Bump golang.org/x/net from 0.36.0 to 0.38.0

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.36.0 to 0.38.0. - [Commits](https://github.com/golang/net/compare/v0.36.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Fix faasd CE install script for RHEL-based systems
2025-06-09 08:26:47 +00:00 · 2025-05-28 15:18:33 +01:00 · 2025-05-20 17:21:08 +01:00 · 2025-05-20 17:21:08 +01:00 · 2025-05-20 13:53:26 +01:00 · 2025-05-20 13:29:27 +01:00
1333 changed files with 79898 additions and 44996 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -24,13 +24,6 @@ What company is this for? Are you listed in the [ADOPTERS.md](https://github.com
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->
 ## Are you a GitHub Sponsor (Yes/No?)
 <!--- Given this request for help, how are you supporting the project? -->
 Check at: https://github.com/sponsors/openfaas
 - [ ] Yes
 - [ ] No
 ## List All Possible Solutions and Workarounds
 <!--- Suggest a fix/reason for the bug, or ideas how to implement  -->
 <!--- the addition or change -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1 @@
 blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/issue.md
+++ b/.github/ISSUE_TEMPLATE/issue.md
@ -0,0 +1,69 @@
 ---
 name: Report an issue
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''
 ---
 ## Due diligence
 <!-- Due dilligence -->
 ## My actions before raising this issue
 Before you ask for help or support, make sure that you've [consulted the manual for faasd](https://openfaas.gumroad.com/l/serverless-for-everyone-else). We can't answer questions that are already covered by the manual.
 <!-- How is this affecting you? What task are you trying to accomplish? -->
 ## Why do you need this?
 <!-- Attempts to mask or hide this may result in the issue being closed -->
 ## Who is this for?
 What company is this for? Are you listed in the [ADOPTERS.md](https://github.com/openfaas/faas/blob/master/ADOPTERS.md) file?
 <!--- Provide a general summary of the issue in the Title above -->
 ## Expected Behaviour
 <!--- If you're describing a bug, tell us what should happen -->
 <!--- If you're suggesting a change/improvement, tell us how it should work -->
 ## Current Behaviour
 <!--- If describing a bug, tell us what happens instead of the expected behavior -->
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->
 ## List All Possible Solutions and Workarounds
 <!--- Suggest a fix/reason for the bug, or ideas how to implement  -->
 <!--- the addition or change -->
 <!--- Is there a workaround which could avoid making changes? -->
 ## Which Solution Do You Recommend?
 <!--- Pick your preferred solution, if you were to implement and maintain this change -->
 ## Steps to Reproduce (for bugs)
 <!--- Provide a link to a live example, or an unambiguous set of steps to -->
 <!--- reproduce this bug. Include code to reproduce, if relevant -->
 1.
 2.
 3.
 4.
 ## Your Environment
 * OS and architecture:
 * Versions:
 ```sh
 go version
 containerd -version
 uname -a
 cat /etc/os-release
 faasd version
 ```
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -16,9 +16,9 @@ jobs:
        with:
          fetch-depth: 1
      - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.19.x
+          go-version: 1.22.x
      - name: test
        run: make test
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -13,13 +13,13 @@ jobs:
        with:
          fetch-depth: 1
      - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v5
        with:
-          go-version: 1.19.x
+          go-version: 1.22.x
      - name: Make publish
        run: make publish
      - name: Upload release binaries
-        uses: alexellis/upload-assets@0.4.0
+        uses: alexellis/upload-assets@0.4.1
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
--- a/.github/workflows/verify-images.yaml
+++ b/.github/workflows/verify-images.yaml
@ -11,8 +11,8 @@ jobs:
    steps:
      - uses: actions/checkout@master
-      - uses: alexellis/setup-arkade@v2
+      - uses: alexellis/setup-arkade@v3
      - name: Verify chart images
        id: verify_images
        run: |
-          VERBOSE=true make verify-compose
+          VERBOSE=true make verify-compose
--- a/EULA.md
+++ b/EULA.md
@ -0,0 +1,22 @@
 1.1 EULA Addendum for faasd Community Edition (CE). This EULA Addendum for faasd is part of the [OpenFaaS Community Edition (CE) EULA](https://github.com/openfaas/faas/blob/master/EULA.md).  
 1.2 Agreement Parties. This Agreement is between OpenFaaS Ltd (the "Licensor") and you (the "Licensee").  
 1.3 Governing Law. This Agreement shall be governed by, and construed in accordance with, the laws of England and Wales.  
 1.4 OpenFaaS Edge (faasd-pro). OpenFaaS Edge (faasd-pro) is a separate commercial product that is fully licensed under the OpenFaaS Pro EULA.  
 2.1 Grant of License for faasd CE. faasd CE may be installed once per year for a single 60-day trial period in a commercial setting for the sole purpose of evaluation and testing. This trial does not include any support or warranty, and it terminates automatically at the end of the 60-day period unless a separate commercial license is obtained.  
 2.2 Personal (Non-Commercial) Use. faasd CE may be used by an individual for personal, non-commercial projects, provided that the user is not acting on behalf of any company, corporation, or other legal entity.  
 2.3 Restrictions.  
 (a) No redistribution, resale, or sublicensing of faasd CE is permitted.  
 (b) The License granted under this Addendum is non-transferable.  
 (c) Any continued commercial usage beyond the 60-day trial requires a separate commercial license from the Licensor.  
 2.4 Warranty Disclaimer. faasd CE is provided "as is," without warranty of any kind. No support or guarantee is included during the 60-day trial or for personal use.  
 2.5 Termination. If the terms of this Addendum are violated, the License granted hereunder terminates immediately. The Licensee must discontinue all use of faasd CE and destroy any copies in their possession.  
 2.6 Contact Information. For additional rights, commercial licenses, or support inquiries, please contact the Licensor at contact@openfaas.com.  
--- a/6
+++ b/6
@ -1,8 +1,10 @@
 License for faasd contributions from OpenFaaS Ltd - 2017, 2029-2024, see: EULA.md
 Only third-party contributions to source code are licensed MIT:
 MIT License
 Copyright (c) 2020 Alex Ellis
 Copyright (c) 2020 OpenFaaS Ltd
 Copyright (c) 2020 OpenFaas Author(s)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/19
+++ b/19
@ -1,7 +1,7 @@
 Version := $(shell git describe --tags --dirty)
 GitCommit := $(shell git rev-parse HEAD)
-LDFLAGS := "-s -w -X main.Version=$(Version) -X main.GitCommit=$(GitCommit)"
+LDFLAGS := "-s -w -X github.com/openfaas/faasd/pkg.Version=$(Version) -X github.com/openfaas/faasd/pkg.GitCommit=$(GitCommit)"
-CONTAINERD_VER := 1.7.0
+CONTAINERD_VER := 1.7.27
 CNI_VERSION := v0.9.1
 ARCH := amd64
@ -20,11 +20,14 @@ local:
 test:
 	CGO_ENABLED=0 GOOS=linux go test -mod=vendor -ldflags $(LDFLAGS) ./...
 .PHONY: dist-local
 dist-local:
 	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd
 .PHONY: dist
 dist:
-	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd
+	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd-armhf
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd-arm64
 	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd-arm64
 .PHONY: hashgen
 hashgen:
@ -69,4 +72,8 @@ test-e2e:
 verify-compose:
 	@echo Verifying docker-compose.yaml images in remote registries && \
-	arkade chart verify --verbose=$(VERBOSE) -f ./docker-compose.yaml
+	arkade chart verify --verbose=$(VERBOSE) -f ./docker-compose.yaml
 upgrade-compose:
 	@echo Checking for newer images in remote registries && \
 	arkade chart upgrade -f ./docker-compose.yaml --write
--- a/README.md
+++ b/README.md
@ -1,17 +1,38 @@
-# faasd - a lightweight & portable faas engine
+# faasd - a lightweight and portable version of OpenFaaS
 [![Sponsor faasd](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&link=https://github.com/sponsors/openfaas)](https://github.com/sponsors/openfaas)
 [![Build Status](https://github.com/openfaas/faasd/workflows/build/badge.svg?branch=master)](https://github.com/openfaas/faasd/actions)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 ![Downloads](https://img.shields.io/github/downloads/openfaas/faasd/total)
 faasd is [OpenFaaS](https://github.com/openfaas/) reimagined, but without the cost and complexity of Kubernetes. It runs on a single host with very modest requirements, making it fast and easy to manage. Under the hood it uses [containerd](https://containerd.io/) and [Container Networking Interface (CNI)](https://github.com/containernetworking/cni) along with the same core OpenFaaS components from the main project.
 ![faasd logo](docs/media/social.png)
-## Use-cases and tutorials
+## Features & Benefits
-faasd is just another way to run OpenFaaS, so many things you read in the docs or in blog posts will work the same way.
+- **Lightweight** - faasd is a single Go binary, which runs as a systemd service making it easy to manage
 - **Portable** - it runs on any Linux host with containerd and CNI, on as little as 2x vCPU and 2GB RAM - x86_64 and Arm64 supported
 - **Easy to manage** - unlike Kubernetes, its API is stable and requires little maintenance
 - **Low cost** - it's licensed per installation, so you can invoke your functions as much as you need, without additional cost
 - **Stateful containers** - faasd supports stateful containers with persistent volumes such as PostgreSQL, Grafana, Prometheus, etc
 - **Built on OpenFaaS** - uses the same containers that power OpenFaaS on Kubernetes for the Gateway, Queue-Worker, Event Connectors, Dashboards, Scale To Zero, etc
 - **Ideal for internal business use** - use it to build internal tools, automate tasks, and integrate with existing systems
 - **Deploy it for a customer** - package your functions along with OpenFaaS Edge into a VM image, and deploy it to your customers to run in their own datacenters
 faasd does not create the same maintenance burden you'll find with installing, upgrading, and securing a Kubernetes cluster. You can deploy it and walk away, in the worst case, just deploy a new VM and deploy your functions again.
 You can learn more about supported OpenFaaS features in the [ROADMAP.md](/docs/ROADMAP.md)
 ## Getting Started
 There are two versions of faasd:
 * faasd CE - for non-commercial, personal use only licensed under [the faasd CE EULA](/EULA.md)
 * OpenFaaS Edge (faasd-pro) - fully licensed for commercial use
 You can install either edition using the instructions in the [OpenFaaS docs](https://docs.openfaas.com/deployment/edge/).
 You can request a license for [OpenFaaS Edge using this form](https://forms.gle/g6oKLTG29mDTSk5k9)
 ## Further resources
 There are many blog posts and documentation pages about OpenFaaS on Kubernetes, which also apply to faasd.
 Videos and overviews:
@ -29,65 +50,32 @@ Use-cases and tutorials:
 Additional resources:
-* The official handbook - [Serverless For Everyone Else](https://gumroad.com/l/serverless-for-everyone-else)
+* The official handbook - [Serverless For Everyone Else](https://openfaas.gumroad.com/l/serverless-for-everyone-else)
 * For reference: [OpenFaaS docs](https://docs.openfaas.com)
 * For use-cases and tutorials: [OpenFaaS blog](https://openfaas.com/blog/)
 * For self-paced learning: [OpenFaaS workshop](https://github.com/openfaas/workshop/)
-### About faasd
+### Deployment tutorials
-* faasd is a static Golang binary
+* [Use multipass on Windows, MacOS or Linux](/docs/MULTIPASS.md)
-* uses the same core components and ecosystem of OpenFaaS
+* [Deploy to DigitalOcean with Terraform and TLS](https://www.openfaas.com/blog/faasd-tls-terraform/)
-* uses containerd for its runtime and CNI for networking
+* [Deploy to any IaaS with cloud-init](https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/)
-* is multi-arch, so works on Intel `x86_64` and ARM out the box
+* [Deploy faasd to your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 * can run almost any other stateful container through its `docker-compose.yaml` file
-Most importantly, it's easy to manage so you can set it up and leave it alone to run your functions.
+Terraform scripts:
-[![demo](https://pbs.twimg.com/media/EPNQz00W4AEwDxM?format=jpg&name=medium)](https://www.youtube.com/watch?v=WX1tZoSXy8E)
+* [Provision faasd on DigitalOcean with Terraform](docs/bootstrap/README.md)
 * [Provision faasd with TLS on DigitalOcean with Terraform](docs/bootstrap/digitalocean-terraform/README.md)
 > Demo of faasd running asynchronous functions
-Watch the video: [faasd walk-through with cloud-init and Multipass](https://www.youtube.com/watch?v=WX1tZoSXy8E)
+### Training / Handbook
-### What does faasd deploy?
+You can find various resources to learn about faasd for free, however the official handbook is the most comprehensive guide to getting started with faasd and OpenFaaS.
-* faasd - itself, and its [faas-provider](https://github.com/openfaas/faas-provider) for containerd - CRUD for functions and services, implements the OpenFaaS REST API
+["Serverless For Everyone Else"](https://openfaas.gumroad.com/l/serverless-for-everyone-else) is the official handbook and was written to contribute funds towards the upkeep and maintenance of the project.
 * [Prometheus](https://github.com/prometheus/prometheus) - for monitoring of services, metrics, scaling and dashboards
 * [OpenFaaS Gateway](https://github.com/openfaas/faas/tree/master/gateway) - the UI portal, CLI, and other OpenFaaS tooling can talk to this.
 * [OpenFaaS queue-worker for NATS](https://github.com/openfaas/nats-queue-worker) - run your invocations in the background without adding any code. See also: [asynchronous invocations](https://docs.openfaas.com/reference/triggers/#async-nats-streaming)
 * [NATS](https://nats.io) for asynchronous processing and queues
 faasd relies on industry-standard tools for running containers:
-* [CNI](https://github.com/containernetworking/plugins)
+<a href="https://openfaas.gumroad.com/l/serverless-for-everyone-else">
 * [containerd](https://github.com/containerd/containerd)
 * [runc](https://github.com/opencontainers/runc)
 You can use the standard [faas-cli](https://github.com/openfaas/faas-cli) along with pre-packaged functions from *the Function Store*, or build your own using any OpenFaaS template.
 ### When should you use faasd over OpenFaaS on Kubernetes?
 * To deploy microservices and functions that you can update and monitor remotely
 * When you don't have the bandwidth to learn or manage Kubernetes
 * To deploy embedded apps in IoT and edge use-cases
 * To distribute applications to a customer or client
 * You have a cost sensitive project - run faasd on a 1GB VM for 5-10 USD / mo or on your Raspberry Pi
 * When you just need a few functions or microservices, without the cost of a cluster
 faasd does not create the same maintenance burden you'll find with maintaining, upgrading, and securing a Kubernetes cluster. You can deploy it and walk away, in the worst case, just deploy a new VM and deploy your functions again.
 You can learn more about supported OpenFaaS features in the [ROADMAP.md](/docs/ROADMAP.md)
 ## Learning faasd
 The faasd project is MIT licensed and open source, and you will find some documentation, blog posts and videos for free.
 However, "Serverless For Everyone Else" is the official handbook and was written to contribute funds towards the upkeep and maintenance of the project.
 ### The official handbook and docs for faasd
 <a href="https://gumroad.com/l/serverless-for-everyone-else">
 <img src="https://www.alexellis.io/serverless.png" width="40%"></a>
 You'll learn how to deploy code in any language, lift and shift Dockerfiles, run requests in queues, write background jobs and to integrate with databases. faasd packages the same code as OpenFaaS, so you get built-in metrics for your HTTP endpoints, a user-friendly CLI, pre-packaged functions and templates from the store and a UI.
@ -114,58 +102,4 @@ Topics include:
 View sample pages, reviews and testimonials on Gumroad:
-["Serverless For Everyone Else"](https://gumroad.com/l/serverless-for-everyone-else)
+["Serverless For Everyone Else"](https://openfaas.gumroad.com/l/serverless-for-everyone-else)
 ### Deploy faasd
 The easiest way to deploy faasd is with cloud-init, we give several examples below, and post IaaS platforms will accept "user-data" pasted into their UI, or via their API.
 For trying it out on MacOS or Windows, we recommend using [multipass](https://multipass.run) to run faasd in a VM.
 If you don't use cloud-init, or have already created your Linux server you can use the installation script as per below:
 ```bash
 git clone https://github.com/openfaas/faasd --depth=1
 cd faasd
 ./hack/install.sh
 ```
 > This approach also works for Raspberry Pi
 It's recommended that you do not install Docker on the same host as faasd, since 1) they may both use different versions of containerd and 2) docker's networking rules can disrupt faasd's networking. When using faasd - make your faasd server a faasd server, and build container image on your laptop or in a CI pipeline.
 #### Deployment tutorials
 * [Use multipass on Windows, MacOS or Linux](/docs/MULTIPASS.md)
 * [Deploy to DigitalOcean with Terraform and TLS](https://www.openfaas.com/blog/faasd-tls-terraform/)
 * [Deploy to any IaaS with cloud-init](https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/)
 * [Deploy faasd to your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 Terraform scripts:
 * [Provision faasd on DigitalOcean with Terraform](docs/bootstrap/README.md)
 * [Provision faasd with TLS on DigitalOcean with Terraform](docs/bootstrap/digitalocean-terraform/README.md)
 ### Function and template store
 For community functions see `faas-cli store --help`
 For templates built by the community see: `faas-cli template store list`, you can also use the `dockerfile` template if you just want to migrate an existing service without the benefits of using a template.
 ### Community support
 Commercial users and solo business owners should become OpenFaaS GitHub Sponsors to receive regular email updates on changes, tutorials and new features.
 If you are learning faasd, or want to share your use-case, you can join the OpenFaaS Slack community.
 * [Become an OpenFaaS GitHub Sponsor](https://github.com/sponsors/openfaas/)
 * [Join the weekly Office Hours call](https://docs.openfaas.com/community/)
 ### Backlog, features, design limitations and any known issues
 For open backlog items, shipped features, design limitations and any known issues, see [ROADMAP.md](docs/ROADMAP.md)
 Want to build a patch without setting up a complete development environment? See [docs/PATCHES.md](docs/PATCHES.md)
 Are you looking to hack on faasd? Follow the [developer instructions](docs/DEV.md) for a manual installation, or use the `hack/install.sh` script and pick up from there.
--- a/cmd/install.go
+++ b/cmd/install.go
@ -50,54 +50,52 @@ func runInstall(_ *cobra.Command, _ []string) error {
 		return err
 	}
-	err := binExists("/usr/local/bin/", "faasd")
+	if err := binExists("/usr/local/bin/", "faasd"); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.InstallUnit("faasd-provider", map[string]string{
+	if err := systemd.InstallUnit("faasd-provider", map[string]string{
 		"Cwd":             faasdProviderWd,
-		"SecretMountPath": path.Join(faasdwd, "secrets")})
+		"SecretMountPath": path.Join(faasdwd, "secrets")}); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.InstallUnit("faasd", map[string]string{"Cwd": faasdwd})
+	if err := systemd.InstallUnit("faasd", map[string]string{"Cwd": faasdwd}); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.DaemonReload()
+	if err := systemd.DaemonReload(); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.Enable("faasd-provider")
+	if err := systemd.Enable("faasd-provider"); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.Enable("faasd")
+	if err := systemd.Enable("faasd"); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.Start("faasd-provider")
+	if err := systemd.Start("faasd-provider"); err != nil {
 	if err != nil {
 		return err
 	}
-	err = systemd.Start("faasd")
+	if err := systemd.Start("faasd"); err != nil {
 	if err != nil {
 		return err
 	}
-	fmt.Println(`Check status with:
+	fmt.Println(`
 The initial setup downloads various container images, which may take a 
 minute or two depending on your connection.
 Check the status of the faasd service with:
  sudo journalctl -u faasd --lines 100 -f
 Login with:
-  sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s`)
+  sudo -E cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s`)
 	fmt.Println("")
 	return nil
 }
--- a/cmd/provider.go
+++ b/cmd/provider.go
@ -3,7 +3,6 @@ package cmd
 import (
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@ -30,91 +29,81 @@ func makeProviderCmd() *cobra.Command {
 		Short: "Run the faasd-provider",
 	}
-	command.Flags().String("pull-policy", "Always", `Set to "Always" to force a pull of images upon deployment, or "IfNotPresent" to try to use a cached image.`)
+	command.RunE = runProviderE
-
+	command.PreRunE = preRunE
 	command.RunE = func(_ *cobra.Command, _ []string) error {
 		pullPolicy, flagErr := command.Flags().GetString("pull-policy")
 		if flagErr != nil {
 			return flagErr
 		}
 		alwaysPull := false
 		if pullPolicy == "Always" {
 			alwaysPull = true
 		}
 		config, providerConfig, err := config.ReadFromEnv(types.OsEnv{})
 		if err != nil {
 			return err
 		}
 		log.Printf("faasd-provider starting..\tService Timeout: %s\n", config.WriteTimeout.String())
 		printVersion()
 		wd, err := os.Getwd()
 		if err != nil {
 			return err
 		}
 		writeHostsErr := ioutil.WriteFile(path.Join(wd, "hosts"),
 			[]byte(`127.0.0.1	localhost`), workingDirectoryPermission)
 		if writeHostsErr != nil {
 			return fmt.Errorf("cannot write hosts file: %s", writeHostsErr)
 		}
 		writeResolvErr := ioutil.WriteFile(path.Join(wd, "resolv.conf"),
 			[]byte(`nameserver 8.8.8.8`), workingDirectoryPermission)
 		if writeResolvErr != nil {
 			return fmt.Errorf("cannot write resolv.conf file: %s", writeResolvErr)
 		}
 		cni, err := cninetwork.InitNetwork()
 		if err != nil {
 			return err
 		}
 		client, err := containerd.New(providerConfig.Sock)
 		if err != nil {
 			return err
 		}
 		defer client.Close()
 		invokeResolver := handlers.NewInvokeResolver(client)
 		baseUserSecretsPath := path.Join(wd, "secrets")
 		if err := moveSecretsToDefaultNamespaceSecrets(
 			baseUserSecretsPath,
 			faasd.DefaultFunctionNamespace); err != nil {
 			return err
 		}
 		bootstrapHandlers := types.FaaSHandlers{
 			FunctionProxy:  proxy.NewHandlerFunc(*config, invokeResolver),
 			DeleteFunction: handlers.MakeDeleteHandler(client, cni),
 			DeployFunction: handlers.MakeDeployHandler(client, cni, baseUserSecretsPath, alwaysPull),
 			FunctionLister: handlers.MakeReadHandler(client),
 			FunctionStatus: handlers.MakeReplicaReaderHandler(client),
 			ScaleFunction:  handlers.MakeReplicaUpdateHandler(client, cni),
 			UpdateFunction: handlers.MakeUpdateHandler(client, cni, baseUserSecretsPath, alwaysPull),
 			Health:         func(w http.ResponseWriter, r *http.Request) {},
 			Info:           handlers.MakeInfoHandler(Version, GitCommit),
 			ListNamespaces: handlers.MakeNamespacesLister(client),
 			Secrets:        handlers.MakeSecretHandler(client.NamespaceService(), baseUserSecretsPath),
 			Logs:           logs.NewLogHandlerFunc(faasdlogs.New(), config.ReadTimeout),
 		}
 		log.Printf("Listening on: 0.0.0.0:%d\n", *config.TCPPort)
 		bootstrap.Serve(&bootstrapHandlers, config)
 		return nil
 	}
 	return command
 }
 func runProviderE(cmd *cobra.Command, _ []string) error {
 	config, providerConfig, err := config.ReadFromEnv(types.OsEnv{})
 	if err != nil {
 		return err
 	}
 	log.Printf("faasd-provider starting..\tService Timeout: %s\n", config.WriteTimeout.String())
 	printVersion()
 	wd, err := os.Getwd()
 	if err != nil {
 		return err
 	}
 	if err := os.WriteFile(path.Join(wd, "hosts"),
 		[]byte(`127.0.0.1	localhost`), workingDirectoryPermission); err != nil {
 		return fmt.Errorf("cannot write hosts file: %s", err)
 	}
 	if err := os.WriteFile(path.Join(wd, "resolv.conf"),
 		[]byte(`nameserver 8.8.8.8
 nameserver 8.8.4.4`), workingDirectoryPermission); err != nil {
 		return fmt.Errorf("cannot write resolv.conf file: %s", err)
 	}
 	cni, err := cninetwork.InitNetwork()
 	if err != nil {
 		return err
 	}
 	client, err := containerd.New(providerConfig.Sock)
 	if err != nil {
 		return err
 	}
 	defer client.Close()
 	invokeResolver := handlers.NewInvokeResolver(client)
 	baseUserSecretsPath := path.Join(wd, "secrets")
 	if err := moveSecretsToDefaultNamespaceSecrets(
 		baseUserSecretsPath,
 		faasd.DefaultFunctionNamespace); err != nil {
 		return err
 	}
 	alwaysPull := true
 	bootstrapHandlers := types.FaaSHandlers{
 		FunctionProxy:   httpHeaderMiddleware(proxy.NewHandlerFunc(*config, invokeResolver, false)),
 		DeleteFunction:  httpHeaderMiddleware(handlers.MakeDeleteHandler(client, cni)),
 		DeployFunction:  httpHeaderMiddleware(handlers.MakeDeployHandler(client, cni, baseUserSecretsPath, alwaysPull)),
 		FunctionLister:  httpHeaderMiddleware(handlers.MakeReadHandler(client)),
 		FunctionStatus:  httpHeaderMiddleware(handlers.MakeReplicaReaderHandler(client)),
 		ScaleFunction:   httpHeaderMiddleware(handlers.MakeReplicaUpdateHandler(client, cni)),
 		UpdateFunction:  httpHeaderMiddleware(handlers.MakeUpdateHandler(client, cni, baseUserSecretsPath, alwaysPull)),
 		Health:          httpHeaderMiddleware(func(w http.ResponseWriter, r *http.Request) {}),
 		Info:            httpHeaderMiddleware(handlers.MakeInfoHandler(faasd.Version, faasd.GitCommit)),
 		ListNamespaces:  httpHeaderMiddleware(handlers.MakeNamespacesLister(client)),
 		Secrets:         httpHeaderMiddleware(handlers.MakeSecretHandler(client.NamespaceService(), baseUserSecretsPath)),
 		Logs:            httpHeaderMiddleware(logs.NewLogHandlerFunc(faasdlogs.New(), config.ReadTimeout)),
 		MutateNamespace: httpHeaderMiddleware(handlers.MakeMutateNamespace(client)),
 	}
 	log.Printf("Listening on: 0.0.0.0:%d", *config.TCPPort)
 	bootstrap.Serve(cmd.Context(), &bootstrapHandlers, config)
 	return nil
 }
 /*
 * Mutiple namespace support was added after release 0.13.0
 * Function will help users to migrate on multiple namespace support of faasd
@ -127,7 +116,7 @@ func moveSecretsToDefaultNamespaceSecrets(baseSecretPath string, defaultNamespac
 		return err
 	}
-	files, err := ioutil.ReadDir(baseSecretPath)
+	files, err := os.ReadDir(baseSecretPath)
 	if err != nil {
 		return err
 	}
@ -174,3 +163,10 @@ func copyFile(src, dst string) error {
 	return nil
 }
 func httpHeaderMiddleware(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("X-OpenFaaS-EULA", "openfaas-ce")
 		next.ServeHTTP(w, r)
 	}
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/morikuni/aec"
 	"github.com/openfaas/faasd/pkg"
 	"github.com/spf13/cobra"
 )
@ -16,25 +17,15 @@ func init() {
 	rootCommand.AddCommand(installCmd)
 	rootCommand.AddCommand(makeProviderCmd())
 	rootCommand.AddCommand(collectCmd)
 	rootCommand.AddCommand(makeServiceCmd())
 }
 func RootCommand() *cobra.Command {
 	return rootCommand
 }
 var (
 	// GitCommit Git Commit SHA
 	GitCommit string
 	// Version version of the CLI
 	Version string
 )
 // Execute faasd
-func Execute(version, gitCommit string) error {
+func Execute() error {
 	// Get Version and GitCommit values from main.go.
 	Version = version
 	GitCommit = gitCommit
 	if err := rootCommand.Execute(); err != nil {
 		return err
@ -46,12 +37,16 @@ var rootCommand = &cobra.Command{
 	Use:   "faasd",
 	Short: "Start faasd",
 	Long: `
-faasd - Serverless For Everyone Else
+faasd Community Edition (CE):
 Learn how to build, secure, and monitor functions with faasd with 
 the eBook:
-https://gumroad.com/l/serverless-for-everyone-else
+https://openfaas.gumroad.com/l/serverless-for-everyone-else
 License: OpenFaaS CE EULA with faasd addendum:
 https://github.com/openfaas/faasd/blob/master/EULA.md
 `,
 	RunE:         runRootCommand,
 	SilenceUsage: true,
@ -78,7 +73,7 @@ func parseBaseCommand(_ *cobra.Command, _ []string) {
 }
 func printVersion() {
-	fmt.Printf("faasd version: %s\tcommit: %s\n", GetVersion(), GitCommit)
+	fmt.Printf("faasd Community Edition (CE) version: %s\tcommit: %s\n", pkg.GetVersion(), pkg.GitCommit)
 }
 func printLogo() {
@ -86,14 +81,6 @@ func printLogo() {
 	fmt.Println(logoText)
 }
 // GetVersion get latest version
 func GetVersion() string {
 	if len(Version) == 0 {
 		return "dev"
 	}
 	return Version
 }
 // Logo for version and root command
 const Logo = `  __                     _ 
 / _| __ _  __ _ ___  __| |
--- a/cmd/service.go
+++ b/cmd/service.go
@ -0,0 +1,22 @@
 package cmd
 import "github.com/spf13/cobra"
 func makeServiceCmd() *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "service",
 		Short: "Manage services",
 		Long:  `Manage services created by faasd from the docker-compose.yml file`,
 	}
 	command.RunE = runServiceE
 	command.AddCommand(makeServiceLogsCmd())
 	return command
 }
 func runServiceE(cmd *cobra.Command, args []string) error {
 	return cmd.Help()
 }
--- a/cmd/service_logs.go
+++ b/cmd/service_logs.go
@ -0,0 +1,89 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"time"
 	goexecute "github.com/alexellis/go-execute/v2"
 	"github.com/spf13/cobra"
 )
 func makeServiceLogsCmd() *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "logs",
 		Short: "View logs for a service",
 		Long:  `View logs for a service created by faasd from the docker-compose.yml file.`,
 		Example: `  ## View logs for the gateway for the last hour
  faasd service logs gateway --since 1h
  ## View logs for the cron-connector, and tail them
  faasd service logs cron-connector -f
 `,
 	}
 	command.Flags().Duration("since", 10*time.Minute, "How far back in time to include logs")
 	command.Flags().BoolP("follow", "f", false, "Follow the logs")
 	command.RunE = runServiceLogsE
 	command.PreRunE = preRunServiceLogsE
 	return command
 }
 func runServiceLogsE(cmd *cobra.Command, args []string) error {
 	name := args[0]
 	namespace, _ := cmd.Flags().GetString("namespace")
 	follow, _ := cmd.Flags().GetBool("follow")
 	since, _ := cmd.Flags().GetDuration("since")
 	journalTask := goexecute.ExecTask{
 		Command:     "journalctl",
 		Args:        []string{"-o", "cat", "-t", fmt.Sprintf("%s:%s", namespace, name)},
 		StreamStdio: true,
 	}
 	if follow {
 		journalTask.Args = append(journalTask.Args, "-f")
 	}
 	if since != 0 {
 		// Calculate the timestamp that is 'age' duration ago
 		sinceTime := time.Now().Add(-since)
 		// Format according to journalctl's expected format: "2012-10-30 18:17:16"
 		formattedTime := sinceTime.Format("2006-01-02 15:04:05")
 		journalTask.Args = append(journalTask.Args, fmt.Sprintf("--since=%s", formattedTime))
 	}
 	res, err := journalTask.Execute(context.Background())
 	if err != nil {
 		return err
 	}
 	if res.ExitCode != 0 {
 		return fmt.Errorf("failed to get logs for service %s: %s", name, res.Stderr)
 	}
 	return nil
 }
 func preRunServiceLogsE(cmd *cobra.Command, args []string) error {
 	if os.Geteuid() != 0 {
 		return errors.New("this command must be run as root")
 	}
 	if len(args) == 0 {
 		return errors.New("service name is required as an argument")
 	}
 	namespace, _ := cmd.Flags().GetString("namespace")
 	if namespace == "" {
 		return errors.New("namespace is required")
 	}
 	return nil
 }
--- a/cmd/up.go
+++ b/cmd/up.go
@ -2,7 +2,6 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
 	"log"
 	"os"
 	"os/signal"
@ -39,9 +38,10 @@ func init() {
 }
 var upCmd = &cobra.Command{
-	Use:   "up",
+	Use:     "up",
-	Short: "Start faasd",
+	Short:   "Start faasd",
-	RunE:  runUp,
+	RunE:    runUp,
 	PreRunE: preRunE,
 }
 func runUp(cmd *cobra.Command, _ []string) error {
@ -166,7 +166,7 @@ func makeFile(filePath, fileContents string) error {
 		return nil
 	} else if os.IsNotExist(err) {
 		log.Printf("Writing to: %q\n", filePath)
-		return ioutil.WriteFile(filePath, []byte(fileContents), workingDirectoryPermission)
+		return os.WriteFile(filePath, []byte(fileContents), workingDirectoryPermission)
 	} else {
 		return err
 	}
@ -204,3 +204,11 @@ func parseUpFlags(cmd *cobra.Command) (upConfig, error) {
 	parsed.workingDir = faasdwd
 	return parsed, err
 }
 func preRunE(cmd *cobra.Command, _ []string) error {
 	if err := pkg.ConnectivityCheck(); err != nil {
 		return fmt.Errorf("the OpenFaaS CE EULA requires Internet access, upgrade to faasd Pro to continue")
 	}
 	return nil
 }
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -2,7 +2,7 @@ version: "3.7"
 services:
  nats:
-    image: docker.io/library/nats-streaming:0.25.3
+    image: docker.io/library/nats-streaming:0.25.6
 # nobody
    user: "65534"
    command:
@ -21,7 +21,7 @@ services:
    #    - "127.0.0.1:8222:8222"
  prometheus:
-    image: docker.io/prom/prometheus:v2.42.0
+    image: docker.io/prom/prometheus:v3.1.0
 # nobody
    user: "65534"
    volumes:
@ -39,7 +39,7 @@ services:
       - "127.0.0.1:9090:9090"
  gateway:
-    image: ghcr.io/openfaas/gateway:0.26.3
+    image: ghcr.io/openfaas/gateway:0.27.12
    environment:
      - basic_auth=true
      - functions_provider_url=http://faasd-provider:8081/
@ -69,7 +69,7 @@ services:
       - "8080:8080"
  queue-worker:
-    image: ghcr.io/openfaas/queue-worker:0.13.3
+    image: ghcr.io/openfaas/queue-worker:0.14.2
    environment:
      - faas_nats_address=nats
      - faas_nats_port=4222
--- a/docs/DEV.md
+++ b/docs/DEV.md
@ -28,7 +28,7 @@ If you're using multipass, then allocate sufficient resources:
 ```bash
 multipass launch \
-  --mem 4G \
+  --memory 4G \
  -c 2 \
  -n faasd
@ -57,7 +57,6 @@ curl -sLS https://cli.openfaas.com | sudo sh
 #### Install the CNI plugins:
 * For PC run `export ARCH=amd64`
 * For RPi/armhf run `export ARCH=arm`
 * For arm64 run `export ARCH=arm64`
 Then run:
@ -83,30 +82,17 @@ EOF'
 ### Get containerd
 You have three options - binaries for PC, binaries for armhf, or build from source.
