-only | jq ".clientVersion.apiVersion"); then
+      TAG="v${API_VERSION}_$(date -u +%Y%m%d)"
+    else
+      TAG="${VERSION}"
+    fi
+fi

-APIVERSION=`./bin/longhorn-share-manager version --client-only|jq ".clientVersion.apiVersion"`
-TAG=${TAG:-"v${APIVERSION}_`date -u +%Y%m%d`"}
-REPO=${REPO:-longhornio}
-IMAGE=${REPO}/${PROJECT}:${TAG}
+IMAGE="${REPO}/${IMAGE_NAME}:${TAG}"

-# update base image to get latest changes
-BASE_IMAGE=`grep FROM package/Dockerfile | grep -v AS | awk '{print $2}'`
-docker pull ${BASE_IMAGE}
+IFS=' ' read -r -a IID_FILE_ARGS <<<"${IID_FILE_FLAG}"
+[[ -n "${IID_FILE}" && ${#IID_FILE_ARGS} == 0 ]] && IID_FILE_ARGS=('--iidfile' "${IID_FILE}")

-buildx build --load -t ${IMAGE} -f package/Dockerfile .
+if [[ "${PUSH}" == 'true' ]]; then
+    BUILDX_ARGS+=('--push')
+else
+    BUILDX_ARGS+=('--load')
+fi

-echo Built ${IMAGE}
+[[ $IS_SECURE == 'true' ]] && BUILDX_ARGS+=('--sbom=true' '--attest' 'type=provenance,mode=max')

-echo ${IMAGE} > ./bin/latest_image
+IMAGE_ARGS=()
+[[ -n "${SRC_BRANCH}" ]] && IMAGE_ARGS+=(--build-arg SRC_BRANCH="${SRC_BRANCH}")
+[[ -n "${SRC_TAG}" ]] && IMAGE_ARGS+=(--build-arg SRC_TAG="${SRC_TAG}")
+
+# update base IMAGE to get latest changes
+grep 'FROM.*/' package/Dockerfile | awk '{print $2}' | while read -r STAGE_BASE_IMAGE
+do
+    docker pull "${STAGE_BASE_IMAGE}"
+done
+BASE_IMAGE=$(grep 'FROM.*AS release' package/Dockerfile | awk '{print $2}')
+
+echo "Building image ${IMAGE} based on ${BASE_IMAGE} with ARCH=${ARCH} SRC_BRANCH=${SRC_BRANCH} SRC_TAG=${SRC_TAG}"
+IMAGE_BUILD_CMD_ARGS=(
+    build --no-cache \
+    "${BUILDER_ARGS[@]}" \
+    "${IID_FILE_ARGS[@]}" \
+    "${BUILDX_ARGS[@]}" \
+    "${IMAGE_ARGS[@]}" \
+    -t "${IMAGE}" -f package/Dockerfile .
+)
+echo "${BUILD_CMD[@]}" "${IMAGE_BUILD_CMD_ARGS[@]}"
+"${BUILD_CMD[@]}" "${IMAGE_BUILD_CMD_ARGS[@]}"
+
+echo "Built ${IMAGE}"
+
+mkdir -p ./bin
+echo "${IMAGE}" > ./bin/latest_image
--- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go
+++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go
@ -1,3 +1,4 @@
+// Package md2man aims in converting markdown into roff (man pages).
 package md2man

 import (
--- a/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go
+++ b/vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go
@ -47,13 +47,13 @@ const (
 	tableStart        = "\n.TS\nallbox;\n"
 	tableEnd          = ".TE\n"
 	tableCellStart    = "T{\n"
-	tableCellEnd      = "\nT}\n"
+	tableCellEnd      = "\nT}"
 	tablePreprocessor = `'\" t`
 )

 // NewRoffRenderer creates a new blackfriday Renderer for generating roff documents
 // from markdown
-func NewRoffRenderer() *roffRenderer { // nolint: golint
+func NewRoffRenderer() *roffRenderer {
 	return &roffRenderer{}
 }

@ -104,7 +104,7 @@ func (r *roffRenderer) RenderNode(w io.Writer, node *blackfriday.Node, entering
 			node.Parent.Prev.Type == blackfriday.Heading &&
 			node.Parent.Prev.FirstChild != nil &&
 			bytes.EqualFold(node.Parent.Prev.FirstChild.Literal, []byte("NAME")) {
-			before, after, found := bytes.Cut(node.Literal, []byte(" - "))
+			before, after, found := bytesCut(node.Literal, []byte(" - "))
 			escapeSpecialChars(w, before)
 			if found {
 				out(w, ` \- `)
@ -316,9 +316,8 @@ func (r *roffRenderer) handleTableCell(w io.Writer, node *blackfriday.Node, ente
 		} else if nodeLiteralSize(node) > 30 {
 			end = tableCellEnd
 		}
-		if node.Next == nil && end != tableCellEnd {
-			// Last cell: need to carriage return if we are at the end of the
-			// header row and content isn't wrapped in a "tablecell"
+		if node.Next == nil {
+			// Last cell: need to carriage return if we are at the end of the header row.
 			end += crTag
 		}
 		out(w, end)
@ -356,7 +355,7 @@ func countColumns(node *blackfriday.Node) int {
 }

 func out(w io.Writer, output string) {
-	io.WriteString(w, output) // nolint: errcheck
+	io.WriteString(w, output) //nolint:errcheck
 }

 func escapeSpecialChars(w io.Writer, text []byte) {
@ -395,7 +394,7 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) {
 			i++
 		}
 		if i > org {
-			w.Write(text[org:i]) // nolint: errcheck
+			w.Write(text[org:i]) //nolint:errcheck
 		}

 		// escape a character
@ -403,6 +402,15 @@ func escapeSpecialCharsLine(w io.Writer, text []byte) {
 			break
 		}

