Add user support for custom containers

Custom containers in the compose file can have a directory mounted to store state for things like a database. This requires a specific user since influxdb/postgresql and other containers create folders and update permissions on start-up. Tested with influxdb on Ubuntu with userid 1000, which failed before the change. Adds a grace period in the e2e tests. Signed-off-by: Alex Ellis (OpenFaaS Ltd) <alexellis2@gmail.com>
2025-06-18 12:06:36 +00:00 · 2021-01-04 09:45:34 +00:00
2471 changed files with 228015 additions and 385066 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -1,37 +1,16 @@
 ## Due diligence
 <!-- Due dilligence -->
 ## My actions before raising this issue
 Before you ask for help or support, make sure that you've [consulted the manual for faasd](https://openfaas.gumroad.com/l/serverless-for-everyone-else). We can't answer questions that are already covered by the manual.
 <!-- How is this affecting you? What task are you trying to accomplish? -->
 ## Why do you need this?
 <!-- Attempts to mask or hide this may result in the issue being closed -->
 ## Who is this for?
 What company is this for? Are you listed in the [ADOPTERS.md](https://github.com/openfaas/faas/blob/master/ADOPTERS.md) file?
 <!--- Provide a general summary of the issue in the Title above -->
 ## Expected Behaviour
 <!--- If you're describing a bug, tell us what should happen -->
 <!--- If you're suggesting a change/improvement, tell us how it should work -->
 ## Current Behaviour
 <!--- If describing a bug, tell us what happens instead of the expected behavior -->
 <!--- If suggesting a change/improvement, explain the difference from current behavior -->
-
+## Possible Solution
-## List All Possible Solutions and Workarounds
+<!--- Not obligatory, but suggest a fix/reason for the bug, -->
-<!--- Suggest a fix/reason for the bug, or ideas how to implement  -->
+<!--- or ideas how to implement the addition or change -->
 <!--- the addition or change -->
 <!--- Is there a workaround which could avoid making changes? -->
 ## Which Solution Do You Recommend?
 <!--- Pick your preferred solution, if you were to implement and maintain this change -->
 ## Steps to Reproduce (for bugs)
 <!--- Provide a link to a live example, or an unambiguous set of steps to -->
@ -41,6 +20,10 @@ What company is this for? Are you listed in the [ADOPTERS.md](https://github.com
 3.
 4.
 ## Context
 <!--- How has this issue affected you? What are you trying to accomplish? -->
 <!--- Providing context helps us come up with a solution that is most useful in the real world -->
 ## Your Environment
 * OS and architecture:
@ -55,6 +38,4 @@ containerd -version
 uname -a
 cat /etc/os-release
 faasd version
 ```
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -10,7 +10,11 @@ jobs:
  build:
    env:
      GO111MODULE: off
-    runs-on: ubuntu-latest
+    strategy:
      matrix:
        go-version: [1.13.x]
        os: [ubuntu-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@master
        with:
@ -18,7 +22,7 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.21.x
+          go-version: ${{ matrix.go-version }}
      - name: test
        run: make test
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@ -7,7 +7,11 @@ on:
 jobs:
  publish:
-    runs-on: ubuntu-latest
+    strategy:
      matrix:
        go-version: [ 1.13.x ]
        os: [ ubuntu-latest ]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@master
        with:
@ -15,11 +19,11 @@ jobs:
      - name: Install Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.21.x
+          go-version: ${{ matrix.go-version }}
      - name: Make publish
        run: make publish
      - name: Upload release binaries
-        uses: alexellis/upload-assets@0.4.0
+        uses: alexellis/upload-assets@0.2.2
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
--- a/.github/workflows/verify-images.yaml
+++ b/.github/workflows/verify-images.yaml
@ -1,18 +0,0 @@
 name: Verify Docker Compose Images
 on:
  push:
    paths:
      - '**.yaml'
 jobs:
  verifyImages:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - uses: alexellis/setup-arkade@v2
      - name: Verify chart images
        id: verify_images
        run: |
          VERBOSE=true make verify-compose
--- a/30
+++ b/30
@ -1,8 +1,8 @@
 Version := $(shell git describe --tags --dirty)
 GitCommit := $(shell git rev-parse HEAD)
 LDFLAGS := "-s -w -X main.Version=$(Version) -X main.GitCommit=$(GitCommit)"
-CONTAINERD_VER := 1.7.0
+CONTAINERD_VER := 1.3.4
-CNI_VERSION := v0.9.1
+CNI_VERSION := v0.8.6
 ARCH := amd64
 export GO111MODULE=on
@ -20,15 +20,11 @@ local:
 test:
 	CGO_ENABLED=0 GOOS=linux go test -mod=vendor -ldflags $(LDFLAGS) ./...
 .PHONY: dist-local
 dist-local:
 	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd
 .PHONY: dist
 dist:
-	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd
+	CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd-armhf
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd-armhf
-	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -mod=vendor -ldflags $(LDFLAGS) -o bin/faasd-arm64
+	CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -mod=vendor -ldflags $(LDFLAGS) -a -installsuffix cgo -o bin/faasd-arm64
 .PHONY: hashgen
 hashgen:
@ -36,8 +32,8 @@ hashgen:
 .PHONY: prepare-test
 prepare-test:
-	curl -sLSf https://github.com/containerd/containerd/releases/download/v$(CONTAINERD_VER)/containerd-$(CONTAINERD_VER)-linux-amd64.tar.gz > /tmp/containerd.tar.gz && sudo tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
+	curl -sLSf https://github.com/containerd/containerd/releases/download/v$(CONTAINERD_VER)/containerd-$(CONTAINERD_VER).linux-amd64.tar.gz > /tmp/containerd.tar.gz && sudo tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
-	curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.7.0/containerd.service | sudo tee /etc/systemd/system/containerd.service
+	curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.2/containerd.service | sudo tee /etc/systemd/system/containerd.service
 	sudo systemctl daemon-reload && sudo systemctl start containerd
 	sudo /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 	sudo mkdir -p /opt/cni/bin
@ -67,14 +63,4 @@ test-e2e:
 	/usr/local/bin/faas-cli list
 	sleep 3
 	journalctl -t openfaas-fn:figlet --no-pager
-
+	/usr/local/bin/faas-cli logs figlet --since 15m --follow=false | grep Forking
 # Removed due to timing issue in CI on GitHub Actions
 #	/usr/local/bin/faas-cli logs figlet --since 15m --follow=false | grep Forking
 verify-compose:
 	@echo Verifying docker-compose.yaml images in remote registries && \
 	arkade chart verify --verbose=$(VERBOSE) -f ./docker-compose.yaml
 upgrade-compose:
 	@echo Checking for newer images in remote registries && \
 	arkade chart upgrade -f ./docker-compose.yaml --write
--- a/README.md
+++ b/README.md
@ -1,56 +1,201 @@
 # faasd - a lightweight & portable faas engine
 [![Sponsor faasd](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&link=https://github.com/sponsors/openfaas)](https://github.com/sponsors/openfaas)
 [![Build Status](https://github.com/openfaas/faasd/workflows/build/badge.svg?branch=master)](https://github.com/openfaas/faasd/actions)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![OpenFaaS](https://img.shields.io/badge/openfaas-serverless-blue.svg)](https://www.openfaas.com)
 ![Downloads](https://img.shields.io/github/downloads/openfaas/faasd/total)
 faasd is [OpenFaaS](https://github.com/openfaas/) reimagined, but without the cost and complexity of Kubernetes. It runs on a single host with very modest requirements, making it fast and easy to manage. Under the hood it uses [containerd](https://containerd.io/) and [Container Networking Interface (CNI)](https://github.com/containernetworking/cni) along with the same core OpenFaaS components from the main project.
-![faasd logo](docs/media/social.png)
+## When should you use faasd over OpenFaaS on Kubernetes?
-## Use-cases and tutorials
+* You have a cost sensitive project - run faasd on a 5-10 USD VPS or on your Raspberry Pi
 * When you just need a few functions or microservices, without the cost of a cluster
 * When you don't have the bandwidth to learn or manage Kubernetes
 * To deploy embedded apps in IoT and edge use-cases
 * To shrink-wrap applications for use with a customer or client
-faasd is just another way to run OpenFaaS, so many things you read in the docs or in blog posts will work the same way.
+faasd does not create the same maintenance burden you'll find with maintaining, upgrading, and securing a Kubernetes cluster. You can deploy it and walk away, in the worst case, just deploy a new VM and deploy your functions again.
-Videos and overviews:
+## About faasd
-* [Exploring of serverless use-cases from commercial and personal users (YouTube)](https://www.youtube.com/watch?v=mzuXVuccaqI)
+* is a single Golang binary
-* [Meet faasd. Look Ma’ No Kubernetes! (YouTube)](https://www.youtube.com/watch?v=ZnZJXI377ak)
+* uses the same core components and ecosystem of OpenFaaS
 * is multi-arch, so works on Intel `x86_64` and ARM out the box
 * can be set-up and left alone to run your applications
 ![demo](https://pbs.twimg.com/media/EPNQz00W4AEwDxM?format=jpg&name=small)
 > Demo of faasd running in KVM
 ## Try faasd for the first time
 faasd is OpenFaaS, so many things you read in the docs or in blog posts will work the same way.
 Use-cases and tutorials:
-* [Serverless Node.js that you can run anywhere](https://www.openfaas.com/blog/serverless-nodejs/)
+* [Deploy via GitHub Actions](https://www.openfaas.com/blog/openfaas-functions-with-github-actions/)
 * [Simple Serverless with Golang Functions and Microservices](https://www.openfaas.com/blog/golang-serverless/)
 * [Build a Flask microservice with OpenFaaS](https://www.openfaas.com/blog/openfaas-flask/)
 * [Get started with Java 11 and Vert.x on Kubernetes with OpenFaaS](https://www.openfaas.com/blog/get-started-with-java-openjdk11/)
 * [Deploy to faasd via GitHub Actions](https://www.openfaas.com/blog/openfaas-functions-with-github-actions/)
 * [Scrape and automate websites with Puppeteer](https://www.openfaas.com/blog/puppeteer-scraping/)
 * [Serverless Node.js that you can run anywhere](https://www.openfaas.com/blog/serverless-nodejs/)
 * [Build a Flask microservice with OpenFaaS](https://www.openfaas.com/blog/openfaas-flask/)
 Additional resources:
 * The official handbook - [Serverless For Everyone Else](https://gumroad.com/l/serverless-for-everyone-else)
 * For reference: [OpenFaaS docs](https://docs.openfaas.com)
 * For use-cases and tutorials: [OpenFaaS blog](https://openfaas.com/blog/)
 * For self-paced learning: [OpenFaaS workshop](https://github.com/openfaas/workshop/)
-### About faasd
+## Deploy faasd
-* faasd is a static Golang binary
+The easiest way to deploy faasd is with cloud-init, we give several examples below, and post IaaS platforms will accept "user-data" pasted into their UI, or via their API.
 * uses the same core components and ecosystem of OpenFaaS
 * uses containerd for its runtime and CNI for networking
 * is multi-arch, so works on Intel `x86_64` and ARM out the box
 * can run almost any other stateful container through its `docker-compose.yaml` file
-Most importantly, it's easy to manage so you can set it up and leave it alone to run your functions.
+If you don't use cloud-init, or have already created your Linux server you can use the installation script. This approach also works for Raspberry Pi:
-[![demo](https://pbs.twimg.com/media/EPNQz00W4AEwDxM?format=jpg&name=medium)](https://www.youtube.com/watch?v=WX1tZoSXy8E)
+```bash
 git clone https://github.com/openfaas/faasd
 cd faasd
-> Demo of faasd running asynchronous functions
+./hack/install.sh
 ```
-Watch the video: [faasd walk-through with cloud-init and Multipass](https://www.youtube.com/watch?v=WX1tZoSXy8E)
+For trying out fasad on MacOS or Windows, we recommend using multipass and its cloud-init option.
-### What does faasd deploy?
+### Run locally on MacOS, Linux, or Windows with multipass
 * [Get up and running with your own faasd installation on your Mac/Ubuntu or Windows with cloud-config](/docs/MULTIPASS.md)
 ### DigitalOcean tutorial with Terraform and TLS
 The terraform can be adapted for any IaaS provider:
 * [Bring a lightweight Serverless experience to DigitalOcean with Terraform and faasd](https://www.openfaas.com/blog/faasd-tls-terraform/)
 See also: [Build a Serverless appliance with faasd and cloud-init](https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/)
 ### Get started on armhf / Raspberry Pi
 You can run this tutorial on your Raspberry Pi, or adapt the steps for a regular Linux VM/VPS host.