 * Install containerd `x86_64` only
 ```bash
-export VER=1.7.0
+export VER=1.7.27
 curl -sSL https://github.com/containerd/containerd/releases/download/v$VER/containerd-$VER-linux-amd64.tar.gz -o /tmp/containerd.tar.gz \
  && sudo tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
 containerd -version
 ```
 * Or get my containerd binaries for Raspberry Pi (armhf)
    Building `containerd` on armhf is extremely slow, so I've provided binaries for you.
    ```bash
    export VER=1.7.0
    curl -sSL https://github.com/alexellis/containerd-armhf/releases/download/v$VER/containerd-$VER-linux-armhf.tar.gz
 | sudo tar -xvz --strip-components=2 -C /usr/local/bin/
    ```
 * Or clone / build / install [containerd](https://github.com/containerd/containerd) from source:
    ```bash
@ -116,7 +102,7 @@ containerd -version
    git clone https://github.com/containerd/containerd
    cd containerd
    git fetch origin --tags
-    git checkout v1.7.0
+    git checkout v1.7.27
    make
    sudo make install
@ -127,7 +113,7 @@ containerd -version
 #### Ensure containerd is running
 ```bash
-curl -sLS https://raw.githubusercontent.com/containerd/containerd/v1.7.0/containerd.service > /tmp/containerd.service
+curl -sLS https://raw.githubusercontent.com/containerd/containerd/v1.7.27/containerd.service > /tmp/containerd.service
 # Extend the timeouts for low-performance VMs
 echo "[Manager]" | tee -a /tmp/containerd.service
@ -234,9 +220,6 @@ sudo cp bin/faasd /usr/local/bin
 # For x86_64
 export SUFFIX=""
 # armhf
 export SUFFIX="-armhf"
 # arm64
 export SUFFIX="-arm64"
@ -257,7 +240,7 @@ sudo faasd install
 2020/02/17 17:38:06 Writing to: "/var/lib/faasd/secrets/basic-auth-password"
 2020/02/17 17:38:06 Writing to: "/var/lib/faasd/secrets/basic-auth-user"
 Login with:
-  sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
+  sudo -E cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
 ```
 You can now log in either from this machine or a remote machine using the OpenFaaS UI, or CLI.
--- a/docs/MULTIPASS.md
+++ b/docs/MULTIPASS.md
@ -40,7 +40,7 @@ It took me about 2-3 minutes to run through everything after installing multipas
    sed "s/ssh-rsa.*/$(cat $HOME/.ssh/id_*.pub)/" cloud-config.txt | multipass launch --name faasd --cloud-init -
    ```
-    This can also be done manually, just replace the 2nd line of the `cloud-config.txt` with the coPntents of your public ssh key, usually either `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub`
+    This can also be done manually, just replace the 2nd line of the `cloud-config.txt` with the contents of your public ssh key, usually either `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub`
    ```
    ssh_authorized_keys:
--- a/docs/PATCHES.md
+++ b/docs/PATCHES.md
@ -12,7 +12,7 @@ Your SSH key will be used, so that you can copy a new faasd binary over to the h
 ```bash
 multipass launch \
-  --mem 4G \
+  --memory 4G \
  -c 2 \
  -n faasd
@ -84,5 +84,5 @@ See the testing instructions on the PR and run through those steps.
 Post your results on GitHub to assist the creator of the pull request.
-You can see how to get the logs for various components using the [eBook Serverless For Everyone Else](https://gumroad.com/l/serverless-for-everyone-else), or by consulting the [DEV.md](/docs/DEV.md) guide.
+You can see how to get the logs for various components using the [eBook Serverless For Everyone Else](https://openfaas.gumroad.com/l/serverless-for-everyone-else), or by consulting the [DEV.md](/docs/DEV.md) guide.
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@ -1,12 +1,12 @@
 # faasd backlog and features
-It's important to understand the vision for faasd vs OpenFaaS CE/Pro.
+It's important to understand the vision and tradeoffs between OpenFaaS Edge (faasd-pro) vs. OpenFaaS on Kubernetes.
 faasd is a single-node implementation of OpenFaaS.
-It is supposed to be a lightweight, low-overhead, way to deploy OpenFaaS functions for functions which do not need planet-scale.
+It is supposed to be a lightweight, low-overhead, way to deploy OpenFaaS functions for functions which do not need to scale out.
-It is not supposed to have multiple replicas, clustering, HA, or auto-scaling.
+It is not supposed to have multiple replicas, clustering, High Availability (HA), or auto-scaling.
 [Learn when to use faasd](https://docs.openfaas.com/deployment/)
@ -43,12 +43,6 @@ It can scale vertically, and this may be a suitable alternative for many use-cas
 Workaround: deploy multiple, dynamically named functions `scraper-1`, `scraper-2`, `scraper-3` and set up a reverse proxy rule to load balance i.e. `scraper.example.com => [/function/scraper-1, /function/scraper-2, /function/scraper-3]`.
 ### Scale from zero may give a non-200
 faasd itself does not implement a health check to determine if a function is ready for traffic. Since faasd doesn't support auto-scaling, this is unlikely to affect you.
 Workaround: Have your client retry HTTP calls, or don't scale to zero.
 ### Leaf-node only - no clustering
 faasd is operates on a leaf-node/single-node model. If this is an issue for you, but you have resource constraints, you will need to use [OpenFaaS CE or Pro on Kubernetes](https://docs.openfaas.com/deployment/).
@ -77,7 +71,7 @@ There is a very detailed chapter on troubleshooting in the eBook [Serverless For
 ### Your function timed-out at 60 seconds
-This is no longer an issue, see the manual for how to configure a longer timeout, updated 3rd October 2022.
+See the manual for how to configure a longer timeouts.
 ### Non 200 HTTP status from the gateway upon reboot
@ -135,7 +129,7 @@ Won't have:
 * [x] Self-install / create systemd service via `faasd install`
 * [x] Restart containers upon restart of faasd
 * [x] Clear / remove containers and tasks with SIGTERM / SIGINT
-* [x] Determine armhf/arm64 containers to run for gateway
+* [x] Determine arm64 containers to run for gateway
 * [x] Configure `basic_auth` to protect the OpenFaaS gateway and faasd-provider HTTP API
 * [x] Setup custom working directory for faasd `/var/lib/faasd/`
 * [x] Use CNI to create network namespaces and adapters
@ -148,4 +142,6 @@ Won't have:
 * [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
 * [x] An installer for faasd and dependencies - runc, containerd
 * [x] Offer a recommendation or implement a strategy for faasd replication/HA
-
+* [x] [Remove / deprecate armhf / armv7 support](https://github.com/openfaas/faasd/issues/364)
 * [x] Add support for CPU/RAM metrics in the UI, CLI and API
 * [x] Network segmentation (functions cannot talk to each other or the host)
--- a/go.mod
+++ b/go.mod
@ -1,123 +1,101 @@
 module github.com/openfaas/faasd
-go 1.19
+go 1.23.0
 toolchain go1.23.7
 require (
-	github.com/alexellis/arkade v0.0.0-20230317160202-4d8f80c5b033
+	github.com/alexellis/arkade v0.0.0-20240320084407-6cf4a641c415
 	github.com/alexellis/go-execute v0.5.0
 	github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05
-	github.com/containerd/containerd v1.7.0
+	github.com/containerd/containerd v1.7.27
 	github.com/containerd/go-cni v1.1.9
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
-	github.com/docker/cli v23.0.1+incompatible
+	github.com/docker/cli v24.0.7+incompatible
-	github.com/docker/distribution v2.8.1+incompatible
+	github.com/docker/docker v24.0.7+incompatible // indirect
 	github.com/docker/docker v23.0.1+incompatible // indirect
 	github.com/docker/go-units v0.5.0
-	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/mux v1.8.1
 	github.com/morikuni/aec v1.0.0
-	github.com/opencontainers/runtime-spec v1.1.0-rc.1
+	github.com/opencontainers/runtime-spec v1.1.0
-	github.com/openfaas/faas-provider v0.21.0
+	github.com/openfaas/faas-provider v0.25.3
 	github.com/openfaas/faas/gateway v0.0.0-20230317100158-e44448c5dca2
 	github.com/pkg/errors v0.9.1
 	github.com/sethvargo/go-password v0.2.0
-	github.com/spf13/cobra v1.6.1
+	github.com/spf13/cobra v1.8.0
 	github.com/spf13/pflag v1.0.5
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	github.com/vishvananda/netns v0.0.4
-	golang.org/x/sys v0.6.0
+	golang.org/x/sys v0.31.0
-	k8s.io/apimachinery v0.26.3
+	k8s.io/apimachinery v0.29.3
 )
 require (
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
+	github.com/alexellis/go-execute/v2 v2.2.1
 	github.com/distribution/reference v0.6.0
 )
 require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
-	github.com/Masterminds/semver v1.5.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
+	github.com/Microsoft/hcsshim v0.11.7 // indirect
 	github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect
 	github.com/cheggaaa/pb/v3 v3.1.2 // indirect
 	github.com/cilium/ebpf v0.9.1 // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
-	github.com/containerd/console v1.0.3 // indirect
+	github.com/containerd/containerd/api v1.8.0 // indirect
-	github.com/containerd/continuity v0.3.0 // indirect
+	github.com/containerd/continuity v0.4.4 // indirect
 	github.com/containerd/errdefs v0.3.0 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
+	github.com/containerd/log v0.1.0 // indirect
-	github.com/containerd/ttrpc v1.2.1 // indirect
+	github.com/containerd/platforms v0.2.1 // indirect
-	github.com/containerd/typeurl/v2 v2.1.0 // indirect
+	github.com/containerd/ttrpc v1.2.7 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/containernetworking/cni v1.1.2 // indirect
-	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/distribution/distribution/v3 v3.0.0-20230214150026-36d8c594d7aa // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
-	github.com/fatih/color v1.15.0 // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-containerregistry v0.14.0 // indirect
+	github.com/google/uuid v1.4.0 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.14 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/compress v1.16.3 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/kr/text v0.2.0 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/sys/mountinfo v0.6.2 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
-	github.com/mrunalp/fileutils v0.5.0 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
-	github.com/nats-io/nats.go v1.24.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/nats-io/nkeys v0.4.4 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/nats-io/stan.go v0.10.4 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opencontainers/runc v1.1.4 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
-	github.com/openfaas/nats-queue-worker v0.0.0-20230303171817-9dfe6fa61387 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
-	github.com/otiai10/copy v1.9.0 // indirect
+	github.com/prometheus/client_model v0.6.0 // indirect
-	github.com/prometheus/client_golang v1.14.0 // indirect
+	github.com/prometheus/common v0.51.1 // indirect
-	github.com/prometheus/client_model v0.3.0 // indirect
+	github.com/prometheus/procfs v0.13.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
 	github.com/urfave/cli v1.22.12 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
-	golang.org/x/crypto v0.7.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
-	golang.org/x/mod v0.9.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/tools v0.7.0 // indirect
+	google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
-	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
-	google.golang.org/grpc v1.53.0 // indirect
+	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/protobuf v1.35.2 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	gotest.tools/v3 v3.0.3 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,137 +1,68 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
 cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652 h1:+vTEFqeoeur6XSq06bs+roX3YiT49gUniJK7Zky7Xjg=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
+github.com/Microsoft/hcsshim v0.11.7 h1:vl/nj3Bar/CvJSYo7gIQPyRWc9f3c6IeSNavBTSZNZQ=
-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
-github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
+github.com/alexellis/arkade v0.0.0-20240320084407-6cf4a641c415 h1:mLD1eSfXbmXcwKMP1AsFl01G2U16aC9E22Tcjehyyrw=
-github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
+github.com/alexellis/arkade v0.0.0-20240320084407-6cf4a641c415/go.mod h1:3sT9Gq9WUFG9Wwz9dFbRRc/2L3yepsA4p272aG2DR6w=
-github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
+github.com/alexellis/go-execute/v2 v2.2.1 h1:4Ye3jiCKQarstODOEmqDSRCqxMHLkC92Bhse743RdOI=
-github.com/Microsoft/hcsshim v0.10.0-rc.7/go.mod h1:ILuwjA+kNW+MrN/w5un7n3mTqkwsFu4Bp05/okFUZlE=
+github.com/alexellis/go-execute/v2 v2.2.1/go.mod h1:FMdRnUTiFAmYXcv23txrp3VYZfLo24nMpiIneWgKHTQ=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alexellis/arkade v0.0.0-20220922114024-7b7ade38cff9 h1:drPJV7B1oeWb84D9EV8EYpGPzY/mgFM0iMi2e+VXvII=
 github.com/alexellis/arkade v0.0.0-20220922114024-7b7ade38cff9/go.mod h1:KciGSe/OKQvM2yfesl5jelLr7wQIJBfLtUMUuGJ2xyo=
 github.com/alexellis/arkade v0.0.0-20230317160202-4d8f80c5b033 h1:nq1a5V5MOoiLIKLOpB6HGeoRjdzKFoFQ6S1jMwIPdDY=
 github.com/alexellis/arkade v0.0.0-20230317160202-4d8f80c5b033/go.mod h1:T8i2qJQ5D13uTn+IgGCpC+ylJ3fb+bcnfrLppWcCuSo=
 github.com/alexellis/go-execute v0.5.0 h1:L8kgNlFzNbJov7jrInlaig7i6ZUSz/tYYmqvb8dyD0s=
 github.com/alexellis/go-execute v0.5.0/go.mod h1:AgHTcsCF9wrP0mMVTO8N+lFw1Biy71NybBOk8M+qgy8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0 h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
 github.com/cheggaaa/pb/v3 v3.1.2 h1:FIxT3ZjOj9XJl0U4o2XbEhjFfZl7jCVCDOGq1ZAB7wQ=
 github.com/cheggaaa/pb/v3 v3.1.2/go.mod h1:SNjnd0yKcW+kw0brSusraeDd5Bf1zBfxAzTL2ss3yQ4=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/cilium/ebpf v0.9.1 h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4=
 github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05 h1:3CoRXflT4IAdIpsFTqZBlLuHOkHYhBvW0iijkQKm4QY=
 github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05/go.mod h1:y75QUr1jcR5aFNf3Tj3dhwnujABGz6UaRrZ5qZwF1cc=
 github.com/compose-spec/compose-go v1.13.0 h1:HHMc1XvnHJr9LUS7fPiiQeTSmGtEp+myn7jGnXgIoXE=
 github.com/compose-spec/compose-go v1.13.0/go.mod h1:uo+YhhqDpkW9MjZNzJgOLX3MlbK6zHaBo9n8LhGDwsg=
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
-github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw=
+github.com/containerd/containerd v1.7.27 h1:yFyEyojddO3MIGVER2xJLWoCIn+Up4GaHFquP7hsFII=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
+github.com/containerd/containerd v1.7.27/go.mod h1:xZmPnl75Vc+BLGt4MIfu6bp+fy03gdHAn9bz+FreFR0=
-github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
+github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0=
-github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
+github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
-github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
+github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
 github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
 github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
 github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
 github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU=
 github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/containerd/ttrpc v1.2.1 h1:VWv/Rzx023TBLv4WQ+9WPXlBG/s3rsRjY3i9AJ2BJdE=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
-github.com/containerd/ttrpc v1.2.1/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
-github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=
+github.com/containerd/ttrpc v1.2.7 h1:qIrroQvuOL9HQ1X6KHe2ohc7p+HP/0VE6XPU7elJRqQ=
-github.com/containerd/typeurl/v2 v2.1.0 h1:yNAhJvbNEANt7ck48IlEGOxP7YAp6LLpGn5jZACDNIE=
+github.com/containerd/ttrpc v1.2.7/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
-github.com/containerd/typeurl/v2 v2.1.0/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
 github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
 github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/distribution/distribution/v3 v3.0.0-20230214150026-36d8c594d7aa h1:L9Ay/slwQ4ERSPaurC+TVkZrM0K98GNrEEo1En3e8as=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
-github.com/distribution/distribution/v3 v3.0.0-20230214150026-36d8c594d7aa/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v20.10.20+incompatible h1:lWQbHSHUFs7KraSN2jOJK7zbMS2jNCHI4mt4xUFUVQ4=
+github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
-github.com/docker/cli v20.10.20+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM=
+github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
-github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
+github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/docker v20.10.20+incompatible h1:kH9tx6XO+359d+iAkumyKDc5Q1kOwPuAUaeri48nD6E=
 github.com/docker/docker v20.10.20+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY=
 github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
@ -143,57 +74,27 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
-github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
 github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
 github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
@ -203,277 +104,132 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.14.0 h1:z58vMqHxuwvAsVwvKEkmVBz2TlgBgH5k6koEXBtlYkw=
 github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/imdario/mergo v0.3.14 h1:fOqeC1+nCuuk6PKQdg9YmosXX7Y7mHX6R/0ZldI9iHo=
 github.com/imdario/mergo v0.3.14/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
+github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
 github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY=
 github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
 github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo=
 github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
 github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
 github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/nats-io/nats.go v1.22.1 h1:XzfqDspY0RNufzdrB8c4hFR+R3dahkxlpWe5+IWJzbE=
 github.com/nats-io/nats.go v1.22.1/go.mod h1:tLqubohF7t4z3du1QDPYJIQQyhb4wl6DhjxEajSI7UA=
 github.com/nats-io/nats.go v1.24.0 h1:CRiD8L5GOQu/DcfkmgBcTTIQORMwizF+rPk6T0RaHVQ=
 github.com/nats-io/nats.go v1.24.0/go.mod h1:dVQF+BK3SzUZpwyzHedXsvH3EO38aVKuOPkkHlv5hXA=
 github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8=
 github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4=
 github.com/nats-io/nkeys v0.4.4 h1:xvBJ8d69TznjcQl9t6//Q5xXuVhyYiSos6RPtvQNTwA=
 github.com/nats-io/nkeys v0.4.4/go.mod h1:XUkxdLPTufzlihbamfzQ7mw/VGx6ObUs+0bN5sNvt64=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/nats-io/stan.go v0.10.4 h1:19GS/eD1SeQJaVkeM9EkvEYattnvnWrZ3wkSWSw4uXw=
 github.com/nats-io/stan.go v0.10.4/go.mod h1:3XJXH8GagrGqajoO/9+HgPyKV5MWsv7S5ccdda+pc6k=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
 github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs=
+github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
 github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys=
+github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg=
 github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
-github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg=
+github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v1.1.0-rc.1 h1:wHa9jroFfKGQqFHj0I1fMRKLl0pfj+ynAqBxo3v6u9w=
 github.com/opencontainers/runtime-spec v1.1.0-rc.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
-github.com/openfaas/faas-provider v0.19.1 h1:xH8lTWabfDZwzIvC0u1AO48ghD3BNw6Vo231DLqTeI0=
+github.com/openfaas/faas-provider v0.25.3 h1:cy5GKP1R/xZkPjg+9We7yqpfz298GrKw4ZRYJVprt7Q=
-github.com/openfaas/faas-provider v0.19.1/go.mod h1:Farrp+9Med8LeK3aoYpqplMP8f5ebTILbCSLg2LPLZk=
+github.com/openfaas/faas-provider v0.25.3/go.mod h1:NsETIfEndZn4mn/w/XnBTcDTwKqULCziphLp7KgeRcA=
 github.com/openfaas/faas-provider v0.21.0 h1:rnTy1Gpx+0YvqriQD8miQ2DfpOJXYZbV3VMqe8ri5lc=
 github.com/openfaas/faas-provider v0.21.0/go.mod h1:Farrp+9Med8LeK3aoYpqplMP8f5ebTILbCSLg2LPLZk=
 github.com/openfaas/faas/gateway v0.0.0-20220929193640-1a00a55c7703 h1:fXSQo1ZOSaWXcRMYO+c9w/zFWjhWatdA4by6DH4yoYY=
 github.com/openfaas/faas/gateway v0.0.0-20220929193640-1a00a55c7703/go.mod h1:AhwUKjx0PWhCsRBCsOyd9V4aHlUBd5DYfdsjJiFT73w=
 github.com/openfaas/faas/gateway v0.0.0-20230317100158-e44448c5dca2 h1:mSQlNX+etC2pd+yxZrkOj91vO0Vma75XHjI8+mKdS+A=
 github.com/openfaas/faas/gateway v0.0.0-20230317100158-e44448c5dca2/go.mod h1:iQNG+Up27CXDLHgIr9mcifTzaPD2mYOFTZW8MHxib7M=
 github.com/openfaas/nats-queue-worker v0.0.0-20230117214128-3615ccb286cc h1:qMcVTwdbRAqZtQrYS9rvUxnbQY6nmqf7CIsjp7A+cOo=
 github.com/openfaas/nats-queue-worker v0.0.0-20230117214128-3615ccb286cc/go.mod h1:s86POyW6C8S4CALFRhO8ax5sR2uaQUJQ0HaQGvbTpTc=
 github.com/openfaas/nats-queue-worker v0.0.0-20230303171817-9dfe6fa61387 h1:D4xbdy309Wdyhlm6PgJqUV/aR77VQQG8UTF+q0ay71c=
 github.com/openfaas/nats-queue-worker v0.0.0-20230303171817-9dfe6fa61387/go.mod h1:s86POyW6C8S4CALFRhO8ax5sR2uaQUJQ0HaQGvbTpTc=
 github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4=
 github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI=
 github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
 github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
 github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
 github.com/otiai10/mint v1.4.0/go.mod h1:gifjb2MYOoULtKLqUAEILUG/9KONW6f7YsJ6vQLTlFI=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
 github.com/prometheus/client_golang v1.14.0 h1:nJdhIvne2eSX/XRAFV9PcvFFRbrjbcTUj0VP62TMhnw=
 github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
+github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.51.1/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/prometheus/common v0.37.0 h1:ccBbHCgIiT9uSoFY0vX8H3zsNR5eLt17/RQLUvn8pXE=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
 github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
 github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo=
 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
 github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
 github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
 github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
 github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646 h1:RpforrEYXWkmGwJHIGnLZ3tTWStkjVVstwzNGqxX2Ds=
 github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI=
 github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
 github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.12 h1:igJgVw1JdKH+trcLWLeLwZjU9fEfPesQ+9/e4MQ44S8=
 github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8=
 github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME=
 github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.0-20220913150850-18c4f4234207 h1:nn7SOQy8xCu3iXNv7oiBhhEQtbWdnEOMnuKBlHvrqIM=
 github.com/vishvananda/netns v0.0.0-20220913150850-18c4f4234207/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@ -483,332 +239,110 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
 go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
 go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
 golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA=
 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
 golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.5.0 h1:+bSpV5HIeWkuvgaMfI3UmKRThoTA5ODJTUd8T17NO+4=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
 golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4=
 golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda h1:LI5DOvAxUPMv/50agcLLoo+AdWc1irS9Rzz4vPuD1V4=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA=
 google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@ -817,51 +351,31 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.29.0 h1:44S3JjaKmLEE4YIkjzexaP+NzZsudE3Zin5Njn/pYX0=
 google.golang.org/protobuf v1.29.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ=
 k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
 k8s.io/apimachinery v0.26.3 h1:dQx6PNETJ7nODU3XPtrwkfuubs6w7sX0M8n61zHIV/k=
 k8s.io/apimachinery v0.26.3/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/hack/build-containerd-arm64.sh
+++ b/hack/build-containerd-arm64.sh
@ -6,12 +6,8 @@
 export ARCH="arm64"
 if [ ! -d "/usr/local/go/bin" ]; then
-    echo "Downloading Go.."
+    curl -sLS https://get.arkade.dev | sudo sh
-    
+    sudo -E arkade system install go
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
@ -29,7 +25,7 @@ git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
-git checkout v1.7.0
+git checkout v1.7.27
 make
 sudo make install
--- a/hack/build-containerd-armhf.sh
+++ b/hack/build-containerd-armhf.sh
@ -1,37 +0,0 @@
 #!/bin/bash
 # See pre-reqs:
 # https://github.com/alexellis/containerd-arm
 export ARCH="arm64"
 if [ ! -d "/usr/local/go/bin" ]; then
    echo "Downloading Go.."
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/
 go version
 echo "Building containerd"
 mkdir -p $GOPATH/src/github.com/containerd
 cd $GOPATH/src/github.com/containerd
 git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
 git checkout v1.7.0
 make
 sudo make install
 sudo containerd --version
--- a/hack/build-containerd.sh
+++ b/hack/build-containerd.sh
@ -7,12 +7,8 @@
 export ARCH="arm64"
 if [ ! -d "/usr/local/go/bin" ]; then
-    echo "Downloading Go.."
+    curl -sLS https://get.arkade.dev | sudo sh
-    
+    sudo -E arkade system install go
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
@ -30,7 +26,7 @@ git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
-git checkout v1.7.0
+git checkout v1.7.27
 make
 sudo make install
--- a/hack/enable-journal.sh
+++ b/hack/enable-journal.sh
@ -0,0 +1,48 @@
 #!/bin/bash
 # Copyright OpenFaaS Ltd 2025
 # This script is for use with Droplets created on DigitalOcean, it will
 # ensure that systemd-journald is configured to log to disk and that
 # rsyslog is configured to read from systemd-journald.
 # Without this change, no logs will be available in the journal, and only
 # /var/log/syslog will be populated.
 set -e
 echo "Checking systemd-journald logs..."
 JOURNAL_STATUS=$(journalctl --no-pager -n 10 2>&1)
 if echo "$JOURNAL_STATUS" | grep -q "No journal files were found"; then
    echo "No journal files found. Fixing logging configuration..."
 else
    echo "Journald appears to be logging. No changes needed."
    exit 0
 fi
 # Backup original config before making changes
 sudo cp /etc/systemd/journald.conf /etc/systemd/journald.conf.bak
 # Ensure Storage is persistent
 sudo sed -i '/^#Storage=/c\Storage=persistent' /etc/systemd/journald.conf
 # Ensure logs are not forwarded only to syslog
 sudo sed -i '/^#ForwardToSyslog=/c\ForwardToSyslog=no' /etc/systemd/journald.conf
 # Restart systemd-journald
 echo "Restarting systemd-journald..."
 sudo systemctl restart systemd-journald
 # Check if rsyslog already loads imjournal
 if ! grep -q 'module(load="imjournal")' /etc/rsyslog.conf; then
    echo "Adding imjournal module to rsyslog..."
    echo 'module(load="imjournal" StateFile="/var/lib/rsyslog/imjournal.state")' | sudo tee -a /etc/rsyslog.conf
 fi
 # Restart rsyslog to apply changes
 echo "Restarting rsyslog..."
 sudo systemctl restart rsyslog
 echo "Done. Checking if logs appear in journald..."
 journalctl --no-pager -n 10
--- a/hack/faasd-provider.service
+++ b/hack/faasd-provider.service
@ -2,7 +2,7 @@
 Description=faasd-provider
 [Service]
-MemoryLimit=500M
+MemoryMax=500M
 Environment="secret_mount_path={{.SecretMountPath}}"
 Environment="basic_auth=true"
 Environment="hosts_dir=/var/lib/faasd"
--- a/hack/faasd.service
+++ b/hack/faasd.service
@ -3,7 +3,7 @@ Description=faasd
 After=faasd-provider.service
 [Service]
-MemoryLimit=500M
+MemoryMax=500M
 ExecStart=/usr/local/bin/faasd up
 Restart=on-failure
 RestartSec=10s
--- a/hack/install-edge.sh
+++ b/hack/install-edge.sh
@ -0,0 +1,132 @@
 #!/bin/bash
 # Copyright OpenFaaS Ltd 2025
 set -e # stop on error
 set -o pipefail
 export NEEDRESTART_MODE=a
 export DEBIAN_FRONTEND=noninteractive
 if [ "$EUID" -ne 0 ]; then
    echo "Please run as root or with sudo"
    exit
 fi
 has_dnf() {
  [ -n "$(command -v dnf)" ]
 }
 has_apt_get() {
  [ -n "$(command -v apt-get)" ]
 }
 has_pacman() {
  [ -n "$(command -v pacman)" ]
 }
 install_required_packages() {
  if $(has_apt_get); then
    echo iptables-persistent iptables-persistent/autosave_v4 boolean false | sudo debconf-set-selections
    echo iptables-persistent iptables-persistent/autosave_v6 boolean false | sudo debconf-set-selections
    # Debian bullseye is missing iptables. Added to required packages
    # to get it working in raspberry pi. No such known issues in
    # other distros. Hence, adding only to this block.
    # reference: https://github.com/openfaas/faasd/pull/237
    apt-get update -yq
    apt-get install -yq curl runc bridge-utils iptables iptables-persistent
  elif $(has_dnf); then
    dnf install -y \
      --allowerasing \
      --setopt=install_weak_deps=False \
      curl runc iptables-services bridge-utils which
  elif $(has_pacman); then
    pacman -Syy
    pacman -Sy curl runc bridge-utils
  else
    fatal "Could not find apt-get, yum, or pacman. Cannot install dependencies on this OS."
    exit 1
  fi
 }
 echo "OpenFaaS Edge combines faasd with OpenFaaS Standard"
 echo ""
 echo ""
 echo "1. Installing required OS packages, set SKIP_OS=1 to skip this step"
 echo ""
 if [ -z "$SKIP_OS" ]; then
    install_required_packages
 fi
 echo ""
 echo "2. Downloading OCI image, and installing pre-requisites"
 echo ""
 if [ ! -x "$(command -v arkade)" ]; then
    # For Centos, RHEL, Fedora, Amazon Linux, and Oracle Linux, use BINLOCATION=/usr/bin/
    if $(has_dnf); then
      BINLOCATION=/usr/bin/
    fi
    curl -sLS https://get.arkade.dev | BINLOCATION=${BINLOCATION} sh
 fi
 PATH=$PATH:$HOME/.arkade/bin
 tmpdir=$(mktemp -d)
 # Ensure all existing services are stopped when installing over an 
 # existing faasd installation
 systemctl stop faasd || :
 systemctl stop faasd-provider || :
 systemctl stop containerd || :
 killall -9 containerd-shim-runc-v2 || :
 killall -9 faasd || :
 # crane, or docker can also be used to download the OCI image and to extract it
 # Rather than the :latest tag, a specific tag can be given
 # Use "crane ls ghcr.io/openfaasltd/faasd-pro" to see available tags
 ${BINLOCATION}arkade oci install --path ${tmpdir} \
  ghcr.io/openfaasltd/faasd-pro:latest
 cd ${tmpdir}
 ./install.sh ./
 if has_dnf; then
  isRhelLike=true
 else
  isRhelLike=false
 fi
 binaryName="faasd"
 if [ "$isRhelLike" = true ]; then
  binaryName="/usr/local/bin/faasd"
 fi
 echo ""
 echo "3.1 Commercial users can create their license key as follows:"
 echo ""
 echo "sudo mkdir -p /var/lib/faasd/secrets"
 echo "sudo nano /var/lib/faasd/secrets/openfaas_license"
 echo ""
 echo "3.2 For personal, non-commercial use only, GitHub Sponsors of @openfaas (25USD+) can run:"
 echo ""
 echo "sudo -E ${binaryName} github login"
 echo "sudo -E ${binaryName} activate"
 echo ""
 echo "4. Then perform the final installation steps"
 echo ""
 echo "sudo -E sh -c \"cd ${tmpdir}/var/lib/faasd && ${binaryName} install\""
 echo ""
 echo "5. Refer to the complete handbook and supplementary documentation at:"
 echo ""
 echo "http://store.openfaas.com/l/serverless-for-everyone-else?layout=profile"
 echo ""
 echo "https://docs.openfaas.com/edge/overview"
 echo ""
--- a/hack/install.sh
+++ b/hack/install.sh
@ -36,13 +36,19 @@ if [ "$(id -u)" -eq 0 ]; then
 fi
 verify_system() {
  arch=$(uname -m)
  if [ "$arch" == "armv7l" ]; then
    fatal 'faasd requires a 64-bit Operating System, see: https://github.com/openfaas/faasd/issues/364'
  fi
  if ! [ -d /run/systemd ]; then
    fatal 'Can not find systemd to use as a process supervisor for faasd'
  fi
 }
-has_yum() {
+has_dnf() {
-  [ -n "$(command -v yum)" ]
+  [ -n "$(command -v dnf)" ]
 }
 has_apt_get() {
@ -61,14 +67,16 @@ install_required_packages() {
    # reference: https://github.com/openfaas/faasd/pull/237
    $SUDO apt-get update -y
    $SUDO apt-get install -y curl runc bridge-utils iptables
-  elif $(has_yum); then
+  elif $(has_dnf); then
-    $SUDO yum check-update -y
+    $SUDO dnf install -y \
-    $SUDO yum install -y curl runc iptables-services
+      --allowerasing \
      --setopt=install_weak_deps=False \
      curl runc iptables-services bridge-utils
  elif $(has_pacman); then
    $SUDO pacman -Syy
    $SUDO pacman -Sy curl runc bridge-utils
  else
-    fatal "Could not find apt-get, yum, or pacman. Cannot install dependencies on this OS."