-		w.Write([]byte{'\\', text[i]}) // nolint: errcheck
+		w.Write([]byte{'\\', text[i]}) //nolint:errcheck
 	}
 }
+
+// bytesCut is a copy of [bytes.Cut] to provide compatibility with go1.17
+// and older. We can remove this once we drop support  for go1.17 and older.
+func bytesCut(s, sep []byte) (before, after []byte, found bool) {
+	if i := bytes.Index(s, sep); i >= 0 {
+		return s[:i], s[i+len(sep):], true
+	}
+	return s, nil, false
+}
--- a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
+++ b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml
@ -1,13 +0,0 @@
-freebsd_task:
-  name: 'FreeBSD'
-  freebsd_instance:
-    image_family: freebsd-13-2
-  install_script:
-    - pkg update -f
-    - pkg install -y go
-  test_script:
-      # run tests as user "cirrus" instead of root
-    - pw useradd cirrus -m
-    - chown -R cirrus:cirrus .
-    - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
-    -                      sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./...
--- a/vendor/github.com/fsnotify/fsnotify/.editorconfig
+++ b/vendor/github.com/fsnotify/fsnotify/.editorconfig
@ -1,12 +0,0 @@
-root = true
-
-[*.go]
-indent_style = tab
-indent_size = 4
-insert_final_newline = true
-
-[*.{yml,yaml}]
-indent_style = space
-indent_size = 2
-insert_final_newline = true
-trim_trailing_whitespace = true
--- a/vendor/github.com/fsnotify/fsnotify/.gitattributes
+++ b/vendor/github.com/fsnotify/fsnotify/.gitattributes
@ -1 +0,0 @@
-go.sum linguist-generated
--- a/vendor/github.com/fsnotify/fsnotify/.gitignore
+++ b/vendor/github.com/fsnotify/fsnotify/.gitignore
@ -1,7 +0,0 @@
-# go test -c output
-*.test
-*.test.exe
-
-# Output of go build ./cmd/fsnotify
-/fsnotify
-/fsnotify.exe
--- a/vendor/github.com/fsnotify/fsnotify/.mailmap
+++ b/vendor/github.com/fsnotify/fsnotify/.mailmap
@ -1,2 +0,0 @@
-Chris Howey <howeyc@gmail.com> <chris@howey.me>
-Nathan Youngman <git@nathany.com> <4566+nathany@users.noreply.github.com>
--- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
+++ b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
@ -1,541 +0,0 @@
-# Changelog
-
-Unreleased
----------
-Nothing yet.
-
-1.7.0 - 2023-10-22
------------------
-This version of fsnotify needs Go 1.17.
-
-### Additions
-
- illumos: add FEN backend to support illumos and Solaris. ([#371])
-
- all: add `NewBufferedWatcher()` to use a buffered channel, which can be useful
-  in cases where you can't control the kernel buffer and receive a large number
-  of events in bursts. ([#550], [#572])
-
- all: add `AddWith()`, which is identical to `Add()` but allows passing
-  options. ([#521])
-
- windows: allow setting the ReadDirectoryChangesW() buffer size with
-  `fsnotify.WithBufferSize()`; the default of 64K is the highest value that
-  works on all platforms and is enough for most purposes, but in some cases a
-  highest buffer is needed. ([#521])
-
-### Changes and fixes
-
- inotify: remove watcher if a watched path is renamed ([#518])
-
-  After a rename the reported name wasn't updated, or even an empty string.
-  Inotify doesn't provide any good facilities to update it, so just remove the
-  watcher. This is already how it worked on kqueue and FEN.
-
-  On Windows this does work, and remains working.
-
- windows: don't listen for file attribute changes ([#520])
-
-  File attribute changes are sent as `FILE_ACTION_MODIFIED` by the Windows API,
-  with no way to see if they're a file write or attribute change, so would show
-  up as a fsnotify.Write event. This is never useful, and could result in many
-  spurious Write events.
-
- windows: return `ErrEventOverflow` if the buffer is full ([#525])
-
-  Before it would merely return "short read", making it hard to detect this
-  error.
-
- kqueue: make sure events for all files are delivered properly when removing a
-  watched directory ([#526])
-
-  Previously they would get sent with `""` (empty string) or `"."` as the path
-  name.
-
- kqueue: don't emit spurious Create events for symbolic links ([#524])
-
-  The link would get resolved but kqueue would "forget" it already saw the link
-  itself, resulting on a Create for every Write event for the directory.
-
- all: return `ErrClosed` on `Add()` when the watcher is closed ([#516])
-
- other: add `Watcher.Errors` and `Watcher.Events` to the no-op `Watcher` in
-  `backend_other.go`, making it easier to use on unsupported platforms such as
-  WASM, AIX, etc. ([#528])
-
- other: use the `backend_other.go` no-op if the `appengine` build tag is set;
-  Google AppEngine forbids usage of the unsafe package so the inotify backend
-  won't compile there.
-
-[#371]: https://github.com/fsnotify/fsnotify/pull/371
-[#516]: https://github.com/fsnotify/fsnotify/pull/516
-[#518]: https://github.com/fsnotify/fsnotify/pull/518
-[#520]: https://github.com/fsnotify/fsnotify/pull/520
-[#521]: https://github.com/fsnotify/fsnotify/pull/521
-[#524]: https://github.com/fsnotify/fsnotify/pull/524
-[#525]: https://github.com/fsnotify/fsnotify/pull/525
-[#526]: https://github.com/fsnotify/fsnotify/pull/526
-[#528]: https://github.com/fsnotify/fsnotify/pull/528
-[#537]: https://github.com/fsnotify/fsnotify/pull/537
-[#550]: https://github.com/fsnotify/fsnotify/pull/550
-[#572]: https://github.com/fsnotify/fsnotify/pull/572
-
-1.6.0 - 2022-10-13
------------------
-This version of fsnotify needs Go 1.16 (this was already the case since 1.5.1,
-but not documented). It also increases the minimum Linux version to 2.6.32.
-
-### Additions
-
- all: add `Event.Has()` and `Op.Has()` ([#477])
-
-  This makes checking events a lot easier; for example:
-
-	    if event.Op&Write == Write && !(event.Op&Remove == Remove) {
-	    }
-
-	Becomes:
-
-	    if event.Has(Write) && !event.Has(Remove) {
-	    }
-
- all: add cmd/fsnotify ([#463])
-
-  A command-line utility for testing and some examples.
-
-### Changes and fixes
-
- inotify: don't ignore events for files that don't exist ([#260], [#470])
-
-  Previously the inotify watcher would call `os.Lstat()` to check if a file
-  still exists before emitting events.
-
-  This was inconsistent with other platforms and resulted in inconsistent event
-  reporting (e.g. when a file is quickly removed and re-created), and generally
-  a source of confusion. It was added in 2013 to fix a memory leak that no
-  longer exists.
-
- all: return `ErrNonExistentWatch` when `Remove()` is called on a path that's
-  not watched ([#460])
-
- inotify: replace epoll() with non-blocking inotify ([#434])
-
-  Non-blocking inotify was not generally available at the time this library was
-  written in 2014, but now it is. As a result, the minimum Linux version is
-  bumped from 2.6.27 to 2.6.32. This hugely simplifies the code and is faster.
-
- kqueue: don't check for events every 100ms ([#480])
-
-  The watcher would wake up every 100ms, even when there was nothing to do. Now
-  it waits until there is something to do.
-
- macos: retry opening files on EINTR ([#475])
-
- kqueue: skip unreadable files ([#479])
-
-  kqueue requires a file descriptor for every file in a directory; this would
-  fail if a file was unreadable by the current user. Now these files are simply
-  skipped.
-
- windows: fix renaming a watched directory if the parent is also watched ([#370])
-
- windows: increase buffer size from 4K to 64K ([#485])
-
- windows: close file handle on Remove() ([#288])
-
- kqueue: put pathname in the error if watching a file fails ([#471])
-
- inotify, windows: calling Close() more than once could race ([#465])
-
- kqueue: improve Close() performance ([#233])
-
- all: various documentation additions and clarifications.
-
-[#233]: https://github.com/fsnotify/fsnotify/pull/233
-[#260]: https://github.com/fsnotify/fsnotify/pull/260
-[#288]: https://github.com/fsnotify/fsnotify/pull/288
-[#370]: https://github.com/fsnotify/fsnotify/pull/370
-[#434]: https://github.com/fsnotify/fsnotify/pull/434
-[#460]: https://github.com/fsnotify/fsnotify/pull/460
-[#463]: https://github.com/fsnotify/fsnotify/pull/463
-[#465]: https://github.com/fsnotify/fsnotify/pull/465
-[#470]: https://github.com/fsnotify/fsnotify/pull/470
-[#471]: https://github.com/fsnotify/fsnotify/pull/471
-[#475]: https://github.com/fsnotify/fsnotify/pull/475
-[#477]: https://github.com/fsnotify/fsnotify/pull/477
-[#479]: https://github.com/fsnotify/fsnotify/pull/479
-[#480]: https://github.com/fsnotify/fsnotify/pull/480
-[#485]: https://github.com/fsnotify/fsnotify/pull/485
-
-## [1.5.4] - 2022-04-25
-
-* Windows: add missing defer to `Watcher.WatchList` [#447](https://github.com/fsnotify/fsnotify/pull/447)
-* go.mod: use latest x/sys [#444](https://github.com/fsnotify/fsnotify/pull/444)
-* Fix compilation for OpenBSD [#443](https://github.com/fsnotify/fsnotify/pull/443)
-
-## [1.5.3] - 2022-04-22
-
-* This version is retracted. An incorrect branch is published accidentally [#445](https://github.com/fsnotify/fsnotify/issues/445)
-
-## [1.5.2] - 2022-04-21
-
-* Add a feature to return the directories and files that are being monitored [#374](https://github.com/fsnotify/fsnotify/pull/374)
-* Fix potential crash on windows if `raw.FileNameLength` exceeds `syscall.MAX_PATH` [#361](https://github.com/fsnotify/fsnotify/pull/361)
-* Allow build on unsupported GOOS [#424](https://github.com/fsnotify/fsnotify/pull/424)
-* Don't set `poller.fd` twice in `newFdPoller` [#406](https://github.com/fsnotify/fsnotify/pull/406)
-* fix go vet warnings: call to `(*T).Fatalf` from a non-test goroutine [#416](https://github.com/fsnotify/fsnotify/pull/416)
-
-## [1.5.1] - 2021-08-24
-
-* Revert Add AddRaw to not follow symlinks [#394](https://github.com/fsnotify/fsnotify/pull/394)
-
-## [1.5.0] - 2021-08-20
-
-* Go: Increase minimum required version to Go 1.12 [#381](https://github.com/fsnotify/fsnotify/pull/381)
-* Feature: Add AddRaw method which does not follow symlinks when adding a watch [#289](https://github.com/fsnotify/fsnotify/pull/298)
-* Windows: Follow symlinks by default like on all other systems [#289](https://github.com/fsnotify/fsnotify/pull/289)
-* CI: Use GitHub Actions for CI and cover go 1.12-1.17
-   [#378](https://github.com/fsnotify/fsnotify/pull/378)
-   [#381](https://github.com/fsnotify/fsnotify/pull/381)
-   [#385](https://github.com/fsnotify/fsnotify/pull/385)
-* Go 1.14+: Fix unsafe pointer conversion [#325](https://github.com/fsnotify/fsnotify/pull/325)
-
-## [1.4.9] - 2020-03-11
-
-* Move example usage to the readme #329. This may resolve #328.
-
-## [1.4.8] - 2020-03-10
-
-* CI: test more go versions (@nathany 1d13583d846ea9d66dcabbfefbfb9d8e6fb05216)
-* Tests: Queued inotify events could have been read by the test before max_queued_events was hit (@matthias-stone #265)
-* Tests:  t.Fatalf -> t.Errorf in go routines (@gdey #266)
-* CI: Less verbosity (@nathany #267)
-* Tests: Darwin: Exchangedata is deprecated on 10.13 (@nathany #267)
-* Tests: Check if channels are closed in the example (@alexeykazakov #244)
-* CI: Only run golint on latest version of go and fix issues (@cpuguy83 #284)
-* CI: Add windows to travis matrix (@cpuguy83 #284)
-* Docs: Remover appveyor badge (@nathany 11844c0959f6fff69ba325d097fce35bd85a8e93)
-* Linux: create epoll and pipe fds with close-on-exec (@JohannesEbke #219)
-* Linux: open files with close-on-exec (@linxiulei #273)
-* Docs: Plan to support fanotify (@nathany ab058b44498e8b7566a799372a39d150d9ea0119 )
-* Project: Add go.mod (@nathany #309)
-* Project: Revise editor config (@nathany #309)
-* Project: Update copyright for 2019 (@nathany #309)
-* CI: Drop go1.8 from CI matrix (@nathany #309)
-* Docs: Updating the FAQ section for supportability with NFS & FUSE filesystems (@Pratik32 4bf2d1fec78374803a39307bfb8d340688f4f28e )
-
-## [1.4.7] - 2018-01-09
-
-* BSD/macOS: Fix possible deadlock on closing the watcher on kqueue (thanks @nhooyr and @glycerine)
-* Tests: Fix missing verb on format string (thanks @rchiossi)
-* Linux: Fix deadlock in Remove (thanks @aarondl)
-* Linux: Watch.Add improvements (avoid race, fix consistency, reduce garbage) (thanks @twpayne)
-* Docs: Moved FAQ into the README (thanks @vahe)
-* Linux: Properly handle inotify's IN_Q_OVERFLOW event (thanks @zeldovich)
-* Docs: replace references to OS X with macOS
-
-## [1.4.2] - 2016-10-10
-
-* Linux: use InotifyInit1 with IN_CLOEXEC to stop leaking a file descriptor to a child process when using fork/exec [#178](https://github.com/fsnotify/fsnotify/pull/178) (thanks @pattyshack)
-
-## [1.4.1] - 2016-10-04
-
-* Fix flaky inotify stress test on Linux [#177](https://github.com/fsnotify/fsnotify/pull/177) (thanks @pattyshack)
-
-## [1.4.0] - 2016-10-01
-
-* add a String() method to Event.Op [#165](https://github.com/fsnotify/fsnotify/pull/165) (thanks @oozie)
-
-## [1.3.1] - 2016-06-28
-
-* Windows: fix for double backslash when watching the root of a drive [#151](https://github.com/fsnotify/fsnotify/issues/151) (thanks @brunoqc)
-
-## [1.3.0] - 2016-04-19
-
-* Support linux/arm64 by [patching](https://go-review.googlesource.com/#/c/21971/) x/sys/unix and switching to to it from syscall (thanks @suihkulokki) [#135](https://github.com/fsnotify/fsnotify/pull/135)
-
-## [1.2.10] - 2016-03-02
-
-* Fix golint errors in windows.go [#121](https://github.com/fsnotify/fsnotify/pull/121) (thanks @tiffanyfj)
-
-## [1.2.9] - 2016-01-13
-
-kqueue: Fix logic for CREATE after REMOVE [#111](https://github.com/fsnotify/fsnotify/pull/111) (thanks @bep)
-
-## [1.2.8] - 2015-12-17
-
-* kqueue: fix race condition in Close [#105](https://github.com/fsnotify/fsnotify/pull/105) (thanks @djui for reporting the issue and @ppknap for writing a failing test)
-* inotify: fix race in test
-* enable race detection for continuous integration (Linux, Mac, Windows)
-
-## [1.2.5] - 2015-10-17
-
-* inotify: use epoll_create1 for arm64 support (requires Linux 2.6.27 or later) [#100](https://github.com/fsnotify/fsnotify/pull/100) (thanks @suihkulokki)
-* inotify: fix path leaks [#73](https://github.com/fsnotify/fsnotify/pull/73) (thanks @chamaken)
-* kqueue: watch for rename events on subdirectories [#83](https://github.com/fsnotify/fsnotify/pull/83) (thanks @guotie)
-* kqueue: avoid infinite loops from symlinks cycles [#101](https://github.com/fsnotify/fsnotify/pull/101) (thanks @illicitonion)
-
-## [1.2.1] - 2015-10-14
-
-* kqueue: don't watch named pipes [#98](https://github.com/fsnotify/fsnotify/pull/98) (thanks @evanphx)
-
-## [1.2.0] - 2015-02-08
-
-* inotify: use epoll to wake up readEvents [#66](https://github.com/fsnotify/fsnotify/pull/66) (thanks @PieterD)
-* inotify: closing watcher should now always shut down goroutine [#63](https://github.com/fsnotify/fsnotify/pull/63) (thanks @PieterD)
-* kqueue: close kqueue after removing watches, fixes [#59](https://github.com/fsnotify/fsnotify/issues/59)
-
-## [1.1.1] - 2015-02-05
-
-* inotify: Retry read on EINTR [#61](https://github.com/fsnotify/fsnotify/issues/61) (thanks @PieterD)
-
-## [1.1.0] - 2014-12-12
-
-* kqueue: rework internals [#43](https://github.com/fsnotify/fsnotify/pull/43)
-    * add low-level functions
-    * only need to store flags on directories
-    * less mutexes [#13](https://github.com/fsnotify/fsnotify/issues/13)
-    * done can be an unbuffered channel
-    * remove calls to os.NewSyscallError
-* More efficient string concatenation for Event.String() [#52](https://github.com/fsnotify/fsnotify/pull/52) (thanks @mdlayher)
-* kqueue: fix regression in  rework causing subdirectories to be watched [#48](https://github.com/fsnotify/fsnotify/issues/48)
-* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51)
-
-## [1.0.4] - 2014-09-07
-
-* kqueue: add dragonfly to the build tags.
-* Rename source code files, rearrange code so exported APIs are at the top.
-* Add done channel to example code. [#37](https://github.com/fsnotify/fsnotify/pull/37) (thanks @chenyukang)
-
-## [1.0.3] - 2014-08-19
-
-* [Fix] Windows MOVED_TO now translates to Create like on BSD and Linux. [#36](https://github.com/fsnotify/fsnotify/issues/36)
-
-## [1.0.2] - 2014-08-17
-
-* [Fix] Missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso)
-* [Fix] Make ./path and path equivalent. (thanks @zhsso)
-
-## [1.0.0] - 2014-08-15
-
-* [API] Remove AddWatch on Windows, use Add.
-* Improve documentation for exported identifiers. [#30](https://github.com/fsnotify/fsnotify/issues/30)
-* Minor updates based on feedback from golint.
-
-## dev / 2014-07-09
-
-* Moved to [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify).
-* Use os.NewSyscallError instead of returning errno (thanks @hariharan-uno)
-
-## dev / 2014-07-04
-
-* kqueue: fix incorrect mutex used in Close()
-* Update example to demonstrate usage of Op.
-
-## dev / 2014-06-28
-
-* [API] Don't set the Write Op for attribute notifications [#4](https://github.com/fsnotify/fsnotify/issues/4)
-* Fix for String() method on Event (thanks Alex Brainman)
-* Don't build on Plan 9 or Solaris (thanks @4ad)
-
-## dev / 2014-06-21
-
-* Events channel of type Event rather than *Event.
-* [internal] use syscall constants directly for inotify and kqueue.
-* [internal] kqueue: rename events to kevents and fileEvent to event.
-
-## dev / 2014-06-19
-
-* Go 1.3+ required on Windows (uses syscall.ERROR_MORE_DATA internally).
-* [internal] remove cookie from Event struct (unused).
-* [internal] Event struct has the same definition across every OS.
-* [internal] remove internal watch and removeWatch methods.
-
-## dev / 2014-06-12
-
-* [API] Renamed Watch() to Add() and RemoveWatch() to Remove().
-* [API] Pluralized channel names: Events and Errors.
-* [API] Renamed FileEvent struct to Event.
-* [API] Op constants replace methods like IsCreate().
-
-## dev / 2014-06-12
-
-* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98)
-
-## dev / 2014-05-23
-
-* [API] Remove current implementation of WatchFlags.
-    * current implementation doesn't take advantage of OS for efficiency
-    * provides little benefit over filtering events as they are received, but has  extra bookkeeping and mutexes
-    * no tests for the current implementation
-    * not fully implemented on Windows [#93](https://github.com/howeyc/fsnotify/issues/93#issuecomment-39285195)
-
-## [0.9.3] - 2014-12-31
-
-* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51)
-
-## [0.9.2] - 2014-08-17
-
-* [Backport] Fix missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso)
-
-## [0.9.1] - 2014-06-12
-
-* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98)
-
-## [0.9.0] - 2014-01-17
-
-* IsAttrib() for events that only concern a file's metadata [#79][] (thanks @abustany)
-* [Fix] kqueue: fix deadlock [#77][] (thanks @cespare)
-* [NOTICE] Development has moved to `code.google.com/p/go.exp/fsnotify` in preparation for inclusion in the Go standard library.
-
-## [0.8.12] - 2013-11-13
-
-* [API] Remove FD_SET and friends from Linux adapter
-
-## [0.8.11] - 2013-11-02
-
-* [Doc] Add Changelog [#72][] (thanks @nathany)
-* [Doc] Spotlight and double modify events on macOS [#62][] (reported by @paulhammond)
-
-## [0.8.10] - 2013-10-19
-
-* [Fix] kqueue: remove file watches when parent directory is removed [#71][] (reported by @mdwhatcott)
-* [Fix] kqueue: race between Close and readEvents [#70][] (reported by @bernerdschaefer)
-* [Doc] specify OS-specific limits in README (thanks @debrando)
-
-## [0.8.9] - 2013-09-08
-
-* [Doc] Contributing (thanks @nathany)
-* [Doc] update package path in example code [#63][] (thanks @paulhammond)
-* [Doc] GoCI badge in README (Linux only) [#60][]
-* [Doc] Cross-platform testing with Vagrant  [#59][] (thanks @nathany)
-
-## [0.8.8] - 2013-06-17
-
-* [Fix] Windows: handle `ERROR_MORE_DATA` on Windows [#49][] (thanks @jbowtie)
-
-## [0.8.7] - 2013-06-03
-
-* [API] Make syscall flags internal
-* [Fix] inotify: ignore event changes
-* [Fix] race in symlink test [#45][] (reported by @srid)
-* [Fix] tests on Windows
-* lower case error messages
-
-## [0.8.6] - 2013-05-23
-
-* kqueue: Use EVT_ONLY flag on Darwin
-* [Doc] Update README with full example
-
-## [0.8.5] - 2013-05-09
-
-* [Fix] inotify: allow monitoring of "broken" symlinks (thanks @tsg)
-
-## [0.8.4] - 2013-04-07
-
-* [Fix] kqueue: watch all file events [#40][] (thanks @ChrisBuchholz)
-
-## [0.8.3] - 2013-03-13
-
-* [Fix] inoitfy/kqueue memory leak [#36][] (reported by @nbkolchin)
-* [Fix] kqueue: use fsnFlags for watching a directory [#33][] (reported by @nbkolchin)
-
-## [0.8.2] - 2013-02-07
-
-* [Doc] add Authors
-* [Fix] fix data races for map access [#29][] (thanks @fsouza)
-
-## [0.8.1] - 2013-01-09
-
-* [Fix] Windows path separators
-* [Doc] BSD License
-
-## [0.8.0] - 2012-11-09
-
-* kqueue: directory watching improvements (thanks @vmirage)
-* inotify: add `IN_MOVED_TO` [#25][] (requested by @cpisto)
-* [Fix] kqueue: deleting watched directory [#24][] (reported by @jakerr)
-
-## [0.7.4] - 2012-10-09
-
-* [Fix] inotify: fixes from https://codereview.appspot.com/5418045/ (ugorji)
-* [Fix] kqueue: preserve watch flags when watching for delete [#21][] (reported by @robfig)
-* [Fix] kqueue: watch the directory even if it isn't a new watch (thanks @robfig)
-* [Fix] kqueue: modify after recreation of file
-
-## [0.7.3] - 2012-09-27
-
-* [Fix] kqueue: watch with an existing folder inside the watched folder (thanks @vmirage)
-* [Fix] kqueue: no longer get duplicate CREATE events
-
-## [0.7.2] - 2012-09-01
-
-* kqueue: events for created directories
-
-## [0.7.1] - 2012-07-14
-
-* [Fix] for renaming files
-
-## [0.7.0] - 2012-07-02
-
-* [Feature] FSNotify flags
-* [Fix] inotify: Added file name back to event path
-
-## [0.6.0] - 2012-06-06
-
-* kqueue: watch files after directory created (thanks @tmc)
-
-## [0.5.1] - 2012-05-22
-
-* [Fix] inotify: remove all watches before Close()
-
-## [0.5.0] - 2012-05-03
-
-* [API] kqueue: return errors during watch instead of sending over channel
-* kqueue: match symlink behavior on Linux
-* inotify: add `DELETE_SELF` (requested by @taralx)
-* [Fix] kqueue: handle EINTR (reported by @robfig)
-* [Doc] Godoc example [#1][] (thanks @davecheney)
-
-## [0.4.0] - 2012-03-30
-
-* Go 1 released: build with go tool
-* [Feature] Windows support using winfsnotify
-* Windows does not have attribute change notifications
-* Roll attribute notifications into IsModify
-
-## [0.3.0] - 2012-02-19
-
-* kqueue: add files when watch directory
-
-## [0.2.0] - 2011-12-30
-
-* update to latest Go weekly code
-
-## [0.1.0] - 2011-10-19
-
-* kqueue: add watch on file creation to match inotify
-* kqueue: create file event
-* inotify: ignore `IN_IGNORED` events
-* event String()
-* linux: common FileEvent functions
-* initial commit
-
-[#79]: https://github.com/howeyc/fsnotify/pull/79
-[#77]: https://github.com/howeyc/fsnotify/pull/77
-[#72]: https://github.com/howeyc/fsnotify/issues/72
-[#71]: https://github.com/howeyc/fsnotify/issues/71
-[#70]: https://github.com/howeyc/fsnotify/issues/70
-[#63]: https://github.com/howeyc/fsnotify/issues/63
-[#62]: https://github.com/howeyc/fsnotify/issues/62
-[#60]: https://github.com/howeyc/fsnotify/issues/60
-[#59]: https://github.com/howeyc/fsnotify/issues/59
-[#49]: https://github.com/howeyc/fsnotify/issues/49
-[#45]: https://github.com/howeyc/fsnotify/issues/45
-[#40]: https://github.com/howeyc/fsnotify/issues/40
-[#36]: https://github.com/howeyc/fsnotify/issues/36
-[#33]: https://github.com/howeyc/fsnotify/issues/33
-[#29]: https://github.com/howeyc/fsnotify/issues/29
-[#25]: https://github.com/howeyc/fsnotify/issues/25
-[#24]: https://github.com/howeyc/fsnotify/issues/24
-[#21]: https://github.com/howeyc/fsnotify/issues/21
--- a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
+++ b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
@ -1,26 +0,0 @@
-Thank you for your interest in contributing to fsnotify! We try to review and
-merge PRs in a reasonable timeframe, but please be aware that:
-
- To avoid "wasted" work, please discus changes on the issue tracker first. You
-  can just send PRs, but they may end up being rejected for one reason or the
-  other.
-
- fsnotify is a cross-platform library, and changes must work reasonably well on
-  all supported platforms.
-
- Changes will need to be compatible; old code should still compile, and the
-  runtime behaviour can't change in ways that are likely to lead to problems for
-  users.
-
-Testing
-------
-Just `go test ./...` runs all the tests; the CI runs this on all supported
-platforms. Testing different platforms locally can be done with something like
-[goon] or [Vagrant], but this isn't super-easy to set up at the moment.
-
-Use the `-short` flag to make the "stress test" run faster.
-
-
-[goon]: https://github.com/arp242/goon
-[Vagrant]: https://www.vagrantup.com/
-[integration_test.go]: /integration_test.go
--- a/vendor/github.com/fsnotify/fsnotify/LICENSE
+++ b/vendor/github.com/fsnotify/fsnotify/LICENSE
@ -1,25 +0,0 @@
-Copyright © 2012 The Go Authors. All rights reserved.
-Copyright © fsnotify Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-* Redistributions in binary form must reproduce the above copyright notice, this
-  list of conditions and the following disclaimer in the documentation and/or
-  other materials provided with the distribution.
-* Neither the name of Google Inc. nor the names of its contributors may be used
-  to endorse or promote products derived from this software without specific
-  prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/github.com/fsnotify/fsnotify/README.md
+++ b/vendor/github.com/fsnotify/fsnotify/README.md
@ -1,184 +0,0 @@
-fsnotify is a Go library to provide cross-platform filesystem notifications on
-Windows, Linux, macOS, BSD, and illumos.
-
-Go 1.17 or newer is required; the full documentation is at
-https://pkg.go.dev/github.com/fsnotify/fsnotify
-
---
-
-Platform support:
-
-| Backend               | OS         | Status                                                                    |
-| :-------------------- | :--------- | :------------------------------------------------------------------------ |
-| inotify               | Linux      | Supported                                                                 |
-| kqueue                | BSD, macOS | Supported                                                                 |
-| ReadDirectoryChangesW | Windows    | Supported                                                                 |
-| FEN                   | illumos    | Supported                                                                 |
-| fanotify              | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114)                |
-| AHAFS                 | AIX        | [aix branch]; experimental due to lack of maintainer and test environment |
-| FSEvents              | macOS      | [Needs support in x/sys/unix][fsevents]                                   |
-| USN Journals          | Windows    | [Needs support in x/sys/windows][usn]                                     |
-| Polling               | *All*      | [Not yet](https://github.com/fsnotify/fsnotify/issues/9)                  |
-
-Linux and illumos should include Android and Solaris, but these are currently
-untested.
-
-[fsevents]:   https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120
-[usn]:        https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847
-[aix branch]: https://github.com/fsnotify/fsnotify/issues/353#issuecomment-1284590129
-
-Usage
-----
-A basic example:
-
-```go
-package main
-
-import (
-    "log"
-
-    "github.com/fsnotify/fsnotify"
-)
-
-func main() {
-    // Create new watcher.
-    watcher, err := fsnotify.NewWatcher()
-    if err != nil {
-        log.Fatal(err)
-    }
-    defer watcher.Close()
-
-    // Start listening for events.
-    go func() {
-        for {
-            select {
-            case event, ok := <-watcher.Events:
-                if !ok {
-                    return
-                }
-                log.Println("event:", event)
-                if event.Has(fsnotify.Write) {
-                    log.Println("modified file:", event.Name)
-                }
-            case err, ok := <-watcher.Errors:
-                if !ok {
-                    return
-                }
-                log.Println("error:", err)
-            }
-        }
-    }()
-
-    // Add a path.
-    err = watcher.Add("/tmp")
-    if err != nil {
-        log.Fatal(err)
-    }
-
-    // Block main goroutine forever.
-    <-make(chan struct{})
-}
-```
-
-Some more examples can be found in [cmd/fsnotify](cmd/fsnotify), which can be
-run with:
-
-    % go run ./cmd/fsnotify
-
-Further detailed documentation can be found in godoc:
-https://pkg.go.dev/github.com/fsnotify/fsnotify
-
-FAQ
---
-### Will a file still be watched when it's moved to another directory?
-No, not unless you are watching the location it was moved to.
-
-### Are subdirectories watched?
-No, you must add watches for any directory you want to watch (a recursive
-watcher is on the roadmap: [#18]).
-
-[#18]: https://github.com/fsnotify/fsnotify/issues/18
-
-### Do I have to watch the Error and Event channels in a goroutine?
-Yes. You can read both channels in the same goroutine using `select` (you don't
-need a separate goroutine for both channels; see the example).
-
-### Why don't notifications work with NFS, SMB, FUSE, /proc, or /sys?
-fsnotify requires support from underlying OS to work. The current NFS and SMB
-protocols does not provide network level support for file notifications, and
-neither do the /proc and /sys virtual filesystems.
-
-This could be fixed with a polling watcher ([#9]), but it's not yet implemented.
-
-[#9]: https://github.com/fsnotify/fsnotify/issues/9
-
-### Why do I get many Chmod events?
-Some programs may generate a lot of attribute changes; for example Spotlight on
-macOS, anti-virus programs, backup applications, and some others are known to do
-this. As a rule, it's typically best to ignore Chmod events. They're often not
-useful, and tend to cause problems.
-
-Spotlight indexing on macOS can result in multiple events (see [#15]). A
-temporary workaround is to add your folder(s) to the *Spotlight Privacy
-settings* until we have a native FSEvents implementation (see [#11]).
-
-[#11]: https://github.com/fsnotify/fsnotify/issues/11
-[#15]: https://github.com/fsnotify/fsnotify/issues/15
-
-### Watching a file doesn't work well
-Watching individual files (rather than directories) is generally not recommended
-as many programs (especially editors) update files atomically: it will write to
-a temporary file which is then moved to to destination, overwriting the original
-(or some variant thereof). The watcher on the original file is now lost, as that
-no longer exists.
-
-The upshot of this is that a power failure or crash won't leave a half-written
-file.
-
-Watch the parent directory and use `Event.Name` to filter out files you're not
-interested in. There is an example of this in `cmd/fsnotify/file.go`.
-
-Platform-specific notes
-----------------------
-### Linux
-When a file is removed a REMOVE event won't be emitted until all file
-descriptors are closed; it will emit a CHMOD instead:
-
-    fp := os.Open("file")
-    os.Remove("file")        // CHMOD
-    fp.Close()               // REMOVE
-
-This is the event that inotify sends, so not much can be changed about this.
-
-The `fs.inotify.max_user_watches` sysctl variable specifies the upper limit for
-the number of watches per user, and `fs.inotify.max_user_instances` specifies
-the maximum number of inotify instances per user. Every Watcher you create is an
-"instance", and every path you add is a "watch".
-
-These are also exposed in `/proc` as `/proc/sys/fs/inotify/max_user_watches` and
-`/proc/sys/fs/inotify/max_user_instances`
-
-To increase them you can use `sysctl` or write the value to proc file:
-
-    # The default values on Linux 5.18
-    sysctl fs.inotify.max_user_watches=124983
-    sysctl fs.inotify.max_user_instances=128
-
-To make the changes persist on reboot edit `/etc/sysctl.conf` or
-`/usr/lib/sysctl.d/50-default.conf` (details differ per Linux distro; check your
-distro's documentation):
-
-    fs.inotify.max_user_watches=124983
-    fs.inotify.max_user_instances=128
-
-Reaching the limit will result in a "no space left on device" or "too many open
-files" error.
-
-### kqueue (macOS, all BSD systems)
-kqueue requires opening a file descriptor for every file that's being watched;
-so if you're watching a directory with five files then that's six file
-descriptors. You will run in to your system's "max open files" limit faster on
-these platforms.
-
-The sysctl variables `kern.maxfiles` and `kern.maxfilesperproc` can be used to
-control the maximum number of open files.
--- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_fen.go
@ -1,640 +0,0 @@
-//go:build solaris
-// +build solaris
-
-// Note: the documentation on the Watcher type and methods is generated from
-// mkdoc.zsh
-
-package fsnotify
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"golang.org/x/sys/unix"
-)
-
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\path\to\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-type Watcher struct {
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-	Events chan Event
-
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-	Errors chan error
-
-	mu      sync.Mutex
-	port    *unix.EventPort
-	done    chan struct{}       // Channel for sending a "quit message" to the reader goroutine
-	dirs    map[string]struct{} // Explicitly watched directories
-	watches map[string]struct{} // Explicitly watched non-directories
-}
-
-// NewWatcher creates a new Watcher.
-func NewWatcher() (*Watcher, error) {
-	return NewBufferedWatcher(0)
-}
-
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-func NewBufferedWatcher(sz uint) (*Watcher, error) {
-	w := &Watcher{
-		Events:  make(chan Event, sz),
-		Errors:  make(chan error),
-		dirs:    make(map[string]struct{}),
-		watches: make(map[string]struct{}),
-		done:    make(chan struct{}),
-	}
-
-	var err error
-	w.port, err = unix.NewEventPort()
-	if err != nil {
-		return nil, fmt.Errorf("fsnotify.NewWatcher: %w", err)
-	}
-
-	go w.readEvents()
-	return w, nil
-}
-
-// sendEvent attempts to send an event to the user, returning true if the event
-// was put in the channel successfully and false if the watcher has been closed.
-func (w *Watcher) sendEvent(name string, op Op) (sent bool) {
-	select {
-	case w.Events <- Event{Name: name, Op: op}:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-// sendError attempts to send an error to the user, returning true if the error
-// was put in the channel successfully and false if the watcher has been closed.
-func (w *Watcher) sendError(err error) (sent bool) {
-	select {
-	case w.Errors <- err:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-func (w *Watcher) isClosed() bool {
-	select {
-	case <-w.done:
-		return true
-	default:
-		return false
-	}
-}
-
-// Close removes all watches and closes the Events channel.
-func (w *Watcher) Close() error {
-	// Take the lock used by associateFile to prevent lingering events from
-	// being processed after the close
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	if w.isClosed() {
-		return nil
-	}
-	close(w.done)
-	return w.port.Close()
-}
-
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-func (w *Watcher) Add(name string) error { return w.AddWith(name) }
-
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-func (w *Watcher) AddWith(name string, opts ...addOpt) error {
-	if w.isClosed() {
-		return ErrClosed
-	}
-	if w.port.PathIsWatched(name) {
-		return nil
-	}
-
-	_ = getOptions(opts...)
-
-	// Currently we resolve symlinks that were explicitly requested to be
-	// watched. Otherwise we would use LStat here.
-	stat, err := os.Stat(name)
-	if err != nil {
-		return err
-	}
-
-	// Associate all files in the directory.
-	if stat.IsDir() {
-		err := w.handleDirectory(name, stat, true, w.associateFile)
-		if err != nil {
-			return err
-		}
-
-		w.mu.Lock()
-		w.dirs[name] = struct{}{}
-		w.mu.Unlock()
-		return nil
-	}
-
-	err = w.associateFile(name, stat, true)
-	if err != nil {
-		return err
-	}
-
-	w.mu.Lock()
-	w.watches[name] = struct{}{}
-	w.mu.Unlock()
-	return nil
-}
-
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) Remove(name string) error {
-	if w.isClosed() {
-		return nil
-	}
-	if !w.port.PathIsWatched(name) {
-		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
-	}
-
-	// The user has expressed an intent. Immediately remove this name from
-	// whichever watch list it might be in. If it's not in there the delete
-	// doesn't cause harm.
-	w.mu.Lock()
-	delete(w.watches, name)
-	delete(w.dirs, name)
-	w.mu.Unlock()
-
-	stat, err := os.Stat(name)
-	if err != nil {
-		return err
-	}
-
-	// Remove associations for every file in the directory.
-	if stat.IsDir() {
-		err := w.handleDirectory(name, stat, false, w.dissociateFile)
-		if err != nil {
-			return err
-		}
-		return nil
-	}
-
-	err = w.port.DissociatePath(name)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// readEvents contains the main loop that runs in a goroutine watching for events.
-func (w *Watcher) readEvents() {
-	// If this function returns, the watcher has been closed and we can close
-	// these channels
-	defer func() {
-		close(w.Errors)
-		close(w.Events)
-	}()
-
-	pevents := make([]unix.PortEvent, 8)
-	for {
-		count, err := w.port.Get(pevents, 1, nil)
-		if err != nil && err != unix.ETIME {
-			// Interrupted system call (count should be 0) ignore and continue
-			if errors.Is(err, unix.EINTR) && count == 0 {
-				continue
-			}
-			// Get failed because we called w.Close()
-			if errors.Is(err, unix.EBADF) && w.isClosed() {
-				return
-			}
-			// There was an error not caused by calling w.Close()
-			if !w.sendError(err) {
-				return
-			}
-		}
-
-		p := pevents[:count]
-		for _, pevent := range p {
-			if pevent.Source != unix.PORT_SOURCE_FILE {
-				// Event from unexpected source received; should never happen.
-				if !w.sendError(errors.New("Event from unexpected source received")) {
-					return
-				}
-				continue
-			}
-
-			err = w.handleEvent(&pevent)
-			if err != nil {
-				if !w.sendError(err) {
-					return
-				}
-			}
-		}
-	}
-}
-
-func (w *Watcher) handleDirectory(path string, stat os.FileInfo, follow bool, handler func(string, os.FileInfo, bool) error) error {
-	files, err := os.ReadDir(path)
-	if err != nil {
-		return err
-	}
-
-	// Handle all children of the directory.
-	for _, entry := range files {
-		finfo, err := entry.Info()
-		if err != nil {
-			return err
-		}
-		err = handler(filepath.Join(path, finfo.Name()), finfo, false)
-		if err != nil {
-			return err
-		}
-	}
-
-	// And finally handle the directory itself.
-	return handler(path, stat, follow)
-}
-
-// handleEvent might need to emit more than one fsnotify event if the events
-// bitmap matches more than one event type (e.g. the file was both modified and
-// had the attributes changed between when the association was created and the
-// when event was returned)
-func (w *Watcher) handleEvent(event *unix.PortEvent) error {
-	var (
-		events     = event.Events
-		path       = event.Path
-		fmode      = event.Cookie.(os.FileMode)
-		reRegister = true
-	)
-
-	w.mu.Lock()
-	_, watchedDir := w.dirs[path]
-	_, watchedPath := w.watches[path]
-	w.mu.Unlock()
-	isWatched := watchedDir || watchedPath
-
-	if events&unix.FILE_DELETE != 0 {
-		if !w.sendEvent(path, Remove) {
-			return nil
-		}
-		reRegister = false
-	}
-	if events&unix.FILE_RENAME_FROM != 0 {
-		if !w.sendEvent(path, Rename) {
-			return nil
-		}
-		// Don't keep watching the new file name
-		reRegister = false
-	}
-	if events&unix.FILE_RENAME_TO != 0 {
-		// We don't report a Rename event for this case, because Rename events
-		// are interpreted as referring to the _old_ name of the file, and in
-		// this case the event would refer to the new name of the file. This
-		// type of rename event is not supported by fsnotify.
-
-		// inotify reports a Remove event in this case, so we simulate this
-		// here.
-		if !w.sendEvent(path, Remove) {
-			return nil
-		}
-		// Don't keep watching the file that was removed
-		reRegister = false
-	}
-
-	// The file is gone, nothing left to do.
-	if !reRegister {
-		if watchedDir {
-			w.mu.Lock()
-			delete(w.dirs, path)
-			w.mu.Unlock()
-		}
-		if watchedPath {
-			w.mu.Lock()
-			delete(w.watches, path)
-			w.mu.Unlock()
-		}
-		return nil
-	}
-
-	// If we didn't get a deletion the file still exists and we're going to have
-	// to watch it again. Let's Stat it now so that we can compare permissions
-	// and have what we need to continue watching the file
-
-	stat, err := os.Lstat(path)
-	if err != nil {
-		// This is unexpected, but we should still emit an event. This happens
-		// most often on "rm -r" of a subdirectory inside a watched directory We
-		// get a modify event of something happening inside, but by the time we
-		// get here, the sudirectory is already gone. Clearly we were watching
-		// this path but now it is gone. Let's tell the user that it was
-		// removed.
-		if !w.sendEvent(path, Remove) {
-			return nil
-		}
-		// Suppress extra write events on removed directories; they are not
-		// informative and can be confusing.
-		return nil
-	}
-
-	// resolve symlinks that were explicitly watched as we would have at Add()
-	// time. this helps suppress spurious Chmod events on watched symlinks
-	if isWatched {
-		stat, err = os.Stat(path)
-		if err != nil {
-			// The symlink still exists, but the target is gone. Report the
-			// Remove similar to above.
-			if !w.sendEvent(path, Remove) {
-				return nil
-			}
-			// Don't return the error
-		}
-	}
-
-	if events&unix.FILE_MODIFIED != 0 {
-		if fmode.IsDir() {
-			if watchedDir {
-				if err := w.updateDirectory(path); err != nil {
-					return err
-				}
-			} else {
-				if !w.sendEvent(path, Write) {
-					return nil
-				}
-			}
-		} else {
-			if !w.sendEvent(path, Write) {
-				return nil
-			}
-		}
-	}
-	if events&unix.FILE_ATTRIB != 0 && stat != nil {
-		// Only send Chmod if perms changed
-		if stat.Mode().Perm() != fmode.Perm() {
-			if !w.sendEvent(path, Chmod) {
-				return nil
-			}
-		}
-	}
-
-	if stat != nil {
-		// If we get here, it means we've hit an event above that requires us to
-		// continue watching the file or directory
-		return w.associateFile(path, stat, isWatched)
-	}
-	return nil
-}
-
-func (w *Watcher) updateDirectory(path string) error {
-	// The directory was modified, so we must find unwatched entities and watch
-	// them. If something was removed from the directory, nothing will happen,
-	// as everything else should still be watched.
-	files, err := os.ReadDir(path)
-	if err != nil {
-		return err
-	}
-
-	for _, entry := range files {
-		path := filepath.Join(path, entry.Name())
-		if w.port.PathIsWatched(path) {
-			continue
-		}
-
-		finfo, err := entry.Info()
-		if err != nil {
-			return err
-		}
-		err = w.associateFile(path, finfo, false)
-		if err != nil {
-			if !w.sendError(err) {
-				return nil
-			}
-		}
-		if !w.sendEvent(path, Create) {
-			return nil
-		}
-	}
-	return nil
-}
-
-func (w *Watcher) associateFile(path string, stat os.FileInfo, follow bool) error {
-	if w.isClosed() {
-		return ErrClosed
-	}
-	// This is primarily protecting the call to AssociatePath but it is
-	// important and intentional that the call to PathIsWatched is also
-	// protected by this mutex. Without this mutex, AssociatePath has been seen
-	// to error out that the path is already associated.
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	if w.port.PathIsWatched(path) {
-		// Remove the old association in favor of this one If we get ENOENT,
-		// then while the x/sys/unix wrapper still thought that this path was
-		// associated, the underlying event port did not. This call will have
-		// cleared up that discrepancy. The most likely cause is that the event
-		// has fired but we haven't processed it yet.
-		err := w.port.DissociatePath(path)
-		if err != nil && err != unix.ENOENT {
-			return err
-		}
-	}
-	// FILE_NOFOLLOW means we watch symlinks themselves rather than their
-	// targets.
-	events := unix.FILE_MODIFIED | unix.FILE_ATTRIB | unix.FILE_NOFOLLOW
-	if follow {
-		// We *DO* follow symlinks for explicitly watched entries.
-		events = unix.FILE_MODIFIED | unix.FILE_ATTRIB
-	}
-	return w.port.AssociatePath(path, stat,
-		events,
-		stat.Mode())
-}
-
-func (w *Watcher) dissociateFile(path string, stat os.FileInfo, unused bool) error {
-	if !w.port.PathIsWatched(path) {
-		return nil
-	}
-	return w.port.DissociatePath(path)
-}
-
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) WatchList() []string {
-	if w.isClosed() {
-		return nil
-	}
-
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	entries := make([]string, 0, len(w.watches)+len(w.dirs))
-	for pathname := range w.dirs {
-		entries = append(entries, pathname)
-	}
-	for pathname := range w.watches {
-		entries = append(entries, pathname)
-	}
-
-	return entries
-}
--- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go
@ -1,594 +0,0 @@
-//go:build linux && !appengine
-// +build linux,!appengine
-
-// Note: the documentation on the Watcher type and methods is generated from
-// mkdoc.zsh
-
-package fsnotify
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
-	"unsafe"
-
-	"golang.org/x/sys/unix"
-)
-
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\path\to\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-type Watcher struct {
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-	Events chan Event
-
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-	Errors chan error
-
-	// Store fd here as os.File.Read() will no longer return on close after
-	// calling Fd(). See: https://github.com/golang/go/issues/26439
-	fd          int
-	inotifyFile *os.File
-	watches     *watches
-	done        chan struct{} // Channel for sending a "quit message" to the reader goroutine
-	closeMu     sync.Mutex
-	doneResp    chan struct{} // Channel to respond to Close
-}
-
-type (
-	watches struct {
-		mu   sync.RWMutex
-		wd   map[uint32]*watch // wd → watch
-		path map[string]uint32 // pathname → wd
-	}
-	watch struct {
-		wd    uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall)
-		flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags)
-		path  string // Watch path.
-	}
-)
-
-func newWatches() *watches {
-	return &watches{
-		wd:   make(map[uint32]*watch),
-		path: make(map[string]uint32),
-	}
-}
-
-func (w *watches) len() int {
-	w.mu.RLock()
-	defer w.mu.RUnlock()
-	return len(w.wd)
-}
-
-func (w *watches) add(ww *watch) {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	w.wd[ww.wd] = ww
-	w.path[ww.path] = ww.wd
-}
-
-func (w *watches) remove(wd uint32) {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	delete(w.path, w.wd[wd].path)
-	delete(w.wd, wd)
-}
-
-func (w *watches) removePath(path string) (uint32, bool) {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	wd, ok := w.path[path]
-	if !ok {
-		return 0, false
-	}
-
-	delete(w.path, path)
-	delete(w.wd, wd)
-
-	return wd, true
-}
-
-func (w *watches) byPath(path string) *watch {
-	w.mu.RLock()
-	defer w.mu.RUnlock()
-	return w.wd[w.path[path]]
-}
-
-func (w *watches) byWd(wd uint32) *watch {
-	w.mu.RLock()
-	defer w.mu.RUnlock()
-	return w.wd[wd]
-}
-
-func (w *watches) updatePath(path string, f func(*watch) (*watch, error)) error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	var existing *watch
-	wd, ok := w.path[path]
-	if ok {
-		existing = w.wd[wd]
-	}
-
-	upd, err := f(existing)
-	if err != nil {
-		return err
-	}
-	if upd != nil {
-		w.wd[upd.wd] = upd
-		w.path[upd.path] = upd.wd
-
-		if upd.wd != wd {
-			delete(w.wd, wd)
-		}
-	}
-
-	return nil
-}
-
-// NewWatcher creates a new Watcher.
-func NewWatcher() (*Watcher, error) {
-	return NewBufferedWatcher(0)
-}
-
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-func NewBufferedWatcher(sz uint) (*Watcher, error) {
-	// Need to set nonblocking mode for SetDeadline to work, otherwise blocking
-	// I/O operations won't terminate on close.
-	fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK)
-	if fd == -1 {
-		return nil, errno
-	}
-
-	w := &Watcher{
-		fd:          fd,
-		inotifyFile: os.NewFile(uintptr(fd), ""),
-		watches:     newWatches(),
-		Events:      make(chan Event, sz),
-		Errors:      make(chan error),
-		done:        make(chan struct{}),
-		doneResp:    make(chan struct{}),
-	}
-
-	go w.readEvents()
-	return w, nil
-}
-
-// Returns true if the event was sent, or false if watcher is closed.
-func (w *Watcher) sendEvent(e Event) bool {
-	select {
-	case w.Events <- e:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-// Returns true if the error was sent, or false if watcher is closed.
-func (w *Watcher) sendError(err error) bool {
-	select {
-	case w.Errors <- err:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-func (w *Watcher) isClosed() bool {
-	select {
-	case <-w.done:
-		return true
-	default:
-		return false
-	}
-}
-
-// Close removes all watches and closes the Events channel.
-func (w *Watcher) Close() error {
-	w.closeMu.Lock()
-	if w.isClosed() {
-		w.closeMu.Unlock()
-		return nil
-	}
-	close(w.done)
-	w.closeMu.Unlock()
-
-	// Causes any blocking reads to return with an error, provided the file
-	// still supports deadline operations.
-	err := w.inotifyFile.Close()
-	if err != nil {
-		return err
-	}
-
-	// Wait for goroutine to close
-	<-w.doneResp
-
-	return nil
-}
-
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-func (w *Watcher) Add(name string) error { return w.AddWith(name) }
-
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-func (w *Watcher) AddWith(name string, opts ...addOpt) error {
-	if w.isClosed() {
-		return ErrClosed
-	}
-
-	name = filepath.Clean(name)
-	_ = getOptions(opts...)
-
-	var flags uint32 = unix.IN_MOVED_TO | unix.IN_MOVED_FROM |
-		unix.IN_CREATE | unix.IN_ATTRIB | unix.IN_MODIFY |
-		unix.IN_MOVE_SELF | unix.IN_DELETE | unix.IN_DELETE_SELF
-
-	return w.watches.updatePath(name, func(existing *watch) (*watch, error) {
-		if existing != nil {
-			flags |= existing.flags | unix.IN_MASK_ADD
-		}
-
-		wd, err := unix.InotifyAddWatch(w.fd, name, flags)
-		if wd == -1 {
-			return nil, err
-		}
-
-		if existing == nil {
-			return &watch{
-				wd:    uint32(wd),
-				path:  name,
-				flags: flags,
-			}, nil
-		}
-
-		existing.wd = uint32(wd)
-		existing.flags = flags
-		return existing, nil
-	})
-}
-
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) Remove(name string) error {
-	if w.isClosed() {
-		return nil
-	}
-	return w.remove(filepath.Clean(name))
-}
-
-func (w *Watcher) remove(name string) error {
-	wd, ok := w.watches.removePath(name)
-	if !ok {
-		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
-	}
-
-	success, errno := unix.InotifyRmWatch(w.fd, wd)
-	if success == -1 {
-		// TODO: Perhaps it's not helpful to return an error here in every case;
-		//       The only two possible errors are:
-		//
-		//       - EBADF, which happens when w.fd is not a valid file descriptor
-		//         of any kind.
-		//       - EINVAL, which is when fd is not an inotify descriptor or wd
-		//         is not a valid watch descriptor. Watch descriptors are
-		//         invalidated when they are removed explicitly or implicitly;
-		//         explicitly by inotify_rm_watch, implicitly when the file they
-		//         are watching is deleted.
-		return errno
-	}
-	return nil
-}
-
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) WatchList() []string {
-	if w.isClosed() {
-		return nil
-	}
-
-	entries := make([]string, 0, w.watches.len())
-	w.watches.mu.RLock()
-	for pathname := range w.watches.path {
-		entries = append(entries, pathname)
-	}
-	w.watches.mu.RUnlock()
-
-	return entries
-}
-
-// readEvents reads from the inotify file descriptor, converts the
-// received events into Event objects and sends them via the Events channel
-func (w *Watcher) readEvents() {
-	defer func() {
-		close(w.doneResp)
-		close(w.Errors)
-		close(w.Events)
-	}()
-
-	var (
-		buf   [unix.SizeofInotifyEvent * 4096]byte // Buffer for a maximum of 4096 raw events
-		errno error                                // Syscall errno
-	)
-	for {
-		// See if we have been closed.
-		if w.isClosed() {
-			return
-		}
-
-		n, err := w.inotifyFile.Read(buf[:])
-		switch {
-		case errors.Unwrap(err) == os.ErrClosed:
-			return
-		case err != nil:
-			if !w.sendError(err) {
-				return
-			}
-			continue
-		}
-
-		if n < unix.SizeofInotifyEvent {
-			var err error
-			if n == 0 {
-				err = io.EOF // If EOF is received. This should really never happen.
-			} else if n < 0 {
-				err = errno // If an error occurred while reading.
-			} else {
-				err = errors.New("notify: short read in readEvents()") // Read was too short.
-			}