 * [faasd - lightweight Serverless for your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 ### Terraform for DigitalOcean
 Automate everything within < 60 seconds and get a public URL and IP address back. Customise as required, or adapt to your preferred cloud such as AWS EC2.
 * [Provision faasd 0.9.10 on DigitalOcean with Terraform 0.12.0](docs/bootstrap/README.md)
 * [Provision faasd on DigitalOcean with built-in TLS support](docs/bootstrap/digitalocean-terraform/README.md)
 ## Operational concerns
 ### A note on private repos / registries
 To use private image repos, `~/.docker/config.json` needs to be copied to `/var/lib/faasd/.docker/config.json`.
 If you'd like to set up your own private registry, [see this tutorial](https://blog.alexellis.io/get-a-tls-enabled-docker-registry-in-5-minutes/).
 Beware that running `docker login` on MacOS and Windows may create an empty file with your credentials stored in the system helper.
 Alternatively, use you can use the `registry-login` command from the OpenFaaS Cloud bootstrap tool (ofc-bootstrap):
 ```bash
 curl -sLSf https://raw.githubusercontent.com/openfaas-incubator/ofc-bootstrap/master/get.sh | sudo sh
 ofc-bootstrap registry-login --username <your-registry-username> --password-stdin
 # (the enter your password and hit return)
 ```
 The file will be created in `./credentials/`
 > Note for the GitHub container registry, you should use `ghcr.io` Container Registry and not the previous generation of "Docker Package Registry". [See notes on migrating](https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images)
 ### Logs for functions
 You can view the logs of functions using `journalctl`:
 ```bash
 journalctl -t openfaas-fn:FUNCTION_NAME
 faas-cli store deploy figlet
 journalctl -t openfaas-fn:figlet -f &
 echo logs | faas-cli invoke figlet
 ```
 ### Logs for the core services
 Core services as defined in the docker-compose.yaml file are deployed as containers by faasd.
 View the logs for a component by giving its NAME:
 ```bash
 journalctl -t default:NAME
 journalctl -t default:gateway
 journalctl -t default:queue-worker
 ```
 You can also use `-f` to follow the logs, or `--lines` to tail a number of lines, or `--since` to give a timeframe.
 ### Exposing core services
 The OpenFaaS stack is made up of several core services including NATS and Prometheus. You can expose these through the `docker-compose.yaml` file located at `/var/lib/faasd`.
 Expose the gateway to all adapters:
 ```yaml
  gateway:
    ports:
       - "8080:8080"
 ```
 Expose Prometheus only to 127.0.0.1:
 ```yaml
  prometheus:
    ports:
       - "127.0.0.1:9090:9090"
 ```
 ### Upgrading faasd
 To upgrade `faasd` either re-create your VM using Terraform, or simply replace the faasd binary with a newer one.
 ```bash
 systemctl stop faasd-provider
 systemctl stop faasd
 # Replace /usr/local/bin/faasd with the desired release
 # Replace /var/lib/faasd/docker-compose.yaml with the matching version for
 # that release.
 # Remember to keep any custom patches you make such as exposing additional 
 # ports, or updating timeout values
 systemctl start faasd
 systemctl start faasd-provider
 ```
 You could also perform this task over SSH, or use a configuration management tool.
 > Note: if you are using Caddy or Let's Encrypt for free SSL certificates, that you may hit rate-limits for generating new certificates if you do this too often within a given week.
 ### Memory limits for functions
 Memory limits for functions are supported. When the limit is exceeded the function will be killed.
 Example:
 ```yaml
 functions:
  figlet:
    skip_build: true
    image: functions/figlet:latest
    limits:
      memory: 20Mi
 ```
 ## What does faasd deploy?
 * faasd - itself, and its [faas-provider](https://github.com/openfaas/faas-provider) for containerd - CRUD for functions and services, implements the OpenFaaS REST API
 * [Prometheus](https://github.com/prometheus/prometheus) - for monitoring of services, metrics, scaling and dashboards
@ -58,7 +203,7 @@ Watch the video: [faasd walk-through with cloud-init and Multipass](https://www.
 * [OpenFaaS queue-worker for NATS](https://github.com/openfaas/nats-queue-worker) - run your invocations in the background without adding any code. See also: [asynchronous invocations](https://docs.openfaas.com/reference/triggers/#async-nats-streaming)
 * [NATS](https://nats.io) for asynchronous processing and queues
-faasd relies on industry-standard tools for running containers:
+You'll also need:
 * [CNI](https://github.com/containernetworking/plugins)
 * [containerd](https://github.com/containerd/containerd)
@ -66,86 +211,15 @@ faasd relies on industry-standard tools for running containers:
 You can use the standard [faas-cli](https://github.com/openfaas/faas-cli) along with pre-packaged functions from *the Function Store*, or build your own using any OpenFaaS template.
-### When should you use faasd over OpenFaaS on Kubernetes?
+### Manual / developer instructions
-* To deploy microservices and functions that you can update and monitor remotely
+See [here for manual / developer instructions](docs/DEV.md)
 * When you don't have the bandwidth to learn or manage Kubernetes
 * To deploy embedded apps in IoT and edge use-cases
 * To distribute applications to a customer or client
 * You have a cost sensitive project - run faasd on a 1GB VM for 5-10 USD / mo or on your Raspberry Pi
 * When you just need a few functions or microservices, without the cost of a cluster
-faasd does not create the same maintenance burden you'll find with maintaining, upgrading, and securing a Kubernetes cluster. You can deploy it and walk away, in the worst case, just deploy a new VM and deploy your functions again.
+## Getting help
-You can learn more about supported OpenFaaS features in the [ROADMAP.md](/docs/ROADMAP.md)
+### Docs
-## Learning faasd
+The [OpenFaaS docs](https://docs.openfaas.com/) provide a wealth of information and are kept up to date with new features.
 The faasd project is MIT licensed and open source, and you will find some documentation, blog posts and videos for free.
 However, "Serverless For Everyone Else" is the official handbook and was written to contribute funds towards the upkeep and maintenance of the project.
 ### The official handbook and docs for faasd
 <a href="https://gumroad.com/l/serverless-for-everyone-else">
 <img src="https://www.alexellis.io/serverless.png" width="40%"></a>
 You'll learn how to deploy code in any language, lift and shift Dockerfiles, run requests in queues, write background jobs and to integrate with databases. faasd packages the same code as OpenFaaS, so you get built-in metrics for your HTTP endpoints, a user-friendly CLI, pre-packaged functions and templates from the store and a UI.
 Topics include:
 * Should you deploy to a VPS or Raspberry Pi?
 * Deploying your server with bash, cloud-init or terraform
 * Using a private container registry
 * Finding functions in the store
 * Building your first function with Node.js
 * Using environment variables for configuration
 * Using secrets from functions, and enabling authentication tokens
 * Customising templates
 * Monitoring your functions with Grafana and Prometheus
 * Scheduling invocations and background jobs
 * Tuning timeouts, parallelism, running tasks in the background
 * Adding TLS to faasd and custom domains for functions
 * Self-hosting on your Raspberry Pi
 * Adding a database for storage with InfluxDB and Postgresql
 * Troubleshooting and logs
 * CI/CD with GitHub Actions and multi-arch
 * Taking things further, community and case-studies
 View sample pages, reviews and testimonials on Gumroad:
 ["Serverless For Everyone Else"](https://gumroad.com/l/serverless-for-everyone-else)
 ### Deploy faasd
 The easiest way to deploy faasd is with cloud-init, we give several examples below, and post IaaS platforms will accept "user-data" pasted into their UI, or via their API.
 For trying it out on MacOS or Windows, we recommend using [multipass](https://multipass.run) to run faasd in a VM.
 If you don't use cloud-init, or have already created your Linux server you can use the installation script as per below:
 ```bash
 git clone https://github.com/openfaas/faasd --depth=1
 cd faasd
 ./hack/install.sh
 ```
 > This approach also works for Raspberry Pi
 It's recommended that you do not install Docker on the same host as faasd, since 1) they may both use different versions of containerd and 2) docker's networking rules can disrupt faasd's networking. When using faasd - make your faasd server a faasd server, and build container image on your laptop or in a CI pipeline.
 #### Deployment tutorials
 * [Use multipass on Windows, MacOS or Linux](/docs/MULTIPASS.md)
 * [Deploy to DigitalOcean with Terraform and TLS](https://www.openfaas.com/blog/faasd-tls-terraform/)
 * [Deploy to any IaaS with cloud-init](https://blog.alexellis.io/deploy-serverless-faasd-with-cloud-init/)
 * [Deploy faasd to your Raspberry Pi](https://blog.alexellis.io/faasd-for-lightweight-serverless/)
 Terraform scripts:
 * [Provision faasd on DigitalOcean with Terraform](docs/bootstrap/README.md)
 * [Provision faasd with TLS on DigitalOcean with Terraform](docs/bootstrap/digitalocean-terraform/README.md)
 ### Function and template store
@ -153,19 +227,113 @@ For community functions see `faas-cli store --help`
 For templates built by the community see: `faas-cli template store list`, you can also use the `dockerfile` template if you just want to migrate an existing service without the benefits of using a template.
 ### Training and courses
 #### LinuxFoundation training course
 The founder of faasd and OpenFaaS has written a training course for the LinuxFoundation which also covers how to use OpenFaaS on Kubernetes. Much of the same concepts can be applied to faasd, and the course is free:
 * [Introduction to Serverless on Kubernetes](https://www.edx.org/course/introduction-to-serverless-on-kubernetes)
 #### Community workshop
 [The OpenFaaS workshop](https://github.com/openfaas/workshop/) is a set of 12 self-paced labs and provides a great starting point for learning the features of openfaas. Not all features will be available or usable with faasd.
 ### Community support
-Commercial users and solo business owners should become OpenFaaS GitHub Sponsors to receive regular email updates on changes, tutorials and new features.
+An active community of almost 3000 users awaits you on Slack. Over 250 of those users are also contributors and help maintain the code.
-If you are learning faasd, or want to share your use-case, you can join the OpenFaaS Slack community.
+* [Join Slack](https://slack.openfaas.io/)
-* [Become an OpenFaaS GitHub Sponsor](https://github.com/sponsors/openfaas/)
+## Roadmap
 * [Join the weekly Office Hours call](https://docs.openfaas.com/community/)
-### Backlog, features, design limitations and any known issues
+### Supported operations
-For open backlog items, shipped features, design limitations and any known issues, see [ROADMAP.md](docs/ROADMAP.md)
+* `faas login`
 * `faas up`
 * `faas list`
 * `faas describe`
 * `faas deploy --update=true --replace=false`
 * `faas invoke --async`
 * `faas invoke`
 * `faas rm`
 * `faas store list/deploy/inspect`
 * `faas version`
 * `faas namespace`
 * `faas secret`
 * `faas logs`
-Want to build a patch without setting up a complete development environment? See [docs/PATCHES.md](docs/PATCHES.md)
+Scale from and to zero is also supported. On a Dell XPS with a small, pre-pulled image unpausing an existing task took 0.19s and starting a task for a killed function took 0.39s. There may be further optimizations to be gained.
-Are you looking to hack on faasd? Follow the [developer instructions](docs/DEV.md) for a manual installation, or use the `hack/install.sh` script and pick up from there.
+Other operations are pending development in the provider such as:
 * `faas auth` - supported for Basic Authentication, but SSO, OAuth2 & OIDC may require a patch
 ### Backlog
 Should have:
 * [ ] Resolve core services from functions by populating/sharing `/etc/hosts` between `faasd` and `faasd-provider`
 * [ ] Docs or examples on how to use the various connectors and connector-sdk
 * [ ] Monitor and restart any of the core components at runtime if the container stops
 * [ ] Asynchronous deletion instead of synchronous
 Nice to Have:
 * [ ] Total memory limits - if a node has 1GB of RAM, don't allow more than 1000MB of RAM to be reserved via limits
 * [ ] Offer live rolling-updates, with zero downtime - requires moving to IDs vs. names for function containers
 * [ ] Multiple replicas per function
 ### Known-issues
 #### Non 200 HTTP status code upon first use
 This issue appears to happen sporadically and only for some users.