+    fatal "Could not find apt-get, dnf, or pacman. Cannot install dependencies on this OS."
    exit 1
  fi
 }
@ -84,19 +92,12 @@ install_cni_plugins() {
 }
 install_containerd() {
-  CONTAINERD_VER=1.7.0
+  CONTAINERD_VER=1.7.27
  $SUDO systemctl unmask containerd || :
  arch=$(uname -m)
-  if [ $arch == "armv7l" ]; then
+
-    $SUDO curl -fSLs "https://github.com/alexellis/containerd-arm/releases/download/v${CONTAINERD_VER}/containerd-${CONTAINERD_VER}-linux-armhf.tar.gz" --output "/tmp/containerd.tar.gz"
+  $SUDO $ARKADE system install containerd --systemd --version v${CONTAINERD_VER}  --progress=false
    $SUDO tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/
    $SUDO curl -fSLs https://raw.githubusercontent.com/containerd/containerd/v${CONTAINERD_VER}/containerd.service --output "/etc/systemd/system/containerd.service"
    $SUDO systemctl enable containerd
    $SUDO systemctl start containerd
  else
    $SUDO $ARKADE system install containerd --systemd --version v${CONTAINERD_VER}  --progress=false
  fi
  sleep 5
 }
@ -110,9 +111,6 @@ install_faasd() {
  aarch64)
    suffix=-arm64
    ;;
  armv7l)
    suffix=-armhf
    ;;
  *)
    echo "Unsupported architecture $arch"
    exit 1
--- a/main.go
+++ b/main.go
@ -7,14 +7,6 @@ import (
 	"github.com/openfaas/faasd/cmd"
 )
 // These values will be injected into these variables at the build time.
 var (
 	// GitCommit Git Commit SHA
 	GitCommit string
 	// Version version of the CLI
 	Version string
 )
 func main() {
 	if _, ok := os.LookupEnv("CONTAINER_ID"); ok {
@ -31,7 +23,7 @@ func main() {
 		os.Exit(0)
 	}
-	if err := cmd.Execute(Version, GitCommit); err != nil {
+	if err := cmd.Execute(); err != nil {
 		os.Exit(1)
 	}
 	return
--- a/pkg/cninetwork/cni_network.go
+++ b/pkg/cninetwork/cni_network.go
@ -5,7 +5,6 @@ import (
 	"context"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"net"
 	"os"
@ -86,7 +85,7 @@ func InitNetwork() (gocni.CNI, error) {
 	}
 	netConfig := path.Join(CNIConfDir, defaultCNIConfFilename)
-	if err := ioutil.WriteFile(netConfig, []byte(defaultCNIConf), 644); err != nil {
+	if err := os.WriteFile(netConfig, []byte(defaultCNIConf), 0644); err != nil {
 		return nil, fmt.Errorf("cannot write network config: %s", defaultCNIConfFilename)
 	}
@ -151,7 +150,7 @@ func DeleteCNINetwork(ctx context.Context, cni gocni.CNI, client *containerd.Cli
 func GetIPAddress(container string, PID uint32) (string, error) {
 	CNIDir := path.Join(CNIDataDir, defaultNetworkName)
-	files, err := ioutil.ReadDir(CNIDir)
+	files, err := os.ReadDir(CNIDir)
 	if err != nil {
 		return "", fmt.Errorf("failed to read CNI dir for container %s: %v", container, err)
 	}
--- a/pkg/cninetwork/cni_network_test.go
+++ b/pkg/cninetwork/cni_network_test.go
@ -1,7 +1,6 @@
 package cninetwork
 import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@ -15,7 +14,7 @@ eth1`
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)
-	err := ioutil.WriteFile(fullPath, []byte(body), 0700)
+	err := os.WriteFile(fullPath, []byte(body), 0700)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@ -24,7 +23,6 @@ eth1`
 	}()
 	got, err := isCNIResultForPID(fullPath, container, PID)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@ -43,7 +41,7 @@ eth1`
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)
-	err := ioutil.WriteFile(fullPath, []byte(body), 0700)
+	err := os.WriteFile(fullPath, []byte(body), 0700)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
@ -52,10 +50,10 @@ eth1`
 	}()
 	got, err := isCNIResultForPID(fullPath, container, PID)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
 	want := false
 	if got != want {
 		t.Fatalf("want %v, but got %v", want, got)
--- a/pkg/connectivity.go
+++ b/pkg/connectivity.go
@ -0,0 +1,39 @@
 package pkg
 import (
 	"fmt"
 	"io"
 	"net/http"
 	"strings"
 )
 // ConnectivityCheck checks if the controller can reach the
 // public Internet via HTTPS.
 // A license is required to use OpenFaaS CE for Commercial Use.
 func ConnectivityCheck() error {
 	req, err := http.NewRequest(http.MethodGet, "https://checkip.amazonaws.com", nil)
 	if err != nil {
 		return err
 	}
 	req.Header.Set("User-Agent", fmt.Sprintf("openfaas-ce/%s faas-netes", Version))
 	res, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return err
 	}
 	if req.Body != nil {
 		defer req.Body.Close()
 	}
 	if res.StatusCode != http.StatusOK {
 		var body []byte
 		if res.Body != nil {
 			body, _ = io.ReadAll(res.Body)
 		}
 		return fmt.Errorf("unexpected status code checking connectivity: %d, body: %s", res.StatusCode, strings.TrimSpace(string(body)))
 	}
 	return nil
 }
--- a/pkg/local_resolver.go
+++ b/pkg/local_resolver.go
@ -1,7 +1,6 @@
 package pkg
 import (
 	"io/ioutil"
 	"log"
 	"os"
 	"strings"
@ -54,7 +53,7 @@ func (l *LocalResolver) rebuild() {
 	l.Mutex.Lock()
 	defer l.Mutex.Unlock()
-	fileData, fileErr := ioutil.ReadFile(l.Path)
+	fileData, fileErr := os.ReadFile(l.Path)
 	if fileErr != nil {
 		log.Printf("resolver rebuild error: %s", fileErr.Error())
 		return
--- a/pkg/logs/requestor.go
+++ b/pkg/logs/requestor.go
@ -58,10 +58,10 @@ func (r *requester) Query(ctx context.Context, req logs.Request) (<-chan logs.Me
 // buildCmd reeturns the equivalent of
 //
-// 	journalctl -t <namespace>:<name>  \
+//	journalctl -t <namespace>:<name>  \
-// 		--output=json \
+//		--output=json \
-// 		--since=<timestamp> \
+//		--since=<timestamp> \
-// 		<--follow> \
+//		<--follow> \
 func buildCmd(ctx context.Context, req logs.Request) *exec.Cmd {
 	// // set the cursor position based on req, default to 5m
 	since := time.Now().Add(-5 * time.Minute)
@ -105,12 +105,12 @@ func streamLogs(ctx context.Context, cmd *exec.Cmd, out io.ReadCloser, msgs chan
 	// will ensure `out` is closed and all related resources cleaned up
 	go func() {
-		err := cmd.Wait()
+		if err := cmd.Wait(); err != nil {
-		log.Println("wait result", err)
+			log.Printf("journalctl exited with error: %s", err)
 		}
 	}()
 	defer func() {
 		log.Println("closing journal stream")
 		close(msgs)
 	}()
@ -176,7 +176,6 @@ func parseEntry(entry map[string]string) (logs.Message, error) {
 }
 func logErrOut(out io.ReadCloser) {
 	defer log.Println("stderr closed")
 	defer out.Close()
 	io.Copy(log.Writer(), out)
--- a/pkg/provider/handlers/delete.go
+++ b/pkg/provider/handlers/delete.go
@ -4,15 +4,16 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/namespaces"
 	gocni "github.com/containerd/go-cni"
 	"github.com/openfaas/faas/gateway/requests"
 	"github.com/openfaas/faas-provider/types"
 	"github.com/openfaas/faasd/pkg"
 	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 )
@ -28,22 +29,24 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 		defer r.Body.Close()
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		log.Printf("[Delete] request: %s\n", string(body))
-		req := requests.DeleteFunctionRequest{}
+		req := types.DeleteFunctionRequest{}
-		err := json.Unmarshal(body, &req)
+		if err := json.Unmarshal(body, &req); err != nil {
-		if err != nil {
+			log.Printf("[Delete] error parsing input: %s", err)
 			log.Printf("[Delete] error parsing input: %s\n", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
-		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
+		// namespace moved from the querystring into the body
 		namespace := req.Namespace
 		if namespace == "" {
 			namespace = pkg.DefaultFunctionNamespace
 		}
 		// Check if namespace exists, and it has the openfaas label
-		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
+		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
@ -56,15 +59,15 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 		name := req.FunctionName
-		function, err := GetFunction(client, name, lookupNamespace)
+		function, err := GetFunction(client, name, namespace)
 		if err != nil {
-			msg := fmt.Sprintf("service %s not found", name)
+			msg := fmt.Sprintf("function %s.%s not found", name, namespace)
 			log.Printf("[Delete] %s\n", msg)
 			http.Error(w, msg, http.StatusNotFound)
 			return
 		}
-		ctx := namespaces.WithNamespace(context.Background(), lookupNamespace)
+		ctx := namespaces.WithNamespace(context.Background(), namespace)
 		// TODO: this needs to still happen if the task is paused
 		if function.replicas != 0 {
@ -74,13 +77,12 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 			}
 		}
-		containerErr := service.Remove(ctx, client, name)
+		if err := service.Remove(ctx, client, name); err != nil {
-		if containerErr != nil {
+			log.Printf("[Delete] error removing %s, %s\n", name, err)
-			log.Printf("[Delete] error removing %s, %s\n", name, containerErr)
+			http.Error(w, err.Error(), http.StatusInternalServerError)
 			http.Error(w, containerErr.Error(), http.StatusInternalServerError)
 			return
 		}
-		log.Printf("[Delete] deleted %s\n", name)
+		log.Printf("[Delete] Removed: %s.%s\n", name, namespace)
 	}
 }
--- a/pkg/provider/handlers/deploy.go
+++ b/pkg/provider/handlers/deploy.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"os"
@ -17,7 +17,7 @@ import (
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/oci"
 	gocni "github.com/containerd/go-cni"
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openfaas/faas-provider/types"
 	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
@ -39,13 +39,12 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		defer r.Body.Close()
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		log.Printf("[Deploy] request: %s\n", string(body))
 		req := types.FunctionDeployment{}
 		err := json.Unmarshal(body, &req)
 		if err != nil {
-			log.Printf("[Deploy] - error parsing input: %s\n", err)
+			log.Printf("[Deploy] - error parsing input: %s", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
@ -76,10 +75,15 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		name := req.Service
 		ctx := namespaces.WithNamespace(context.Background(), namespace)
-		deployErr := deploy(ctx, req, client, cni, namespaceSecretMountPath, alwaysPull)
+		if err := preDeploy(client, 1); err != nil {
-		if deployErr != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
-			log.Printf("[Deploy] error deploying %s, error: %s\n", name, deployErr)
+			log.Printf("[Deploy] error deploying %s, error: %s\n", name, err)
-			http.Error(w, deployErr.Error(), http.StatusBadRequest)
+			return
 		}
 		if err := deploy(ctx, req, client, cni, namespaceSecretMountPath, alwaysPull); err != nil {
 			log.Printf("[Deploy] error deploying %s, error: %s\n", name, err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 	}
@ -179,8 +183,27 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 }
 // countFunctions returns the number of functions deployed along with a map with a count
 // in each namespace
 func countFunctions(client *containerd.Client) (int64, int64, error) {
 	count := int64(0)
 	namespaceCount := int64(0)
 	namespaces := ListNamespaces(client)
 	for _, namespace := range namespaces {
 		fns, err := ListFunctions(client, namespace)
 		if err != nil {
 			return 0, 0, err
 		}
 		namespaceCount++
 		count += int64(len(fns))
 	}
 	return count, namespaceCount, nil
 }
 func buildLabels(request *types.FunctionDeployment) (map[string]string, error) {
 	// Adapted from faas-swarm/handlers/deploy.go:buildLabels
 	labels := map[string]string{}
 	if request.Labels != nil {
@ -229,9 +252,8 @@ func createTask(ctx context.Context, container containerd.Container, cni gocni.C
 	log.Printf("%s has IP: %s.\n", name, ip)
-	_, waitErr := task.Wait(ctx)
+	if _, err := task.Wait(ctx); err != nil {
-	if waitErr != nil {
+		return errors.Wrapf(err, "Unable to wait for task to start: %s", name)
 		return errors.Wrapf(waitErr, "Unable to wait for task to start: %s", name)
 	}
 	if startErr := task.Start(ctx); startErr != nil {
@ -315,3 +337,17 @@ func withMemory(mem *specs.LinuxMemory) oci.SpecOpts {
 		return nil
 	}
 }
 func preDeploy(client *containerd.Client, additional int64) error {
 	count, countNs, err := countFunctions(client)
 	log.Printf("Function count: %d, Namespace count: %d\n", count, countNs)
 	if err != nil {
 		return err
 	} else if count+additional > faasdMaxFunctions {
 		return fmt.Errorf("the OpenFaaS CE EULA allows %d/%d function(s), upgrade to faasd Pro to continue", faasdMaxFunctions, count+additional)
 	} else if countNs > faasdMaxNs {
 		return fmt.Errorf("the OpenFaaS CE EULA allows %d/%d namespace(s), upgrade to faasd Pro to continue", faasdMaxNs, countNs)
 	}
 	return nil
 }
--- a/pkg/provider/handlers/function_get.go
+++ b/pkg/provider/handlers/function_get.go
@ -2,71 +2,17 @@ package handlers
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log"
 	"strings"
 	"time"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/openfaas/faasd/pkg"
 	faasd "github.com/openfaas/faasd/pkg"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 )
 type Function struct {
 	name        string
 	namespace   string
 	image       string
 	pid         uint32
 	replicas    int
 	IP          string
 	labels      map[string]string
 	annotations map[string]string
 	secrets     []string
 	envVars     map[string]string
 	envProcess  string
 	memoryLimit int64
 	createdAt   time.Time
 }
 // ListFunctions returns a map of all functions with running tasks on namespace
 func ListFunctions(client *containerd.Client, namespace string) (map[string]*Function, error) {
 	// Check if namespace exists, and it has the openfaas label
 	valid, err := validNamespace(client.NamespaceService(), namespace)
 	if err != nil {
 		return nil, err
 	}
 	if !valid {
 		return nil, errors.New("namespace not valid")
 	}
 	ctx := namespaces.WithNamespace(context.Background(), namespace)
 	functions := make(map[string]*Function)
 	containers, err := client.Containers(ctx)
 	if err != nil {
 		return functions, err
 	}
 	for _, c := range containers {
 		name := c.ID()
 		f, err := GetFunction(client, name, namespace)
 		if err != nil {
 			log.Printf("skipping %s, error: %s", name, err)
 		} else {
 			functions[name] = &f
 		}
 	}
 	return functions, nil
 }
 // GetFunction returns a function that matches name
 func GetFunction(client *containerd.Client, name string, namespace string) (Function, error) {
 	ctx := namespaces.WithNamespace(context.Background(), namespace)
@ -196,44 +142,6 @@ func buildLabelsAndAnnotations(ctrLabels map[string]string) (map[string]string,
 	return labels, annotations
 }
 func ListNamespaces(client *containerd.Client) []string {
 	set := []string{}
 	store := client.NamespaceService()
 	namespaces, err := store.List(context.Background())
 	if err != nil {
 		log.Printf("Error listing namespaces: %s", err.Error())
 		set = append(set, faasd.DefaultFunctionNamespace)
 		return set
 	}
 	for _, namespace := range namespaces {
 		labels, err := store.Labels(context.Background(), namespace)
 		if err != nil {
 			log.Printf("Error listing label for namespace %s: %s", namespace, err.Error())
 			continue
 		}
 		if _, found := labels[pkg.NamespaceLabel]; found {
 			set = append(set, namespace)
 		}
 		if !findNamespace(faasd.DefaultFunctionNamespace, set) {
 			set = append(set, faasd.DefaultFunctionNamespace)
 		}
 	}
 	return set
 }
 func findNamespace(target string, items []string) bool {
 	for _, n := range items {
 		if n == target {
 			return true
 		}
 	}
 	return false
 }
 func readMemoryLimitFromSpec(spec *specs.Spec) int64 {
 	if spec.Linux == nil || spec.Linux.Resources == nil || spec.Linux.Resources.Memory == nil || spec.Linux.Resources.Memory.Limit == nil {
 		return 0
--- a/pkg/provider/handlers/function_list.go
+++ b/pkg/provider/handlers/function_list.go
@ -0,0 +1,65 @@
 package handlers
 import (
 	"context"
 	"errors"
 	"log"
 	"strings"
 	"time"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/namespaces"
 )
 type Function struct {
 	name        string
 	namespace   string
 	image       string
 	pid         uint32
 	replicas    int
 	IP          string
 	labels      map[string]string
 	annotations map[string]string
 	secrets     []string
 	envVars     map[string]string
 	envProcess  string
 	memoryLimit int64
 	createdAt   time.Time
 }
 // ListFunctions returns a map of all functions with running tasks on namespace
 func ListFunctions(client *containerd.Client, namespace string) (map[string]*Function, error) {
 	// Check if namespace exists, and it has the openfaas label
 	valid, err := validNamespace(client.NamespaceService(), namespace)
 	if err != nil {
 		return nil, err
 	}
 	if !valid {
 		return nil, errors.New("namespace not valid")
 	}
 	ctx := namespaces.WithNamespace(context.Background(), namespace)
 	functions := make(map[string]*Function)
 	containers, err := client.Containers(ctx)
 	if err != nil {
 		return functions, err
 	}
 	for _, c := range containers {
 		name := c.ID()
 		f, err := GetFunction(client, name, namespace)
 		if err != nil {
 			if !strings.Contains(err.Error(), "unable to get IP address for container") {
 				log.Printf("List functions, skipping: %s, error: %s", name, err)
 			}
 		} else {
 			functions[name] = &f
 		}
 	}
 	return functions, nil
 }
--- a/pkg/provider/handlers/functions_test.go
+++ b/pkg/provider/handlers/functions_test.go
--- a/pkg/provider/handlers/info.go
+++ b/pkg/provider/handlers/info.go
@ -12,10 +12,10 @@ const (
 	OrchestrationIdentifier = "containerd"
 	// ProviderName name of the provider
-	ProviderName = "faasd"
+	ProviderName = "faasd-ce"
 )
-//MakeInfoHandler creates handler for /system/info endpoint
+// MakeInfoHandler creates handler for /system/info endpoint
 func MakeInfoHandler(version, sha string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Body != nil {
@ -31,8 +31,8 @@ func MakeInfoHandler(version, sha string) http.HandlerFunc {
 			},
 		}
-		jsonOut, marshalErr := json.Marshal(infoResponse)
+		jsonOut, err := json.Marshal(infoResponse)
-		if marshalErr != nil {
+		if err != nil {
 			w.WriteHeader(http.StatusInternalServerError)
 			return
 		}
@ -42,3 +42,6 @@ func MakeInfoHandler(version, sha string) http.HandlerFunc {
 		w.Write(jsonOut)
 	}
 }
 const faasdMaxFunctions = 15
 const faasdMaxNs = 1
--- a/pkg/provider/handlers/invoke_resolver.go
+++ b/pkg/provider/handlers/invoke_resolver.go
@ -24,7 +24,7 @@ func (i *InvokeResolver) Resolve(functionName string) (url.URL, error) {
 	actualFunctionName := functionName
 	log.Printf("Resolve: %q\n", actualFunctionName)
-	namespace := getNamespace(functionName, faasd.DefaultFunctionNamespace)
+	namespace := getNamespaceOrDefault(functionName, faasd.DefaultFunctionNamespace)
 	if strings.Contains(functionName, ".") {
 		actualFunctionName = strings.TrimSuffix(functionName, "."+namespace)
@ -47,7 +47,7 @@ func (i *InvokeResolver) Resolve(functionName string) (url.URL, error) {
 	return *urlRes, nil
 }
-func getNamespace(name, defaultNamespace string) string {
+func getNamespaceOrDefault(name, defaultNamespace string) string {
 	namespace := defaultNamespace
 	if strings.Contains(name, ".") {
 		namespace = name[strings.LastIndexAny(name, ".")+1:]
--- a/pkg/provider/handlers/mutate_namespaces.go
+++ b/pkg/provider/handlers/mutate_namespaces.go
@ -0,0 +1,285 @@
 package handlers
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"strings"
 	"github.com/containerd/containerd"
 	"github.com/gorilla/mux"
 	"github.com/openfaas/faas-provider/types"
 )
 func MakeMutateNamespace(client *containerd.Client) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Body != nil {
 			defer r.Body.Close()
 		}
 		switch r.Method {
 		case http.MethodPost:
 			createNamespace(client, w, r)
 		case http.MethodGet:
 			getNamespace(client, w, r)
 		case http.MethodDelete:
 			deleteNamespace(client, w, r)
 		case http.MethodPut:
 			updateNamespace(client, w, r)
 		default:
 			w.WriteHeader(http.StatusMethodNotAllowed)
 		}
 	}
 }
 func updateNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	namespaceExists, err := namespaceExists(r.Context(), client, req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !namespaceExists {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	originalLabels, err := client.NamespaceService().Labels(r.Context(), req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !hasOpenFaaSLabel(originalLabels) {
 		http.Error(w, fmt.Sprintf("namespace %s is not an openfaas namespace", req.Name), http.StatusBadRequest)
 		return
 	}
 	var exclusions []string
 	// build exclusions
 	for key, _ := range originalLabels {
 		if _, ok := req.Labels[key]; !ok {
 			exclusions = append(exclusions, key)
 		}
 	}
 	// Call SetLabel with empty string if label is to be removed
 	for _, key := range exclusions {
 		if err := client.NamespaceService().SetLabel(r.Context(), req.Name, key, ""); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 	}
 	// Now add the new labels
 	for key, value := range req.Labels {
 		if err := client.NamespaceService().SetLabel(r.Context(), req.Name, key, value); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 	}
 	w.WriteHeader(http.StatusAccepted)
 }
 func deleteNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	if err := client.NamespaceService().Delete(r.Context(), req.Name); err != nil {
 		if strings.Contains(err.Error(), "not found") {
 			http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 			return
 		}
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	w.WriteHeader(http.StatusAccepted)
 }
 func namespaceExists(ctx context.Context, client *containerd.Client, name string) (bool, error) {
 	ns, err := client.NamespaceService().List(ctx)
 	if err != nil {
 		return false, err
 	}
 	found := false
 	for _, namespace := range ns {
 		if namespace == name {
 			found = true
 			break
 		}
 	}
 	return found, nil
 }
 func getNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	namespaceExists, err := namespaceExists(r.Context(), client, req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !namespaceExists {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	labels, err := client.NamespaceService().Labels(r.Context(), req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !hasOpenFaaSLabel(labels) {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	res := types.FunctionNamespace{
 		Name:   req.Name,
 		Labels: labels,
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	if err := json.NewEncoder(w).Encode(res); err != nil {
 		log.Printf("Get Namespace error: %s", err)
 	}
 }
 func createNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	// Check if namespace exists, and it has the openfaas label
 	namespaces, err := client.NamespaceService().List(r.Context())
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	found := false
 	for _, namespace := range namespaces {
 		if namespace == req.Name {
 			found = true
 			break
 		}
 	}
 	if found {
 		http.Error(w, fmt.Sprintf("namespace %s already exists", req.Name), http.StatusConflict)
 		return
 	}
 	if err := client.NamespaceService().Create(r.Context(), req.Name, req.Labels); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	w.WriteHeader(http.StatusCreated)
 }
 // getNamespace returns a namespace object or an error
 func parseNamespaceRequest(r *http.Request) (types.FunctionNamespace, error) {
 	var req types.FunctionNamespace
 	vars := mux.Vars(r)
 	namespaceInPath := vars["name"]
 	if r.Method == http.MethodGet {
 		if namespaceInPath == "" {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace not specified in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 		return types.FunctionNamespace{
 			Name: namespaceInPath,
 		}, nil
 	}
 	body, _ := io.ReadAll(r.Body)
 	if err := json.Unmarshal(body, &req); err != nil {
 		return req, &HttpError{
 			Err:    fmt.Errorf("error parsing request body: %s", err.Error()),
 			Status: http.StatusBadRequest,
 		}
 	}
 	if r.Method != http.MethodPost {
 		if namespaceInPath == "" {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace not specified in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 		if req.Name != namespaceInPath {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace in request body does not match namespace in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 	}
 	if req.Name == "" {
 		return req, &HttpError{
 			Err:    fmt.Errorf("namespace not specified in request body"),
 			Status: http.StatusBadRequest,
 		}
 	}
 	if ok := hasOpenFaaSLabel(req.Labels); !ok {
 		return req, &HttpError{
 			Err:    fmt.Errorf("request does not have openfaas=1 label"),
 			Status: http.StatusBadRequest,
 		}
 	}
 	return req, nil
 }
 func hasOpenFaaSLabel(labels map[string]string) bool {
 	if v, ok := labels["openfaas"]; ok && v == "1" {
 		return true
 	}
 	return false
 }
 type HttpError struct {
 	Err    error
 	Status int
 }
 func (e *HttpError) Error() string {
 	return e.Err.Error()
 }
--- a/pkg/provider/handlers/namespaces.go
+++ b/pkg/provider/handlers/namespaces.go
@ -1,10 +1,14 @@
 package handlers
 import (
 	"context"
 	"encoding/json"
 	"log"
 	"net/http"
 	"github.com/containerd/containerd"
 	"github.com/openfaas/faasd/pkg"
 	faasd "github.com/openfaas/faasd/pkg"
 )
 func MakeNamespacesLister(client *containerd.Client) func(w http.ResponseWriter, r *http.Request) {
@ -16,3 +20,43 @@ func MakeNamespacesLister(client *containerd.Client) func(w http.ResponseWriter,
 		w.Write(body)
 	}
 }
 func ListNamespaces(client *containerd.Client) []string {
 	set := []string{faasd.DefaultFunctionNamespace}
 	store := client.NamespaceService()
 	namespaces, err := store.List(context.Background())
 	if err != nil {
 		log.Printf("Error listing namespaces: %s", err.Error())
 		return set
 	}
 	for _, namespace := range namespaces {
 		labels, err := store.Labels(context.Background(), namespace)
 		if err != nil {
 			log.Printf("Error listing label for namespace %s: %s", namespace, err.Error())
 			continue
 		}
 		if _, found := labels[pkg.NamespaceLabel]; found {
 			set = append(set, namespace)
 		}
 	}
 	if len(set) == 0 {
 		set = append(set, faasd.DefaultFunctionNamespace)
 	}
 	return set
 }
 func findNamespace(target string, items []string) bool {
 	for _, n := range items {
 		if n == target {
 			return true
 		}
 	}
 	return false
 }
--- a/pkg/provider/handlers/read.go
+++ b/pkg/provider/handlers/read.go
@ -31,7 +31,7 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 		res := []types.FunctionStatus{}
 		fns, err := ListFunctions(client, lookupNamespace)
 		if err != nil {
-			log.Printf("[Read] error listing functions. Error: %s\n", err)
+			log.Printf("[Read] error listing functions. Error: %s", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
--- a/pkg/provider/handlers/scale.go
+++ b/pkg/provider/handlers/scale.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
@ -13,6 +13,7 @@ import (
 	gocni "github.com/containerd/go-cni"
 	"github.com/openfaas/faas-provider/types"
 	"github.com/openfaas/faasd/pkg"
 )
 func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w http.ResponseWriter, r *http.Request) {
@ -26,20 +27,20 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		defer r.Body.Close()
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		log.Printf("[Scale] request: %s\n", string(body))
 		req := types.ScaleServiceRequest{}
-		err := json.Unmarshal(body, &req)
+		if err := json.Unmarshal(body, &req); err != nil {
-
+			log.Printf("[Scale] error parsing input: %s", err)
 		if err != nil {
 			log.Printf("[Scale] error parsing input: %s\n", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
-		namespace := getRequestNamespace(readNamespaceFromQuery(r))
+		namespace := req.Namespace
 		if namespace == "" {
 			namespace = pkg.DefaultFunctionNamespace
 		}
 		// Check if namespace exists, and it has the openfaas label
 		valid, err := validNamespace(client.NamespaceService(), namespace)
@ -56,7 +57,7 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		name := req.ServiceName
 		if _, err := GetFunction(client, name, namespace); err != nil {
-			msg := fmt.Sprintf("service %s not found", name)
+			msg := fmt.Sprintf("function: %s.%s not found", name, namespace)
 			log.Printf("[Scale] %s\n", msg)
 			http.Error(w, msg, http.StatusNotFound)
 			return
@ -95,32 +96,24 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		createNewTask := false
 		// Scale to zero
 		if req.Replicas == 0 {
-			// If a task is running, pause it
+			http.Error(w, "replicas must > 0 for faasd CE", http.StatusBadRequest)
-			if taskExists && taskStatus.Status == containerd.Running {
+			return
 				if pauseErr := task.Pause(ctx); pauseErr != nil {
 					wrappedPauseErr := fmt.Errorf("error pausing task %s, error: %s", name, pauseErr)
 					log.Printf("[Scale] %s\n", wrappedPauseErr.Error())
 					http.Error(w, wrappedPauseErr.Error(), http.StatusNotFound)
 					return
 				}
 			}
 		}
 		if taskExists {
 			if taskStatus != nil {
 				if taskStatus.Status == containerd.Paused {
-					if resumeErr := task.Resume(ctx); resumeErr != nil {
+					if _, err := task.Delete(ctx); err != nil {
-						log.Printf("[Scale] error resuming task %s, error: %s\n", name, resumeErr)
+						log.Printf("[Scale] error deleting paused task %s, error: %s\n", name, err)
-						http.Error(w, resumeErr.Error(), http.StatusBadRequest)
+						http.Error(w, err.Error(), http.StatusBadRequest)
 						return
 					}
 				} else if taskStatus.Status == containerd.Stopped {
 					// Stopped tasks cannot be restarted, must be removed, and created again
-					if _, delErr := task.Delete(ctx); delErr != nil {
+					if _, err := task.Delete(ctx); err != nil {
-						log.Printf("[Scale] error deleting stopped task %s, error: %s\n", name, delErr)
+						log.Printf("[Scale] error deleting stopped task %s, error: %s\n", name, err)
-						http.Error(w, delErr.Error(), http.StatusBadRequest)
+						http.Error(w, err.Error(), http.StatusBadRequest)
 						return
 					}
 					createNewTask = true
--- a/pkg/provider/handlers/secret.go
+++ b/pkg/provider/handlers/secret.go
@ -3,7 +3,7 @@ package handlers
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"os"
@ -71,7 +71,7 @@ func listSecrets(store provider.Labeller, w http.ResponseWriter, r *http.Request
 	}
 	if err != nil {
-		fmt.Printf("Error Occured: %s \n", err)
+		log.Printf("[Secret] Error listing secrets: %s ", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
@ -116,7 +116,7 @@ func createSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 		data = []byte(secret.Value)
 	}
-	err = ioutil.WriteFile(path.Join(mountPath, secret.Name), data, secretFilePermission)
+	err = os.WriteFile(path.Join(mountPath, secret.Name), data, secretFilePermission)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
@ -147,7 +147,7 @@ func deleteSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 func parseSecret(r *http.Request) (types.Secret, error) {
 	secret := types.Secret{}
-	bytesOut, err := ioutil.ReadAll(r.Body)
+	bytesOut, err := io.ReadAll(r.Body)
 	if err != nil {
 		return secret, err
 	}
--- a/pkg/provider/handlers/secret_test.go
+++ b/pkg/provider/handlers/secret_test.go
@ -3,7 +3,7 @@ package handlers
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptest"
 	"os"
@ -232,7 +232,7 @@ func TestListSecrets(t *testing.T) {
 				t.Fatalf("want error message: %q, but got %q", tc.err, w.Body.String())
 			}
-			body, err := ioutil.ReadAll(resp.Body)
+			body, err := io.ReadAll(resp.Body)
 			if err != nil {
 				t.Fatalf("can't read response of list %v", err)
 			}
--- a/pkg/provider/handlers/update.go
+++ b/pkg/provider/handlers/update.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
@ -28,17 +28,17 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		defer r.Body.Close()
-		body, _ := ioutil.ReadAll(r.Body)
+		body, _ := io.ReadAll(r.Body)
 		log.Printf("[Update] request: %s\n", string(body))
 		req := types.FunctionDeployment{}
 		err := json.Unmarshal(body, &req)
 		if err != nil {
-			log.Printf("[Update] error parsing input: %s\n", err)
+			log.Printf("[Update] error parsing input: %s", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		name := req.Service
 		namespace := getRequestNamespace(req.Namespace)
@ -54,11 +54,17 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 			return
 		}
 		if err := preDeploy(client, int64(0)); err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			log.Printf("[Deploy] error deploying %s, error: %s\n", name, err)
 			return
 		}
 		namespaceSecretMountPath := getNamespaceSecretMountPath(secretMountPath, namespace)
 		function, err := GetFunction(client, name, namespace)
 		if err != nil {
-			msg := fmt.Sprintf("service %s not found", name)
+			msg := fmt.Sprintf("function: %s.%s not found", name, namespace)
 			log.Printf("[Update] %s\n", msg)
 			http.Error(w, msg, http.StatusNotFound)
 			return
--- a/pkg/provider/handlers/utils.go
+++ b/pkg/provider/handlers/utils.go
@ -39,7 +39,8 @@ func validNamespace(store provider.Labeller, namespace string) (bool, error) {
 		return false, err
 	}
-	if value, found := labels[pkg.NamespaceLabel]; found && value == "true" {
+	// check for true to keep it backward compatible
 	if value, found := labels[pkg.NamespaceLabel]; found && (value == "true" || value == "1") {
 		return true, nil
 	}
--- a/pkg/proxy.go
+++ b/pkg/proxy.go
@ -75,18 +75,18 @@ func (p *Proxy) Start() error {
 		// Wait for a connection.