-			if !w.sendError(err) {
-				return
-			}
-			continue
-		}
-
-		var offset uint32
-		// We don't know how many events we just read into the buffer
-		// While the offset points to at least one whole event...
-		for offset <= uint32(n-unix.SizeofInotifyEvent) {
-			var (
-				// Point "raw" to the event in the buffer
-				raw     = (*unix.InotifyEvent)(unsafe.Pointer(&buf[offset]))
-				mask    = uint32(raw.Mask)
-				nameLen = uint32(raw.Len)
-			)
-
-			if mask&unix.IN_Q_OVERFLOW != 0 {
-				if !w.sendError(ErrEventOverflow) {
-					return
-				}
-			}
-
-			// If the event happened to the watched directory or the watched file, the kernel
-			// doesn't append the filename to the event, but we would like to always fill the
-			// the "Name" field with a valid filename. We retrieve the path of the watch from
-			// the "paths" map.
-			watch := w.watches.byWd(uint32(raw.Wd))
-
-			// inotify will automatically remove the watch on deletes; just need
-			// to clean our state here.
-			if watch != nil && mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF {
-				w.watches.remove(watch.wd)
-			}
-			// We can't really update the state when a watched path is moved;
-			// only IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove
-			// the watch.
-			if watch != nil && mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF {
-				err := w.remove(watch.path)
-				if err != nil && !errors.Is(err, ErrNonExistentWatch) {
-					if !w.sendError(err) {
-						return
-					}
-				}
-			}
-
-			var name string
-			if watch != nil {
-				name = watch.path
-			}
-			if nameLen > 0 {
-				// Point "bytes" at the first byte of the filename
-				bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen]
-				// The filename is padded with NULL bytes. TrimRight() gets rid of those.
-				name += "/" + strings.TrimRight(string(bytes[0:nameLen]), "\000")
-			}
-
-			event := w.newEvent(name, mask)
-
-			// Send the events that are not ignored on the events channel
-			if mask&unix.IN_IGNORED == 0 {
-				if !w.sendEvent(event) {
-					return
-				}
-			}
-
-			// Move to the next event in the buffer
-			offset += unix.SizeofInotifyEvent + nameLen
-		}
-	}
-}
-
-// newEvent returns an platform-independent Event based on an inotify mask.
-func (w *Watcher) newEvent(name string, mask uint32) Event {
-	e := Event{Name: name}
-	if mask&unix.IN_CREATE == unix.IN_CREATE || mask&unix.IN_MOVED_TO == unix.IN_MOVED_TO {
-		e.Op |= Create
-	}
-	if mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF || mask&unix.IN_DELETE == unix.IN_DELETE {
-		e.Op |= Remove
-	}
-	if mask&unix.IN_MODIFY == unix.IN_MODIFY {
-		e.Op |= Write
-	}
-	if mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF || mask&unix.IN_MOVED_FROM == unix.IN_MOVED_FROM {
-		e.Op |= Rename
-	}
-	if mask&unix.IN_ATTRIB == unix.IN_ATTRIB {
-		e.Op |= Chmod
-	}
-	return e
-}
--- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go
@ -1,782 +0,0 @@
-//go:build freebsd || openbsd || netbsd || dragonfly || darwin
-// +build freebsd openbsd netbsd dragonfly darwin
-
-// Note: the documentation on the Watcher type and methods is generated from
-// mkdoc.zsh
-
-package fsnotify
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sync"
-
-	"golang.org/x/sys/unix"
-)
-
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\path\to\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-type Watcher struct {
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-	Events chan Event
-
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-	Errors chan error
-
-	done         chan struct{}
-	kq           int                         // File descriptor (as returned by the kqueue() syscall).
-	closepipe    [2]int                      // Pipe used for closing.
-	mu           sync.Mutex                  // Protects access to watcher data
-	watches      map[string]int              // Watched file descriptors (key: path).
-	watchesByDir map[string]map[int]struct{} // Watched file descriptors indexed by the parent directory (key: dirname(path)).
-	userWatches  map[string]struct{}         // Watches added with Watcher.Add()
-	dirFlags     map[string]uint32           // Watched directories to fflags used in kqueue.
-	paths        map[int]pathInfo            // File descriptors to path names for processing kqueue events.
-	fileExists   map[string]struct{}         // Keep track of if we know this file exists (to stop duplicate create events).
-	isClosed     bool                        // Set to true when Close() is first called
-}
-
-type pathInfo struct {
-	name  string
-	isDir bool
-}
-
-// NewWatcher creates a new Watcher.
-func NewWatcher() (*Watcher, error) {
-	return NewBufferedWatcher(0)
-}
-
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-func NewBufferedWatcher(sz uint) (*Watcher, error) {
-	kq, closepipe, err := newKqueue()
-	if err != nil {
-		return nil, err
-	}
-
-	w := &Watcher{
-		kq:           kq,
-		closepipe:    closepipe,
-		watches:      make(map[string]int),
-		watchesByDir: make(map[string]map[int]struct{}),
-		dirFlags:     make(map[string]uint32),
-		paths:        make(map[int]pathInfo),
-		fileExists:   make(map[string]struct{}),
-		userWatches:  make(map[string]struct{}),
-		Events:       make(chan Event, sz),
-		Errors:       make(chan error),
-		done:         make(chan struct{}),
-	}
-
-	go w.readEvents()
-	return w, nil
-}
-
-// newKqueue creates a new kernel event queue and returns a descriptor.
-//
-// This registers a new event on closepipe, which will trigger an event when
-// it's closed. This way we can use kevent() without timeout/polling; without
-// the closepipe, it would block forever and we wouldn't be able to stop it at
-// all.
-func newKqueue() (kq int, closepipe [2]int, err error) {
-	kq, err = unix.Kqueue()
-	if kq == -1 {
-		return kq, closepipe, err
-	}
-
-	// Register the close pipe.
-	err = unix.Pipe(closepipe[:])
-	if err != nil {
-		unix.Close(kq)
-		return kq, closepipe, err
-	}
-
-	// Register changes to listen on the closepipe.
-	changes := make([]unix.Kevent_t, 1)
-	// SetKevent converts int to the platform-specific types.
-	unix.SetKevent(&changes[0], closepipe[0], unix.EVFILT_READ,
-		unix.EV_ADD|unix.EV_ENABLE|unix.EV_ONESHOT)
-
-	ok, err := unix.Kevent(kq, changes, nil, nil)
-	if ok == -1 {
-		unix.Close(kq)
-		unix.Close(closepipe[0])
-		unix.Close(closepipe[1])
-		return kq, closepipe, err
-	}
-	return kq, closepipe, nil
-}
-
-// Returns true if the event was sent, or false if watcher is closed.
-func (w *Watcher) sendEvent(e Event) bool {
-	select {
-	case w.Events <- e:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-// Returns true if the error was sent, or false if watcher is closed.
-func (w *Watcher) sendError(err error) bool {
-	select {
-	case w.Errors <- err:
-		return true
-	case <-w.done:
-		return false
-	}
-}
-
-// Close removes all watches and closes the Events channel.
-func (w *Watcher) Close() error {
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return nil
-	}
-	w.isClosed = true
-
-	// copy paths to remove while locked
-	pathsToRemove := make([]string, 0, len(w.watches))
-	for name := range w.watches {
-		pathsToRemove = append(pathsToRemove, name)
-	}
-	w.mu.Unlock() // Unlock before calling Remove, which also locks
-	for _, name := range pathsToRemove {
-		w.Remove(name)
-	}
-
-	// Send "quit" message to the reader goroutine.
-	unix.Close(w.closepipe[1])
-	close(w.done)
-
-	return nil
-}
-
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-func (w *Watcher) Add(name string) error { return w.AddWith(name) }
-
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-func (w *Watcher) AddWith(name string, opts ...addOpt) error {
-	_ = getOptions(opts...)
-
-	w.mu.Lock()
-	w.userWatches[name] = struct{}{}
-	w.mu.Unlock()
-	_, err := w.addWatch(name, noteAllEvents)
-	return err
-}
-
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) Remove(name string) error {
-	return w.remove(name, true)
-}
-
-func (w *Watcher) remove(name string, unwatchFiles bool) error {
-	name = filepath.Clean(name)
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return nil
-	}
-	watchfd, ok := w.watches[name]
-	w.mu.Unlock()
-	if !ok {
-		return fmt.Errorf("%w: %s", ErrNonExistentWatch, name)
-	}
-
-	err := w.register([]int{watchfd}, unix.EV_DELETE, 0)
-	if err != nil {
-		return err
-	}
-
-	unix.Close(watchfd)
-
-	w.mu.Lock()
-	isDir := w.paths[watchfd].isDir
-	delete(w.watches, name)
-	delete(w.userWatches, name)
-
-	parentName := filepath.Dir(name)
-	delete(w.watchesByDir[parentName], watchfd)
-
-	if len(w.watchesByDir[parentName]) == 0 {
-		delete(w.watchesByDir, parentName)
-	}
-
-	delete(w.paths, watchfd)
-	delete(w.dirFlags, name)
-	delete(w.fileExists, name)
-	w.mu.Unlock()
-
-	// Find all watched paths that are in this directory that are not external.
-	if unwatchFiles && isDir {
-		var pathsToRemove []string
-		w.mu.Lock()
-		for fd := range w.watchesByDir[name] {
-			path := w.paths[fd]
-			if _, ok := w.userWatches[path.name]; !ok {
-				pathsToRemove = append(pathsToRemove, path.name)
-			}
-		}
-		w.mu.Unlock()
-		for _, name := range pathsToRemove {
-			// Since these are internal, not much sense in propagating error to
-			// the user, as that will just confuse them with an error about a
-			// path they did not explicitly watch themselves.
-			w.Remove(name)
-		}
-	}
-	return nil
-}
-
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) WatchList() []string {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	if w.isClosed {
-		return nil
-	}
-
-	entries := make([]string, 0, len(w.userWatches))
-	for pathname := range w.userWatches {
-		entries = append(entries, pathname)
-	}
-
-	return entries
-}
-
-// Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE)
-const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME
-
-// addWatch adds name to the watched file set; the flags are interpreted as
-// described in kevent(2).
-//
-// Returns the real path to the file which was added, with symlinks resolved.
-func (w *Watcher) addWatch(name string, flags uint32) (string, error) {
-	var isDir bool
-	name = filepath.Clean(name)
-
-	w.mu.Lock()
-	if w.isClosed {
-		w.mu.Unlock()
-		return "", ErrClosed
-	}
-	watchfd, alreadyWatching := w.watches[name]
-	// We already have a watch, but we can still override flags.
-	if alreadyWatching {
-		isDir = w.paths[watchfd].isDir
-	}
-	w.mu.Unlock()
-
-	if !alreadyWatching {
-		fi, err := os.Lstat(name)
-		if err != nil {
-			return "", err
-		}
-
-		// Don't watch sockets or named pipes
-		if (fi.Mode()&os.ModeSocket == os.ModeSocket) || (fi.Mode()&os.ModeNamedPipe == os.ModeNamedPipe) {
-			return "", nil
-		}
-
-		// Follow Symlinks.
-		if fi.Mode()&os.ModeSymlink == os.ModeSymlink {
-			link, err := os.Readlink(name)
-			if err != nil {
-				// Return nil because Linux can add unresolvable symlinks to the
-				// watch list without problems, so maintain consistency with
-				// that. There will be no file events for broken symlinks.
-				// TODO: more specific check; returns os.PathError; ENOENT?
-				return "", nil
-			}
-
-			w.mu.Lock()
-			_, alreadyWatching = w.watches[link]
-			w.mu.Unlock()
-
-			if alreadyWatching {
-				// Add to watches so we don't get spurious Create events later
-				// on when we diff the directories.
-				w.watches[name] = 0
-				w.fileExists[name] = struct{}{}
-				return link, nil
-			}
-
-			name = link
-			fi, err = os.Lstat(name)
-			if err != nil {
-				return "", nil
-			}
-		}
-
-		// Retry on EINTR; open() can return EINTR in practice on macOS.
-		// See #354, and Go issues 11180 and 39237.
-		for {
-			watchfd, err = unix.Open(name, openMode, 0)
-			if err == nil {
-				break
-			}
-			if errors.Is(err, unix.EINTR) {
-				continue
-			}
-
-			return "", err
-		}
-
-		isDir = fi.IsDir()
-	}
-
-	err := w.register([]int{watchfd}, unix.EV_ADD|unix.EV_CLEAR|unix.EV_ENABLE, flags)
-	if err != nil {
-		unix.Close(watchfd)
-		return "", err
-	}
-
-	if !alreadyWatching {
-		w.mu.Lock()
-		parentName := filepath.Dir(name)
-		w.watches[name] = watchfd
-
-		watchesByDir, ok := w.watchesByDir[parentName]
-		if !ok {
-			watchesByDir = make(map[int]struct{}, 1)
-			w.watchesByDir[parentName] = watchesByDir
-		}
-		watchesByDir[watchfd] = struct{}{}
-		w.paths[watchfd] = pathInfo{name: name, isDir: isDir}
-		w.mu.Unlock()
-	}
-
-	if isDir {
-		// Watch the directory if it has not been watched before, or if it was
-		// watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles)
-		w.mu.Lock()
-
-		watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE &&
-			(!alreadyWatching || (w.dirFlags[name]&unix.NOTE_WRITE) != unix.NOTE_WRITE)
-		// Store flags so this watch can be updated later
-		w.dirFlags[name] = flags
-		w.mu.Unlock()
-
-		if watchDir {
-			if err := w.watchDirectoryFiles(name); err != nil {
-				return "", err
-			}
-		}
-	}
-	return name, nil
-}
-
-// readEvents reads from kqueue and converts the received kevents into
-// Event values that it sends down the Events channel.
-func (w *Watcher) readEvents() {
-	defer func() {
-		close(w.Events)
-		close(w.Errors)
-		_ = unix.Close(w.kq)
-		unix.Close(w.closepipe[0])
-	}()
-
-	eventBuffer := make([]unix.Kevent_t, 10)
-	for closed := false; !closed; {
-		kevents, err := w.read(eventBuffer)
-		// EINTR is okay, the syscall was interrupted before timeout expired.
-		if err != nil && err != unix.EINTR {
-			if !w.sendError(fmt.Errorf("fsnotify.readEvents: %w", err)) {
-				closed = true
-			}
-			continue
-		}
-
-		// Flush the events we received to the Events channel
-		for _, kevent := range kevents {
-			var (
-				watchfd = int(kevent.Ident)
-				mask    = uint32(kevent.Fflags)
-			)
-
-			// Shut down the loop when the pipe is closed, but only after all
-			// other events have been processed.
-			if watchfd == w.closepipe[0] {
-				closed = true
-				continue
-			}
-
-			w.mu.Lock()
-			path := w.paths[watchfd]
-			w.mu.Unlock()
-
-			event := w.newEvent(path.name, mask)
-
-			if event.Has(Rename) || event.Has(Remove) {
-				w.remove(event.Name, false)
-				w.mu.Lock()
-				delete(w.fileExists, event.Name)
-				w.mu.Unlock()
-			}
-
-			if path.isDir && event.Has(Write) && !event.Has(Remove) {
-				w.sendDirectoryChangeEvents(event.Name)
-			} else {
-				if !w.sendEvent(event) {
-					closed = true
-					continue
-				}
-			}
-
-			if event.Has(Remove) {
-				// Look for a file that may have overwritten this; for example,
-				// mv f1 f2 will delete f2, then create f2.
-				if path.isDir {
-					fileDir := filepath.Clean(event.Name)
-					w.mu.Lock()
-					_, found := w.watches[fileDir]
-					w.mu.Unlock()
-					if found {
-						err := w.sendDirectoryChangeEvents(fileDir)
-						if err != nil {
-							if !w.sendError(err) {
-								closed = true
-							}
-						}
-					}
-				} else {
-					filePath := filepath.Clean(event.Name)
-					if fi, err := os.Lstat(filePath); err == nil {
-						err := w.sendFileCreatedEventIfNew(filePath, fi)
-						if err != nil {
-							if !w.sendError(err) {
-								closed = true
-							}
-						}
-					}
-				}
-			}
-		}
-	}
-}
-
-// newEvent returns an platform-independent Event based on kqueue Fflags.
-func (w *Watcher) newEvent(name string, mask uint32) Event {
-	e := Event{Name: name}
-	if mask&unix.NOTE_DELETE == unix.NOTE_DELETE {
-		e.Op |= Remove
-	}
-	if mask&unix.NOTE_WRITE == unix.NOTE_WRITE {
-		e.Op |= Write
-	}
-	if mask&unix.NOTE_RENAME == unix.NOTE_RENAME {
-		e.Op |= Rename
-	}
-	if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB {
-		e.Op |= Chmod
-	}
-	// No point sending a write and delete event at the same time: if it's gone,
-	// then it's gone.
-	if e.Op.Has(Write) && e.Op.Has(Remove) {
-		e.Op &^= Write
-	}
-	return e
-}
-
-// watchDirectoryFiles to mimic inotify when adding a watch on a directory
-func (w *Watcher) watchDirectoryFiles(dirPath string) error {
-	// Get all files
-	files, err := os.ReadDir(dirPath)
-	if err != nil {
-		return err
-	}
-
-	for _, f := range files {
-		path := filepath.Join(dirPath, f.Name())
-
-		fi, err := f.Info()
-		if err != nil {
-			return fmt.Errorf("%q: %w", path, err)
-		}
-
-		cleanPath, err := w.internalWatch(path, fi)
-		if err != nil {
-			// No permission to read the file; that's not a problem: just skip.
-			// But do add it to w.fileExists to prevent it from being picked up
-			// as a "new" file later (it still shows up in the directory
-			// listing).
-			switch {
-			case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM):
-				cleanPath = filepath.Clean(path)
-			default:
-				return fmt.Errorf("%q: %w", path, err)
-			}
-		}
-
-		w.mu.Lock()
-		w.fileExists[cleanPath] = struct{}{}
-		w.mu.Unlock()
-	}
-
-	return nil
-}
-
-// Search the directory for new files and send an event for them.
-//
-// This functionality is to have the BSD watcher match the inotify, which sends
-// a create event for files created in a watched directory.
-func (w *Watcher) sendDirectoryChangeEvents(dir string) error {
-	files, err := os.ReadDir(dir)
-	if err != nil {
-		// Directory no longer exists: we can ignore this safely. kqueue will
-		// still give us the correct events.
-		if errors.Is(err, os.ErrNotExist) {
-			return nil
-		}
-		return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
-	}
-
-	for _, f := range files {
-		fi, err := f.Info()
-		if err != nil {
-			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
-		}
-
-		err = w.sendFileCreatedEventIfNew(filepath.Join(dir, fi.Name()), fi)
-		if err != nil {
-			// Don't need to send an error if this file isn't readable.
-			if errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) {
-				return nil
-			}
-			return fmt.Errorf("fsnotify.sendDirectoryChangeEvents: %w", err)
-		}
-	}
-	return nil
-}
-
-// sendFileCreatedEvent sends a create event if the file isn't already being tracked.
-func (w *Watcher) sendFileCreatedEventIfNew(filePath string, fi os.FileInfo) (err error) {
-	w.mu.Lock()
-	_, doesExist := w.fileExists[filePath]
-	w.mu.Unlock()
-	if !doesExist {
-		if !w.sendEvent(Event{Name: filePath, Op: Create}) {
-			return
-		}
-	}
-
-	// like watchDirectoryFiles (but without doing another ReadDir)
-	filePath, err = w.internalWatch(filePath, fi)
-	if err != nil {
-		return err
-	}
-
-	w.mu.Lock()
-	w.fileExists[filePath] = struct{}{}
-	w.mu.Unlock()
-
-	return nil
-}
-
-func (w *Watcher) internalWatch(name string, fi os.FileInfo) (string, error) {
-	if fi.IsDir() {
-		// mimic Linux providing delete events for subdirectories, but preserve
-		// the flags used if currently watching subdirectory
-		w.mu.Lock()
-		flags := w.dirFlags[name]
-		w.mu.Unlock()
-
-		flags |= unix.NOTE_DELETE | unix.NOTE_RENAME
-		return w.addWatch(name, flags)
-	}
-
-	// watch file to mimic Linux inotify
-	return w.addWatch(name, noteAllEvents)
-}
-
-// Register events with the queue.
-func (w *Watcher) register(fds []int, flags int, fflags uint32) error {
-	changes := make([]unix.Kevent_t, len(fds))
-	for i, fd := range fds {
-		// SetKevent converts int to the platform-specific types.
-		unix.SetKevent(&changes[i], fd, unix.EVFILT_VNODE, flags)
-		changes[i].Fflags = fflags
-	}
-
-	// Register the events.
-	success, err := unix.Kevent(w.kq, changes, nil, nil)
-	if success == -1 {
-		return err
-	}
-	return nil
-}
-
-// read retrieves pending events, or waits until an event occurs.
-func (w *Watcher) read(events []unix.Kevent_t) ([]unix.Kevent_t, error) {
-	n, err := unix.Kevent(w.kq, nil, events, nil)
-	if err != nil {
-		return nil, err
-	}
-	return events[0:n], nil
-}
--- a/vendor/github.com/fsnotify/fsnotify/backend_other.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_other.go
@ -1,205 +0,0 @@
-//go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows)
-// +build appengine !darwin,!dragonfly,!freebsd,!openbsd,!linux,!netbsd,!solaris,!windows
-
-// Note: the documentation on the Watcher type and methods is generated from
-// mkdoc.zsh
-
-package fsnotify
-
-import "errors"
-
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\path\to\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-type Watcher struct {
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-	Events chan Event
-
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-	Errors chan error
-}
-
-// NewWatcher creates a new Watcher.
-func NewWatcher() (*Watcher, error) {
-	return nil, errors.New("fsnotify not supported on the current platform")
-}
-
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-func NewBufferedWatcher(sz uint) (*Watcher, error) { return NewWatcher() }
-
-// Close removes all watches and closes the Events channel.
-func (w *Watcher) Close() error { return nil }
-
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) WatchList() []string { return nil }
-
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-func (w *Watcher) Add(name string) error { return nil }
-
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-func (w *Watcher) AddWith(name string, opts ...addOpt) error { return nil }
-
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) Remove(name string) error { return nil }
--- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go
+++ b/vendor/github.com/fsnotify/fsnotify/backend_windows.go
@ -1,827 +0,0 @@
-//go:build windows
-// +build windows
-
-// Windows backend based on ReadDirectoryChangesW()
-//
-// https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
-//
-// Note: the documentation on the Watcher type and methods is generated from
-// mkdoc.zsh
-
-package fsnotify
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"reflect"
-	"runtime"
-	"strings"
-	"sync"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\path\to\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-type Watcher struct {
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-	Events chan Event
-
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-	Errors chan error
-
-	port  windows.Handle // Handle to completion port
-	input chan *input    // Inputs to the reader are sent on this channel
-	quit  chan chan<- error
-
-	mu      sync.Mutex // Protects access to watches, closed
-	watches watchMap   // Map of watches (key: i-number)
-	closed  bool       // Set to true when Close() is first called
-}
-
-// NewWatcher creates a new Watcher.
-func NewWatcher() (*Watcher, error) {
-	return NewBufferedWatcher(50)
-}
-
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-func NewBufferedWatcher(sz uint) (*Watcher, error) {
-	port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0)
-	if err != nil {
-		return nil, os.NewSyscallError("CreateIoCompletionPort", err)
-	}
-	w := &Watcher{
-		port:    port,
-		watches: make(watchMap),
-		input:   make(chan *input, 1),
-		Events:  make(chan Event, sz),
-		Errors:  make(chan error),
-		quit:    make(chan chan<- error, 1),
-	}
-	go w.readEvents()
-	return w, nil
-}
-
-func (w *Watcher) isClosed() bool {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-	return w.closed
-}
-
-func (w *Watcher) sendEvent(name string, mask uint64) bool {
-	if mask == 0 {
-		return false
-	}
-
-	event := w.newEvent(name, uint32(mask))
-	select {
-	case ch := <-w.quit:
-		w.quit <- ch
-	case w.Events <- event:
-	}
-	return true
-}
-
-// Returns true if the error was sent, or false if watcher is closed.
-func (w *Watcher) sendError(err error) bool {
-	select {
-	case w.Errors <- err:
-		return true
-	case <-w.quit:
-	}
-	return false
-}
-
-// Close removes all watches and closes the Events channel.
-func (w *Watcher) Close() error {
-	if w.isClosed() {
-		return nil
-	}
-
-	w.mu.Lock()
-	w.closed = true
-	w.mu.Unlock()
-
-	// Send "quit" message to the reader goroutine
-	ch := make(chan error)
-	w.quit <- ch
-	if err := w.wakeupReader(); err != nil {
-		return err
-	}
-	return <-ch
-}
-
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-func (w *Watcher) Add(name string) error { return w.AddWith(name) }
-
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-func (w *Watcher) AddWith(name string, opts ...addOpt) error {
-	if w.isClosed() {
-		return ErrClosed
-	}
-
-	with := getOptions(opts...)
-	if with.bufsize < 4096 {
-		return fmt.Errorf("fsnotify.WithBufferSize: buffer size cannot be smaller than 4096 bytes")
-	}
-
-	in := &input{
-		op:      opAddWatch,
-		path:    filepath.Clean(name),
-		flags:   sysFSALLEVENTS,
-		reply:   make(chan error),
-		bufsize: with.bufsize,
-	}
-	w.input <- in
-	if err := w.wakeupReader(); err != nil {
-		return err
-	}
-	return <-in.reply
-}
-
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) Remove(name string) error {
-	if w.isClosed() {
-		return nil
-	}
-
-	in := &input{
-		op:    opRemoveWatch,
-		path:  filepath.Clean(name),
-		reply: make(chan error),
-	}
-	w.input <- in
-	if err := w.wakeupReader(); err != nil {
-		return err
-	}
-	return <-in.reply
-}
-
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-func (w *Watcher) WatchList() []string {
-	if w.isClosed() {
-		return nil
-	}
-
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	entries := make([]string, 0, len(w.watches))
-	for _, entry := range w.watches {
-		for _, watchEntry := range entry {
-			entries = append(entries, watchEntry.path)
-		}
-	}
-
-	return entries
-}
-
-// These options are from the old golang.org/x/exp/winfsnotify, where you could
-// add various options to the watch. This has long since been removed.
-//
-// The "sys" in the name is misleading as they're not part of any "system".
-//
-// This should all be removed at some point, and just use windows.FILE_NOTIFY_*
-const (
-	sysFSALLEVENTS  = 0xfff
-	sysFSCREATE     = 0x100
-	sysFSDELETE     = 0x200
-	sysFSDELETESELF = 0x400
-	sysFSMODIFY     = 0x2
-	sysFSMOVE       = 0xc0
-	sysFSMOVEDFROM  = 0x40
-	sysFSMOVEDTO    = 0x80
-	sysFSMOVESELF   = 0x800
-	sysFSIGNORED    = 0x8000
-)
-
-func (w *Watcher) newEvent(name string, mask uint32) Event {
-	e := Event{Name: name}
-	if mask&sysFSCREATE == sysFSCREATE || mask&sysFSMOVEDTO == sysFSMOVEDTO {
-		e.Op |= Create
-	}
-	if mask&sysFSDELETE == sysFSDELETE || mask&sysFSDELETESELF == sysFSDELETESELF {
-		e.Op |= Remove
-	}
-	if mask&sysFSMODIFY == sysFSMODIFY {
-		e.Op |= Write
-	}
-	if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM {
-		e.Op |= Rename
-	}
-	return e
-}
-
-const (
-	opAddWatch = iota
-	opRemoveWatch
-)
-
-const (
-	provisional uint64 = 1 << (32 + iota)
-)
-
-type input struct {
-	op      int
-	path    string
-	flags   uint32
-	bufsize int
-	reply   chan error
-}
-
-type inode struct {
-	handle windows.Handle
-	volume uint32
-	index  uint64
-}
-
-type watch struct {
-	ov      windows.Overlapped
-	ino     *inode            // i-number
-	recurse bool              // Recursive watch?
-	path    string            // Directory path
-	mask    uint64            // Directory itself is being watched with these notify flags
-	names   map[string]uint64 // Map of names being watched and their notify flags
-	rename  string            // Remembers the old name while renaming a file
-	buf     []byte            // buffer, allocated later
-}
-
-type (
-	indexMap map[uint64]*watch
-	watchMap map[uint32]indexMap
-)
-
-func (w *Watcher) wakeupReader() error {
-	err := windows.PostQueuedCompletionStatus(w.port, 0, 0, nil)
-	if err != nil {
-		return os.NewSyscallError("PostQueuedCompletionStatus", err)
-	}
-	return nil
-}
-
-func (w *Watcher) getDir(pathname string) (dir string, err error) {
-	attr, err := windows.GetFileAttributes(windows.StringToUTF16Ptr(pathname))
-	if err != nil {
-		return "", os.NewSyscallError("GetFileAttributes", err)
-	}
-	if attr&windows.FILE_ATTRIBUTE_DIRECTORY != 0 {
-		dir = pathname
-	} else {
-		dir, _ = filepath.Split(pathname)
-		dir = filepath.Clean(dir)
-	}
-	return
-}
-
-func (w *Watcher) getIno(path string) (ino *inode, err error) {
-	h, err := windows.CreateFile(windows.StringToUTF16Ptr(path),
-		windows.FILE_LIST_DIRECTORY,
-		windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE|windows.FILE_SHARE_DELETE,
-		nil, windows.OPEN_EXISTING,
-		windows.FILE_FLAG_BACKUP_SEMANTICS|windows.FILE_FLAG_OVERLAPPED, 0)
-	if err != nil {
-		return nil, os.NewSyscallError("CreateFile", err)
-	}
-
-	var fi windows.ByHandleFileInformation
-	err = windows.GetFileInformationByHandle(h, &fi)
-	if err != nil {
-		windows.CloseHandle(h)
-		return nil, os.NewSyscallError("GetFileInformationByHandle", err)
-	}
-	ino = &inode{
-		handle: h,
-		volume: fi.VolumeSerialNumber,
-		index:  uint64(fi.FileIndexHigh)<<32 | uint64(fi.FileIndexLow),
-	}
-	return ino, nil
-}
-
-// Must run within the I/O thread.
-func (m watchMap) get(ino *inode) *watch {
-	if i := m[ino.volume]; i != nil {
-		return i[ino.index]
-	}
-	return nil
-}
-
-// Must run within the I/O thread.
-func (m watchMap) set(ino *inode, watch *watch) {
-	i := m[ino.volume]
-	if i == nil {
-		i = make(indexMap)
-		m[ino.volume] = i
-	}
-	i[ino.index] = watch
-}
-
-// Must run within the I/O thread.
-func (w *Watcher) addWatch(pathname string, flags uint64, bufsize int) error {
-	//pathname, recurse := recursivePath(pathname)
-	recurse := false
-
-	dir, err := w.getDir(pathname)
-	if err != nil {
-		return err
-	}
-
-	ino, err := w.getIno(dir)
-	if err != nil {
-		return err
-	}
-	w.mu.Lock()
-	watchEntry := w.watches.get(ino)
-	w.mu.Unlock()
-	if watchEntry == nil {
-		_, err := windows.CreateIoCompletionPort(ino.handle, w.port, 0, 0)
-		if err != nil {
-			windows.CloseHandle(ino.handle)
-			return os.NewSyscallError("CreateIoCompletionPort", err)
-		}
-		watchEntry = &watch{
-			ino:     ino,
-			path:    dir,
-			names:   make(map[string]uint64),
-			recurse: recurse,
-			buf:     make([]byte, bufsize),
-		}
-		w.mu.Lock()
-		w.watches.set(ino, watchEntry)
-		w.mu.Unlock()
-		flags |= provisional
-	} else {
-		windows.CloseHandle(ino.handle)
-	}
-	if pathname == dir {
-		watchEntry.mask |= flags
-	} else {
-		watchEntry.names[filepath.Base(pathname)] |= flags
-	}
-
-	err = w.startRead(watchEntry)
-	if err != nil {
-		return err
-	}
-
-	if pathname == dir {
-		watchEntry.mask &= ^provisional
-	} else {
-		watchEntry.names[filepath.Base(pathname)] &= ^provisional
-	}
-	return nil
-}
-
-// Must run within the I/O thread.
-func (w *Watcher) remWatch(pathname string) error {
-	pathname, recurse := recursivePath(pathname)
-
-	dir, err := w.getDir(pathname)
-	if err != nil {
-		return err
-	}
-	ino, err := w.getIno(dir)
-	if err != nil {
-		return err
-	}
-
-	w.mu.Lock()
-	watch := w.watches.get(ino)
-	w.mu.Unlock()
-
-	if recurse && !watch.recurse {
-		return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname)
-	}
-
-	err = windows.CloseHandle(ino.handle)
-	if err != nil {
-		w.sendError(os.NewSyscallError("CloseHandle", err))
-	}
-	if watch == nil {
-		return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname)
-	}
-	if pathname == dir {
-		w.sendEvent(watch.path, watch.mask&sysFSIGNORED)
-		watch.mask = 0
-	} else {
-		name := filepath.Base(pathname)
-		w.sendEvent(filepath.Join(watch.path, name), watch.names[name]&sysFSIGNORED)
-		delete(watch.names, name)
-	}
-
-	return w.startRead(watch)
-}
-
-// Must run within the I/O thread.
-func (w *Watcher) deleteWatch(watch *watch) {
-	for name, mask := range watch.names {
-		if mask&provisional == 0 {
-			w.sendEvent(filepath.Join(watch.path, name), mask&sysFSIGNORED)
-		}
-		delete(watch.names, name)
-	}
-	if watch.mask != 0 {
-		if watch.mask&provisional == 0 {
-			w.sendEvent(watch.path, watch.mask&sysFSIGNORED)
-		}
-		watch.mask = 0
-	}
-}
-
-// Must run within the I/O thread.
-func (w *Watcher) startRead(watch *watch) error {
-	err := windows.CancelIo(watch.ino.handle)
-	if err != nil {
-		w.sendError(os.NewSyscallError("CancelIo", err))
-		w.deleteWatch(watch)
-	}
-	mask := w.toWindowsFlags(watch.mask)
-	for _, m := range watch.names {
-		mask |= w.toWindowsFlags(m)
-	}
-	if mask == 0 {
-		err := windows.CloseHandle(watch.ino.handle)
-		if err != nil {
-			w.sendError(os.NewSyscallError("CloseHandle", err))
-		}
-		w.mu.Lock()
-		delete(w.watches[watch.ino.volume], watch.ino.index)
-		w.mu.Unlock()
-		return nil
-	}
-
-	// We need to pass the array, rather than the slice.
-	hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf))
-	rdErr := windows.ReadDirectoryChanges(watch.ino.handle,
-		(*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len),
-		watch.recurse, mask, nil, &watch.ov, 0)
-	if rdErr != nil {
-		err := os.NewSyscallError("ReadDirectoryChanges", rdErr)
-		if rdErr == windows.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 {
-			// Watched directory was probably removed
-			w.sendEvent(watch.path, watch.mask&sysFSDELETESELF)
-			err = nil
-		}
-		w.deleteWatch(watch)
-		w.startRead(watch)
-		return err
-	}
-	return nil
-}
-
-// readEvents reads from the I/O completion port, converts the
-// received events into Event objects and sends them via the Events channel.
-// Entry point to the I/O thread.
-func (w *Watcher) readEvents() {
-	var (
-		n   uint32
-		key uintptr
-		ov  *windows.Overlapped
-	)
-	runtime.LockOSThread()
-
-	for {
-		// This error is handled after the watch == nil check below.
-		qErr := windows.GetQueuedCompletionStatus(w.port, &n, &key, &ov, windows.INFINITE)
-
-		watch := (*watch)(unsafe.Pointer(ov))
-		if watch == nil {
-			select {
-			case ch := <-w.quit:
-				w.mu.Lock()
-				var indexes []indexMap
-				for _, index := range w.watches {
-					indexes = append(indexes, index)
-				}
-				w.mu.Unlock()
-				for _, index := range indexes {
-					for _, watch := range index {
-						w.deleteWatch(watch)
-						w.startRead(watch)
-					}
-				}
-
-				err := windows.CloseHandle(w.port)
-				if err != nil {
-					err = os.NewSyscallError("CloseHandle", err)
-				}
-				close(w.Events)
-				close(w.Errors)
-				ch <- err
-				return
-			case in := <-w.input:
-				switch in.op {
-				case opAddWatch:
-					in.reply <- w.addWatch(in.path, uint64(in.flags), in.bufsize)
-				case opRemoveWatch:
-					in.reply <- w.remWatch(in.path)
-				}
-			default:
-			}
-			continue
-		}
-
-		switch qErr {
-		case nil:
-			// No error
-		case windows.ERROR_MORE_DATA:
-			if watch == nil {
-				w.sendError(errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer"))
-			} else {
-				// The i/o succeeded but the buffer is full.
-				// In theory we should be building up a full packet.
-				// In practice we can get away with just carrying on.
-				n = uint32(unsafe.Sizeof(watch.buf))
-			}
-		case windows.ERROR_ACCESS_DENIED:
-			// Watched directory was probably removed
-			w.sendEvent(watch.path, watch.mask&sysFSDELETESELF)
-			w.deleteWatch(watch)
-			w.startRead(watch)
-			continue
-		case windows.ERROR_OPERATION_ABORTED:
-			// CancelIo was called on this handle
-			continue
-		default:
-			w.sendError(os.NewSyscallError("GetQueuedCompletionPort", qErr))
-			continue
-		}
-
-		var offset uint32
-		for {
-			if n == 0 {
-				w.sendError(ErrEventOverflow)
-				break
-			}
-
-			// Point "raw" to the event in the buffer
-			raw := (*windows.FileNotifyInformation)(unsafe.Pointer(&watch.buf[offset]))
-
-			// Create a buf that is the size of the path name
-			size := int(raw.FileNameLength / 2)
-			var buf []uint16
-			// TODO: Use unsafe.Slice in Go 1.17; https://stackoverflow.com/questions/51187973
-			sh := (*reflect.SliceHeader)(unsafe.Pointer(&buf))
-			sh.Data = uintptr(unsafe.Pointer(&raw.FileName))
-			sh.Len = size
-			sh.Cap = size
-			name := windows.UTF16ToString(buf)
-			fullname := filepath.Join(watch.path, name)
-
-			var mask uint64
-			switch raw.Action {
-			case windows.FILE_ACTION_REMOVED:
-				mask = sysFSDELETESELF
-			case windows.FILE_ACTION_MODIFIED:
-				mask = sysFSMODIFY
-			case windows.FILE_ACTION_RENAMED_OLD_NAME:
-				watch.rename = name
-			case windows.FILE_ACTION_RENAMED_NEW_NAME:
-				// Update saved path of all sub-watches.
-				old := filepath.Join(watch.path, watch.rename)
-				w.mu.Lock()
-				for _, watchMap := range w.watches {
-					for _, ww := range watchMap {
-						if strings.HasPrefix(ww.path, old) {
-							ww.path = filepath.Join(fullname, strings.TrimPrefix(ww.path, old))
-						}
-					}
-				}
-				w.mu.Unlock()
-
-				if watch.names[watch.rename] != 0 {
-					watch.names[name] |= watch.names[watch.rename]
-					delete(watch.names, watch.rename)
-					mask = sysFSMOVESELF
-				}
-			}
-
-			sendNameEvent := func() {
-				w.sendEvent(fullname, watch.names[name]&mask)
-			}
-			if raw.Action != windows.FILE_ACTION_RENAMED_NEW_NAME {
-				sendNameEvent()
-			}
-			if raw.Action == windows.FILE_ACTION_REMOVED {
-				w.sendEvent(fullname, watch.names[name]&sysFSIGNORED)
-				delete(watch.names, name)
-			}
-
-			w.sendEvent(fullname, watch.mask&w.toFSnotifyFlags(raw.Action))
-			if raw.Action == windows.FILE_ACTION_RENAMED_NEW_NAME {
-				fullname = filepath.Join(watch.path, watch.rename)
-				sendNameEvent()
-			}
-
-			// Move to the next event in the buffer
-			if raw.NextEntryOffset == 0 {
-				break
-			}
-			offset += raw.NextEntryOffset
-
-			// Error!
-			if offset >= n {
-				//lint:ignore ST1005 Windows should be capitalized
-				w.sendError(errors.New(
-					"Windows system assumed buffer larger than it is, events have likely been missed"))
-				break
-			}
-		}
-
-		if err := w.startRead(watch); err != nil {
-			w.sendError(err)
-		}
-	}
-}
-
-func (w *Watcher) toWindowsFlags(mask uint64) uint32 {
-	var m uint32
-	if mask&sysFSMODIFY != 0 {
-		m |= windows.FILE_NOTIFY_CHANGE_LAST_WRITE
-	}
-	if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 {
-		m |= windows.FILE_NOTIFY_CHANGE_FILE_NAME | windows.FILE_NOTIFY_CHANGE_DIR_NAME
-	}
-	return m
-}
-
-func (w *Watcher) toFSnotifyFlags(action uint32) uint64 {
-	switch action {
-	case windows.FILE_ACTION_ADDED:
-		return sysFSCREATE
-	case windows.FILE_ACTION_REMOVED:
-		return sysFSDELETE
-	case windows.FILE_ACTION_MODIFIED:
-		return sysFSMODIFY
-	case windows.FILE_ACTION_RENAMED_OLD_NAME:
-		return sysFSMOVEDFROM
-	case windows.FILE_ACTION_RENAMED_NEW_NAME:
-		return sysFSMOVEDTO
-	}
-	return 0
-}
--- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go
+++ b/vendor/github.com/fsnotify/fsnotify/fsnotify.go
@ -1,146 +0,0 @@
-// Package fsnotify provides a cross-platform interface for file system
-// notifications.
-//
-// Currently supported systems:
-//
-//	Linux 2.6.32+    via inotify
-//	BSD, macOS       via kqueue
-//	Windows          via ReadDirectoryChangesW
-//	illumos          via FEN
-package fsnotify
-
-import (
-	"errors"
-	"fmt"
-	"path/filepath"
-	"strings"
-)
-
-// Event represents a file system notification.
-type Event struct {
-	// Path to the file or directory.
-	//
-	// Paths are relative to the input; for example with Add("dir") the Name
-	// will be set to "dir/file" if you create that file, but if you use
-	// Add("/path/to/dir") it will be "/path/to/dir/file".
-	Name string
-
-	// File operation that triggered the event.
-	//
-	// This is a bitmask and some systems may send multiple operations at once.
-	// Use the Event.Has() method instead of comparing with ==.
-	Op Op
-}
-
-// Op describes a set of file operations.
-type Op uint32
-
-// The operations fsnotify can trigger; see the documentation on [Watcher] for a
-// full description, and check them with [Event.Has].
-const (
-	// A new pathname was created.
-	Create Op = 1 << iota
-
-	// The pathname was written to; this does *not* mean the write has finished,
-	// and a write can be followed by more writes.
-	Write
-
-	// The path was removed; any watches on it will be removed. Some "remove"
-	// operations may trigger a Rename if the file is actually moved (for
-	// example "remove to trash" is often a rename).
-	Remove
-
-	// The path was renamed to something else; any watched on it will be
-	// removed.
-	Rename
-
-	// File attributes were changed.
-	//
-	// It's generally not recommended to take action on this event, as it may
-	// get triggered very frequently by some software. For example, Spotlight
-	// indexing on macOS, anti-virus software, backup software, etc.
-	Chmod
-)
-
-// Common errors that can be reported.
-var (
-	ErrNonExistentWatch = errors.New("fsnotify: can't remove non-existent watch")
-	ErrEventOverflow    = errors.New("fsnotify: queue or buffer overflow")
-	ErrClosed           = errors.New("fsnotify: watcher already closed")
-)
-
-func (o Op) String() string {
-	var b strings.Builder
-	if o.Has(Create) {
-		b.WriteString("|CREATE")
-	}
-	if o.Has(Remove) {
-		b.WriteString("|REMOVE")
-	}
-	if o.Has(Write) {
-		b.WriteString("|WRITE")
-	}
-	if o.Has(Rename) {
-		b.WriteString("|RENAME")
-	}
-	if o.Has(Chmod) {
-		b.WriteString("|CHMOD")
-	}
-	if b.Len() == 0 {
-		return "[no events]"
-	}
-	return b.String()[1:]
-}
-
-// Has reports if this operation has the given operation.
-func (o Op) Has(h Op) bool { return o&h != 0 }
-
-// Has reports if this event has the given operation.
-func (e Event) Has(op Op) bool { return e.Op.Has(op) }
-
-// String returns a string representation of the event with their path.
-func (e Event) String() string {
-	return fmt.Sprintf("%-13s %q", e.Op.String(), e.Name)
-}
-
-type (
-	addOpt   func(opt *withOpts)
-	withOpts struct {
-		bufsize int
-	}
-)
-
-var defaultOpts = withOpts{
-	bufsize: 65536, // 64K
-}
-
-func getOptions(opts ...addOpt) withOpts {
-	with := defaultOpts
-	for _, o := range opts {
-		o(&with)
-	}
-	return with
-}
-
-// WithBufferSize sets the [ReadDirectoryChangesW] buffer size.
-//
-// This only has effect on Windows systems, and is a no-op for other backends.
-//
-// The default value is 64K (65536 bytes) which is the highest value that works
-// on all filesystems and should be enough for most applications, but if you
-// have a large burst of events it may not be enough. You can increase it if
-// you're hitting "queue or buffer overflow" errors ([ErrEventOverflow]).
-//
-// [ReadDirectoryChangesW]: https://learn.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-readdirectorychangesw
-func WithBufferSize(bytes int) addOpt {
-	return func(opt *withOpts) { opt.bufsize = bytes }
-}
-
-// Check if this path is recursive (ends with "/..." or "\..."), and return the
-// path with the /... stripped.
-func recursivePath(path string) (string, bool) {
-	if filepath.Base(path) == "..." {
-		return filepath.Dir(path), true
-	}
-	return path, false
-}
--- a/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
+++ b/vendor/github.com/fsnotify/fsnotify/mkdoc.zsh
@ -1,259 +0,0 @@
-#!/usr/bin/env zsh
-[ "${ZSH_VERSION:-}" = "" ] && echo >&2 "Only works with zsh" && exit 1
-setopt err_exit no_unset pipefail extended_glob
-
-# Simple script to update the godoc comments on all watchers so you don't need
-# to update the same comment 5 times.
-
-watcher=$(<<EOF
-// Watcher watches a set of paths, delivering events on a channel.
-//
-// A watcher should not be copied (e.g. pass it by pointer, rather than by
-// value).
-//
-// # Linux notes
-//
-// When a file is removed a Remove event won't be emitted until all file
-// descriptors are closed, and deletes will always emit a Chmod. For example:
-//
-//	fp := os.Open("file")
-//	os.Remove("file")        // Triggers Chmod
-//	fp.Close()               // Triggers Remove
-//
-// This is the event that inotify sends, so not much can be changed about this.
-//
-// The fs.inotify.max_user_watches sysctl variable specifies the upper limit
-// for the number of watches per user, and fs.inotify.max_user_instances
-// specifies the maximum number of inotify instances per user. Every Watcher you
-// create is an "instance", and every path you add is a "watch".
-//
-// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and
-// /proc/sys/fs/inotify/max_user_instances
-//
-// To increase them you can use sysctl or write the value to the /proc file:
-//
-//	# Default values on Linux 5.18
-//	sysctl fs.inotify.max_user_watches=124983
-//	sysctl fs.inotify.max_user_instances=128
-//
-// To make the changes persist on reboot edit /etc/sysctl.conf or
-// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check
-// your distro's documentation):
-//
-//	fs.inotify.max_user_watches=124983
-//	fs.inotify.max_user_instances=128
-//
-// Reaching the limit will result in a "no space left on device" or "too many open
-// files" error.
-//
-// # kqueue notes (macOS, BSD)
-//
-// kqueue requires opening a file descriptor for every file that's being watched;
-// so if you're watching a directory with five files then that's six file
-// descriptors. You will run in to your system's "max open files" limit faster on
-// these platforms.
-//
-// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to
-// control the maximum number of open files, as well as /etc/login.conf on BSD
-// systems.
-//
-// # Windows notes
-//
-// Paths can be added as "C:\\path\\to\\dir", but forward slashes
-// ("C:/path/to/dir") will also work.
-//
-// When a watched directory is removed it will always send an event for the
-// directory itself, but may not send events for all files in that directory.
-// Sometimes it will send events for all times, sometimes it will send no
-// events, and often only for some files.
-//
-// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest
-// value that is guaranteed to work with SMB filesystems. If you have many
-// events in quick succession this may not be enough, and you will have to use
-// [WithBufferSize] to increase the value.
-EOF
-)
-
-new=$(<<EOF
-// NewWatcher creates a new Watcher.
-EOF
-)
-
-newbuffered=$(<<EOF
-// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events
-// channel.
-//
-// The main use case for this is situations with a very large number of events
-// where the kernel buffer size can't be increased (e.g. due to lack of
-// permissions). An unbuffered Watcher will perform better for almost all use
-// cases, and whenever possible you will be better off increasing the kernel
-// buffers instead of adding a large userspace buffer.
-EOF
-)
-
-add=$(<<EOF
-// Add starts monitoring the path for changes.
-//
-// A path can only be watched once; watching it more than once is a no-op and will
-// not return an error. Paths that do not yet exist on the filesystem cannot be
-// watched.
-//
-// A watch will be automatically removed if the watched path is deleted or
-// renamed. The exception is the Windows backend, which doesn't remove the
-// watcher on renames.
-//
-// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special
-// filesystems (/proc, /sys, etc.) generally don't work.
-//
-// Returns [ErrClosed] if [Watcher.Close] was called.
-//
-// See [Watcher.AddWith] for a version that allows adding options.
-//
-// # Watching directories
-//
-// All files in a directory are monitored, including new files that are created
-// after the watcher is started. Subdirectories are not watched (i.e. it's
-// non-recursive).
-//
-// # Watching files
-//
-// Watching individual files (rather than directories) is generally not
-// recommended as many programs (especially editors) update files atomically: it
-// will write to a temporary file which is then moved to to destination,
-// overwriting the original (or some variant thereof). The watcher on the
-// original file is now lost, as that no longer exists.
-//
-// The upshot of this is that a power failure or crash won't leave a
-// half-written file.
-//
-// Watch the parent directory and use Event.Name to filter out files you're not
-// interested in. There is an example of this in cmd/fsnotify/file.go.
-EOF
-)
-
-addwith=$(<<EOF
-// AddWith is like [Watcher.Add], but allows adding options. When using Add()
-// the defaults described below are used.
-//
-// Possible options are:
-//
-//   - [WithBufferSize] sets the buffer size for the Windows backend; no-op on
-//     other platforms. The default is 64K (65536 bytes).
-EOF
-)
-
-remove=$(<<EOF
-// Remove stops monitoring the path for changes.
-//
-// Directories are always removed non-recursively. For example, if you added
-// /tmp/dir and /tmp/dir/subdir then you will need to remove both.
-//
-// Removing a path that has not yet been added returns [ErrNonExistentWatch].
-//
-// Returns nil if [Watcher.Close] was called.
-EOF
-)
-
-close=$(<<EOF
-// Close removes all watches and closes the Events channel.
-EOF
-)
-
-watchlist=$(<<EOF
-// WatchList returns all paths explicitly added with [Watcher.Add] (and are not
-// yet removed).
-//
-// Returns nil if [Watcher.Close] was called.
-EOF
-)
-
-events=$(<<EOF
-	// Events sends the filesystem change events.
-	//
-	// fsnotify can send the following events; a "path" here can refer to a
-	// file, directory, symbolic link, or special file like a FIFO.
-	//
-	//   fsnotify.Create    A new path was created; this may be followed by one
-	//                      or more Write events if data also gets written to a
-	//                      file.
-	//
-	//   fsnotify.Remove    A path was removed.
-	//
-	//   fsnotify.Rename    A path was renamed. A rename is always sent with the
-	//                      old path as Event.Name, and a Create event will be
-	//                      sent with the new name. Renames are only sent for
-	//                      paths that are currently watched; e.g. moving an
-	//                      unmonitored file into a monitored directory will
-	//                      show up as just a Create. Similarly, renaming a file
-	//                      to outside a monitored directory will show up as
-	//                      only a Rename.
-	//
-	//   fsnotify.Write     A file or named pipe was written to. A Truncate will
-	//                      also trigger a Write. A single "write action"
-	//                      initiated by the user may show up as one or multiple
-	//                      writes, depending on when the system syncs things to
-	//                      disk. For example when compiling a large Go program
-	//                      you may get hundreds of Write events, and you may
-	//                      want to wait until you've stopped receiving them
-	//                      (see the dedup example in cmd/fsnotify).
-	//
-	//                      Some systems may send Write event for directories
-	//                      when the directory content changes.
-	//
-	//   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
-	//                      when a file is removed (or more accurately, when a
-	//                      link to an inode is removed). On kqueue it's sent
-	//                      when a file is truncated. On Windows it's never
-	//                      sent.
-EOF
-)
-
-errors=$(<<EOF
-	// Errors sends any errors.
-	//
-	// ErrEventOverflow is used to indicate there are too many events:
-	//
-	//  - inotify:      There are too many queued events (fs.inotify.max_queued_events sysctl)
-	//  - windows:      The buffer size is too small; WithBufferSize() can be used to increase it.
-	//  - kqueue, fen:  Not used.
-EOF
-)
-
-set-cmt() {
-	local pat=$1
-	local cmt=$2
-
-	IFS=$'\n' local files=($(grep -n $pat backend_*~*_test.go))
-	for f in $files; do
-		IFS=':' local fields=($=f)
-		local file=$fields[1]
-		local end=$(( $fields[2] - 1 ))
-
-		# Find start of comment.
-		local start=0
-		IFS=$'\n' local lines=($(head -n$end $file))
-		for (( i = 1; i <= $#lines; i++ )); do
-			local line=$lines[-$i]
-			if ! grep -q '^[[:space:]]*//' <<<$line; then
-				start=$(( end - (i - 2) ))
-				break
-			fi
-		done
-
-		head -n $(( start - 1 )) $file  >/tmp/x
-		print -r -- $cmt                >>/tmp/x
-		tail -n+$(( end + 1 ))   $file  >>/tmp/x
-		mv /tmp/x $file
-	done
-}
-
-set-cmt '^type Watcher struct '             $watcher
-set-cmt '^func NewWatcher('                 $new
-set-cmt '^func NewBufferedWatcher('         $newbuffered
-set-cmt '^func (w \*Watcher) Add('          $add
-set-cmt '^func (w \*Watcher) AddWith('      $addwith
-set-cmt '^func (w \*Watcher) Remove('       $remove
-set-cmt '^func (w \*Watcher) Close('        $close
-set-cmt '^func (w \*Watcher) WatchList('    $watchlist
-set-cmt '^[[:space:]]*Events *chan Event$'  $events
-set-cmt '^[[:space:]]*Errors *chan error$'  $errors
--- a/vendor/github.com/fsnotify/fsnotify/system_bsd.go
+++ b/vendor/github.com/fsnotify/fsnotify/system_bsd.go
@ -1,8 +0,0 @@
-//go:build freebsd || openbsd || netbsd || dragonfly
-// +build freebsd openbsd netbsd dragonfly
-
-package fsnotify
-
-import "golang.org/x/sys/unix"
-
-const openMode = unix.O_NONBLOCK | unix.O_RDONLY | unix.O_CLOEXEC
--- a/vendor/github.com/fsnotify/fsnotify/system_darwin.go
+++ b/vendor/github.com/fsnotify/fsnotify/system_darwin.go
@ -1,9 +0,0 @@
-//go:build darwin
-// +build darwin
-
-package fsnotify
-
-import "golang.org/x/sys/unix"
-
-// note: this constant is not defined on BSD
-const openMode = unix.O_EVTONLY | unix.O_CLOEXEC
--- a/vendor/github.com/go-logr/logr/.golangci.yaml
+++ b/vendor/github.com/go-logr/logr/.golangci.yaml
@ -1,26 +1,28 @@
+version: "2"
+
 run:
  timeout: 1m
  tests: true