 If you get a non 200 HTTP code from the gateway, or caddy after installing faasd, check the logs of faasd:
 ```bash
 sudo journalctl -t faasd
 ```
 If you see the following error:
 ```
 unable to dial to 10.62.0.5:8080, error: dial tcp 10.62.0.5:8080: connect: no route to host
 ```
 Restart the faasd service with:
 ```bash
 sudo systemctl restart faasd
 ```
 ### Completed
 * [x] Provide a cloud-init configuration for faasd bootstrap
 * [x] Configure core services from a docker-compose.yaml file
 * [x] Store and fetch logs from the journal
 * [x] Add support for using container images in third-party public registries
 * [x] Add support for using container images in private third-party registries
 * [x] Provide a cloud-config.txt file for automated deployments of `faasd`
 * [x] Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via `/etc/hosts` mount
 * [x] Add queue-worker and NATS
 * [x] Create faasd.service and faasd-provider.service
 * [x] Self-install / create systemd service via `faasd install`
 * [x] Restart containers upon restart of faasd
 * [x] Clear / remove containers and tasks with SIGTERM / SIGINT
 * [x] Determine armhf/arm64 containers to run for gateway
 * [x] Configure `basic_auth` to protect the OpenFaaS gateway and faasd-provider HTTP API
 * [x] Setup custom working directory for faasd `/var/lib/faasd/`
 * [x] Use CNI to create network namespaces and adapters
 * [x] Optionally expose core services from the docker-compose.yaml file, locally or to all adapters.
 * [x] ~~[containerd can't pull image from Github Docker Package Registry](https://github.com/containerd/containerd/issues/3291)~~ ghcr.io support
 * [x] Provide [simple Caddyfile example](https://blog.alexellis.io/https-inlets-local-endpoints/) in the README showing how to expose the faasd proxy on port 80/443 with TLS
 * [x] Annotation support
 * [x] Hard memory limits for functions
 * [x] Terraform for DigitalOcean
 * [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
 * [x] An installer for faasd and dependencies - runc, containerd
 WIP:
 * [ ] Terraform for AWS
--- a/cloud-config.txt
+++ b/cloud-config.txt
@ -7,10 +7,19 @@ package_update: true
 packages:
 - runc
 - git
 runcmd:
- curl -sfL https://raw.githubusercontent.com/openfaas/faasd/master/hack/install.sh | bash -s -
+- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.5/containerd-1.3.5-linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
 - curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.5/containerd.service | tee /etc/systemd/system/containerd.service
 - systemctl daemon-reload && systemctl start containerd
 - systemctl enable containerd
 - /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 - mkdir -p /opt/cni/bin
 - curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
 - mkdir -p /go/src/github.com/openfaas/
 - cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
 - curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager
 - systemctl status -l faasd-provider --no-pager
--- a/cmd/install.go
+++ b/cmd/install.go
@ -93,11 +93,8 @@ func runInstall(_ *cobra.Command, _ []string) error {
 		return err
 	}
-	fmt.Println(`Check status with:
+	fmt.Println(`Login with:
-  sudo journalctl -u faasd --lines 100 -f
+  sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s`)
 Login with:
  sudo -E cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s`)
 	return nil
 }
@ -109,16 +106,7 @@ func binExists(folder, name string) error {
 	}
 	return nil
 }
 func ensureSecretsDir(folder string) error {
 	if _, err := os.Stat(folder); err != nil {
 		err = os.MkdirAll(folder, secretDirPermission)
 		if err != nil {
 			return err
 		}
 	}
 	return nil
 }
 func ensureWorkingDir(folder string) error {
 	if _, err := os.Stat(folder); err != nil {
 		err = os.MkdirAll(folder, workingDirectoryPermission)
--- a/cmd/provider.go
+++ b/cmd/provider.go
@ -1,8 +1,8 @@
 package cmd
 import (
 	"encoding/json"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"log"
 	"net/http"
@ -14,7 +14,6 @@ import (
 	"github.com/openfaas/faas-provider/logs"
 	"github.com/openfaas/faas-provider/proxy"
 	"github.com/openfaas/faas-provider/types"
 	faasd "github.com/openfaas/faasd/pkg"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 	faasdlogs "github.com/openfaas/faasd/pkg/logs"
 	"github.com/openfaas/faasd/pkg/provider/config"
@ -22,8 +21,6 @@ import (
 	"github.com/spf13/cobra"
 )
 const secretDirPermission = 0755
 func makeProviderCmd() *cobra.Command {
 	var command = &cobra.Command{
 		Use:   "provider",
@ -32,149 +29,88 @@ func makeProviderCmd() *cobra.Command {
 	command.Flags().String("pull-policy", "Always", `Set to "Always" to force a pull of images upon deployment, or "IfNotPresent" to try to use a cached image.`)
-	command.RunE = runProviderE
+	command.RunE = func(_ *cobra.Command, _ []string) error {
 		pullPolicy, flagErr := command.Flags().GetString("pull-policy")
 		if flagErr != nil {
 			return flagErr
 		}
 		alwaysPull := false
 		if pullPolicy == "Always" {
 			alwaysPull = true
 		}
 		config, providerConfig, err := config.ReadFromEnv(types.OsEnv{})
 		if err != nil {
 			return err
 		}
 		log.Printf("faasd-provider starting..\tService Timeout: %s\n", config.WriteTimeout.String())
 		printVersion()
 		wd, err := os.Getwd()
 		if err != nil {
 			return err
 		}
 		writeHostsErr := ioutil.WriteFile(path.Join(wd, "hosts"),
 			[]byte(`127.0.0.1	localhost`), workingDirectoryPermission)
 		if writeHostsErr != nil {
 			return fmt.Errorf("cannot write hosts file: %s", writeHostsErr)
 		}
 		writeResolvErr := ioutil.WriteFile(path.Join(wd, "resolv.conf"),
 			[]byte(`nameserver 8.8.8.8`), workingDirectoryPermission)
 		if writeResolvErr != nil {
 			return fmt.Errorf("cannot write resolv.conf file: %s", writeResolvErr)
 		}
 		cni, err := cninetwork.InitNetwork()
 		if err != nil {
 			return err
 		}
 		client, err := containerd.New(providerConfig.Sock)
 		if err != nil {
 			return err
 		}
 		defer client.Close()
 		invokeResolver := handlers.NewInvokeResolver(client)
 		userSecretPath := path.Join(wd, "secrets")
 		bootstrapHandlers := types.FaaSHandlers{
 			FunctionProxy:        proxy.NewHandlerFunc(*config, invokeResolver),
 			DeleteHandler:        handlers.MakeDeleteHandler(client, cni),
 			DeployHandler:        handlers.MakeDeployHandler(client, cni, userSecretPath, alwaysPull),
 			FunctionReader:       handlers.MakeReadHandler(client),
 			ReplicaReader:        handlers.MakeReplicaReaderHandler(client),
 			ReplicaUpdater:       handlers.MakeReplicaUpdateHandler(client, cni),
 			UpdateHandler:        handlers.MakeUpdateHandler(client, cni, userSecretPath, alwaysPull),
 			HealthHandler:        func(w http.ResponseWriter, r *http.Request) {},
 			InfoHandler:          handlers.MakeInfoHandler(Version, GitCommit),
 			ListNamespaceHandler: listNamespaces(),
 			SecretHandler:        handlers.MakeSecretHandler(client, userSecretPath),
 			LogHandler:           logs.NewLogHandlerFunc(faasdlogs.New(), config.ReadTimeout),
 		}
 		log.Printf("Listening on TCP port: %d\n", *config.TCPPort)
 		bootstrap.Serve(&bootstrapHandlers, config)
 		return nil
 	}
 	return command
 }
-func runProviderE(cmd *cobra.Command, _ []string) error {
+func listNamespaces() func(w http.ResponseWriter, r *http.Request) {
-
+	return func(w http.ResponseWriter, r *http.Request) {
-	pullPolicy, flagErr := cmd.Flags().GetString("pull-policy")
+		list := []string{""}
-	if flagErr != nil {
+		out, _ := json.Marshal(list)
-		return flagErr
+		w.Write(out)
 	}
 	alwaysPull := false
 	if pullPolicy == "Always" {
 		alwaysPull = true
 	}
 	config, providerConfig, err := config.ReadFromEnv(types.OsEnv{})
 	if err != nil {
 		return err
 	}
 	log.Printf("faasd-provider starting..\tService Timeout: %s\n", config.WriteTimeout.String())
 	printVersion()
 	wd, err := os.Getwd()
 	if err != nil {
 		return err
 	}
 	writeHostsErr := ioutil.WriteFile(path.Join(wd, "hosts"),
 		[]byte(`127.0.0.1	localhost`), workingDirectoryPermission)
 	if writeHostsErr != nil {
 		return fmt.Errorf("cannot write hosts file: %s", writeHostsErr)
 	}
 	writeResolvErr := ioutil.WriteFile(path.Join(wd, "resolv.conf"),
 		[]byte(`nameserver 8.8.8.8`), workingDirectoryPermission)
 	if writeResolvErr != nil {
 		return fmt.Errorf("cannot write resolv.conf file: %s", writeResolvErr)
 	}
 	cni, err := cninetwork.InitNetwork()
 	if err != nil {
 		return err
 	}
 	client, err := containerd.New(providerConfig.Sock)
 	if err != nil {
 		return err
 	}
 	defer client.Close()
 	invokeResolver := handlers.NewInvokeResolver(client)
 	baseUserSecretsPath := path.Join(wd, "secrets")
 	if err := moveSecretsToDefaultNamespaceSecrets(
 		baseUserSecretsPath,
 		faasd.DefaultFunctionNamespace); err != nil {
 		return err
 	}
 	bootstrapHandlers := types.FaaSHandlers{
 		FunctionProxy:   proxy.NewHandlerFunc(*config, invokeResolver, false),
 		DeleteFunction:  handlers.MakeDeleteHandler(client, cni),
 		DeployFunction:  handlers.MakeDeployHandler(client, cni, baseUserSecretsPath, alwaysPull),
 		FunctionLister:  handlers.MakeReadHandler(client),
 		FunctionStatus:  handlers.MakeReplicaReaderHandler(client),
 		ScaleFunction:   handlers.MakeReplicaUpdateHandler(client, cni),
 		UpdateFunction:  handlers.MakeUpdateHandler(client, cni, baseUserSecretsPath, alwaysPull),
 		Health:          func(w http.ResponseWriter, r *http.Request) {},
 		Info:            handlers.MakeInfoHandler(Version, GitCommit),
 		ListNamespaces:  handlers.MakeNamespacesLister(client),
 		Secrets:         handlers.MakeSecretHandler(client.NamespaceService(), baseUserSecretsPath),
 		Logs:            logs.NewLogHandlerFunc(faasdlogs.New(), config.ReadTimeout),
 		MutateNamespace: handlers.MakeMutateNamespace(client),
 	}
 	log.Printf("Listening on: 0.0.0.0:%d\n", *config.TCPPort)
 	bootstrap.Serve(cmd.Context(), &bootstrapHandlers, config)
 	return nil
 }
 /*
 * Mutiple namespace support was added after release 0.13.0
 * Function will help users to migrate on multiple namespace support of faasd
 */
 func moveSecretsToDefaultNamespaceSecrets(baseSecretPath string, defaultNamespace string) error {
 	newSecretPath := path.Join(baseSecretPath, defaultNamespace)
 	err := ensureSecretsDir(newSecretPath)
 	if err != nil {
 		return err
 	}
 	files, err := ioutil.ReadDir(baseSecretPath)
 	if err != nil {
 		return err
 	}
 	for _, f := range files {
 		if !f.IsDir() {
 			newPath := path.Join(newSecretPath, f.Name())
 			// A non-nil error means the file wasn't found in the
 			// destination path
 			if _, err := os.Stat(newPath); err != nil {
 				oldPath := path.Join(baseSecretPath, f.Name())
 				if err := copyFile(oldPath, newPath); err != nil {
 					return err
 				}
 				log.Printf("[Migration] Copied %s to %s", oldPath, newPath)
 			}
 		}
 	}
 	return nil
 }
 func copyFile(src, dst string) error {
 	inputFile, err := os.Open(src)
 	if err != nil {
 		return fmt.Errorf("opening %s failed %w", src, err)
 	}
 	defer inputFile.Close()
 	outputFile, err := os.OpenFile(dst, os.O_CREATE|os.O_WRONLY|os.O_APPEND, secretDirPermission)
 	if err != nil {
 		return fmt.Errorf("opening %s failed %w", dst, err)
 	}
 	defer outputFile.Close()
 	// Changed from os.Rename due to issue in #201
 	if _, err := io.Copy(outputFile, inputFile); err != nil {