 		conn, err := l.Accept()
 		if err != nil {
-			acceptErr := fmt.Errorf("Unable to accept on %d, error: %s",
+			log.Printf("Unable to accept on: %d, error: %s",
 				p.Port,
 				err.Error())
-			log.Printf("%s", acceptErr.Error())
+			return err
 			return acceptErr
 		}
 		upstream, err := net.Dial("tcp", upstreamAddr)
 		if err != nil {
-			log.Printf("unable to dial to %s, error: %s", upstreamAddr, err.Error())
+			conn.Close()
-			return err
+
 			log.Printf("Unable to dial: %s, error: %s", upstreamAddr, err.Error())
 			continue
 		}
 		go pipe(conn, upstream)
--- a/pkg/proxy_test.go
+++ b/pkg/proxy_test.go
@ -2,7 +2,7 @@ package pkg
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
@ -61,7 +61,7 @@ func Test_Proxy_ToPrivateServer(t *testing.T) {
 			time.Sleep(time.Millisecond * 100)
 		} else {
-			resBody, _ := ioutil.ReadAll(res.Body)
+			resBody, _ := io.ReadAll(res.Body)
 			if string(resBody) != string(wantBody) {
 				t.Errorf("want %s, but got %s in body", string(wantBody), string(resBody))
 			}
--- a/pkg/service/service.go
+++ b/pkg/service/service.go
@ -6,6 +6,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
 	"time"
@ -45,10 +46,24 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 				log.Printf("Status of %s is: %s\n", name, status.Status)
 			}
-			log.Printf("Need to kill task: %s\n", name)
+			var gracePeriod = time.Second * 30
-			if err = killTask(ctx, t); err != nil {
+			spec, err := t.Spec(ctx)
 			if err == nil {
 				for _, p := range spec.Process.Env {
 					k, v, ok := strings.Cut(p, "=")
 					if ok && k == "grace_period" {
 						periodVal, err := time.ParseDuration(v)
 						if err == nil {
 							gracePeriod = periodVal
 						}
 					}
 				}
 			}
 			if err = killTask(ctx, t, gracePeriod); err != nil {
 				return fmt.Errorf("error killing task %s, %s, %w", container.ID(), name, err)
 			}
 		}
 		if err := container.Delete(ctx, containerd.WithSnapshotCleanup); err != nil {
@ -57,7 +72,7 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 	} else {
 		service := client.SnapshotService("")
-		key := name + "snapshot"
+		key := name + "-snapshot"
 		if _, err := client.SnapshotService("").Stat(ctx, key); err == nil {
 			service.Remove(ctx, key)
 		}
@ -66,14 +81,13 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 }
 // Adapted from Stellar - https://github.com/stellar
-func killTask(ctx context.Context, task containerd.Task) error {
+func killTask(ctx context.Context, task containerd.Task, gracePeriod time.Duration) error {
 	killTimeout := 30 * time.Second
 	wg := &sync.WaitGroup{}
 	wg.Add(1)
 	var err error
 	waited := false
 	go func() {
 		defer wg.Done()
 		if task != nil {
@ -89,22 +103,39 @@ func killTask(ctx context.Context, task containerd.Task) error {
 			select {
 			case <-wait:
-				task.Delete(ctx)
+				waited = true
 				return
-			case <-time.After(killTimeout):
+			case <-time.After(gracePeriod):
 				log.Printf("Sending SIGKILL to: %s after: %s", task.ID(), gracePeriod.Round(time.Second).String())
 				if err := task.Kill(ctx, unix.SIGKILL, containerd.WithKillAll); err != nil {
-					log.Printf("error force killing container task: %s", err)
+					log.Printf("error sending SIGKILL to task: %s", err)
 				}
 				return
 			}
 		}
 	}()
 	wg.Wait()
 	if task != nil {
 		if !waited {
 			wait, err := task.Wait(ctx)
 			if err != nil {
 				log.Printf("error waiting on task after kill: %s", err)
 			}
 			<-wait
 		}
 		if _, err := task.Delete(ctx); err != nil {
 			return err
 		}
 	}
 	return err
 }
-func getResolver(ctx context.Context, configFile *configfile.ConfigFile) (remotes.Resolver, error) {
+func getResolver(configFile *configfile.ConfigFile) (remotes.Resolver, error) {
 	// credsFunc is based on https://github.com/moby/buildkit/blob/0b130cca040246d2ddf55117eeff34f546417e40/session/auth/authprovider/authprovider.go#L35
 	credFunc := func(host string) (string, string, error) {
 		if host == "registry-1.docker.io" {
@ -139,7 +170,7 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		if err != nil {
 			return nil, err
 		}
-		resolver, err = getResolver(ctx, configFile)
+		resolver, err = getResolver(configFile)
 		if err != nil {
 			return empty, err
 		}
--- a/pkg/supervisor.go
+++ b/pkg/supervisor.go
@ -3,7 +3,6 @@ package pkg
 import (
 	"context"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"os"
 	"path"
@ -19,7 +18,7 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/oci"
 	gocni "github.com/containerd/go-cni"
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 	"github.com/pkg/errors"
@ -57,8 +56,14 @@ type ServicePort struct {
 }
 type Mount struct {
-	Src  string
+	// Src relative to the working directory for faasd
 	Src string
 	// Dest is the absolute path within the container
 	Dest string
 	// ReadOnly when set to true indicates the mount will be set to "ro" instead of "rw"
 	ReadOnly bool
 }
 type Supervisor struct {
@ -96,7 +101,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 127.0.0.1	localhost
 %s	faasd-provider`, gw)
-	writeHostsErr := ioutil.WriteFile(path.Join(wd, "hosts"),
+	writeHostsErr := os.WriteFile(path.Join(wd, "hosts"),
 		[]byte(hosts), workingDirectoryPermission)
 	if writeHostsErr != nil {
@ -151,11 +156,18 @@ func (s *Supervisor) Start(svcs []Service) error {
 		mounts := []specs.Mount{}
 		if len(svc.Mounts) > 0 {
 			for _, mnt := range svc.Mounts {
 				var options = []string{"rbind"}
 				if mnt.ReadOnly {
 					options = append(options, "ro")
 				} else {
 					options = append(options, "rw")
 				}
 				mounts = append(mounts, specs.Mount{
 					Source:      mnt.Src,
 					Destination: mnt.Dest,
 					Type:        "bind",
-					Options:     []string{"rbind", "rw"},
+					Options:     options,
 				})
 				// Only create directories, not files.
@ -215,7 +227,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		)
 		if err != nil {
-			log.Printf("Error creating container: %s\n", err)
+			log.Printf("Error creating container: %s", err)
 			return err
 		}
@ -223,7 +235,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		task, err := newContainer.NewTask(ctx, cio.BinaryIO("/usr/local/bin/faasd", nil))
 		if err != nil {
-			log.Printf("Error creating task: %s\n", err)
+			log.Printf("Error creating task: %s", err)
 			return err
 		}
@ -242,7 +254,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		log.Printf("%s has IP: %s\n", newContainer.ID(), ip)
-		hosts, err := ioutil.ReadFile("hosts")
+		hosts, err := os.ReadFile("hosts")
 		if err != nil {
 			log.Printf("Unable to read hosts file: %s\n", err.Error())
 		}
@ -251,12 +263,12 @@ func (s *Supervisor) Start(svcs []Service) error {
 %s	%s
 `, ip, svc.Name))
-		if err := ioutil.WriteFile("hosts", hosts, workingDirectoryPermission); err != nil {
+		if err := os.WriteFile("hosts", hosts, workingDirectoryPermission); err != nil {
 			log.Printf("Error writing file: %s %s\n", "hosts", err)
 		}
 		if _, err := task.Wait(ctx); err != nil {
-			log.Printf("Task wait error: %s\n", err)
+			log.Printf("Task wait error: %s", err)
 			return err
 		}
@ -264,7 +276,7 @@ func (s *Supervisor) Start(svcs []Service) error {
 		// log.Println("Exited: ", exitStatusC)
 		if err = task.Start(ctx); err != nil {
-			log.Printf("Task start error: %s\n", err)
+			log.Printf("Task start error: %s", err)
 			return err
 		}
 	}
@ -342,8 +354,9 @@ func ParseCompose(config *compose.Config) ([]Service, error) {
 				return nil, errors.Errorf("unsupported volume mount type '%s' when parsing service '%s'", v.Type, s.Name)
 			}
 			mounts = append(mounts, Mount{
-				Src:  v.Source,
+				Src:      v.Source,
-				Dest: v.Target,
+				Dest:     v.Target,
 				ReadOnly: v.ReadOnly,
 			})
 		}
@ -386,7 +399,7 @@ func LoadComposeFile(wd string, file string) (*compose.Config, error) {
 func LoadComposeFileWithArch(wd string, file string, archGetter ArchGetter) (*compose.Config, error) {
 	file = path.Join(wd, file)
-	b, err := ioutil.ReadFile(file)
+	b, err := os.ReadFile(file)
 	if err != nil {
 		return nil, err
 	}
@ -438,8 +451,6 @@ func GetArchSuffix(getClientArch ArchGetter) (suffix string, err error) {
 	case "x86_64":
 		// no suffix needed
 		return "", nil
 	case "armhf", "armv7l":
 		return "-armhf", nil
 	case "arm64", "aarch64":
 		return "-arm64", nil
 	default:
--- a/pkg/supervisor_test.go
+++ b/pkg/supervisor_test.go
@ -180,7 +180,7 @@ func equalMountSlice(t *testing.T, want, found []Mount) {
 	for i := range want {
 		if !reflect.DeepEqual(want[i], found[i]) {
-			t.Fatalf("unexpected value at postition %d: want %s, got %s", i, want[i], found[i])
+			t.Fatalf("unexpected value at postition %d: want %v, got %v", i, want[i], found[i])
 		}
 	}
 }
@ -210,18 +210,6 @@ func Test_GetArchSuffix(t *testing.T) {
 			foundArch: "anything_else",
 			want:      "",
 		},
 		{
 			name:      "armhf has armhf suffix",
 			foundOS:   "Linux",
 			foundArch: "armhf",
 			want:      "-armhf",
 		},
 		{
 			name:      "armv7l has armhf suffix",
 			foundOS:   "Linux",
 			foundArch: "armv7l",
 			want:      "-armhf",
 		},
 		{
 			name:      "arm64 has arm64 suffix",
 			foundOS:   "Linux",
--- a/pkg/systemd/systemd.go
+++ b/pkg/systemd/systemd.go
@ -2,21 +2,23 @@ package systemd
 import (
 	"bytes"
 	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 	"text/template"
-	execute "github.com/alexellis/go-execute/pkg/v1"
+	execute "github.com/alexellis/go-execute/v2"
 )
 func Enable(unit string) error {
-	task := execute.ExecTask{Command: "systemctl",
+	task := execute.ExecTask{
 		Command:     "systemctl",
 		Args:        []string{"enable", unit},
 		StreamStdio: false,
 	}
-	res, err := task.Execute()
+	res, err := task.Execute(context.Background())
 	if err != nil {
 		return err
 	}
@ -29,12 +31,13 @@ func Enable(unit string) error {
 }
 func Start(unit string) error {
-	task := execute.ExecTask{Command: "systemctl",
+	task := execute.ExecTask{
 		Command:     "systemctl",
 		Args:        []string{"start", unit},
 		StreamStdio: false,
 	}
-	res, err := task.Execute()
+	res, err := task.Execute(context.Background())
 	if err != nil {
 		return err
 	}
@ -47,12 +50,13 @@ func Start(unit string) error {
 }
 func DaemonReload() error {
-	task := execute.ExecTask{Command: "systemctl",
+	task := execute.ExecTask{
 		Command:     "systemctl",
 		Args:        []string{"daemon-reload"},
 		StreamStdio: false,
 	}
-	res, err := task.Execute()
+	res, err := task.Execute(context.Background())
 	if err != nil {
 		return err
 	}
@ -71,23 +75,20 @@ func InstallUnit(name string, tokens map[string]string) error {
 	tmplName := "./hack/" + name + ".service"
 	tmpl, err := template.ParseFiles(tmplName)
 	if err != nil {
 		return fmt.Errorf("error loading template %s, error %s", tmplName, err)
 	}
 	var tpl bytes.Buffer
-	err = tmpl.Execute(&tpl, tokens)
+	if err := tmpl.Execute(&tpl, tokens); err != nil {
 	if err != nil {
 		return err
 	}
-	err = writeUnit(name+".service", tpl.Bytes())
+	if err := writeUnit(name+".service", tpl.Bytes()); err != nil {
 	if err != nil {
 		return err
 	}
 	return nil
 }
@ -96,7 +97,12 @@ func writeUnit(name string, data []byte) error {
 	if err != nil {
 		return err
 	}
 	defer f.Close()
-	_, err = f.Write(data)
+
-	return err
+	if _, err := f.Write(data); err != nil {
 		return err
 	}
 	return nil
 }
--- a/pkg/version.go
+++ b/pkg/version.go
@ -1 +1,17 @@
 package pkg
 // These values will be injected into these variables at the build time.
 var (
 	// GitCommit Git Commit SHA
 	GitCommit string
 	// Version version of the CLI
 	Version string
 )
 // GetVersion get latest version
 func GetVersion() string {
 	if len(Version) == 0 {
 		return "dev"
 	}
 	return Version
 }
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
@ -25,11 +25,10 @@ import (
 	"os"
 	"path/filepath"
 	"reflect"
 	"strconv"
 	"strings"
 	"time"
 	"unsafe"
 	securejoin "github.com/cyphar/filepath-securejoin"
 )
 var (
@ -389,11 +388,11 @@ func (f *ConsumeFuzzer) GetUint16() (uint16, error) {
 }
 func (f *ConsumeFuzzer) GetUint32() (uint32, error) {
-	i, err := f.GetInt()
+	u32, err := f.GetNBytes(4)
 	if err != nil {
-		return uint32(0), err
+		return 0, err
 	}
-	return uint32(i), nil
+	return binary.BigEndian.Uint32(u32), nil
 }
 func (f *ConsumeFuzzer) GetUint64() (uint64, error) {
@ -412,26 +411,27 @@ func (f *ConsumeFuzzer) GetUint64() (uint64, error) {
 }
 func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
-	if f.position >= f.dataTotal {
+	var length uint32
-		return nil, errors.New("not enough bytes to create byte array")
+	var err error
-	}
+	length, err = f.GetUint32()
 	length, err := f.GetUint32()
 	if err != nil {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
-	if f.position+length > MaxTotalLen {
+
 		return nil, errors.New("created too large a string")
 	}
 	byteBegin := f.position - 1
 	if byteBegin >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if length == 0 {
-		return nil, errors.New("zero-length is not supported")
+		length = 30
 	}
-	if byteBegin+length >= f.dataTotal {
+	bytesLeft := f.dataTotal - f.position
 	if bytesLeft <= 0 {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	// If the length is the same as bytes left, we will not overflow
 	// the remaining bytes.
 	if length != bytesLeft {
 		length = length % bytesLeft
 	}
 	byteBegin := f.position
 	if byteBegin+length < byteBegin {
 		return nil, errors.New("numbers overflow")
 	}
@ -482,6 +482,7 @@ func (f *ConsumeFuzzer) FuzzMap(m interface{}) error {
 }
 func returnTarBytes(buf []byte) ([]byte, error) {
 	return buf, nil
 	// Count files
 	var fileCounter int
 	tr := tar.NewReader(bytes.NewReader(buf))
@ -504,7 +505,8 @@ func returnTarBytes(buf []byte) ([]byte, error) {
 func setTarHeaderFormat(hdr *tar.Header, f *ConsumeFuzzer) error {
 	ind, err := f.GetInt()
 	if err != nil {
-		return err
+		hdr.Format = tar.FormatGNU
 		//return nil
 	}
 	switch ind % 4 {
 	case 0:
@ -565,71 +567,17 @@ func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
 	return nil
 }
 func tooSmallFileBody(length uint32) bool {
 	if length < 2 {
 		return true
 	}
 	if length < 4 {
 		return true
 	}
 	if length < 10 {
 		return true
 	}
 	if length < 100 {
 		return true
 	}
 	if length < 500 {
 		return true
 	}
 	if length < 1000 {
 		return true
 	}
 	if length < 2000 {
 		return true
 	}
 	if length < 4000 {
 		return true
 	}
 	if length < 8000 {
 		return true
 	}
 	if length < 16000 {
 		return true
 	}
 	if length < 32000 {
 		return true
 	}
 	if length < 64000 {
 		return true
 	}
 	if length < 128000 {
 		return true
 	}
 	if length < 264000 {
 		return true
 	}
 	return false
 }
 func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
-	length, err := f.GetUint32()
+	return f.GetBytes()
 	/*length, err := f.GetUint32()
 	if err != nil {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	shouldUseLargeFileBody, err := f.GetBool()
 	if err != nil {
 		return nil, errors.New("not enough bytes to check long file body")
 	}
 	if shouldUseLargeFileBody && tooSmallFileBody(length) {
 		return nil, errors.New("File body was too small")
 	}
 	// A bit of optimization to attempt to create a file body
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
-	if remainingBytes == 0 {
+	if remainingBytes <= 0 {
 		return nil, errors.New("created too large a string")
 	}
 	if f.position+length > MaxTotalLen {
@ -649,14 +597,15 @@ func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
 		return nil, errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
-	return f.data[byteBegin:f.position], nil
+	return f.data[byteBegin:f.position], nil*/
 }
 // getTarFileName is similar to GetString(), but creates string based
 // on the length of f.data to reduce the likelihood of overflowing
 // f.data.
 func (f *ConsumeFuzzer) getTarFilename() (string, error) {
-	length, err := f.GetUint32()
+	return f.GetString()
 	/*length, err := f.GetUint32()
 	if err != nil {
 		return "nil", errors.New("not enough bytes to create string")
 	}
@ -664,14 +613,9 @@ func (f *ConsumeFuzzer) getTarFilename() (string, error) {
 	// A bit of optimization to attempt to create a file name
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
-	if remainingBytes == 0 {
+	if remainingBytes <= 0 {
 		return "nil", errors.New("created too large a string")
 	}
 	if remainingBytes < 50 {
 		length = length % remainingBytes
 	} else if f.dataTotal < 500 {
 		length = length % f.dataTotal
 	}
 	if f.position > MaxTotalLen {
 		return "nil", errors.New("created too large a string")
 	}
@ -686,7 +630,12 @@ func (f *ConsumeFuzzer) getTarFilename() (string, error) {
 		return "nil", errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
-	return string(f.data[byteBegin:f.position]), nil
+	return string(f.data[byteBegin:f.position]), nil*/
 }
 type TarFile struct {
 	Hdr  *tar.Header
 	Body []byte
 }
 // TarBytes returns valid bytes for a tar archive
@ -695,28 +644,38 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
 	var tarFiles []*TarFile
 	tarFiles = make([]*TarFile, 0)
-	var buf bytes.Buffer
+	const maxNoOfFiles = 100
 	tw := tar.NewWriter(&buf)
 	defer tw.Close()
 	const maxNoOfFiles = 1000
 	for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
-		filename, err := f.getTarFilename()
+		var filename string
 		var filebody []byte
 		var sec, nsec int
 		var err error
 		filename, err = f.getTarFilename()
 		if err != nil {
-			return returnTarBytes(buf.Bytes())
+			var sb strings.Builder
 			sb.WriteString("file-")
 			sb.WriteString(strconv.Itoa(i))
 			filename = sb.String()
 		}
-		filebody, err := f.createTarFileBody()
+		filebody, err = f.createTarFileBody()
 		if err != nil {
-			return returnTarBytes(buf.Bytes())
+			var sb strings.Builder
 			sb.WriteString("filebody-")
 			sb.WriteString(strconv.Itoa(i))
 			filebody = []byte(sb.String())
 		}
-		sec, err := f.GetInt()
+
 		sec, err = f.GetInt()
 		if err != nil {
-			return returnTarBytes(buf.Bytes())
+			sec = 1672531200 // beginning of 2023
 		}
-		nsec, err := f.GetInt()
+		nsec, err = f.GetInt()
 		if err != nil {
-			return returnTarBytes(buf.Bytes())
+			nsec = 1703980800 // end of 2023
 		}
 		hdr := &tar.Header{
@ -726,21 +685,83 @@ func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
 			ModTime: time.Unix(int64(sec), int64(nsec)),
 		}
 		if err := setTarHeaderTypeflag(hdr, f); err != nil {
-			return returnTarBytes(buf.Bytes())
+			return []byte(""), err
 		}
 		if err := setTarHeaderFormat(hdr, f); err != nil {
-			return returnTarBytes(buf.Bytes())
+			return []byte(""), err
 		}
-		if err := tw.WriteHeader(hdr); err != nil {
+		tf := &TarFile{
-			return returnTarBytes(buf.Bytes())
+			Hdr:  hdr,
-		}
+			Body: filebody,
 		if _, err := tw.Write(filebody); err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		tarFiles = append(tarFiles, tf)
 	}
 	var buf bytes.Buffer
 	tw := tar.NewWriter(&buf)
 	defer tw.Close()
 	for _, tf := range tarFiles {
 		tw.WriteHeader(tf.Hdr)
 		tw.Write(tf.Body)
 	}
 	return buf.Bytes(), nil
 }
 // This is similar to TarBytes, but it returns a series of
 // files instead of raw tar bytes. The advantage of this
 // api is that it is cheaper in terms of cpu power to
 // modify or check the files in the fuzzer with TarFiles()
 // because it avoids creating a tar reader.
 func (f *ConsumeFuzzer) TarFiles() ([]*TarFile, error) {
 	numberOfFiles, err := f.GetInt()
 	if err != nil {
 		return nil, err
 	}
 	var tarFiles []*TarFile
 	tarFiles = make([]*TarFile, 0)
 	const maxNoOfFiles = 100
 	for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
 		filename, err := f.getTarFilename()
 		if err != nil {
 			return tarFiles, err
 		}
 		filebody, err := f.createTarFileBody()
 		if err != nil {
 			return tarFiles, err
 		}
 		sec, err := f.GetInt()
 		if err != nil {
 			return tarFiles, err
 		}
 		nsec, err := f.GetInt()
 		if err != nil {
 			return tarFiles, err
 		}
 		hdr := &tar.Header{
 			Name:    filename,
 			Size:    int64(len(filebody)),
 			Mode:    0o600,
 			ModTime: time.Unix(int64(sec), int64(nsec)),
 		}
 		if err := setTarHeaderTypeflag(hdr, f); err != nil {
 			hdr.Typeflag = tar.TypeReg
 		}
 		if err := setTarHeaderFormat(hdr, f); err != nil {
 			return tarFiles, err // should not happend
 		}
 		tf := &TarFile{
 			Hdr:  hdr,
 			Body: filebody,
 		}
 		tarFiles = append(tarFiles, tf)
 	}
 	return tarFiles, nil
 }
 // CreateFiles creates pseudo-random files in rootDir.
 // It creates subdirs and places the files there.
 // It is the callers responsibility to ensure that
@ -767,10 +788,10 @@ func (f *ConsumeFuzzer) CreateFiles(rootDir string) error {
 				return errors.New("could not get fileName")
 			}
 		}
-		fullFilePath, err := securejoin.SecureJoin(rootDir, fileName)
+		if strings.Contains(fileName, "..") || (len(fileName) > 0 && fileName[0] == 47) || strings.Contains(fileName, "\\") {
-		if err != nil {
+			continue
 			return err
 		}
 		fullFilePath := filepath.Join(rootDir, fileName)
 		// Find the subdirectory of the file
 		if subDir := filepath.Dir(fileName); subDir != "" && subDir != "." {
@ -778,20 +799,14 @@ func (f *ConsumeFuzzer) CreateFiles(rootDir string) error {
 			if strings.Contains(subDir, "../") || (len(subDir) > 0 && subDir[0] == 47) || strings.Contains(subDir, "\\") {
 				continue
 			}
-			dirPath, err := securejoin.SecureJoin(rootDir, subDir)
+			dirPath := filepath.Join(rootDir, subDir)
 			if err != nil {
 				continue
 			}
 			if _, err := os.Stat(dirPath); os.IsNotExist(err) {
 				err2 := os.MkdirAll(dirPath, 0o777)
 				if err2 != nil {
 					continue
 				}
 			}
-			fullFilePath, err = securejoin.SecureJoin(dirPath, fileName)
+			fullFilePath = filepath.Join(dirPath, fileName)
 			if err != nil {
 				continue
 			}
 		} else {
 			// Create symlink
 			createSymlink, err := f.GetBool()
--- a/vendor/github.com/Microsoft/go-winio/.golangci.yml
+++ b/vendor/github.com/Microsoft/go-winio/.golangci.yml
@ -1,19 +1,11 @@
 run:
  skip-dirs:
    - pkg/etw/sample
 linters:
  enable:
    # style
    - containedctx # struct contains a context
    - dupl # duplicate code
    - errname # erorrs are named correctly
    - goconst # strings that should be constants
    - godot # comments end in a period
    - misspell
    - nolintlint # "//nolint" directives are properly explained
    - revive # golint replacement
    - stylecheck # golint replacement, less configurable than revive
    - unconvert # unnecessary conversions
    - wastedassign
@ -23,13 +15,14 @@ linters:
    - exhaustive # check exhaustiveness of enum switch statements
    - gofmt # files are gofmt'ed
    - gosec # security
    - nestif # deeply nested ifs
    - nilerr # returns nil even with non-nil error
-    - prealloc # slices that can be pre-allocated
+    - thelper #  test helpers without t.Helper()
    - structcheck # unused struct fields
    - unparam # unused function params
 issues:
  exclude-dirs:
    - pkg/etw/sample
  exclude-rules:
    # err is very often shadowed in nested scopes
    - linters:
@ -42,6 +35,18 @@ issues:
      text: "^line-length-limit: "
      source: "^//(go:generate|sys) "
    #TODO: remove after upgrading to go1.18
    # ignore comment spacing for nolint and sys directives
    - linters:
        - revive
      text: "^comment-spacings: no space between comment delimiter and comment text"
      source: "//(cspell:|nolint:|sys |todo)"
    # not on go 1.18 yet, so no any
    - linters:
        - revive
      text: "^use-any: since GO 1.18 'interface{}' can be replaced by 'any'"
    # allow unjustified ignores of error checks in defer statements
    - linters:
        - nolintlint
@ -56,15 +61,15 @@ issues:
 linters-settings:
  exhaustive:
    default-signifies-exhaustive: true
  govet:
    enable-all: true
    disable:
      # struct order is often for Win32 compat
      # also, ignore pointer bytes/GC issues for now until performance becomes an issue
      - fieldalignment
    check-shadowing: true
  nolintlint:
    allow-leading-space: false
    require-explanation: true
    require-specific: true
  revive:
@ -98,6 +103,8 @@ linters-settings:
        disabled: true
      - name: flag-parameter # excessive, and a common idiom we use
        disabled: true
      - name: unhandled-error # warns over common fmt.Print* and io.Close; rely on errcheck instead
        disabled: true
      # general config
      - name: line-length-limit
        arguments:
@ -138,7 +145,3 @@ linters-settings:
            - VPCI
            - WCOW
            - WIM
  stylecheck:
    checks:
      - "all"
      - "-ST1003" # use revive's var naming
--- a/vendor/github.com/Microsoft/go-winio/backup.go
+++ b/vendor/github.com/Microsoft/go-winio/backup.go
@ -10,14 +10,14 @@ import (
 	"io"
 	"os"
 	"runtime"
 	"syscall"
 	"unicode/utf16"
 	"github.com/Microsoft/go-winio/internal/fs"
 	"golang.org/x/sys/windows"
 )
-//sys backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupRead
+//sys backupRead(h windows.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupRead
-//sys backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupWrite
+//sys backupWrite(h windows.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupWrite
 const (
 	BackupData = uint32(iota + 1)
@ -104,7 +104,7 @@ func (r *BackupStreamReader) Next() (*BackupHeader, error) {
 		if err := binary.Read(r.r, binary.LittleEndian, name); err != nil {
 			return nil, err
 		}
-		hdr.Name = syscall.UTF16ToString(name)
+		hdr.Name = windows.UTF16ToString(name)
 	}
 	if wsi.StreamID == BackupSparseBlock {
 		if err := binary.Read(r.r, binary.LittleEndian, &hdr.Offset); err != nil {
@ -205,7 +205,7 @@ func NewBackupFileReader(f *os.File, includeSecurity bool) *BackupFileReader {
 // Read reads a backup stream from the file by calling the Win32 API BackupRead().
 func (r *BackupFileReader) Read(b []byte) (int, error) {
 	var bytesRead uint32
-	err := backupRead(syscall.Handle(r.f.Fd()), b, &bytesRead, false, r.includeSecurity, &r.ctx)
+	err := backupRead(windows.Handle(r.f.Fd()), b, &bytesRead, false, r.includeSecurity, &r.ctx)
 	if err != nil {
 		return 0, &os.PathError{Op: "BackupRead", Path: r.f.Name(), Err: err}
 	}
@ -220,7 +220,7 @@ func (r *BackupFileReader) Read(b []byte) (int, error) {
 // the underlying file.