 linters:
-  disable-all: true
-  enable:
+  default: none
+  enable: # please keep this alphabetized
+    - asasalint
    - asciicheck
+    - copyloopvar
+    - dupl
    - errcheck
    - forcetypeassert
+    - goconst
    - gocritic
-    - gofmt
-    - goimports
-    - gosimple
    - govet
    - ineffassign
    - misspell
+    - musttag
    - revive
    - staticcheck
-    - typecheck
    - unused

 issues:
-  exclude-use-default: false
  max-issues-per-linter: 0
  max-same-issues: 10
--- a/vendor/github.com/golang/protobuf/AUTHORS
+++ b/vendor/github.com/golang/protobuf/AUTHORS
@ -1,3 +0,0 @@
-# This source code refers to The Go Authors for copyright purposes.
-# The master list of authors is in the main Go distribution,
-# visible at http://tip.golang.org/AUTHORS.
--- a/vendor/github.com/golang/protobuf/CONTRIBUTORS
+++ b/vendor/github.com/golang/protobuf/CONTRIBUTORS
@ -1,3 +0,0 @@
-# This source code was written by the Go contributors.
-# The master list of contributors is in the main Go distribution,
-# visible at http://tip.golang.org/CONTRIBUTORS.
--- a/vendor/github.com/golang/protobuf/LICENSE
+++ b/vendor/github.com/golang/protobuf/LICENSE
@ -1,28 +0,0 @@
-Copyright 2010 The Go Authors.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-    * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
--- a/vendor/github.com/golang/protobuf/proto/buffer.go
+++ b/vendor/github.com/golang/protobuf/proto/buffer.go
@ -1,324 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"errors"
-	"fmt"
-
-	"google.golang.org/protobuf/encoding/prototext"
-	"google.golang.org/protobuf/encoding/protowire"
-	"google.golang.org/protobuf/runtime/protoimpl"
-)
-
-const (
-	WireVarint     = 0
-	WireFixed32    = 5
-	WireFixed64    = 1
-	WireBytes      = 2
-	WireStartGroup = 3
-	WireEndGroup   = 4
-)
-
-// EncodeVarint returns the varint encoded bytes of v.
-func EncodeVarint(v uint64) []byte {
-	return protowire.AppendVarint(nil, v)
-}
-
-// SizeVarint returns the length of the varint encoded bytes of v.
-// This is equal to len(EncodeVarint(v)).
-func SizeVarint(v uint64) int {
-	return protowire.SizeVarint(v)
-}
-
-// DecodeVarint parses a varint encoded integer from b,
-// returning the integer value and the length of the varint.
-// It returns (0, 0) if there is a parse error.
-func DecodeVarint(b []byte) (uint64, int) {
-	v, n := protowire.ConsumeVarint(b)
-	if n < 0 {
-		return 0, 0
-	}
-	return v, n
-}
-
-// Buffer is a buffer for encoding and decoding the protobuf wire format.
-// It may be reused between invocations to reduce memory usage.
-type Buffer struct {
-	buf           []byte
-	idx           int
-	deterministic bool
-}
-
-// NewBuffer allocates a new Buffer initialized with buf,
-// where the contents of buf are considered the unread portion of the buffer.
-func NewBuffer(buf []byte) *Buffer {
-	return &Buffer{buf: buf}
-}
-
-// SetDeterministic specifies whether to use deterministic serialization.
-//
-// Deterministic serialization guarantees that for a given binary, equal
-// messages will always be serialized to the same bytes. This implies:
-//
-//   - Repeated serialization of a message will return the same bytes.
-//   - Different processes of the same binary (which may be executing on
-//     different machines) will serialize equal messages to the same bytes.
-//
-// Note that the deterministic serialization is NOT canonical across
-// languages. It is not guaranteed to remain stable over time. It is unstable
-// across different builds with schema changes due to unknown fields.
-// Users who need canonical serialization (e.g., persistent storage in a
-// canonical form, fingerprinting, etc.) should define their own
-// canonicalization specification and implement their own serializer rather
-// than relying on this API.
-//
-// If deterministic serialization is requested, map entries will be sorted
-// by keys in lexographical order. This is an implementation detail and
-// subject to change.
-func (b *Buffer) SetDeterministic(deterministic bool) {
-	b.deterministic = deterministic
-}
-
-// SetBuf sets buf as the internal buffer,
-// where the contents of buf are considered the unread portion of the buffer.
-func (b *Buffer) SetBuf(buf []byte) {
-	b.buf = buf
-	b.idx = 0
-}
-
-// Reset clears the internal buffer of all written and unread data.
-func (b *Buffer) Reset() {
-	b.buf = b.buf[:0]
-	b.idx = 0
-}
-
-// Bytes returns the internal buffer.
-func (b *Buffer) Bytes() []byte {
-	return b.buf
-}
-
-// Unread returns the unread portion of the buffer.
-func (b *Buffer) Unread() []byte {
-	return b.buf[b.idx:]
-}
-
-// Marshal appends the wire-format encoding of m to the buffer.
-func (b *Buffer) Marshal(m Message) error {
-	var err error
-	b.buf, err = marshalAppend(b.buf, m, b.deterministic)
-	return err
-}
-
-// Unmarshal parses the wire-format message in the buffer and
-// places the decoded results in m.
-// It does not reset m before unmarshaling.
-func (b *Buffer) Unmarshal(m Message) error {
-	err := UnmarshalMerge(b.Unread(), m)
-	b.idx = len(b.buf)
-	return err
-}
-
-type unknownFields struct{ XXX_unrecognized protoimpl.UnknownFields }
-
-func (m *unknownFields) String() string { panic("not implemented") }
-func (m *unknownFields) Reset()         { panic("not implemented") }
-func (m *unknownFields) ProtoMessage()  { panic("not implemented") }
-
-// DebugPrint dumps the encoded bytes of b with a header and footer including s
-// to stdout. This is only intended for debugging.
-func (*Buffer) DebugPrint(s string, b []byte) {
-	m := MessageReflect(new(unknownFields))
-	m.SetUnknown(b)
-	b, _ = prototext.MarshalOptions{AllowPartial: true, Indent: "\t"}.Marshal(m.Interface())
-	fmt.Printf("==== %s ====\n%s==== %s ====\n", s, b, s)
-}
-
-// EncodeVarint appends an unsigned varint encoding to the buffer.
-func (b *Buffer) EncodeVarint(v uint64) error {
-	b.buf = protowire.AppendVarint(b.buf, v)
-	return nil
-}
-
-// EncodeZigzag32 appends a 32-bit zig-zag varint encoding to the buffer.
-func (b *Buffer) EncodeZigzag32(v uint64) error {
-	return b.EncodeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
-}
-
-// EncodeZigzag64 appends a 64-bit zig-zag varint encoding to the buffer.
-func (b *Buffer) EncodeZigzag64(v uint64) error {
-	return b.EncodeVarint(uint64((uint64(v) << 1) ^ uint64((int64(v) >> 63))))
-}
-
-// EncodeFixed32 appends a 32-bit little-endian integer to the buffer.
-func (b *Buffer) EncodeFixed32(v uint64) error {
-	b.buf = protowire.AppendFixed32(b.buf, uint32(v))
-	return nil
-}
-
-// EncodeFixed64 appends a 64-bit little-endian integer to the buffer.
-func (b *Buffer) EncodeFixed64(v uint64) error {
-	b.buf = protowire.AppendFixed64(b.buf, uint64(v))
-	return nil
-}
-
-// EncodeRawBytes appends a length-prefixed raw bytes to the buffer.
-func (b *Buffer) EncodeRawBytes(v []byte) error {
-	b.buf = protowire.AppendBytes(b.buf, v)
-	return nil
-}
-
-// EncodeStringBytes appends a length-prefixed raw bytes to the buffer.
-// It does not validate whether v contains valid UTF-8.
-func (b *Buffer) EncodeStringBytes(v string) error {
-	b.buf = protowire.AppendString(b.buf, v)
-	return nil
-}
-
-// EncodeMessage appends a length-prefixed encoded message to the buffer.
-func (b *Buffer) EncodeMessage(m Message) error {
-	var err error
-	b.buf = protowire.AppendVarint(b.buf, uint64(Size(m)))
-	b.buf, err = marshalAppend(b.buf, m, b.deterministic)
-	return err
-}
-
-// DecodeVarint consumes an encoded unsigned varint from the buffer.
-func (b *Buffer) DecodeVarint() (uint64, error) {
-	v, n := protowire.ConsumeVarint(b.buf[b.idx:])
-	if n < 0 {
-		return 0, protowire.ParseError(n)
-	}
-	b.idx += n
-	return uint64(v), nil
-}
-
-// DecodeZigzag32 consumes an encoded 32-bit zig-zag varint from the buffer.
-func (b *Buffer) DecodeZigzag32() (uint64, error) {
-	v, err := b.DecodeVarint()
-	if err != nil {
-		return 0, err
-	}
-	return uint64((uint32(v) >> 1) ^ uint32((int32(v&1)<<31)>>31)), nil
-}
-
-// DecodeZigzag64 consumes an encoded 64-bit zig-zag varint from the buffer.
-func (b *Buffer) DecodeZigzag64() (uint64, error) {
-	v, err := b.DecodeVarint()
-	if err != nil {
-		return 0, err
-	}
-	return uint64((uint64(v) >> 1) ^ uint64((int64(v&1)<<63)>>63)), nil
-}
-
-// DecodeFixed32 consumes a 32-bit little-endian integer from the buffer.
-func (b *Buffer) DecodeFixed32() (uint64, error) {
-	v, n := protowire.ConsumeFixed32(b.buf[b.idx:])
-	if n < 0 {
-		return 0, protowire.ParseError(n)
-	}
-	b.idx += n
-	return uint64(v), nil
-}
-
-// DecodeFixed64 consumes a 64-bit little-endian integer from the buffer.
-func (b *Buffer) DecodeFixed64() (uint64, error) {
-	v, n := protowire.ConsumeFixed64(b.buf[b.idx:])
-	if n < 0 {
-		return 0, protowire.ParseError(n)
-	}
-	b.idx += n
-	return uint64(v), nil
-}
-
-// DecodeRawBytes consumes a length-prefixed raw bytes from the buffer.
-// If alloc is specified, it returns a copy the raw bytes
-// rather than a sub-slice of the buffer.
-func (b *Buffer) DecodeRawBytes(alloc bool) ([]byte, error) {
-	v, n := protowire.ConsumeBytes(b.buf[b.idx:])
-	if n < 0 {
-		return nil, protowire.ParseError(n)
-	}
-	b.idx += n
-	if alloc {
-		v = append([]byte(nil), v...)
-	}
-	return v, nil
-}
-
-// DecodeStringBytes consumes a length-prefixed raw bytes from the buffer.
-// It does not validate whether the raw bytes contain valid UTF-8.
-func (b *Buffer) DecodeStringBytes() (string, error) {
-	v, n := protowire.ConsumeString(b.buf[b.idx:])
-	if n < 0 {
-		return "", protowire.ParseError(n)
-	}
-	b.idx += n
-	return v, nil
-}
-
-// DecodeMessage consumes a length-prefixed message from the buffer.
-// It does not reset m before unmarshaling.
-func (b *Buffer) DecodeMessage(m Message) error {
-	v, err := b.DecodeRawBytes(false)
-	if err != nil {
-		return err
-	}
-	return UnmarshalMerge(v, m)
-}
-
-// DecodeGroup consumes a message group from the buffer.
-// It assumes that the start group marker has already been consumed and
-// consumes all bytes until (and including the end group marker).
-// It does not reset m before unmarshaling.
-func (b *Buffer) DecodeGroup(m Message) error {
-	v, n, err := consumeGroup(b.buf[b.idx:])
-	if err != nil {
-		return err
-	}
-	b.idx += n
-	return UnmarshalMerge(v, m)
-}
-
-// consumeGroup parses b until it finds an end group marker, returning
-// the raw bytes of the message (excluding the end group marker) and the
-// the total length of the message (including the end group marker).
-func consumeGroup(b []byte) ([]byte, int, error) {
-	b0 := b
-	depth := 1 // assume this follows a start group marker
-	for {
-		_, wtyp, tagLen := protowire.ConsumeTag(b)
-		if tagLen < 0 {
-			return nil, 0, protowire.ParseError(tagLen)
-		}
-		b = b[tagLen:]
-
-		var valLen int
-		switch wtyp {
-		case protowire.VarintType:
-			_, valLen = protowire.ConsumeVarint(b)
-		case protowire.Fixed32Type:
-			_, valLen = protowire.ConsumeFixed32(b)
-		case protowire.Fixed64Type:
-			_, valLen = protowire.ConsumeFixed64(b)
-		case protowire.BytesType:
-			_, valLen = protowire.ConsumeBytes(b)
-		case protowire.StartGroupType:
-			depth++
-		case protowire.EndGroupType:
-			depth--
-		default:
-			return nil, 0, errors.New("proto: cannot parse reserved wire type")
-		}
-		if valLen < 0 {
-			return nil, 0, protowire.ParseError(valLen)
-		}
-		b = b[valLen:]
-
-		if depth == 0 {
-			return b0[:len(b0)-len(b)-tagLen], len(b0) - len(b), nil
-		}
-	}
-}
--- a/vendor/github.com/golang/protobuf/proto/defaults.go
+++ b/vendor/github.com/golang/protobuf/proto/defaults.go
@ -1,63 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-// SetDefaults sets unpopulated scalar fields to their default values.
-// Fields within a oneof are not set even if they have a default value.
-// SetDefaults is recursively called upon any populated message fields.
-func SetDefaults(m Message) {
-	if m != nil {
-		setDefaults(MessageReflect(m))
-	}
-}
-
-func setDefaults(m protoreflect.Message) {
-	fds := m.Descriptor().Fields()
-	for i := 0; i < fds.Len(); i++ {
-		fd := fds.Get(i)
-		if !m.Has(fd) {
-			if fd.HasDefault() && fd.ContainingOneof() == nil {
-				v := fd.Default()
-				if fd.Kind() == protoreflect.BytesKind {
-					v = protoreflect.ValueOf(append([]byte(nil), v.Bytes()...)) // copy the default bytes
-				}
-				m.Set(fd, v)
-			}
-			continue
-		}
-	}
-
-	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		switch {
-		// Handle singular message.
-		case fd.Cardinality() != protoreflect.Repeated:
-			if fd.Message() != nil {
-				setDefaults(m.Get(fd).Message())
-			}
-		// Handle list of messages.
-		case fd.IsList():
-			if fd.Message() != nil {
-				ls := m.Get(fd).List()
-				for i := 0; i < ls.Len(); i++ {
-					setDefaults(ls.Get(i).Message())
-				}
-			}
-		// Handle map of messages.
-		case fd.IsMap():
-			if fd.MapValue().Message() != nil {
-				ms := m.Get(fd).Map()
-				ms.Range(func(_ protoreflect.MapKey, v protoreflect.Value) bool {
-					setDefaults(v.Message())
-					return true
-				})
-			}
-		}
-		return true
-	})
-}
--- a/vendor/github.com/golang/protobuf/proto/deprecated.go
+++ b/vendor/github.com/golang/protobuf/proto/deprecated.go
@ -1,113 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strconv"
-
-	protoV2 "google.golang.org/protobuf/proto"
-)
-
-var (
-	// Deprecated: No longer returned.
-	ErrNil = errors.New("proto: Marshal called with nil")
-
-	// Deprecated: No longer returned.
-	ErrTooLarge = errors.New("proto: message encodes to over 2 GB")
-
-	// Deprecated: No longer returned.
-	ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof")
-)
-
-// Deprecated: Do not use.
-type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 }
-
-// Deprecated: Do not use.
-func GetStats() Stats { return Stats{} }
-
-// Deprecated: Do not use.
-func MarshalMessageSet(interface{}) ([]byte, error) {
-	return nil, errors.New("proto: not implemented")
-}
-
-// Deprecated: Do not use.
-func UnmarshalMessageSet([]byte, interface{}) error {
-	return errors.New("proto: not implemented")
-}
-
-// Deprecated: Do not use.
-func MarshalMessageSetJSON(interface{}) ([]byte, error) {
-	return nil, errors.New("proto: not implemented")
-}
-
-// Deprecated: Do not use.
-func UnmarshalMessageSetJSON([]byte, interface{}) error {
-	return errors.New("proto: not implemented")
-}
-
-// Deprecated: Do not use.
-func RegisterMessageSetType(Message, int32, string) {}
-
-// Deprecated: Do not use.
-func EnumName(m map[int32]string, v int32) string {
-	s, ok := m[v]
-	if ok {
-		return s
-	}
-	return strconv.Itoa(int(v))
-}
-
-// Deprecated: Do not use.
-func UnmarshalJSONEnum(m map[string]int32, data []byte, enumName string) (int32, error) {
-	if data[0] == '"' {
-		// New style: enums are strings.
-		var repr string
-		if err := json.Unmarshal(data, &repr); err != nil {
-			return -1, err
-		}
-		val, ok := m[repr]
-		if !ok {
-			return 0, fmt.Errorf("unrecognized enum %s value %q", enumName, repr)
-		}
-		return val, nil
-	}
-	// Old style: enums are ints.
-	var val int32
-	if err := json.Unmarshal(data, &val); err != nil {
-		return 0, fmt.Errorf("cannot unmarshal %#q into enum %s", data, enumName)
-	}
-	return val, nil
-}
-
-// Deprecated: Do not use; this type existed for intenal-use only.
-type InternalMessageInfo struct{}
-
-// Deprecated: Do not use; this method existed for intenal-use only.
-func (*InternalMessageInfo) DiscardUnknown(m Message) {
-	DiscardUnknown(m)
-}
-
-// Deprecated: Do not use; this method existed for intenal-use only.
-func (*InternalMessageInfo) Marshal(b []byte, m Message, deterministic bool) ([]byte, error) {
-	return protoV2.MarshalOptions{Deterministic: deterministic}.MarshalAppend(b, MessageV2(m))
-}
-
-// Deprecated: Do not use; this method existed for intenal-use only.
-func (*InternalMessageInfo) Merge(dst, src Message) {
-	protoV2.Merge(MessageV2(dst), MessageV2(src))
-}
-
-// Deprecated: Do not use; this method existed for intenal-use only.
-func (*InternalMessageInfo) Size(m Message) int {
-	return protoV2.Size(MessageV2(m))
-}
-
-// Deprecated: Do not use; this method existed for intenal-use only.
-func (*InternalMessageInfo) Unmarshal(m Message, b []byte) error {
-	return protoV2.UnmarshalOptions{Merge: true}.Unmarshal(b, MessageV2(m))
-}
--- a/vendor/github.com/golang/protobuf/proto/discard.go
+++ b/vendor/github.com/golang/protobuf/proto/discard.go
@ -1,58 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"google.golang.org/protobuf/reflect/protoreflect"
-)
-
-// DiscardUnknown recursively discards all unknown fields from this message
-// and all embedded messages.
-//
-// When unmarshaling a message with unrecognized fields, the tags and values
-// of such fields are preserved in the Message. This allows a later call to
-// marshal to be able to produce a message that continues to have those
-// unrecognized fields. To avoid this, DiscardUnknown is used to
-// explicitly clear the unknown fields after unmarshaling.
-func DiscardUnknown(m Message) {
-	if m != nil {
-		discardUnknown(MessageReflect(m))
-	}
-}
-
-func discardUnknown(m protoreflect.Message) {
-	m.Range(func(fd protoreflect.FieldDescriptor, val protoreflect.Value) bool {
-		switch {
-		// Handle singular message.
-		case fd.Cardinality() != protoreflect.Repeated:
-			if fd.Message() != nil {
-				discardUnknown(m.Get(fd).Message())
-			}
-		// Handle list of messages.
-		case fd.IsList():
-			if fd.Message() != nil {
-				ls := m.Get(fd).List()
-				for i := 0; i < ls.Len(); i++ {
-					discardUnknown(ls.Get(i).Message())
-				}
-			}
-		// Handle map of messages.
-		case fd.IsMap():
-			if fd.MapValue().Message() != nil {
-				ms := m.Get(fd).Map()
-				ms.Range(func(_ protoreflect.MapKey, v protoreflect.Value) bool {
-					discardUnknown(v.Message())
-					return true
-				})
-			}
-		}
-		return true
-	})
-
-	// Discard unknown fields.
-	if len(m.GetUnknown()) > 0 {
-		m.SetUnknown(nil)
-	}
-}
--- a/vendor/github.com/golang/protobuf/proto/extensions.go
+++ b/vendor/github.com/golang/protobuf/proto/extensions.go
@ -1,356 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"errors"
-	"fmt"
-	"reflect"
-
-	"google.golang.org/protobuf/encoding/protowire"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-	"google.golang.org/protobuf/runtime/protoiface"
-	"google.golang.org/protobuf/runtime/protoimpl"
-)
-
-type (
-	// ExtensionDesc represents an extension descriptor and
-	// is used to interact with an extension field in a message.
-	//
-	// Variables of this type are generated in code by protoc-gen-go.
-	ExtensionDesc = protoimpl.ExtensionInfo
-
-	// ExtensionRange represents a range of message extensions.
-	// Used in code generated by protoc-gen-go.
-	ExtensionRange = protoiface.ExtensionRangeV1
-
-	// Deprecated: Do not use; this is an internal type.
-	Extension = protoimpl.ExtensionFieldV1
-
-	// Deprecated: Do not use; this is an internal type.
-	XXX_InternalExtensions = protoimpl.ExtensionFields
-)
-
-// ErrMissingExtension reports whether the extension was not present.
-var ErrMissingExtension = errors.New("proto: missing extension")
-
-var errNotExtendable = errors.New("proto: not an extendable proto.Message")
-
-// HasExtension reports whether the extension field is present in m
-// either as an explicitly populated field or as an unknown field.
-func HasExtension(m Message, xt *ExtensionDesc) (has bool) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return false
-	}
-
-	// Check whether any populated known field matches the field number.
-	xtd := xt.TypeDescriptor()
-	if isValidExtension(mr.Descriptor(), xtd) {
-		has = mr.Has(xtd)
-	} else {
-		mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
-			has = int32(fd.Number()) == xt.Field
-			return !has
-		})
-	}
-
-	// Check whether any unknown field matches the field number.
-	for b := mr.GetUnknown(); !has && len(b) > 0; {
-		num, _, n := protowire.ConsumeField(b)
-		has = int32(num) == xt.Field
-		b = b[n:]
-	}
-	return has
-}
-
-// ClearExtension removes the extension field from m
-// either as an explicitly populated field or as an unknown field.
-func ClearExtension(m Message, xt *ExtensionDesc) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return
-	}
-
-	xtd := xt.TypeDescriptor()
-	if isValidExtension(mr.Descriptor(), xtd) {
-		mr.Clear(xtd)
-	} else {
-		mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
-			if int32(fd.Number()) == xt.Field {
-				mr.Clear(fd)
-				return false
-			}
-			return true
-		})
-	}
-	clearUnknown(mr, fieldNum(xt.Field))
-}
-
-// ClearAllExtensions clears all extensions from m.
-// This includes populated fields and unknown fields in the extension range.
-func ClearAllExtensions(m Message) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return
-	}
-
-	mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
-		if fd.IsExtension() {
-			mr.Clear(fd)
-		}
-		return true
-	})
-	clearUnknown(mr, mr.Descriptor().ExtensionRanges())
-}
-
-// GetExtension retrieves a proto2 extended field from m.
-//
-// If the descriptor is type complete (i.e., ExtensionDesc.ExtensionType is non-nil),
-// then GetExtension parses the encoded field and returns a Go value of the specified type.
-// If the field is not present, then the default value is returned (if one is specified),
-// otherwise ErrMissingExtension is reported.
-//
-// If the descriptor is type incomplete (i.e., ExtensionDesc.ExtensionType is nil),
-// then GetExtension returns the raw encoded bytes for the extension field.
-func GetExtension(m Message, xt *ExtensionDesc) (interface{}, error) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
-		return nil, errNotExtendable
-	}
-
-	// Retrieve the unknown fields for this extension field.
-	var bo protoreflect.RawFields
-	for bi := mr.GetUnknown(); len(bi) > 0; {
-		num, _, n := protowire.ConsumeField(bi)
-		if int32(num) == xt.Field {
-			bo = append(bo, bi[:n]...)
-		}
-		bi = bi[n:]
-	}
-
-	// For type incomplete descriptors, only retrieve the unknown fields.
-	if xt.ExtensionType == nil {
-		return []byte(bo), nil
-	}
-
-	// If the extension field only exists as unknown fields, unmarshal it.
-	// This is rarely done since proto.Unmarshal eagerly unmarshals extensions.
-	xtd := xt.TypeDescriptor()
-	if !isValidExtension(mr.Descriptor(), xtd) {
-		return nil, fmt.Errorf("proto: bad extended type; %T does not extend %T", xt.ExtendedType, m)
-	}
-	if !mr.Has(xtd) && len(bo) > 0 {
-		m2 := mr.New()
-		if err := (proto.UnmarshalOptions{
-			Resolver: extensionResolver{xt},
-		}.Unmarshal(bo, m2.Interface())); err != nil {
-			return nil, err
-		}
-		if m2.Has(xtd) {
-			mr.Set(xtd, m2.Get(xtd))
-			clearUnknown(mr, fieldNum(xt.Field))
-		}
-	}
-
-	// Check whether the message has the extension field set or a default.
-	var pv protoreflect.Value
-	switch {
-	case mr.Has(xtd):
-		pv = mr.Get(xtd)
-	case xtd.HasDefault():
-		pv = xtd.Default()
-	default:
-		return nil, ErrMissingExtension
-	}
-
-	v := xt.InterfaceOf(pv)
-	rv := reflect.ValueOf(v)
-	if isScalarKind(rv.Kind()) {
-		rv2 := reflect.New(rv.Type())
-		rv2.Elem().Set(rv)
-		v = rv2.Interface()
-	}
-	return v, nil
-}
-
-// extensionResolver is a custom extension resolver that stores a single
-// extension type that takes precedence over the global registry.
-type extensionResolver struct{ xt protoreflect.ExtensionType }
-
-func (r extensionResolver) FindExtensionByName(field protoreflect.FullName) (protoreflect.ExtensionType, error) {
-	if xtd := r.xt.TypeDescriptor(); xtd.FullName() == field {
-		return r.xt, nil
-	}
-	return protoregistry.GlobalTypes.FindExtensionByName(field)
-}
-
-func (r extensionResolver) FindExtensionByNumber(message protoreflect.FullName, field protoreflect.FieldNumber) (protoreflect.ExtensionType, error) {
-	if xtd := r.xt.TypeDescriptor(); xtd.ContainingMessage().FullName() == message && xtd.Number() == field {
-		return r.xt, nil
-	}
-	return protoregistry.GlobalTypes.FindExtensionByNumber(message, field)
-}
-
-// GetExtensions returns a list of the extensions values present in m,
-// corresponding with the provided list of extension descriptors, xts.
-// If an extension is missing in m, the corresponding value is nil.
-func GetExtensions(m Message, xts []*ExtensionDesc) ([]interface{}, error) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return nil, errNotExtendable
-	}
-
-	vs := make([]interface{}, len(xts))
-	for i, xt := range xts {
-		v, err := GetExtension(m, xt)
-		if err != nil {
-			if err == ErrMissingExtension {
-				continue
-			}
-			return vs, err
-		}
-		vs[i] = v
-	}
-	return vs, nil
-}
-
-// SetExtension sets an extension field in m to the provided value.
-func SetExtension(m Message, xt *ExtensionDesc, v interface{}) error {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
-		return errNotExtendable
-	}
-
-	rv := reflect.ValueOf(v)
-	if reflect.TypeOf(v) != reflect.TypeOf(xt.ExtensionType) {
-		return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", v, xt.ExtensionType)
-	}
-	if rv.Kind() == reflect.Ptr {
-		if rv.IsNil() {
-			return fmt.Errorf("proto: SetExtension called with nil value of type %T", v)
-		}
-		if isScalarKind(rv.Elem().Kind()) {
-			v = rv.Elem().Interface()
-		}
-	}
-
-	xtd := xt.TypeDescriptor()
-	if !isValidExtension(mr.Descriptor(), xtd) {
-		return fmt.Errorf("proto: bad extended type; %T does not extend %T", xt.ExtendedType, m)
-	}
-	mr.Set(xtd, xt.ValueOf(v))
-	clearUnknown(mr, fieldNum(xt.Field))
-	return nil
-}
-
-// SetRawExtension inserts b into the unknown fields of m.
-//
-// Deprecated: Use Message.ProtoReflect.SetUnknown instead.
-func SetRawExtension(m Message, fnum int32, b []byte) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return
-	}
-
-	// Verify that the raw field is valid.
-	for b0 := b; len(b0) > 0; {
-		num, _, n := protowire.ConsumeField(b0)
-		if int32(num) != fnum {
-			panic(fmt.Sprintf("mismatching field number: got %d, want %d", num, fnum))
-		}
-		b0 = b0[n:]
-	}
-
-	ClearExtension(m, &ExtensionDesc{Field: fnum})
-	mr.SetUnknown(append(mr.GetUnknown(), b...))
-}
-
-// ExtensionDescs returns a list of extension descriptors found in m,
-// containing descriptors for both populated extension fields in m and
-// also unknown fields of m that are in the extension range.
-// For the later case, an type incomplete descriptor is provided where only
-// the ExtensionDesc.Field field is populated.
-// The order of the extension descriptors is undefined.
-func ExtensionDescs(m Message) ([]*ExtensionDesc, error) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
-		return nil, errNotExtendable
-	}
-
-	// Collect a set of known extension descriptors.
-	extDescs := make(map[protoreflect.FieldNumber]*ExtensionDesc)
-	mr.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		if fd.IsExtension() {
-			xt := fd.(protoreflect.ExtensionTypeDescriptor)
-			if xd, ok := xt.Type().(*ExtensionDesc); ok {
-				extDescs[fd.Number()] = xd
-			}
-		}
-		return true
-	})
-
-	// Collect a set of unknown extension descriptors.
-	extRanges := mr.Descriptor().ExtensionRanges()
-	for b := mr.GetUnknown(); len(b) > 0; {
-		num, _, n := protowire.ConsumeField(b)
-		if extRanges.Has(num) && extDescs[num] == nil {
-			extDescs[num] = nil
-		}
-		b = b[n:]
-	}
-
-	// Transpose the set of descriptors into a list.
-	var xts []*ExtensionDesc
-	for num, xt := range extDescs {
-		if xt == nil {
-			xt = &ExtensionDesc{Field: int32(num)}
-		}
-		xts = append(xts, xt)
-	}
-	return xts, nil
-}
-
-// isValidExtension reports whether xtd is a valid extension descriptor for md.
-func isValidExtension(md protoreflect.MessageDescriptor, xtd protoreflect.ExtensionTypeDescriptor) bool {
-	return xtd.ContainingMessage() == md && md.ExtensionRanges().Has(xtd.Number())
-}
-
-// isScalarKind reports whether k is a protobuf scalar kind (except bytes).
-// This function exists for historical reasons since the representation of
-// scalars differs between v1 and v2, where v1 uses *T and v2 uses T.
-func isScalarKind(k reflect.Kind) bool {
-	switch k {
-	case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String:
-		return true
-	default:
-		return false
-	}
-}
-
-// clearUnknown removes unknown fields from m where remover.Has reports true.
-func clearUnknown(m protoreflect.Message, remover interface {
-	Has(protoreflect.FieldNumber) bool
-}) {
-	var bo protoreflect.RawFields
-	for bi := m.GetUnknown(); len(bi) > 0; {
-		num, _, n := protowire.ConsumeField(bi)
-		if !remover.Has(num) {
-			bo = append(bo, bi[:n]...)
-		}
-		bi = bi[n:]
-	}
-	if bi := m.GetUnknown(); len(bi) != len(bo) {
-		m.SetUnknown(bo)
-	}
-}
-
-type fieldNum protoreflect.FieldNumber
-
-func (n1 fieldNum) Has(n2 protoreflect.FieldNumber) bool {
-	return protoreflect.FieldNumber(n1) == n2
-}
--- a/vendor/github.com/golang/protobuf/proto/properties.go
+++ b/vendor/github.com/golang/protobuf/proto/properties.go
@ -1,306 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"fmt"
-	"reflect"
-	"strconv"
-	"strings"
-	"sync"
-
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/runtime/protoimpl"
-)
-
-// StructProperties represents protocol buffer type information for a
-// generated protobuf message in the open-struct API.
-//
-// Deprecated: Do not use.
-type StructProperties struct {
-	// Prop are the properties for each field.
-	//
-	// Fields belonging to a oneof are stored in OneofTypes instead, with a
-	// single Properties representing the parent oneof held here.
-	//
-	// The order of Prop matches the order of fields in the Go struct.
-	// Struct fields that are not related to protobufs have a "XXX_" prefix
-	// in the Properties.Name and must be ignored by the user.
-	Prop []*Properties
-
-	// OneofTypes contains information about the oneof fields in this message.
-	// It is keyed by the protobuf field name.
-	OneofTypes map[string]*OneofProperties
-}
-
-// Properties represents the type information for a protobuf message field.
-//
-// Deprecated: Do not use.
-type Properties struct {
-	// Name is a placeholder name with little meaningful semantic value.
-	// If the name has an "XXX_" prefix, the entire Properties must be ignored.
-	Name string
-	// OrigName is the protobuf field name or oneof name.
-	OrigName string
-	// JSONName is the JSON name for the protobuf field.
-	JSONName string
-	// Enum is a placeholder name for enums.
-	// For historical reasons, this is neither the Go name for the enum,
-	// nor the protobuf name for the enum.
-	Enum string // Deprecated: Do not use.
-	// Weak contains the full name of the weakly referenced message.
-	Weak string
-	// Wire is a string representation of the wire type.
-	Wire string
-	// WireType is the protobuf wire type for the field.
-	WireType int
-	// Tag is the protobuf field number.
-	Tag int
-	// Required reports whether this is a required field.
-	Required bool
-	// Optional reports whether this is a optional field.
-	Optional bool
-	// Repeated reports whether this is a repeated field.
-	Repeated bool
-	// Packed reports whether this is a packed repeated field of scalars.
-	Packed bool
-	// Proto3 reports whether this field operates under the proto3 syntax.
-	Proto3 bool
-	// Oneof reports whether this field belongs within a oneof.
-	Oneof bool
-
-	// Default is the default value in string form.
-	Default string
-	// HasDefault reports whether the field has a default value.
-	HasDefault bool
-
-	// MapKeyProp is the properties for the key field for a map field.
-	MapKeyProp *Properties
-	// MapValProp is the properties for the value field for a map field.
-	MapValProp *Properties
-}
-
-// OneofProperties represents the type information for a protobuf oneof.
-//
-// Deprecated: Do not use.
-type OneofProperties struct {
-	// Type is a pointer to the generated wrapper type for the field value.
-	// This is nil for messages that are not in the open-struct API.
-	Type reflect.Type
-	// Field is the index into StructProperties.Prop for the containing oneof.
-	Field int
-	// Prop is the properties for the field.
-	Prop *Properties
-}
-
-// String formats the properties in the protobuf struct field tag style.
-func (p *Properties) String() string {
-	s := p.Wire
-	s += "," + strconv.Itoa(p.Tag)
-	if p.Required {
-		s += ",req"
-	}
-	if p.Optional {
-		s += ",opt"
-	}
-	if p.Repeated {
-		s += ",rep"
-	}
-	if p.Packed {
-		s += ",packed"
-	}
-	s += ",name=" + p.OrigName
-	if p.JSONName != "" {
-		s += ",json=" + p.JSONName
-	}
-	if len(p.Enum) > 0 {
-		s += ",enum=" + p.Enum
-	}
-	if len(p.Weak) > 0 {
-		s += ",weak=" + p.Weak
-	}
-	if p.Proto3 {
-		s += ",proto3"
-	}
-	if p.Oneof {
-		s += ",oneof"
-	}
-	if p.HasDefault {
-		s += ",def=" + p.Default
-	}
-	return s
-}
-
-// Parse populates p by parsing a string in the protobuf struct field tag style.
-func (p *Properties) Parse(tag string) {
-	// For example: "bytes,49,opt,name=foo,def=hello!"
-	for len(tag) > 0 {
-		i := strings.IndexByte(tag, ',')
-		if i < 0 {
-			i = len(tag)
-		}
-		switch s := tag[:i]; {
-		case strings.HasPrefix(s, "name="):
-			p.OrigName = s[len("name="):]
-		case strings.HasPrefix(s, "json="):
-			p.JSONName = s[len("json="):]
-		case strings.HasPrefix(s, "enum="):
-			p.Enum = s[len("enum="):]
-		case strings.HasPrefix(s, "weak="):
-			p.Weak = s[len("weak="):]
-		case strings.Trim(s, "0123456789") == "":
-			n, _ := strconv.ParseUint(s, 10, 32)
-			p.Tag = int(n)
-		case s == "opt":
-			p.Optional = true
-		case s == "req":
-			p.Required = true
-		case s == "rep":
-			p.Repeated = true
-		case s == "varint" || s == "zigzag32" || s == "zigzag64":
-			p.Wire = s
-			p.WireType = WireVarint
-		case s == "fixed32":
-			p.Wire = s
-			p.WireType = WireFixed32
-		case s == "fixed64":
-			p.Wire = s
-			p.WireType = WireFixed64
-		case s == "bytes":
-			p.Wire = s
-			p.WireType = WireBytes
-		case s == "group":
-			p.Wire = s
-			p.WireType = WireStartGroup
-		case s == "packed":
-			p.Packed = true
-		case s == "proto3":
-			p.Proto3 = true
-		case s == "oneof":
-			p.Oneof = true
-		case strings.HasPrefix(s, "def="):
-			// The default tag is special in that everything afterwards is the
-			// default regardless of the presence of commas.
-			p.HasDefault = true
-			p.Default, i = tag[len("def="):], len(tag)
-		}
-		tag = strings.TrimPrefix(tag[i:], ",")
-	}
-}
-
-// Init populates the properties from a protocol buffer struct tag.
-//
-// Deprecated: Do not use.
-func (p *Properties) Init(typ reflect.Type, name, tag string, f *reflect.StructField) {
-	p.Name = name
-	p.OrigName = name
-	if tag == "" {
-		return
-	}
-	p.Parse(tag)
-
-	if typ != nil && typ.Kind() == reflect.Map {
-		p.MapKeyProp = new(Properties)
-		p.MapKeyProp.Init(nil, "Key", f.Tag.Get("protobuf_key"), nil)
-		p.MapValProp = new(Properties)
-		p.MapValProp.Init(nil, "Value", f.Tag.Get("protobuf_val"), nil)
-	}
-}
-
-var propertiesCache sync.Map // map[reflect.Type]*StructProperties
-
-// GetProperties returns the list of properties for the type represented by t,
-// which must be a generated protocol buffer message in the open-struct API,
-// where protobuf message fields are represented by exported Go struct fields.
-//
-// Deprecated: Use protobuf reflection instead.
-func GetProperties(t reflect.Type) *StructProperties {
-	if p, ok := propertiesCache.Load(t); ok {
-		return p.(*StructProperties)
-	}
-	p, _ := propertiesCache.LoadOrStore(t, newProperties(t))
-	return p.(*StructProperties)
-}
-
-func newProperties(t reflect.Type) *StructProperties {
-	if t.Kind() != reflect.Struct {
-		panic(fmt.Sprintf("%v is not a generated message in the open-struct API", t))
-	}
-
-	var hasOneof bool
-	prop := new(StructProperties)
-
-	// Construct a list of properties for each field in the struct.
-	for i := 0; i < t.NumField(); i++ {
-		p := new(Properties)
-		f := t.Field(i)
-		tagField := f.Tag.Get("protobuf")
-		p.Init(f.Type, f.Name, tagField, &f)
-
-		tagOneof := f.Tag.Get("protobuf_oneof")
-		if tagOneof != "" {
-			hasOneof = true
-			p.OrigName = tagOneof
-		}
-
-		// Rename unrelated struct fields with the "XXX_" prefix since so much
-		// user code simply checks for this to exclude special fields.
-		if tagField == "" && tagOneof == "" && !strings.HasPrefix(p.Name, "XXX_") {
-			p.Name = "XXX_" + p.Name
-			p.OrigName = "XXX_" + p.OrigName
-		} else if p.Weak != "" {
-			p.Name = p.OrigName // avoid possible "XXX_" prefix on weak field
-		}
-
-		prop.Prop = append(prop.Prop, p)
-	}
-
-	// Construct a mapping of oneof field names to properties.
-	if hasOneof {
-		var oneofWrappers []interface{}
-		if fn, ok := reflect.PtrTo(t).MethodByName("XXX_OneofFuncs"); ok {
-			oneofWrappers = fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))})[3].Interface().([]interface{})
-		}
-		if fn, ok := reflect.PtrTo(t).MethodByName("XXX_OneofWrappers"); ok {
-			oneofWrappers = fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))})[0].Interface().([]interface{})
-		}
-		if m, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(protoreflect.ProtoMessage); ok {
-			if m, ok := m.ProtoReflect().(interface{ ProtoMessageInfo() *protoimpl.MessageInfo }); ok {
-				oneofWrappers = m.ProtoMessageInfo().OneofWrappers
-			}
-		}
-
-		prop.OneofTypes = make(map[string]*OneofProperties)
-		for _, wrapper := range oneofWrappers {
-			p := &OneofProperties{
-				Type: reflect.ValueOf(wrapper).Type(), // *T
-				Prop: new(Properties),
-			}
-			f := p.Type.Elem().Field(0)
-			p.Prop.Name = f.Name
-			p.Prop.Parse(f.Tag.Get("protobuf"))
-
-			// Determine the struct field that contains this oneof.
-			// Each wrapper is assignable to exactly one parent field.
-			var foundOneof bool
-			for i := 0; i < t.NumField() && !foundOneof; i++ {
-				if p.Type.AssignableTo(t.Field(i).Type) {
-					p.Field = i
-					foundOneof = true
-				}
-			}
-			if !foundOneof {
-				panic(fmt.Sprintf("%v is not a generated message in the open-struct API", t))
-			}
-			prop.OneofTypes[p.Prop.OrigName] = p
-		}
-	}
-
-	return prop
-}
-
-func (sp *StructProperties) Len() int           { return len(sp.Prop) }
-func (sp *StructProperties) Less(i, j int) bool { return false }
-func (sp *StructProperties) Swap(i, j int)      { return }
--- a/vendor/github.com/golang/protobuf/proto/proto.go
+++ b/vendor/github.com/golang/protobuf/proto/proto.go
@ -1,167 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package proto provides functionality for handling protocol buffer messages.
-// In particular, it provides marshaling and unmarshaling between a protobuf
-// message and the binary wire format.
-//
-// See https://developers.google.com/protocol-buffers/docs/gotutorial for
-// more information.
-//
-// Deprecated: Use the "google.golang.org/protobuf/proto" package instead.
-package proto
-
-import (
-	protoV2 "google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/runtime/protoiface"
-	"google.golang.org/protobuf/runtime/protoimpl"
-)
-
-const (
-	ProtoPackageIsVersion1 = true
-	ProtoPackageIsVersion2 = true
-	ProtoPackageIsVersion3 = true
-	ProtoPackageIsVersion4 = true
-)
-
-// GeneratedEnum is any enum type generated by protoc-gen-go
-// which is a named int32 kind.
-// This type exists for documentation purposes.
-type GeneratedEnum interface{}
-
-// GeneratedMessage is any message type generated by protoc-gen-go
-// which is a pointer to a named struct kind.
-// This type exists for documentation purposes.
-type GeneratedMessage interface{}
-
-// Message is a protocol buffer message.
-//
-// This is the v1 version of the message interface and is marginally better
-// than an empty interface as it lacks any method to programatically interact
-// with the contents of the message.
-//
-// A v2 message is declared in "google.golang.org/protobuf/proto".Message and
-// exposes protobuf reflection as a first-class feature of the interface.
-//
-// To convert a v1 message to a v2 message, use the MessageV2 function.
-// To convert a v2 message to a v1 message, use the MessageV1 function.
-type Message = protoiface.MessageV1
-
-// MessageV1 converts either a v1 or v2 message to a v1 message.
-// It returns nil if m is nil.
-func MessageV1(m GeneratedMessage) protoiface.MessageV1 {
-	return protoimpl.X.ProtoMessageV1Of(m)
-}
-
-// MessageV2 converts either a v1 or v2 message to a v2 message.
-// It returns nil if m is nil.
-func MessageV2(m GeneratedMessage) protoV2.Message {
-	return protoimpl.X.ProtoMessageV2Of(m)
-}
-
-// MessageReflect returns a reflective view for a message.
-// It returns nil if m is nil.
-func MessageReflect(m Message) protoreflect.Message {
-	return protoimpl.X.MessageOf(m)
-}
-
-// Marshaler is implemented by messages that can marshal themselves.
-// This interface is used by the following functions: Size, Marshal,
-// Buffer.Marshal, and Buffer.EncodeMessage.
-//
-// Deprecated: Do not implement.
-type Marshaler interface {
-	// Marshal formats the encoded bytes of the message.
-	// It should be deterministic and emit valid protobuf wire data.
-	// The caller takes ownership of the returned buffer.
-	Marshal() ([]byte, error)
-}
-
-// Unmarshaler is implemented by messages that can unmarshal themselves.
-// This interface is used by the following functions: Unmarshal, UnmarshalMerge,
-// Buffer.Unmarshal, Buffer.DecodeMessage, and Buffer.DecodeGroup.
-//
-// Deprecated: Do not implement.
-type Unmarshaler interface {
-	// Unmarshal parses the encoded bytes of the protobuf wire input.
-	// The provided buffer is only valid for during method call.
-	// It should not reset the receiver message.
-	Unmarshal([]byte) error
-}
-
-// Merger is implemented by messages that can merge themselves.
-// This interface is used by the following functions: Clone and Merge.
-//
-// Deprecated: Do not implement.
-type Merger interface {
-	// Merge merges the contents of src into the receiver message.
-	// It clones all data structures in src such that it aliases no mutable
-	// memory referenced by src.
-	Merge(src Message)
-}
-
-// RequiredNotSetError is an error type returned when
-// marshaling or unmarshaling a message with missing required fields.
-type RequiredNotSetError struct {
-	err error
-}
-
-func (e *RequiredNotSetError) Error() string {
-	if e.err != nil {
-		return e.err.Error()
-	}
-	return "proto: required field not set"
-}
-func (e *RequiredNotSetError) RequiredNotSet() bool {
-	return true
-}
-
-func checkRequiredNotSet(m protoV2.Message) error {
-	if err := protoV2.CheckInitialized(m); err != nil {
-		return &RequiredNotSetError{err: err}
-	}
-	return nil
-}
-
-// Clone returns a deep copy of src.
-func Clone(src Message) Message {
-	return MessageV1(protoV2.Clone(MessageV2(src)))
-}
-
-// Merge merges src into dst, which must be messages of the same type.
-//
-// Populated scalar fields in src are copied to dst, while populated
-// singular messages in src are merged into dst by recursively calling Merge.
-// The elements of every list field in src is appended to the corresponded
-// list fields in dst. The entries of every map field in src is copied into
-// the corresponding map field in dst, possibly replacing existing entries.
-// The unknown fields of src are appended to the unknown fields of dst.
-func Merge(dst, src Message) {
-	protoV2.Merge(MessageV2(dst), MessageV2(src))
-}
-
-// Equal reports whether two messages are equal.
-// If two messages marshal to the same bytes under deterministic serialization,
-// then Equal is guaranteed to report true.
-//
-// Two messages are equal if they are the same protobuf message type,
-// have the same set of populated known and extension field values,
-// and the same set of unknown fields values.
-//
-// Scalar values are compared with the equivalent of the == operator in Go,
-// except bytes values which are compared using bytes.Equal and
-// floating point values which specially treat NaNs as equal.
-// Message values are compared by recursively calling Equal.
-// Lists are equal if each element value is also equal.
-// Maps are equal if they have the same set of keys, where the pair of values
-// for each key is also equal.
-func Equal(x, y Message) bool {
-	return protoV2.Equal(MessageV2(x), MessageV2(y))
-}
-
-func isMessageSet(md protoreflect.MessageDescriptor) bool {
-	ms, ok := md.(interface{ IsMessageSet() bool })
-	return ok && ms.IsMessageSet()
-}
--- a/vendor/github.com/golang/protobuf/proto/registry.go
+++ b/vendor/github.com/golang/protobuf/proto/registry.go
@ -1,317 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"bytes"
-	"compress/gzip"
-	"fmt"
-	"io/ioutil"
-	"reflect"
-	"strings"
-	"sync"
-
-	"google.golang.org/protobuf/reflect/protodesc"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-	"google.golang.org/protobuf/runtime/protoimpl"
-)
-
-// filePath is the path to the proto source file.
-type filePath = string // e.g., "google/protobuf/descriptor.proto"
-
-// fileDescGZIP is the compressed contents of the encoded FileDescriptorProto.
-type fileDescGZIP = []byte
-
-var fileCache sync.Map // map[filePath]fileDescGZIP
-
-// RegisterFile is called from generated code to register the compressed
-// FileDescriptorProto with the file path for a proto source file.
-//
-// Deprecated: Use protoregistry.GlobalFiles.RegisterFile instead.
-func RegisterFile(s filePath, d fileDescGZIP) {
-	// Decompress the descriptor.
-	zr, err := gzip.NewReader(bytes.NewReader(d))
-	if err != nil {
-		panic(fmt.Sprintf("proto: invalid compressed file descriptor: %v", err))
-	}
-	b, err := ioutil.ReadAll(zr)
-	if err != nil {
-		panic(fmt.Sprintf("proto: invalid compressed file descriptor: %v", err))
-	}
-
-	// Construct a protoreflect.FileDescriptor from the raw descriptor.
-	// Note that DescBuilder.Build automatically registers the constructed
-	// file descriptor with the v2 registry.
-	protoimpl.DescBuilder{RawDescriptor: b}.Build()
-
-	// Locally cache the raw descriptor form for the file.
-	fileCache.Store(s, d)
-}
-
-// FileDescriptor returns the compressed FileDescriptorProto given the file path
-// for a proto source file. It returns nil if not found.
-//
-// Deprecated: Use protoregistry.GlobalFiles.FindFileByPath instead.
-func FileDescriptor(s filePath) fileDescGZIP {
-	if v, ok := fileCache.Load(s); ok {
-		return v.(fileDescGZIP)
-	}
-
-	// Find the descriptor in the v2 registry.
-	var b []byte
-	if fd, _ := protoregistry.GlobalFiles.FindFileByPath(s); fd != nil {
-		b, _ = Marshal(protodesc.ToFileDescriptorProto(fd))
-	}
-
-	// Locally cache the raw descriptor form for the file.
-	if len(b) > 0 {
-		v, _ := fileCache.LoadOrStore(s, protoimpl.X.CompressGZIP(b))
-		return v.(fileDescGZIP)
-	}
-	return nil
-}
-
-// enumName is the name of an enum. For historical reasons, the enum name is
-// neither the full Go name nor the full protobuf name of the enum.
-// The name is the dot-separated combination of just the proto package that the
-// enum is declared within followed by the Go type name of the generated enum.
-type enumName = string // e.g., "my.proto.package.GoMessage_GoEnum"
-
-// enumsByName maps enum values by name to their numeric counterpart.
-type enumsByName = map[string]int32
-
-// enumsByNumber maps enum values by number to their name counterpart.
-type enumsByNumber = map[int32]string
-
-var enumCache sync.Map     // map[enumName]enumsByName
-var numFilesCache sync.Map // map[protoreflect.FullName]int
-
-// RegisterEnum is called from the generated code to register the mapping of
-// enum value names to enum numbers for the enum identified by s.
-//
-// Deprecated: Use protoregistry.GlobalTypes.RegisterEnum instead.
-func RegisterEnum(s enumName, _ enumsByNumber, m enumsByName) {
-	if _, ok := enumCache.Load(s); ok {
-		panic("proto: duplicate enum registered: " + s)
-	}
-	enumCache.Store(s, m)
-
-	// This does not forward registration to the v2 registry since this API
-	// lacks sufficient information to construct a complete v2 enum descriptor.
-}
-
-// EnumValueMap returns the mapping from enum value names to enum numbers for
-// the enum of the given name. It returns nil if not found.
-//
-// Deprecated: Use protoregistry.GlobalTypes.FindEnumByName instead.
-func EnumValueMap(s enumName) enumsByName {
-	if v, ok := enumCache.Load(s); ok {
-		return v.(enumsByName)
-	}
-
-	// Check whether the cache is stale. If the number of files in the current
-	// package differs, then it means that some enums may have been recently
-	// registered upstream that we do not know about.
-	var protoPkg protoreflect.FullName
-	if i := strings.LastIndexByte(s, '.'); i >= 0 {
-		protoPkg = protoreflect.FullName(s[:i])
-	}
-	v, _ := numFilesCache.Load(protoPkg)
-	numFiles, _ := v.(int)
-	if protoregistry.GlobalFiles.NumFilesByPackage(protoPkg) == numFiles {
-		return nil // cache is up-to-date; was not found earlier
-	}
-
-	// Update the enum cache for all enums declared in the given proto package.
-	numFiles = 0
-	protoregistry.GlobalFiles.RangeFilesByPackage(protoPkg, func(fd protoreflect.FileDescriptor) bool {
-		walkEnums(fd, func(ed protoreflect.EnumDescriptor) {
-			name := protoimpl.X.LegacyEnumName(ed)
-			if _, ok := enumCache.Load(name); !ok {
-				m := make(enumsByName)
-				evs := ed.Values()
-				for i := evs.Len() - 1; i >= 0; i-- {
-					ev := evs.Get(i)
-					m[string(ev.Name())] = int32(ev.Number())
-				}
-				enumCache.LoadOrStore(name, m)
-			}
-		})
-		numFiles++
-		return true
-	})
-	numFilesCache.Store(protoPkg, numFiles)
-
-	// Check cache again for enum map.
-	if v, ok := enumCache.Load(s); ok {
-		return v.(enumsByName)
-	}
-	return nil
-}
-
-// walkEnums recursively walks all enums declared in d.
-func walkEnums(d interface {
-	Enums() protoreflect.EnumDescriptors
-	Messages() protoreflect.MessageDescriptors
-}, f func(protoreflect.EnumDescriptor)) {
-	eds := d.Enums()
-	for i := eds.Len() - 1; i >= 0; i-- {
-		f(eds.Get(i))
-	}
-	mds := d.Messages()
-	for i := mds.Len() - 1; i >= 0; i-- {
-		walkEnums(mds.Get(i), f)
-	}
-}
-
-// messageName is the full name of protobuf message.
-type messageName = string
-
-var messageTypeCache sync.Map // map[messageName]reflect.Type
-
-// RegisterType is called from generated code to register the message Go type
-// for a message of the given name.
-//
-// Deprecated: Use protoregistry.GlobalTypes.RegisterMessage instead.
-func RegisterType(m Message, s messageName) {
-	mt := protoimpl.X.LegacyMessageTypeOf(m, protoreflect.FullName(s))
-	if err := protoregistry.GlobalTypes.RegisterMessage(mt); err != nil {
-		panic(err)
-	}
-	messageTypeCache.Store(s, reflect.TypeOf(m))
-}
-
-// RegisterMapType is called from generated code to register the Go map type
-// for a protobuf message representing a map entry.
-//
-// Deprecated: Do not use.
-func RegisterMapType(m interface{}, s messageName) {
-	t := reflect.TypeOf(m)
-	if t.Kind() != reflect.Map {
-		panic(fmt.Sprintf("invalid map kind: %v", t))
-	}
-	if _, ok := messageTypeCache.Load(s); ok {
-		panic(fmt.Errorf("proto: duplicate proto message registered: %s", s))
-	}
-	messageTypeCache.Store(s, t)
-}
-
-// MessageType returns the message type for a named message.
-// It returns nil if not found.
-//
-// Deprecated: Use protoregistry.GlobalTypes.FindMessageByName instead.
-func MessageType(s messageName) reflect.Type {
-	if v, ok := messageTypeCache.Load(s); ok {
-		return v.(reflect.Type)
-	}
-
-	// Derive the message type from the v2 registry.
-	var t reflect.Type
-	if mt, _ := protoregistry.GlobalTypes.FindMessageByName(protoreflect.FullName(s)); mt != nil {
-		t = messageGoType(mt)
-	}
-
-	// If we could not get a concrete type, it is possible that it is a
-	// pseudo-message for a map entry.
-	if t == nil {
-		d, _ := protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(s))
-		if md, _ := d.(protoreflect.MessageDescriptor); md != nil && md.IsMapEntry() {
-			kt := goTypeForField(md.Fields().ByNumber(1))
-			vt := goTypeForField(md.Fields().ByNumber(2))
-			t = reflect.MapOf(kt, vt)
-		}
-	}
-
-	// Locally cache the message type for the given name.
-	if t != nil {
-		v, _ := messageTypeCache.LoadOrStore(s, t)
-		return v.(reflect.Type)
-	}
-	return nil
-}
-
-func goTypeForField(fd protoreflect.FieldDescriptor) reflect.Type {
-	switch k := fd.Kind(); k {
-	case protoreflect.EnumKind:
-		if et, _ := protoregistry.GlobalTypes.FindEnumByName(fd.Enum().FullName()); et != nil {
-			return enumGoType(et)
-		}
-		return reflect.TypeOf(protoreflect.EnumNumber(0))
-	case protoreflect.MessageKind, protoreflect.GroupKind:
-		if mt, _ := protoregistry.GlobalTypes.FindMessageByName(fd.Message().FullName()); mt != nil {
-			return messageGoType(mt)
-		}
-		return reflect.TypeOf((*protoreflect.Message)(nil)).Elem()
-	default:
-		return reflect.TypeOf(fd.Default().Interface())
-	}
-}
-
-func enumGoType(et protoreflect.EnumType) reflect.Type {
-	return reflect.TypeOf(et.New(0))
-}
-
-func messageGoType(mt protoreflect.MessageType) reflect.Type {
-	return reflect.TypeOf(MessageV1(mt.Zero().Interface()))
-}
-
-// MessageName returns the full protobuf name for the given message type.
-//
-// Deprecated: Use protoreflect.MessageDescriptor.FullName instead.
-func MessageName(m Message) messageName {
-	if m == nil {
-		return ""
-	}
-	if m, ok := m.(interface{ XXX_MessageName() messageName }); ok {
-		return m.XXX_MessageName()
-	}
-	return messageName(protoimpl.X.MessageDescriptorOf(m).FullName())
-}
-
-// RegisterExtension is called from the generated code to register
-// the extension descriptor.
-//
-// Deprecated: Use protoregistry.GlobalTypes.RegisterExtension instead.
-func RegisterExtension(d *ExtensionDesc) {
-	if err := protoregistry.GlobalTypes.RegisterExtension(d); err != nil {
-		panic(err)
-	}
-}
-
-type extensionsByNumber = map[int32]*ExtensionDesc
-
-var extensionCache sync.Map // map[messageName]extensionsByNumber
-
-// RegisteredExtensions returns a map of the registered extensions for the
-// provided protobuf message, indexed by the extension field number.
-//
-// Deprecated: Use protoregistry.GlobalTypes.RangeExtensionsByMessage instead.
-func RegisteredExtensions(m Message) extensionsByNumber {
-	// Check whether the cache is stale. If the number of extensions for
-	// the given message differs, then it means that some extensions were
-	// recently registered upstream that we do not know about.
-	s := MessageName(m)
-	v, _ := extensionCache.Load(s)
-	xs, _ := v.(extensionsByNumber)
-	if protoregistry.GlobalTypes.NumExtensionsByMessage(protoreflect.FullName(s)) == len(xs) {
-		return xs // cache is up-to-date
-	}
-
-	// Cache is stale, re-compute the extensions map.
-	xs = make(extensionsByNumber)
-	protoregistry.GlobalTypes.RangeExtensionsByMessage(protoreflect.FullName(s), func(xt protoreflect.ExtensionType) bool {
-		if xd, ok := xt.(*ExtensionDesc); ok {
-			xs[int32(xt.TypeDescriptor().Number())] = xd
-		} else {
-			// TODO: This implies that the protoreflect.ExtensionType is a
-			// custom type not generated by protoc-gen-go. We could try and
-			// convert the type to an ExtensionDesc.
-		}
-		return true
-	})
-	extensionCache.Store(s, xs)
-	return xs
-}
--- a/vendor/github.com/golang/protobuf/proto/text_decode.go
+++ b/vendor/github.com/golang/protobuf/proto/text_decode.go
@ -1,801 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"encoding"
-	"errors"
-	"fmt"
-	"reflect"
-	"strconv"
-	"strings"
-	"unicode/utf8"
-
-	"google.golang.org/protobuf/encoding/prototext"
-	protoV2 "google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-)
-
-const wrapTextUnmarshalV2 = false
-
-// ParseError is returned by UnmarshalText.
-type ParseError struct {
-	Message string
-
-	// Deprecated: Do not use.
-	Line, Offset int
-}
-
-func (e *ParseError) Error() string {
-	if wrapTextUnmarshalV2 {
-		return e.Message
-	}
-	if e.Line == 1 {
-		return fmt.Sprintf("line 1.%d: %v", e.Offset, e.Message)
-	}
-	return fmt.Sprintf("line %d: %v", e.Line, e.Message)
-}
-
-// UnmarshalText parses a proto text formatted string into m.
-func UnmarshalText(s string, m Message) error {
-	if u, ok := m.(encoding.TextUnmarshaler); ok {
-		return u.UnmarshalText([]byte(s))