 		return fmt.Errorf("writing into %s failed %w", outputFile.Name(), err)
 	}
 	return nil
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@ -46,12 +46,7 @@ var rootCommand = &cobra.Command{
 	Use:   "faasd",
 	Short: "Start faasd",
 	Long: `
-faasd - Serverless For Everyone Else
+faasd - serverless without Kubernetes
 Learn how to build, secure, and monitor functions with faasd with 
 the eBook:
 https://gumroad.com/l/serverless-for-everyone-else
 `,
 	RunE:         runRootCommand,
 	SilenceUsage: true,
--- a/cmd/up.go
+++ b/cmd/up.go
@ -16,7 +16,6 @@ import (
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 	units "github.com/docker/go-units"
 	"github.com/openfaas/faasd/pkg"
 )
@ -69,7 +68,7 @@ func runUp(cmd *cobra.Command, _ []string) error {
 		return err
 	}
-	log.Printf("Supervisor created in: %s\n", units.HumanDuration(time.Since(start)))
+	log.Printf("Supervisor created in: %s\n", time.Since(start).String())
 	start = time.Now()
 	if err := supervisor.Start(services); err != nil {
@ -77,7 +76,7 @@ func runUp(cmd *cobra.Command, _ []string) error {
 	}
 	defer supervisor.Close()
-	log.Printf("Supervisor init done in: %s\n", units.HumanDuration(time.Since(start)))
+	log.Printf("Supervisor init done in: %s\n", time.Since(start).String())
 	shutdownTimeout := time.Second * 1
 	timeout := time.Second * 60
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,45 +1,47 @@
 version: "3.7"
 services:
  basic-auth-plugin:
    image: "docker.io/openfaas/basic-auth-plugin:0.18.18${ARCH_SUFFIX}"
    environment:
      - port=8080
      - secret_mount_path=/run/secrets
      - user_filename=basic-auth-user
      - pass_filename=basic-auth-password
    volumes:
      # we assume cwd == /var/lib/faasd
      - type: bind
        source: ./secrets/basic-auth-password
        target: /run/secrets/basic-auth-password
      - type: bind
        source: ./secrets/basic-auth-user
        target: /run/secrets/basic-auth-user
    cap_add:
      - CAP_NET_RAW
  nats:
-    image: docker.io/library/nats-streaming:0.25.6
+    image: docker.io/library/nats-streaming:0.11.2
 # nobody
    user: "65534"
    command:
      - "/nats-streaming-server"
      - "-m"
      - "8222"
-      - "--store=file"
+      - "--store=memory"
      - "--dir=/nats"
      - "--cluster_id=faas-cluster"
    volumes:
 # Data directory
      - type: bind
        source: ./nats
        target: /nats
    # ports:
    #    - "127.0.0.1:8222:8222"
  prometheus:
-    image: docker.io/prom/prometheus:v2.48.1
+    image: docker.io/prom/prometheus:v2.14.0
 # nobody
    user: "65534"
    volumes:
 # Config directory
      - type: bind
        source: ./prometheus.yml
        target: /etc/prometheus/prometheus.yml
 # Data directory
      - type: bind
        source: ./prometheus
        target: /prometheus
    cap_add:
      - CAP_NET_RAW
    ports:
       - "127.0.0.1:9090:9090"
  gateway:
-    image: ghcr.io/openfaas/gateway:0.27.3
+    image: "docker.io/openfaas/gateway:0.19.1${ARCH_SUFFIX}"
    environment:
      - basic_auth=true
      - functions_provider_url=http://faasd-provider:8081/
@ -49,9 +51,10 @@ services:
      - upstream_timeout=65s
      - faas_nats_address=nats
      - faas_nats_port=4222
      - auth_proxy_url=http://basic-auth-plugin:8080/validate
      - auth_proxy_pass_body=false
      - secret_mount_path=/run/secrets
      - scale_from_zero=true
      - function_namespace=openfaas-fn
    volumes:
      # we assume cwd == /var/lib/faasd
      - type: bind
@ -63,13 +66,14 @@ services:
    cap_add:
      - CAP_NET_RAW
    depends_on:
      - basic-auth-plugin
      - nats
      - prometheus
    ports:
       - "8080:8080"
  queue-worker:
-    image: ghcr.io/openfaas/queue-worker:0.14.1
+    image: docker.io/openfaas/queue-worker:0.11.2
    environment:
      - faas_nats_address=nats
      - faas_nats_port=4222
--- a/docs/DEV.md
+++ b/docs/DEV.md
@ -1,15 +1,9 @@
-## Instructions for building and testing faasd locally
+## Manual installation of faasd for development
 > Note: if you're just wanting to try out faasd, then it's likely that you're on the wrong page. This is a detailed set of instructions for those wanting to contribute or customise faasd. Feel free to go back to the homepage and pick a tutorial instead.
 Do you want to help the community test a pull request?
 See these instructions instead: [Testing patches](/docs/PATCHES.md)
 ### Pre-reqs
 > It's recommended that you do not install Docker on the same host as faasd, since 1) they may both use different versions of containerd and 2) docker's networking rules can disrupt faasd's networking. When using faasd - make your faasd server a faasd server, and build container image on your laptop or in a CI pipeline.
 * Linux
    PC / Cloud - any Linux that containerd works on should be fair game, but faasd is tested with Ubuntu 18.04
@ -20,15 +14,15 @@ See these instructions instead: [Testing patches](/docs/PATCHES.md)
    For Windows users, install [Git Bash](https://git-scm.com/downloads) along with multipass or vagrant. You can also use WSL1 or WSL2 which provides a Linux environment.
-    You will also need [containerd](https://github.com/containerd/containerd) and the [CNI plugins](https://github.com/containernetworking/plugins)
+    You will also need [containerd v1.3.5](https://github.com/containerd/containerd) and the [CNI plugins v0.8.5](https://github.com/containernetworking/plugins)
    [faas-cli](https://github.com/openfaas/faas-cli) is optional, but recommended.
 If you're using multipass, then allocate sufficient resources:
-```bash
+```sh
 multipass launch \
-  --memory 4G \
+  --mem 4G \
  -c 2 \
  -n faasd
@ -38,7 +32,7 @@ multipass shell faasd
 ### Get runc
-```bash
+```sh
 sudo apt update \
  && sudo apt install -qy \
    runc \
@ -62,9 +56,9 @@ curl -sLS https://cli.openfaas.com | sudo sh
 Then run:
-```bash
+```sh
 export ARCH=amd64
-export CNI_VERSION=v0.9.1
+export CNI_VERSION=v0.8.5
 sudo mkdir -p /opt/cni/bin
 curl -sSL https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-${ARCH}-${CNI_VERSION}.tgz | sudo tar -xz -C /opt/cni/bin
@ -87,11 +81,9 @@ You have three options - binaries for PC, binaries for armhf, or build from sour
 * Install containerd `x86_64` only
-
+```sh
-
+export VER=1.3.5
-```bash
+curl -sSL https://github.com/containerd/containerd/releases/download/v$VER/containerd-$VER-linux-amd64.tar.gz > /tmp/containerd.tar.gz \
 export VER=1.7.0
 curl -sSL https://github.com/containerd/containerd/releases/download/v$VER/containerd-$VER-linux-amd64.tar.gz -o /tmp/containerd.tar.gz \
  && sudo tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
 containerd -version
@ -101,22 +93,20 @@ containerd -version
    Building `containerd` on armhf is extremely slow, so I've provided binaries for you.
-    ```bash
+    ```sh
-    export VER=1.7.0
+    curl -sSL https://github.com/alexellis/containerd-armhf/releases/download/v1.3.5/containerd.tgz | sudo tar -xvz --strip-components=2 -C /usr/local/bin/
    curl -sSL https://github.com/alexellis/containerd-armhf/releases/download/v$VER/containerd-$VER-linux-armhf.tar.gz
 | sudo tar -xvz --strip-components=2 -C /usr/local/bin/
    ```
 * Or clone / build / install [containerd](https://github.com/containerd/containerd) from source:
-    ```bash
+    ```sh
    export GOPATH=$HOME/go/
    mkdir -p $GOPATH/src/github.com/containerd
    cd $GOPATH/src/github.com/containerd
    git clone https://github.com/containerd/containerd
    cd containerd
    git fetch origin --tags
-    git checkout v1.7.0
+    git checkout v1.3.5
    make
    sudo make install
@ -126,8 +116,8 @@ containerd -version
 #### Ensure containerd is running
-```bash
+```sh
-curl -sLS https://raw.githubusercontent.com/containerd/containerd/v1.7.0/containerd.service > /tmp/containerd.service
+curl -sLS https://raw.githubusercontent.com/containerd/containerd/v1.3.5/containerd.service > /tmp/containerd.service
 # Extend the timeouts for low-performance VMs
 echo "[Manager]" | tee -a /tmp/containerd.service
@ -142,7 +132,7 @@ sudo systemctl restart containerd
 Or run ad-hoc. This step can be useful for exploring why containerd might fail to start.
-```bash
+```sh
 sudo containerd &
 ```
@ -150,13 +140,13 @@ sudo containerd &
 > This is required to allow containers in containerd to access the Internet via your computer's primary network interface.
-```bash
+```sh
 sudo /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 ```
 Make the setting permanent:
-```bash
+```sh
 echo "net.ipv4.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
 ```
@ -164,7 +154,7 @@ echo "net.ipv4.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
 #### Get build packages
-```bash
+```sh
 sudo apt update \
  && sudo apt install -qy \
    runc \
@ -176,8 +166,8 @@ You may find alternative package names for CentOS and other Linux distributions.
 #### Install Go 1.13 (x86_64)
-```bash
+```sh
-curl -SLf https://golang.org/dl/go1.16.linux-amd64.tar.gz > /tmp/go.tgz
+curl -sSLf https://dl.google.com/go/go1.13.6.linux-amd64.tar.gz > /tmp/go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
 sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
@ -190,15 +180,15 @@ go version
 You should also add the following to `~/.bash_profile`:
-```bash
+```sh
 echo "export GOPATH=\$HOME/go/" | tee -a $HOME/.bash_profile
 echo "export PATH=\$PATH:/usr/local/go/bin/" | tee -a $HOME/.bash_profile
 ```
 #### Or on Raspberry Pi (armhf)
-```bash
+```sh
-curl -SLsf https://golang.org/dl/go1.16.linux-armv6l.tar.gz > go.tgz
+curl -SLsf https://dl.google.com/go/go1.13.6.linux-armv6l.tar.gz > go.tgz
 sudo rm -rf /usr/local/go/
 sudo mkdir -p /usr/local/go/
 sudo tar -xvf go.tgz -C /usr/local/go/ --strip-components=1
@ -211,7 +201,7 @@ go version
 #### Clone faasd and its systemd unit files
-```bash
+```sh
 mkdir -p $GOPATH/src/github.com/openfaas/
 cd $GOPATH/src/github.com/openfaas/
 git clone https://github.com/openfaas/faasd
@ -219,7 +209,7 @@ git clone https://github.com/openfaas/faasd
 #### Build `faasd` from source (optional)
-```bash
+```sh
 cd $GOPATH/src/github.com/openfaas/faasd
 cd faasd
 make local
@ -230,7 +220,7 @@ sudo cp bin/faasd /usr/local/bin
 #### Or, download and run `faasd` (binaries)
-```bash
+```sh
 # For x86_64
 export SUFFIX=""
@ -241,7 +231,7 @@ export SUFFIX="-armhf"
 export SUFFIX="-arm64"
 # Then download
-curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.16.2/faasd$SUFFIX" \
+curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd$SUFFIX" \
    -o "/tmp/faasd" \
    && chmod +x "/tmp/faasd" 
 sudo mv /tmp/faasd /usr/local/bin/
@ -251,26 +241,26 @@ sudo mv /tmp/faasd /usr/local/bin/
 This step installs faasd as a systemd unit file, creates files in `/var/lib/faasd`, and writes out networking configuration for the CNI bridge networking plugin.
-```bash
+```sh
 sudo faasd install
 2020/02/17 17:38:06 Writing to: "/var/lib/faasd/secrets/basic-auth-password"
 2020/02/17 17:38:06 Writing to: "/var/lib/faasd/secrets/basic-auth-user"
 Login with:
-  sudo -E cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
+  sudo cat /var/lib/faasd/secrets/basic-auth-password | faas-cli login -s
 ```
 You can now log in either from this machine or a remote machine using the OpenFaaS UI, or CLI.