 func (r *BackupFileReader) Close() error {
 	if r.ctx != 0 {
-		_ = backupRead(syscall.Handle(r.f.Fd()), nil, nil, true, false, &r.ctx)
+		_ = backupRead(windows.Handle(r.f.Fd()), nil, nil, true, false, &r.ctx)
 		runtime.KeepAlive(r.f)
 		r.ctx = 0
 	}
@ -244,7 +244,7 @@ func NewBackupFileWriter(f *os.File, includeSecurity bool) *BackupFileWriter {
 // Write restores a portion of the file using the provided backup stream.
 func (w *BackupFileWriter) Write(b []byte) (int, error) {
 	var bytesWritten uint32
-	err := backupWrite(syscall.Handle(w.f.Fd()), b, &bytesWritten, false, w.includeSecurity, &w.ctx)
+	err := backupWrite(windows.Handle(w.f.Fd()), b, &bytesWritten, false, w.includeSecurity, &w.ctx)
 	if err != nil {
 		return 0, &os.PathError{Op: "BackupWrite", Path: w.f.Name(), Err: err}
 	}
@ -259,7 +259,7 @@ func (w *BackupFileWriter) Write(b []byte) (int, error) {
 // close the underlying file.
 func (w *BackupFileWriter) Close() error {
 	if w.ctx != 0 {
-		_ = backupWrite(syscall.Handle(w.f.Fd()), nil, nil, true, false, &w.ctx)
+		_ = backupWrite(windows.Handle(w.f.Fd()), nil, nil, true, false, &w.ctx)
 		runtime.KeepAlive(w.f)
 		w.ctx = 0
 	}
@ -271,17 +271,14 @@ func (w *BackupFileWriter) Close() error {
 //
 // If the file opened was a directory, it cannot be used with Readdir().
 func OpenForBackup(path string, access uint32, share uint32, createmode uint32) (*os.File, error) {
-	winPath, err := syscall.UTF16FromString(path)
+	h, err := fs.CreateFile(path,
-	if err != nil {
+		fs.AccessMask(access),
-		return nil, err
+		fs.FileShareMode(share),
 	}
 	h, err := syscall.CreateFile(&winPath[0],
 		access,
 		share,
 		nil,
-		createmode,
+		fs.FileCreationDisposition(createmode),
-		syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OPEN_REPARSE_POINT,
+		fs.FILE_FLAG_BACKUP_SEMANTICS|fs.FILE_FLAG_OPEN_REPARSE_POINT,
-		0)
+		0,
 	)
 	if err != nil {
 		err = &os.PathError{Op: "open", Path: path, Err: err}
 		return nil, err
--- a/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
@ -11,7 +11,6 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
 	"syscall"
 	"time"
 	"github.com/Microsoft/go-winio"
@ -106,7 +105,7 @@ func BasicInfoHeader(name string, size int64, fileInfo *winio.FileBasicInfo) *ta
 	hdr.PAXRecords[hdrFileAttributes] = fmt.Sprintf("%d", fileInfo.FileAttributes)
 	hdr.PAXRecords[hdrCreationTime] = formatPAXTime(time.Unix(0, fileInfo.CreationTime.Nanoseconds()))
-	if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
+	if (fileInfo.FileAttributes & windows.FILE_ATTRIBUTE_DIRECTORY) != 0 {
 		hdr.Mode |= cISDIR
 		hdr.Size = 0
 		hdr.Typeflag = tar.TypeDir
@ -378,7 +377,7 @@ func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size
 // WriteTarFileFromBackupStream.
 func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *winio.FileBasicInfo, err error) {
 	name = hdr.Name
-	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
+	if hdr.Typeflag == tar.TypeReg {
 		size = hdr.Size
 	}
 	fileInfo = &winio.FileBasicInfo{
@ -396,7 +395,7 @@ func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *win
 		fileInfo.FileAttributes = uint32(attr)
 	} else {
 		if hdr.Typeflag == tar.TypeDir {
-			fileInfo.FileAttributes |= syscall.FILE_ATTRIBUTE_DIRECTORY
+			fileInfo.FileAttributes |= windows.FILE_ATTRIBUTE_DIRECTORY
 		}
 	}
 	if creationTimeStr, ok := hdr.PAXRecords[hdrCreationTime]; ok {
@ -469,7 +468,7 @@ func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (
 		}
 	}
-	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
+	if hdr.Typeflag == tar.TypeReg {
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupData,
 			Size: hdr.Size,
--- a/vendor/github.com/Microsoft/go-winio/file.go
+++ b/vendor/github.com/Microsoft/go-winio/file.go
@ -15,26 +15,11 @@ import (
 	"golang.org/x/sys/windows"
 )
-//sys cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) = CancelIoEx
+//sys cancelIoEx(file windows.Handle, o *windows.Overlapped) (err error) = CancelIoEx
-//sys createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) = CreateIoCompletionPort
+//sys createIoCompletionPort(file windows.Handle, port windows.Handle, key uintptr, threadCount uint32) (newport windows.Handle, err error) = CreateIoCompletionPort
-//sys getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
+//sys getQueuedCompletionStatus(port windows.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) = GetQueuedCompletionStatus
-//sys setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
+//sys setFileCompletionNotificationModes(h windows.Handle, flags uint8) (err error) = SetFileCompletionNotificationModes
-//sys wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
+//sys wsaGetOverlappedResult(h windows.Handle, o *windows.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) = ws2_32.WSAGetOverlappedResult
 type atomicBool int32
 func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
 func (b *atomicBool) setFalse()   { atomic.StoreInt32((*int32)(b), 0) }
 func (b *atomicBool) setTrue()    { atomic.StoreInt32((*int32)(b), 1) }
 //revive:disable-next-line:predeclared Keep "new" to maintain consistency with "atomic" pkg
 func (b *atomicBool) swap(new bool) bool {
 	var newInt int32
 	if new {
 		newInt = 1
 	}
 	return atomic.SwapInt32((*int32)(b), newInt) == 1
 }
 var (
 	ErrFileClosed = errors.New("file has already been closed")
@ -50,7 +35,7 @@ func (*timeoutError) Temporary() bool { return true }
 type timeoutChan chan struct{}
 var ioInitOnce sync.Once
-var ioCompletionPort syscall.Handle
+var ioCompletionPort windows.Handle
 // ioResult contains the result of an asynchronous IO operation.
 type ioResult struct {
@ -60,12 +45,12 @@ type ioResult struct {
 // ioOperation represents an outstanding asynchronous Win32 IO.
 type ioOperation struct {
-	o  syscall.Overlapped
+	o  windows.Overlapped
 	ch chan ioResult
 }
 func initIO() {
-	h, err := createIoCompletionPort(syscall.InvalidHandle, 0, 0, 0xffffffff)
+	h, err := createIoCompletionPort(windows.InvalidHandle, 0, 0, 0xffffffff)
 	if err != nil {
 		panic(err)
 	}
@ -76,10 +61,10 @@ func initIO() {
 // win32File implements Reader, Writer, and Closer on a Win32 handle without blocking in a syscall.
 // It takes ownership of this handle and will close it if it is garbage collected.
 type win32File struct {
-	handle        syscall.Handle
+	handle        windows.Handle
 	wg            sync.WaitGroup
 	wgLock        sync.RWMutex
-	closing       atomicBool
+	closing       atomic.Bool
 	socket        bool
 	readDeadline  deadlineHandler
 	writeDeadline deadlineHandler
@ -90,11 +75,11 @@ type deadlineHandler struct {
 	channel     timeoutChan
 	channelLock sync.RWMutex
 	timer       *time.Timer
-	timedout    atomicBool
+	timedout    atomic.Bool
 }
 // makeWin32File makes a new win32File from an existing file handle.
-func makeWin32File(h syscall.Handle) (*win32File, error) {
+func makeWin32File(h windows.Handle) (*win32File, error) {
 	f := &win32File{handle: h}
 	ioInitOnce.Do(initIO)
 	_, err := createIoCompletionPort(h, ioCompletionPort, 0, 0xffffffff)
@ -110,7 +95,12 @@ func makeWin32File(h syscall.Handle) (*win32File, error) {
 	return f, nil
 }
 // Deprecated: use NewOpenFile instead.
 func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
 	return NewOpenFile(windows.Handle(h))
 }
 func NewOpenFile(h windows.Handle) (io.ReadWriteCloser, error) {
 	// If we return the result of makeWin32File directly, it can result in an
 	// interface-wrapped nil, rather than a nil interface value.
 	f, err := makeWin32File(h)
@ -124,13 +114,13 @@ func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
 func (f *win32File) closeHandle() {
 	f.wgLock.Lock()
 	// Atomically set that we are closing, releasing the resources only once.
-	if !f.closing.swap(true) {
+	if !f.closing.Swap(true) {
 		f.wgLock.Unlock()
 		// cancel all IO and wait for it to complete
 		_ = cancelIoEx(f.handle, nil)
 		f.wg.Wait()
 		// at this point, no new IO can start
-		syscall.Close(f.handle)
+		windows.Close(f.handle)
 		f.handle = 0
 	} else {
 		f.wgLock.Unlock()
@ -145,14 +135,14 @@ func (f *win32File) Close() error {
 // IsClosed checks if the file has been closed.
 func (f *win32File) IsClosed() bool {
-	return f.closing.isSet()
+	return f.closing.Load()
 }
 // prepareIO prepares for a new IO operation.
 // The caller must call f.wg.Done() when the IO is finished, prior to Close() returning.
 func (f *win32File) prepareIO() (*ioOperation, error) {
 	f.wgLock.RLock()
-	if f.closing.isSet() {
+	if f.closing.Load() {
 		f.wgLock.RUnlock()
 		return nil, ErrFileClosed
 	}
@ -164,12 +154,12 @@ func (f *win32File) prepareIO() (*ioOperation, error) {
 }
 // ioCompletionProcessor processes completed async IOs forever.
-func ioCompletionProcessor(h syscall.Handle) {
+func ioCompletionProcessor(h windows.Handle) {
 	for {
 		var bytes uint32
 		var key uintptr
 		var op *ioOperation
-		err := getQueuedCompletionStatus(h, &bytes, &key, &op, syscall.INFINITE)
+		err := getQueuedCompletionStatus(h, &bytes, &key, &op, windows.INFINITE)
 		if op == nil {
 			panic(err)
 		}
@ -182,11 +172,11 @@ func ioCompletionProcessor(h syscall.Handle) {
 // asyncIO processes the return value from ReadFile or WriteFile, blocking until
 // the operation has actually completed.
 func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, err error) (int, error) {
-	if err != syscall.ERROR_IO_PENDING { //nolint:errorlint // err is Errno
+	if err != windows.ERROR_IO_PENDING { //nolint:errorlint // err is Errno
 		return int(bytes), err
 	}
-	if f.closing.isSet() {
+	if f.closing.Load() {
 		_ = cancelIoEx(f.handle, &c.o)
 	}
@ -201,8 +191,8 @@ func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, er
 	select {
 	case r = <-c.ch:
 		err = r.err
-		if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+		if err == windows.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
-			if f.closing.isSet() {
+			if f.closing.Load() {
 				err = ErrFileClosed
 			}
 		} else if err != nil && f.socket {
@ -214,7 +204,7 @@ func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, er
 		_ = cancelIoEx(f.handle, &c.o)
 		r = <-c.ch
 		err = r.err
-		if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+		if err == windows.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
 			err = ErrTimeout
 		}
 	}
@ -235,23 +225,22 @@ func (f *win32File) Read(b []byte) (int, error) {
 	}
 	defer f.wg.Done()
-	if f.readDeadline.timedout.isSet() {
+	if f.readDeadline.timedout.Load() {
 		return 0, ErrTimeout
 	}
 	var bytes uint32
-	err = syscall.ReadFile(f.handle, b, &bytes, &c.o)
+	err = windows.ReadFile(f.handle, b, &bytes, &c.o)
 	n, err := f.asyncIO(c, &f.readDeadline, bytes, err)
 	runtime.KeepAlive(b)
 	// Handle EOF conditions.
 	if err == nil && n == 0 && len(b) != 0 {
 		return 0, io.EOF
-	} else if err == syscall.ERROR_BROKEN_PIPE { //nolint:errorlint // err is Errno
+	} else if err == windows.ERROR_BROKEN_PIPE { //nolint:errorlint // err is Errno
 		return 0, io.EOF
 	} else {
 		return n, err
 	}
 	return n, err
 }
 // Write writes to a file handle.
@ -262,12 +251,12 @@ func (f *win32File) Write(b []byte) (int, error) {
 	}
 	defer f.wg.Done()
-	if f.writeDeadline.timedout.isSet() {
+	if f.writeDeadline.timedout.Load() {
 		return 0, ErrTimeout
 	}
 	var bytes uint32
-	err = syscall.WriteFile(f.handle, b, &bytes, &c.o)
+	err = windows.WriteFile(f.handle, b, &bytes, &c.o)
 	n, err := f.asyncIO(c, &f.writeDeadline, bytes, err)
 	runtime.KeepAlive(b)
 	return n, err
@ -282,7 +271,7 @@ func (f *win32File) SetWriteDeadline(deadline time.Time) error {
 }
 func (f *win32File) Flush() error {
-	return syscall.FlushFileBuffers(f.handle)
+	return windows.FlushFileBuffers(f.handle)
 }
 func (f *win32File) Fd() uintptr {
@ -299,7 +288,7 @@ func (d *deadlineHandler) set(deadline time.Time) error {
 		}
 		d.timer = nil
 	}
-	d.timedout.setFalse()
+	d.timedout.Store(false)
 	select {
 	case <-d.channel:
@ -314,7 +303,7 @@ func (d *deadlineHandler) set(deadline time.Time) error {
 	}
 	timeoutIO := func() {
-		d.timedout.setTrue()
+		d.timedout.Store(true)
 		close(d.channel)
 	}
--- a/vendor/github.com/Microsoft/go-winio/fileinfo.go
+++ b/vendor/github.com/Microsoft/go-winio/fileinfo.go
@ -18,9 +18,18 @@ type FileBasicInfo struct {
 	_                                                       uint32 // padding
 }
 // alignedFileBasicInfo is a FileBasicInfo, but aligned to uint64 by containing
 // uint64 rather than windows.Filetime. Filetime contains two uint32s. uint64
 // alignment is necessary to pass this as FILE_BASIC_INFO.
 type alignedFileBasicInfo struct {
 	CreationTime, LastAccessTime, LastWriteTime, ChangeTime uint64
 	FileAttributes                                          uint32
 	_                                                       uint32 // padding
 }
 // GetFileBasicInfo retrieves times and attributes for a file.
 func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
-	bi := &FileBasicInfo{}
+	bi := &alignedFileBasicInfo{}
 	if err := windows.GetFileInformationByHandleEx(
 		windows.Handle(f.Fd()),
 		windows.FileBasicInfo,
@ -30,16 +39,21 @@ func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
-	return bi, nil
+	// Reinterpret the alignedFileBasicInfo as a FileBasicInfo so it matches the
 	// public API of this module. The data may be unnecessarily aligned.
 	return (*FileBasicInfo)(unsafe.Pointer(bi)), nil
 }
 // SetFileBasicInfo sets times and attributes for a file.
 func SetFileBasicInfo(f *os.File, bi *FileBasicInfo) error {
 	// Create an alignedFileBasicInfo based on a FileBasicInfo. The copy is
 	// suitable to pass to GetFileInformationByHandleEx.
 	biAligned := *(*alignedFileBasicInfo)(unsafe.Pointer(bi))
 	if err := windows.SetFileInformationByHandle(
 		windows.Handle(f.Fd()),
 		windows.FileBasicInfo,
-		(*byte)(unsafe.Pointer(bi)),
+		(*byte)(unsafe.Pointer(&biAligned)),
-		uint32(unsafe.Sizeof(*bi)),
+		uint32(unsafe.Sizeof(biAligned)),
 	); err != nil {
 		return &os.PathError{Op: "SetFileInformationByHandle", Path: f.Name(), Err: err}
 	}
--- a/vendor/github.com/Microsoft/go-winio/hvsock.go
+++ b/vendor/github.com/Microsoft/go-winio/hvsock.go
@ -10,7 +10,6 @@ import (
 	"io"
 	"net"
 	"os"
 	"syscall"
 	"time"
 	"unsafe"
@ -23,7 +22,7 @@ import (
 const afHVSock = 34 // AF_HYPERV
 // Well known Service and VM IDs
-//https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
+// https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
 // HvsockGUIDWildcard is the wildcard VmId for accepting connections from all partitions.
 func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
@ -31,7 +30,7 @@ func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
 }
 // HvsockGUIDBroadcast is the wildcard VmId for broadcasting sends to all partitions.
-func HvsockGUIDBroadcast() guid.GUID { //ffffffff-ffff-ffff-ffff-ffffffffffff
+func HvsockGUIDBroadcast() guid.GUID { // ffffffff-ffff-ffff-ffff-ffffffffffff
 	return guid.GUID{
 		Data1: 0xffffffff,
 		Data2: 0xffff,
@ -181,13 +180,13 @@ type HvsockConn struct {
 var _ net.Conn = &HvsockConn{}
 func newHVSocket() (*win32File, error) {
-	fd, err := syscall.Socket(afHVSock, syscall.SOCK_STREAM, 1)
+	fd, err := windows.Socket(afHVSock, windows.SOCK_STREAM, 1)
 	if err != nil {
 		return nil, os.NewSyscallError("socket", err)
 	}
 	f, err := makeWin32File(fd)
 	if err != nil {
-		syscall.Close(fd)
+		windows.Close(fd)
 		return nil, err
 	}
 	f.socket = true
@ -197,16 +196,24 @@ func newHVSocket() (*win32File, error) {
 // ListenHvsock listens for connections on the specified hvsock address.
 func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
 	l := &HvsockListener{addr: *addr}
-	sock, err := newHVSocket()
+
 	var sock *win32File
 	sock, err = newHVSocket()
 	if err != nil {
 		return nil, l.opErr("listen", err)
 	}
 	defer func() {
 		if err != nil {
 			_ = sock.Close()
 		}
 	}()
 	sa := addr.raw()
-	err = socket.Bind(windows.Handle(sock.handle), &sa)
+	err = socket.Bind(sock.handle, &sa)
 	if err != nil {
 		return nil, l.opErr("listen", os.NewSyscallError("socket", err))
 	}
-	err = syscall.Listen(sock.handle, 16)
+	err = windows.Listen(sock.handle, 16)
 	if err != nil {
 		return nil, l.opErr("listen", os.NewSyscallError("listen", err))
 	}
@ -246,7 +253,7 @@ func (l *HvsockListener) Accept() (_ net.Conn, err error) {
 	var addrbuf [addrlen * 2]byte
 	var bytes uint32
-	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /*rxdatalen*/, addrlen, addrlen, &bytes, &c.o)
+	err = windows.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /* rxdatalen */, addrlen, addrlen, &bytes, &c.o)
 	if _, err = l.sock.asyncIO(c, nil, bytes, err); err != nil {
 		return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
 	}
@ -263,7 +270,7 @@ func (l *HvsockListener) Accept() (_ net.Conn, err error) {
 	conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
 	// initialize the accepted socket and update its properties with those of the listening socket
-	if err = windows.Setsockopt(windows.Handle(sock.handle),
+	if err = windows.Setsockopt(sock.handle,
 		windows.SOL_SOCKET, windows.SO_UPDATE_ACCEPT_CONTEXT,
 		(*byte)(unsafe.Pointer(&l.sock.handle)), int32(unsafe.Sizeof(l.sock.handle))); err != nil {
 		return nil, conn.opErr("accept", os.NewSyscallError("setsockopt", err))
@ -334,7 +341,7 @@ func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *Hvsock
 	}()
 	sa := addr.raw()
-	err = socket.Bind(windows.Handle(sock.handle), &sa)
+	err = socket.Bind(sock.handle, &sa)
 	if err != nil {
 		return nil, conn.opErr(op, os.NewSyscallError("bind", err))
 	}
@ -347,7 +354,7 @@ func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *Hvsock
 	var bytes uint32
 	for i := uint(0); i <= d.Retries; i++ {
 		err = socket.ConnectEx(
-			windows.Handle(sock.handle),
+			sock.handle,
 			&sa,
 			nil, // sendBuf
 			0,   // sendDataLen
@ -367,7 +374,7 @@ func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *Hvsock
 	// update the connection properties, so shutdown can be used
 	if err = windows.Setsockopt(
-		windows.Handle(sock.handle),
+		sock.handle,
 		windows.SOL_SOCKET,
 		windows.SO_UPDATE_CONNECT_CONTEXT,
 		nil, // optvalue
@ -378,7 +385,7 @@ func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *Hvsock
 	// get the local name
 	var sal rawHvsockAddr
-	err = socket.GetSockName(windows.Handle(sock.handle), &sal)
+	err = socket.GetSockName(sock.handle, &sal)
 	if err != nil {
 		return nil, conn.opErr(op, os.NewSyscallError("getsockname", err))
 	}
@ -421,7 +428,7 @@ func (d *HvsockDialer) redialWait(ctx context.Context) (err error) {
 	return ctx.Err()
 }
-// assumes error is a plain, unwrapped syscall.Errno provided by direct syscall.
+// assumes error is a plain, unwrapped windows.Errno provided by direct syscall.
 func canRedial(err error) bool {
 	//nolint:errorlint // guaranteed to be an Errno
 	switch err {
@ -447,9 +454,9 @@ func (conn *HvsockConn) Read(b []byte) (int, error) {
 		return 0, conn.opErr("read", err)
 	}
 	defer conn.sock.wg.Done()
-	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	buf := windows.WSABuf{Buf: &b[0], Len: uint32(len(b))}
 	var flags, bytes uint32
-	err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
+	err = windows.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
 	n, err := conn.sock.asyncIO(c, &conn.sock.readDeadline, bytes, err)
 	if err != nil {
 		var eno windows.Errno
@ -482,9 +489,9 @@ func (conn *HvsockConn) write(b []byte) (int, error) {
 		return 0, conn.opErr("write", err)
 	}
 	defer conn.sock.wg.Done()
-	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
+	buf := windows.WSABuf{Buf: &b[0], Len: uint32(len(b))}
 	var bytes uint32
-	err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
+	err = windows.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
 	n, err := conn.sock.asyncIO(c, &conn.sock.writeDeadline, bytes, err)
 	if err != nil {
 		var eno windows.Errno
@ -511,7 +518,7 @@ func (conn *HvsockConn) shutdown(how int) error {
 		return socket.ErrSocketClosed
 	}
-	err := syscall.Shutdown(conn.sock.handle, how)
+	err := windows.Shutdown(conn.sock.handle, how)
 	if err != nil {
 		// If the connection was closed, shutdowns fail with "not connected"
 		if errors.Is(err, windows.WSAENOTCONN) ||
@ -525,7 +532,7 @@ func (conn *HvsockConn) shutdown(how int) error {
 // CloseRead shuts down the read end of the socket, preventing future read operations.
 func (conn *HvsockConn) CloseRead() error {
-	err := conn.shutdown(syscall.SHUT_RD)
+	err := conn.shutdown(windows.SHUT_RD)
 	if err != nil {
 		return conn.opErr("closeread", err)
 	}
@ -535,7 +542,7 @@ func (conn *HvsockConn) CloseRead() error {
 // CloseWrite shuts down the write end of the socket, preventing future write operations and
 // notifying the other endpoint that no more data will be written.
 func (conn *HvsockConn) CloseWrite() error {
-	err := conn.shutdown(syscall.SHUT_WR)
+	err := conn.shutdown(windows.SHUT_WR)
 	if err != nil {
 		return conn.opErr("closewrite", err)
 	}
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
@ -0,0 +1,2 @@
 // This package contains Win32 filesystem functionality.
 package fs
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
@ -0,0 +1,262 @@
 //go:build windows
 package fs
 import (
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/stringbuffer"
 )
 //go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go fs.go
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew
 //sys CreateFile(name string, access AccessMask, mode FileShareMode, sa *windows.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) [failretval==windows.InvalidHandle] = CreateFileW
 const NullHandle windows.Handle = 0
 // AccessMask defines standard, specific, and generic rights.
 //
 // Used with CreateFile and NtCreateFile (and co.).
 //
 //	Bitmask:
 //	 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
 //	 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
 //	+---------------+---------------+-------------------------------+
 //	|G|G|G|G|Resvd|A| StandardRights|         SpecificRights        |
 //	|R|W|E|A|     |S|               |                               |
 //	+-+-------------+---------------+-------------------------------+
 //
 //	GR     Generic Read
 //	GW     Generic Write
 //	GE     Generic Exectue
 //	GA     Generic All
 //	Resvd  Reserved
 //	AS     Access Security System
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/access-mask
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/generic-access-rights
 //
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-access-rights-constants
 type AccessMask = windows.ACCESS_MASK
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// Not actually any.
 	//
 	// For CreateFile: "query certain metadata such as file, directory, or device attributes without accessing that file or device"
 	// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew#parameters
 	FILE_ANY_ACCESS AccessMask = 0
 	GENERIC_READ           AccessMask = 0x8000_0000
 	GENERIC_WRITE          AccessMask = 0x4000_0000
 	GENERIC_EXECUTE        AccessMask = 0x2000_0000
 	GENERIC_ALL            AccessMask = 0x1000_0000
 	ACCESS_SYSTEM_SECURITY AccessMask = 0x0100_0000
 	// Specific Object Access
 	// from ntioapi.h
 	FILE_READ_DATA      AccessMask = (0x0001) // file & pipe
 	FILE_LIST_DIRECTORY AccessMask = (0x0001) // directory
 	FILE_WRITE_DATA AccessMask = (0x0002) // file & pipe
 	FILE_ADD_FILE   AccessMask = (0x0002) // directory
 	FILE_APPEND_DATA          AccessMask = (0x0004) // file
 	FILE_ADD_SUBDIRECTORY     AccessMask = (0x0004) // directory
 	FILE_CREATE_PIPE_INSTANCE AccessMask = (0x0004) // named pipe
 	FILE_READ_EA         AccessMask = (0x0008) // file & directory
 	FILE_READ_PROPERTIES AccessMask = FILE_READ_EA
 	FILE_WRITE_EA         AccessMask = (0x0010) // file & directory
 	FILE_WRITE_PROPERTIES AccessMask = FILE_WRITE_EA
 	FILE_EXECUTE  AccessMask = (0x0020) // file
 	FILE_TRAVERSE AccessMask = (0x0020) // directory
 	FILE_DELETE_CHILD AccessMask = (0x0040) // directory
 	FILE_READ_ATTRIBUTES AccessMask = (0x0080) // all
 	FILE_WRITE_ATTRIBUTES AccessMask = (0x0100) // all
 	FILE_ALL_ACCESS      AccessMask = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
 	FILE_GENERIC_READ    AccessMask = (STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE)
 	FILE_GENERIC_WRITE   AccessMask = (STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE)
 	FILE_GENERIC_EXECUTE AccessMask = (STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE)
 	SPECIFIC_RIGHTS_ALL AccessMask = 0x0000FFFF
 	// Standard Access
 	// from ntseapi.h
 	DELETE       AccessMask = 0x0001_0000
 	READ_CONTROL AccessMask = 0x0002_0000
 	WRITE_DAC    AccessMask = 0x0004_0000
 	WRITE_OWNER  AccessMask = 0x0008_0000
 	SYNCHRONIZE  AccessMask = 0x0010_0000
 	STANDARD_RIGHTS_REQUIRED AccessMask = 0x000F_0000
 	STANDARD_RIGHTS_READ    AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_WRITE   AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_EXECUTE AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_ALL AccessMask = 0x001F_0000
 )
 type FileShareMode uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	FILE_SHARE_NONE        FileShareMode = 0x00
 	FILE_SHARE_READ        FileShareMode = 0x01
 	FILE_SHARE_WRITE       FileShareMode = 0x02
 	FILE_SHARE_DELETE      FileShareMode = 0x04
 	FILE_SHARE_VALID_FLAGS FileShareMode = 0x07
 )
 type FileCreationDisposition uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// from winbase.h
 	CREATE_NEW        FileCreationDisposition = 0x01
 	CREATE_ALWAYS     FileCreationDisposition = 0x02
 	OPEN_EXISTING     FileCreationDisposition = 0x03
 	OPEN_ALWAYS       FileCreationDisposition = 0x04
 	TRUNCATE_EXISTING FileCreationDisposition = 0x05
 )
 // Create disposition values for NtCreate*
 type NTFileCreationDisposition uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// From ntioapi.h
 	FILE_SUPERSEDE           NTFileCreationDisposition = 0x00
 	FILE_OPEN                NTFileCreationDisposition = 0x01
 	FILE_CREATE              NTFileCreationDisposition = 0x02
 	FILE_OPEN_IF             NTFileCreationDisposition = 0x03
 	FILE_OVERWRITE           NTFileCreationDisposition = 0x04
 	FILE_OVERWRITE_IF        NTFileCreationDisposition = 0x05
 	FILE_MAXIMUM_DISPOSITION NTFileCreationDisposition = 0x05
 )
 // CreateFile and co. take flags or attributes together as one parameter.
 // Define alias until we can use generics to allow both
 //
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
 type FileFlagOrAttribute uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// from winnt.h
 	FILE_FLAG_WRITE_THROUGH       FileFlagOrAttribute = 0x8000_0000
 	FILE_FLAG_OVERLAPPED          FileFlagOrAttribute = 0x4000_0000
 	FILE_FLAG_NO_BUFFERING        FileFlagOrAttribute = 0x2000_0000
 	FILE_FLAG_RANDOM_ACCESS       FileFlagOrAttribute = 0x1000_0000
 	FILE_FLAG_SEQUENTIAL_SCAN     FileFlagOrAttribute = 0x0800_0000
 	FILE_FLAG_DELETE_ON_CLOSE     FileFlagOrAttribute = 0x0400_0000
 	FILE_FLAG_BACKUP_SEMANTICS    FileFlagOrAttribute = 0x0200_0000
 	FILE_FLAG_POSIX_SEMANTICS     FileFlagOrAttribute = 0x0100_0000
 	FILE_FLAG_OPEN_REPARSE_POINT  FileFlagOrAttribute = 0x0020_0000
 	FILE_FLAG_OPEN_NO_RECALL      FileFlagOrAttribute = 0x0010_0000
 	FILE_FLAG_FIRST_PIPE_INSTANCE FileFlagOrAttribute = 0x0008_0000
 )
 // NtCreate* functions take a dedicated CreateOptions parameter.
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/Winternl/nf-winternl-ntcreatefile
 //
 // https://learn.microsoft.com/en-us/windows/win32/devnotes/nt-create-named-pipe-file
 type NTCreateOptions uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// From ntioapi.h
 	FILE_DIRECTORY_FILE            NTCreateOptions = 0x0000_0001
 	FILE_WRITE_THROUGH             NTCreateOptions = 0x0000_0002
 	FILE_SEQUENTIAL_ONLY           NTCreateOptions = 0x0000_0004
 	FILE_NO_INTERMEDIATE_BUFFERING NTCreateOptions = 0x0000_0008
 	FILE_SYNCHRONOUS_IO_ALERT    NTCreateOptions = 0x0000_0010
 	FILE_SYNCHRONOUS_IO_NONALERT NTCreateOptions = 0x0000_0020
 	FILE_NON_DIRECTORY_FILE      NTCreateOptions = 0x0000_0040
 	FILE_CREATE_TREE_CONNECTION  NTCreateOptions = 0x0000_0080
 	FILE_COMPLETE_IF_OPLOCKED NTCreateOptions = 0x0000_0100
 	FILE_NO_EA_KNOWLEDGE      NTCreateOptions = 0x0000_0200
 	FILE_DISABLE_TUNNELING    NTCreateOptions = 0x0000_0400
 	FILE_RANDOM_ACCESS        NTCreateOptions = 0x0000_0800
 	FILE_DELETE_ON_CLOSE        NTCreateOptions = 0x0000_1000
 	FILE_OPEN_BY_FILE_ID        NTCreateOptions = 0x0000_2000
 	FILE_OPEN_FOR_BACKUP_INTENT NTCreateOptions = 0x0000_4000
 	FILE_NO_COMPRESSION         NTCreateOptions = 0x0000_8000
 )
 type FileSQSFlag = FileFlagOrAttribute
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// from winbase.h
 	SECURITY_ANONYMOUS      FileSQSFlag = FileSQSFlag(SecurityAnonymous << 16)
 	SECURITY_IDENTIFICATION FileSQSFlag = FileSQSFlag(SecurityIdentification << 16)
 	SECURITY_IMPERSONATION  FileSQSFlag = FileSQSFlag(SecurityImpersonation << 16)
 	SECURITY_DELEGATION     FileSQSFlag = FileSQSFlag(SecurityDelegation << 16)
 	SECURITY_SQOS_PRESENT     FileSQSFlag = 0x0010_0000
 	SECURITY_VALID_SQOS_FLAGS FileSQSFlag = 0x001F_0000
 )
 // GetFinalPathNameByHandle flags
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew#parameters
 type GetFinalPathFlag uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	GetFinalPathDefaultFlag GetFinalPathFlag = 0x0
 	FILE_NAME_NORMALIZED GetFinalPathFlag = 0x0
 	FILE_NAME_OPENED     GetFinalPathFlag = 0x8
 	VOLUME_NAME_DOS  GetFinalPathFlag = 0x0
 	VOLUME_NAME_GUID GetFinalPathFlag = 0x1
 	VOLUME_NAME_NT   GetFinalPathFlag = 0x2
 	VOLUME_NAME_NONE GetFinalPathFlag = 0x4
 )
 // getFinalPathNameByHandle facilitates calling the Windows API GetFinalPathNameByHandle
 // with the given handle and flags. It transparently takes care of creating a buffer of the
 // correct size for the call.