-	}
-
-	m.Reset()
-	mi := MessageV2(m)
-
-	if wrapTextUnmarshalV2 {
-		err := prototext.UnmarshalOptions{
-			AllowPartial: true,
-		}.Unmarshal([]byte(s), mi)
-		if err != nil {
-			return &ParseError{Message: err.Error()}
-		}
-		return checkRequiredNotSet(mi)
-	} else {
-		if err := newTextParser(s).unmarshalMessage(mi.ProtoReflect(), ""); err != nil {
-			return err
-		}
-		return checkRequiredNotSet(mi)
-	}
-}
-
-type textParser struct {
-	s            string // remaining input
-	done         bool   // whether the parsing is finished (success or error)
-	backed       bool   // whether back() was called
-	offset, line int
-	cur          token
-}
-
-type token struct {
-	value    string
-	err      *ParseError
-	line     int    // line number
-	offset   int    // byte number from start of input, not start of line
-	unquoted string // the unquoted version of value, if it was a quoted string
-}
-
-func newTextParser(s string) *textParser {
-	p := new(textParser)
-	p.s = s
-	p.line = 1
-	p.cur.line = 1
-	return p
-}
-
-func (p *textParser) unmarshalMessage(m protoreflect.Message, terminator string) (err error) {
-	md := m.Descriptor()
-	fds := md.Fields()
-
-	// A struct is a sequence of "name: value", terminated by one of
-	// '>' or '}', or the end of the input.  A name may also be
-	// "[extension]" or "[type/url]".
-	//
-	// The whole struct can also be an expanded Any message, like:
-	// [type/url] < ... struct contents ... >
-	seen := make(map[protoreflect.FieldNumber]bool)
-	for {
-		tok := p.next()
-		if tok.err != nil {
-			return tok.err
-		}
-		if tok.value == terminator {
-			break
-		}
-		if tok.value == "[" {
-			if err := p.unmarshalExtensionOrAny(m, seen); err != nil {
-				return err
-			}
-			continue
-		}
-
-		// This is a normal, non-extension field.
-		name := protoreflect.Name(tok.value)
-		fd := fds.ByName(name)
-		switch {
-		case fd == nil:
-			gd := fds.ByName(protoreflect.Name(strings.ToLower(string(name))))
-			if gd != nil && gd.Kind() == protoreflect.GroupKind && gd.Message().Name() == name {
-				fd = gd
-			}
-		case fd.Kind() == protoreflect.GroupKind && fd.Message().Name() != name:
-			fd = nil
-		case fd.IsWeak() && fd.Message().IsPlaceholder():
-			fd = nil
-		}
-		if fd == nil {
-			typeName := string(md.FullName())
-			if m, ok := m.Interface().(Message); ok {
-				t := reflect.TypeOf(m)
-				if t.Kind() == reflect.Ptr {
-					typeName = t.Elem().String()
-				}
-			}
-			return p.errorf("unknown field name %q in %v", name, typeName)
-		}
-		if od := fd.ContainingOneof(); od != nil && m.WhichOneof(od) != nil {
-			return p.errorf("field '%s' would overwrite already parsed oneof '%s'", name, od.Name())
-		}
-		if fd.Cardinality() != protoreflect.Repeated && seen[fd.Number()] {
-			return p.errorf("non-repeated field %q was repeated", fd.Name())
-		}
-		seen[fd.Number()] = true
-
-		// Consume any colon.
-		if err := p.checkForColon(fd); err != nil {
-			return err
-		}
-
-		// Parse into the field.
-		v := m.Get(fd)
-		if !m.Has(fd) && (fd.IsList() || fd.IsMap() || fd.Message() != nil) {
-			v = m.Mutable(fd)
-		}
-		if v, err = p.unmarshalValue(v, fd); err != nil {
-			return err
-		}
-		m.Set(fd, v)
-
-		if err := p.consumeOptionalSeparator(); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (p *textParser) unmarshalExtensionOrAny(m protoreflect.Message, seen map[protoreflect.FieldNumber]bool) error {
-	name, err := p.consumeExtensionOrAnyName()
-	if err != nil {
-		return err
-	}
-
-	// If it contains a slash, it's an Any type URL.
-	if slashIdx := strings.LastIndex(name, "/"); slashIdx >= 0 {
-		tok := p.next()
-		if tok.err != nil {
-			return tok.err
-		}
-		// consume an optional colon
-		if tok.value == ":" {
-			tok = p.next()
-			if tok.err != nil {
-				return tok.err
-			}
-		}
-
-		var terminator string
-		switch tok.value {
-		case "<":
-			terminator = ">"
-		case "{":
-			terminator = "}"
-		default:
-			return p.errorf("expected '{' or '<', found %q", tok.value)
-		}
-
-		mt, err := protoregistry.GlobalTypes.FindMessageByURL(name)
-		if err != nil {
-			return p.errorf("unrecognized message %q in google.protobuf.Any", name[slashIdx+len("/"):])
-		}
-		m2 := mt.New()
-		if err := p.unmarshalMessage(m2, terminator); err != nil {
-			return err
-		}
-		b, err := protoV2.Marshal(m2.Interface())
-		if err != nil {
-			return p.errorf("failed to marshal message of type %q: %v", name[slashIdx+len("/"):], err)
-		}
-
-		urlFD := m.Descriptor().Fields().ByName("type_url")
-		valFD := m.Descriptor().Fields().ByName("value")
-		if seen[urlFD.Number()] {
-			return p.errorf("Any message unpacked multiple times, or %q already set", urlFD.Name())
-		}
-		if seen[valFD.Number()] {
-			return p.errorf("Any message unpacked multiple times, or %q already set", valFD.Name())
-		}
-		m.Set(urlFD, protoreflect.ValueOfString(name))
-		m.Set(valFD, protoreflect.ValueOfBytes(b))
-		seen[urlFD.Number()] = true
-		seen[valFD.Number()] = true
-		return nil
-	}
-
-	xname := protoreflect.FullName(name)
-	xt, _ := protoregistry.GlobalTypes.FindExtensionByName(xname)
-	if xt == nil && isMessageSet(m.Descriptor()) {
-		xt, _ = protoregistry.GlobalTypes.FindExtensionByName(xname.Append("message_set_extension"))
-	}
-	if xt == nil {
-		return p.errorf("unrecognized extension %q", name)
-	}
-	fd := xt.TypeDescriptor()
-	if fd.ContainingMessage().FullName() != m.Descriptor().FullName() {
-		return p.errorf("extension field %q does not extend message %q", name, m.Descriptor().FullName())
-	}
-
-	if err := p.checkForColon(fd); err != nil {
-		return err
-	}
-
-	v := m.Get(fd)
-	if !m.Has(fd) && (fd.IsList() || fd.IsMap() || fd.Message() != nil) {
-		v = m.Mutable(fd)
-	}
-	v, err = p.unmarshalValue(v, fd)
-	if err != nil {
-		return err
-	}
-	m.Set(fd, v)
-	return p.consumeOptionalSeparator()
-}
-
-func (p *textParser) unmarshalValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	tok := p.next()
-	if tok.err != nil {
-		return v, tok.err
-	}
-	if tok.value == "" {
-		return v, p.errorf("unexpected EOF")
-	}
-
-	switch {
-	case fd.IsList():
-		lv := v.List()
-		var err error
-		if tok.value == "[" {
-			// Repeated field with list notation, like [1,2,3].
-			for {
-				vv := lv.NewElement()
-				vv, err = p.unmarshalSingularValue(vv, fd)
-				if err != nil {
-					return v, err
-				}
-				lv.Append(vv)
-
-				tok := p.next()
-				if tok.err != nil {
-					return v, tok.err
-				}
-				if tok.value == "]" {
-					break
-				}
-				if tok.value != "," {
-					return v, p.errorf("Expected ']' or ',' found %q", tok.value)
-				}
-			}
-			return v, nil
-		}
-
-		// One value of the repeated field.
-		p.back()
-		vv := lv.NewElement()
-		vv, err = p.unmarshalSingularValue(vv, fd)
-		if err != nil {
-			return v, err
-		}
-		lv.Append(vv)
-		return v, nil
-	case fd.IsMap():
-		// The map entry should be this sequence of tokens:
-		//	< key : KEY value : VALUE >
-		// However, implementations may omit key or value, and technically
-		// we should support them in any order.
-		var terminator string
-		switch tok.value {
-		case "<":
-			terminator = ">"
-		case "{":
-			terminator = "}"
-		default:
-			return v, p.errorf("expected '{' or '<', found %q", tok.value)
-		}
-
-		keyFD := fd.MapKey()
-		valFD := fd.MapValue()
-
-		mv := v.Map()
-		kv := keyFD.Default()
-		vv := mv.NewValue()
-		for {
-			tok := p.next()
-			if tok.err != nil {
-				return v, tok.err
-			}
-			if tok.value == terminator {
-				break
-			}
-			var err error
-			switch tok.value {
-			case "key":
-				if err := p.consumeToken(":"); err != nil {
-					return v, err
-				}
-				if kv, err = p.unmarshalSingularValue(kv, keyFD); err != nil {
-					return v, err
-				}
-				if err := p.consumeOptionalSeparator(); err != nil {
-					return v, err
-				}
-			case "value":
-				if err := p.checkForColon(valFD); err != nil {
-					return v, err
-				}
-				if vv, err = p.unmarshalSingularValue(vv, valFD); err != nil {
-					return v, err
-				}
-				if err := p.consumeOptionalSeparator(); err != nil {
-					return v, err
-				}
-			default:
-				p.back()
-				return v, p.errorf(`expected "key", "value", or %q, found %q`, terminator, tok.value)
-			}
-		}
-		mv.Set(kv.MapKey(), vv)
-		return v, nil
-	default:
-		p.back()
-		return p.unmarshalSingularValue(v, fd)
-	}
-}
-
-func (p *textParser) unmarshalSingularValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) (protoreflect.Value, error) {
-	tok := p.next()
-	if tok.err != nil {
-		return v, tok.err
-	}
-	if tok.value == "" {
-		return v, p.errorf("unexpected EOF")
-	}
-
-	switch fd.Kind() {
-	case protoreflect.BoolKind:
-		switch tok.value {
-		case "true", "1", "t", "True":
-			return protoreflect.ValueOfBool(true), nil
-		case "false", "0", "f", "False":
-			return protoreflect.ValueOfBool(false), nil
-		}
-	case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind:
-		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
-			return protoreflect.ValueOfInt32(int32(x)), nil
-		}
-
-		// The C++ parser accepts large positive hex numbers that uses
-		// two's complement arithmetic to represent negative numbers.
-		// This feature is here for backwards compatibility with C++.
-		if strings.HasPrefix(tok.value, "0x") {
-			if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
-				return protoreflect.ValueOfInt32(int32(-(int64(^x) + 1))), nil
-			}
-		}
-	case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
-		if x, err := strconv.ParseInt(tok.value, 0, 64); err == nil {
-			return protoreflect.ValueOfInt64(int64(x)), nil
-		}
-
-		// The C++ parser accepts large positive hex numbers that uses
-		// two's complement arithmetic to represent negative numbers.
-		// This feature is here for backwards compatibility with C++.
-		if strings.HasPrefix(tok.value, "0x") {
-			if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
-				return protoreflect.ValueOfInt64(int64(-(int64(^x) + 1))), nil
-			}
-		}
-	case protoreflect.Uint32Kind, protoreflect.Fixed32Kind:
-		if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
-			return protoreflect.ValueOfUint32(uint32(x)), nil
-		}
-	case protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
-		if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
-			return protoreflect.ValueOfUint64(uint64(x)), nil
-		}
-	case protoreflect.FloatKind:
-		// Ignore 'f' for compatibility with output generated by C++,
-		// but don't remove 'f' when the value is "-inf" or "inf".
-		v := tok.value
-		if strings.HasSuffix(v, "f") && v != "-inf" && v != "inf" {
-			v = v[:len(v)-len("f")]
-		}
-		if x, err := strconv.ParseFloat(v, 32); err == nil {
-			return protoreflect.ValueOfFloat32(float32(x)), nil
-		}
-	case protoreflect.DoubleKind:
-		// Ignore 'f' for compatibility with output generated by C++,
-		// but don't remove 'f' when the value is "-inf" or "inf".
-		v := tok.value
-		if strings.HasSuffix(v, "f") && v != "-inf" && v != "inf" {
-			v = v[:len(v)-len("f")]
-		}
-		if x, err := strconv.ParseFloat(v, 64); err == nil {
-			return protoreflect.ValueOfFloat64(float64(x)), nil
-		}
-	case protoreflect.StringKind:
-		if isQuote(tok.value[0]) {
-			return protoreflect.ValueOfString(tok.unquoted), nil
-		}
-	case protoreflect.BytesKind:
-		if isQuote(tok.value[0]) {
-			return protoreflect.ValueOfBytes([]byte(tok.unquoted)), nil
-		}
-	case protoreflect.EnumKind:
-		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
-			return protoreflect.ValueOfEnum(protoreflect.EnumNumber(x)), nil
-		}
-		vd := fd.Enum().Values().ByName(protoreflect.Name(tok.value))
-		if vd != nil {
-			return protoreflect.ValueOfEnum(vd.Number()), nil
-		}
-	case protoreflect.MessageKind, protoreflect.GroupKind:
-		var terminator string
-		switch tok.value {
-		case "{":
-			terminator = "}"
-		case "<":
-			terminator = ">"
-		default:
-			return v, p.errorf("expected '{' or '<', found %q", tok.value)
-		}
-		err := p.unmarshalMessage(v.Message(), terminator)
-		return v, err
-	default:
-		panic(fmt.Sprintf("invalid kind %v", fd.Kind()))
-	}
-	return v, p.errorf("invalid %v: %v", fd.Kind(), tok.value)
-}
-
-// Consume a ':' from the input stream (if the next token is a colon),
-// returning an error if a colon is needed but not present.
-func (p *textParser) checkForColon(fd protoreflect.FieldDescriptor) *ParseError {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ":" {
-		if fd.Message() == nil {
-			return p.errorf("expected ':', found %q", tok.value)
-		}
-		p.back()
-	}
-	return nil
-}
-
-// consumeExtensionOrAnyName consumes an extension name or an Any type URL and
-// the following ']'. It returns the name or URL consumed.
-func (p *textParser) consumeExtensionOrAnyName() (string, error) {
-	tok := p.next()
-	if tok.err != nil {
-		return "", tok.err
-	}
-
-	// If extension name or type url is quoted, it's a single token.
-	if len(tok.value) > 2 && isQuote(tok.value[0]) && tok.value[len(tok.value)-1] == tok.value[0] {
-		name, err := unquoteC(tok.value[1:len(tok.value)-1], rune(tok.value[0]))
-		if err != nil {
-			return "", err
-		}
-		return name, p.consumeToken("]")
-	}
-
-	// Consume everything up to "]"
-	var parts []string
-	for tok.value != "]" {
-		parts = append(parts, tok.value)
-		tok = p.next()
-		if tok.err != nil {
-			return "", p.errorf("unrecognized type_url or extension name: %s", tok.err)
-		}
-		if p.done && tok.value != "]" {
-			return "", p.errorf("unclosed type_url or extension name")
-		}
-	}
-	return strings.Join(parts, ""), nil
-}
-
-// consumeOptionalSeparator consumes an optional semicolon or comma.
-// It is used in unmarshalMessage to provide backward compatibility.
-func (p *textParser) consumeOptionalSeparator() error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ";" && tok.value != "," {
-		p.back()
-	}
-	return nil
-}
-
-func (p *textParser) errorf(format string, a ...interface{}) *ParseError {
-	pe := &ParseError{fmt.Sprintf(format, a...), p.cur.line, p.cur.offset}
-	p.cur.err = pe
-	p.done = true
-	return pe
-}
-
-func (p *textParser) skipWhitespace() {
-	i := 0
-	for i < len(p.s) && (isWhitespace(p.s[i]) || p.s[i] == '#') {
-		if p.s[i] == '#' {
-			// comment; skip to end of line or input
-			for i < len(p.s) && p.s[i] != '\n' {
-				i++
-			}
-			if i == len(p.s) {
-				break
-			}
-		}
-		if p.s[i] == '\n' {
-			p.line++
-		}
-		i++
-	}
-	p.offset += i
-	p.s = p.s[i:len(p.s)]
-	if len(p.s) == 0 {
-		p.done = true
-	}
-}
-
-func (p *textParser) advance() {
-	// Skip whitespace
-	p.skipWhitespace()
-	if p.done {
-		return
-	}
-
-	// Start of non-whitespace
-	p.cur.err = nil
-	p.cur.offset, p.cur.line = p.offset, p.line
-	p.cur.unquoted = ""
-	switch p.s[0] {
-	case '<', '>', '{', '}', ':', '[', ']', ';', ',', '/':
-		// Single symbol
-		p.cur.value, p.s = p.s[0:1], p.s[1:len(p.s)]
-	case '"', '\'':
-		// Quoted string
-		i := 1
-		for i < len(p.s) && p.s[i] != p.s[0] && p.s[i] != '\n' {
-			if p.s[i] == '\\' && i+1 < len(p.s) {
-				// skip escaped char
-				i++
-			}
-			i++
-		}
-		if i >= len(p.s) || p.s[i] != p.s[0] {
-			p.errorf("unmatched quote")
-			return
-		}
-		unq, err := unquoteC(p.s[1:i], rune(p.s[0]))
-		if err != nil {
-			p.errorf("invalid quoted string %s: %v", p.s[0:i+1], err)
-			return
-		}
-		p.cur.value, p.s = p.s[0:i+1], p.s[i+1:len(p.s)]
-		p.cur.unquoted = unq
-	default:
-		i := 0
-		for i < len(p.s) && isIdentOrNumberChar(p.s[i]) {
-			i++
-		}
-		if i == 0 {
-			p.errorf("unexpected byte %#x", p.s[0])
-			return
-		}
-		p.cur.value, p.s = p.s[0:i], p.s[i:len(p.s)]
-	}
-	p.offset += len(p.cur.value)
-}
-
-// Back off the parser by one token. Can only be done between calls to next().
-// It makes the next advance() a no-op.
-func (p *textParser) back() { p.backed = true }
-
-// Advances the parser and returns the new current token.
-func (p *textParser) next() *token {
-	if p.backed || p.done {
-		p.backed = false
-		return &p.cur
-	}
-	p.advance()
-	if p.done {
-		p.cur.value = ""
-	} else if len(p.cur.value) > 0 && isQuote(p.cur.value[0]) {
-		// Look for multiple quoted strings separated by whitespace,
-		// and concatenate them.
-		cat := p.cur
-		for {
-			p.skipWhitespace()
-			if p.done || !isQuote(p.s[0]) {
-				break
-			}
-			p.advance()
-			if p.cur.err != nil {
-				return &p.cur
-			}
-			cat.value += " " + p.cur.value
-			cat.unquoted += p.cur.unquoted
-		}
-		p.done = false // parser may have seen EOF, but we want to return cat
-		p.cur = cat
-	}
-	return &p.cur
-}
-
-func (p *textParser) consumeToken(s string) error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != s {
-		p.back()
-		return p.errorf("expected %q, found %q", s, tok.value)
-	}
-	return nil
-}
-
-var errBadUTF8 = errors.New("proto: bad UTF-8")
-
-func unquoteC(s string, quote rune) (string, error) {
-	// This is based on C++'s tokenizer.cc.
-	// Despite its name, this is *not* parsing C syntax.
-	// For instance, "\0" is an invalid quoted string.
-
-	// Avoid allocation in trivial cases.
-	simple := true
-	for _, r := range s {
-		if r == '\\' || r == quote {
-			simple = false
-			break
-		}
-	}
-	if simple {
-		return s, nil
-	}
-
-	buf := make([]byte, 0, 3*len(s)/2)
-	for len(s) > 0 {
-		r, n := utf8.DecodeRuneInString(s)
-		if r == utf8.RuneError && n == 1 {
-			return "", errBadUTF8
-		}
-		s = s[n:]
-		if r != '\\' {
-			if r < utf8.RuneSelf {
-				buf = append(buf, byte(r))
-			} else {
-				buf = append(buf, string(r)...)
-			}
-			continue
-		}
-
-		ch, tail, err := unescape(s)
-		if err != nil {
-			return "", err
-		}
-		buf = append(buf, ch...)
-		s = tail
-	}
-	return string(buf), nil
-}
-
-func unescape(s string) (ch string, tail string, err error) {
-	r, n := utf8.DecodeRuneInString(s)
-	if r == utf8.RuneError && n == 1 {
-		return "", "", errBadUTF8
-	}
-	s = s[n:]
-	switch r {
-	case 'a':
-		return "\a", s, nil
-	case 'b':
-		return "\b", s, nil
-	case 'f':
-		return "\f", s, nil
-	case 'n':
-		return "\n", s, nil
-	case 'r':
-		return "\r", s, nil
-	case 't':
-		return "\t", s, nil
-	case 'v':
-		return "\v", s, nil
-	case '?':
-		return "?", s, nil // trigraph workaround
-	case '\'', '"', '\\':
-		return string(r), s, nil
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		if len(s) < 2 {
-			return "", "", fmt.Errorf(`\%c requires 2 following digits`, r)
-		}
-		ss := string(r) + s[:2]
-		s = s[2:]
-		i, err := strconv.ParseUint(ss, 8, 8)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss)
-		}
-		return string([]byte{byte(i)}), s, nil
-	case 'x', 'X', 'u', 'U':
-		var n int
-		switch r {
-		case 'x', 'X':
-			n = 2
-		case 'u':
-			n = 4
-		case 'U':
-			n = 8
-		}
-		if len(s) < n {
-			return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n)
-		}
-		ss := s[:n]
-		s = s[n:]
-		i, err := strconv.ParseUint(ss, 16, 64)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss)
-		}
-		if r == 'x' || r == 'X' {
-			return string([]byte{byte(i)}), s, nil
-		}
-		if i > utf8.MaxRune {
-			return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss)
-		}
-		return string(rune(i)), s, nil
-	}
-	return "", "", fmt.Errorf(`unknown escape \%c`, r)
-}
-
-func isIdentOrNumberChar(c byte) bool {
-	switch {
-	case 'A' <= c && c <= 'Z', 'a' <= c && c <= 'z':
-		return true
-	case '0' <= c && c <= '9':
-		return true
-	}
-	switch c {
-	case '-', '+', '.', '_':
-		return true
-	}
-	return false
-}
-
-func isWhitespace(c byte) bool {
-	switch c {
-	case ' ', '\t', '\n', '\r':
-		return true
-	}
-	return false
-}
-
-func isQuote(c byte) bool {
-	switch c {
-	case '"', '\'':
-		return true
-	}
-	return false
-}
--- a/vendor/github.com/golang/protobuf/proto/text_encode.go
+++ b/vendor/github.com/golang/protobuf/proto/text_encode.go
@ -1,560 +0,0 @@
-// Copyright 2010 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	"bytes"
-	"encoding"
-	"fmt"
-	"io"
-	"math"
-	"sort"
-	"strings"
-
-	"google.golang.org/protobuf/encoding/prototext"
-	"google.golang.org/protobuf/encoding/protowire"
-	"google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-)
-
-const wrapTextMarshalV2 = false
-
-// TextMarshaler is a configurable text format marshaler.
-type TextMarshaler struct {
-	Compact   bool // use compact text format (one line)
-	ExpandAny bool // expand google.protobuf.Any messages of known types
-}
-
-// Marshal writes the proto text format of m to w.
-func (tm *TextMarshaler) Marshal(w io.Writer, m Message) error {
-	b, err := tm.marshal(m)
-	if len(b) > 0 {
-		if _, err := w.Write(b); err != nil {
-			return err
-		}
-	}
-	return err
-}
-
-// Text returns a proto text formatted string of m.
-func (tm *TextMarshaler) Text(m Message) string {
-	b, _ := tm.marshal(m)
-	return string(b)
-}
-
-func (tm *TextMarshaler) marshal(m Message) ([]byte, error) {
-	mr := MessageReflect(m)
-	if mr == nil || !mr.IsValid() {
-		return []byte("<nil>"), nil
-	}
-
-	if wrapTextMarshalV2 {
-		if m, ok := m.(encoding.TextMarshaler); ok {
-			return m.MarshalText()
-		}
-
-		opts := prototext.MarshalOptions{
-			AllowPartial: true,
-			EmitUnknown:  true,
-		}
-		if !tm.Compact {
-			opts.Indent = "  "
-		}
-		if !tm.ExpandAny {
-			opts.Resolver = (*protoregistry.Types)(nil)
-		}
-		return opts.Marshal(mr.Interface())
-	} else {
-		w := &textWriter{
-			compact:   tm.Compact,
-			expandAny: tm.ExpandAny,
-			complete:  true,
-		}
-
-		if m, ok := m.(encoding.TextMarshaler); ok {
-			b, err := m.MarshalText()
-			if err != nil {
-				return nil, err
-			}
-			w.Write(b)
-			return w.buf, nil
-		}
-
-		err := w.writeMessage(mr)
-		return w.buf, err
-	}
-}
-
-var (
-	defaultTextMarshaler = TextMarshaler{}
-	compactTextMarshaler = TextMarshaler{Compact: true}
-)
-
-// MarshalText writes the proto text format of m to w.
-func MarshalText(w io.Writer, m Message) error { return defaultTextMarshaler.Marshal(w, m) }
-
-// MarshalTextString returns a proto text formatted string of m.
-func MarshalTextString(m Message) string { return defaultTextMarshaler.Text(m) }
-
-// CompactText writes the compact proto text format of m to w.
-func CompactText(w io.Writer, m Message) error { return compactTextMarshaler.Marshal(w, m) }
-
-// CompactTextString returns a compact proto text formatted string of m.
-func CompactTextString(m Message) string { return compactTextMarshaler.Text(m) }
-
-var (
-	newline         = []byte("\n")
-	endBraceNewline = []byte("}\n")
-	posInf          = []byte("inf")
-	negInf          = []byte("-inf")
-	nan             = []byte("nan")
-)
-
-// textWriter is an io.Writer that tracks its indentation level.
-type textWriter struct {
-	compact   bool // same as TextMarshaler.Compact
-	expandAny bool // same as TextMarshaler.ExpandAny
-	complete  bool // whether the current position is a complete line
-	indent    int  // indentation level; never negative
-	buf       []byte
-}
-
-func (w *textWriter) Write(p []byte) (n int, _ error) {
-	newlines := bytes.Count(p, newline)
-	if newlines == 0 {
-		if !w.compact && w.complete {
-			w.writeIndent()
-		}
-		w.buf = append(w.buf, p...)
-		w.complete = false
-		return len(p), nil
-	}
-
-	frags := bytes.SplitN(p, newline, newlines+1)
-	if w.compact {
-		for i, frag := range frags {
-			if i > 0 {
-				w.buf = append(w.buf, ' ')
-				n++
-			}
-			w.buf = append(w.buf, frag...)
-			n += len(frag)
-		}
-		return n, nil
-	}
-
-	for i, frag := range frags {
-		if w.complete {
-			w.writeIndent()
-		}
-		w.buf = append(w.buf, frag...)
-		n += len(frag)
-		if i+1 < len(frags) {
-			w.buf = append(w.buf, '\n')
-			n++
-		}
-	}
-	w.complete = len(frags[len(frags)-1]) == 0
-	return n, nil
-}
-
-func (w *textWriter) WriteByte(c byte) error {
-	if w.compact && c == '\n' {
-		c = ' '
-	}
-	if !w.compact && w.complete {
-		w.writeIndent()
-	}
-	w.buf = append(w.buf, c)
-	w.complete = c == '\n'
-	return nil
-}
-
-func (w *textWriter) writeName(fd protoreflect.FieldDescriptor) {
-	if !w.compact && w.complete {
-		w.writeIndent()
-	}
-	w.complete = false
-
-	if fd.Kind() != protoreflect.GroupKind {
-		w.buf = append(w.buf, fd.Name()...)
-		w.WriteByte(':')
-	} else {
-		// Use message type name for group field name.
-		w.buf = append(w.buf, fd.Message().Name()...)
-	}
-
-	if !w.compact {
-		w.WriteByte(' ')
-	}
-}
-
-func requiresQuotes(u string) bool {
-	// When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted.
-	for _, ch := range u {
-		switch {
-		case ch == '.' || ch == '/' || ch == '_':
-			continue
-		case '0' <= ch && ch <= '9':
-			continue
-		case 'A' <= ch && ch <= 'Z':
-			continue
-		case 'a' <= ch && ch <= 'z':
-			continue
-		default:
-			return true
-		}
-	}
-	return false
-}
-
-// writeProto3Any writes an expanded google.protobuf.Any message.
-//
-// It returns (false, nil) if sv value can't be unmarshaled (e.g. because
-// required messages are not linked in).
-//
-// It returns (true, error) when sv was written in expanded format or an error
-// was encountered.
-func (w *textWriter) writeProto3Any(m protoreflect.Message) (bool, error) {
-	md := m.Descriptor()
-	fdURL := md.Fields().ByName("type_url")
-	fdVal := md.Fields().ByName("value")
-
-	url := m.Get(fdURL).String()
-	mt, err := protoregistry.GlobalTypes.FindMessageByURL(url)
-	if err != nil {
-		return false, nil
-	}
-
-	b := m.Get(fdVal).Bytes()
-	m2 := mt.New()
-	if err := proto.Unmarshal(b, m2.Interface()); err != nil {
-		return false, nil
-	}
-	w.Write([]byte("["))
-	if requiresQuotes(url) {
-		w.writeQuotedString(url)
-	} else {
-		w.Write([]byte(url))
-	}
-	if w.compact {
-		w.Write([]byte("]:<"))
-	} else {
-		w.Write([]byte("]: <\n"))
-		w.indent++
-	}
-	if err := w.writeMessage(m2); err != nil {
-		return true, err
-	}
-	if w.compact {
-		w.Write([]byte("> "))
-	} else {
-		w.indent--
-		w.Write([]byte(">\n"))
-	}
-	return true, nil
-}
-
-func (w *textWriter) writeMessage(m protoreflect.Message) error {
-	md := m.Descriptor()
-	if w.expandAny && md.FullName() == "google.protobuf.Any" {
-		if canExpand, err := w.writeProto3Any(m); canExpand {
-			return err
-		}
-	}
-
-	fds := md.Fields()
-	for i := 0; i < fds.Len(); {
-		fd := fds.Get(i)
-		if od := fd.ContainingOneof(); od != nil {
-			fd = m.WhichOneof(od)
-			i += od.Fields().Len()
-		} else {
-			i++
-		}
-		if fd == nil || !m.Has(fd) {
-			continue
-		}
-
-		switch {
-		case fd.IsList():
-			lv := m.Get(fd).List()
-			for j := 0; j < lv.Len(); j++ {
-				w.writeName(fd)
-				v := lv.Get(j)
-				if err := w.writeSingularValue(v, fd); err != nil {
-					return err
-				}
-				w.WriteByte('\n')
-			}
-		case fd.IsMap():
-			kfd := fd.MapKey()
-			vfd := fd.MapValue()
-			mv := m.Get(fd).Map()
-
-			type entry struct{ key, val protoreflect.Value }
-			var entries []entry
-			mv.Range(func(k protoreflect.MapKey, v protoreflect.Value) bool {
-				entries = append(entries, entry{k.Value(), v})
-				return true
-			})
-			sort.Slice(entries, func(i, j int) bool {
-				switch kfd.Kind() {
-				case protoreflect.BoolKind:
-					return !entries[i].key.Bool() && entries[j].key.Bool()
-				case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind, protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
-					return entries[i].key.Int() < entries[j].key.Int()
-				case protoreflect.Uint32Kind, protoreflect.Fixed32Kind, protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
-					return entries[i].key.Uint() < entries[j].key.Uint()
-				case protoreflect.StringKind:
-					return entries[i].key.String() < entries[j].key.String()
-				default:
-					panic("invalid kind")
-				}
-			})
-			for _, entry := range entries {
-				w.writeName(fd)
-				w.WriteByte('<')
-				if !w.compact {
-					w.WriteByte('\n')
-				}
-				w.indent++
-				w.writeName(kfd)
-				if err := w.writeSingularValue(entry.key, kfd); err != nil {
-					return err
-				}
-				w.WriteByte('\n')
-				w.writeName(vfd)
-				if err := w.writeSingularValue(entry.val, vfd); err != nil {
-					return err
-				}
-				w.WriteByte('\n')
-				w.indent--
-				w.WriteByte('>')
-				w.WriteByte('\n')
-			}
-		default:
-			w.writeName(fd)
-			if err := w.writeSingularValue(m.Get(fd), fd); err != nil {
-				return err
-			}
-			w.WriteByte('\n')
-		}
-	}
-
-	if b := m.GetUnknown(); len(b) > 0 {
-		w.writeUnknownFields(b)
-	}
-	return w.writeExtensions(m)
-}
-
-func (w *textWriter) writeSingularValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) error {
-	switch fd.Kind() {
-	case protoreflect.FloatKind, protoreflect.DoubleKind:
-		switch vf := v.Float(); {
-		case math.IsInf(vf, +1):
-			w.Write(posInf)
-		case math.IsInf(vf, -1):
-			w.Write(negInf)
-		case math.IsNaN(vf):
-			w.Write(nan)
-		default:
-			fmt.Fprint(w, v.Interface())
-		}
-	case protoreflect.StringKind:
-		// NOTE: This does not validate UTF-8 for historical reasons.
-		w.writeQuotedString(string(v.String()))
-	case protoreflect.BytesKind:
-		w.writeQuotedString(string(v.Bytes()))
-	case protoreflect.MessageKind, protoreflect.GroupKind:
-		var bra, ket byte = '<', '>'
-		if fd.Kind() == protoreflect.GroupKind {
-			bra, ket = '{', '}'
-		}
-		w.WriteByte(bra)
-		if !w.compact {
-			w.WriteByte('\n')
-		}
-		w.indent++
-		m := v.Message()
-		if m2, ok := m.Interface().(encoding.TextMarshaler); ok {
-			b, err := m2.MarshalText()
-			if err != nil {
-				return err
-			}
-			w.Write(b)
-		} else {
-			w.writeMessage(m)
-		}
-		w.indent--
-		w.WriteByte(ket)
-	case protoreflect.EnumKind:
-		if ev := fd.Enum().Values().ByNumber(v.Enum()); ev != nil {
-			fmt.Fprint(w, ev.Name())
-		} else {
-			fmt.Fprint(w, v.Enum())
-		}
-	default:
-		fmt.Fprint(w, v.Interface())
-	}
-	return nil
-}
-
-// writeQuotedString writes a quoted string in the protocol buffer text format.
-func (w *textWriter) writeQuotedString(s string) {
-	w.WriteByte('"')
-	for i := 0; i < len(s); i++ {
-		switch c := s[i]; c {
-		case '\n':
-			w.buf = append(w.buf, `\n`...)
-		case '\r':
-			w.buf = append(w.buf, `\r`...)
-		case '\t':
-			w.buf = append(w.buf, `\t`...)
-		case '"':
-			w.buf = append(w.buf, `\"`...)
-		case '\\':
-			w.buf = append(w.buf, `\\`...)
-		default:
-			if isPrint := c >= 0x20 && c < 0x7f; isPrint {
-				w.buf = append(w.buf, c)
-			} else {
-				w.buf = append(w.buf, fmt.Sprintf(`\%03o`, c)...)
-			}
-		}
-	}
-	w.WriteByte('"')
-}
-
-func (w *textWriter) writeUnknownFields(b []byte) {
-	if !w.compact {
-		fmt.Fprintf(w, "/* %d unknown bytes */\n", len(b))
-	}
-
-	for len(b) > 0 {
-		num, wtyp, n := protowire.ConsumeTag(b)
-		if n < 0 {
-			return
-		}
-		b = b[n:]
-
-		if wtyp == protowire.EndGroupType {
-			w.indent--
-			w.Write(endBraceNewline)
-			continue
-		}
-		fmt.Fprint(w, num)
-		if wtyp != protowire.StartGroupType {
-			w.WriteByte(':')
-		}
-		if !w.compact || wtyp == protowire.StartGroupType {
-			w.WriteByte(' ')
-		}
-		switch wtyp {
-		case protowire.VarintType:
-			v, n := protowire.ConsumeVarint(b)
-			if n < 0 {
-				return
-			}
-			b = b[n:]
-			fmt.Fprint(w, v)
-		case protowire.Fixed32Type:
-			v, n := protowire.ConsumeFixed32(b)
-			if n < 0 {
-				return
-			}
-			b = b[n:]
-			fmt.Fprint(w, v)
-		case protowire.Fixed64Type:
-			v, n := protowire.ConsumeFixed64(b)
-			if n < 0 {
-				return
-			}
-			b = b[n:]
-			fmt.Fprint(w, v)
-		case protowire.BytesType:
-			v, n := protowire.ConsumeBytes(b)
-			if n < 0 {
-				return
-			}
-			b = b[n:]
-			fmt.Fprintf(w, "%q", v)
-		case protowire.StartGroupType:
-			w.WriteByte('{')
-			w.indent++
-		default:
-			fmt.Fprintf(w, "/* unknown wire type %d */", wtyp)
-		}
-		w.WriteByte('\n')
-	}
-}
-
-// writeExtensions writes all the extensions in m.
-func (w *textWriter) writeExtensions(m protoreflect.Message) error {
-	md := m.Descriptor()
-	if md.ExtensionRanges().Len() == 0 {
-		return nil
-	}
-
-	type ext struct {
-		desc protoreflect.FieldDescriptor
-		val  protoreflect.Value
-	}
-	var exts []ext
-	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		if fd.IsExtension() {
-			exts = append(exts, ext{fd, v})
-		}
-		return true
-	})
-	sort.Slice(exts, func(i, j int) bool {
-		return exts[i].desc.Number() < exts[j].desc.Number()
-	})
-
-	for _, ext := range exts {
-		// For message set, use the name of the message as the extension name.
-		name := string(ext.desc.FullName())
-		if isMessageSet(ext.desc.ContainingMessage()) {
-			name = strings.TrimSuffix(name, ".message_set_extension")
-		}
-
-		if !ext.desc.IsList() {
-			if err := w.writeSingularExtension(name, ext.val, ext.desc); err != nil {
-				return err
-			}
-		} else {
-			lv := ext.val.List()
-			for i := 0; i < lv.Len(); i++ {
-				if err := w.writeSingularExtension(name, lv.Get(i), ext.desc); err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func (w *textWriter) writeSingularExtension(name string, v protoreflect.Value, fd protoreflect.FieldDescriptor) error {
-	fmt.Fprintf(w, "[%s]:", name)
-	if !w.compact {
-		w.WriteByte(' ')
-	}
-	if err := w.writeSingularValue(v, fd); err != nil {
-		return err
-	}
-	w.WriteByte('\n')
-	return nil
-}
-
-func (w *textWriter) writeIndent() {
-	if !w.complete {
-		return
-	}
-	for i := 0; i < w.indent*2; i++ {
-		w.buf = append(w.buf, ' ')
-	}
-	w.complete = false
-}
--- a/vendor/github.com/golang/protobuf/proto/wire.go
+++ b/vendor/github.com/golang/protobuf/proto/wire.go
@ -1,78 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-import (
-	protoV2 "google.golang.org/protobuf/proto"
-	"google.golang.org/protobuf/runtime/protoiface"
-)
-
-// Size returns the size in bytes of the wire-format encoding of m.
-func Size(m Message) int {
-	if m == nil {
-		return 0
-	}
-	mi := MessageV2(m)
-	return protoV2.Size(mi)
-}
-
-// Marshal returns the wire-format encoding of m.
-func Marshal(m Message) ([]byte, error) {
-	b, err := marshalAppend(nil, m, false)
-	if b == nil {
-		b = zeroBytes
-	}
-	return b, err
-}
-
-var zeroBytes = make([]byte, 0, 0)
-
-func marshalAppend(buf []byte, m Message, deterministic bool) ([]byte, error) {
-	if m == nil {
-		return nil, ErrNil
-	}
-	mi := MessageV2(m)
-	nbuf, err := protoV2.MarshalOptions{
-		Deterministic: deterministic,
-		AllowPartial:  true,
-	}.MarshalAppend(buf, mi)
-	if err != nil {
-		return buf, err
-	}
-	if len(buf) == len(nbuf) {
-		if !mi.ProtoReflect().IsValid() {
-			return buf, ErrNil
-		}
-	}
-	return nbuf, checkRequiredNotSet(mi)
-}
-
-// Unmarshal parses a wire-format message in b and places the decoded results in m.
-//
-// Unmarshal resets m before starting to unmarshal, so any existing data in m is always
-// removed. Use UnmarshalMerge to preserve and append to existing data.
-func Unmarshal(b []byte, m Message) error {
-	m.Reset()
-	return UnmarshalMerge(b, m)
-}
-
-// UnmarshalMerge parses a wire-format message in b and places the decoded results in m.
-func UnmarshalMerge(b []byte, m Message) error {
-	mi := MessageV2(m)
-	out, err := protoV2.UnmarshalOptions{
-		AllowPartial: true,
-		Merge:        true,
-	}.UnmarshalState(protoiface.UnmarshalInput{
-		Buf:     b,
-		Message: mi.ProtoReflect(),
-	})
-	if err != nil {
-		return err
-	}
-	if out.Flags&protoiface.UnmarshalInitialized > 0 {
-		return nil
-	}
-	return checkRequiredNotSet(mi)
-}
--- a/vendor/github.com/golang/protobuf/proto/wrappers.go
+++ b/vendor/github.com/golang/protobuf/proto/wrappers.go
@ -1,34 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package proto
-
-// Bool stores v in a new bool value and returns a pointer to it.
-func Bool(v bool) *bool { return &v }
-
-// Int stores v in a new int32 value and returns a pointer to it.
-//
-// Deprecated: Use Int32 instead.
-func Int(v int) *int32 { return Int32(int32(v)) }
-
-// Int32 stores v in a new int32 value and returns a pointer to it.
-func Int32(v int32) *int32 { return &v }
-
-// Int64 stores v in a new int64 value and returns a pointer to it.
-func Int64(v int64) *int64 { return &v }
-
-// Uint32 stores v in a new uint32 value and returns a pointer to it.
-func Uint32(v uint32) *uint32 { return &v }
-
-// Uint64 stores v in a new uint64 value and returns a pointer to it.
-func Uint64(v uint64) *uint64 { return &v }
-
-// Float32 stores v in a new float32 value and returns a pointer to it.
-func Float32(v float32) *float32 { return &v }
-
-// Float64 stores v in a new float64 value and returns a pointer to it.
-func Float64(v float64) *float64 { return &v }
-
-// String stores v in a new string value and returns a pointer to it.
-func String(v string) *string { return &v }
--- a/vendor/github.com/golang/protobuf/ptypes/any.go
+++ b/vendor/github.com/golang/protobuf/ptypes/any.go
@ -1,180 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ptypes
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/golang/protobuf/proto"
-	"google.golang.org/protobuf/reflect/protoreflect"
-	"google.golang.org/protobuf/reflect/protoregistry"
-
-	anypb "github.com/golang/protobuf/ptypes/any"
-)
-
-const urlPrefix = "type.googleapis.com/"
-
-// AnyMessageName returns the message name contained in an anypb.Any message.
-// Most type assertions should use the Is function instead.
-//
-// Deprecated: Call the any.MessageName method instead.
-func AnyMessageName(any *anypb.Any) (string, error) {
-	name, err := anyMessageName(any)
-	return string(name), err
-}
-func anyMessageName(any *anypb.Any) (protoreflect.FullName, error) {
-	if any == nil {
-		return "", fmt.Errorf("message is nil")
-	}
-	name := protoreflect.FullName(any.TypeUrl)
-	if i := strings.LastIndex(any.TypeUrl, "/"); i >= 0 {
-		name = name[i+len("/"):]
-	}
-	if !name.IsValid() {
-		return "", fmt.Errorf("message type url %q is invalid", any.TypeUrl)
-	}
-	return name, nil
-}
-
-// MarshalAny marshals the given message m into an anypb.Any message.
-//
-// Deprecated: Call the anypb.New function instead.
-func MarshalAny(m proto.Message) (*anypb.Any, error) {
-	switch dm := m.(type) {
-	case DynamicAny:
-		m = dm.Message
-	case *DynamicAny:
-		if dm == nil {
-			return nil, proto.ErrNil
-		}
-		m = dm.Message
-	}
-	b, err := proto.Marshal(m)
-	if err != nil {
-		return nil, err
-	}
-	return &anypb.Any{TypeUrl: urlPrefix + proto.MessageName(m), Value: b}, nil
-}
-
-// Empty returns a new message of the type specified in an anypb.Any message.
-// It returns protoregistry.NotFound if the corresponding message type could not
-// be resolved in the global registry.
-//
-// Deprecated: Use protoregistry.GlobalTypes.FindMessageByName instead
-// to resolve the message name and create a new instance of it.
-func Empty(any *anypb.Any) (proto.Message, error) {
-	name, err := anyMessageName(any)
-	if err != nil {
-		return nil, err
-	}
-	mt, err := protoregistry.GlobalTypes.FindMessageByName(name)
-	if err != nil {
-		return nil, err
-	}
-	return proto.MessageV1(mt.New().Interface()), nil
-}
-
-// UnmarshalAny unmarshals the encoded value contained in the anypb.Any message
-// into the provided message m. It returns an error if the target message
-// does not match the type in the Any message or if an unmarshal error occurs.
-//
-// The target message m may be a *DynamicAny message. If the underlying message
-// type could not be resolved, then this returns protoregistry.NotFound.
-//
-// Deprecated: Call the any.UnmarshalTo method instead.
-func UnmarshalAny(any *anypb.Any, m proto.Message) error {
-	if dm, ok := m.(*DynamicAny); ok {
-		if dm.Message == nil {
-			var err error
-			dm.Message, err = Empty(any)
-			if err != nil {
-				return err
-			}
-		}
-		m = dm.Message
-	}
-
-	anyName, err := AnyMessageName(any)
-	if err != nil {
-		return err
-	}
-	msgName := proto.MessageName(m)
-	if anyName != msgName {
-		return fmt.Errorf("mismatched message type: got %q want %q", anyName, msgName)
-	}
-	return proto.Unmarshal(any.Value, m)
-}
-
-// Is reports whether the Any message contains a message of the specified type.
-//
-// Deprecated: Call the any.MessageIs method instead.
-func Is(any *anypb.Any, m proto.Message) bool {
-	if any == nil || m == nil {
-		return false
-	}
-	name := proto.MessageName(m)
-	if !strings.HasSuffix(any.TypeUrl, name) {
-		return false
-	}
-	return len(any.TypeUrl) == len(name) || any.TypeUrl[len(any.TypeUrl)-len(name)-1] == '/'
-}
-
-// DynamicAny is a value that can be passed to UnmarshalAny to automatically
-// allocate a proto.Message for the type specified in an anypb.Any message.
-// The allocated message is stored in the embedded proto.Message.
-//
-// Example:
-//
-//	var x ptypes.DynamicAny
-//	if err := ptypes.UnmarshalAny(a, &x); err != nil { ... }
-//	fmt.Printf("unmarshaled message: %v", x.Message)
-//
-// Deprecated: Use the any.UnmarshalNew method instead to unmarshal
-// the any message contents into a new instance of the underlying message.
-type DynamicAny struct{ proto.Message }
-
-func (m DynamicAny) String() string {
-	if m.Message == nil {
-		return "<nil>"
-	}
-	return m.Message.String()
-}
-func (m DynamicAny) Reset() {
-	if m.Message == nil {
-		return
-	}
-	m.Message.Reset()
-}
-func (m DynamicAny) ProtoMessage() {
-	return
-}
-func (m DynamicAny) ProtoReflect() protoreflect.Message {
-	if m.Message == nil {
-		return nil
-	}
-	return dynamicAny{proto.MessageReflect(m.Message)}
-}
-
-type dynamicAny struct{ protoreflect.Message }
-
-func (m dynamicAny) Type() protoreflect.MessageType {
-	return dynamicAnyType{m.Message.Type()}
-}
-func (m dynamicAny) New() protoreflect.Message {
-	return dynamicAnyType{m.Message.Type()}.New()
-}
-func (m dynamicAny) Interface() protoreflect.ProtoMessage {
-	return DynamicAny{proto.MessageV1(m.Message.Interface())}
-}
-
-type dynamicAnyType struct{ protoreflect.MessageType }
-
-func (t dynamicAnyType) New() protoreflect.Message {
-	return dynamicAny{t.MessageType.New()}
-}
-func (t dynamicAnyType) Zero() protoreflect.Message {
-	return dynamicAny{t.MessageType.Zero()}
-}
--- a/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
@ -1,62 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/golang/protobuf/ptypes/any/any.proto
-
-package any
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	anypb "google.golang.org/protobuf/types/known/anypb"
-	reflect "reflect"
-)
-
-// Symbols defined in public import of google/protobuf/any.proto.
-
-type Any = anypb.Any
-
-var File_github_com_golang_protobuf_ptypes_any_any_proto protoreflect.FileDescriptor
-
-var file_github_com_golang_protobuf_ptypes_any_any_proto_rawDesc = []byte{
-	0x0a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c,
-	0x61, 0x6e, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79,
-	0x70, 0x65, 0x73, 0x2f, 0x61, 0x6e, 0x79, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x2b, 0x5a, 0x29,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c, 0x61, 0x6e,
-	0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79, 0x70, 0x65,
-	0x73, 0x2f, 0x61, 0x6e, 0x79, 0x3b, 0x61, 0x6e, 0x79, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
-}
-
-var file_github_com_golang_protobuf_ptypes_any_any_proto_goTypes = []interface{}{}
-var file_github_com_golang_protobuf_ptypes_any_any_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_github_com_golang_protobuf_ptypes_any_any_proto_init() }
-func file_github_com_golang_protobuf_ptypes_any_any_proto_init() {
-	if File_github_com_golang_protobuf_ptypes_any_any_proto != nil {
-		return
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_github_com_golang_protobuf_ptypes_any_any_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   0,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_github_com_golang_protobuf_ptypes_any_any_proto_goTypes,
-		DependencyIndexes: file_github_com_golang_protobuf_ptypes_any_any_proto_depIdxs,
-	}.Build()
-	File_github_com_golang_protobuf_ptypes_any_any_proto = out.File
-	file_github_com_golang_protobuf_ptypes_any_any_proto_rawDesc = nil
-	file_github_com_golang_protobuf_ptypes_any_any_proto_goTypes = nil
-	file_github_com_golang_protobuf_ptypes_any_any_proto_depIdxs = nil
-}
--- a/vendor/github.com/golang/protobuf/ptypes/doc.go
+++ b/vendor/github.com/golang/protobuf/ptypes/doc.go
@ -1,10 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package ptypes provides functionality for interacting with well-known types.
-//
-// Deprecated: Well-known types have specialized functionality directly
-// injected into the generated packages for each message type.
-// See the deprecation notice for each function for the suggested alternative.
-package ptypes
--- a/vendor/github.com/golang/protobuf/ptypes/duration.go
+++ b/vendor/github.com/golang/protobuf/ptypes/duration.go
@ -1,76 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ptypes
-
-import (
-	"errors"
-	"fmt"
-	"time"
-
-	durationpb "github.com/golang/protobuf/ptypes/duration"
-)
-
-// Range of google.protobuf.Duration as specified in duration.proto.
-// This is about 10,000 years in seconds.
-const (
-	maxSeconds = int64(10000 * 365.25 * 24 * 60 * 60)
-	minSeconds = -maxSeconds
-)
-
-// Duration converts a durationpb.Duration to a time.Duration.
-// Duration returns an error if dur is invalid or overflows a time.Duration.
-//
-// Deprecated: Call the dur.AsDuration and dur.CheckValid methods instead.
-func Duration(dur *durationpb.Duration) (time.Duration, error) {
-	if err := validateDuration(dur); err != nil {
-		return 0, err
-	}
-	d := time.Duration(dur.Seconds) * time.Second
-	if int64(d/time.Second) != dur.Seconds {
-		return 0, fmt.Errorf("duration: %v is out of range for time.Duration", dur)
-	}
-	if dur.Nanos != 0 {
-		d += time.Duration(dur.Nanos) * time.Nanosecond
-		if (d < 0) != (dur.Nanos < 0) {
-			return 0, fmt.Errorf("duration: %v is out of range for time.Duration", dur)
-		}
-	}
-	return d, nil
-}
-
-// DurationProto converts a time.Duration to a durationpb.Duration.
-//
-// Deprecated: Call the durationpb.New function instead.
-func DurationProto(d time.Duration) *durationpb.Duration {
-	nanos := d.Nanoseconds()
-	secs := nanos / 1e9
-	nanos -= secs * 1e9
-	return &durationpb.Duration{
-		Seconds: int64(secs),
-		Nanos:   int32(nanos),
-	}
-}
-
-// validateDuration determines whether the durationpb.Duration is valid
-// according to the definition in google/protobuf/duration.proto.
-// A valid durpb.Duration may still be too large to fit into a time.Duration
-// Note that the range of durationpb.Duration is about 10,000 years,
-// while the range of time.Duration is about 290 years.
-func validateDuration(dur *durationpb.Duration) error {
-	if dur == nil {
-		return errors.New("duration: nil Duration")
-	}
-	if dur.Seconds < minSeconds || dur.Seconds > maxSeconds {
-		return fmt.Errorf("duration: %v: seconds out of range", dur)
-	}
-	if dur.Nanos <= -1e9 || dur.Nanos >= 1e9 {
-		return fmt.Errorf("duration: %v: nanos out of range", dur)
-	}
-	// Seconds and Nanos must have the same sign, unless d.Nanos is zero.
-	if (dur.Seconds < 0 && dur.Nanos > 0) || (dur.Seconds > 0 && dur.Nanos < 0) {
-		return fmt.Errorf("duration: %v: seconds and nanos have different signs", dur)
-	}
-	return nil
-}
--- a/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
@ -1,63 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/golang/protobuf/ptypes/duration/duration.proto
-
-package duration
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	durationpb "google.golang.org/protobuf/types/known/durationpb"
-	reflect "reflect"
-)
-
-// Symbols defined in public import of google/protobuf/duration.proto.
-
-type Duration = durationpb.Duration
-
-var File_github_com_golang_protobuf_ptypes_duration_duration_proto protoreflect.FileDescriptor
-
-var file_github_com_golang_protobuf_ptypes_duration_duration_proto_rawDesc = []byte{
-	0x0a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c,
-	0x61, 0x6e, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79,
-	0x70, 0x65, 0x73, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x64, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x35, 0x5a, 0x33, 0x67,
-	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67,
-	0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79, 0x70, 0x65, 0x73,
-	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3b, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69,
-	0x6f, 0x6e, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
-}
-
-var file_github_com_golang_protobuf_ptypes_duration_duration_proto_goTypes = []interface{}{}
-var file_github_com_golang_protobuf_ptypes_duration_duration_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_github_com_golang_protobuf_ptypes_duration_duration_proto_init() }
-func file_github_com_golang_protobuf_ptypes_duration_duration_proto_init() {
-	if File_github_com_golang_protobuf_ptypes_duration_duration_proto != nil {
-		return
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_github_com_golang_protobuf_ptypes_duration_duration_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   0,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_github_com_golang_protobuf_ptypes_duration_duration_proto_goTypes,
-		DependencyIndexes: file_github_com_golang_protobuf_ptypes_duration_duration_proto_depIdxs,
-	}.Build()
-	File_github_com_golang_protobuf_ptypes_duration_duration_proto = out.File
-	file_github_com_golang_protobuf_ptypes_duration_duration_proto_rawDesc = nil
-	file_github_com_golang_protobuf_ptypes_duration_duration_proto_goTypes = nil
-	file_github_com_golang_protobuf_ptypes_duration_duration_proto_depIdxs = nil
-}
--- a/vendor/github.com/golang/protobuf/ptypes/timestamp.go
+++ b/vendor/github.com/golang/protobuf/ptypes/timestamp.go
@ -1,112 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ptypes
-
-import (
-	"errors"
-	"fmt"
-	"time"
-
-	timestamppb "github.com/golang/protobuf/ptypes/timestamp"
-)
-
-// Range of google.protobuf.Duration as specified in timestamp.proto.
-const (
-	// Seconds field of the earliest valid Timestamp.
-	// This is time.Date(1, 1, 1, 0, 0, 0, 0, time.UTC).Unix().
-	minValidSeconds = -62135596800
-	// Seconds field just after the latest valid Timestamp.
-	// This is time.Date(10000, 1, 1, 0, 0, 0, 0, time.UTC).Unix().
-	maxValidSeconds = 253402300800
-)
-
-// Timestamp converts a timestamppb.Timestamp to a time.Time.
-// It returns an error if the argument is invalid.
-//
-// Unlike most Go functions, if Timestamp returns an error, the first return
-// value is not the zero time.Time. Instead, it is the value obtained from the
-// time.Unix function when passed the contents of the Timestamp, in the UTC
-// locale. This may or may not be a meaningful time; many invalid Timestamps
-// do map to valid time.Times.
-//
-// A nil Timestamp returns an error. The first return value in that case is
-// undefined.
-//
-// Deprecated: Call the ts.AsTime and ts.CheckValid methods instead.
-func Timestamp(ts *timestamppb.Timestamp) (time.Time, error) {
-	// Don't return the zero value on error, because corresponds to a valid
-	// timestamp. Instead return whatever time.Unix gives us.
-	var t time.Time
-	if ts == nil {
-		t = time.Unix(0, 0).UTC() // treat nil like the empty Timestamp
-	} else {
-		t = time.Unix(ts.Seconds, int64(ts.Nanos)).UTC()
-	}
-	return t, validateTimestamp(ts)
-}
-
-// TimestampNow returns a google.protobuf.Timestamp for the current time.
-//
-// Deprecated: Call the timestamppb.Now function instead.
-func TimestampNow() *timestamppb.Timestamp {
-	ts, err := TimestampProto(time.Now())
-	if err != nil {
-		panic("ptypes: time.Now() out of Timestamp range")
-	}
-	return ts
-}
-
-// TimestampProto converts the time.Time to a google.protobuf.Timestamp proto.
-// It returns an error if the resulting Timestamp is invalid.
-//
-// Deprecated: Call the timestamppb.New function instead.
-func TimestampProto(t time.Time) (*timestamppb.Timestamp, error) {
-	ts := &timestamppb.Timestamp{
-		Seconds: t.Unix(),
-		Nanos:   int32(t.Nanosecond()),
-	}
-	if err := validateTimestamp(ts); err != nil {
-		return nil, err
-	}
-	return ts, nil
-}
-
-// TimestampString returns the RFC 3339 string for valid Timestamps.
-// For invalid Timestamps, it returns an error message in parentheses.
-//
-// Deprecated: Call the ts.AsTime method instead,
-// followed by a call to the Format method on the time.Time value.
-func TimestampString(ts *timestamppb.Timestamp) string {
-	t, err := Timestamp(ts)
-	if err != nil {
-		return fmt.Sprintf("(%v)", err)
-	}
-	return t.Format(time.RFC3339Nano)
-}
-
-// validateTimestamp determines whether a Timestamp is valid.
-// A valid timestamp represents a time in the range [0001-01-01, 10000-01-01)
-// and has a Nanos field in the range [0, 1e9).
-//
-// If the Timestamp is valid, validateTimestamp returns nil.
-// Otherwise, it returns an error that describes the problem.
-//
-// Every valid Timestamp can be represented by a time.Time,
-// but the converse is not true.
-func validateTimestamp(ts *timestamppb.Timestamp) error {
-	if ts == nil {
-		return errors.New("timestamp: nil Timestamp")
-	}
-	if ts.Seconds < minValidSeconds {
-		return fmt.Errorf("timestamp: %v before 0001-01-01", ts)
-	}
-	if ts.Seconds >= maxValidSeconds {
-		return fmt.Errorf("timestamp: %v after 10000-01-01", ts)
-	}
-	if ts.Nanos < 0 || ts.Nanos >= 1e9 {
-		return fmt.Errorf("timestamp: %v: nanos not in range [0, 1e9)", ts)
-	}
-	return nil
-}
--- a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
+++ b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
@ -1,64 +0,0 @@
-// Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
-
-package timestamp
-
-import (
-	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
-	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-	timestamppb "google.golang.org/protobuf/types/known/timestamppb"
-	reflect "reflect"
-)
-
-// Symbols defined in public import of google/protobuf/timestamp.proto.
-
-type Timestamp = timestamppb.Timestamp
-
-var File_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto protoreflect.FileDescriptor
-
-var file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_rawDesc = []byte{
-	0x0a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c,
-	0x61, 0x6e, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79,
-	0x70, 0x65, 0x73, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2f, 0x74, 0x69,
-	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67,
-	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74,
-	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x37,
-	0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6c,
-	0x61, 0x6e, 0x67, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x70, 0x74, 0x79,
-	0x70, 0x65, 0x73, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x3b, 0x74, 0x69,
-	0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x50, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
-}
-
-var file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_goTypes = []interface{}{}
-var file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_depIdxs = []int32{
-	0, // [0:0] is the sub-list for method output_type
-	0, // [0:0] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
-}
-
-func init() { file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_init() }
-func file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_init() {
-	if File_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto != nil {
-		return
-	}
-	type x struct{}
-	out := protoimpl.TypeBuilder{
-		File: protoimpl.DescBuilder{
-			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
-			RawDescriptor: file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_rawDesc,
-			NumEnums:      0,
-			NumMessages:   0,
-			NumExtensions: 0,
-			NumServices:   0,
-		},
-		GoTypes:           file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_goTypes,
-		DependencyIndexes: file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_depIdxs,
-	}.Build()
-	File_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto = out.File
-	file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_rawDesc = nil
-	file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_goTypes = nil
-	file_github_com_golang_protobuf_ptypes_timestamp_timestamp_proto_depIdxs = nil
-}
--- a/vendor/github.com/google/gnostic-models/compiler/extensions.go
+++ b/vendor/github.com/google/gnostic-models/compiler/extensions.go
@ -20,8 +20,8 @@ import (
 	"os/exec"
 	"strings"