 Check that faasd is ready:
-```bash
+```
 sudo journalctl -u faasd
 ```
 You should see output like:
-```bash
+```
 Feb 17 17:46:35 gold-survive faasd[4140]: 2020/02/17 17:46:35 Starting faasd proxy on 8080
 Feb 17 17:46:35 gold-survive faasd[4140]: Gateway: 10.62.0.5:8080
 Feb 17 17:46:35 gold-survive faasd[4140]: 2020/02/17 17:46:35 [proxy] Wait for done
@ -279,7 +269,7 @@ Feb 17 17:46:35 gold-survive faasd[4140]: 2020/02/17 17:46:35 [proxy] Begin list
 To get the CLI for the command above run:
-```bash
+```sh
 curl -sSLf https://cli.openfaas.com | sudo sh
 ```
@ -335,7 +325,7 @@ faasd provider
 Look in `hosts` in the current working folder or in `/var/lib/faasd/` to get the IP for the gateway or Prometheus
-```bash
+```sh
 127.0.0.1      localhost
 10.62.0.1      faasd-provider
@ -365,31 +355,3 @@ The default Basic Auth username is `admin`, which is written to `/var/lib/faasd/
 * `faasd install` - install faasd and containerd with systemd, this must be run from `$GOPATH/src/github.com/openfaas/faasd`
 * `journalctl -u faasd -f` - faasd service logs
 * `journalctl -u faasd-provider -f` - faasd-provider service logs
 #### Uninstall
 * Stop faasd and faasd-provider
 ```
 sudo systemctl stop faasd
 sudo systemctl stop faasd-provider
 sudo systemctl stop containerd
 ```
 * Remove faasd from machine
 ```
 sudo systemctl disable faasd
 sudo systemctl disable faasd-provider
 sudo systemctl disable containerd
 sudo rm -rf /usr/local/bin/faasd
 sudo rm -rf /var/lib/faasd
 sudo rm -rf /usr/lib/systemd/system/faasd-provider.service
 sudo rm -rf /usr/lib/systemd/system/faasd.service
 sudo rm -rf /usr/lib/systemd/system/containerd
 sudo systemctl daemon-reload
 ```
 * Remove additional dependencies. Be cautious as other software will be dependent on these.
 ```
 sudo apt-get remove runc bridge-utils
 sudo rm -rf /opt/cni/bin
 ```
--- a/docs/MULTIPASS.md
+++ b/docs/MULTIPASS.md
@ -27,112 +27,111 @@ It took me about 2-3 minutes to run through everything after installing multipas
 * Get my cloud-config.txt file
-    ```sh
+```sh
-    curl -sSLO https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
+curl -sSLO https://raw.githubusercontent.com/openfaas/faasd/master/cloud-config.txt
-    ```
+```
-* Boot the VM 
+* Update the SSH key to match your own, edit `cloud-config.txt`:
-    The `cloud-config.txt` contains an ssh key to allow your local machine to access the VM. However, this must be updated with your local ssh key. 
+Replace the 2nd line with the contents of `~/.ssh/id_rsa.pub`:
    This command will update the key with your local public key value and start the VM.
-    ```sh
+```
-    sed "s/ssh-rsa.*/$(cat $HOME/.ssh/id_*.pub)/" cloud-config.txt | multipass launch --name faasd --cloud-init -
+ssh_authorized_keys:
-    ```
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Q/aUYUr3P1XKVucnO9mlWxOjJm+K01lHJR90MkHC9zbfTqlp8P7C3J26zKAuzHXOeF+VFxETRr6YedQKW9zp5oP7sN+F2gr/pO7GV3VmOqHMV7uKfyUQfq7H1aVzLfCcI7FwN2Zekv3yB7kj35pbsMa1Za58aF6oHRctZU6UWgXXbRxP+B04DoVU7jTstQ4GMoOCaqYhgPHyjEAS3DW0kkPW6HzsvJHkxvVcVlZ/wNJa1Ie/yGpzOzWIN0Ol0t2QT/RSWOhfzO1A2P0XbPuZ04NmriBonO9zR7T1fMNmmtTuK7WazKjQT3inmYRAqU6pe8wfX8WIWNV7OowUjUsv alex@alexr.local
 ```
-    This can also be done manually, just replace the 2nd line of the `cloud-config.txt` with the contents of your public ssh key, usually either `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub`
+* Boot the VM
-    ```
+```sh
-    ssh_authorized_keys:
+multipass launch --cloud-init cloud-config.txt  --name faasd
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Q/aUYUr3P1XKVucnO9mlWxOjJm+K01lHJR90MkHC9zbfTqlp8P7C3J26zKAuzHXOeF+VFxETRr6YedQKW9zp5oP7sN+F2gr/pO7GV3VmOqHMV7uKfyUQfq7H1aVzLfCcI7FwN2Zekv3yB7kj35pbsMa1Za58aF6oHRctZU6UWgXXbRxP+B04DoVU7jTstQ4GMoOCaqYhgPHyjEAS3DW0kkPW6HzsvJHkxvVcVlZ/wNJa1Ie/yGpzOzWIN0Ol0t2QT/RSWOhfzO1A2P0XbPuZ04NmriBonO9zR7T1fMNmmtTuK7WazKjQT3inmYRAqU6pe8wfX8WIWNV7OowUjUsv alex@alexr.local
+```
    ```
 * Get the VM's IP and connect with `ssh`
-    ```sh
+```sh
-    multipass info faasd
+multipass info faasd
-    Name:           faasd
+Name:           faasd
-    State:          Running
+State:          Running
-    IPv4:           192.168.64.14
+IPv4:           192.168.64.14
-    Release:        Ubuntu 18.04.3 LTS
+Release:        Ubuntu 18.04.3 LTS
-    Image hash:     a720c34066dc (Ubuntu 18.04 LTS)
+Image hash:     a720c34066dc (Ubuntu 18.04 LTS)
-    Load:           0.79 0.19 0.06
+Load:           0.79 0.19 0.06
-    Disk usage:     1.1G out of 4.7G
+Disk usage:     1.1G out of 4.7G
-    Memory usage:   145.6M out of 985.7M
+Memory usage:   145.6M out of 985.7M
-    ```
+```
-    Set the variable `IP`:
+Set the variable `IP`:
-    ```
+```
-    export IP="192.168.64.14"
+export IP="192.168.64.14"
-    ```
+```
-    You can also try to use `jq` to get the IP into a variable:
+You can also try to use `jq` to get the IP into a variable:
-    ```sh
+```sh
-    export IP=$(multipass info faasd --format json| jq -r '.info.faasd.ipv4[0]')
+export IP=$(multipass info faasd --format json| jq '.info.faasd.ipv4[0]' | tr -d '\"')
-    ```
+```
-    Connect to the IP listed:
+Connect to the IP listed:
-    ```sh
+```sh
-    ssh ubuntu@$IP
+ssh ubuntu@$IP
-    ```
+```
-    Log out once you know it works.
+Log out once you know it works.
 * Let's capture the authentication password into a file for use with `faas-cli`
-    ```
+```
-    ssh ubuntu@$IP "sudo cat /var/lib/faasd/secrets/basic-auth-password" > basic-auth-password
+ssh ubuntu@$IP "sudo cat /var/lib/faasd/secrets/basic-auth-password" > basic-auth-password
-    ```
+```
 ## Try faasd (OpenFaaS)
 * Login from your laptop (the host)
-    ```
+```
-    export OPENFAAS_URL=http://$IP:8080
+export OPENFAAS_URL=http://$IP:8080
-    cat basic-auth-password | faas-cli login -s
+cat basic-auth-password | faas-cli login -s
-    ```
+```
 * Deploy a function and invoke it
-    ```
+```
-    faas-cli store deploy figlet --env write_timeout=1s
+faas-cli store deploy figlet --env write_timeout=1s
-    echo "faasd" | faas-cli invoke figlet
+echo "faasd" | faas-cli invoke figlet
-    faas-cli describe figlet
+faas-cli describe figlet
-    # Run async
+# Run async
-    curl -i -d "faasd-async" $OPENFAAS_URL/async-function/figlet
+curl -i -d "faasd-async" $OPENFAAS_URL/async-function/figlet
-    # Run async with a callback
+# Run async with a callback
-    curl -i -d "faasd-async" -H "X-Callback-Url: http://some-request-bin.com/path" $OPENFAAS_URL/async-function/figlet
+curl -i -d "faasd-async" -H "X-Callback-Url: http://some-request-bin.com/path" $OPENFAAS_URL/async-function/figlet
-    ```
+```
-    You can also checkout the other store functions: `faas-cli store list`
+You can also checkout the other store functions: `faas-cli store list`
 * Try the UI
-    Head over to the UI from your laptop and remember that your password is in the `basic-auth-password` file. The username is `admin`:
+Head over to the UI from your laptop and remember that your password is in the `basic-auth-password` file. The username is `admin.:
-    ```
+```
-    echo http://$IP:8080
+echo http://$IP:8080
-    ```
+```
 * Stop/start the instance
-    ```sh
+```sh
-    multipass stop faasd
+multipass stop faasd
-    ```
+```
 * Delete, if you want to:
-    ```
+```
-    multipass delete --purge faasd
+multipass delete --purge faasd
-    ```
+```
 You now have a faasd appliance on your Mac. You can also use this cloud-init file with public cloud like AWS or DigitalOcean.
--- a/docs/PATCHES.md
+++ b/docs/PATCHES.md
@ -1,88 +0,0 @@
 ## Instructions for testing a patch for faasd
 ### Launch a virtual machine
 You can use any kind of Linux virtual machine, Ubuntu 20.04 is recommended.
 Launch a cloud VM or use [Multipass](https://multipass.run), which is free to use an can be run locally. A Raspberry Pi 3 or 4 could also be used, but will need you to run `make dist` to cross compile a valid binary.
 ### Copy over your SSH key
 Your SSH key will be used, so that you can copy a new faasd binary over to the host.
 ```bash
 multipass launch \
  --memory 4G \
  -c 2 \
  -n faasd
 # Then access its shell
 multipass shell faasd
 # Edit .ssh/authorized_keys
 # Add .ssh/id_rsa.pub from your host and save the file
 ```
 ### Install faasd on the VM
 You start off with the upstream version of faasd on the host, then add the new version over the top later on.
 ```bash
 cd /tmp/
 git clone https://github.com/openfaas/faasd --depth=1
 cd faasd/hack
 ./install.sh
 # Run the login command given to you at the end of the script
 ```
 Get the multipass IP address:
 ```bash
 export IP=$(multipass info faasd --format json| jq -r '.info.faasd.ipv4[0]')
 ```
 ### Build a new faasd binary with the patch
 Check out faasd on your local computer
 ```bash
 git clone https://github.com/openfaas/faasd
 cd faasd
 gh pr checkout #PR_NUMBER_HERE
 GOOS=linux go build
 # You can also run "make dist" which is slower, but includes
 # a version and binaries for other platforms such as the Raspberry Pi
 ```
 ### Copy it over to the VM
 Now build a new faasd binary and copy it to the VM:
 ```bash
 scp faasd ubuntu@$IP:~/
 ```
 Now deploy the new version on the VM:
 ```bash
 killall -9 faasd-linux; killall -9 faasd-linux ; mv ./faasd-linux /usr/local/bin/faasd
 ```
 ### Check it worked and test that patch
 Now run a command with `faas-cli` such as:
 * `faas-cli list`
 * `faas-cli version`
 See the testing instructions on the PR and run through those steps.
 Post your results on GitHub to assist the creator of the pull request.
 You can see how to get the logs for various components using the [eBook Serverless For Everyone Else](https://gumroad.com/l/serverless-for-everyone-else), or by consulting the [DEV.md](/docs/DEV.md) guide.
--- a/docs/README.md
+++ b/docs/README.md
@ -1,7 +0,0 @@
 # Documentation
 - [Develop faasd](./DEV.md) - Instructions for building and testing faasd locally
 - [Testing faasd](./PATCHES.md) - Instructions for testing a patch for faasd
 - [Roadmap](./ROADMAP.md) - Overview of features, backlog and known issues
 - [Run faasd with multipass](./MULTIPASS.md) - Tutorial on how to run faasd on a local multipass VM
 - [Terraform modules](./TERRAFORM.md) - A collection of official and community provided terraform modules for faasd
--- a/docs/ROADMAP.md
+++ b/docs/ROADMAP.md
@ -1,151 +0,0 @@
 # faasd backlog and features
 It's important to understand the vision for faasd vs OpenFaaS CE/Pro.
 faasd is a single-node implementation of OpenFaaS.
 It is supposed to be a lightweight, low-overhead, way to deploy OpenFaaS functions for functions which do not need planet-scale.
 It is not supposed to have multiple replicas, clustering, HA, or auto-scaling.
 [Learn when to use faasd](https://docs.openfaas.com/deployment/)
 ## Supported operations
 * `faas-cli login`
 * `faas-cli up`
 * `faas-cli list`
 * `faas-cli describe`
 * `faas-cli deploy --update=true --replace=false`
 * `faas-cli invoke --async`
 * `faas-cli invoke`
 * `faas-cli rm`
 * `faas-cli store list/deploy/inspect`
 * `faas-cli version`
 * `faas-cli namespace`
 * `faas-cli secret`
 * `faas-cli logs`
 * `faas-cli auth` - supported for Basic Authentication and OpenFaaS Pro with OIDC and Single-sign On.