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew
 func GetFinalPathNameByHandle(h windows.Handle, flags GetFinalPathFlag) (string, error) {
 	b := stringbuffer.NewWString()
 	//TODO: can loop infinitely if Win32 keeps returning the same (or a larger) n?
 	for {
 		n, err := windows.GetFinalPathNameByHandle(h, b.Pointer(), b.Cap(), uint32(flags))
 		if err != nil {
 			return "", err
 		}
 		// If the buffer wasn't large enough, n will be the total size needed (including null terminator).
 		// Resize and try again.
 		if n > b.Cap() {
 			b.ResizeTo(n)
 			continue
 		}
 		// If the buffer is large enough, n will be the size not including the null terminator.
 		// Convert to a Go string and return.
 		return b.String(), nil
 	}
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
@ -0,0 +1,12 @@
 package fs
 // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-security_impersonation_level
 type SecurityImpersonationLevel int32 // C default enums underlying type is `int`, which is Go `int32`
 // Impersonation levels
 const (
 	SecurityAnonymous      SecurityImpersonationLevel = 0
 	SecurityIdentification SecurityImpersonationLevel = 1
 	SecurityImpersonation  SecurityImpersonationLevel = 2
 	SecurityDelegation     SecurityImpersonationLevel = 3
 )
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
@ -0,0 +1,61 @@
 //go:build windows
 // Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 package fs
 import (
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 	errERROR_EINVAL     error = syscall.EINVAL
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	return e
 }
 var (
 	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
 	procCreateFileW = modkernel32.NewProc("CreateFileW")
 )
 func CreateFile(name string, access AccessMask, mode FileShareMode, sa *windows.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return
 	}
 	return _CreateFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 func _CreateFile(name *uint16, access AccessMask, mode FileShareMode, sa *windows.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	r0, _, e1 := syscall.SyscallN(procCreateFileW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile))
 	handle = windows.Handle(r0)
 	if handle == windows.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
@ -100,8 +100,8 @@ func (f *runtimeFunc) Load() error {
 			(*byte)(unsafe.Pointer(&f.addr)),
 			uint32(unsafe.Sizeof(f.addr)),
 			&n,
-			nil, //overlapped
+			nil, // overlapped
-			0,   //completionRoutine
+			0,   // completionRoutine
 		)
 	})
 	return f.err
@ -156,9 +156,7 @@ func connectEx(
 	bytesSent *uint32,
 	overlapped *windows.Overlapped,
 ) (err error) {
-	// todo: after upgrading to 1.18, switch from syscall.Syscall9 to syscall.SyscallN
+	r1, _, e1 := syscall.SyscallN(connectExFunc.addr,
 	r1, _, e1 := syscall.Syscall9(connectExFunc.addr,
 		7,
 		uintptr(s),
 		uintptr(name),
 		uintptr(namelen),
@ -166,8 +164,8 @@ func connectEx(
 		uintptr(sendDataLen),
 		uintptr(unsafe.Pointer(bytesSent)),
 		uintptr(unsafe.Pointer(overlapped)),
-		0,
+	)
-		0)
+
 	if r1 == 0 {
 		if e1 != 0 {
 			err = error(e1)
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -48,7 +45,7 @@ var (
 )
 func bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
+	r1, _, e1 := syscall.SyscallN(procbind.Addr(), uintptr(s), uintptr(name), uintptr(namelen))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
@ -56,7 +53,7 @@ func bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) {
 }
 func getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
+	r1, _, e1 := syscall.SyscallN(procgetpeername.Addr(), uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
@ -64,7 +61,7 @@ func getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err err
 }
 func getsockname(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
-	r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
+	r1, _, e1 := syscall.SyscallN(procgetsockname.Addr(), uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
--- a/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
@ -0,0 +1,132 @@
 package stringbuffer
 import (
 	"sync"
 	"unicode/utf16"
 )
 // TODO: worth exporting and using in mkwinsyscall?
 // Uint16BufferSize is the buffer size in the pool, chosen somewhat arbitrarily to accommodate
 // large path strings:
 // MAX_PATH (260) + size of volume GUID prefix (49) + null terminator = 310.
 const MinWStringCap = 310
 // use *[]uint16 since []uint16 creates an extra allocation where the slice header
 // is copied to heap and then referenced via pointer in the interface header that sync.Pool
 // stores.
 var pathPool = sync.Pool{ // if go1.18+ adds Pool[T], use that to store []uint16 directly
 	New: func() interface{} {
 		b := make([]uint16, MinWStringCap)
 		return &b
 	},
 }
 func newBuffer() []uint16 { return *(pathPool.Get().(*[]uint16)) }
 // freeBuffer copies the slice header data, and puts a pointer to that in the pool.
 // This avoids taking a pointer to the slice header in WString, which can be set to nil.
 func freeBuffer(b []uint16) { pathPool.Put(&b) }
 // WString is a wide string buffer ([]uint16) meant for storing UTF-16 encoded strings
 // for interacting with Win32 APIs.
 // Sizes are specified as uint32 and not int.
 //
 // It is not thread safe.
 type WString struct {
 	// type-def allows casting to []uint16 directly, use struct to prevent that and allow adding fields in the future.
 	// raw buffer
 	b []uint16
 }
 // NewWString returns a [WString] allocated from a shared pool with an
 // initial capacity of at least [MinWStringCap].
 // Since the buffer may have been previously used, its contents are not guaranteed to be empty.
 //
 // The buffer should be freed via [WString.Free]
 func NewWString() *WString {
 	return &WString{
 		b: newBuffer(),
 	}
 }
 func (b *WString) Free() {
 	if b.empty() {
 		return
 	}
 	freeBuffer(b.b)
 	b.b = nil
 }
 // ResizeTo grows the buffer to at least c and returns the new capacity, freeing the
 // previous buffer back into pool.
 func (b *WString) ResizeTo(c uint32) uint32 {
 	// already sufficient (or n is 0)
 	if c <= b.Cap() {
 		return b.Cap()
 	}
 	if c <= MinWStringCap {
 		c = MinWStringCap
 	}
 	// allocate at-least double buffer size, as is done in [bytes.Buffer] and other places
 	if c <= 2*b.Cap() {
 		c = 2 * b.Cap()
 	}
 	b2 := make([]uint16, c)
 	if !b.empty() {
 		copy(b2, b.b)
 		freeBuffer(b.b)
 	}
 	b.b = b2
 	return c
 }
 // Buffer returns the underlying []uint16 buffer.
 func (b *WString) Buffer() []uint16 {
 	if b.empty() {
 		return nil
 	}
 	return b.b
 }
 // Pointer returns a pointer to the first uint16 in the buffer.
 // If the [WString.Free] has already been called, the pointer will be nil.
 func (b *WString) Pointer() *uint16 {
 	if b.empty() {
 		return nil
 	}
 	return &b.b[0]
 }
 // String returns the returns the UTF-8 encoding of the UTF-16 string in the buffer.
 //
 // It assumes that the data is null-terminated.
 func (b *WString) String() string {
 	// Using [windows.UTF16ToString] would require importing "golang.org/x/sys/windows"
 	// and would make this code Windows-only, which makes no sense.
 	// So copy UTF16ToString code into here.
 	// If other windows-specific code is added, switch to [windows.UTF16ToString]
 	s := b.b
 	for i, v := range s {
 		if v == 0 {
 			s = s[:i]
 			break
 		}
 	}
 	return string(utf16.Decode(s))
 }
 // Cap returns the underlying buffer capacity.
 func (b *WString) Cap() uint32 {
 	if b.empty() {
 		return 0
 	}
 	return b.cap()
 }
 func (b *WString) cap() uint32 { return uint32(cap(b.b)) }
 func (b *WString) empty() bool { return b == nil || b.cap() == 0 }
--- a/vendor/github.com/Microsoft/go-winio/pipe.go
+++ b/vendor/github.com/Microsoft/go-winio/pipe.go
@ -11,28 +11,52 @@ import (
 	"net"
 	"os"
 	"runtime"
 	"syscall"
 	"time"
 	"unsafe"
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/fs"
 )
-//sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
+//sys connectNamedPipe(pipe windows.Handle, o *windows.Overlapped) (err error) = ConnectNamedPipe
-//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error)  [failretval==syscall.InvalidHandle] = CreateNamedPipeW
+//sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *windows.SecurityAttributes) (handle windows.Handle, err error)  [failretval==windows.InvalidHandle] = CreateNamedPipeW
-//sys createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW
+//sys disconnectNamedPipe(pipe windows.Handle) (err error) = DisconnectNamedPipe
-//sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
+//sys getNamedPipeInfo(pipe windows.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
-//sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
+//sys getNamedPipeHandleState(pipe windows.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
-//sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
+//sys ntCreateNamedPipeFile(pipe *windows.Handle, access ntAccessMask, oa *objectAttributes, iosb *ioStatusBlock, share ntFileShareMode, disposition ntFileCreationDisposition, options ntFileOptions, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) = ntdll.NtCreateNamedPipeFile
 //sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) = ntdll.NtCreateNamedPipeFile
 //sys rtlNtStatusToDosError(status ntStatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
 //sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntStatus) = ntdll.RtlDosPathNameToNtPathName_U
 //sys rtlDefaultNpAcl(dacl *uintptr) (status ntStatus) = ntdll.RtlDefaultNpAcl
 type PipeConn interface {
 	net.Conn
 	Disconnect() error
 	Flush() error
 }
 // type aliases for mkwinsyscall code
 type (
 	ntAccessMask              = fs.AccessMask
 	ntFileShareMode           = fs.FileShareMode
 	ntFileCreationDisposition = fs.NTFileCreationDisposition
 	ntFileOptions             = fs.NTCreateOptions
 )
 type ioStatusBlock struct {
 	Status, Information uintptr
 }
 //	typedef struct _OBJECT_ATTRIBUTES {
 //	  ULONG           Length;
 //	  HANDLE          RootDirectory;
 //	  PUNICODE_STRING ObjectName;
 //	  ULONG           Attributes;
 //	  PVOID           SecurityDescriptor;
 //	  PVOID           SecurityQualityOfService;
 //	} OBJECT_ATTRIBUTES;
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-_object_attributes
 type objectAttributes struct {
 	Length             uintptr
 	RootDirectory      uintptr
@ -48,6 +72,17 @@ type unicodeString struct {
 	Buffer        uintptr
 }
 //	typedef struct _SECURITY_DESCRIPTOR {
 //	  BYTE                        Revision;
 //	  BYTE                        Sbz1;
 //	  SECURITY_DESCRIPTOR_CONTROL Control;
 //	  PSID                        Owner;
 //	  PSID                        Group;
 //	  PACL                        Sacl;
 //	  PACL                        Dacl;
 //	} SECURITY_DESCRIPTOR, *PISECURITY_DESCRIPTOR;
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-security_descriptor
 type securityDescriptor struct {
 	Revision byte
 	Sbz1     byte
@ -79,6 +114,8 @@ type win32Pipe struct {
 	path string
 }
 var _ PipeConn = (*win32Pipe)(nil)
 type win32MessageBytePipe struct {
 	win32Pipe
 	writeClosed bool
@ -102,6 +139,10 @@ func (f *win32Pipe) SetDeadline(t time.Time) error {
 	return f.SetWriteDeadline(t)
 }
 func (f *win32Pipe) Disconnect() error {
 	return disconnectNamedPipe(f.win32File.handle)
 }
 // CloseWrite closes the write side of a message pipe in byte mode.
 func (f *win32MessageBytePipe) CloseWrite() error {
 	if f.writeClosed {
@ -145,7 +186,7 @@ func (f *win32MessageBytePipe) Read(b []byte) (int, error) {
 		// zero-byte message, ensure that all future Read() calls
 		// also return EOF.
 		f.readEOF = true
-	} else if err == syscall.ERROR_MORE_DATA { //nolint:errorlint // err is Errno
+	} else if err == windows.ERROR_MORE_DATA { //nolint:errorlint // err is Errno
 		// ERROR_MORE_DATA indicates that the pipe's read mode is message mode
 		// and the message still has more bytes. Treat this as a success, since
 		// this package presents all named pipes as byte streams.
@ -163,19 +204,20 @@ func (s pipeAddress) String() string {
 }
 // tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
-func tryDialPipe(ctx context.Context, path *string, access uint32) (syscall.Handle, error) {
+func tryDialPipe(ctx context.Context, path *string, access fs.AccessMask, impLevel PipeImpLevel) (windows.Handle, error) {
 	for {
 		select {
 		case <-ctx.Done():
-			return syscall.Handle(0), ctx.Err()
+			return windows.Handle(0), ctx.Err()
 		default:
-			h, err := createFile(*path,
+			h, err := fs.CreateFile(*path,
 				access,
-				0,
+				0,   // mode
-				nil,
+				nil, // security attributes
-				syscall.OPEN_EXISTING,
+				fs.OPEN_EXISTING,
-				windows.FILE_FLAG_OVERLAPPED|windows.SECURITY_SQOS_PRESENT|windows.SECURITY_ANONYMOUS,
+				fs.FILE_FLAG_OVERLAPPED|fs.SECURITY_SQOS_PRESENT|fs.FileSQSFlag(impLevel),
-				0)
+				0, // template file handle
 			)
 			if err == nil {
 				return h, nil
 			}
@ -211,15 +253,33 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 // DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
 // cancellation or timeout.
 func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
-	return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE)
+	return DialPipeAccess(ctx, path, uint32(fs.GENERIC_READ|fs.GENERIC_WRITE))
 }
 // PipeImpLevel is an enumeration of impersonation levels that may be set
 // when calling DialPipeAccessImpersonation.
 type PipeImpLevel uint32
 const (
 	PipeImpLevelAnonymous      = PipeImpLevel(fs.SECURITY_ANONYMOUS)
 	PipeImpLevelIdentification = PipeImpLevel(fs.SECURITY_IDENTIFICATION)
 	PipeImpLevelImpersonation  = PipeImpLevel(fs.SECURITY_IMPERSONATION)
 	PipeImpLevelDelegation     = PipeImpLevel(fs.SECURITY_DELEGATION)
 )
 // DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx`
 // cancellation or timeout.
 func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
 	return DialPipeAccessImpLevel(ctx, path, access, PipeImpLevelAnonymous)
 }
 // DialPipeAccessImpLevel attempts to connect to a named pipe by `path` with
 // `access` at `impLevel` until `ctx` cancellation or timeout. The other
 // DialPipe* implementations use PipeImpLevelAnonymous.
 func DialPipeAccessImpLevel(ctx context.Context, path string, access uint32, impLevel PipeImpLevel) (net.Conn, error) {
 	var err error
-	var h syscall.Handle
+	var h windows.Handle
-	h, err = tryDialPipe(ctx, &path, access)
+	h, err = tryDialPipe(ctx, &path, fs.AccessMask(access), impLevel)
 	if err != nil {
 		return nil, err
 	}
@ -232,7 +292,7 @@ func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn,
 	f, err := makeWin32File(h)
 	if err != nil {
-		syscall.Close(h)
+		windows.Close(h)
 		return nil, err
 	}
@ -252,7 +312,7 @@ type acceptResponse struct {
 }
 type win32PipeListener struct {
-	firstHandle syscall.Handle
+	firstHandle windows.Handle
 	path        string
 	config      PipeConfig
 	acceptCh    chan (chan acceptResponse)
@ -260,8 +320,8 @@ type win32PipeListener struct {
 	doneCh      chan int
 }
-func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (syscall.Handle, error) {
+func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (windows.Handle, error) {
-	path16, err := syscall.UTF16FromString(path)
+	path16, err := windows.UTF16FromString(path)
 	if err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
@ -277,15 +337,20 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 	).Err(); err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
-	defer localFree(ntPath.Buffer)
+	defer windows.LocalFree(windows.Handle(ntPath.Buffer)) //nolint:errcheck
 	oa.ObjectName = &ntPath
 	oa.Attributes = windows.OBJ_CASE_INSENSITIVE
 	// The security descriptor is only needed for the first pipe.
 	if first {
 		if sd != nil {
 			//todo: does `sdb` need to be allocated on the heap, or can go allocate it?
 			l := uint32(len(sd))
-			sdb := localAlloc(0, l)
+			sdb, err := windows.LocalAlloc(0, l)
-			defer localFree(sdb)
+			if err != nil {
 				return 0, fmt.Errorf("LocalAlloc for security descriptor with of length %d: %w", l, err)
 			}
 			defer windows.LocalFree(windows.Handle(sdb)) //nolint:errcheck
 			copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
 			oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
 		} else {
@ -294,7 +359,7 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 			if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
 				return 0, fmt.Errorf("getting default named pipe ACL: %w", err)
 			}
-			defer localFree(dacl)
+			defer windows.LocalFree(windows.Handle(dacl)) //nolint:errcheck
 			sdb := &securityDescriptor{
 				Revision: 1,
@ -310,27 +375,27 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 		typ |= windows.FILE_PIPE_MESSAGE_TYPE
 	}
-	disposition := uint32(windows.FILE_OPEN)
+	disposition := fs.FILE_OPEN
-	access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
+	access := fs.GENERIC_READ | fs.GENERIC_WRITE | fs.SYNCHRONIZE
 	if first {
-		disposition = windows.FILE_CREATE
+		disposition = fs.FILE_CREATE
 		// By not asking for read or write access, the named pipe file system
 		// will put this pipe into an initially disconnected state, blocking
 		// client connections until the next call with first == false.
-		access = syscall.SYNCHRONIZE
+		access = fs.SYNCHRONIZE
 	}
 	timeout := int64(-50 * 10000) // 50ms
 	var (
-		h    syscall.Handle
+		h    windows.Handle
 		iosb ioStatusBlock
 	)
 	err = ntCreateNamedPipeFile(&h,
 		access,
 		&oa,
 		&iosb,
-		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE,
+		fs.FILE_SHARE_READ|fs.FILE_SHARE_WRITE,
 		disposition,
 		0,
 		typ,
@ -355,7 +420,7 @@ func (l *win32PipeListener) makeServerPipe() (*win32File, error) {
 	}
 	f, err := makeWin32File(h)
 	if err != nil {
-		syscall.Close(h)
+		windows.Close(h)
 		return nil, err
 	}
 	return f, nil
@ -414,7 +479,7 @@ func (l *win32PipeListener) listenerRoutine() {
 			closed = err == ErrPipeListenerClosed //nolint:errorlint // err is Errno
 		}
 	}
-	syscall.Close(l.firstHandle)
+	windows.Close(l.firstHandle)
 	l.firstHandle = 0
 	// Notify Close() and Accept() callers that the handle has been closed.
 	close(l.doneCh)
--- a/vendor/github.com/Microsoft/go-winio/pkg/bindfilter/bind_filter.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/bindfilter/bind_filter.go
@ -0,0 +1,307 @@
 //go:build windows
 // +build windows
 package bindfilter
 import (
 	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 //go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go ./bind_filter.go
 //sys bfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath string, virtTargetPath string, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) = bindfltapi.BfSetupFilter?
 //sys bfRemoveMapping(jobHandle windows.Handle, virtRootPath string)  (hr error) = bindfltapi.BfRemoveMapping?
 //sys bfGetMappings(flags uint32, jobHandle windows.Handle, virtRootPath *uint16, sid *windows.SID, bufferSize *uint32, outBuffer *byte)  (hr error) = bindfltapi.BfGetMappings?
 // BfSetupFilter flags. See:
 // https://github.com/microsoft/BuildXL/blob/a6dce509f0d4f774255e5fbfb75fa6d5290ed163/Public/Src/Utilities/Native/Processes/Windows/NativeContainerUtilities.cs#L193-L240
 //
 //nolint:revive // var-naming: ALL_CAPS
 const (
 	BINDFLT_FLAG_READ_ONLY_MAPPING uint32 = 0x00000001
 	// Tells bindflt to fail mapping with STATUS_INVALID_PARAMETER if a mapping produces
 	// multiple targets.
 	BINDFLT_FLAG_NO_MULTIPLE_TARGETS uint32 = 0x00000040
 )
 //nolint:revive // var-naming: ALL_CAPS
 const (
 	BINDFLT_GET_MAPPINGS_FLAG_VOLUME uint32 = 0x00000001
 	BINDFLT_GET_MAPPINGS_FLAG_SILO   uint32 = 0x00000002
 	BINDFLT_GET_MAPPINGS_FLAG_USER   uint32 = 0x00000004
 )
 // ApplyFileBinding creates a global mount of the source in root, with an optional
 // read only flag.
 // The bind filter allows us to create mounts of directories and volumes. By default it allows
 // us to mount multiple sources inside a single root, acting as an overlay. Files from the
 // second source will superscede the first source that was mounted.
 // This function disables this behavior and sets the BINDFLT_FLAG_NO_MULTIPLE_TARGETS flag
 // on the mount.
 func ApplyFileBinding(root, source string, readOnly bool) error {
 	// The parent directory needs to exist for the bind to work. MkdirAll stats and
 	// returns nil if the directory exists internally so we should be fine to mkdirall
 	// every time.
 	if err := os.MkdirAll(filepath.Dir(root), 0); err != nil {
 		return err
 	}
 	if strings.Contains(source, "Volume{") && !strings.HasSuffix(source, "\\") {
 		// Add trailing slash to volumes, otherwise we get an error when binding it to
 		// a folder.
 		source = source + "\\"
 	}
 	flags := BINDFLT_FLAG_NO_MULTIPLE_TARGETS
 	if readOnly {
 		flags |= BINDFLT_FLAG_READ_ONLY_MAPPING
 	}
 	// Set the job handle to 0 to create a global mount.
 	if err := bfSetupFilter(
 		0,
 		flags,
 		root,
 		source,
 		nil,
 		0,
 	); err != nil {
 		return fmt.Errorf("failed to bind target %q to root %q: %w", source, root, err)
 	}
 	return nil
 }
 // RemoveFileBinding removes a mount from the root path.
 func RemoveFileBinding(root string) error {
 	if err := bfRemoveMapping(0, root); err != nil {
 		return fmt.Errorf("removing file binding: %w", err)
 	}
 	return nil
 }
 // GetBindMappings returns a list of bind mappings that have their root on a
 // particular volume. The volumePath parameter can be any path that exists on
 // a volume. For example, if a number of mappings are created in C:\ProgramData\test,
 // to get a list of those mappings, the volumePath parameter would have to be set to
 // C:\ or the VOLUME_NAME_GUID notation of C:\ (\\?\Volume{GUID}\), or any child
 // path that exists.
 func GetBindMappings(volumePath string) ([]BindMapping, error) {
 	rootPtr, err := windows.UTF16PtrFromString(volumePath)
 	if err != nil {
 		return nil, err
 	}
 	flags := BINDFLT_GET_MAPPINGS_FLAG_VOLUME
 	// allocate a large buffer for results
 	var outBuffSize uint32 = 256 * 1024
 	buf := make([]byte, outBuffSize)
 	if err := bfGetMappings(flags, 0, rootPtr, nil, &outBuffSize, &buf[0]); err != nil {
 		return nil, err
 	}
 	if outBuffSize < 12 {
 		return nil, fmt.Errorf("invalid buffer returned")
 	}
 	result := buf[:outBuffSize]
 	// The first 12 bytes are the three uint32 fields in getMappingsResponseHeader{}
 	headerBuffer := result[:12]
 	// The alternative to using unsafe and casting it to the above defined structures, is to manually
 	// parse the fields. Not too terrible, but not sure it'd worth the trouble.
 	header := *(*getMappingsResponseHeader)(unsafe.Pointer(&headerBuffer[0]))
 	if header.MappingCount == 0 {
 		// no mappings
 		return []BindMapping{}, nil
 	}
 	mappingsBuffer := result[12 : int(unsafe.Sizeof(mappingEntry{}))*int(header.MappingCount)]
 	// Get a pointer to the first mapping in the slice
 	mappingsPointer := (*mappingEntry)(unsafe.Pointer(&mappingsBuffer[0]))
 	// Get slice of mappings
 	mappings := unsafe.Slice(mappingsPointer, header.MappingCount)
 	mappingEntries := make([]BindMapping, header.MappingCount)
 	for i := 0; i < int(header.MappingCount); i++ {
 		bindMapping, err := getBindMappingFromBuffer(result, mappings[i])
 		if err != nil {
 			return nil, fmt.Errorf("fetching bind mappings: %w", err)
 		}
 		mappingEntries[i] = bindMapping
 	}
 	return mappingEntries, nil
 }
 // mappingEntry holds information about where in the response buffer we can
 // find information about the virtual root (the mount point) and the targets (sources)
 // that get mounted, as well as the flags used to bind the targets to the virtual root.
 type mappingEntry struct {
 	VirtRootLength      uint32
 	VirtRootOffset      uint32
 	Flags               uint32
 	NumberOfTargets     uint32
 	TargetEntriesOffset uint32
 }
 type mappingTargetEntry struct {
 	TargetRootLength uint32
 	TargetRootOffset uint32
 }
 // getMappingsResponseHeader represents the first 12 bytes of the BfGetMappings() response.
 // It gives us the size of the buffer, the status of the call and the number of mappings.
 // A response
 type getMappingsResponseHeader struct {
 	Size         uint32
 	Status       uint32
 	MappingCount uint32
 }
 type BindMapping struct {
 	MountPoint string
 	Flags      uint32
 	Targets    []string
 }
 func decodeEntry(buffer []byte) (string, error) {
 	name := make([]uint16, len(buffer)/2)
 	err := binary.Read(bytes.NewReader(buffer), binary.LittleEndian, &name)
 	if err != nil {
 		return "", fmt.Errorf("decoding name: %w", err)
 	}
 	return windows.UTF16ToString(name), nil
 }
 func getTargetsFromBuffer(buffer []byte, offset, count int) ([]string, error) {
 	if len(buffer) < offset+count*6 {
 		return nil, fmt.Errorf("invalid buffer")
 	}
 	targets := make([]string, count)
 	for i := 0; i < count; i++ {
 		entryBuf := buffer[offset+i*8 : offset+i*8+8]
 		tgt := *(*mappingTargetEntry)(unsafe.Pointer(&entryBuf[0]))
 		if len(buffer) < int(tgt.TargetRootOffset)+int(tgt.TargetRootLength) {
 			return nil, fmt.Errorf("invalid buffer")
 		}
 		decoded, err := decodeEntry(buffer[tgt.TargetRootOffset : tgt.TargetRootOffset+tgt.TargetRootLength])
 		if err != nil {
 			return nil, fmt.Errorf("decoding name: %w", err)
 		}
 		decoded, err = getFinalPath(decoded)
 		if err != nil {
 			return nil, fmt.Errorf("fetching final path: %w", err)
 		}
 		targets[i] = decoded
 	}
 	return targets, nil
 }
 func getFinalPath(pth string) (string, error) {
 	// BfGetMappings returns VOLUME_NAME_NT paths like \Device\HarddiskVolume2\ProgramData.
 	// These can be accessed by prepending \\.\GLOBALROOT to the path. We use this to get the
 	// DOS paths for these files.
 	if strings.HasPrefix(pth, `\Device`) {
 		pth = `\\.\GLOBALROOT` + pth
 	}
 	han, err := openPath(pth)
 	if err != nil {
 		return "", fmt.Errorf("fetching file handle: %w", err)
 	}
 	defer func() {
 		_ = windows.CloseHandle(han)
 	}()
 	buf := make([]uint16, 100)
 	var flags uint32 = 0x0
 	for {
 		n, err := windows.GetFinalPathNameByHandle(han, &buf[0], uint32(len(buf)), flags)
 		if err != nil {
 			// if we mounted a volume that does not also have a drive letter assigned, attempting to
 			// fetch the VOLUME_NAME_DOS will fail with os.ErrNotExist. Attempt to get the VOLUME_NAME_GUID.
 			if errors.Is(err, os.ErrNotExist) && flags != 0x1 {
 				flags = 0x1
 				continue
 			}
 			return "", fmt.Errorf("getting final path name: %w", err)
 		}
 		if n < uint32(len(buf)) {
 			break
 		}
 		buf = make([]uint16, n)
 	}
 	finalPath := windows.UTF16ToString(buf)
 	// We got VOLUME_NAME_DOS, we need to strip away some leading slashes.
 	// Leave unchanged if we ended up requesting VOLUME_NAME_GUID
 	if len(finalPath) > 4 && finalPath[:4] == `\\?\` && flags == 0x0 {
 		finalPath = finalPath[4:]
 		if len(finalPath) > 3 && finalPath[:3] == `UNC` {
 			// return path like \\server\share\...
 			finalPath = `\` + finalPath[3:]
 		}
 	}
 	return finalPath, nil
 }
 func getBindMappingFromBuffer(buffer []byte, entry mappingEntry) (BindMapping, error) {
 	if len(buffer) < int(entry.VirtRootOffset)+int(entry.VirtRootLength) {
 		return BindMapping{}, fmt.Errorf("invalid buffer")
 	}
 	src, err := decodeEntry(buffer[entry.VirtRootOffset : entry.VirtRootOffset+entry.VirtRootLength])
 	if err != nil {
 		return BindMapping{}, fmt.Errorf("decoding entry: %w", err)
 	}
 	targets, err := getTargetsFromBuffer(buffer, int(entry.TargetEntriesOffset), int(entry.NumberOfTargets))
 	if err != nil {
 		return BindMapping{}, fmt.Errorf("fetching targets: %w", err)
 	}
 	src, err = getFinalPath(src)
 	if err != nil {
 		return BindMapping{}, fmt.Errorf("fetching final path: %w", err)
 	}
 	return BindMapping{
 		Flags:      entry.Flags,
 		Targets:    targets,
 		MountPoint: src,
 	}, nil
 }
 func openPath(path string) (windows.Handle, error) {
 	u16, err := windows.UTF16PtrFromString(path)
 	if err != nil {
 		return 0, err
 	}
 	h, err := windows.CreateFile(
 		u16,
 		0,
 		windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE|windows.FILE_SHARE_DELETE,
 		nil,
 		windows.OPEN_EXISTING,
 		windows.FILE_FLAG_BACKUP_SEMANTICS, // Needed to open a directory handle.