-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes/any"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
 	yaml "gopkg.in/yaml.v3"

 	extensions "github.com/google/gnostic-models/extensions"
@ -33,7 +33,7 @@ type ExtensionHandler struct {
 }

 // CallExtension calls a binary extension handler.
-func CallExtension(context *Context, in *yaml.Node, extensionName string) (handled bool, response *any.Any, err error) {
+func CallExtension(context *Context, in *yaml.Node, extensionName string) (handled bool, response *anypb.Any, err error) {
 	if context == nil || context.ExtensionHandlers == nil {
 		return false, nil, nil
 	}
@ -50,7 +50,7 @@ func CallExtension(context *Context, in *yaml.Node, extensionName string) (handl
 	return handled, response, err
 }

-func (extensionHandlers *ExtensionHandler) handle(in *yaml.Node, extensionName string) (*any.Any, error) {
+func (extensionHandlers *ExtensionHandler) handle(in *yaml.Node, extensionName string) (*anypb.Any, error) {
 	if extensionHandlers.Name != "" {
 		yamlData, _ := yaml.Marshal(in)
 		request := &extensions.ExtensionHandlerRequest{
--- a/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
+++ b/vendor/github.com/google/gnostic-models/extensions/extension.pb.go
@ -14,8 +14,8 @@

 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.27.1
-// 	protoc        v3.19.3
+// 	protoc-gen-go v1.35.1
+// 	protoc        v4.23.4
 // source: extensions/extension.proto

 package gnostic_extension_v1
@ -51,11 +51,9 @@ type Version struct {

 func (x *Version) Reset() {
 	*x = Version{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_extension_proto_msgTypes[0]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_extensions_extension_proto_msgTypes[0]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }

 func (x *Version) String() string {
@ -66,7 +64,7 @@ func (*Version) ProtoMessage() {}

 func (x *Version) ProtoReflect() protoreflect.Message {
 	mi := &file_extensions_extension_proto_msgTypes[0]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@ -123,11 +121,9 @@ type ExtensionHandlerRequest struct {

 func (x *ExtensionHandlerRequest) Reset() {
 	*x = ExtensionHandlerRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_extension_proto_msgTypes[1]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_extensions_extension_proto_msgTypes[1]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }

 func (x *ExtensionHandlerRequest) String() string {
@ -138,7 +134,7 @@ func (*ExtensionHandlerRequest) ProtoMessage() {}

 func (x *ExtensionHandlerRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_extensions_extension_proto_msgTypes[1]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@ -191,11 +187,9 @@ type ExtensionHandlerResponse struct {

 func (x *ExtensionHandlerResponse) Reset() {
 	*x = ExtensionHandlerResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_extension_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_extensions_extension_proto_msgTypes[2]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }

 func (x *ExtensionHandlerResponse) String() string {
@ -206,7 +200,7 @@ func (*ExtensionHandlerResponse) ProtoMessage() {}

 func (x *ExtensionHandlerResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_extensions_extension_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@ -257,11 +251,9 @@ type Wrapper struct {

 func (x *Wrapper) Reset() {
 	*x = Wrapper{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_extensions_extension_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
+	mi := &file_extensions_extension_proto_msgTypes[3]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
 }

 func (x *Wrapper) String() string {
@ -272,7 +264,7 @@ func (*Wrapper) ProtoMessage() {}

 func (x *Wrapper) ProtoReflect() protoreflect.Message {
 	mi := &file_extensions_extension_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
+	if x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
 		if ms.LoadMessageInfo() == nil {
 			ms.StoreMessageInfo(mi)
@ -367,7 +359,7 @@ func file_extensions_extension_proto_rawDescGZIP() []byte {
 }

 var file_extensions_extension_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_extensions_extension_proto_goTypes = []interface{}{
+var file_extensions_extension_proto_goTypes = []any{
 	(*Version)(nil),                  // 0: gnostic.extension.v1.Version
 	(*ExtensionHandlerRequest)(nil),  // 1: gnostic.extension.v1.ExtensionHandlerRequest
 	(*ExtensionHandlerResponse)(nil), // 2: gnostic.extension.v1.ExtensionHandlerResponse
@ -390,56 +382,6 @@ func file_extensions_extension_proto_init() {
 	if File_extensions_extension_proto != nil {
 		return
 	}
-	if !protoimpl.UnsafeEnabled {
-		file_extensions_extension_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Version); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_extensions_extension_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ExtensionHandlerRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_extensions_extension_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ExtensionHandlerResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_extensions_extension_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*Wrapper); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
--- a/vendor/github.com/google/gnostic-models/extensions/extensions.go
+++ b/vendor/github.com/google/gnostic-models/extensions/extensions.go
@ -19,8 +19,8 @@ import (
 	"log"
 	"os"

-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/anypb"
 )

 type extensionHandler func(name string, yamlInput string) (bool, proto.Message, error)
@ -54,7 +54,7 @@ func Main(handler extensionHandler) {
 		response.Errors = append(response.Errors, err.Error())
 	} else if handled {
 		response.Handled = true
-		response.Value, err = ptypes.MarshalAny(output)
+		response.Value, err = anypb.New(output)
 		if err != nil {
 			response.Errors = append(response.Errors, err.Error())
 		}
--- a/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go
--- a/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go
--- a/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go
@ -0,0 +1,182 @@
+// Copyright 2022 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.35.1
+// 	protoc        v4.23.4
+// source: openapiv3/annotations.proto
+
+package openapi_v3
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	descriptorpb "google.golang.org/protobuf/types/descriptorpb"
+	reflect "reflect"
+)
+
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+var file_openapiv3_annotations_proto_extTypes = []protoimpl.ExtensionInfo{
+	{
+		ExtendedType:  (*descriptorpb.FileOptions)(nil),
+		ExtensionType: (*Document)(nil),
+		Field:         1143,
+		Name:          "openapi.v3.document",
+		Tag:           "bytes,1143,opt,name=document",
+		Filename:      "openapiv3/annotations.proto",
+	},
+	{
+		ExtendedType:  (*descriptorpb.MethodOptions)(nil),
+		ExtensionType: (*Operation)(nil),
+		Field:         1143,
+		Name:          "openapi.v3.operation",
+		Tag:           "bytes,1143,opt,name=operation",
+		Filename:      "openapiv3/annotations.proto",
+	},
+	{
+		ExtendedType:  (*descriptorpb.MessageOptions)(nil),
+		ExtensionType: (*Schema)(nil),
+		Field:         1143,
+		Name:          "openapi.v3.schema",
+		Tag:           "bytes,1143,opt,name=schema",
+		Filename:      "openapiv3/annotations.proto",
+	},
+	{
+		ExtendedType:  (*descriptorpb.FieldOptions)(nil),
+		ExtensionType: (*Schema)(nil),
+		Field:         1143,
+		Name:          "openapi.v3.property",
+		Tag:           "bytes,1143,opt,name=property",
+		Filename:      "openapiv3/annotations.proto",
+	},
+}
+
+// Extension fields to descriptorpb.FileOptions.
+var (
+	// optional openapi.v3.Document document = 1143;
+	E_Document = &file_openapiv3_annotations_proto_extTypes[0]
+)
+
+// Extension fields to descriptorpb.MethodOptions.
+var (
+	// optional openapi.v3.Operation operation = 1143;
+	E_Operation = &file_openapiv3_annotations_proto_extTypes[1]
+)
+
+// Extension fields to descriptorpb.MessageOptions.
+var (
+	// optional openapi.v3.Schema schema = 1143;
+	E_Schema = &file_openapiv3_annotations_proto_extTypes[2]
+)
+
+// Extension fields to descriptorpb.FieldOptions.
+var (
+	// optional openapi.v3.Schema property = 1143;
+	E_Property = &file_openapiv3_annotations_proto_extTypes[3]
+)
+
+var File_openapiv3_annotations_proto protoreflect.FileDescriptor
+
+var file_openapiv3_annotations_proto_rawDesc = []byte{
+	0x0a, 0x1b, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x61, 0x6e, 0x6e, 0x6f,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x6f, 0x70, 0x65,
+	0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x2f, 0x4f, 0x70, 0x65, 0x6e, 0x41, 0x50, 0x49, 0x76, 0x33,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x3a, 0x4f, 0x0a, 0x08, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
+	0x6e, 0x74, 0x12, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70,
+	0x69, 0x2e, 0x76, 0x33, 0x2e, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x08, 0x64,
+	0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x3a, 0x54, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x6f, 0x70,
+	0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x4c, 0x0a,
+	0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
+	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x12, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x63, 0x68,
+	0x65, 0x6d, 0x61, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x3a, 0x4e, 0x0a, 0x08, 0x70,
+	0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf7, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e,
+	0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x33, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d,
+	0x61, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70, 0x65, 0x72, 0x74, 0x79, 0x42, 0x42, 0x0a, 0x0e, 0x6f,
+	0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0x42, 0x10, 0x41,
+	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x16, 0x2e, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x33, 0x3b, 0x6f,
+	0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x5f, 0x76, 0x33, 0xa2, 0x02, 0x03, 0x4f, 0x41, 0x53, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+}
+
+var file_openapiv3_annotations_proto_goTypes = []any{
+	(*descriptorpb.FileOptions)(nil),    // 0: google.protobuf.FileOptions
+	(*descriptorpb.MethodOptions)(nil),  // 1: google.protobuf.MethodOptions
+	(*descriptorpb.MessageOptions)(nil), // 2: google.protobuf.MessageOptions
+	(*descriptorpb.FieldOptions)(nil),   // 3: google.protobuf.FieldOptions
+	(*Document)(nil),                    // 4: openapi.v3.Document
+	(*Operation)(nil),                   // 5: openapi.v3.Operation
+	(*Schema)(nil),                      // 6: openapi.v3.Schema
+}
+var file_openapiv3_annotations_proto_depIdxs = []int32{
+	0, // 0: openapi.v3.document:extendee -> google.protobuf.FileOptions
+	1, // 1: openapi.v3.operation:extendee -> google.protobuf.MethodOptions
+	2, // 2: openapi.v3.schema:extendee -> google.protobuf.MessageOptions
+	3, // 3: openapi.v3.property:extendee -> google.protobuf.FieldOptions
+	4, // 4: openapi.v3.document:type_name -> openapi.v3.Document
+	5, // 5: openapi.v3.operation:type_name -> openapi.v3.Operation
+	6, // 6: openapi.v3.schema:type_name -> openapi.v3.Schema
+	6, // 7: openapi.v3.property:type_name -> openapi.v3.Schema
+	8, // [8:8] is the sub-list for method output_type
+	8, // [8:8] is the sub-list for method input_type
+	4, // [4:8] is the sub-list for extension type_name
+	0, // [0:4] is the sub-list for extension extendee
+	0, // [0:0] is the sub-list for field type_name
+}
+
+func init() { file_openapiv3_annotations_proto_init() }
+func file_openapiv3_annotations_proto_init() {
+	if File_openapiv3_annotations_proto != nil {
+		return
+	}
+	file_openapiv3_OpenAPIv3_proto_init()
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_openapiv3_annotations_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   0,
+			NumExtensions: 4,
+			NumServices:   0,
+		},
+		GoTypes:           file_openapiv3_annotations_proto_goTypes,
+		DependencyIndexes: file_openapiv3_annotations_proto_depIdxs,
+		ExtensionInfos:    file_openapiv3_annotations_proto_extTypes,
+	}.Build()
+	File_openapiv3_annotations_proto = out.File
+	file_openapiv3_annotations_proto_rawDesc = nil
+	file_openapiv3_annotations_proto_goTypes = nil
+	file_openapiv3_annotations_proto_depIdxs = nil
+}
--- a/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
+++ b/vendor/github.com/google/gnostic-models/openapiv3/annotations.proto
@ -0,0 +1,56 @@
+// Copyright 2022 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package openapi.v3;
+
+import "google/protobuf/descriptor.proto";
+import "openapiv3/OpenAPIv3.proto";
+
+// The Go package name.
+option go_package = "./openapiv3;openapi_v3";
+// This option lets the proto compiler generate Java code inside the package
+// name (see below) instead of inside an outer class. It creates a simpler
+// developer experience by reducing one-level of name nesting and be
+// consistent with most programming languages that don't support outer classes.
+option java_multiple_files = true;
+// The Java outer classname should be the filename in UpperCamelCase. This
+// class is only used to hold proto descriptor, so developers don't need to
+// work with it directly.
+option java_outer_classname = "AnnotationsProto";
+// The Java package name must be proto package name with proper prefix.
+option java_package = "org.openapi_v3";
+// A reasonable prefix for the Objective-C symbols generated from the package.
+// It should at a minimum be 3 characters long, all uppercase, and convention
+// is to use an abbreviation of the package name. Something short, but
+// hopefully unique enough to not conflict with things that may come along in
+// the future. 'GPB' is reserved for the protocol buffer implementation itself.
+option objc_class_prefix = "OAS";
+
+extend google.protobuf.FileOptions {
+  Document document = 1143;
+}
+
+extend google.protobuf.MethodOptions {
+  Operation operation = 1143;
+}
+
+extend google.protobuf.MessageOptions {
+  Schema schema = 1143;
+}
+
+extend google.protobuf.FieldOptions {
+  Schema property = 1143;
+}
--- a/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
+++ b/vendor/github.com/google/go-cmp/cmp/internal/function/func.go
@ -19,6 +19,7 @@ const (

 	tbFunc  // func(T) bool
 	ttbFunc // func(T, T) bool
+	ttiFunc // func(T, T) int
 	trbFunc // func(T, R) bool
 	tibFunc // func(T, I) bool
 	trFunc  // func(T) R
@ -28,11 +29,13 @@ const (
 	Transformer       = trFunc  // func(T) R
 	ValueFilter       = ttbFunc // func(T, T) bool
 	Less              = ttbFunc // func(T, T) bool
+	Compare           = ttiFunc // func(T, T) int
 	ValuePredicate    = tbFunc  // func(T) bool
 	KeyValuePredicate = trbFunc // func(T, R) bool
 )

 var boolType = reflect.TypeOf(true)
+var intType = reflect.TypeOf(0)

 // IsType reports whether the reflect.Type is of the specified function type.
 func IsType(t reflect.Type, ft funcType) bool {
@ -49,6 +52,10 @@ func IsType(t reflect.Type, ft funcType) bool {
 		if ni == 2 && no == 1 && t.In(0) == t.In(1) && t.Out(0) == boolType {
 			return true
 		}
+	case ttiFunc: // func(T, T) int
+		if ni == 2 && no == 1 && t.In(0) == t.In(1) && t.Out(0) == intType {
+			return true
+		}
 	case trbFunc: // func(T, R) bool
 		if ni == 2 && no == 1 && t.Out(0) == boolType {
 			return true
--- a/vendor/github.com/google/go-cmp/cmp/options.go
+++ b/vendor/github.com/google/go-cmp/cmp/options.go
@ -232,7 +232,15 @@ func (validator) apply(s *state, vx, vy reflect.Value) {
 		if t := s.curPath.Index(-2).Type(); t.Name() != "" {
 			// Named type with unexported fields.
 			name = fmt.Sprintf("%q.%v", t.PkgPath(), t.Name()) // e.g., "path/to/package".MyType
-			if _, ok := reflect.New(t).Interface().(error); ok {
+			isProtoMessage := func(t reflect.Type) bool {
+				m, ok := reflect.PointerTo(t).MethodByName("ProtoReflect")
+				return ok && m.Type.NumIn() == 1 && m.Type.NumOut() == 1 &&
+					m.Type.Out(0).PkgPath() == "google.golang.org/protobuf/reflect/protoreflect" &&
+					m.Type.Out(0).Name() == "Message"
+			}
+			if isProtoMessage(t) {
+				help = `consider using "google.golang.org/protobuf/testing/protocmp".Transform to compare proto.Message types`
+			} else if _, ok := reflect.New(t).Interface().(error); ok {
 				help = "consider using cmpopts.EquateErrors to compare error values"
 			} else if t.Comparable() {
 				help = "consider using cmpopts.EquateComparable to compare comparable Go types"
--- a/vendor/github.com/google/gofuzz/.travis.yml
+++ b/vendor/github.com/google/gofuzz/.travis.yml
@ -1,10 +0,0 @@
-language: go
-
-go:
-  - 1.11.x
-  - 1.12.x
-  - 1.13.x
-  - master
-
-script:
-  - go test -cover
--- a/vendor/github.com/google/gofuzz/CONTRIBUTING.md
+++ b/vendor/github.com/google/gofuzz/CONTRIBUTING.md
@ -1,67 +0,0 @@
-# How to contribute #
-
-We'd love to accept your patches and contributions to this project.  There are
-just a few small guidelines you need to follow.
-
-
-## Contributor License Agreement ##
-
-Contributions to any Google project must be accompanied by a Contributor
-License Agreement.  This is not a copyright **assignment**, it simply gives
-Google permission to use and redistribute your contributions as part of the
-project.
-
-  * If you are an individual writing original source code and you're sure you
-    own the intellectual property, then you'll need to sign an [individual
-    CLA][].
-
-  * If you work for a company that wants to allow you to contribute your work,
-    then you'll need to sign a [corporate CLA][].
-
-You generally only need to submit a CLA once, so if you've already submitted
-one (even if it was for a different project), you probably don't need to do it
-again.
-
-[individual CLA]: https://developers.google.com/open-source/cla/individual
-[corporate CLA]: https://developers.google.com/open-source/cla/corporate
-
-
-## Submitting a patch ##
-
-  1. It's generally best to start by opening a new issue describing the bug or
-     feature you're intending to fix.  Even if you think it's relatively minor,
-     it's helpful to know what people are working on.  Mention in the initial
-     issue that you are planning to work on that bug or feature so that it can
-     be assigned to you.
-
-  1. Follow the normal process of [forking][] the project, and setup a new
-     branch to work in.  It's important that each group of changes be done in
-     separate branches in order to ensure that a pull request only includes the
-     commits related to that bug or feature.
-
-  1. Go makes it very simple to ensure properly formatted code, so always run
-     `go fmt` on your code before committing it.  You should also run
-     [golint][] over your code.  As noted in the [golint readme][], it's not
-     strictly necessary that your code be completely "lint-free", but this will
-     help you find common style issues.
-
-  1. Any significant changes should almost always be accompanied by tests.  The
-     project already has good test coverage, so look at some of the existing
-     tests if you're unsure how to go about it.  [gocov][] and [gocov-html][]
-     are invaluable tools for seeing which parts of your code aren't being
-     exercised by your tests.
-
-  1. Do your best to have [well-formed commit messages][] for each change.
-     This provides consistency throughout the project, and ensures that commit
-     messages are able to be formatted properly by various git tools.
-
-  1. Finally, push the commits to your fork and submit a [pull request][].
-
-[forking]: https://help.github.com/articles/fork-a-repo
-[golint]: https://github.com/golang/lint
-[golint readme]: https://github.com/golang/lint/blob/master/README
-[gocov]: https://github.com/axw/gocov
-[gocov-html]: https://github.com/matm/gocov-html
-[well-formed commit messages]: http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html
-[squash]: http://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits
-[pull request]: https://help.github.com/articles/creating-a-pull-request
--- a/vendor/github.com/google/gofuzz/LICENSE
+++ b/vendor/github.com/google/gofuzz/LICENSE
@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/vendor/github.com/google/gofuzz/fuzz.go
+++ b/vendor/github.com/google/gofuzz/fuzz.go
@ -1,605 +0,0 @@
-/*
-Copyright 2014 Google Inc. All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package fuzz
-
-import (
-	"fmt"
-	"math/rand"
-	"reflect"
-	"regexp"
-	"time"
-
-	"github.com/google/gofuzz/bytesource"
-	"strings"
-)
-
-// fuzzFuncMap is a map from a type to a fuzzFunc that handles that type.
-type fuzzFuncMap map[reflect.Type]reflect.Value
-
-// Fuzzer knows how to fill any object with random fields.
-type Fuzzer struct {
-	fuzzFuncs         fuzzFuncMap
-	defaultFuzzFuncs  fuzzFuncMap
-	r                 *rand.Rand
-	nilChance         float64
-	minElements       int
-	maxElements       int
-	maxDepth          int
-	skipFieldPatterns []*regexp.Regexp
-}
-
-// New returns a new Fuzzer. Customize your Fuzzer further by calling Funcs,
-// RandSource, NilChance, or NumElements in any order.
-func New() *Fuzzer {
-	return NewWithSeed(time.Now().UnixNano())
-}
-
-func NewWithSeed(seed int64) *Fuzzer {
-	f := &Fuzzer{
-		defaultFuzzFuncs: fuzzFuncMap{
-			reflect.TypeOf(&time.Time{}): reflect.ValueOf(fuzzTime),
-		},
-
-		fuzzFuncs:   fuzzFuncMap{},
-		r:           rand.New(rand.NewSource(seed)),
-		nilChance:   .2,
-		minElements: 1,
-		maxElements: 10,
-		maxDepth:    100,
-	}
-	return f
-}
-
-// NewFromGoFuzz is a helper function that enables using gofuzz (this
-// project) with go-fuzz (https://github.com/dvyukov/go-fuzz) for continuous
-// fuzzing. Essentially, it enables translating the fuzzing bytes from
-// go-fuzz to any Go object using this library.
-//
-// This implementation promises a constant translation from a given slice of
-// bytes to the fuzzed objects. This promise will remain over future
-// versions of Go and of this library.
-//
-// Note: the returned Fuzzer should not be shared between multiple goroutines,
-// as its deterministic output will no longer be available.
-//
-// Example: use go-fuzz to test the function `MyFunc(int)` in the package
-// `mypackage`. Add the file: "mypacakge_fuzz.go" with the content:
-//
-// // +build gofuzz
-// package mypacakge
-// import fuzz "github.com/google/gofuzz"
-// func Fuzz(data []byte) int {
-// 	var i int
-// 	fuzz.NewFromGoFuzz(data).Fuzz(&i)
-// 	MyFunc(i)
-// 	return 0
-// }
-func NewFromGoFuzz(data []byte) *Fuzzer {
-	return New().RandSource(bytesource.New(data))
-}
-
-// Funcs adds each entry in fuzzFuncs as a custom fuzzing function.
-//
-// Each entry in fuzzFuncs must be a function taking two parameters.
-// The first parameter must be a pointer or map. It is the variable that
-// function will fill with random data. The second parameter must be a
-// fuzz.Continue, which will provide a source of randomness and a way
-// to automatically continue fuzzing smaller pieces of the first parameter.
-//
-// These functions are called sensibly, e.g., if you wanted custom string
-// fuzzing, the function `func(s *string, c fuzz.Continue)` would get
-// called and passed the address of strings. Maps and pointers will always
-// be made/new'd for you, ignoring the NilChange option. For slices, it
-// doesn't make much sense to  pre-create them--Fuzzer doesn't know how
-// long you want your slice--so take a pointer to a slice, and make it
-// yourself. (If you don't want your map/pointer type pre-made, take a
-// pointer to it, and make it yourself.) See the examples for a range of
-// custom functions.
-func (f *Fuzzer) Funcs(fuzzFuncs ...interface{}) *Fuzzer {
-	for i := range fuzzFuncs {
-		v := reflect.ValueOf(fuzzFuncs[i])
-		if v.Kind() != reflect.Func {
-			panic("Need only funcs!")
-		}
-		t := v.Type()
-		if t.NumIn() != 2 || t.NumOut() != 0 {
-			panic("Need 2 in and 0 out params!")
-		}
-		argT := t.In(0)
-		switch argT.Kind() {
-		case reflect.Ptr, reflect.Map:
-		default:
-			panic("fuzzFunc must take pointer or map type")
-		}
-		if t.In(1) != reflect.TypeOf(Continue{}) {
-			panic("fuzzFunc's second parameter must be type fuzz.Continue")
-		}
-		f.fuzzFuncs[argT] = v
-	}
-	return f
-}
-
-// RandSource causes f to get values from the given source of randomness.
-// Use if you want deterministic fuzzing.
-func (f *Fuzzer) RandSource(s rand.Source) *Fuzzer {
-	f.r = rand.New(s)
-	return f
-}
-
-// NilChance sets the probability of creating a nil pointer, map, or slice to
-// 'p'. 'p' should be between 0 (no nils) and 1 (all nils), inclusive.
-func (f *Fuzzer) NilChance(p float64) *Fuzzer {
-	if p < 0 || p > 1 {
-		panic("p should be between 0 and 1, inclusive.")
-	}
-	f.nilChance = p
-	return f
-}
-
-// NumElements sets the minimum and maximum number of elements that will be
-// added to a non-nil map or slice.
-func (f *Fuzzer) NumElements(atLeast, atMost int) *Fuzzer {
-	if atLeast > atMost {
-		panic("atLeast must be <= atMost")
-	}
-	if atLeast < 0 {
-		panic("atLeast must be >= 0")
-	}
-	f.minElements = atLeast
-	f.maxElements = atMost
-	return f
-}
-
-func (f *Fuzzer) genElementCount() int {
-	if f.minElements == f.maxElements {
-		return f.minElements
-	}
-	return f.minElements + f.r.Intn(f.maxElements-f.minElements+1)
-}
-
-func (f *Fuzzer) genShouldFill() bool {
-	return f.r.Float64() >= f.nilChance
-}
-
-// MaxDepth sets the maximum number of recursive fuzz calls that will be made
-// before stopping.  This includes struct members, pointers, and map and slice
-// elements.
-func (f *Fuzzer) MaxDepth(d int) *Fuzzer {
-	f.maxDepth = d
-	return f
-}
-
-// Skip fields which match the supplied pattern. Call this multiple times if needed
-// This is useful to skip XXX_ fields generated by protobuf
-func (f *Fuzzer) SkipFieldsWithPattern(pattern *regexp.Regexp) *Fuzzer {
-	f.skipFieldPatterns = append(f.skipFieldPatterns, pattern)
-	return f
-}
-
-// Fuzz recursively fills all of obj's fields with something random.  First
-// this tries to find a custom fuzz function (see Funcs).  If there is no
-// custom function this tests whether the object implements fuzz.Interface and,
-// if so, calls Fuzz on it to fuzz itself.  If that fails, this will see if
-// there is a default fuzz function provided by this package.  If all of that
-// fails, this will generate random values for all primitive fields and then
-// recurse for all non-primitives.
-//
-// This is safe for cyclic or tree-like structs, up to a limit.  Use the
-// MaxDepth method to adjust how deep you need it to recurse.
-//
-// obj must be a pointer. Only exported (public) fields can be set (thanks,
-// golang :/ ) Intended for tests, so will panic on bad input or unimplemented
-// fields.
-func (f *Fuzzer) Fuzz(obj interface{}) {
-	v := reflect.ValueOf(obj)
-	if v.Kind() != reflect.Ptr {
-		panic("needed ptr!")
-	}
-	v = v.Elem()
-	f.fuzzWithContext(v, 0)
-}
-
-// FuzzNoCustom is just like Fuzz, except that any custom fuzz function for
-// obj's type will not be called and obj will not be tested for fuzz.Interface
-// conformance.  This applies only to obj and not other instances of obj's
-// type.
-// Not safe for cyclic or tree-like structs!
-// obj must be a pointer. Only exported (public) fields can be set (thanks, golang :/ )
-// Intended for tests, so will panic on bad input or unimplemented fields.
-func (f *Fuzzer) FuzzNoCustom(obj interface{}) {
-	v := reflect.ValueOf(obj)
-	if v.Kind() != reflect.Ptr {
-		panic("needed ptr!")
-	}
-	v = v.Elem()
-	f.fuzzWithContext(v, flagNoCustomFuzz)
-}
-
-const (
-	// Do not try to find a custom fuzz function.  Does not apply recursively.
-	flagNoCustomFuzz uint64 = 1 << iota
-)
-
-func (f *Fuzzer) fuzzWithContext(v reflect.Value, flags uint64) {
-	fc := &fuzzerContext{fuzzer: f}
-	fc.doFuzz(v, flags)
-}
-
-// fuzzerContext carries context about a single fuzzing run, which lets Fuzzer
-// be thread-safe.
-type fuzzerContext struct {
-	fuzzer   *Fuzzer
-	curDepth int
-}
-
-func (fc *fuzzerContext) doFuzz(v reflect.Value, flags uint64) {
-	if fc.curDepth >= fc.fuzzer.maxDepth {
-		return
-	}
-	fc.curDepth++
-	defer func() { fc.curDepth-- }()
-
-	if !v.CanSet() {
-		return
-	}
-
-	if flags&flagNoCustomFuzz == 0 {
-		// Check for both pointer and non-pointer custom functions.
-		if v.CanAddr() && fc.tryCustom(v.Addr()) {
-			return
-		}
-		if fc.tryCustom(v) {
-			return
-		}
-	}
-
-	if fn, ok := fillFuncMap[v.Kind()]; ok {
-		fn(v, fc.fuzzer.r)
-		return
-	}
-
-	switch v.Kind() {
-	case reflect.Map:
-		if fc.fuzzer.genShouldFill() {
-			v.Set(reflect.MakeMap(v.Type()))
-			n := fc.fuzzer.genElementCount()
-			for i := 0; i < n; i++ {
-				key := reflect.New(v.Type().Key()).Elem()
-				fc.doFuzz(key, 0)
-				val := reflect.New(v.Type().Elem()).Elem()
-				fc.doFuzz(val, 0)
-				v.SetMapIndex(key, val)
-			}
-			return
-		}
-		v.Set(reflect.Zero(v.Type()))
-	case reflect.Ptr:
-		if fc.fuzzer.genShouldFill() {
-			v.Set(reflect.New(v.Type().Elem()))
-			fc.doFuzz(v.Elem(), 0)
-			return
-		}
-		v.Set(reflect.Zero(v.Type()))
-	case reflect.Slice:
-		if fc.fuzzer.genShouldFill() {
-			n := fc.fuzzer.genElementCount()
-			v.Set(reflect.MakeSlice(v.Type(), n, n))
-			for i := 0; i < n; i++ {
-				fc.doFuzz(v.Index(i), 0)
-			}
-			return
-		}
-		v.Set(reflect.Zero(v.Type()))
-	case reflect.Array:
-		if fc.fuzzer.genShouldFill() {
-			n := v.Len()
-			for i := 0; i < n; i++ {
-				fc.doFuzz(v.Index(i), 0)
-			}
-			return
-		}
-		v.Set(reflect.Zero(v.Type()))
-	case reflect.Struct:
-		for i := 0; i < v.NumField(); i++ {
-			skipField := false
-			fieldName := v.Type().Field(i).Name
-			for _, pattern := range fc.fuzzer.skipFieldPatterns {
-				if pattern.MatchString(fieldName) {
-					skipField = true
-					break
-				}
-			}
-			if !skipField {
-				fc.doFuzz(v.Field(i), 0)
-			}
-		}
-	case reflect.Chan:
-		fallthrough
-	case reflect.Func:
-		fallthrough
-	case reflect.Interface:
-		fallthrough
-	default:
-		panic(fmt.Sprintf("Can't handle %#v", v.Interface()))
-	}
-}
-
-// tryCustom searches for custom handlers, and returns true iff it finds a match
-// and successfully randomizes v.
-func (fc *fuzzerContext) tryCustom(v reflect.Value) bool {
-	// First: see if we have a fuzz function for it.
-	doCustom, ok := fc.fuzzer.fuzzFuncs[v.Type()]
-	if !ok {
-		// Second: see if it can fuzz itself.
-		if v.CanInterface() {
-			intf := v.Interface()
-			if fuzzable, ok := intf.(Interface); ok {
-				fuzzable.Fuzz(Continue{fc: fc, Rand: fc.fuzzer.r})
-				return true
-			}
-		}
-		// Finally: see if there is a default fuzz function.
-		doCustom, ok = fc.fuzzer.defaultFuzzFuncs[v.Type()]
-		if !ok {
-			return false
-		}
-	}
-
-	switch v.Kind() {
-	case reflect.Ptr:
-		if v.IsNil() {
-			if !v.CanSet() {
-				return false
-			}
-			v.Set(reflect.New(v.Type().Elem()))
-		}
-	case reflect.Map:
-		if v.IsNil() {
-			if !v.CanSet() {
-				return false
-			}
-			v.Set(reflect.MakeMap(v.Type()))
-		}
-	default:
-		return false
-	}
-
-	doCustom.Call([]reflect.Value{v, reflect.ValueOf(Continue{
-		fc:   fc,
-		Rand: fc.fuzzer.r,
-	})})
-	return true
-}
-
-// Interface represents an object that knows how to fuzz itself.  Any time we
-// find a type that implements this interface we will delegate the act of
-// fuzzing itself.
-type Interface interface {
-	Fuzz(c Continue)
-}
-
-// Continue can be passed to custom fuzzing functions to allow them to use
-// the correct source of randomness and to continue fuzzing their members.
-type Continue struct {
-	fc *fuzzerContext
-
-	// For convenience, Continue implements rand.Rand via embedding.
-	// Use this for generating any randomness if you want your fuzzing
-	// to be repeatable for a given seed.
-	*rand.Rand
-}
-
-// Fuzz continues fuzzing obj. obj must be a pointer.
-func (c Continue) Fuzz(obj interface{}) {
-	v := reflect.ValueOf(obj)
-	if v.Kind() != reflect.Ptr {
-		panic("needed ptr!")
-	}
-	v = v.Elem()
-	c.fc.doFuzz(v, 0)
-}
-
-// FuzzNoCustom continues fuzzing obj, except that any custom fuzz function for
-// obj's type will not be called and obj will not be tested for fuzz.Interface
-// conformance.  This applies only to obj and not other instances of obj's
-// type.
-func (c Continue) FuzzNoCustom(obj interface{}) {
-	v := reflect.ValueOf(obj)
-	if v.Kind() != reflect.Ptr {
-		panic("needed ptr!")
-	}
-	v = v.Elem()
-	c.fc.doFuzz(v, flagNoCustomFuzz)
-}
-
-// RandString makes a random string up to 20 characters long. The returned string
-// may include a variety of (valid) UTF-8 encodings.
-func (c Continue) RandString() string {
-	return randString(c.Rand)
-}
-
-// RandUint64 makes random 64 bit numbers.
-// Weirdly, rand doesn't have a function that gives you 64 random bits.
-func (c Continue) RandUint64() uint64 {
-	return randUint64(c.Rand)
-}
-
-// RandBool returns true or false randomly.
-func (c Continue) RandBool() bool {
-	return randBool(c.Rand)
-}
-
-func fuzzInt(v reflect.Value, r *rand.Rand) {
-	v.SetInt(int64(randUint64(r)))
-}
-
-func fuzzUint(v reflect.Value, r *rand.Rand) {
-	v.SetUint(randUint64(r))
-}
-
-func fuzzTime(t *time.Time, c Continue) {
-	var sec, nsec int64
-	// Allow for about 1000 years of random time values, which keeps things
-	// like JSON parsing reasonably happy.
-	sec = c.Rand.Int63n(1000 * 365 * 24 * 60 * 60)
-	c.Fuzz(&nsec)
-	*t = time.Unix(sec, nsec)
-}
-
-var fillFuncMap = map[reflect.Kind]func(reflect.Value, *rand.Rand){
-	reflect.Bool: func(v reflect.Value, r *rand.Rand) {
-		v.SetBool(randBool(r))
-	},
-	reflect.Int:     fuzzInt,
-	reflect.Int8:    fuzzInt,
-	reflect.Int16:   fuzzInt,
-	reflect.Int32:   fuzzInt,
-	reflect.Int64:   fuzzInt,
-	reflect.Uint:    fuzzUint,
-	reflect.Uint8:   fuzzUint,
-	reflect.Uint16:  fuzzUint,
-	reflect.Uint32:  fuzzUint,
-	reflect.Uint64:  fuzzUint,
-	reflect.Uintptr: fuzzUint,
-	reflect.Float32: func(v reflect.Value, r *rand.Rand) {
-		v.SetFloat(float64(r.Float32()))
-	},
-	reflect.Float64: func(v reflect.Value, r *rand.Rand) {
-		v.SetFloat(r.Float64())
-	},
-	reflect.Complex64: func(v reflect.Value, r *rand.Rand) {
-		v.SetComplex(complex128(complex(r.Float32(), r.Float32())))
-	},
-	reflect.Complex128: func(v reflect.Value, r *rand.Rand) {
-		v.SetComplex(complex(r.Float64(), r.Float64()))
-	},
-	reflect.String: func(v reflect.Value, r *rand.Rand) {
-		v.SetString(randString(r))
-	},
-	reflect.UnsafePointer: func(v reflect.Value, r *rand.Rand) {
-		panic("unimplemented")
-	},
-}
-
-// randBool returns true or false randomly.
-func randBool(r *rand.Rand) bool {
-	return r.Int31()&(1<<30) == 0
-}
-
-type int63nPicker interface {
-	Int63n(int64) int64
-}
-
-// UnicodeRange describes a sequential range of unicode characters.
-// Last must be numerically greater than First.
-type UnicodeRange struct {
-	First, Last rune
-}
-
-// UnicodeRanges describes an arbitrary number of sequential ranges of unicode characters.
-// To be useful, each range must have at least one character (First <= Last) and
-// there must be at least one range.
-type UnicodeRanges []UnicodeRange
-
-// choose returns a random unicode character from the given range, using the
-// given randomness source.
-func (ur UnicodeRange) choose(r int63nPicker) rune {
-	count := int64(ur.Last - ur.First + 1)
-	return ur.First + rune(r.Int63n(count))
-}
-
-// CustomStringFuzzFunc constructs a FuzzFunc which produces random strings.
-// Each character is selected from the range ur. If there are no characters
-// in the range (cr.Last < cr.First), this will panic.
-func (ur UnicodeRange) CustomStringFuzzFunc() func(s *string, c Continue) {
-	ur.check()
-	return func(s *string, c Continue) {
-		*s = ur.randString(c.Rand)
-	}
-}
-
-// check is a function that used to check whether the first of ur(UnicodeRange)
-// is greater than the last one.
-func (ur UnicodeRange) check() {
-	if ur.Last < ur.First {
-		panic("The last encoding must be greater than the first one.")
-	}
-}
-
-// randString of UnicodeRange makes a random string up to 20 characters long.
-// Each character is selected form ur(UnicodeRange).
-func (ur UnicodeRange) randString(r *rand.Rand) string {
-	n := r.Intn(20)
-	sb := strings.Builder{}
-	sb.Grow(n)
-	for i := 0; i < n; i++ {
-		sb.WriteRune(ur.choose(r))
-	}
-	return sb.String()
-}
-
-// defaultUnicodeRanges sets a default unicode range when user do not set
-// CustomStringFuzzFunc() but wants fuzz string.
-var defaultUnicodeRanges = UnicodeRanges{
-	{' ', '~'},           // ASCII characters
-	{'\u00a0', '\u02af'}, // Multi-byte encoded characters
-	{'\u4e00', '\u9fff'}, // Common CJK (even longer encodings)
-}
-
-// CustomStringFuzzFunc constructs a FuzzFunc which produces random strings.
-// Each character is selected from one of the ranges of ur(UnicodeRanges).
-// Each range has an equal probability of being chosen. If there are no ranges,
-// or a selected range has no characters (.Last < .First), this will panic.
-// Do not modify any of the ranges in ur after calling this function.
-func (ur UnicodeRanges) CustomStringFuzzFunc() func(s *string, c Continue) {
-	// Check unicode ranges slice is empty.
-	if len(ur) == 0 {
-		panic("UnicodeRanges is empty.")
-	}
-	// if not empty, each range should be checked.
-	for i := range ur {
-		ur[i].check()
-	}
-	return func(s *string, c Continue) {
-		*s = ur.randString(c.Rand)
-	}
-}
-
-// randString of UnicodeRanges makes a random string up to 20 characters long.
-// Each character is selected form one of the ranges of ur(UnicodeRanges),
-// and each range has an equal probability of being chosen.
-func (ur UnicodeRanges) randString(r *rand.Rand) string {
-	n := r.Intn(20)
-	sb := strings.Builder{}
-	sb.Grow(n)
-	for i := 0; i < n; i++ {
-		sb.WriteRune(ur[r.Intn(len(ur))].choose(r))
-	}
-	return sb.String()
-}
-
-// randString makes a random string up to 20 characters long. The returned string
-// may include a variety of (valid) UTF-8 encodings.
-func randString(r *rand.Rand) string {
-	return defaultUnicodeRanges.randString(r)
-}
-
-// randUint64 makes random 64 bit numbers.
-// Weirdly, rand doesn't have a function that gives you 64 random bits.
-func randUint64(r *rand.Rand) uint64 {
-	return uint64(r.Uint32())<<32 | uint64(r.Uint32())
-}
--- a/vendor/github.com/longhorn/go-common-libs/io/file.go
+++ b/vendor/github.com/longhorn/go-common-libs/io/file.go
@ -122,7 +122,11 @@ func CopyFile(sourcePath, destinationPath string, overWrite bool) error {
 	if err != nil {
 		return err
 	}
-	defer sourceFile.Close()
+	defer func() {
+		if errClose := sourceFile.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close source file %v", sourcePath)
+		}
+	}()

 	_, err = CreateDirectory(filepath.Dir(destinationPath), sourceFileInfo.ModTime())
 	if err != nil {
@ -133,7 +137,11 @@ func CopyFile(sourcePath, destinationPath string, overWrite bool) error {
 	if err != nil {
 		return err
 	}
-	defer destinationFile.Close()
+	defer func() {
+		if errClose := destinationFile.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close destination file %v", destinationPath)
+		}
+	}()

 	_, err = io.Copy(destinationFile, sourceFile)
 	if err != nil {
@ -217,7 +225,11 @@ func SyncFile(filePath string) error {
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+	defer func() {
+		if errClose := file.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close file %v", filePath)
+		}
+	}()

 	return file.Sync()
 }
@ -315,7 +327,11 @@ func IsDirectoryEmpty(directory string) (bool, error) {
 	if err != nil {
 		return false, err
 	}
-	defer f.Close()
+	defer func() {
+		if errClose := f.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close directory %v", directory)
+		}
+	}()

 	_, err = f.Readdirnames(1)
 	if err == io.EOF {
--- a/vendor/github.com/longhorn/go-common-libs/ns/crypto.go
+++ b/vendor/github.com/longhorn/go-common-libs/ns/crypto.go
@ -1,15 +1,18 @@
 package ns

 import (
+	"os/exec"
 	"time"

+	"github.com/pkg/errors"
+
 	"github.com/longhorn/go-common-libs/types"
 )

 // LuksOpen runs cryptsetup luksOpen with the given passphrase and
 // returns the stdout and error.
 func (nsexec *Executor) LuksOpen(volume, devicePath, passphrase string, timeout time.Duration) (stdout string, err error) {
-	args := []string{"luksOpen", devicePath, volume, "-d", "/dev/stdin"}
+	args := []string{"luksOpen", devicePath, volume, "-d", "-"}
 	return nsexec.CryptsetupWithPassphrase(passphrase, args, timeout)
 }

@ -29,7 +32,7 @@ func (nsexec *Executor) LuksFormat(devicePath, passphrase, keyCipher, keyHash, k
 		"--hash", keyHash,
 		"--key-size", keySize,
 		"--pbkdf", pbkdf,
-		devicePath, "-d", "/dev/stdin",
+		devicePath, "-d", "-",
 	}
 	return nsexec.CryptsetupWithPassphrase(passphrase, args, timeout)
 }
@ -47,6 +50,24 @@ func (nsexec *Executor) LuksStatus(volume string, timeout time.Duration) (stdout
 	return nsexec.Cryptsetup(args, timeout)
 }

+// IsLuks checks if the device is encrypted with LUKS.
+func (nsexec *Executor) IsLuks(devicePath string, timeout time.Duration) (bool, error) {
+	args := []string{"isLuks", devicePath}
+	_, err := nsexec.Cryptsetup(args, timeout)
+	if err == nil {
+		return true, nil
+	}
+	var exitErr *exec.ExitError
+	if errors.As(err, &exitErr) {
+		if exitErr.ExitCode() == 1 {
+			// The device is not encrypted if exit code of 1 is returned
+			// Ref https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md?plain=1#L2848
+			return false, nil
+		}
+	}
+	return false, err
+}
+
 // Cryptsetup runs cryptsetup without passphrase. It will return
 // 0 on success and a non-zero value on error.
 func (nsexec *Executor) Cryptsetup(args []string, timeout time.Duration) (stdout string, err error) {
--- a/vendor/github.com/longhorn/go-common-libs/ns/sys.go
+++ b/vendor/github.com/longhorn/go-common-libs/ns/sys.go
@ -10,6 +10,31 @@ import (
 	"github.com/longhorn/go-common-libs/types"
 )

+// GetArch switches to the host namespace and retrieves the system architecture.
+func GetArch() (string, error) {
+	var err error
+	defer func() {
+		err = errors.Wrap(err, "failed to get system architecture")
+	}()
+
+	fn := func() (interface{}, error) {
+		return sys.GetArch()
+	}
+
+	rawResult, err := RunFunc(fn, 0)
+	if err != nil {
+		return "", err
+	}
+
+	var result string
+	var ableToCast bool
+	result, ableToCast = rawResult.(string)
+	if !ableToCast {
+		return "", errors.Errorf(types.ErrNamespaceCastResultFmt, result, rawResult)
+	}
+	return result, nil
+}
+
 // GetKernelRelease switches to the host namespace and retrieves the kernel release.
 func GetKernelRelease() (string, error) {
 	var err error
--- a/vendor/github.com/longhorn/go-common-libs/sys/sys.go
+++ b/vendor/github.com/longhorn/go-common-libs/sys/sys.go
@ -19,7 +19,31 @@ import (
 	commonio "github.com/longhorn/go-common-libs/io"
 )

-// GetKernelRelease returns the kernel release string.
+// GetArch retrieves the system architecture by calling the unix.Uname function
+// and extracting the architecture information from the Utsname structure.
+// It returns the architecture as a string and an error if the operation fails.
+func GetArch() (string, error) {
+	utsname := &unix.Utsname{}
+	if err := unix.Uname(utsname); err != nil {
+		logrus.WithError(err).Warn("Failed to get system architecture")
+		return "", err
+	}
+
+	// Extract the architecture from the Utsname structure
+	arch := make([]byte, 0, len(utsname.Machine))
+	for _, b := range utsname.Machine {
+		if b == 0x00 {
+			logrus.Trace("Found end of architecture string [0x00]")
+			break
+		}
+		arch = append(arch, byte(b))
+	}
+	return string(arch), nil
+}
+
+// GetKernelRelease retrieves the kernel release by calling the unix.Uname function
+// and extracting the release information from the Utsname structure.
+// It returns the kernel release as a string and an error if the operation fails.
 func GetKernelRelease() (string, error) {
 	utsname := &unix.Utsname{}
 	if err := unix.Uname(utsname); err != nil {
@ -172,12 +196,20 @@ func GetProcKernelConfigMap(procDir string) (configMap map[string]string, err er
 	if err != nil {
 		return nil, err
 	}
-	defer configFile.Close()
+	defer func() {
+		if errClose := configFile.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close config file %s", configPath)
+		}
+	}()
 	gzReader, err := gzip.NewReader(configFile)
 	if err != nil {
 		return nil, err
 	}
-	defer gzReader.Close()
+	defer func() {
+		if errClose := gzReader.Close(); errClose != nil {
+			logrus.WithError(errClose).Errorf("Failed to close gzip reader for config file %s", configPath)
+		}
+	}()
 	return parseKernelModuleConfigMap(gzReader)
 }

--- a/vendor/github.com/longhorn/go-common-libs/utils/misc.go
+++ b/vendor/github.com/longhorn/go-common-libs/utils/misc.go
@ -72,7 +72,7 @@ func RandomID(randomIDLenth int) string {
 		randomIDLenth = types.RandomIDDefaultLength
 	}

-	uuid := strings.Replace(UUID(), "-", "", -1)
+	uuid := strings.ReplaceAll(UUID(), "-", "")

 	if len(uuid) > randomIDLenth {
 		uuid = uuid[:randomIDLenth]
--- a/vendor/github.com/moby/sys/userns/userns.go
+++ b/vendor/github.com/moby/sys/userns/userns.go
@ -1,16 +0,0 @@
-// Package userns provides utilities to detect whether we are currently running
-// in a Linux user namespace.
-//
-// This code was migrated from [libcontainer/runc], which based its implementation
-// on code from [lcx/incus].
-//
-// [libcontainer/runc]: https://github.com/opencontainers/runc/blob/3778ae603c706494fd1e2c2faf83b406e38d687d/libcontainer/userns/userns_linux.go#L12-L49
-// [lcx/incus]: https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700
-package userns
-
-// RunningInUserNS detects whether we are currently running in a Linux
-// user namespace and memoizes the result. It returns false on non-Linux
-// platforms.
-func RunningInUserNS() bool {
-	return inUserNS()
-}
--- a/vendor/github.com/moby/sys/userns/userns_linux.go
+++ b/vendor/github.com/moby/sys/userns/userns_linux.go
@ -1,53 +0,0 @@
-package userns
-
-import (
-	"bufio"
-	"fmt"
-	"os"
-	"sync"
-)
-
-var inUserNS = sync.OnceValue(runningInUserNS)
-
-// runningInUserNS detects whether we are currently running in a user namespace.
-//
-// This code was migrated from [libcontainer/runc] and based on an implementation
-// from [lcx/incus].
-//
-// [libcontainer/runc]: https://github.com/opencontainers/runc/blob/3778ae603c706494fd1e2c2faf83b406e38d687d/libcontainer/userns/userns_linux.go#L12-L49
-// [lcx/incus]: https://github.com/lxc/incus/blob/e45085dd42f826b3c8c3228e9733c0b6f998eafe/shared/util.go#L678-L700
-func runningInUserNS() bool {
-	file, err := os.Open("/proc/self/uid_map")
-	if err != nil {
-		// This kernel-provided file only exists if user namespaces are supported.
-		return false
-	}
-	defer file.Close()
-
-	buf := bufio.NewReader(file)
-	l, _, err := buf.ReadLine()
-	if err != nil {
-		return false
-	}
-
-	return uidMapInUserNS(string(l))
-}
-
-func uidMapInUserNS(uidMap string) bool {
-	if uidMap == "" {
-		// File exist but empty (the initial state when userns is created,
-		// see user_namespaces(7)).
-		return true
-	}
-
-	var a, b, c int64
-	if _, err := fmt.Sscanf(uidMap, "%d %d %d", &a, &b, &c); err != nil {
-		// Assume we are in a regular, non user namespace.
-		return false
-	}
-
-	// As per user_namespaces(7), /proc/self/uid_map of
-	// the initial user namespace shows 0 0 4294967295.
-	initNS := a == 0 && b == 0 && c == 4294967295
-	return !initNS
-}
--- a/vendor/github.com/moby/sys/userns/userns_linux_fuzzer.go
+++ b/vendor/github.com/moby/sys/userns/userns_linux_fuzzer.go
@ -1,8 +0,0 @@
-//go:build linux && gofuzz
-
-package userns
-
-func FuzzUIDMap(uidmap []byte) int {
-	_ = uidMapInUserNS(string(uidmap))
-	return 1
-}
--- a/vendor/github.com/moby/sys/userns/userns_unsupported.go
+++ b/vendor/github.com/moby/sys/userns/userns_unsupported.go
@ -1,6 +0,0 @@
-//go:build !linux
-
-package userns
-
-// inUserNS is a stub for non-Linux systems. Always returns false.
-func inUserNS() bool { return false }
--- a/vendor/golang.org/x/exp/constraints/constraints.go
+++ b/vendor/golang.org/x/exp/constraints/constraints.go
@ -6,6 +6,8 @@
 // with type parameters.
 package constraints

+import "cmp"
+
 // Signed is a constraint that permits any signed integer type.
 // If future releases of Go add new predeclared signed integer types,
 // this constraint will be modified to include them.
@ -47,6 +49,6 @@ type Complex interface {
 // this constraint will be modified to include them.
 //
 // This type is redundant since Go 1.21 introduced [cmp.Ordered].
-type Ordered interface {
-	Integer | Float | ~string
-}
+//
+//go:fix inline
+type Ordered = cmp.Ordered
--- a/vendor/golang.org/x/net/context/context.go
+++ b/vendor/golang.org/x/net/context/context.go
@ -3,29 +3,31 @@
 // license that can be found in the LICENSE file.