 The OpenFaaS REST API is supported by faasd, learn more in the [manual](https://store.openfaas.com/l/serverless-for-everyone-else) under "Can I get an API with that?"
 ## Constraints vs OpenFaaS on Kubernetes
 faasd suits certain use-cases as mentioned in the [README.md](/README.md) file, for those who want a solution which can scale out horizontally with minimum effort, Kubernetes or K3s is a valid option.
 Which is right for you? [Read a comparison in the OpenFaaS docs](https://docs.openfaas.com/deployment/)
 ### One replica per function
 Functions only support one replica for each function, so that means horizontal scaling is not available.
 It can scale vertically, and this may be a suitable alternative for many use-cases. See the [YAML reference for how to configure limits](https://docs.openfaas.com/reference/yaml/).
 Workaround: deploy multiple, dynamically named functions `scraper-1`, `scraper-2`, `scraper-3` and set up a reverse proxy rule to load balance i.e. `scraper.example.com => [/function/scraper-1, /function/scraper-2, /function/scraper-3]`.
 ### Scale from zero may give a non-200
 faasd itself does not implement a health check to determine if a function is ready for traffic. Since faasd doesn't support auto-scaling, this is unlikely to affect you.
 Workaround: Have your client retry HTTP calls, or don't scale to zero.
 ### Leaf-node only - no clustering
 faasd is operates on a leaf-node/single-node model. If this is an issue for you, but you have resource constraints, you will need to use [OpenFaaS CE or Pro on Kubernetes](https://docs.openfaas.com/deployment/).
 There are no plans to add any form of clustering or multi-node support to faasd.
 See past discussion at: [HA / resilience in faasd #225](https://github.com/openfaas/faasd/issues/225)
 What about HA and fault tolerance?
 To achieve fault tolerance, you could put two faasd instances behind a load balancer or proxy, but you will need to deploy the same set of functions to each.
 An alternative would be to take regular VM backups or snapshots.
 ### No rolling updates are available today
 When running `faas-cli deploy`, your old function is removed before the new one is started. This may cause a period of downtime, depending on the timeouts and grace periods you set.
 Workaround: deploy uniquely named functions i.e. `scraper-1` and `scraper-2` with a reverse proxy rule that maps `/function/scraper` to the active version.
 ## Known issues
 ### Troubleshooting
 There is a very detailed chapter on troubleshooting in the eBook [Serverless For Everyone Else](https://store.openfaas.com/l/serverless-for-everyone-else)
 ### Your function timed-out at 60 seconds
 This is no longer an issue, see the manual for how to configure a longer timeout, updated 3rd October 2022.
 ### Non 200 HTTP status from the gateway upon reboot
 This issue appears to happen sporadically and only for some users.
 If you get a non 200 HTTP code from the gateway, or caddy after installing faasd, check the logs of faasd:
 ```bash
 sudo journalctl -u faasd
 ```
 If you see the following error:
 ```
 unable to dial to 10.62.0.5:8080, error: dial tcp 10.62.0.5:8080: connect: no route to host
 ```
 Restart the faasd service with:
 ```bash
 sudo systemctl restart faasd
 ```
 ## Backlog
 Should have:
 * [ ] Restart any of the containers in docker-compose.yaml if they crash.
 * [ ] Asynchronous function deployment and deletion (currently synchronous/blocking)
 Nice to Have:
 * [ ] Live rolling-updates, with zero downtime (may require using IDs instead of names for function containers)
 * [ ] Apply a total memory limit for the host (if a node has 1GB of RAM, don't allow more than 1GB of RAM to be specified in the limits field)
 * [ ] Terraform for AWS EC2
 Won't have:
 * [ ] Clustering
 * [ ] Multiple replicas per function
 ### Completed
 * [x] Docs or examples on how to use the various event connectors (Yes in the eBook)
 * [x] Resolve core services from functions by populating/sharing `/etc/hosts` between `faasd` and `faasd-provider`
 * [x] Provide a cloud-init configuration for faasd bootstrap
 * [x] Configure core services from a docker-compose.yaml file
 * [x] Store and fetch logs from the journal
 * [x] Add support for using container images in third-party public registries
 * [x] Add support for using container images in private third-party registries
 * [x] Provide a cloud-config.txt file for automated deployments of `faasd`
 * [x] Inject / manage IPs between core components for service to service communication - i.e. so Prometheus can scrape the OpenFaaS gateway - done via `/etc/hosts` mount
 * [x] Add queue-worker and NATS
 * [x] Create faasd.service and faasd-provider.service
 * [x] Self-install / create systemd service via `faasd install`
 * [x] Restart containers upon restart of faasd
 * [x] Clear / remove containers and tasks with SIGTERM / SIGINT
 * [x] Determine armhf/arm64 containers to run for gateway
 * [x] Configure `basic_auth` to protect the OpenFaaS gateway and faasd-provider HTTP API
 * [x] Setup custom working directory for faasd `/var/lib/faasd/`
 * [x] Use CNI to create network namespaces and adapters
 * [x] Optionally expose core services from the docker-compose.yaml file, locally or to all adapters.
 * [x] ~~[containerd can't pull image from Github Docker Package Registry](https://github.com/containerd/containerd/issues/3291)~~ ghcr.io support
 * [x] Provide [simple Caddyfile example](https://blog.alexellis.io/https-inlets-local-endpoints/) in the README showing how to expose the faasd proxy on port 80/443 with TLS
 * [x] Annotation support
 * [x] Hard memory limits for functions
 * [x] Terraform for DigitalOcean
 * [x] [Store and retrieve annotations in function spec](https://github.com/openfaas/faasd/pull/86) - in progress
 * [x] An installer for faasd and dependencies - runc, containerd
 * [x] Offer a recommendation or implement a strategy for faasd replication/HA
--- a/docs/TERRAFORM.md
+++ b/docs/TERRAFORM.md
@ -1,14 +0,0 @@
 # Terraform Modules for faasd
 | Terraform Module | Author | Origin | Status |
 |-----------|--------|--------|--------|
 | [faasd on DigitalOcean](https://github.com/openfaas/faasd/tree/master/docs/bootstrap/digitalocean-terraform) | OpenFaaS | Official | Active |
 | [faasd on DigitalOcean](https://github.com/jsiebens/terraform-digitalocean-faasd) | Johan Siebens | Community | Active |
 | [faasd on Google Cloud Platform](https://github.com/jsiebens/terraform-google-faasd) | Johan Siebens | Community | Active |
 | [faasd on Microsoft Azure ](https://github.com/jsiebens/terraform-azurerm-faasd) | Johan Siebens | Community | Active |
 | [faasd on Equinix Metal](https://github.com/jsiebens/terraform-equinix-faasd) | Johan Siebens | Community | Active |
 | [faasd on Scaleway](https://github.com/jsiebens/terraform-scaleway-faasd) | Johan Siebens | Community | Active |
 | [faasd on Amazon Web Services](https://github.com/jsiebens/terraform-aws-faasd) |Johan Siebens | Community | Active |
 | [faasd on Linode](https://github.com/itTrident/terraform-linode-faasd) | itTrident | Community | Active |
 | [faasd on Vultr](https://github.com/itTrident/terraform-vultr-faasd) | itTrident | Community | Active |
 | [faasd on Exoscale](https://github.com/itTrident/terraform-exoscale-faasd) | itTrident | Community | Active |
--- a/docs/bootstrap/.gitignore
+++ b/docs/bootstrap/.gitignore
@ -0,0 +1,3 @@
 /.terraform/
 /terraform.tfstate
 /terraform.tfstate.backup
--- a/docs/bootstrap/README.md
+++ b/docs/bootstrap/README.md
@ -0,0 +1,20 @@
 # Bootstrap faasd on Digitalocean
 1) [Sign up to DigitalOcean](https://www.digitalocean.com/?refcode=2962aa9e56a1&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=CopyPaste)
 2) [Download Terraform](https://www.terraform.io)
 3) Clone this gist using the URL from the address bar
 4) Run `terraform init`
 5) Run `terraform apply -var="do_token=$(cat $HOME/digitalocean-access-token)"`
 6) View the output for the login command and gateway URL i.e.
 ```
 gateway_url = http://178.128.39.201:8080/
 login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj
 password = rvIU49CEcFcHmqxj
 ```
 Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine.
 A single host with 1GB of RAM will be deployed for you, to remove at a later date simply use `terraform destroy`.
 If required, you can remove the VM via `terraform destroy -var="do_token=$(cat $HOME/digitalocean-access-token)"`
--- a/docs/bootstrap/cloud-config.tpl
+++ b/docs/bootstrap/cloud-config.tpl
@ -1,23 +1,26 @@
 #cloud-config
 ssh_authorized_keys:
 ## Note: Replace with your own public key
  - ${ssh_key}
 package_update: true
 packages:
 - runc
 - git
 runcmd:
- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.7.0/containerd-1.7.0-linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
+- curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.5/containerd-1.3.5-linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.7.0/containerd.service | tee /etc/systemd/system/containerd.service
+- curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.5/containerd.service | tee /etc/systemd/system/containerd.service
 - systemctl daemon-reload && systemctl start containerd
 - /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 - mkdir -p /opt/cni/bin
- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz | tar -xz -C /opt/cni/bin
+- curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
 - mkdir -p /go/src/github.com/openfaas/
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.16.2 https://github.com/openfaas/faasd
+- cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.16.2/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
+- curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager
--- a/docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl
+++ b/docs/bootstrap/digitalocean-terraform/.terraform.lock.hcl
@ -1,66 +0,0 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/digitalocean/digitalocean" {
  version     = "2.11.0"
  constraints = "2.11.0"
  hashes = [
    "h1:/qAnTOSP5KeZkF7wqLai34SKAs7aefulcUA3I8R7rRg=",
    "h1:PbXtjUfvxwmkycJ0Y9Dyn66Arrpk5L8/P381SXMx2O0=",
    "h1:lXLX9tmuxV7azTHd0xB0FAVrxyfBtotIz5LEJp8YUk0=",
    "zh:2191adc79bdfdb3b733e0619e4f391ae91c1631c5dafda42dab561d943651fa4",
    "zh:21a4f67e42dcdc10fbd7f8579247594844d09a469a3a54862d565913e4d6121d",
    "zh:557d98325fafcf2db91ea6d92f65373a48c4e995a1a7aeb57009661fee675250",
    "zh:68c0238cafc37433627e288fcd2c7e14f4f0afdd50b4f265d8d1f1addab6f19f",
    "zh:7e6d69720734455eb1c69880f049650276089b7fa09085e130d224abaeec887a",
    "zh:95bd93a696ec050c1cb5e724498fd12b1d69760d01e97c869be3252025691434",
    "zh:b1b075049e33aa08c032f41a497351c9894f16287a4449032d8b805bc6dcb596",
    "zh:ba91aa853372c828f808c09dbab2a5bc9493a7cf93210d1487f9637b2cac8ca4",
    "zh:bc43d27dfe014266697c2ac259f4311300391aa6aa7c5d23e382fe296df938d5",
    "zh:d3a04d2c76bfc1f46a117b1af7870a97353319ee8f924a37fe77861519f59525",
    "zh:d3da997c05a653df6cabb912c6c05ceb6bf77219b699f04daf44fd795c81c6ed",
    "zh:edd0659021b6634acf0f581d1be1985a81fcd1182e3ccb43de6eac6c43be9ab4",
    "zh:f588ace57b6c35d509ecaa7136e6a8049d227b0674104a1f958359b84862d8e3",
    "zh:f894ed195a3b9ebbfa1ba7c5d71be06df3a96d783ff064d22dd693ace34d638e",
    "zh:fb6b0d4b111fafdcb3bb9a7dbab88e2110a6ce6324de64ecf62933ee8b651ccf",
  ]
 }
 provider "registry.terraform.io/hashicorp/random" {
  version = "3.1.0"
  hashes = [
    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
    "h1:EPIax4Ftp2SNdB9pUfoSjxoueDoLc/Ck3EUoeX0Dvsg=",
    "h1:rKYu5ZUbXwrLG1w81k7H3nce/Ys6yAxXhWcbtk36HjY=",
    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
  ]
 }
 provider "registry.terraform.io/hashicorp/template" {
  version = "2.2.0"
  hashes = [
    "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
    "h1:LN84cu+BZpVRvYlCzrbPfCRDaIelSyEx/W9Iwwgbnn4=",
    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
  ]
 }
--- a/docs/bootstrap/digitalocean-terraform/README.md
+++ b/docs/bootstrap/digitalocean-terraform/README.md
@ -27,20 +27,10 @@
 ```
 droplet_ip = 178.128.39.201
 gateway_url = https://faasd.example.com/
-```
+login_cmd = faas-cli login -g https://faasd.example.com/ -p rvIU49CEcFcHmqxj
 8) View the output for sensitive data via `terraform output` command
 ```bash
 terraform output login_cmd
 login_cmd = faas-cli login -g http://178.128.39.201:8080/ -p rvIU49CEcFcHmqxj
 terraform output password
 password = rvIU49CEcFcHmqxj
 ```
-
+8) Use your browser to access the OpenFaaS interface
 9) Use your browser to access the OpenFaaS interface
 Note that the user-data may take a couple of minutes to come up since it will be pulling in various components and preparing the machine. 