 		0)
 	if err != nil {
 		return 0, &os.PathError{
 			Op:   "CreateFile",
 			Path: path,
 			Err:  err,
 		}
 	}
 	return h, nil
 }
--- a/vendor/github.com/Microsoft/go-winio/pkg/bindfilter/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/pkg/bindfilter/zsyscall_windows.go
@ -0,0 +1,113 @@
 //go:build windows
 // Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 package bindfilter
 import (
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 	errERROR_EINVAL     error = syscall.EINVAL
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	return e
 }
 var (
 	modbindfltapi = windows.NewLazySystemDLL("bindfltapi.dll")
 	procBfGetMappings   = modbindfltapi.NewProc("BfGetMappings")
 	procBfRemoveMapping = modbindfltapi.NewProc("BfRemoveMapping")
 	procBfSetupFilter   = modbindfltapi.NewProc("BfSetupFilter")
 )
 func bfGetMappings(flags uint32, jobHandle windows.Handle, virtRootPath *uint16, sid *windows.SID, bufferSize *uint32, outBuffer *byte) (hr error) {
 	hr = procBfGetMappings.Find()
 	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.SyscallN(procBfGetMappings.Addr(), uintptr(flags), uintptr(jobHandle), uintptr(unsafe.Pointer(virtRootPath)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(bufferSize)), uintptr(unsafe.Pointer(outBuffer)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
 		}
 		hr = syscall.Errno(r0)
 	}
 	return
 }
 func bfRemoveMapping(jobHandle windows.Handle, virtRootPath string) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(virtRootPath)
 	if hr != nil {
 		return
 	}
 	return _bfRemoveMapping(jobHandle, _p0)
 }
 func _bfRemoveMapping(jobHandle windows.Handle, virtRootPath *uint16) (hr error) {
 	hr = procBfRemoveMapping.Find()
 	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.SyscallN(procBfRemoveMapping.Addr(), uintptr(jobHandle), uintptr(unsafe.Pointer(virtRootPath)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
 		}
 		hr = syscall.Errno(r0)
 	}
 	return
 }
 func bfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath string, virtTargetPath string, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) {
 	var _p0 *uint16
 	_p0, hr = syscall.UTF16PtrFromString(virtRootPath)
 	if hr != nil {
 		return
 	}
 	var _p1 *uint16
 	_p1, hr = syscall.UTF16PtrFromString(virtTargetPath)
 	if hr != nil {
 		return
 	}
 	return _bfSetupFilter(jobHandle, flags, _p0, _p1, virtExceptions, virtExceptionPathCount)
 }
 func _bfSetupFilter(jobHandle windows.Handle, flags uint32, virtRootPath *uint16, virtTargetPath *uint16, virtExceptions **uint16, virtExceptionPathCount uint32) (hr error) {
 	hr = procBfSetupFilter.Find()
 	if hr != nil {
 		return
 	}
 	r0, _, _ := syscall.SyscallN(procBfSetupFilter.Addr(), uintptr(jobHandle), uintptr(flags), uintptr(unsafe.Pointer(virtRootPath)), uintptr(unsafe.Pointer(virtTargetPath)), uintptr(unsafe.Pointer(virtExceptions)), uintptr(virtExceptionPathCount))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
 		}
 		hr = syscall.Errno(r0)
 	}
 	return
 }
--- a/vendor/github.com/Microsoft/go-winio/privilege.go
+++ b/vendor/github.com/Microsoft/go-winio/privilege.go
@ -9,7 +9,6 @@ import (
 	"fmt"
 	"runtime"
 	"sync"
 	"syscall"
 	"unicode/utf16"
 	"golang.org/x/sys/windows"
@ -18,8 +17,8 @@ import (
 //sys adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) [true] = advapi32.AdjustTokenPrivileges
 //sys impersonateSelf(level uint32) (err error) = advapi32.ImpersonateSelf
 //sys revertToSelf() (err error) = advapi32.RevertToSelf
-//sys openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) = advapi32.OpenThreadToken
+//sys openThreadToken(thread windows.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) = advapi32.OpenThreadToken
-//sys getCurrentThread() (h syscall.Handle) = GetCurrentThread
+//sys getCurrentThread() (h windows.Handle) = GetCurrentThread
 //sys lookupPrivilegeValue(systemName string, name string, luid *uint64) (err error) = advapi32.LookupPrivilegeValueW
 //sys lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *uint32) (err error) = advapi32.LookupPrivilegeNameW
 //sys lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) = advapi32.LookupPrivilegeDisplayNameW
@ -29,7 +28,7 @@ const (
 	SE_PRIVILEGE_ENABLED = windows.SE_PRIVILEGE_ENABLED
 	//revive:disable-next-line:var-naming ALL_CAPS
-	ERROR_NOT_ALL_ASSIGNED syscall.Errno = windows.ERROR_NOT_ALL_ASSIGNED
+	ERROR_NOT_ALL_ASSIGNED windows.Errno = windows.ERROR_NOT_ALL_ASSIGNED
 	SeBackupPrivilege   = "SeBackupPrivilege"
 	SeRestorePrivilege  = "SeRestorePrivilege"
@ -177,7 +176,7 @@ func newThreadToken() (windows.Token, error) {
 	}
 	var token windows.Token
-	err = openThreadToken(getCurrentThread(), syscall.TOKEN_ADJUST_PRIVILEGES|syscall.TOKEN_QUERY, false, &token)
+	err = openThreadToken(getCurrentThread(), windows.TOKEN_ADJUST_PRIVILEGES|windows.TOKEN_QUERY, false, &token)
 	if err != nil {
 		rerr := revertToSelf()
 		if rerr != nil {
--- a/vendor/github.com/Microsoft/go-winio/sd.go
+++ b/vendor/github.com/Microsoft/go-winio/sd.go
@ -5,7 +5,7 @@ package winio
 import (
 	"errors"
-	"syscall"
+	"fmt"
 	"unsafe"
 	"golang.org/x/sys/windows"
@ -15,10 +15,6 @@ import (
 //sys lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) = advapi32.LookupAccountSidW
 //sys convertSidToStringSid(sid *byte, str **uint16) (err error) = advapi32.ConvertSidToStringSidW
 //sys convertStringSidToSid(str *uint16, sid **byte) (err error) = advapi32.ConvertStringSidToSidW
 //sys convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) = advapi32.ConvertStringSecurityDescriptorToSecurityDescriptorW
 //sys convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) = advapi32.ConvertSecurityDescriptorToStringSecurityDescriptorW
 //sys localFree(mem uintptr) = LocalFree
 //sys getSecurityDescriptorLength(sd uintptr) (len uint32) = advapi32.GetSecurityDescriptorLength
 type AccountLookupError struct {
 	Name string
@ -64,7 +60,7 @@ func LookupSidByName(name string) (sid string, err error) {
 	var sidSize, sidNameUse, refDomainSize uint32
 	err = lookupAccountName(nil, name, nil, &sidSize, nil, &refDomainSize, &sidNameUse)
-	if err != nil && err != syscall.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
+	if err != nil && err != windows.ERROR_INSUFFICIENT_BUFFER { //nolint:errorlint // err is Errno
 		return "", &AccountLookupError{name, err}
 	}
 	sidBuffer := make([]byte, sidSize)
@ -78,8 +74,8 @@ func LookupSidByName(name string) (sid string, err error) {
 	if err != nil {
 		return "", &AccountLookupError{name, err}
 	}
-	sid = syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(strBuffer))[:])
+	sid = windows.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(strBuffer))[:])
-	localFree(uintptr(unsafe.Pointer(strBuffer)))
+	_, _ = windows.LocalFree(windows.Handle(unsafe.Pointer(strBuffer)))
 	return sid, nil
 }
@ -100,7 +96,7 @@ func LookupNameBySid(sid string) (name string, err error) {
 	if err = convertStringSidToSid(sidBuffer, &sidPtr); err != nil {
 		return "", &AccountLookupError{sid, err}
 	}
-	defer localFree(uintptr(unsafe.Pointer(sidPtr)))
+	defer windows.LocalFree(windows.Handle(unsafe.Pointer(sidPtr))) //nolint:errcheck
 	var nameSize, refDomainSize, sidNameUse uint32
 	err = lookupAccountSid(nil, sidPtr, nil, &nameSize, nil, &refDomainSize, &sidNameUse)
@ -120,25 +116,18 @@ func LookupNameBySid(sid string) (name string, err error) {
 }
 func SddlToSecurityDescriptor(sddl string) ([]byte, error) {
-	var sdBuffer uintptr
+	sd, err := windows.SecurityDescriptorFromString(sddl)
 	err := convertStringSecurityDescriptorToSecurityDescriptor(sddl, 1, &sdBuffer, nil)
 	if err != nil {
-		return nil, &SddlConversionError{sddl, err}
+		return nil, &SddlConversionError{Sddl: sddl, Err: err}
 	}
-	defer localFree(sdBuffer)
+	b := unsafe.Slice((*byte)(unsafe.Pointer(sd)), sd.Length())
-	sd := make([]byte, getSecurityDescriptorLength(sdBuffer))
+	return b, nil
 	copy(sd, (*[0xffff]byte)(unsafe.Pointer(sdBuffer))[:len(sd)])
 	return sd, nil
 }
 func SecurityDescriptorToSddl(sd []byte) (string, error) {
-	var sddl *uint16
+	if l := int(unsafe.Sizeof(windows.SECURITY_DESCRIPTOR{})); len(sd) < l {
-	// The returned string length seems to include an arbitrary number of terminating NULs.
+		return "", fmt.Errorf("SecurityDescriptor (%d) smaller than expected (%d): %w", len(sd), l, windows.ERROR_INCORRECT_SIZE)
 	// Don't use it.
 	err := convertSecurityDescriptorToStringSecurityDescriptor(&sd[0], 1, 0xff, &sddl, nil)
 	if err != nil {
 		return "", err
 	}
-	defer localFree(uintptr(unsafe.Pointer(sddl)))
+	s := (*windows.SECURITY_DESCRIPTOR)(unsafe.Pointer(&sd[0]))
-	return syscall.UTF16ToString((*[0xffff]uint16)(unsafe.Pointer(sddl))[:]), nil
+	return s.String(), nil
 }
--- a/vendor/github.com/Microsoft/go-winio/tools.go
+++ b/vendor/github.com/Microsoft/go-winio/tools.go
@ -1,5 +0,0 @@
 //go:build tools
 package winio
 import _ "golang.org/x/tools/cmd/stringer"
--- a/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/doc.go
@ -1,57 +0,0 @@
 /*
 mkwinsyscall generates windows system call bodies
 It parses all files specified on command line containing function
 prototypes (like syscall_windows.go) and prints system call bodies
 to standard output.
 The prototypes are marked by lines beginning with "//sys" and read
 like func declarations if //sys is replaced by func, but:
  - The parameter lists must give a name for each argument. This
    includes return parameters.
  - The parameter lists must give a type for each argument:
    the (x, y, z int) shorthand is not allowed.
  - If the return parameter is an error number, it must be named err.
  - If go func name needs to be different from its winapi dll name,
    the winapi name could be specified at the end, after "=" sign, like
    //sys LoadLibrary(libname string) (handle uint32, err error) = LoadLibraryA
  - Each function that returns err needs to supply a condition, that
    return value of winapi will be tested against to detect failure.
    This would set err to windows "last-error", otherwise it will be nil.
    The value can be provided at end of //sys declaration, like
    //sys LoadLibrary(libname string) (handle uint32, err error) [failretval==-1] = LoadLibraryA
    and is [failretval==0] by default.
  - If the function name ends in a "?", then the function not existing is non-
    fatal, and an error will be returned instead of panicking.
 Usage:
 	mkwinsyscall [flags] [path ...]
 Flags
 	-output string
 	      Output file name (standard output if omitted).
 	-sort
 	      Sort DLL and function declarations (default true).
 	      Intended to help transition from  older versions of mkwinsyscall by making diffs
 	      easier to read and understand.
 	-systemdll
 	      Whether all DLLs should be loaded from the Windows system directory (default true).
 	-trace
 	      Generate print statement after every syscall.
 	-utf16
 	      Encode string arguments as UTF-16 for syscalls not ending in 'A' or 'W' (default true).
 	-winio
 	      Import this package ("github.com/Microsoft/go-winio").
 */
 package main
--- a/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go
+++ b/vendor/github.com/Microsoft/go-winio/tools/mkwinsyscall/mkwinsyscall.go
--- a/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -50,7 +47,7 @@ var (
 )
 func attachVirtualDisk(handle syscall.Handle, securityDescriptor *uintptr, attachVirtualDiskFlag uint32, providerSpecificFlags uint32, parameters *AttachVirtualDiskParameters, overlapped *syscall.Overlapped) (win32err error) {
-	r0, _, _ := syscall.Syscall6(procAttachVirtualDisk.Addr(), 6, uintptr(handle), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(attachVirtualDiskFlag), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)))
+	r0, _, _ := syscall.SyscallN(procAttachVirtualDisk.Addr(), uintptr(handle), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(attachVirtualDiskFlag), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)))
 	if r0 != 0 {
 		win32err = syscall.Errno(r0)
 	}
@ -67,7 +64,7 @@ func createVirtualDisk(virtualStorageType *VirtualStorageType, path string, virt
 }
 func _createVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, securityDescriptor *uintptr, createVirtualDiskFlags uint32, providerSpecificFlags uint32, parameters *CreateVirtualDiskParameters, overlapped *syscall.Overlapped, handle *syscall.Handle) (win32err error) {
-	r0, _, _ := syscall.Syscall9(procCreateVirtualDisk.Addr(), 9, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(createVirtualDiskFlags), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(handle)))
+	r0, _, _ := syscall.SyscallN(procCreateVirtualDisk.Addr(), uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(unsafe.Pointer(securityDescriptor)), uintptr(createVirtualDiskFlags), uintptr(providerSpecificFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(overlapped)), uintptr(unsafe.Pointer(handle)))
 	if r0 != 0 {
 		win32err = syscall.Errno(r0)
 	}
@ -75,7 +72,7 @@ func _createVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, vi
 }
 func detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, providerSpecificFlags uint32) (win32err error) {
-	r0, _, _ := syscall.Syscall(procDetachVirtualDisk.Addr(), 3, uintptr(handle), uintptr(detachVirtualDiskFlags), uintptr(providerSpecificFlags))
+	r0, _, _ := syscall.SyscallN(procDetachVirtualDisk.Addr(), uintptr(handle), uintptr(detachVirtualDiskFlags), uintptr(providerSpecificFlags))
 	if r0 != 0 {
 		win32err = syscall.Errno(r0)
 	}
@ -83,7 +80,7 @@ func detachVirtualDisk(handle syscall.Handle, detachVirtualDiskFlags uint32, pro
 }
 func getVirtualDiskPhysicalPath(handle syscall.Handle, diskPathSizeInBytes *uint32, buffer *uint16) (win32err error) {
-	r0, _, _ := syscall.Syscall(procGetVirtualDiskPhysicalPath.Addr(), 3, uintptr(handle), uintptr(unsafe.Pointer(diskPathSizeInBytes)), uintptr(unsafe.Pointer(buffer)))
+	r0, _, _ := syscall.SyscallN(procGetVirtualDiskPhysicalPath.Addr(), uintptr(handle), uintptr(unsafe.Pointer(diskPathSizeInBytes)), uintptr(unsafe.Pointer(buffer)))
 	if r0 != 0 {
 		win32err = syscall.Errno(r0)
 	}
@ -100,7 +97,7 @@ func openVirtualDisk(virtualStorageType *VirtualStorageType, path string, virtua
 }
 func _openVirtualDisk(virtualStorageType *VirtualStorageType, path *uint16, virtualDiskAccessMask uint32, openVirtualDiskFlags uint32, parameters *openVirtualDiskParameters, handle *syscall.Handle) (win32err error) {
-	r0, _, _ := syscall.Syscall6(procOpenVirtualDisk.Addr(), 6, uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(openVirtualDiskFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
+	r0, _, _ := syscall.SyscallN(procOpenVirtualDisk.Addr(), uintptr(unsafe.Pointer(virtualStorageType)), uintptr(unsafe.Pointer(path)), uintptr(virtualDiskAccessMask), uintptr(openVirtualDiskFlags), uintptr(unsafe.Pointer(parameters)), uintptr(unsafe.Pointer(handle)))
 	if r0 != 0 {
 		win32err = syscall.Errno(r0)
 	}
--- a/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -45,39 +42,34 @@ var (
 	modntdll    = windows.NewLazySystemDLL("ntdll.dll")
 	modws2_32   = windows.NewLazySystemDLL("ws2_32.dll")
-	procAdjustTokenPrivileges                                = modadvapi32.NewProc("AdjustTokenPrivileges")
+	procAdjustTokenPrivileges              = modadvapi32.NewProc("AdjustTokenPrivileges")
-	procConvertSecurityDescriptorToStringSecurityDescriptorW = modadvapi32.NewProc("ConvertSecurityDescriptorToStringSecurityDescriptorW")
+	procConvertSidToStringSidW             = modadvapi32.NewProc("ConvertSidToStringSidW")
-	procConvertSidToStringSidW                               = modadvapi32.NewProc("ConvertSidToStringSidW")
+	procConvertStringSidToSidW             = modadvapi32.NewProc("ConvertStringSidToSidW")
-	procConvertStringSecurityDescriptorToSecurityDescriptorW = modadvapi32.NewProc("ConvertStringSecurityDescriptorToSecurityDescriptorW")
+	procImpersonateSelf                    = modadvapi32.NewProc("ImpersonateSelf")
-	procConvertStringSidToSidW                               = modadvapi32.NewProc("ConvertStringSidToSidW")
+	procLookupAccountNameW                 = modadvapi32.NewProc("LookupAccountNameW")
-	procGetSecurityDescriptorLength                          = modadvapi32.NewProc("GetSecurityDescriptorLength")
+	procLookupAccountSidW                  = modadvapi32.NewProc("LookupAccountSidW")
-	procImpersonateSelf                                      = modadvapi32.NewProc("ImpersonateSelf")
+	procLookupPrivilegeDisplayNameW        = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
-	procLookupAccountNameW                                   = modadvapi32.NewProc("LookupAccountNameW")
+	procLookupPrivilegeNameW               = modadvapi32.NewProc("LookupPrivilegeNameW")
-	procLookupAccountSidW                                    = modadvapi32.NewProc("LookupAccountSidW")
+	procLookupPrivilegeValueW              = modadvapi32.NewProc("LookupPrivilegeValueW")
-	procLookupPrivilegeDisplayNameW                          = modadvapi32.NewProc("LookupPrivilegeDisplayNameW")
+	procOpenThreadToken                    = modadvapi32.NewProc("OpenThreadToken")
-	procLookupPrivilegeNameW                                 = modadvapi32.NewProc("LookupPrivilegeNameW")
+	procRevertToSelf                       = modadvapi32.NewProc("RevertToSelf")
-	procLookupPrivilegeValueW                                = modadvapi32.NewProc("LookupPrivilegeValueW")
+	procBackupRead                         = modkernel32.NewProc("BackupRead")
-	procOpenThreadToken                                      = modadvapi32.NewProc("OpenThreadToken")
+	procBackupWrite                        = modkernel32.NewProc("BackupWrite")
-	procRevertToSelf                                         = modadvapi32.NewProc("RevertToSelf")
+	procCancelIoEx                         = modkernel32.NewProc("CancelIoEx")
-	procBackupRead                                           = modkernel32.NewProc("BackupRead")
+	procConnectNamedPipe                   = modkernel32.NewProc("ConnectNamedPipe")
-	procBackupWrite                                          = modkernel32.NewProc("BackupWrite")
+	procCreateIoCompletionPort             = modkernel32.NewProc("CreateIoCompletionPort")
-	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+	procCreateNamedPipeW                   = modkernel32.NewProc("CreateNamedPipeW")
-	procConnectNamedPipe                                     = modkernel32.NewProc("ConnectNamedPipe")
+	procDisconnectNamedPipe                = modkernel32.NewProc("DisconnectNamedPipe")
-	procCreateFileW                                          = modkernel32.NewProc("CreateFileW")
+	procGetCurrentThread                   = modkernel32.NewProc("GetCurrentThread")
-	procCreateIoCompletionPort                               = modkernel32.NewProc("CreateIoCompletionPort")
+	procGetNamedPipeHandleStateW           = modkernel32.NewProc("GetNamedPipeHandleStateW")
-	procCreateNamedPipeW                                     = modkernel32.NewProc("CreateNamedPipeW")
+	procGetNamedPipeInfo                   = modkernel32.NewProc("GetNamedPipeInfo")
-	procGetCurrentThread                                     = modkernel32.NewProc("GetCurrentThread")
+	procGetQueuedCompletionStatus          = modkernel32.NewProc("GetQueuedCompletionStatus")
-	procGetNamedPipeHandleStateW                             = modkernel32.NewProc("GetNamedPipeHandleStateW")
+	procSetFileCompletionNotificationModes = modkernel32.NewProc("SetFileCompletionNotificationModes")
-	procGetNamedPipeInfo                                     = modkernel32.NewProc("GetNamedPipeInfo")
+	procNtCreateNamedPipeFile              = modntdll.NewProc("NtCreateNamedPipeFile")
-	procGetQueuedCompletionStatus                            = modkernel32.NewProc("GetQueuedCompletionStatus")
+	procRtlDefaultNpAcl                    = modntdll.NewProc("RtlDefaultNpAcl")
-	procLocalAlloc                                           = modkernel32.NewProc("LocalAlloc")
+	procRtlDosPathNameToNtPathName_U       = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
-	procLocalFree                                            = modkernel32.NewProc("LocalFree")
+	procRtlNtStatusToDosErrorNoTeb         = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
-	procSetFileCompletionNotificationModes                   = modkernel32.NewProc("SetFileCompletionNotificationModes")
+	procWSAGetOverlappedResult             = modws2_32.NewProc("WSAGetOverlappedResult")
 	procNtCreateNamedPipeFile                                = modntdll.NewProc("NtCreateNamedPipeFile")
 	procRtlDefaultNpAcl                                      = modntdll.NewProc("RtlDefaultNpAcl")
 	procRtlDosPathNameToNtPathName_U                         = modntdll.NewProc("RtlDosPathNameToNtPathName_U")
 	procRtlNtStatusToDosErrorNoTeb                           = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb")
 	procWSAGetOverlappedResult                               = modws2_32.NewProc("WSAGetOverlappedResult")
 )
 func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, outputSize uint32, output *byte, requiredSize *uint32) (success bool, err error) {
@ -85,7 +77,7 @@ func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, ou
 	if releaseAll {
 		_p0 = 1
 	}
-	r0, _, e1 := syscall.Syscall6(procAdjustTokenPrivileges.Addr(), 6, uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
+	r0, _, e1 := syscall.SyscallN(procAdjustTokenPrivileges.Addr(), uintptr(token), uintptr(_p0), uintptr(unsafe.Pointer(input)), uintptr(outputSize), uintptr(unsafe.Pointer(output)), uintptr(unsafe.Pointer(requiredSize)))
 	success = r0 != 0
 	if true {
 		err = errnoErr(e1)
@ -93,33 +85,8 @@ func adjustTokenPrivileges(token windows.Token, releaseAll bool, input *byte, ou
 	return
 }
 func convertSecurityDescriptorToStringSecurityDescriptor(sd *byte, revision uint32, secInfo uint32, sddl **uint16, sddlSize *uint32) (err error) {
 	r1, _, e1 := syscall.Syscall6(procConvertSecurityDescriptorToStringSecurityDescriptorW.Addr(), 5, uintptr(unsafe.Pointer(sd)), uintptr(revision), uintptr(secInfo), uintptr(unsafe.Pointer(sddl)), uintptr(unsafe.Pointer(sddlSize)), 0)
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func convertSidToStringSid(sid *byte, str **uint16) (err error) {
-	r1, _, e1 := syscall.Syscall(procConvertSidToStringSidW.Addr(), 2, uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(str)), 0)
+	r1, _, e1 := syscall.SyscallN(procConvertSidToStringSidW.Addr(), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(str)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func convertStringSecurityDescriptorToSecurityDescriptor(str string, revision uint32, sd *uintptr, size *uint32) (err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(str)
 	if err != nil {
 		return
 	}
 	return _convertStringSecurityDescriptorToSecurityDescriptor(_p0, revision, sd, size)
 }
 func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision uint32, sd *uintptr, size *uint32) (err error) {
 	r1, _, e1 := syscall.Syscall6(procConvertStringSecurityDescriptorToSecurityDescriptorW.Addr(), 4, uintptr(unsafe.Pointer(str)), uintptr(revision), uintptr(unsafe.Pointer(sd)), uintptr(unsafe.Pointer(size)), 0, 0)
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -127,21 +94,15 @@ func _convertStringSecurityDescriptorToSecurityDescriptor(str *uint16, revision
 }
 func convertStringSidToSid(str *uint16, sid **byte) (err error) {
-	r1, _, e1 := syscall.Syscall(procConvertStringSidToSidW.Addr(), 2, uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(sid)), 0)
+	r1, _, e1 := syscall.SyscallN(procConvertStringSidToSidW.Addr(), uintptr(unsafe.Pointer(str)), uintptr(unsafe.Pointer(sid)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func getSecurityDescriptorLength(sd uintptr) (len uint32) {
 	r0, _, _ := syscall.Syscall(procGetSecurityDescriptorLength.Addr(), 1, uintptr(sd), 0, 0)
 	len = uint32(r0)
 	return
 }
 func impersonateSelf(level uint32) (err error) {
-	r1, _, e1 := syscall.Syscall(procImpersonateSelf.Addr(), 1, uintptr(level), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procImpersonateSelf.Addr(), uintptr(level))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -158,7 +119,7 @@ func lookupAccountName(systemName *uint16, accountName string, sid *byte, sidSiz
 }
 func _lookupAccountName(systemName *uint16, accountName *uint16, sid *byte, sidSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procLookupAccountNameW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procLookupAccountNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(accountName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(sidSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -166,7 +127,7 @@ func _lookupAccountName(systemName *uint16, accountName *uint16, sid *byte, sidS
 }
 func lookupAccountSid(systemName *uint16, sid *byte, name *uint16, nameSize *uint32, refDomain *uint16, refDomainSize *uint32, sidNameUse *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall9(procLookupAccountSidW.Addr(), 7, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procLookupAccountSidW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(sid)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(nameSize)), uintptr(unsafe.Pointer(refDomain)), uintptr(unsafe.Pointer(refDomainSize)), uintptr(unsafe.Pointer(sidNameUse)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -183,7 +144,7 @@ func lookupPrivilegeDisplayName(systemName string, name *uint16, buffer *uint16,
 }
 func _lookupPrivilegeDisplayName(systemName *uint16, name *uint16, buffer *uint16, size *uint32, languageId *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeDisplayNameW.Addr(), 5, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageId)), 0)
+	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeDisplayNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), uintptr(unsafe.Pointer(languageId)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -200,7 +161,7 @@ func lookupPrivilegeName(systemName string, luid *uint64, buffer *uint16, size *
 }
 func _lookupPrivilegeName(systemName *uint16, luid *uint64, buffer *uint16, size *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procLookupPrivilegeNameW.Addr(), 4, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeNameW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(luid)), uintptr(unsafe.Pointer(buffer)), uintptr(unsafe.Pointer(size)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -222,19 +183,19 @@ func lookupPrivilegeValue(systemName string, name string, luid *uint64) (err err
 }
 func _lookupPrivilegeValue(systemName *uint16, name *uint16, luid *uint64) (err error) {
-	r1, _, e1 := syscall.Syscall(procLookupPrivilegeValueW.Addr(), 3, uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
+	r1, _, e1 := syscall.SyscallN(procLookupPrivilegeValueW.Addr(), uintptr(unsafe.Pointer(systemName)), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(luid)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) {
+func openThreadToken(thread windows.Handle, accessMask uint32, openAsSelf bool, token *windows.Token) (err error) {
 	var _p0 uint32
 	if openAsSelf {
 		_p0 = 1
 	}
-	r1, _, e1 := syscall.Syscall6(procOpenThreadToken.Addr(), 4, uintptr(thread), uintptr(accessMask), uintptr(_p0), uintptr(unsafe.Pointer(token)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procOpenThreadToken.Addr(), uintptr(thread), uintptr(accessMask), uintptr(_p0), uintptr(unsafe.Pointer(token)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
@ -242,14 +203,14 @@ func openThreadToken(thread syscall.Handle, accessMask uint32, openAsSelf bool,
 }
 func revertToSelf() (err error) {
-	r1, _, e1 := syscall.Syscall(procRevertToSelf.Addr(), 0, 0, 0, 0)
+	r1, _, e1 := syscall.SyscallN(procRevertToSelf.Addr())
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+func backupRead(h windows.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
 		_p0 = &b[0]
@ -262,14 +223,14 @@ func backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, proce
 	if processSecurity {
 		_p2 = 1
 	}
-	r1, _, e1 := syscall.Syscall9(procBackupRead.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesRead)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procBackupRead.Addr(), uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesRead)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
+func backupWrite(h windows.Handle, b []byte, bytesWritten *uint32, abort bool, processSecurity bool, context *uintptr) (err error) {
 	var _p0 *byte
 	if len(b) > 0 {
 		_p0 = &b[0]
@ -282,57 +243,39 @@ func backupWrite(h syscall.Handle, b []byte, bytesWritten *uint32, abort bool, p
 	if processSecurity {
 		_p2 = 1
 	}
-	r1, _, e1 := syscall.Syscall9(procBackupWrite.Addr(), 7, uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesWritten)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)), 0, 0)
+	r1, _, e1 := syscall.SyscallN(procBackupWrite.Addr(), uintptr(h), uintptr(unsafe.Pointer(_p0)), uintptr(len(b)), uintptr(unsafe.Pointer(bytesWritten)), uintptr(_p1), uintptr(_p2), uintptr(unsafe.Pointer(context)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) {
+func cancelIoEx(file windows.Handle, o *windows.Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall(procCancelIoEx.Addr(), 2, uintptr(file), uintptr(unsafe.Pointer(o)), 0)
+	r1, _, e1 := syscall.SyscallN(procCancelIoEx.Addr(), uintptr(file), uintptr(unsafe.Pointer(o)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) {
+func connectNamedPipe(pipe windows.Handle, o *windows.Overlapped) (err error) {
-	r1, _, e1 := syscall.Syscall(procConnectNamedPipe.Addr(), 2, uintptr(pipe), uintptr(unsafe.Pointer(o)), 0)
+	r1, _, e1 := syscall.SyscallN(procConnectNamedPipe.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(o)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
+func createIoCompletionPort(file windows.Handle, port windows.Handle, key uintptr, threadCount uint32) (newport windows.Handle, err error) {
-	var _p0 *uint16
+	r0, _, e1 := syscall.SyscallN(procCreateIoCompletionPort.Addr(), uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount))
-	_p0, err = syscall.UTF16PtrFromString(name)
+	newport = windows.Handle(r0)
 	if err != nil {
 		return
 	}
 	return _createFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 func _createFile(name *uint16, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) {
 	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
 	handle = syscall.Handle(r0)
 	if handle == syscall.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
 func createIoCompletionPort(file syscall.Handle, port syscall.Handle, key uintptr, threadCount uint32) (newport syscall.Handle, err error) {
 	r0, _, e1 := syscall.Syscall6(procCreateIoCompletionPort.Addr(), 4, uintptr(file), uintptr(port), uintptr(key), uintptr(threadCount), 0, 0)
 	newport = syscall.Handle(r0)
 	if newport == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *windows.SecurityAttributes) (handle windows.Handle, err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
@ -341,96 +284,93 @@ func createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances ui
 	return _createNamedPipe(_p0, flags, pipeMode, maxInstances, outSize, inSize, defaultTimeout, sa)
 }
-func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error) {
+func _createNamedPipe(name *uint16, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *windows.SecurityAttributes) (handle windows.Handle, err error) {
-	r0, _, e1 := syscall.Syscall9(procCreateNamedPipeW.Addr(), 8, uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)), 0)
+	r0, _, e1 := syscall.SyscallN(procCreateNamedPipeW.Addr(), uintptr(unsafe.Pointer(name)), uintptr(flags), uintptr(pipeMode), uintptr(maxInstances), uintptr(outSize), uintptr(inSize), uintptr(defaultTimeout), uintptr(unsafe.Pointer(sa)))
-	handle = syscall.Handle(r0)
+	handle = windows.Handle(r0)
-	if handle == syscall.InvalidHandle {
+	if handle == windows.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
-func getCurrentThread() (h syscall.Handle) {
+func disconnectNamedPipe(pipe windows.Handle) (err error) {
-	r0, _, _ := syscall.Syscall(procGetCurrentThread.Addr(), 0, 0, 0, 0)
+	r1, _, e1 := syscall.SyscallN(procDisconnectNamedPipe.Addr(), uintptr(pipe))
 	h = syscall.Handle(r0)
 	return
 }
 func getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
 	r1, _, e1 := syscall.Syscall9(procGetNamedPipeHandleStateW.Addr(), 7, uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize), 0, 0)
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
+func getCurrentThread() (h windows.Handle) {
-	r1, _, e1 := syscall.Syscall6(procGetNamedPipeInfo.Addr(), 5, uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)), 0)
+	r0, _, _ := syscall.SyscallN(procGetCurrentThread.Addr())
 	h = windows.Handle(r0)
 	return
 }
 func getNamedPipeHandleState(pipe windows.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) {
 	r1, _, e1 := syscall.SyscallN(procGetNamedPipeHandleStateW.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(state)), uintptr(unsafe.Pointer(curInstances)), uintptr(unsafe.Pointer(maxCollectionCount)), uintptr(unsafe.Pointer(collectDataTimeout)), uintptr(unsafe.Pointer(userName)), uintptr(maxUserNameSize))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func getQueuedCompletionStatus(port syscall.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) {
+func getNamedPipeInfo(pipe windows.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) {
-	r1, _, e1 := syscall.Syscall6(procGetQueuedCompletionStatus.Addr(), 5, uintptr(port), uintptr(unsafe.Pointer(bytes)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(o)), uintptr(timeout), 0)
+	r1, _, e1 := syscall.SyscallN(procGetNamedPipeInfo.Addr(), uintptr(pipe), uintptr(unsafe.Pointer(flags)), uintptr(unsafe.Pointer(outSize)), uintptr(unsafe.Pointer(inSize)), uintptr(unsafe.Pointer(maxInstances)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func localAlloc(uFlags uint32, length uint32) (ptr uintptr) {
+func getQueuedCompletionStatus(port windows.Handle, bytes *uint32, key *uintptr, o **ioOperation, timeout uint32) (err error) {
-	r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(uFlags), uintptr(length), 0)
+	r1, _, e1 := syscall.SyscallN(procGetQueuedCompletionStatus.Addr(), uintptr(port), uintptr(unsafe.Pointer(bytes)), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(o)), uintptr(timeout))
 	ptr = uintptr(r0)
 	return
 }
 func localFree(mem uintptr) {
 	syscall.Syscall(procLocalFree.Addr(), 1, uintptr(mem), 0, 0)
 	return
 }
 func setFileCompletionNotificationModes(h syscall.Handle, flags uint8) (err error) {
 	r1, _, e1 := syscall.Syscall(procSetFileCompletionNotificationModes.Addr(), 2, uintptr(h), uintptr(flags), 0)
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
-func ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) {
+func setFileCompletionNotificationModes(h windows.Handle, flags uint8) (err error) {
-	r0, _, _ := syscall.Syscall15(procNtCreateNamedPipeFile.Addr(), 14, uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)), 0)
+	r1, _, e1 := syscall.SyscallN(procSetFileCompletionNotificationModes.Addr(), uintptr(h), uintptr(flags))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
 	return
 }
 func ntCreateNamedPipeFile(pipe *windows.Handle, access ntAccessMask, oa *objectAttributes, iosb *ioStatusBlock, share ntFileShareMode, disposition ntFileCreationDisposition, options ntFileOptions, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) {
 	r0, _, _ := syscall.SyscallN(procNtCreateNamedPipeFile.Addr(), uintptr(unsafe.Pointer(pipe)), uintptr(access), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(share), uintptr(disposition), uintptr(options), uintptr(typ), uintptr(readMode), uintptr(completionMode), uintptr(maxInstances), uintptr(inboundQuota), uintptr(outputQuota), uintptr(unsafe.Pointer(timeout)))
 	status = ntStatus(r0)
 	return
 }
 func rtlDefaultNpAcl(dacl *uintptr) (status ntStatus) {
-	r0, _, _ := syscall.Syscall(procRtlDefaultNpAcl.Addr(), 1, uintptr(unsafe.Pointer(dacl)), 0, 0)
+	r0, _, _ := syscall.SyscallN(procRtlDefaultNpAcl.Addr(), uintptr(unsafe.Pointer(dacl)))
 	status = ntStatus(r0)
 	return
 }
 func rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntStatus) {
-	r0, _, _ := syscall.Syscall6(procRtlDosPathNameToNtPathName_U.Addr(), 4, uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved), 0, 0)
+	r0, _, _ := syscall.SyscallN(procRtlDosPathNameToNtPathName_U.Addr(), uintptr(unsafe.Pointer(name)), uintptr(unsafe.Pointer(ntName)), uintptr(filePart), uintptr(reserved))
 	status = ntStatus(r0)
 	return
 }
 func rtlNtStatusToDosError(status ntStatus) (winerr error) {
-	r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0)
+	r0, _, _ := syscall.SyscallN(procRtlNtStatusToDosErrorNoTeb.Addr(), uintptr(status))
 	if r0 != 0 {
 		winerr = syscall.Errno(r0)
 	}
 	return
 }
-func wsaGetOverlappedResult(h syscall.Handle, o *syscall.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
+func wsaGetOverlappedResult(h windows.Handle, o *windows.Overlapped, bytes *uint32, wait bool, flags *uint32) (err error) {
 	var _p0 uint32
 	if wait {
 		_p0 = 1
 	}
-	r1, _, e1 := syscall.Syscall6(procWSAGetOverlappedResult.Addr(), 5, uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)), 0)
+	r1, _, e1 := syscall.SyscallN(procWSAGetOverlappedResult.Addr(), uintptr(h), uintptr(unsafe.Pointer(o)), uintptr(unsafe.Pointer(bytes)), uintptr(_p0), uintptr(unsafe.Pointer(flags)))
 	if r1 == 0 {
 		err = errnoErr(e1)
 	}
--- a/vendor/github.com/Microsoft/hcsshim/.gitignore
+++ b/vendor/github.com/Microsoft/hcsshim/.gitignore
@ -37,6 +37,10 @@ rootfs-conv/*
 deps/*
 out/*
 # protobuf files
 # only files at root of the repo, otherwise this will cause issues with vendoring
 /protobuf/*
 # test results
 test/results
--- a/vendor/github.com/Microsoft/hcsshim/.golangci.yml
+++ b/vendor/github.com/Microsoft/hcsshim/.golangci.yml
@ -135,3 +135,14 @@ issues:
      linters:
        - stylecheck
      Text: "ST1003:"
    # v0 APIs are deprecated, but still retained for backwards compatability
    - path: cmd\\ncproxy\\
      linters:
        - staticcheck
      text: "^SA1019: .*(ncproxygrpc|nodenetsvc)[/]?v0"
    - path: internal\\tools\\networkagent
      linters:
        - staticcheck
      text: "^SA1019: .*nodenetsvc[/]?v0"
--- a/vendor/github.com/Microsoft/hcsshim/Makefile
+++ b/vendor/github.com/Microsoft/hcsshim/Makefile
@ -94,23 +94,9 @@ out/delta.tar.gz: bin/init bin/vsockexec bin/cmd/gcs bin/cmd/gcstools bin/cmd/ho
 	tar -zcf $@ -C rootfs .