 // Package context defines the Context type, which carries deadlines,
-// cancelation signals, and other request-scoped values across API boundaries
+// cancellation signals, and other request-scoped values across API boundaries
 // and between processes.
 // As of Go 1.7 this package is available in the standard library under the
-// name context.  https://golang.org/pkg/context.
+// name [context], and migrating to it can be done automatically with [go fix].
 //
-// Incoming requests to a server should create a Context, and outgoing calls to
-// servers should accept a Context. The chain of function calls between must
-// propagate the Context, optionally replacing it with a modified copy created
-// using WithDeadline, WithTimeout, WithCancel, or WithValue.
+// Incoming requests to a server should create a [Context], and outgoing
+// calls to servers should accept a Context. The chain of function
+// calls between them must propagate the Context, optionally replacing
+// it with a derived Context created using [WithCancel], [WithDeadline],
+// [WithTimeout], or [WithValue].
 //
 // Programs that use Contexts should follow these rules to keep interfaces
 // consistent across packages and enable static analysis tools to check context
 // propagation:
 //
 // Do not store Contexts inside a struct type; instead, pass a Context
-// explicitly to each function that needs it. The Context should be the first
+// explicitly to each function that needs it. This is discussed further in
+// https://go.dev/blog/context-and-structs. The Context should be the first
 // parameter, typically named ctx:
 //
 //	func DoSomething(ctx context.Context, arg Arg) error {
 //		// ... use ctx ...
 //	}
 //
-// Do not pass a nil Context, even if a function permits it. Pass context.TODO
+// Do not pass a nil [Context], even if a function permits it. Pass [context.TODO]
 // if you are unsure about which Context to use.
 //
 // Use context Values only for request-scoped data that transits processes and
@ -34,9 +36,30 @@
 // The same Context may be passed to functions running in different goroutines;
 // Contexts are safe for simultaneous use by multiple goroutines.
 //
-// See http://blog.golang.org/context for example code for a server that uses
+// See https://go.dev/blog/context for example code for a server that uses
 // Contexts.
-package context // import "golang.org/x/net/context"
+//
+// [go fix]: https://go.dev/cmd/go#hdr-Update_packages_to_use_new_APIs
+package context
+
+import (
+	"context" // standard library's context, as of Go 1.7
+	"time"
+)
+
+// A Context carries a deadline, a cancellation signal, and other values across
+// API boundaries.
+//
+// Context's methods may be called by multiple goroutines simultaneously.
+type Context = context.Context
+
+// Canceled is the error returned by [Context.Err] when the context is canceled
+// for some reason other than its deadline passing.
+var Canceled = context.Canceled
+
+// DeadlineExceeded is the error returned by [Context.Err] when the context is canceled
+// due to its deadline passing.
+var DeadlineExceeded = context.DeadlineExceeded

 // Background returns a non-nil, empty Context. It is never canceled, has no
 // values, and has no deadline. It is typically used by the main function,
@ -49,8 +72,73 @@ func Background() Context {
 // TODO returns a non-nil, empty Context. Code should use context.TODO when
 // it's unclear which Context to use or it is not yet available (because the
 // surrounding function has not yet been extended to accept a Context
-// parameter).  TODO is recognized by static analysis tools that determine
-// whether Contexts are propagated correctly in a program.
+// parameter).
 func TODO() Context {
 	return todo
 }
+
+var (
+	background = context.Background()
+	todo       = context.TODO()
+)
+
+// A CancelFunc tells an operation to abandon its work.
+// A CancelFunc does not wait for the work to stop.
+// A CancelFunc may be called by multiple goroutines simultaneously.
+// After the first call, subsequent calls to a CancelFunc do nothing.
+type CancelFunc = context.CancelFunc
+
+// WithCancel returns a derived context that points to the parent context
+// but has a new Done channel. The returned context's Done channel is closed
+// when the returned cancel function is called or when the parent context's
+// Done channel is closed, whichever happens first.
+//
+// Canceling this context releases resources associated with it, so code should
+// call cancel as soon as the operations running in this [Context] complete.
+func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
+	return context.WithCancel(parent)
+}
+
+// WithDeadline returns a derived context that points to the parent context
+// but has the deadline adjusted to be no later than d. If the parent's
+// deadline is already earlier than d, WithDeadline(parent, d) is semantically
+// equivalent to parent. The returned [Context.Done] channel is closed when
+// the deadline expires, when the returned cancel function is called,
+// or when the parent context's Done channel is closed, whichever happens first.
+//
+// Canceling this context releases resources associated with it, so code should
+// call cancel as soon as the operations running in this [Context] complete.
+func WithDeadline(parent Context, d time.Time) (Context, CancelFunc) {
+	return context.WithDeadline(parent, d)
+}
+
+// WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
+//
+// Canceling this context releases resources associated with it, so code should
+// call cancel as soon as the operations running in this [Context] complete:
+//
+//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
+//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
+//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
+//		return slowOperation(ctx)
+//	}
+func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
+	return context.WithTimeout(parent, timeout)
+}
+
+// WithValue returns a derived context that points to the parent Context.
+// In the derived context, the value associated with key is val.
+//
+// Use context Values only for request-scoped data that transits processes and
+// APIs, not for passing optional parameters to functions.
+//
+// The provided key must be comparable and should not be of type
+// string or any other built-in type to avoid collisions between
+// packages using context. Users of WithValue should define their own
+// types for keys. To avoid allocating when assigning to an
+// interface{}, context keys often have concrete type
+// struct{}. Alternatively, exported context key variables' static
+// type should be a pointer or interface.
+func WithValue(parent Context, key, val interface{}) Context {
+	return context.WithValue(parent, key, val)
+}
--- a/vendor/golang.org/x/net/context/go17.go
+++ b/vendor/golang.org/x/net/context/go17.go
@ -1,72 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.7
-
-package context
-
-import (
-	"context" // standard library's context, as of Go 1.7
-	"time"
-)
-
-var (
-	todo       = context.TODO()
-	background = context.Background()
-)
-
-// Canceled is the error returned by Context.Err when the context is canceled.
-var Canceled = context.Canceled
-
-// DeadlineExceeded is the error returned by Context.Err when the context's
-// deadline passes.
-var DeadlineExceeded = context.DeadlineExceeded
-
-// WithCancel returns a copy of parent with a new Done channel. The returned
-// context's Done channel is closed when the returned cancel function is called
-// or when the parent context's Done channel is closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
-	ctx, f := context.WithCancel(parent)
-	return ctx, f
-}
-
-// WithDeadline returns a copy of the parent context with the deadline adjusted
-// to be no later than d. If the parent's deadline is already earlier than d,
-// WithDeadline(parent, d) is semantically equivalent to parent. The returned
-// context's Done channel is closed when the deadline expires, when the returned
-// cancel function is called, or when the parent context's Done channel is
-// closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
-	ctx, f := context.WithDeadline(parent, deadline)
-	return ctx, f
-}
-
-// WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete:
-//
-//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-//		return slowOperation(ctx)
-//	}
-func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
-	return WithDeadline(parent, time.Now().Add(timeout))
-}
-
-// WithValue returns a copy of parent in which the value associated with key is
-// val.
-//
-// Use context Values only for request-scoped data that transits processes and
-// APIs, not for passing optional parameters to functions.
-func WithValue(parent Context, key interface{}, val interface{}) Context {
-	return context.WithValue(parent, key, val)
-}
--- a/vendor/golang.org/x/net/context/go19.go
+++ b/vendor/golang.org/x/net/context/go19.go
@ -1,20 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build go1.9
-
-package context
-
-import "context" // standard library's context, as of Go 1.7
-
-// A Context carries a deadline, a cancelation signal, and other values across
-// API boundaries.
-//
-// Context's methods may be called by multiple goroutines simultaneously.
-type Context = context.Context
-
-// A CancelFunc tells an operation to abandon its work.
-// A CancelFunc does not wait for the work to stop.
-// After the first call, subsequent calls to a CancelFunc do nothing.
-type CancelFunc = context.CancelFunc
--- a/vendor/golang.org/x/net/context/pre_go17.go
+++ b/vendor/golang.org/x/net/context/pre_go17.go
@ -1,300 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.7
-
-package context
-
-import (
-	"errors"
-	"fmt"
-	"sync"
-	"time"
-)
-
-// An emptyCtx is never canceled, has no values, and has no deadline. It is not
-// struct{}, since vars of this type must have distinct addresses.
-type emptyCtx int
-
-func (*emptyCtx) Deadline() (deadline time.Time, ok bool) {
-	return
-}
-
-func (*emptyCtx) Done() <-chan struct{} {
-	return nil
-}
-
-func (*emptyCtx) Err() error {
-	return nil
-}
-
-func (*emptyCtx) Value(key interface{}) interface{} {
-	return nil
-}
-
-func (e *emptyCtx) String() string {
-	switch e {
-	case background:
-		return "context.Background"
-	case todo:
-		return "context.TODO"
-	}
-	return "unknown empty Context"
-}
-
-var (
-	background = new(emptyCtx)
-	todo       = new(emptyCtx)
-)
-
-// Canceled is the error returned by Context.Err when the context is canceled.
-var Canceled = errors.New("context canceled")
-
-// DeadlineExceeded is the error returned by Context.Err when the context's
-// deadline passes.
-var DeadlineExceeded = errors.New("context deadline exceeded")
-
-// WithCancel returns a copy of parent with a new Done channel. The returned
-// context's Done channel is closed when the returned cancel function is called
-// or when the parent context's Done channel is closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithCancel(parent Context) (ctx Context, cancel CancelFunc) {
-	c := newCancelCtx(parent)
-	propagateCancel(parent, c)
-	return c, func() { c.cancel(true, Canceled) }
-}
-
-// newCancelCtx returns an initialized cancelCtx.
-func newCancelCtx(parent Context) *cancelCtx {
-	return &cancelCtx{
-		Context: parent,
-		done:    make(chan struct{}),
-	}
-}
-
-// propagateCancel arranges for child to be canceled when parent is.
-func propagateCancel(parent Context, child canceler) {
-	if parent.Done() == nil {
-		return // parent is never canceled
-	}
-	if p, ok := parentCancelCtx(parent); ok {
-		p.mu.Lock()
-		if p.err != nil {
-			// parent has already been canceled
-			child.cancel(false, p.err)
-		} else {
-			if p.children == nil {
-				p.children = make(map[canceler]bool)
-			}
-			p.children[child] = true
-		}
-		p.mu.Unlock()
-	} else {
-		go func() {
-			select {
-			case <-parent.Done():
-				child.cancel(false, parent.Err())
-			case <-child.Done():
-			}
-		}()
-	}
-}
-
-// parentCancelCtx follows a chain of parent references until it finds a
-// *cancelCtx. This function understands how each of the concrete types in this
-// package represents its parent.
-func parentCancelCtx(parent Context) (*cancelCtx, bool) {
-	for {
-		switch c := parent.(type) {
-		case *cancelCtx:
-			return c, true
-		case *timerCtx:
-			return c.cancelCtx, true
-		case *valueCtx:
-			parent = c.Context
-		default:
-			return nil, false
-		}
-	}
-}
-
-// removeChild removes a context from its parent.
-func removeChild(parent Context, child canceler) {
-	p, ok := parentCancelCtx(parent)
-	if !ok {
-		return
-	}
-	p.mu.Lock()
-	if p.children != nil {
-		delete(p.children, child)
-	}
-	p.mu.Unlock()
-}
-
-// A canceler is a context type that can be canceled directly. The
-// implementations are *cancelCtx and *timerCtx.
-type canceler interface {
-	cancel(removeFromParent bool, err error)
-	Done() <-chan struct{}
-}
-
-// A cancelCtx can be canceled. When canceled, it also cancels any children
-// that implement canceler.
-type cancelCtx struct {
-	Context
-
-	done chan struct{} // closed by the first cancel call.
-
-	mu       sync.Mutex
-	children map[canceler]bool // set to nil by the first cancel call
-	err      error             // set to non-nil by the first cancel call
-}
-
-func (c *cancelCtx) Done() <-chan struct{} {
-	return c.done
-}
-
-func (c *cancelCtx) Err() error {
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	return c.err
-}
-
-func (c *cancelCtx) String() string {
-	return fmt.Sprintf("%v.WithCancel", c.Context)
-}
-
-// cancel closes c.done, cancels each of c's children, and, if
-// removeFromParent is true, removes c from its parent's children.
-func (c *cancelCtx) cancel(removeFromParent bool, err error) {
-	if err == nil {
-		panic("context: internal error: missing cancel error")
-	}
-	c.mu.Lock()
-	if c.err != nil {
-		c.mu.Unlock()
-		return // already canceled
-	}
-	c.err = err
-	close(c.done)
-	for child := range c.children {
-		// NOTE: acquiring the child's lock while holding parent's lock.
-		child.cancel(false, err)
-	}
-	c.children = nil
-	c.mu.Unlock()
-
-	if removeFromParent {
-		removeChild(c.Context, c)
-	}
-}
-
-// WithDeadline returns a copy of the parent context with the deadline adjusted
-// to be no later than d. If the parent's deadline is already earlier than d,
-// WithDeadline(parent, d) is semantically equivalent to parent. The returned
-// context's Done channel is closed when the deadline expires, when the returned
-// cancel function is called, or when the parent context's Done channel is
-// closed, whichever happens first.
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete.
-func WithDeadline(parent Context, deadline time.Time) (Context, CancelFunc) {
-	if cur, ok := parent.Deadline(); ok && cur.Before(deadline) {
-		// The current deadline is already sooner than the new one.
-		return WithCancel(parent)
-	}
-	c := &timerCtx{
-		cancelCtx: newCancelCtx(parent),
-		deadline:  deadline,
-	}
-	propagateCancel(parent, c)
-	d := deadline.Sub(time.Now())
-	if d <= 0 {
-		c.cancel(true, DeadlineExceeded) // deadline has already passed
-		return c, func() { c.cancel(true, Canceled) }
-	}
-	c.mu.Lock()
-	defer c.mu.Unlock()
-	if c.err == nil {
-		c.timer = time.AfterFunc(d, func() {
-			c.cancel(true, DeadlineExceeded)
-		})
-	}
-	return c, func() { c.cancel(true, Canceled) }
-}
-
-// A timerCtx carries a timer and a deadline. It embeds a cancelCtx to
-// implement Done and Err. It implements cancel by stopping its timer then
-// delegating to cancelCtx.cancel.
-type timerCtx struct {
-	*cancelCtx
-	timer *time.Timer // Under cancelCtx.mu.
-
-	deadline time.Time
-}
-
-func (c *timerCtx) Deadline() (deadline time.Time, ok bool) {
-	return c.deadline, true
-}
-
-func (c *timerCtx) String() string {
-	return fmt.Sprintf("%v.WithDeadline(%s [%s])", c.cancelCtx.Context, c.deadline, c.deadline.Sub(time.Now()))
-}
-
-func (c *timerCtx) cancel(removeFromParent bool, err error) {
-	c.cancelCtx.cancel(false, err)
-	if removeFromParent {
-		// Remove this timerCtx from its parent cancelCtx's children.
-		removeChild(c.cancelCtx.Context, c)
-	}
-	c.mu.Lock()
-	if c.timer != nil {
-		c.timer.Stop()
-		c.timer = nil
-	}
-	c.mu.Unlock()
-}
-
-// WithTimeout returns WithDeadline(parent, time.Now().Add(timeout)).
-//
-// Canceling this context releases resources associated with it, so code should
-// call cancel as soon as the operations running in this Context complete:
-//
-//	func slowOperationWithTimeout(ctx context.Context) (Result, error) {
-//		ctx, cancel := context.WithTimeout(ctx, 100*time.Millisecond)
-//		defer cancel()  // releases resources if slowOperation completes before timeout elapses
-//		return slowOperation(ctx)
-//	}
-func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc) {
-	return WithDeadline(parent, time.Now().Add(timeout))
-}
-
-// WithValue returns a copy of parent in which the value associated with key is
-// val.
-//
-// Use context Values only for request-scoped data that transits processes and
-// APIs, not for passing optional parameters to functions.
-func WithValue(parent Context, key interface{}, val interface{}) Context {
-	return &valueCtx{parent, key, val}
-}
-
-// A valueCtx carries a key-value pair. It implements Value for that key and
-// delegates all other calls to the embedded Context.
-type valueCtx struct {
-	Context
-	key, val interface{}
-}
-
-func (c *valueCtx) String() string {
-	return fmt.Sprintf("%v.WithValue(%#v, %#v)", c.Context, c.key, c.val)
-}
-
-func (c *valueCtx) Value(key interface{}) interface{} {
-	if c.key == key {
-		return c.val
-	}
-	return c.Context.Value(key)
-}
--- a/vendor/golang.org/x/net/context/pre_go19.go
+++ b/vendor/golang.org/x/net/context/pre_go19.go
@ -1,109 +0,0 @@
-// Copyright 2014 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !go1.9
-
-package context
-
-import "time"
-
-// A Context carries a deadline, a cancelation signal, and other values across
-// API boundaries.
-//
-// Context's methods may be called by multiple goroutines simultaneously.
-type Context interface {
-	// Deadline returns the time when work done on behalf of this context
-	// should be canceled. Deadline returns ok==false when no deadline is
-	// set. Successive calls to Deadline return the same results.
-	Deadline() (deadline time.Time, ok bool)
-
-	// Done returns a channel that's closed when work done on behalf of this
-	// context should be canceled. Done may return nil if this context can
-	// never be canceled. Successive calls to Done return the same value.
-	//
-	// WithCancel arranges for Done to be closed when cancel is called;
-	// WithDeadline arranges for Done to be closed when the deadline
-	// expires; WithTimeout arranges for Done to be closed when the timeout
-	// elapses.
-	//
-	// Done is provided for use in select statements:
-	//
-	//  // Stream generates values with DoSomething and sends them to out
-	//  // until DoSomething returns an error or ctx.Done is closed.
-	//  func Stream(ctx context.Context, out chan<- Value) error {
-	//  	for {
-	//  		v, err := DoSomething(ctx)
-	//  		if err != nil {
-	//  			return err
-	//  		}
-	//  		select {
-	//  		case <-ctx.Done():
-	//  			return ctx.Err()
-	//  		case out <- v:
-	//  		}
-	//  	}
-	//  }
-	//
-	// See http://blog.golang.org/pipelines for more examples of how to use
-	// a Done channel for cancelation.
-	Done() <-chan struct{}
-
-	// Err returns a non-nil error value after Done is closed. Err returns
-	// Canceled if the context was canceled or DeadlineExceeded if the
-	// context's deadline passed. No other values for Err are defined.
-	// After Done is closed, successive calls to Err return the same value.
-	Err() error
-
-	// Value returns the value associated with this context for key, or nil
-	// if no value is associated with key. Successive calls to Value with
-	// the same key returns the same result.
-	//
-	// Use context values only for request-scoped data that transits
-	// processes and API boundaries, not for passing optional parameters to
-	// functions.
-	//
-	// A key identifies a specific value in a Context. Functions that wish
-	// to store values in Context typically allocate a key in a global
-	// variable then use that key as the argument to context.WithValue and
-	// Context.Value. A key can be any type that supports equality;
-	// packages should define keys as an unexported type to avoid
-	// collisions.
-	//
-	// Packages that define a Context key should provide type-safe accessors
-	// for the values stores using that key:
-	//
-	// 	// Package user defines a User type that's stored in Contexts.
-	// 	package user
-	//
-	// 	import "golang.org/x/net/context"
-	//
-	// 	// User is the type of value stored in the Contexts.
-	// 	type User struct {...}
-	//
-	// 	// key is an unexported type for keys defined in this package.
-	// 	// This prevents collisions with keys defined in other packages.
-	// 	type key int
-	//
-	// 	// userKey is the key for user.User values in Contexts. It is
-	// 	// unexported; clients use user.NewContext and user.FromContext
-	// 	// instead of using this key directly.
-	// 	var userKey key = 0
-	//
-	// 	// NewContext returns a new Context that carries value u.
-	// 	func NewContext(ctx context.Context, u *User) context.Context {
-	// 		return context.WithValue(ctx, userKey, u)
-	// 	}
-	//
-	// 	// FromContext returns the User value stored in ctx, if any.
-	// 	func FromContext(ctx context.Context) (*User, bool) {
-	// 		u, ok := ctx.Value(userKey).(*User)
-	// 		return u, ok
-	// 	}
-	Value(key interface{}) interface{}
-}
-
-// A CancelFunc tells an operation to abandon its work.
-// A CancelFunc does not wait for the work to stop.
-// After the first call, subsequent calls to a CancelFunc do nothing.
-type CancelFunc func()
--- a/vendor/golang.org/x/net/http2/config.go
+++ b/vendor/golang.org/x/net/http2/config.go
@ -60,7 +60,7 @@ func configFromServer(h1 *http.Server, h2 *Server) http2Config {
 	return conf
 }

-// configFromServer merges configuration settings from h2 and h2.t1.HTTP2
+// configFromTransport merges configuration settings from h2 and h2.t1.HTTP2
 // (the net/http Transport).
 func configFromTransport(h2 *Transport) http2Config {
 	conf := http2Config{
--- a/vendor/golang.org/x/net/http2/config_go124.go
+++ b/vendor/golang.org/x/net/http2/config_go124.go
@ -13,7 +13,7 @@ func fillNetHTTPServerConfig(conf *http2Config, srv *http.Server) {
 	fillNetHTTPConfig(conf, srv.HTTP2)
 }

-// fillNetHTTPServerConfig sets fields in conf from tr.HTTP2.
+// fillNetHTTPTransportConfig sets fields in conf from tr.HTTP2.
 func fillNetHTTPTransportConfig(conf *http2Config, tr *http.Transport) {
 	fillNetHTTPConfig(conf, tr.HTTP2)
 }
--- a/vendor/golang.org/x/net/http2/frame.go
+++ b/vendor/golang.org/x/net/http2/frame.go
@ -39,7 +39,7 @@ const (
 	FrameContinuation FrameType = 0x9
 )

-var frameName = map[FrameType]string{
+var frameNames = [...]string{
 	FrameData:         "DATA",
 	FrameHeaders:      "HEADERS",
 	FramePriority:     "PRIORITY",
@ -53,10 +53,10 @@ var frameName = map[FrameType]string{
 }

 func (t FrameType) String() string {
-	if s, ok := frameName[t]; ok {
-		return s
+	if int(t) < len(frameNames) {
+		return frameNames[t]
 	}
-	return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", uint8(t))
+	return fmt.Sprintf("UNKNOWN_FRAME_TYPE_%d", t)
 }

 // Flags is a bitmask of HTTP/2 flags.
@ -124,7 +124,7 @@ var flagName = map[FrameType]map[Flags]string{
 // might be 0).
 type frameParser func(fc *frameCache, fh FrameHeader, countError func(string), payload []byte) (Frame, error)

-var frameParsers = map[FrameType]frameParser{
+var frameParsers = [...]frameParser{
 	FrameData:         parseDataFrame,
 	FrameHeaders:      parseHeadersFrame,
 	FramePriority:     parsePriorityFrame,
@ -138,8 +138,8 @@ var frameParsers = map[FrameType]frameParser{
 }

 func typeFrameParser(t FrameType) frameParser {
-	if f := frameParsers[t]; f != nil {
-		return f
+	if int(t) < len(frameParsers) {
+		return frameParsers[t]
 	}
 	return parseUnknownFrame
 }
@ -225,6 +225,11 @@ var fhBytes = sync.Pool{
 	},
 }

+func invalidHTTP1LookingFrameHeader() FrameHeader {
+	fh, _ := readFrameHeader(make([]byte, frameHeaderLen), strings.NewReader("HTTP/1.1 "))
+	return fh
+}
+
 // ReadFrameHeader reads 9 bytes from r and returns a FrameHeader.
 // Most users should use Framer.ReadFrame instead.
 func ReadFrameHeader(r io.Reader) (FrameHeader, error) {
@ -503,10 +508,16 @@ func (fr *Framer) ReadFrame() (Frame, error) {
 		return nil, err
 	}
 	if fh.Length > fr.maxReadSize {
+		if fh == invalidHTTP1LookingFrameHeader() {
+			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", ErrFrameTooLarge)
+		}
 		return nil, ErrFrameTooLarge
 	}
 	payload := fr.getReadBuf(fh.Length)
 	if _, err := io.ReadFull(fr.r, payload); err != nil {
+		if fh == invalidHTTP1LookingFrameHeader() {
+			return nil, fmt.Errorf("http2: failed reading the frame payload: %w, note that the frame header looked like an HTTP/1.1 header", err)
+		}
 		return nil, err
 	}
 	f, err := typeFrameParser(fh.Type)(fr.frameCache, fh, fr.countError, payload)
--- a/vendor/golang.org/x/net/http2/http2.go
+++ b/vendor/golang.org/x/net/http2/http2.go
@ -11,8 +11,6 @@
 // requires Go 1.6 or later)
 //
 // See https://http2.github.io/ for more information on HTTP/2.
-//
-// See https://http2.golang.org/ for a test server running this code.
 package http2 // import "golang.org/x/net/http2"

 import (
@ -34,11 +32,19 @@ import (
 )

 var (
-	VerboseLogs                    bool
-	logFrameWrites                 bool
-	logFrameReads                  bool
-	inTests                        bool
-	disableExtendedConnectProtocol bool
+	VerboseLogs    bool
+	logFrameWrites bool
+	logFrameReads  bool
+	inTests        bool
+
+	// Enabling extended CONNECT by causes browsers to attempt to use
+	// WebSockets-over-HTTP/2. This results in problems when the server's websocket
+	// package doesn't support extended CONNECT.
+	//
+	// Disable extended CONNECT by default for now.
+	//
+	// Issue #71128.
+	disableExtendedConnectProtocol = true
 )

 func init() {
@ -51,8 +57,8 @@ func init() {
 		logFrameWrites = true
 		logFrameReads = true
 	}
-	if strings.Contains(e, "http2xconnect=0") {
-		disableExtendedConnectProtocol = true
+	if strings.Contains(e, "http2xconnect=1") {
+		disableExtendedConnectProtocol = false
 	}
 }

@ -407,23 +413,6 @@ func (s *sorter) SortStrings(ss []string) {
 	s.v = save
 }

-// validPseudoPath reports whether v is a valid :path pseudo-header
-// value. It must be either:
-//
-//   - a non-empty string starting with '/'
-//   - the string '*', for OPTIONS requests.
-//
-// For now this is only used a quick check for deciding when to clean
-// up Opaque URLs before sending requests from the Transport.
-// See golang.org/issue/16847
-//
-// We used to enforce that the path also didn't start with "//", but
-// Google's GFE accepts such paths and Chrome sends them, so ignore
-// that part of the spec. See golang.org/issue/19103.
-func validPseudoPath(v string) bool {
-	return (len(v) > 0 && v[0] == '/') || v == "*"
-}
-
 // incomparable is a zero-width, non-comparable type. Adding it to a struct
 // makes that struct also non-comparable, and generally doesn't add
 // any size (as long as it's first).
--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
@ -50,6 +50,7 @@ import (

 	"golang.org/x/net/http/httpguts"
 	"golang.org/x/net/http2/hpack"
+	"golang.org/x/net/internal/httpcommon"
 )

 const (
@ -812,8 +813,7 @@ const maxCachedCanonicalHeadersKeysSize = 2048

 func (sc *serverConn) canonicalHeader(v string) string {
 	sc.serveG.check()
-	buildCommonHeaderMapsOnce()
-	cv, ok := commonCanonHeader[v]
+	cv, ok := httpcommon.CachedCanonicalHeader(v)
 	if ok {
 		return cv
 	}
@ -1068,7 +1068,10 @@ func (sc *serverConn) serve(conf http2Config) {

 func (sc *serverConn) handlePingTimer(lastFrameReadTime time.Time) {
 	if sc.pingSent {
-		sc.vlogf("timeout waiting for PING response")
+		sc.logf("timeout waiting for PING response")
+		if f := sc.countErrorFunc; f != nil {
+			f("conn_close_lost_ping")
+		}
 		sc.conn.Close()
 		return
 	}
@ -2233,25 +2236,25 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream
 func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*responseWriter, *http.Request, error) {
 	sc.serveG.check()

-	rp := requestParam{
-		method:    f.PseudoValue("method"),
-		scheme:    f.PseudoValue("scheme"),
-		authority: f.PseudoValue("authority"),
-		path:      f.PseudoValue("path"),
-		protocol:  f.PseudoValue("protocol"),
+	rp := httpcommon.ServerRequestParam{
+		Method:    f.PseudoValue("method"),
+		Scheme:    f.PseudoValue("scheme"),
+		Authority: f.PseudoValue("authority"),
+		Path:      f.PseudoValue("path"),
+		Protocol:  f.PseudoValue("protocol"),
 	}

 	// extended connect is disabled, so we should not see :protocol
-	if disableExtendedConnectProtocol && rp.protocol != "" {
+	if disableExtendedConnectProtocol && rp.Protocol != "" {
 		return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol))
 	}

-	isConnect := rp.method == "CONNECT"
+	isConnect := rp.Method == "CONNECT"
 	if isConnect {
-		if rp.protocol == "" && (rp.path != "" || rp.scheme != "" || rp.authority == "") {
+		if rp.Protocol == "" && (rp.Path != "" || rp.Scheme != "" || rp.Authority == "") {
 			return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol))
 		}
-	} else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") {
+	} else if rp.Method == "" || rp.Path == "" || (rp.Scheme != "https" && rp.Scheme != "http") {
 		// See 8.1.2.6 Malformed Requests and Responses:
 		//
 		// Malformed requests or responses that are detected
@ -2265,15 +2268,16 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 		return nil, nil, sc.countError("bad_path_method", streamError(f.StreamID, ErrCodeProtocol))
 	}

-	rp.header = make(http.Header)
+	header := make(http.Header)
+	rp.Header = header
 	for _, hf := range f.RegularFields() {
-		rp.header.Add(sc.canonicalHeader(hf.Name), hf.Value)
+		header.Add(sc.canonicalHeader(hf.Name), hf.Value)
 	}
-	if rp.authority == "" {
-		rp.authority = rp.header.Get("Host")
+	if rp.Authority == "" {
+		rp.Authority = header.Get("Host")
 	}
-	if rp.protocol != "" {
-		rp.header.Set(":protocol", rp.protocol)
+	if rp.Protocol != "" {
+		header.Set(":protocol", rp.Protocol)
 	}

 	rw, req, err := sc.newWriterAndRequestNoBody(st, rp)
@ -2282,7 +2286,7 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 	}
 	bodyOpen := !f.StreamEnded()
 	if bodyOpen {
-		if vv, ok := rp.header["Content-Length"]; ok {
+		if vv, ok := rp.Header["Content-Length"]; ok {
 			if cl, err := strconv.ParseUint(vv[0], 10, 63); err == nil {
 				req.ContentLength = int64(cl)
 			} else {
@ -2298,84 +2302,38 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res
 	return rw, req, nil
 }

-type requestParam struct {
-	method                  string
-	scheme, authority, path string
-	protocol                string
-	header                  http.Header
-}
-
-func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*responseWriter, *http.Request, error) {
+func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp httpcommon.ServerRequestParam) (*responseWriter, *http.Request, error) {
 	sc.serveG.check()

 	var tlsState *tls.ConnectionState // nil if not scheme https
-	if rp.scheme == "https" {
+	if rp.Scheme == "https" {
 		tlsState = sc.tlsState
 	}

-	needsContinue := httpguts.HeaderValuesContainsToken(rp.header["Expect"], "100-continue")
-	if needsContinue {
-		rp.header.Del("Expect")
-	}
-	// Merge Cookie headers into one "; "-delimited value.
-	if cookies := rp.header["Cookie"]; len(cookies) > 1 {
-		rp.header.Set("Cookie", strings.Join(cookies, "; "))
-	}
-
-	// Setup Trailers
-	var trailer http.Header
-	for _, v := range rp.header["Trailer"] {
-		for _, key := range strings.Split(v, ",") {
-			key = http.CanonicalHeaderKey(textproto.TrimString(key))
-			switch key {
-			case "Transfer-Encoding", "Trailer", "Content-Length":
-				// Bogus. (copy of http1 rules)
-				// Ignore.
-			default:
-				if trailer == nil {
-					trailer = make(http.Header)
-				}
-				trailer[key] = nil
-			}
-		}
-	}
-	delete(rp.header, "Trailer")
-
-	var url_ *url.URL
-	var requestURI string
-	if rp.method == "CONNECT" && rp.protocol == "" {
-		url_ = &url.URL{Host: rp.authority}
-		requestURI = rp.authority // mimic HTTP/1 server behavior
-	} else {
-		var err error
-		url_, err = url.ParseRequestURI(rp.path)
-		if err != nil {
-			return nil, nil, sc.countError("bad_path", streamError(st.id, ErrCodeProtocol))
-		}
-		requestURI = rp.path
+	res := httpcommon.NewServerRequest(rp)
+	if res.InvalidReason != "" {
+		return nil, nil, sc.countError(res.InvalidReason, streamError(st.id, ErrCodeProtocol))
 	}

 	body := &requestBody{
 		conn:          sc,
 		stream:        st,
-		needsContinue: needsContinue,
+		needsContinue: res.NeedsContinue,
 	}
-	req := &http.Request{
-		Method:     rp.method,
-		URL:        url_,
+	req := (&http.Request{
+		Method:     rp.Method,
+		URL:        res.URL,
 		RemoteAddr: sc.remoteAddrStr,
-		Header:     rp.header,
-		RequestURI: requestURI,
+		Header:     rp.Header,
+		RequestURI: res.RequestURI,
 		Proto:      "HTTP/2.0",
 		ProtoMajor: 2,
 		ProtoMinor: 0,
 		TLS:        tlsState,
-		Host:       rp.authority,
+		Host:       rp.Authority,
 		Body:       body,
-		Trailer:    trailer,
-	}
-	req = req.WithContext(st.ctx)
-
+		Trailer:    res.Trailer,
+	}).WithContext(st.ctx)
 	rw := sc.newResponseWriter(st, req)
 	return rw, req, nil
 }
@ -3270,12 +3228,12 @@ func (sc *serverConn) startPush(msg *startPushRequest) {
 		// we start in "half closed (remote)" for simplicity.
 		// See further comments at the definition of stateHalfClosedRemote.
 		promised := sc.newStream(promisedID, msg.parent.id, stateHalfClosedRemote)
-		rw, req, err := sc.newWriterAndRequestNoBody(promised, requestParam{
-			method:    msg.method,
-			scheme:    msg.url.Scheme,
-			authority: msg.url.Host,
-			path:      msg.url.RequestURI(),
-			header:    cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE
+		rw, req, err := sc.newWriterAndRequestNoBody(promised, httpcommon.ServerRequestParam{
+			Method:    msg.method,
+			Scheme:    msg.url.Scheme,
+			Authority: msg.url.Host,
+			Path:      msg.url.RequestURI(),
+			Header:    cloneHeader(msg.header), // clone since handler runs concurrently with writing the PUSH_PROMISE
 		})
 		if err != nil {
 			// Should not happen, since we've already validated msg.url.
--- a/vendor/golang.org/x/net/http2/transport.go
+++ b/vendor/golang.org/x/net/http2/transport.go
@ -25,7 +25,6 @@ import (
 	"net/http"
 	"net/http/httptrace"
 	"net/textproto"
-	"sort"
 	"strconv"
 	"strings"
 	"sync"
@ -35,6 +34,7 @@ import (
 	"golang.org/x/net/http/httpguts"
 	"golang.org/x/net/http2/hpack"
 	"golang.org/x/net/idna"
+	"golang.org/x/net/internal/httpcommon"
 )

 const (
@ -375,6 +375,7 @@ type ClientConn struct {
 	doNotReuse       bool       // whether conn is marked to not be reused for any future requests
 	closing          bool
 	closed           bool
+	closedOnIdle     bool                     // true if conn was closed for idleness
 	seenSettings     bool                     // true if we've seen a settings frame, false otherwise
 	seenSettingsChan chan struct{}            // closed when seenSettings is true or frame reading fails
 	wantSettingsAck  bool                     // we sent a SETTINGS frame and haven't heard back
@ -1089,10 +1090,12 @@ func (cc *ClientConn) idleStateLocked() (st clientConnIdleState) {

 	// If this connection has never been used for a request and is closed,
 	// then let it take a request (which will fail).
+	// If the conn was closed for idleness, we're racing the idle timer;
+	// don't try to use the conn. (Issue #70515.)
 	//
 	// This avoids a situation where an error early in a connection's lifetime
 	// goes unreported.
-	if cc.nextStreamID == 1 && cc.streamsReserved == 0 && cc.closed {
+	if cc.nextStreamID == 1 && cc.streamsReserved == 0 && cc.closed && !cc.closedOnIdle {
 		st.canTakeNewRequest = true
 	}

@ -1155,6 +1158,7 @@ func (cc *ClientConn) closeIfIdle() {
 		return
 	}
 	cc.closed = true
+	cc.closedOnIdle = true
 	nextID := cc.nextStreamID
 	// TODO: do clients send GOAWAY too? maybe? Just Close:
 	cc.mu.Unlock()
@ -1271,23 +1275,6 @@ func (cc *ClientConn) closeForLostPing() {
 // exported. At least they'll be DeepEqual for h1-vs-h2 comparisons tests.
 var errRequestCanceled = errors.New("net/http: request canceled")

-func commaSeparatedTrailers(req *http.Request) (string, error) {
-	keys := make([]string, 0, len(req.Trailer))
-	for k := range req.Trailer {
-		k = canonicalHeader(k)
-		switch k {
-		case "Transfer-Encoding", "Trailer", "Content-Length":
-			return "", fmt.Errorf("invalid Trailer key %q", k)
-		}
-		keys = append(keys, k)
-	}
-	if len(keys) > 0 {
-		sort.Strings(keys)
-		return strings.Join(keys, ","), nil
-	}
-	return "", nil
-}
-
 func (cc *ClientConn) responseHeaderTimeout() time.Duration {
 	if cc.t.t1 != nil {
 		return cc.t.t1.ResponseHeaderTimeout
@ -1299,22 +1286,6 @@ func (cc *ClientConn) responseHeaderTimeout() time.Duration {
 	return 0
 }

-// checkConnHeaders checks whether req has any invalid connection-level headers.
-// per RFC 7540 section 8.1.2.2: Connection-Specific Header Fields.
-// Certain headers are special-cased as okay but not transmitted later.
-func checkConnHeaders(req *http.Request) error {
-	if v := req.Header.Get("Upgrade"); v != "" {
-		return fmt.Errorf("http2: invalid Upgrade request header: %q", req.Header["Upgrade"])
-	}
-	if vv := req.Header["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") {
-		return fmt.Errorf("http2: invalid Transfer-Encoding request header: %q", vv)
-	}
-	if vv := req.Header["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !asciiEqualFold(vv[0], "close") && !asciiEqualFold(vv[0], "keep-alive")) {
-		return fmt.Errorf("http2: invalid Connection request header: %q", vv)
-	}
-	return nil
-}
-
 // actualContentLength returns a sanitized version of
 // req.ContentLength, where 0 actually means zero (not unknown) and -1
 // means unknown.
@ -1360,25 +1331,7 @@ func (cc *ClientConn) roundTrip(req *http.Request, streamf func(*clientStream))
 		donec:                make(chan struct{}),
 	}

-	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
-	if !cc.t.disableCompression() &&
-		req.Header.Get("Accept-Encoding") == "" &&
-		req.Header.Get("Range") == "" &&
-		!cs.isHead {
-		// Request gzip only, not deflate. Deflate is ambiguous and
-		// not as universally supported anyway.
-		// See: https://zlib.net/zlib_faq.html#faq39
-		//
-		// Note that we don't request this for HEAD requests,
-		// due to a bug in nginx:
-		//   http://trac.nginx.org/nginx/ticket/358
-		//   https://golang.org/issue/5522
-		//
-		// We don't request gzip if the request is for a range, since
-		// auto-decoding a portion of a gzipped document will just fail
-		// anyway. See https://golang.org/issue/8923
-		cs.requestedGzip = true
-	}
+	cs.requestedGzip = httpcommon.IsRequestGzip(req.Method, req.Header, cc.t.disableCompression())

 	go cs.doRequest(req, streamf)

@ -1492,10 +1445,6 @@ func (cs *clientStream) writeRequest(req *http.Request, streamf func(*clientStre
 	cc := cs.cc
 	ctx := cs.ctx

-	if err := checkConnHeaders(req); err != nil {
-		return err
-	}
-
 	// wait for setting frames to be received, a server can change this value later,
 	// but we just wait for the first settings frame
 	var isExtendedConnect bool
@ -1659,26 +1608,39 @@ func (cs *clientStream) encodeAndWriteHeaders(req *http.Request) error {
 	// we send: HEADERS{1}, CONTINUATION{0,} + DATA{0,} (DATA is
 	// sent by writeRequestBody below, along with any Trailers,
 	// again in form HEADERS{1}, CONTINUATION{0,})
-	trailers, err := commaSeparatedTrailers(req)
+	cc.hbuf.Reset()
+	res, err := encodeRequestHeaders(req, cs.requestedGzip, cc.peerMaxHeaderListSize, func(name, value string) {
+		cc.writeHeader(name, value)
+	})
 	if err != nil {
-		return err
-	}
-	hasTrailers := trailers != ""
-	contentLen := actualContentLength(req)
-	hasBody := contentLen != 0
-	hdrs, err := cc.encodeHeaders(req, cs.requestedGzip, trailers, contentLen)
-	if err != nil {
-		return err
+		return fmt.Errorf("http2: %w", err)
 	}
+	hdrs := cc.hbuf.Bytes()