 Also take into consideration the DNS propagation time for the new DNS record.
--- a/docs/bootstrap/digitalocean-terraform/cloud-config.tpl
+++ b/docs/bootstrap/digitalocean-terraform/cloud-config.tpl
@ -1,9 +1,57 @@
-#! /bin/bash
+#cloud-config
 ssh_authorized_keys:
  - ${ssh_key}
-mkdir -p /var/lib/faasd/secrets/
+groups:
-echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
+  - caddy
-export FAASD_DOMAIN=${faasd_domain_name}
+users:
-export LETSENCRYPT_EMAIL=${letsencrypt_email}
+  - name: caddy
    gecos: Caddy web server
    primary_group: caddy
    groups: caddy
    shell: /usr/sbin/nologin
    homedir: /var/lib/caddy
-curl -sfL https://raw.githubusercontent.com/openfaas/faasd/master/hack/install.sh | bash -s -
+write_files:
 - content: |
    {
      email ${letsencrypt_email}
    }
    ${faasd_domain_name} {
      reverse_proxy 127.0.0.1:8080
    }
  path: /etc/caddy/Caddyfile
 package_update: true
 packages:
 - runc
 runcmd:
 - curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.5/containerd-1.3.5-linux-amd64.tar.gz > /tmp/containerd.tar.gz && tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/ --strip-components=1
 - curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.5/containerd.service | tee /etc/systemd/system/containerd.service
 - systemctl daemon-reload && systemctl start containerd
 - /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 - mkdir -p /opt/cni/bin
 - curl -sSL https://github.com/containernetworking/plugins/releases/download/v0.8.5/cni-plugins-linux-amd64-v0.8.5.tgz | tar -xz -C /opt/cni/bin
 - mkdir -p /go/src/github.com/openfaas/
 - mkdir -p /var/lib/faasd/secrets/
 - echo ${gw_password} > /var/lib/faasd/secrets/basic-auth-password
 - echo admin > /var/lib/faasd/secrets/basic-auth-user
 - cd /go/src/github.com/openfaas/ && git clone --depth 1 --branch 0.9.10 https://github.com/openfaas/faasd
 - curl -fSLs "https://github.com/openfaas/faasd/releases/download/0.9.10/faasd" --output "/usr/local/bin/faasd" && chmod a+x "/usr/local/bin/faasd"
 - cd /go/src/github.com/openfaas/faasd/ && /usr/local/bin/faasd install
 - systemctl status -l containerd --no-pager
 - journalctl -u faasd-provider --no-pager
 - systemctl status -l faasd-provider --no-pager
 - systemctl status -l faasd --no-pager
 - curl -sSLf https://cli.openfaas.com | sh
 - sleep 5 && journalctl -u faasd --no-pager
 - wget https://github.com/caddyserver/caddy/releases/download/v2.1.1/caddy_2.1.1_linux_amd64.tar.gz -O /tmp/caddy.tar.gz && tar -zxvf /tmp/caddy.tar.gz -C /usr/bin/ caddy
 - wget https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service -O /etc/systemd/system/caddy.service
 - systemctl daemon-reload
 - systemctl enable caddy
 - systemctl start caddy
--- a/docs/bootstrap/digitalocean-terraform/main.tf
+++ b/docs/bootstrap/digitalocean-terraform/main.tf
@ -1,11 +1,5 @@
 terraform {
-  required_version = ">= 1.0.4"
+  required_version = ">= 0.12"
  required_providers {
    digitalocean = {
      source  = "digitalocean/digitalocean"
      version = "2.11.0"
    }
  }
 }
 variable "do_token" {
@ -16,7 +10,7 @@ variable "do_domain" {
 }
 variable "do_subdomain" {
  description = "Your public subdomain"
-  default     = "faasd"
+  default = "faasd"
 }
 variable "letsencrypt_email" {
  description = "Email used to order a certificate from Letsencrypt"
@ -38,44 +32,41 @@ provider "digitalocean" {
  token = var.do_token
 }
 data "local_file" "ssh_key"{
  filename = pathexpand(var.ssh_key_file)
 }
 resource "random_password" "password" {
-  length           = 16
+  length = 16
-  special          = true
+  special = true
  override_special = "_-#"
 }
 data "template_file" "cloud_init" {
-  template = file("cloud-config.tpl")
+  template = "${file("cloud-config.tpl")}"
-  vars = {
+    vars = {
-    gw_password       = random_password.password.result,
+      gw_password=random_password.password.result,
-    faasd_domain_name = "${var.do_subdomain}.${var.do_domain}"
+      ssh_key=data.local_file.ssh_key.content,
-    letsencrypt_email = var.letsencrypt_email
+      faasd_domain_name="${var.do_subdomain}.${var.do_domain}"
-  }
+      letsencrypt_email=var.letsencrypt_email
-}
+    }
 resource "digitalocean_ssh_key" "faasd_ssh_key" {
  name       = "ssh-key"
  public_key = file(var.ssh_key_file)
 }
 resource "digitalocean_droplet" "faasd" {
-  region    = var.do_region
+  region = var.do_region
-  image     = "ubuntu-18-04-x64"
+  image  = "ubuntu-18-04-x64"
-  name      = "faasd"
+  name   = "faasd"
-  size      = "s-1vcpu-1gb"
+  size = "s-1vcpu-1gb"
  user_data = data.template_file.cloud_init.rendered
  ssh_keys = [
    digitalocean_ssh_key.faasd_ssh_key.id
  ]
 }
 resource "digitalocean_record" "faasd" {
  domain = var.do_domain
  type   = "A"
-  name   = var.do_subdomain
+  name   = "faasd"
  value  = digitalocean_droplet.faasd.ipv4_address
  # Only creates record if do_create_record is true
-  count = var.do_create_record == true ? 1 : 0
+  count  = var.do_create_record == true ? 1 : 0
 }
 output "droplet_ip" {
@ -87,11 +78,9 @@ output "gateway_url" {
 }
 output "password" {
-  value     = random_password.password.result
+    value = random_password.password.result
  sensitive = true
 }
 output "login_cmd" {
-  value     = "faas-cli login -g https://${var.do_subdomain}.${var.do_domain}/ -p ${random_password.password.result}"
+  value = "faas-cli login -g https://${var.do_subdomain}.${var.do_domain}/ -p ${random_password.password.result}"
  sensitive = true
 }
--- a/docs/bootstrap/main.tf
+++ b/docs/bootstrap/main.tf
@ -0,0 +1,56 @@
 terraform {
  required_version = ">= 0.12"
 }
 variable "do_token" {}
 variable "ssh_key_file" {
  default     = "~/.ssh/id_rsa.pub"
  description = "Path to the SSH public key file"
 }
 provider "digitalocean" {
  token = var.do_token	
 }
 resource "random_password" "password" {
  length = 16
  special = true
  override_special = "_-#"
 }
 data "local_file" "ssh_key"{
  filename = pathexpand(var.ssh_key_file)
 }
 data "template_file" "cloud_init" {
  template = "${file("cloud-config.tpl")}"
    vars = {
      gw_password=random_password.password.result,
      ssh_key=data.local_file.ssh_key.content,
    }
 }
 resource "digitalocean_droplet" "faasd" {
  region = "lon1"
  image  = "ubuntu-18-04-x64"
  name   = "faasd"
  # Plans: https://developers.digitalocean.com/documentation/changelog/api-v2/new-size-slugs-for-droplet-plan-changes/
  #size   = "512mb"
  size = "s-1vcpu-1gb"
  user_data = data.template_file.cloud_init.rendered
 }
 output "password" {
    value = random_password.password.result
 }
 output "gateway_url" {
  value = "http://${digitalocean_droplet.faasd.ipv4_address}:8080/"
 }
 output "login_cmd" {
  value = "faas-cli login -g http://${digitalocean_droplet.faasd.ipv4_address}:8080/ -p ${random_password.password.result}"
 }
--- a/docs/media/logo.pdf
+++ b/docs/media/logo.pdf
--- a/docs/media/social.png
+++ b/docs/media/social.png
--- a/go.mod
+++ b/go.mod
@ -1,92 +1,50 @@
 module github.com/openfaas/faasd
-go 1.20
+go 1.13
 require (
-	github.com/alexellis/arkade v0.0.0-20231211105357-97fb24a99b88
+	github.com/Microsoft/hcsshim v0.8.7-0.20190820203702-9e921883ac92 // indirect
 	github.com/alexellis/go-execute v0.0.0-20200124154445-8697e4e28c5e
 	github.com/alexellis/k3sup v0.0.0-20200607084134-629c0bc6b50f
 	github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05
-	github.com/containerd/containerd v1.7.0
+	github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327 // indirect
-	github.com/containerd/go-cni v1.1.9
+	github.com/containerd/containerd v1.3.2
 	github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 // indirect
 	github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c // indirect
 	github.com/containerd/go-cni v0.0.0-20200107172653-c154a49e2c75
 	github.com/containerd/ttrpc v1.0.0 // indirect
 	github.com/containerd/typeurl v1.0.0 // indirect
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
-	github.com/docker/cli v24.0.7+incompatible
+	github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d
-	github.com/docker/distribution v2.8.3+incompatible
+	github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible
-	github.com/docker/docker v24.0.7+incompatible // indirect
+	github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible // indirect
-	github.com/docker/go-units v0.5.0
+	github.com/docker/docker-credential-helpers v0.6.3 // indirect
-	github.com/gorilla/mux v1.8.1
+	github.com/docker/go-events v0.0.0-20170721190031-9461782956ad // indirect
 	github.com/gogo/googleapis v1.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 // indirect
 	github.com/gorilla/mux v1.8.0
 	github.com/imdario/mergo v0.3.9 // indirect
 	github.com/morikuni/aec v1.0.0
-	github.com/opencontainers/runtime-spec v1.1.0
+	github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2 // indirect
-	github.com/openfaas/faas-provider v0.25.0
+	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/opencontainers/runc v1.0.0-rc9 // indirect
 	github.com/opencontainers/runtime-spec v1.0.2
 	github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4
 	github.com/openfaas/faas-provider v0.15.3
 	github.com/pkg/errors v0.9.1
-	github.com/sethvargo/go-password v0.2.0
+	github.com/prometheus/procfs v0.2.0 // indirect
-	github.com/spf13/cobra v1.8.0
+	github.com/sethvargo/go-password v0.1.3
 	github.com/spf13/cobra v0.0.5
 	github.com/spf13/pflag v1.0.5
-	github.com/vishvananda/netlink v1.2.1-beta.2
+	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
-	github.com/vishvananda/netns v0.0.4
+	github.com/vishvananda/netlink v1.1.0
-	golang.org/x/sys v0.15.0
+	github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df
 	k8s.io/apimachinery v0.28.4
 )
 require github.com/alexellis/go-execute/v2 v2.2.1
 require (
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.10.0-rc.7 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/ttrpc v1.2.1 // indirect
 	github.com/containerd/typeurl/v2 v2.1.0 // indirect
 	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/imdario/mergo v0.3.14 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/klauspost/compress v1.17.0 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/sys/mountinfo v0.6.2 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
 	github.com/opencontainers/runc v1.1.5 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/prometheus/client_golang v1.17.0 // indirect
 	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
 	github.com/prometheus/common v0.45.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	go.etcd.io/bbolt v1.3.5 // indirect
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
+	go.opencensus.io v0.22.2 // indirect
-	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 // indirect
-	go.opentelemetry.io/otel v1.14.0 // indirect
+	golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5
-	go.opentelemetry.io/otel/trace v1.14.0 // indirect
+	google.golang.org/genproto v0.0.0-20191216205247-b31c10ee225f // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	google.golang.org/grpc v1.23.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
+	k8s.io/apimachinery v0.18.9
 	golang.org/x/sync v0.5.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/tools v0.16.0 // indirect
 	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
 	google.golang.org/grpc v1.56.3 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gotest.tools/v3 v3.0.3 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,397 +1,361 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
 github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
+github.com/Microsoft/hcsshim v0.8.7-0.20190820203702-9e921883ac92 h1:LbNLS5KKzW/L4K2scH5rzTA5MvRWiUfcWv4Qh/6D3wY=
-github.com/Microsoft/hcsshim v0.10.0-rc.7/go.mod h1:ILuwjA+kNW+MrN/w5un7n3mTqkwsFu4Bp05/okFUZlE=
+github.com/Microsoft/hcsshim v0.8.7-0.20190820203702-9e921883ac92/go.mod h1:nvUXb1s75kCTKHWZ1FGlut+PBI9D9EoQHCKcil2Cyps=
-github.com/alexellis/arkade v0.0.0-20231211105357-97fb24a99b88 h1:ZI2jMgy5xt2y2MKc4I7aC5sVk1TgBff9uhAqdb+VTAU=
+github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/alexellis/arkade v0.0.0-20231211105357-97fb24a99b88/go.mod h1:HHBBwwB0pxrVnPya1CB7pb7PuvHGMxmrRXVb3maJ3Zs=
+github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/alexellis/go-execute/v2 v2.2.1 h1:4Ye3jiCKQarstODOEmqDSRCqxMHLkC92Bhse743RdOI=
+github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/alexellis/go-execute/v2 v2.2.1/go.mod h1:FMdRnUTiFAmYXcv23txrp3VYZfLo24nMpiIneWgKHTQ=