 	rm -rf rootfs
-include deps/cmd/gcs.gomake
+bin/cmd/gcs bin/cmd/gcstools bin/cmd/hooks/wait-paths bin/cmd/tar2ext4 bin/internal/tools/snp-report:
 -include deps/cmd/gcstools.gomake
 -include deps/cmd/hooks/wait-paths.gomake
 -include deps/cmd/tar2ext4.gomake
 -include deps/internal/tools/snp-report.gomake
 # Implicit rule for includes that define Go targets.
 %.gomake: $(SRCROOT)/Makefile
 	@mkdir -p $(dir $@)
-	@/bin/echo $(@:deps/%.gomake=bin/%): $(SRCROOT)/hack/gomakedeps.sh > $@.new
+	GOOS=linux $(GO_BUILD) -o $@ $(SRCROOT)/$(@:bin/%=%)
 	@/bin/echo -e '\t@mkdir -p $$(dir $$@) $(dir $@)' >> $@.new
 	@/bin/echo -e '\t$$(GO_BUILD) -o $$@.new $$(SRCROOT)/$$(@:bin/%=%)' >> $@.new
 	@/bin/echo -e '\tGO="$(GO)" $$(SRCROOT)/hack/gomakedeps.sh $$@ $$(SRCROOT)/$$(@:bin/%=%) $$(GO_FLAGS) $$(GO_FLAGS_EXTRA) > $(@:%.gomake=%.godeps).new' >> $@.new
 	@/bin/echo -e '\tmv $(@:%.gomake=%.godeps).new $(@:%.gomake=%.godeps)' >> $@.new
 	@/bin/echo -e '\tmv $$@.new $$@' >> $@.new
 	@/bin/echo -e '-include $(@:%.gomake=%.godeps)' >> $@.new
 	mv $@.new $@
 bin/vsockexec: vsockexec/vsockexec.o vsockexec/vsock.o
 	@mkdir -p bin
--- a/vendor/github.com/Microsoft/hcsshim/Protobuild.toml
+++ b/vendor/github.com/Microsoft/hcsshim/Protobuild.toml
@ -9,6 +9,10 @@ plugins = ["grpc", "fieldpath"]
  # treat the root of the project as an include, but this may not be necessary.
  before = ["./protobuf"]
  # defaults are "/usr/local/include" and "/usr/include", which don't exist on Windows.
  # override defaults to supress errors about non-existant directories.
  after = []
  # Paths that should be treated as include roots in relation to the vendor
  # directory. These will be calculated with the vendor directory nearest the
  # target package.
--- a/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -73,7 +70,7 @@ func _hcsAttachLayerStorageFilter(layerPath *uint16, layerData *uint16) (hr erro
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsAttachLayerStorageFilter.Addr(), 2, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)), 0)
+	r0, _, _ := syscall.SyscallN(procHcsAttachLayerStorageFilter.Addr(), uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(layerData)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -97,7 +94,7 @@ func _hcsDestroyLayer(layerPath *uint16) (hr error) {
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsDestoryLayer.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	r0, _, _ := syscall.SyscallN(procHcsDestoryLayer.Addr(), uintptr(unsafe.Pointer(layerPath)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -121,7 +118,7 @@ func _hcsDetachLayerStorageFilter(layerPath *uint16) (hr error) {
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsDetachLayerStorageFilter.Addr(), 1, uintptr(unsafe.Pointer(layerPath)), 0, 0)
+	r0, _, _ := syscall.SyscallN(procHcsDetachLayerStorageFilter.Addr(), uintptr(unsafe.Pointer(layerPath)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -160,7 +157,7 @@ func _hcsExportLayer(layerPath *uint16, exportFolderPath *uint16, layerData *uin
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHcsExportLayer.Addr(), 4, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(exportFolderPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)), 0, 0)
+	r0, _, _ := syscall.SyscallN(procHcsExportLayer.Addr(), uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(exportFolderPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -175,7 +172,7 @@ func hcsFormatWritableLayerVhd(handle windows.Handle) (hr error) {
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsFormatWritableLayerVhd.Addr(), 1, uintptr(handle), 0, 0)
+	r0, _, _ := syscall.SyscallN(procHcsFormatWritableLayerVhd.Addr(), uintptr(handle))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -190,7 +187,7 @@ func hcsGetLayerVhdMountPath(vhdHandle windows.Handle, mountPath **uint16) (hr e
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsGetLayerVhdMountPath.Addr(), 2, uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)), 0)
+	r0, _, _ := syscall.SyscallN(procHcsGetLayerVhdMountPath.Addr(), uintptr(vhdHandle), uintptr(unsafe.Pointer(mountPath)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -224,7 +221,7 @@ func _hcsImportLayer(layerPath *uint16, sourceFolderPath *uint16, layerData *uin
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsImportLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
+	r0, _, _ := syscall.SyscallN(procHcsImportLayer.Addr(), uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(sourceFolderPath)), uintptr(unsafe.Pointer(layerData)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -258,7 +255,7 @@ func _hcsInitializeWritableLayer(writableLayerPath *uint16, layerData *uint16, o
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsInitializeWritableLayer.Addr(), 3, uintptr(unsafe.Pointer(writableLayerPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
+	r0, _, _ := syscall.SyscallN(procHcsInitializeWritableLayer.Addr(), uintptr(unsafe.Pointer(writableLayerPath)), uintptr(unsafe.Pointer(layerData)), uintptr(unsafe.Pointer(options)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -287,7 +284,7 @@ func _hcsSetupBaseOSLayer(layerPath *uint16, handle windows.Handle, options *uin
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSLayer.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
+	r0, _, _ := syscall.SyscallN(procHcsSetupBaseOSLayer.Addr(), uintptr(unsafe.Pointer(layerPath)), uintptr(handle), uintptr(unsafe.Pointer(options)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
@ -321,7 +318,7 @@ func _hcsSetupBaseOSVolume(layerPath *uint16, volumePath *uint16, options *uint1
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall(procHcsSetupBaseOSVolume.Addr(), 3, uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(volumePath)), uintptr(unsafe.Pointer(options)))
+	r0, _, _ := syscall.SyscallN(procHcsSetupBaseOSVolume.Addr(), uintptr(unsafe.Pointer(layerPath)), uintptr(unsafe.Pointer(volumePath)), uintptr(unsafe.Pointer(options)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
@ -421,12 +421,6 @@ func (process *Process) CloseStdin(ctx context.Context) (err error) {
 		return makeProcessError(process, operation, ErrAlreadyClosed, nil)
 	}
 	process.stdioLock.Lock()
 	defer process.stdioLock.Unlock()
 	if process.stdin == nil {
 		return nil
 	}
 	//HcsModifyProcess request to close stdin will fail if the process has already exited
 	if !process.stopped() {
 		modifyRequest := processModifyRequest{
@ -448,8 +442,12 @@ func (process *Process) CloseStdin(ctx context.Context) (err error) {
 		}
 	}
-	process.stdin.Close()
+	process.stdioLock.Lock()
-	process.stdin = nil
+	defer process.stdioLock.Unlock()
 	if process.stdin != nil {
 		process.stdin.Close()
 		process.stdin = nil
 	}
 	return nil
 }
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
@ -14,14 +14,14 @@ import (
 	"golang.org/x/sys/windows"
 )
-// makeOpenFiles calls winio.MakeOpenFile for each handle in a slice but closes all the handles
+// makeOpenFiles calls winio.NewOpenFile for each handle in a slice but closes all the handles
 // if there is an error.
 func makeOpenFiles(hs []syscall.Handle) (_ []io.ReadWriteCloser, err error) {
 	fs := make([]io.ReadWriteCloser, len(hs))
 	for i, h := range hs {
 		if h != syscall.Handle(0) {
 			if err == nil {
-				fs[i], err = winio.MakeOpenFile(h)
+				fs[i], err = winio.NewOpenFile(windows.Handle(h))
 			}
 			if err != nil {
 				syscall.Close(h)
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
@ -10,6 +10,28 @@ import (
 	"github.com/sirupsen/logrus"
 )
 // EndpointState represents the states of an HNS Endpoint lifecycle.
 type EndpointState uint16
 // EndpointState const
 // The lifecycle of an Endpoint goes through created, attached, AttachedSharing - endpoint is being shared with other containers,
 // detached, after being attached, degraded and finally destroyed.
 // Note: This attribute is used by calico to define stale containers and is dependent on HNS v1 api, if we move to HNS v2 api we will need
 // to update the current calico code and cordinate the change with calico. Reach out to Microsoft to facilate the change via HNS.
 const (
 	Uninitialized   EndpointState = iota
 	Created         EndpointState = 1
 	Attached        EndpointState = 2
 	AttachedSharing EndpointState = 3
 	Detached        EndpointState = 4
 	Degraded        EndpointState = 5
 	Destroyed       EndpointState = 6
 )
 func (es EndpointState) String() string {
 	return [...]string{"Uninitialized", "Attached", "AttachedSharing", "Detached", "Degraded", "Destroyed"}[es]
 }
 // HNSEndpoint represents a network endpoint in HNS
 type HNSEndpoint struct {
 	Id                 string            `json:"ID,omitempty"`
@ -34,6 +56,7 @@ type HNSEndpoint struct {
 	Namespace          *Namespace        `json:",omitempty"`
 	EncapOverhead      uint16            `json:",omitempty"`
 	SharedContainers   []string          `json:",omitempty"`
 	State              EndpointState     `json:",omitempty"`
 }
 // SystemType represents the type of the system on which actions are done
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
@ -57,9 +57,10 @@ type PaPolicy struct {
 type OutboundNatPolicy struct {
 	Policy
-	VIP          string   `json:"VIP,omitempty"`
+	VIP              string   `json:"VIP,omitempty"`
-	Exceptions   []string `json:"ExceptionList,omitempty"`
+	Exceptions       []string `json:"ExceptionList,omitempty"`
-	Destinations []string `json:",omitempty"`
+	Destinations     []string `json:",omitempty"`
 	MaxPortPoolUsage uint16   `json:",omitempty"`
 }
 type ProxyPolicy struct {
--- a/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -69,7 +66,7 @@ func __hnsCall(method *uint16, path *uint16, object *uint16, response **uint16)
 	if hr != nil {
 		return
 	}
-	r0, _, _ := syscall.Syscall6(procHNSCall.Addr(), 4, uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)), 0, 0)
+	r0, _, _ := syscall.SyscallN(procHNSCall.Addr(), uintptr(unsafe.Pointer(method)), uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(object)), uintptr(unsafe.Pointer(response)))
 	if int32(r0) < 0 {
 		if r0&0x1fff0000 == 0x00070000 {
 			r0 &= 0xffff
--- a/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
@ -33,9 +33,6 @@ func errnoErr(e syscall.Errno) error {
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
@ -46,6 +43,6 @@ var (
 )
 func coTaskMemFree(buffer unsafe.Pointer) {
-	syscall.Syscall(procCoTaskMemFree.Addr(), 1, uintptr(buffer), 0, 0)
+	syscall.SyscallN(procCoTaskMemFree.Addr(), uintptr(buffer))
 	return
 }
--- a/vendor/github.com/Microsoft/hcsshim/internal/log/format.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/format.go
@ -0,0 +1,87 @@
 package log
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"net"
 	"reflect"
 	"time"
 )
 // TimeFormat is [time.RFC3339Nano] with nanoseconds padded using
 // zeros to ensure the formatted time is always the same number of
 // characters.
 // Based on RFC3339NanoFixed from github.com/containerd/log
 const TimeFormat = "2006-01-02T15:04:05.000000000Z07:00"
 func FormatTime(t time.Time) string {
 	return t.Format(TimeFormat)
 }
 // DurationFormat formats a [time.Duration] log entry.
 //
 // A nil value signals an error with the formatting.
 type DurationFormat func(time.Duration) interface{}
 func DurationFormatString(d time.Duration) interface{}       { return d.String() }
 func DurationFormatSeconds(d time.Duration) interface{}      { return d.Seconds() }
 func DurationFormatMilliseconds(d time.Duration) interface{} { return d.Milliseconds() }
 // FormatIO formats net.Conn and other types that have an `Addr()` or `Name()`.
 //
 // See FormatEnabled for more information.
 func FormatIO(ctx context.Context, v interface{}) string {
 	m := make(map[string]string)
 	m["type"] = reflect.TypeOf(v).String()
 	switch t := v.(type) {
 	case net.Conn:
 		m["localAddress"] = formatAddr(t.LocalAddr())
 		m["remoteAddress"] = formatAddr(t.RemoteAddr())
 	case interface{ Addr() net.Addr }:
 		m["address"] = formatAddr(t.Addr())
 	default:
 		return Format(ctx, t)
 	}
 	return Format(ctx, m)
 }
 func formatAddr(a net.Addr) string {
 	return a.Network() + "://" + a.String()
 }
 // Format formats an object into a JSON string, without any indendtation or
 // HTML escapes.
 // Context is used to output a log waring if the conversion fails.
 //
 // This is intended primarily for `trace.StringAttribute()`
 func Format(ctx context.Context, v interface{}) string {
 	b, err := encode(v)
 	if err != nil {
 		G(ctx).WithError(err).Warning("could not format value")
 		return ""
 	}
 	return string(b)
 }
 func encode(v interface{}) ([]byte, error) {
 	return encodeBuffer(&bytes.Buffer{}, v)
 }
 func encodeBuffer(buf *bytes.Buffer, v interface{}) ([]byte, error) {
 	enc := json.NewEncoder(buf)
 	enc.SetEscapeHTML(false)
 	enc.SetIndent("", "")
 	if err := enc.Encode(v); err != nil {
 		err = fmt.Errorf("could not marshall %T to JSON for logging: %w", v, err)
 		return nil, err
 	}
 	// encoder.Encode appends a newline to the end
 	return bytes.TrimSpace(buf.Bytes()), nil
 }
--- a/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/hook.go
@ -1,23 +1,57 @@
 package log
 import (
 	"bytes"
 	"reflect"
 	"time"
 	"github.com/Microsoft/hcsshim/internal/logfields"
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
 )
-// Hook serves to intercept and format `logrus.Entry`s before they are passed
+const nullString = "null"
-// to the ETW hook.
+
 // Hook intercepts and formats a [logrus.Entry] before it logged.
 //
-// The containerd shim discards the (formatted) logrus output, and outputs only via ETW.
+// The shim either outputs the logs through an ETW hook, discarding the (formatted) output
-// The Linux GCS outputs logrus entries over stdout, which is consumed by the shim and
+// or logs output to a pipe for logging binaries to consume.
-// then re-output via the ETW hook.
+// The Linux GCS outputs logrus entries over stdout, which is then consumed and re-output
-type Hook struct{}
+// by the shim.
 type Hook struct {
 	// EncodeAsJSON formats structs, maps, arrays, slices, and [bytes.Buffer] as JSON.
 	// Variables of [bytes.Buffer] will be converted to []byte.
 	//
 	// Default is false.
 	EncodeAsJSON bool
 	// FormatTime specifies the format for [time.Time] variables.
 	// An empty string disables formatting.
 	// When disabled, the fall back will the JSON encoding, if enabled.
 	//
 	// Default is [TimeFormat].
 	TimeFormat string
 	// Duration format converts a [time.Duration] fields to an appropriate encoding.
 	// nil disables formatting.
 	// When disabled, the fall back will the JSON encoding, if enabled.
 	//
 	// Default is [DurationFormatString], which appends a duration unit after the value.
 	DurationFormat DurationFormat
 	// AddSpanContext adds [logfields.TraceID] and [logfields.SpanID] fields to
 	// the entry from the span context stored in [logrus.Entry.Context], if it exists.
 	AddSpanContext bool
 }
 var _ logrus.Hook = &Hook{}
 func NewHook() *Hook {
-	return &Hook{}
+	return &Hook{
 		TimeFormat:     TimeFormat,
 		DurationFormat: DurationFormatString,
 		AddSpanContext: true,
 	}
 }
 func (h *Hook) Levels() []logrus.Level {
@ -25,14 +59,108 @@ func (h *Hook) Levels() []logrus.Level {
 }
 func (h *Hook) Fire(e *logrus.Entry) (err error) {
 	// JSON encode, if necessary, then add span information
 	h.encode(e)
 	h.addSpanContext(e)
 	return nil
 }
 // encode loops through all the fields in the [logrus.Entry] and encodes them according to
 // the settings in [Hook].
 // If [Hook.TimeFormat] is non-empty, it will be passed to [time.Time.Format] for
 // fields of type [time.Time].
 //
 // If [Hook.EncodeAsJSON] is true, then fields that are not numeric, boolean, strings, or
 // errors will be encoded via a [json.Marshal] (with HTML escaping disabled).
 // Chanel- and function-typed fields, as well as unsafe pointers are left alone and not encoded.
 //
 // If [Hook.TimeFormat] and [Hook.DurationFormat] are empty and [Hook.EncodeAsJSON] is false,
 // then this is a no-op.
 func (h *Hook) encode(e *logrus.Entry) {
 	d := e.Data
 	formatTime := h.TimeFormat != ""
 	formatDuration := h.DurationFormat != nil
 	if !(h.EncodeAsJSON || formatTime || formatDuration) {
 		return
 	}
 	for k, v := range d {
 		// encode types with dedicated formatting options first
 		if vv, ok := v.(time.Time); formatTime && ok {
 			d[k] = vv.Format(h.TimeFormat)
 			continue
 		}
 		if vv, ok := v.(time.Duration); formatDuration && ok {
 			d[k] = h.DurationFormat(vv)
 			continue
 		}
 		// general case JSON encoding
 		if !h.EncodeAsJSON {
 			continue
 		}
 		switch vv := v.(type) {
 		// built in types
 		// "json" marshals errors as "{}", so leave alone here
 		case bool, string, error, uintptr,
 			int8, int16, int32, int64, int,
 			uint8, uint32, uint64, uint,
 			float32, float64:
 			continue
 		// Rather than setting d[k] = vv.String(), JSON encode []byte value, since it
 		// may be a binary payload and not representable as a string.
 		// `case bytes.Buffer,*bytes.Buffer:` resolves `vv` to `interface{}`,
 		// so cannot use `vv.Bytes`.
 		// Could move to below the `reflect.Indirect()` call below, but
 		// that would require additional typematching and dereferencing.
 		// Easier to keep these duplicate branches here.
 		case bytes.Buffer:
 			v = vv.Bytes()
 		case *bytes.Buffer:
 			v = vv.Bytes()
 		}
 		// dereference pointer or interface variables
 		rv := reflect.Indirect(reflect.ValueOf(v))
 		// check if `v` is a null pointer
 		if !rv.IsValid() {
 			d[k] = nullString
 			continue
 		}
 		switch rv.Kind() {
 		case reflect.Map, reflect.Struct, reflect.Array, reflect.Slice:
 		default:
 			// Bool, [U]?Int*, Float*, Complex*, Uintptr, String: encoded as normal
 			// Chan, Func: not supported by json
 			// Interface, Pointer: dereferenced above
 			// UnsafePointer: not supported by json, not safe to de-reference; leave alone
 			continue
 		}
 		b, err := encode(v)
 		if err != nil {
 			// Errors are written to stderr (ie, to `panic.log`) and stops the remaining
 			// hooks (ie, exporting to ETW) from firing. So add encoding errors to
 			// the entry data to be written out, but keep on processing.
 			d[k+"-"+logrus.ErrorKey] = err.Error()
 			// keep the original `v` as the value,
 			continue
 		}
 		d[k] = string(b)
 	}
 }
 func (h *Hook) addSpanContext(e *logrus.Entry) {
 	ctx := e.Context
-	if ctx == nil {
+	if !h.AddSpanContext || ctx == nil {
 		return
 	}
 	span := trace.FromContext(ctx)
--- a/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/log/scrub.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
 	"strings"
 	"sync/atomic"
 	hcsschema "github.com/Microsoft/hcsshim/internal/hcs/schema2"
@ -56,11 +55,11 @@ func ScrubProcessParameters(s string) (string, error) {
 	}
 	pp.Environment = map[string]string{_scrubbedReplacement: _scrubbedReplacement}
-	buf := bytes.NewBuffer(b[:0])
+	b, err := encodeBuffer(bytes.NewBuffer(b[:0]), pp)
-	if err := encode(buf, pp); err != nil {
+	if err != nil {
 		return "", err
 	}
-	return strings.TrimSpace(buf.String()), nil
+	return string(b), nil
 }
 // ScrubBridgeCreate scrubs requests sent over the bridge of type
@ -150,21 +149,12 @@ func scrubBytes(b []byte, scrub scrubberFunc) ([]byte, error) {
 		return nil, err
 	}
-	buf := &bytes.Buffer{}
+	b, err := encode(m)
-	if err := encode(buf, m); err != nil {
+	if err != nil {
 		return nil, err
 	}
-	return bytes.TrimSpace(buf.Bytes()), nil
+	return b, nil
 }
 func encode(buf *bytes.Buffer, v interface{}) error {
 	enc := json.NewEncoder(buf)
 	enc.SetEscapeHTML(false)
 	if err := enc.Encode(v); err != nil {
 		return err
 	}
 	return nil
 }
 func isRequestBase(m genMap) bool {
--- a/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/errors.go
@ -0,0 +1,69 @@
 package oc
 import (
 	"errors"
 	"io"
 	"net"
 	"os"
 	"github.com/containerd/containerd/errdefs"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 // todo: break import cycle with "internal/hcs/errors.go" and reference errors defined there
 // todo: add errors defined in "internal/guest/gcserror" (Hresult does not implement error)
 func toStatusCode(err error) codes.Code {
 	// checks if err implements GRPCStatus() *"google.golang.org/grpc/status".Status,
 	// wraps an error defined in "github.com/containerd/containerd/errdefs", or is a
 	// context timeout or cancelled error
 	if s, ok := status.FromError(errdefs.ToGRPC(err)); ok {
 		return s.Code()
 	}
 	switch {
 	// case isAny(err):
 	// 	return codes.Cancelled
 	case isAny(err, os.ErrInvalid):
 		return codes.InvalidArgument
 	case isAny(err, os.ErrDeadlineExceeded):
 		return codes.DeadlineExceeded
 	case isAny(err, os.ErrNotExist):
 		return codes.NotFound
 	case isAny(err, os.ErrExist):
 		return codes.AlreadyExists
 	case isAny(err, os.ErrPermission):
 		return codes.PermissionDenied
 	// case isAny(err):
 	// 	return codes.ResourceExhausted
 	case isAny(err, os.ErrClosed, net.ErrClosed, io.ErrClosedPipe, io.ErrShortBuffer):
 		return codes.FailedPrecondition
 	// case isAny(err):
 	// 	return codes.Aborted
 	// case isAny(err):
 	// 	return codes.OutOfRange
 	// case isAny(err):
 	// 	return codes.Unimplemented
 	case isAny(err, io.ErrNoProgress):
 		return codes.Internal
 	// case isAny(err):
 	// 	return codes.Unavailable
 	case isAny(err, io.ErrShortWrite, io.ErrUnexpectedEOF):
 		return codes.DataLoss
 	// case isAny(err):
 	// 	return codes.Unauthenticated
 	default:
 		return codes.Unknown
 	}
 }
 // isAny returns true if errors.Is is true for any of the provided errors, errs.
 func isAny(err error, errs ...error) bool {
 	for _, e := range errs {
 		if errors.Is(err, e) {
 			return true
 		}
 	}
 	return false
 }
--- a/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
@ -3,19 +3,26 @@ package oc
 import (
 	"github.com/sirupsen/logrus"
 	"go.opencensus.io/trace"
 	"google.golang.org/grpc/codes"
 	"github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/logfields"
 )
-var _ = (trace.Exporter)(&LogrusExporter{})
+const spanMessage = "Span"
 var _errorCodeKey = logrus.ErrorKey + "Code"
 // LogrusExporter is an OpenCensus `trace.Exporter` that exports
 // `trace.SpanData` to logrus output.
-type LogrusExporter struct {
+type LogrusExporter struct{}
-}
+
 var _ trace.Exporter = &LogrusExporter{}
 // ExportSpan exports `s` based on the the following rules:
 //
-// 1. All output will contain `s.Attributes`, `s.TraceID`, `s.SpanID`,
+// 1. All output will contain `s.Attributes`, `s.SpanKind`, `s.TraceID`,
-// `s.ParentSpanID` for correlation
+// `s.SpanID`, and `s.ParentSpanID` for correlation
 //
 // 2. Any calls to .Annotate will not be supported.
 //
@ -23,21 +30,57 @@ type LogrusExporter struct {
 // `s.Status.Code != 0` in which case it will be written at `logrus.ErrorLevel`
 // providing `s.Status.Message` as the error value.
 func (le *LogrusExporter) ExportSpan(s *trace.SpanData) {
-	// Combine all span annotations with traceID, spanID, parentSpanID
+	if s.DroppedAnnotationCount > 0 {
-	baseEntry := logrus.WithFields(logrus.Fields(s.Attributes))
+		logrus.WithFields(logrus.Fields{
-	baseEntry.Data["traceID"] = s.TraceID.String()
+			"name":            s.Name,
-	baseEntry.Data["spanID"] = s.SpanID.String()
+			logfields.TraceID: s.TraceID.String(),
-	baseEntry.Data["parentSpanID"] = s.ParentSpanID.String()
+			logfields.SpanID:  s.SpanID.String(),
-	baseEntry.Data["startTime"] = s.StartTime
+			"dropped":         s.DroppedAttributeCount,
-	baseEntry.Data["endTime"] = s.EndTime
+			"maxAttributes":   len(s.Attributes),
-	baseEntry.Data["duration"] = s.EndTime.Sub(s.StartTime).String()
+		}).Warning("span had dropped attributes")
-	baseEntry.Data["name"] = s.Name
+	}
-	baseEntry.Time = s.StartTime
+
 	entry := log.L.Dup()
 	// Combine all span annotations with span data (eg, trace ID, span ID, parent span ID,
 	// error, status code)
 	// (OC) Span attributes are guaranteed to be  strings, bools, or int64s, so we can
 	// can skip overhead in entry.WithFields() and add them directly to entry.Data.
 	// Preallocate ahead of time, since we should add, at most, 10 additional entries
 	data := make(logrus.Fields, len(entry.Data)+len(s.Attributes)+10)
 	// Default log entry may have prexisting/application-wide data
 	for k, v := range entry.Data {
 		data[k] = v
 	}
 	for k, v := range s.Attributes {
 		data[k] = v
 	}
 	data[logfields.Name] = s.Name
 	data[logfields.TraceID] = s.TraceID.String()
 	data[logfields.SpanID] = s.SpanID.String()
 	data[logfields.ParentSpanID] = s.ParentSpanID.String()
 	data[logfields.StartTime] = s.StartTime
 	data[logfields.EndTime] = s.EndTime
 	data[logfields.Duration] = s.EndTime.Sub(s.StartTime)
 	if sk := spanKindToString(s.SpanKind); sk != "" {
 		data["spanKind"] = sk
 	}
 	level := logrus.InfoLevel
 	if s.Status.Code != 0 {
 		level = logrus.ErrorLevel
-		baseEntry.Data[logrus.ErrorKey] = s.Status.Message
+
 		// don't overwrite an existing "error" or "errorCode" attributes
 		if _, ok := data[logrus.ErrorKey]; !ok {
 			data[logrus.ErrorKey] = s.Status.Message
 		}
 		if _, ok := data[_errorCodeKey]; !ok {
 			data[_errorCodeKey] = codes.Code(s.Status.Code).String()
 		}
 	}
-	baseEntry.Log(level, "Span")
+
 	entry.Data = data
 	entry.Time = s.StartTime
 	entry.Log(level, spanMessage)
 }
--- a/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
@ -14,8 +14,7 @@ var DefaultSampler = trace.AlwaysSample()
 func SetSpanStatus(span *trace.Span, err error) {
 	status := trace.Status{}
 	if err != nil {
-		// TODO: JTERRY75 - Handle errors in a non-generic way
+		status.Code = int32(toStatusCode(err))
 		status.Code = trace.StatusCodeUnknown
 		status.Message = err.Error()
 	}
 	span.SetStatus(status)
@ -46,3 +45,14 @@ func update(ctx context.Context, s *trace.Span) (context.Context, *trace.Span) {
 var WithServerSpanKind = trace.WithSpanKind(trace.SpanKindServer)
 var WithClientSpanKind = trace.WithSpanKind(trace.SpanKindClient)
 func spanKindToString(sk int) string {
 	switch sk {
 	case trace.SpanKindClient:
 		return "client"
 	case trace.SpanKindServer:
 		return "server"
 	default:
 		return ""
 	}
 }
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,2 @@`
							`// This package contains Win32 filesystem functionality.`
							`package fs`