 	// Write the request.
-	endStream := !hasBody && !hasTrailers
+	endStream := !res.HasBody && !res.HasTrailers
 	cs.sentHeaders = true
 	err = cc.writeHeaders(cs.ID, endStream, int(cc.maxFrameSize), hdrs)
 	traceWroteHeaders(cs.trace)
 	return err
 }

+func encodeRequestHeaders(req *http.Request, addGzipHeader bool, peerMaxHeaderListSize uint64, headerf func(name, value string)) (httpcommon.EncodeHeadersResult, error) {
+	return httpcommon.EncodeHeaders(req.Context(), httpcommon.EncodeHeadersParam{
+		Request: httpcommon.Request{
+			Header:              req.Header,
+			Trailer:             req.Trailer,
+			URL:                 req.URL,
+			Host:                req.Host,
+			Method:              req.Method,
+			ActualContentLength: actualContentLength(req),
+		},
+		AddGzipHeader:         addGzipHeader,
+		PeerMaxHeaderListSize: peerMaxHeaderListSize,
+		DefaultUserAgent:      defaultUserAgent,
+	}, headerf)
+}
+
 // cleanupWriteRequest performs post-request tasks.
 //
 // If err (the result of writeRequest) is non-nil and the stream is not closed,
@ -2066,218 +2028,6 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error)
 	}
 }

-func validateHeaders(hdrs http.Header) string {
-	for k, vv := range hdrs {
-		if !httpguts.ValidHeaderFieldName(k) && k != ":protocol" {
-			return fmt.Sprintf("name %q", k)
-		}
-		for _, v := range vv {
-			if !httpguts.ValidHeaderFieldValue(v) {
-				// Don't include the value in the error,
-				// because it may be sensitive.
-				return fmt.Sprintf("value for header %q", k)
-			}
-		}
-	}
-	return ""
-}
-
-var errNilRequestURL = errors.New("http2: Request.URI is nil")
-
-func isNormalConnect(req *http.Request) bool {
-	return req.Method == "CONNECT" && req.Header.Get(":protocol") == ""
-}
-
-// requires cc.wmu be held.
-func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) {
-	cc.hbuf.Reset()
-	if req.URL == nil {
-		return nil, errNilRequestURL
-	}
-
-	host := req.Host
-	if host == "" {
-		host = req.URL.Host
-	}
-	host, err := httpguts.PunycodeHostPort(host)
-	if err != nil {
-		return nil, err
-	}
-	if !httpguts.ValidHostHeader(host) {
-		return nil, errors.New("http2: invalid Host header")
-	}
-
-	var path string
-	if !isNormalConnect(req) {
-		path = req.URL.RequestURI()
-		if !validPseudoPath(path) {
-			orig := path
-			path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host)
-			if !validPseudoPath(path) {
-				if req.URL.Opaque != "" {
-					return nil, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque)
-				} else {
-					return nil, fmt.Errorf("invalid request :path %q", orig)
-				}
-			}
-		}
-	}
-
-	// Check for any invalid headers+trailers and return an error before we
-	// potentially pollute our hpack state. (We want to be able to
-	// continue to reuse the hpack encoder for future requests)
-	if err := validateHeaders(req.Header); err != "" {
-		return nil, fmt.Errorf("invalid HTTP header %s", err)
-	}
-	if err := validateHeaders(req.Trailer); err != "" {
-		return nil, fmt.Errorf("invalid HTTP trailer %s", err)
-	}
-
-	enumerateHeaders := func(f func(name, value string)) {
-		// 8.1.2.3 Request Pseudo-Header Fields
-		// The :path pseudo-header field includes the path and query parts of the
-		// target URI (the path-absolute production and optionally a '?' character
-		// followed by the query production, see Sections 3.3 and 3.4 of
-		// [RFC3986]).
-		f(":authority", host)
-		m := req.Method
-		if m == "" {
-			m = http.MethodGet
-		}
-		f(":method", m)
-		if !isNormalConnect(req) {
-			f(":path", path)
-			f(":scheme", req.URL.Scheme)
-		}
-		if trailers != "" {
-			f("trailer", trailers)
-		}
-
-		var didUA bool
-		for k, vv := range req.Header {
-			if asciiEqualFold(k, "host") || asciiEqualFold(k, "content-length") {
-				// Host is :authority, already sent.
-				// Content-Length is automatic, set below.
-				continue
-			} else if asciiEqualFold(k, "connection") ||
-				asciiEqualFold(k, "proxy-connection") ||
-				asciiEqualFold(k, "transfer-encoding") ||
-				asciiEqualFold(k, "upgrade") ||
-				asciiEqualFold(k, "keep-alive") {
-				// Per 8.1.2.2 Connection-Specific Header
-				// Fields, don't send connection-specific
-				// fields. We have already checked if any
-				// are error-worthy so just ignore the rest.
-				continue
-			} else if asciiEqualFold(k, "user-agent") {
-				// Match Go's http1 behavior: at most one
-				// User-Agent. If set to nil or empty string,
-				// then omit it. Otherwise if not mentioned,
-				// include the default (below).
-				didUA = true
-				if len(vv) < 1 {
-					continue
-				}
-				vv = vv[:1]
-				if vv[0] == "" {
-					continue
-				}
-			} else if asciiEqualFold(k, "cookie") {
-				// Per 8.1.2.5 To allow for better compression efficiency, the
-				// Cookie header field MAY be split into separate header fields,
-				// each with one or more cookie-pairs.
-				for _, v := range vv {
-					for {
-						p := strings.IndexByte(v, ';')
-						if p < 0 {
-							break
-						}
-						f("cookie", v[:p])
-						p++
-						// strip space after semicolon if any.
-						for p+1 <= len(v) && v[p] == ' ' {
-							p++
-						}
-						v = v[p:]
-					}
-					if len(v) > 0 {
-						f("cookie", v)
-					}
-				}
-				continue
-			}
-
-			for _, v := range vv {
-				f(k, v)
-			}
-		}
-		if shouldSendReqContentLength(req.Method, contentLength) {
-			f("content-length", strconv.FormatInt(contentLength, 10))
-		}
-		if addGzipHeader {
-			f("accept-encoding", "gzip")
-		}
-		if !didUA {
-			f("user-agent", defaultUserAgent)
-		}
-	}
-
-	// Do a first pass over the headers counting bytes to ensure
-	// we don't exceed cc.peerMaxHeaderListSize. This is done as a
-	// separate pass before encoding the headers to prevent
-	// modifying the hpack state.
-	hlSize := uint64(0)
-	enumerateHeaders(func(name, value string) {
-		hf := hpack.HeaderField{Name: name, Value: value}
-		hlSize += uint64(hf.Size())
-	})
-
-	if hlSize > cc.peerMaxHeaderListSize {
-		return nil, errRequestHeaderListSize
-	}
-
-	trace := httptrace.ContextClientTrace(req.Context())
-	traceHeaders := traceHasWroteHeaderField(trace)
-
-	// Header list size is ok. Write the headers.
-	enumerateHeaders(func(name, value string) {
-		name, ascii := lowerHeader(name)
-		if !ascii {
-			// Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header
-			// field names have to be ASCII characters (just as in HTTP/1.x).
-			return
-		}
-		cc.writeHeader(name, value)
-		if traceHeaders {
-			traceWroteHeaderField(trace, name, value)
-		}
-	})
-
-	return cc.hbuf.Bytes(), nil
-}
-
-// shouldSendReqContentLength reports whether the http2.Transport should send
-// a "content-length" request header. This logic is basically a copy of the net/http
-// transferWriter.shouldSendContentLength.
-// The contentLength is the corrected contentLength (so 0 means actually 0, not unknown).
-// -1 means unknown.
-func shouldSendReqContentLength(method string, contentLength int64) bool {
-	if contentLength > 0 {
-		return true
-	}
-	if contentLength < 0 {
-		return false
-	}
-	// For zero bodies, whether we send a content-length depends on the method.
-	// It also kinda doesn't matter for http2 either way, with END_STREAM.
-	switch method {
-	case "POST", "PUT", "PATCH":
-		return true
-	default:
-		return false
-	}
-}
-
 // requires cc.wmu be held.
 func (cc *ClientConn) encodeTrailers(trailer http.Header) ([]byte, error) {
 	cc.hbuf.Reset()
@ -2294,7 +2044,7 @@ func (cc *ClientConn) encodeTrailers(trailer http.Header) ([]byte, error) {
 	}

 	for k, vv := range trailer {
-		lowKey, ascii := lowerHeader(k)
+		lowKey, ascii := httpcommon.LowerHeader(k)
 		if !ascii {
 			// Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header
 			// field names have to be ASCII characters (just as in HTTP/1.x).
@ -2434,9 +2184,12 @@ func (rl *clientConnReadLoop) cleanup() {
 	// This avoids a situation where new connections are constantly created,
 	// added to the pool, fail, and are removed from the pool, without any error
 	// being surfaced to the user.
-	const unusedWaitTime = 5 * time.Second
+	unusedWaitTime := 5 * time.Second
+	if cc.idleTimeout > 0 && unusedWaitTime > cc.idleTimeout {
+		unusedWaitTime = cc.idleTimeout
+	}
 	idleTime := cc.t.now().Sub(cc.lastActive)
-	if atomic.LoadUint32(&cc.atomicReused) == 0 && idleTime < unusedWaitTime {
+	if atomic.LoadUint32(&cc.atomicReused) == 0 && idleTime < unusedWaitTime && !cc.closedOnIdle {
 		cc.idleTimer = cc.t.afterFunc(unusedWaitTime-idleTime, func() {
 			cc.t.connPool().MarkDead(cc)
 		})
@ -2457,6 +2210,13 @@ func (rl *clientConnReadLoop) cleanup() {
 	}
 	cc.cond.Broadcast()
 	cc.mu.Unlock()
+
+	if !cc.seenSettings {
+		// If we have a pending request that wants extended CONNECT,
+		// let it continue and fail with the connection error.
+		cc.extendedConnectAllowed = true
+		close(cc.seenSettingsChan)
+	}
 }

 // countReadFrameError calls Transport.CountError with a string
@ -2549,9 +2309,6 @@ func (rl *clientConnReadLoop) run() error {
 			if VerboseLogs {
 				cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, summarizeFrame(f), err)
 			}
-			if !cc.seenSettings {
-				close(cc.seenSettingsChan)
-			}
 			return err
 		}
 	}
@ -2646,7 +2403,7 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 		Status:     status + " " + http.StatusText(statusCode),
 	}
 	for _, hf := range regularFields {
-		key := canonicalHeader(hf.Name)
+		key := httpcommon.CanonicalHeader(hf.Name)
 		if key == "Trailer" {
 			t := res.Trailer
 			if t == nil {
@ -2654,7 +2411,7 @@ func (rl *clientConnReadLoop) handleResponse(cs *clientStream, f *MetaHeadersFra
 				res.Trailer = t
 			}
 			foreachHeaderElement(hf.Value, func(v string) {
-				t[canonicalHeader(v)] = nil
+				t[httpcommon.CanonicalHeader(v)] = nil
 			})
 		} else {
 			vv := header[key]
@ -2778,7 +2535,7 @@ func (rl *clientConnReadLoop) processTrailers(cs *clientStream, f *MetaHeadersFr

 	trailer := make(http.Header)
 	for _, hf := range f.RegularFields() {
-		key := canonicalHeader(hf.Name)
+		key := httpcommon.CanonicalHeader(hf.Name)
 		trailer[key] = append(trailer[key], hf.Value)
 	}
 	cs.trailer = trailer
@ -3324,7 +3081,7 @@ func (cc *ClientConn) writeStreamReset(streamID uint32, code ErrCode, ping bool,

 var (
 	errResponseHeaderListSize = errors.New("http2: response header list larger than advertised limit")
-	errRequestHeaderListSize  = errors.New("http2: request header list larger than peer's advertised limit")
+	errRequestHeaderListSize  = httpcommon.ErrRequestHeaderListSize
 )

 func (cc *ClientConn) logf(format string, args ...interface{}) {
@ -3508,16 +3265,6 @@ func traceFirstResponseByte(trace *httptrace.ClientTrace) {
 	}
 }

-func traceHasWroteHeaderField(trace *httptrace.ClientTrace) bool {
-	return trace != nil && trace.WroteHeaderField != nil
-}
-
-func traceWroteHeaderField(trace *httptrace.ClientTrace, k, v string) {
-	if trace != nil && trace.WroteHeaderField != nil {
-		trace.WroteHeaderField(k, []string{v})
-	}
-}
-
 func traceGot1xxResponseFunc(trace *httptrace.ClientTrace) func(int, textproto.MIMEHeader) error {
 	if trace != nil {
 		return trace.Got1xxResponse
--- a/vendor/golang.org/x/net/http2/write.go
+++ b/vendor/golang.org/x/net/http2/write.go
@ -13,6 +13,7 @@ import (

 	"golang.org/x/net/http/httpguts"
 	"golang.org/x/net/http2/hpack"
+	"golang.org/x/net/internal/httpcommon"
 )

 // writeFramer is implemented by any type that is used to write frames.
@ -351,7 +352,7 @@ func encodeHeaders(enc *hpack.Encoder, h http.Header, keys []string) {
 	}
 	for _, k := range keys {
 		vv := h[k]
-		k, ascii := lowerHeader(k)
+		k, ascii := httpcommon.LowerHeader(k)
 		if !ascii {
 			// Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header
 			// field names have to be ASCII characters (just as in HTTP/1.x).
--- a/vendor/golang.org/x/net/internal/httpcommon/ascii.go
+++ b/vendor/golang.org/x/net/internal/httpcommon/ascii.go
@ -0,0 +1,53 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package httpcommon
+
+import "strings"
+
+// The HTTP protocols are defined in terms of ASCII, not Unicode. This file
+// contains helper functions which may use Unicode-aware functions which would
+// otherwise be unsafe and could introduce vulnerabilities if used improperly.
+
+// asciiEqualFold is strings.EqualFold, ASCII only. It reports whether s and t
+// are equal, ASCII-case-insensitively.
+func asciiEqualFold(s, t string) bool {
+	if len(s) != len(t) {
+		return false
+	}
+	for i := 0; i < len(s); i++ {
+		if lower(s[i]) != lower(t[i]) {
+			return false
+		}
+	}
+	return true
+}
+
+// lower returns the ASCII lowercase version of b.
+func lower(b byte) byte {
+	if 'A' <= b && b <= 'Z' {
+		return b + ('a' - 'A')
+	}
+	return b
+}
+
+// isASCIIPrint returns whether s is ASCII and printable according to
+// https://tools.ietf.org/html/rfc20#section-4.2.
+func isASCIIPrint(s string) bool {
+	for i := 0; i < len(s); i++ {
+		if s[i] < ' ' || s[i] > '~' {
+			return false
+		}
+	}
+	return true
+}
+
+// asciiToLower returns the lowercase version of s if s is ASCII and printable,
+// and whether or not it was.
+func asciiToLower(s string) (lower string, ok bool) {
+	if !isASCIIPrint(s) {
+		return "", false
+	}
+	return strings.ToLower(s), true
+}
--- a/vendor/golang.org/x/net/internal/httpcommon/headermap.go
+++ b/vendor/golang.org/x/net/internal/httpcommon/headermap.go
@ -1,11 +1,11 @@
-// Copyright 2014 The Go Authors. All rights reserved.
+// Copyright 2025 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

-package http2
+package httpcommon

 import (
-	"net/http"
+	"net/textproto"
 	"sync"
 )

@ -82,13 +82,15 @@ func buildCommonHeaderMaps() {
 	commonLowerHeader = make(map[string]string, len(common))
 	commonCanonHeader = make(map[string]string, len(common))
 	for _, v := range common {
-		chk := http.CanonicalHeaderKey(v)
+		chk := textproto.CanonicalMIMEHeaderKey(v)
 		commonLowerHeader[chk] = v
 		commonCanonHeader[v] = chk
 	}
 }

-func lowerHeader(v string) (lower string, ascii bool) {
+// LowerHeader returns the lowercase form of a header name,
+// used on the wire for HTTP/2 and HTTP/3 requests.
+func LowerHeader(v string) (lower string, ascii bool) {
 	buildCommonHeaderMapsOnce()
 	if s, ok := commonLowerHeader[v]; ok {
 		return s, true
@ -96,10 +98,18 @@ func lowerHeader(v string) (lower string, ascii bool) {
 	return asciiToLower(v)
 }

-func canonicalHeader(v string) string {
+// CanonicalHeader canonicalizes a header name. (For example, "host" becomes "Host".)
+func CanonicalHeader(v string) string {
 	buildCommonHeaderMapsOnce()
 	if s, ok := commonCanonHeader[v]; ok {
 		return s
 	}
-	return http.CanonicalHeaderKey(v)
+	return textproto.CanonicalMIMEHeaderKey(v)
+}
+
+// CachedCanonicalHeader returns the canonical form of a well-known header name.
+func CachedCanonicalHeader(v string) (string, bool) {
+	buildCommonHeaderMapsOnce()
+	s, ok := commonCanonHeader[v]
+	return s, ok
 }
--- a/vendor/golang.org/x/net/internal/httpcommon/request.go
+++ b/vendor/golang.org/x/net/internal/httpcommon/request.go
@ -0,0 +1,467 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package httpcommon
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http/httptrace"
+	"net/textproto"
+	"net/url"
+	"sort"
+	"strconv"
+	"strings"
+
+	"golang.org/x/net/http/httpguts"
+	"golang.org/x/net/http2/hpack"
+)
+
+var (
+	ErrRequestHeaderListSize = errors.New("request header list larger than peer's advertised limit")
+)
+
+// Request is a subset of http.Request.
+// It'd be simpler to pass an *http.Request, of course, but we can't depend on net/http
+// without creating a dependency cycle.
+type Request struct {
+	URL                 *url.URL
+	Method              string
+	Host                string
+	Header              map[string][]string
+	Trailer             map[string][]string
+	ActualContentLength int64 // 0 means 0, -1 means unknown
+}
+
+// EncodeHeadersParam is parameters to EncodeHeaders.
+type EncodeHeadersParam struct {
+	Request Request
+
+	// AddGzipHeader indicates that an "accept-encoding: gzip" header should be
+	// added to the request.
+	AddGzipHeader bool
+
+	// PeerMaxHeaderListSize, when non-zero, is the peer's MAX_HEADER_LIST_SIZE setting.
+	PeerMaxHeaderListSize uint64
+
+	// DefaultUserAgent is the User-Agent header to send when the request
+	// neither contains a User-Agent nor disables it.
+	DefaultUserAgent string
+}
+
+// EncodeHeadersParam is the result of EncodeHeaders.
+type EncodeHeadersResult struct {
+	HasBody     bool
+	HasTrailers bool
+}
+
+// EncodeHeaders constructs request headers common to HTTP/2 and HTTP/3.
+// It validates a request and calls headerf with each pseudo-header and header
+// for the request.
+// The headerf function is called with the validated, canonicalized header name.
+func EncodeHeaders(ctx context.Context, param EncodeHeadersParam, headerf func(name, value string)) (res EncodeHeadersResult, _ error) {
+	req := param.Request
+
+	// Check for invalid connection-level headers.
+	if err := checkConnHeaders(req.Header); err != nil {
+		return res, err
+	}
+
+	if req.URL == nil {
+		return res, errors.New("Request.URL is nil")
+	}
+
+	host := req.Host
+	if host == "" {
+		host = req.URL.Host
+	}
+	host, err := httpguts.PunycodeHostPort(host)
+	if err != nil {
+		return res, err
+	}
+	if !httpguts.ValidHostHeader(host) {
+		return res, errors.New("invalid Host header")
+	}
+
+	// isNormalConnect is true if this is a non-extended CONNECT request.
+	isNormalConnect := false
+	var protocol string
+	if vv := req.Header[":protocol"]; len(vv) > 0 {
+		protocol = vv[0]
+	}
+	if req.Method == "CONNECT" && protocol == "" {
+		isNormalConnect = true
+	} else if protocol != "" && req.Method != "CONNECT" {
+		return res, errors.New("invalid :protocol header in non-CONNECT request")
+	}
+
+	// Validate the path, except for non-extended CONNECT requests which have no path.
+	var path string
+	if !isNormalConnect {
+		path = req.URL.RequestURI()
+		if !validPseudoPath(path) {
+			orig := path
+			path = strings.TrimPrefix(path, req.URL.Scheme+"://"+host)
+			if !validPseudoPath(path) {
+				if req.URL.Opaque != "" {
+					return res, fmt.Errorf("invalid request :path %q from URL.Opaque = %q", orig, req.URL.Opaque)
+				} else {
+					return res, fmt.Errorf("invalid request :path %q", orig)
+				}
+			}
+		}
+	}
+
+	// Check for any invalid headers+trailers and return an error before we
+	// potentially pollute our hpack state. (We want to be able to
+	// continue to reuse the hpack encoder for future requests)
+	if err := validateHeaders(req.Header); err != "" {
+		return res, fmt.Errorf("invalid HTTP header %s", err)
+	}
+	if err := validateHeaders(req.Trailer); err != "" {
+		return res, fmt.Errorf("invalid HTTP trailer %s", err)
+	}
+
+	trailers, err := commaSeparatedTrailers(req.Trailer)
+	if err != nil {
+		return res, err
+	}
+
+	enumerateHeaders := func(f func(name, value string)) {
+		// 8.1.2.3 Request Pseudo-Header Fields
+		// The :path pseudo-header field includes the path and query parts of the
+		// target URI (the path-absolute production and optionally a '?' character
+		// followed by the query production, see Sections 3.3 and 3.4 of
+		// [RFC3986]).
+		f(":authority", host)
+		m := req.Method
+		if m == "" {
+			m = "GET"
+		}
+		f(":method", m)
+		if !isNormalConnect {
+			f(":path", path)
+			f(":scheme", req.URL.Scheme)
+		}
+		if protocol != "" {
+			f(":protocol", protocol)
+		}
+		if trailers != "" {
+			f("trailer", trailers)
+		}
+
+		var didUA bool
+		for k, vv := range req.Header {
+			if asciiEqualFold(k, "host") || asciiEqualFold(k, "content-length") {
+				// Host is :authority, already sent.
+				// Content-Length is automatic, set below.
+				continue
+			} else if asciiEqualFold(k, "connection") ||
+				asciiEqualFold(k, "proxy-connection") ||
+				asciiEqualFold(k, "transfer-encoding") ||
+				asciiEqualFold(k, "upgrade") ||
+				asciiEqualFold(k, "keep-alive") {
+				// Per 8.1.2.2 Connection-Specific Header
+				// Fields, don't send connection-specific
+				// fields. We have already checked if any
+				// are error-worthy so just ignore the rest.
+				continue
+			} else if asciiEqualFold(k, "user-agent") {
+				// Match Go's http1 behavior: at most one
+				// User-Agent. If set to nil or empty string,
+				// then omit it. Otherwise if not mentioned,
+				// include the default (below).
+				didUA = true
+				if len(vv) < 1 {
+					continue
+				}
+				vv = vv[:1]
+				if vv[0] == "" {
+					continue
+				}
+			} else if asciiEqualFold(k, "cookie") {
+				// Per 8.1.2.5 To allow for better compression efficiency, the
+				// Cookie header field MAY be split into separate header fields,
+				// each with one or more cookie-pairs.
+				for _, v := range vv {
+					for {
+						p := strings.IndexByte(v, ';')
+						if p < 0 {
+							break
+						}
+						f("cookie", v[:p])
+						p++
+						// strip space after semicolon if any.
+						for p+1 <= len(v) && v[p] == ' ' {
+							p++
+						}
+						v = v[p:]
+					}
+					if len(v) > 0 {
+						f("cookie", v)
+					}
+				}
+				continue
+			} else if k == ":protocol" {
+				// :protocol pseudo-header was already sent above.
+				continue
+			}
+
+			for _, v := range vv {
+				f(k, v)
+			}
+		}
+		if shouldSendReqContentLength(req.Method, req.ActualContentLength) {
+			f("content-length", strconv.FormatInt(req.ActualContentLength, 10))
+		}
+		if param.AddGzipHeader {
+			f("accept-encoding", "gzip")
+		}
+		if !didUA {
+			f("user-agent", param.DefaultUserAgent)
+		}
+	}
+
+	// Do a first pass over the headers counting bytes to ensure
+	// we don't exceed cc.peerMaxHeaderListSize. This is done as a
+	// separate pass before encoding the headers to prevent
+	// modifying the hpack state.
+	if param.PeerMaxHeaderListSize > 0 {
+		hlSize := uint64(0)
+		enumerateHeaders(func(name, value string) {
+			hf := hpack.HeaderField{Name: name, Value: value}
+			hlSize += uint64(hf.Size())
+		})
+
+		if hlSize > param.PeerMaxHeaderListSize {
+			return res, ErrRequestHeaderListSize
+		}
+	}
+
+	trace := httptrace.ContextClientTrace(ctx)
+
+	// Header list size is ok. Write the headers.
+	enumerateHeaders(func(name, value string) {
+		name, ascii := LowerHeader(name)
+		if !ascii {
+			// Skip writing invalid headers. Per RFC 7540, Section 8.1.2, header
+			// field names have to be ASCII characters (just as in HTTP/1.x).
+			return
+		}
+
+		headerf(name, value)
+
+		if trace != nil && trace.WroteHeaderField != nil {
+			trace.WroteHeaderField(name, []string{value})
+		}
+	})
+
+	res.HasBody = req.ActualContentLength != 0
+	res.HasTrailers = trailers != ""
+	return res, nil
+}
+
+// IsRequestGzip reports whether we should add an Accept-Encoding: gzip header
+// for a request.
+func IsRequestGzip(method string, header map[string][]string, disableCompression bool) bool {
+	// TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere?
+	if !disableCompression &&
+		len(header["Accept-Encoding"]) == 0 &&
+		len(header["Range"]) == 0 &&
+		method != "HEAD" {
+		// Request gzip only, not deflate. Deflate is ambiguous and
+		// not as universally supported anyway.
+		// See: https://zlib.net/zlib_faq.html#faq39
+		//
+		// Note that we don't request this for HEAD requests,
+		// due to a bug in nginx:
+		//   http://trac.nginx.org/nginx/ticket/358
+		//   https://golang.org/issue/5522
+		//
+		// We don't request gzip if the request is for a range, since
+		// auto-decoding a portion of a gzipped document will just fail
+		// anyway. See https://golang.org/issue/8923
+		return true
+	}
+	return false
+}
+
+// checkConnHeaders checks whether req has any invalid connection-level headers.
+//
+// https://www.rfc-editor.org/rfc/rfc9114.html#section-4.2-3
+// https://www.rfc-editor.org/rfc/rfc9113.html#section-8.2.2-1
+//
+// Certain headers are special-cased as okay but not transmitted later.
+// For example, we allow "Transfer-Encoding: chunked", but drop the header when encoding.
+func checkConnHeaders(h map[string][]string) error {
+	if vv := h["Upgrade"]; len(vv) > 0 && (vv[0] != "" && vv[0] != "chunked") {
+		return fmt.Errorf("invalid Upgrade request header: %q", vv)
+	}
+	if vv := h["Transfer-Encoding"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && vv[0] != "chunked") {
+		return fmt.Errorf("invalid Transfer-Encoding request header: %q", vv)
+	}
+	if vv := h["Connection"]; len(vv) > 0 && (len(vv) > 1 || vv[0] != "" && !asciiEqualFold(vv[0], "close") && !asciiEqualFold(vv[0], "keep-alive")) {
+		return fmt.Errorf("invalid Connection request header: %q", vv)
+	}
+	return nil
+}
+
+func commaSeparatedTrailers(trailer map[string][]string) (string, error) {
+	keys := make([]string, 0, len(trailer))
+	for k := range trailer {
+		k = CanonicalHeader(k)
+		switch k {
+		case "Transfer-Encoding", "Trailer", "Content-Length":
+			return "", fmt.Errorf("invalid Trailer key %q", k)
+		}
+		keys = append(keys, k)
+	}
+	if len(keys) > 0 {
+		sort.Strings(keys)
+		return strings.Join(keys, ","), nil
+	}
+	return "", nil
+}
+
+// validPseudoPath reports whether v is a valid :path pseudo-header
+// value. It must be either:
+//
+//   - a non-empty string starting with '/'
+//   - the string '*', for OPTIONS requests.
+//
+// For now this is only used a quick check for deciding when to clean
+// up Opaque URLs before sending requests from the Transport.
+// See golang.org/issue/16847
+//
+// We used to enforce that the path also didn't start with "//", but
+// Google's GFE accepts such paths and Chrome sends them, so ignore
+// that part of the spec. See golang.org/issue/19103.
+func validPseudoPath(v string) bool {
+	return (len(v) > 0 && v[0] == '/') || v == "*"
+}
+
+func validateHeaders(hdrs map[string][]string) string {
+	for k, vv := range hdrs {
+		if !httpguts.ValidHeaderFieldName(k) && k != ":protocol" {
+			return fmt.Sprintf("name %q", k)
+		}
+		for _, v := range vv {
+			if !httpguts.ValidHeaderFieldValue(v) {
+				// Don't include the value in the error,
+				// because it may be sensitive.
+				return fmt.Sprintf("value for header %q", k)
+			}
+		}
+	}
+	return ""
+}
+
+// shouldSendReqContentLength reports whether we should send
+// a "content-length" request header. This logic is basically a copy of the net/http
+// transferWriter.shouldSendContentLength.
+// The contentLength is the corrected contentLength (so 0 means actually 0, not unknown).
+// -1 means unknown.
+func shouldSendReqContentLength(method string, contentLength int64) bool {
+	if contentLength > 0 {
+		return true
+	}
+	if contentLength < 0 {
+		return false
+	}
+	// For zero bodies, whether we send a content-length depends on the method.
+	// It also kinda doesn't matter for http2 either way, with END_STREAM.
+	switch method {
+	case "POST", "PUT", "PATCH":
+		return true
+	default:
+		return false
+	}
+}
+
+// ServerRequestParam is parameters to NewServerRequest.
+type ServerRequestParam struct {
+	Method                  string
+	Scheme, Authority, Path string
+	Protocol                string
+	Header                  map[string][]string
+}
+
+// ServerRequestResult is the result of NewServerRequest.
+type ServerRequestResult struct {
+	// Various http.Request fields.
+	URL        *url.URL
+	RequestURI string
+	Trailer    map[string][]string
+
+	NeedsContinue bool // client provided an "Expect: 100-continue" header
+
+	// If the request should be rejected, this is a short string suitable for passing
+	// to the http2 package's CountError function.
+	// It might be a bit odd to return errors this way rather than returing an error,
+	// but this ensures we don't forget to include a CountError reason.
+	InvalidReason string
+}
+
+func NewServerRequest(rp ServerRequestParam) ServerRequestResult {
+	needsContinue := httpguts.HeaderValuesContainsToken(rp.Header["Expect"], "100-continue")
+	if needsContinue {
+		delete(rp.Header, "Expect")
+	}
+	// Merge Cookie headers into one "; "-delimited value.
+	if cookies := rp.Header["Cookie"]; len(cookies) > 1 {
+		rp.Header["Cookie"] = []string{strings.Join(cookies, "; ")}
+	}
+
+	// Setup Trailers
+	var trailer map[string][]string
+	for _, v := range rp.Header["Trailer"] {
+		for _, key := range strings.Split(v, ",") {
+			key = textproto.CanonicalMIMEHeaderKey(textproto.TrimString(key))
+			switch key {
+			case "Transfer-Encoding", "Trailer", "Content-Length":
+				// Bogus. (copy of http1 rules)
+				// Ignore.
+			default:
+				if trailer == nil {
+					trailer = make(map[string][]string)
+				}
+				trailer[key] = nil
+			}
+		}
+	}
+	delete(rp.Header, "Trailer")
+
+	// "':authority' MUST NOT include the deprecated userinfo subcomponent
+	// for "http" or "https" schemed URIs."
+	// https://www.rfc-editor.org/rfc/rfc9113.html#section-8.3.1-2.3.8
+	if strings.IndexByte(rp.Authority, '@') != -1 && (rp.Scheme == "http" || rp.Scheme == "https") {
+		return ServerRequestResult{
+			InvalidReason: "userinfo_in_authority",
+		}
+	}
+
+	var url_ *url.URL
+	var requestURI string
+	if rp.Method == "CONNECT" && rp.Protocol == "" {
+		url_ = &url.URL{Host: rp.Authority}
+		requestURI = rp.Authority // mimic HTTP/1 server behavior
+	} else {
+		var err error
+		url_, err = url.ParseRequestURI(rp.Path)
+		if err != nil {
+			return ServerRequestResult{
+				InvalidReason: "bad_path",
+			}
+		}
+		requestURI = rp.Path
+	}
+
+	return ServerRequestResult{
+		URL:           url_,
+		NeedsContinue: needsContinue,
+		RequestURI:    requestURI,
+		Trailer:       trailer,
+	}
+}
--- a/vendor/golang.org/x/net/trace/events.go
+++ b/vendor/golang.org/x/net/trace/events.go
@ -508,7 +508,7 @@ const eventsHTML = `
 	<tr class="first">
 		<td class="when">{{$el.When}}</td>
 		<td class="elapsed">{{$el.ElapsedTime}}</td>
-		<td>{{$el.Title}}
+		<td>{{$el.Title}}</td>
 	</tr>
 	{{if $.Expanded}}
 	<tr>
--- a/vendor/golang.org/x/oauth2/README.md
+++ b/vendor/golang.org/x/oauth2/README.md
@ -5,15 +5,6 @@

 oauth2 package contains a client implementation for OAuth 2.0 spec.

-## Installation
-
-~~~~
-go get golang.org/x/oauth2
-~~~~
-
-Or you can manually git clone the repository to
-`$(go env GOPATH)/src/golang.org/x/oauth2`.
-
 See pkg.go.dev for further documentation and examples.

 * [pkg.go.dev/golang.org/x/oauth2](https://pkg.go.dev/golang.org/x/oauth2)
@ -33,7 +24,11 @@ The main issue tracker for the oauth2 repository is located at
 https://github.com/golang/oauth2/issues.

 This repository uses Gerrit for code changes. To learn how to submit changes to
-this repository, see https://golang.org/doc/contribute.html. In particular:
+this repository, see https://go.dev/doc/contribute.
+
+The git repository is https://go.googlesource.com/oauth2.
+
+Note:

 * Excluding trivial changes, all contributions should be connected to an existing issue.
 * API changes must go through the [change proposal process](https://go.dev/s/proposal-process) before they can be accepted.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
renovate[bot]	c82a29fc06	fix(deps): update minor dependencies	2025-08-10 09:51:11 +00:00
renovate[bot]	02b7bd0bf6	fix(deps): update patch digest dependencies	2025-08-10 09:42:48 +00:00
renovate[bot]	65b6c976e1	fix(deps): update module google.golang.org/grpc to v1.74.2	2025-07-27 06:10:45 +00:00
renovate[bot]	cfbc6683b2	fix(deps): update github.com/longhorn/go-common-libs digest to 2c0bac6	2025-07-27 06:00:54 +00:00
renovate[bot]	cfe633ba30	fix(deps): update patch digest dependencies	2025-07-20 10:04:41 +00:00
renovate[bot]	b44251be68	fix(deps): update patch digest dependencies	2025-07-13 05:18:43 +00:00
renovate[bot]	d9496b313e	fix(deps): update minor dependencies	2025-07-13 05:09:12 +00:00
Derek Su	31878729a0	chore(dockerfile): add cache buster to avoid using old dependencies Longhorn 11110 Signed-off-by: Derek Su <derek.su@suse.com>	2025-07-02 14:26:37 +08:00
Raphanus Lo	69e0c4e1d1	fix(crypto): encrypted volume live expansion longhorn/longhorn-11120 Signed-off-by: Raphanus Lo <yunchang.lo@suse.com>	2025-07-01 04:08:32 +00:00
renovate[bot]	a15dcbdda8	fix(deps): update github.com/longhorn/go-common-libs digest to 81fc0ee	2025-06-29 08:48:09 +00:00
Florianisme	9f7b1577bb	fix: split volume formatting options with correct separator Signed-off-by: Florianisme <florian.m9782@gmail.com>	2025-06-26 15:39:41 +08:00
renovate[bot]	eddbd64797	fix(deps): update module k8s.io/kubernetes to v1.33.2 [security]	2025-06-24 09:18:55 +00:00
Florianisme	11b6a83f3b	fix: read and pass volume formatting options to the underlying mounter library Signed-off-by: Florianisme <florian.m9782@gmail.com>	2025-06-24 17:10:41 +08:00
renovate[bot]	1a47f27bfe	fix(deps): update patch digest dependencies	2025-06-24 09:09:54 +00:00
renovate[bot]	a747728029	chore(deps): update docker/dockerfile docker tag to v1.17.1	2025-06-24 09:01:00 +00:00
renovate[bot]	e9c5a6d8d3	fix(deps): update github.com/longhorn/go-common-libs digest to 72e27d7	2025-06-15 13:55:45 +00:00
renovate[bot]	cc28d1fc86	fix(deps): update patch digest dependencies	2025-06-15 09:01:03 +00:00
renovate[bot]	042053971b	fix(deps): update minor dependencies	2025-06-08 06:05:50 +00:00
renovate[bot]	7654f09a9a	fix(deps): update patch digest dependencies	2025-06-08 05:57:12 +00:00
renovate[bot]	37fa99bffe	chore(deps): update docker/dockerfile docker tag to v1.16.0	2025-05-25 06:47:31 +00:00
renovate[bot]	2a670d1d42	fix(deps): update patch digest dependencies	2025-05-25 06:37:45 +00:00
Derek Su	c344a01639	chore: update Makefile Signed-off-by: Derek Su <derek.su@suse.com>	2025-05-20 13:33:31 +09:00
renovate[bot]	689ebae944	fix(deps): update patch digest dependencies	2025-05-17 04:27:28 +00:00
renovate[bot]	32d7b7a1d4	fix(deps): update github.com/longhorn/go-common-libs digest to 801acb3	2025-05-11 07:04:30 +00:00
Derek Su	11aa5f2eb3	chore(Makefile): update SRC_BRANCH to master Signed-off-by: Derek Su <derek.su@suse.com>	2025-05-07 18:19:26 +09:00
Derek Su	de72a2b323	fix: add List method for gRPC health check server google.golang.org/grpc v1.72.0 introduces List method. Signed-off-by: Derek Su <derek.su@suse.com>	2025-05-07 07:37:21 +00:00
renovate[bot]	32c50be2db	fix(deps): update minor dependencies	2025-05-07 07:37:21 +00:00
renovate[bot]	2fe1e718cd	chore(deps): update dependency go to v1.24.3	2025-05-07 07:17:52 +00:00
renovate[bot]	161bccc96a	chore(deps): update docker/dockerfile docker tag to v1.15.1	2025-05-04 06:41:13 +00:00
renovate[bot]	618bf42a46	fix(deps): update k8s.io/utils digest to 0f33e8f	2025-05-04 06:32:44 +00:00
renovate[bot]	183543e93b	chore(deps): update module k8s.io/legacy-cloud-providers to v0.30.12	2025-04-28 06:57:29 +08:00
David Ko	6e1a355ffc	chore(version): update version file to v1.10.0-dev Signed-off-by: David Ko <dko@suse.com>	2025-04-25 12:19:33 +00:00
renovate[bot]	5089373bf3	chore(deps): update docker/dockerfile docker tag to v1.15.0	2025-04-20 07:16:04 +00:00
renovate[bot]	8f7458f026	fix(deps): update patch digest dependencies	2025-04-20 07:08:00 +00:00
renovate[bot]	9a061ab63d	fix(deps): update module golang.org/x/net to v0.39.0	2025-04-13 06:39:52 +00:00
renovate[bot]	16d28313a3	fix(deps): update patch digest dependencies	2025-04-13 06:31:05 +00:00
Derek Su	26a21cac60	chore(workflow): add workflow_dispatch in build.yml Longhorn 10701 Signed-off-by: Derek Su <derek.su@suse.com>	2025-04-11 09:21:17 +08:00
renovate[bot]	5bed33f534	chore(deps): update registry.suse.com/bci/bci-base docker tag to v15.7	2025-04-06 06:14:00 +00:00
renovate[bot]	1d4ac96f0b	fix(deps): update module golang.org/x/sys to v0.32.0	2025-04-06 06:06:52 +00:00
renovate[bot]	58c67734ed	fix(deps): update patch digest dependencies	2025-04-06 05:58:51 +00:00
renovate[bot]	d4d7e94fdf	fix(deps): update module golang.org/x/net to v0.38.0	2025-03-31 15:15:32 +00:00
Derek Su	f6f219611e	fix: fix validation errors Signed-off-by: Derek Su <derek.su@suse.com>	2025-03-31 15:01:01 +00:00
Derek Su	ec0321af3e	chore(Dockerfile): use registry.suse.com/bci/bci-base 15.6 registry.suse.com/bci/bci-base:15.7 is still in Tech Preview Signed-off-by: Derek Su <derek.su@suse.com>	2025-03-31 15:01:01 +00:00
renovate[bot]	a100c1a98e	fix(deps): update patch digest dependencies	2025-03-31 15:01:01 +00:00
Derek Su	bec4115de6	chore(workflow): remove .coderabbit.yaml Longhorn 10663 Signed-off-by: Derek Su <derek.su@suse.com>	2025-03-31 16:13:02 +08:00
renovate[bot]	87acedee73	fix(deps): update k8s.io/utils digest to 1f6e0b7	2025-03-23 05:30:52 +00:00
Chin-Ya Huang	6729ba74eb	chore: update vendor longhorn/longhorn-10584 Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>	2025-03-19 12:55:09 +08:00
Chin-Ya Huang	56260efca8	Revert "chore: update vendor" This reverts commit `93b03536ff`.	2025-03-19 12:55:09 +08:00
Chin-Ya Huang	93b03536ff	chore: update vendor longhorn/longhorn-10584 Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>	2025-03-19 11:49:35 +08:00
renovate[bot]	35e69c74eb	chore(deps): update registry.suse.com/bci/bci-base docker tag to v15.7	2025-03-15 05:43:39 +00:00
renovate[bot]	a302e132ac	fix(deps): update patch digest dependencies	2025-03-15 05:36:25 +00:00
Derek Su	7444514211	chore(Dockerfile): use latest golangci-lint Signed-off-by: Derek Su <derek.su@suse.com>	2025-03-11 06:08:15 +00:00
Derek Su	9d943d99cc	chore(Dockerfile): revert registry.suse.com/bci/bci-base to 15.6 registry.suse.com/bci/bci-base 15.7 is still in Tech Preview. Signed-off-by: Derek Su <derek.su@suse.com>	2025-03-11 06:08:15 +00:00
renovate[bot]	670f84ce0f	chore(deps): update docker dependencies	2025-03-11 06:08:15 +00:00
renovate[bot]	e7c44fc3c1	fix(deps): update minor dependencies	2025-03-08 02:42:51 +00:00
renovate[bot]	e2c9e5acc5	fix(deps): update patch digest dependencies	2025-03-08 02:34:48 +00:00
Raphanus Lo	d064c882fd	fix(ci): fixed project name Signed-off-by: Raphanus Lo <yunchang.lo@suse.com>	2025-02-18 09:34:48 +08:00
renovate[bot]	583f67ab0e	fix(deps): update github.com/longhorn/go-common-libs digest to 151615b	2025-02-15 06:00:46 +00:00
renovate[bot]	7ca95107df	fix(deps): update minor dependencies	2025-02-15 02:20:26 +00:00
renovate[bot]	773f3e54f3	fix(deps): update patch digest dependencies	2025-02-15 02:12:14 +00:00
Raphanus Lo	93428bfd3b	fix(ci): fix multiplatform build Signed-off-by: Raphanus Lo <yunchang.lo@suse.com>	2025-02-14 16:27:57 +08:00
renovate[bot]	c543bd7df7	fix(deps): update module k8s.io/kubernetes to v1.32.2 [security]	2025-02-13 21:06:14 +00:00
Raphanus Lo	4f7e6b2ce5	feat: self-contained container image build Signed-off-by: Raphanus Lo <yunchang.lo@suse.com>	2025-02-13 10:17:22 +08:00
Derek Su	742209db09	chore(build): move common functions to longhorn/dep-versions Longhorn 10208 Signed-off-by: Derek Su <derek.su@suse.com>	2025-02-12 12:46:27 +08:00
Derek Su	261ae970cd	chore(build): support tag in longhorn/dep-versions Longhorn 10208 Signed-off-by: Derek Su <derek.su@suse.com>	2025-02-11 09:37:55 +08:00
Derek Su	78c6e1d1c7	chore: versions of dependent packages are centrally managed in longhorn/dep-versions Longhorn 10208 Signed-off-by: Derek Su <derek.su@suse.com>	2025-02-11 09:37:55 +08:00
Derek Su	39be0e69a7	chore(build): switch to ubuntu 22.04 runner CI failed to build longhorn-share-manager since the action runner image was upgraded to 24.04 20250120.5.0. Longhorn 10372 Signed-off-by: Derek Su <derek.su@suse.com>	2025-02-10 11:00:11 +08:00
renovate[bot]	d26127c29f	fix(deps): update patch digest dependencies	2025-02-08 06:04:38 +00:00
renovate[bot]	83730e19e3	fix(deps): update module golang.org/x/sys to v0.30.0	2025-02-08 05:54:48 +00:00
renovate[bot]	7e40dd0c09	fix(deps): update module google.golang.org/protobuf to v1.36.4	2025-01-25 05:04:21 +00:00
renovate[bot]	122317f7de	fix(deps): update module google.golang.org/grpc to v1.70.0	2025-01-25 04:55:42 +00:00
renovate[bot]	6226f1ddaa	chore(deps): update docker/dockerfile docker tag to v1.13.0	2025-01-25 04:47:03 +00:00
renovate[bot]	6d9560caf0	fix(deps): update patch digest dependencies	2025-01-18 05:00:05 +00:00
Derek Su	f598218e05	feat: bump nfs-ganesha in longhorn-share-manager from v6.3 to v6.5 Longhorn 10194 Signed-off-by: Derek Su <derek.su@suse.com>	2025-01-13 09:54:03 +08:00
Derek Su	c0bdb9f4f0	fix: rename cli parameter dataEngine to data-engine Longhorn 7355 Signed-off-by: Derek Su <derek.su@suse.com>	2025-01-11 15:43:05 +08:00
renovate[bot]	48756d0351	fix(deps): update module golang.org/x/net to v0.34.0	2025-01-11 02:28:57 +00:00
renovate[bot]	8e9207faf6	fix(deps): update patch digest dependencies	2025-01-11 02:18:04 +00:00
James Lu	2929c79cd8	feat(crypto): v2 volume encryption support ref: longhorn/longhorn 7355 Signed-off-by: James Lu <jamesluhz@gmail.com>	2025-01-10 20:49:14 +08:00
David Ko	17e95bcd9c	chore(version): update version file to v1.9.0-dev Signed-off-by: David Ko <dko@suse.com>	2025-01-07 07:48:15 +00:00
renovate[bot]	a64f86262c	fix(deps): update module golang.org/x/sys to v0.29.0	2025-01-04 15:59:03 +00:00
David Ko	e1d9034be8	chore(action): create backport-pr.yml Signed-off-by: David Ko <dko@suse.com>	2025-01-02 18:29:44 +08:00
renovate[bot]	fc3e5daf33	fix(deps): update patch digest dependencies	2024-12-28 04:08:18 +00:00
renovate[bot]	4018878a54	fix(deps): update github.com/longhorn/go-common-libs digest to 3f84afe	2024-12-21 06:53:14 +00:00
renovate[bot]	7012328f2b	fix(deps): update patch digest dependencies	2024-12-21 03:25:25 +00:00