+github.com/alexellis/go-execute v0.0.0-20191207085904-961405ea7544/go.mod h1:zfRbgnPVxXCSpiKrg1CE72hNUWInqxExiaz2D9ppTts=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/alexellis/go-execute v0.0.0-20200124154445-8697e4e28c5e h1:0cv4CUENL7e67/ZlNrvExWqa6oKH/9iv0KQn0/+hYaY=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/alexellis/go-execute v0.0.0-20200124154445-8697e4e28c5e/go.mod h1:zfRbgnPVxXCSpiKrg1CE72hNUWInqxExiaz2D9ppTts=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/alexellis/k3sup v0.0.0-20200607084134-629c0bc6b50f h1:GYVsHjM9/lyu0QBfNp1RThZNDrmRJncpSYtaektq9t0=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/alexellis/k3sup v0.0.0-20200607084134-629c0bc6b50f/go.mod h1:slULyLX94hIIP3/eVeZqQAqOwpLYK9Pljr8SfaR2nWI=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
-github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
+github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05 h1:3CoRXflT4IAdIpsFTqZBlLuHOkHYhBvW0iijkQKm4QY=
 github.com/compose-spec/compose-go v0.0.0-20200528042322-36d8ce368e05/go.mod h1:y75QUr1jcR5aFNf3Tj3dhwnujABGz6UaRrZ5qZwF1cc=
-github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
+github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327 h1:7grrpcfCtbZLsjtB0DgMuzs1umsJmpzaHMZ6cO6iAWw=
-github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
+github.com/containerd/cgroups v0.0.0-20201119153540-4cbc285b3327/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE=
-github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
+github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
-github.com/containerd/containerd v1.7.0 h1:G/ZQr3gMZs6ZT0qPUZ15znx5QSdQdASW11nXTLTM2Pg=
+github.com/containerd/containerd v0.0.0-20190214164719-faec567304bb/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/containerd v1.7.0/go.mod h1:QfR7Efgb/6X2BDpTPJRvPTYDE9rsF0FsXX9J8sIs/sc=
+github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
-github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg=
+github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
-github.com/containerd/continuity v0.3.0/go.mod h1:wJEAIwKOm/pBZuBd0JmeTvnLquTB1Ag8espWhkykbPM=
+github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
+github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 h1:tN9D97v5A5QuKdcKHKt+UMKrkQ5YXUnD8iM7IAAjEfI=
-github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
+github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
-github.com/containerd/go-cni v1.1.9 h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU=
+github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM=
+github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c h1:KFbqHhDeaHM7IfFtXHfUHMDaUStpM2YwBR+iJCIOsKk=
-github.com/containerd/ttrpc v1.2.1 h1:VWv/Rzx023TBLv4WQ+9WPXlBG/s3rsRjY3i9AJ2BJdE=
+github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
-github.com/containerd/ttrpc v1.2.1/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak=
+github.com/containerd/go-cni v0.0.0-20200107172653-c154a49e2c75 h1:5Q5C6jDObSVpjeX8CuZ5yac8d/KIYuPzUHbUzdL+NFw=
-github.com/containerd/typeurl/v2 v2.1.0 h1:yNAhJvbNEANt7ck48IlEGOxP7YAp6LLpGn5jZACDNIE=
+github.com/containerd/go-cni v0.0.0-20200107172653-c154a49e2c75/go.mod h1:0mg8r6FCdbxvLDqCXwAx2rO+KA37QICjKL8+wHOG5OE=
-github.com/containerd/typeurl/v2 v2.1.0/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
-github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
+github.com/containerd/ttrpc v0.0.0-20180920185216-2a805f718635/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
-github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
+github.com/containerd/ttrpc v1.0.0 h1:NY8Zk2i7TpkLxrkOASo+KTFq9iNCEmMH2/ZG9OuOw6k=
 github.com/containerd/ttrpc v1.0.0/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/containerd/typeurl v1.0.0 h1:7LMH7LfEmpWeCkGcIputvd4P0Rnd0LrIv1Jk2s5oobs=
 github.com/containerd/typeurl v1.0.0/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/containernetworking/cni v0.7.1 h1:fE3r16wpSEyaqY4Z4oFrLMmIGfBYIKpPrHK31EJ9FzE=
 github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg=
 github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
+github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d h1:SknEFm9d070Wn2GeX8dyl7bMrX07cp3UMXuZ2Ct02Kw=
-github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/cli v0.0.0-20191105005515-99c5edceb48d/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/cli v24.0.7+incompatible h1:wa/nIwYFW7BVTGa7SWPVyyXU9lgORqUb1xfI36MSkFg=
+github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible h1:dvc1KSkIYTVjZgHf/CTC2diTYC8PzhaA5sFISRfNVrE=
-github.com/docker/cli v24.0.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
+github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible h1:m+SEbBCq0i1e399zUpu70L8AYiTT5UiF7O0IO+5AorM=
-github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/docker v17.12.0-ce-rc1.0.20191113042239-ea84732a7725+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
+github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
-github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
+github.com/docker/go-events v0.0.0-20170721190031-9461782956ad h1:VXIse57M5C6ezDuCPyq6QmMvEJ2xclYKZ35SfkXdm3E=
-github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
+github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
 github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
-github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
+github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
+github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
+github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
+github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/googleapis v1.2.0 h1:Z0v3OJDotX9ZBpdz2V+AI7F4fITSZhVE5mg6GQppwMM=
-github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 h1:uHTyIjqVhYRhLbJ8nIiOJHkEZZ+5YoOsAbD3sk82NiE=
 github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1 h1:/exdXoGamhu5ONeUJH0deniYLWYvQwW66yvlfiiKTu0=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
-github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.14 h1:fOqeC1+nCuuk6PKQdg9YmosXX7Y7mHX6R/0ZldI9iHo=
+github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg=
-github.com/imdario/mergo v0.3.14/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
+github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/mitchellh/mapstructure v1.3.1 h1:cCBH2gTD2K0OtLlv/Y5H01VQCqmlDxz30kS5Y5bqfLA=
 github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
-github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU=
+github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
 github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
 github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
 github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
+github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
+github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
+github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
-github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
+github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
+github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
+github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
+github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2 h1:2C93eP55foV5f0eNmXbidhKzwUZbs/Gk4PRp1zfeffs=
-github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
+github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
-github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
+github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc=
-github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs=
+github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
-github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg=
+github.com/opencontainers/runtime-spec v0.0.0-20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
+github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
+github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4 h1:JJjthDw7WziZQ7sC5C+M2872mIdud5R+s6Cb0cXyPuA=
-github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
+github.com/openfaas/faas v0.0.0-20201205125747-9bbb25e3c7c4/go.mod h1:E0m2rLup0Vvxg53BKxGgaYAGcZa3Xl+vvL7vSi5yQ14=
-github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
+github.com/openfaas/faas-provider v0.15.3 h1:tfjuL5F/tdoUr1J65XrUADyoe59x38VzN1w0DvBaTRk=
-github.com/openfaas/faas-provider v0.25.0 h1:2R1QT22eemeBZV++DsiZOG+h4qKlQRnF9DAP21lyqG0=
+github.com/openfaas/faas-provider v0.15.3/go.mod h1:fq1JL0mX4rNvVVvRLaLRJ3H6o667sHuyP5p/7SZEe98=
-github.com/openfaas/faas-provider v0.25.0/go.mod h1:NsETIfEndZn4mn/w/XnBTcDTwKqULCziphLp7KgeRcA=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4=
-github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
+github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
 github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
 github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
 github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
 github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/sethvargo/go-password v0.1.2/go.mod h1:qKHfdSjT26DpHQWHWWR5+X4BI45jT31dg6j4RI2TEb0=
-github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
+github.com/sethvargo/go-password v0.1.3 h1:18KkbGDkw8SuzeohAbWqBLNSfRQblVwEHOLbPa0PvWM=
-github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI=
+github.com/sethvargo/go-password v0.1.3/go.mod h1:2tyaaoHK/AlXwh5WWQDYjqQbHcq4cjPj5qb/ciYvu/Q=
 github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
+github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
 github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
-github.com/vishvananda/netlink v1.2.1-beta.2 h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=
+github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
 github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU=
 github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
 github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
+go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
-go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M=
+go.uber.org/goleak v1.1.0 h1:MJDxhkyAAWXEJf/y4NSOPYD/bBx7JAzIjUbv12/4FFs=
-go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8=
+go.uber.org/goleak v1.1.0/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
 golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9 h1:1/DFK4b7JH8DmkqhUk48onnSfrPzImPoVxuomtbT2nk=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5 h1:LfCXLvNmTYH9kEmVgqbnsWfruoXZIrh4YBgqVHtDvw0=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11 h1:Yq9t9jnGoR+dBuitxdo9l6Q7xh/zOyNnYUtDKaQ3x0E=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
 golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20191216205247-b31c10ee225f h1:0RYv5T9ZdroAqqfM2taEB0nJrArv0X1JpIdgUmY4xg8=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20191216205247-b31c10ee225f/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.23.0 h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
 google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0=
 gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/apimachinery v0.28.4 h1:zOSJe1mc+GxuMnFzD4Z/U1wst50X28ZNsn5bhgIIao8=
+k8s.io/apimachinery v0.18.9 h1:3ZABKQx3F3xPWlsGhCfUl8W+JXRRblV6Wo2A3zn0pvY=
-k8s.io/apimachinery v0.28.4/go.mod h1:wI37ncBvfAoswfq626yPTe6Bz1c22L7uaJ8dho83mgg=
+k8s.io/apimachinery v0.18.9/go.mod h1:PF5taHbXgTEJLU+xMypMmYTXTWPJ5LaW8bfsisxnEXk=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
--- a/hack/build-containerd-arm64.sh
+++ b/hack/build-containerd-arm64.sh
@ -1,37 +0,0 @@
 #!/bin/bash
 # See pre-reqs:
 # https://github.com/alexellis/containerd-arm
 export ARCH="arm64"
 if [ ! -d "/usr/local/go/bin" ]; then
    echo "Downloading Go.."
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/
 go version
 echo "Building containerd"
 mkdir -p $GOPATH/src/github.com/containerd
 cd $GOPATH/src/github.com/containerd
 git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
 git checkout v1.7.0
 make
 sudo make install
 sudo containerd --version
--- a/hack/build-containerd-armhf.sh
+++ b/hack/build-containerd-armhf.sh
@ -1,20 +1,12 @@
 #!/bin/bash
-# See pre-reqs:
+export ARCH="armv6l"
-# https://github.com/alexellis/containerd-arm
+echo "Downloading Go"
-export ARCH="arm64"
+curl -SLsf https://dl.google.com/go/go1.13.15.linux-$ARCH.tar.gz --output /tmp/go.tgz
-
+sudo rm -rf /usr/local/go/
-if [ ! -d "/usr/local/go/bin" ]; then
+sudo mkdir -p /usr/local/go/
-    echo "Downloading Go.."
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/
@ -29,7 +21,7 @@ git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
-git checkout v1.7.0
+git checkout v1.3.2
 make
 sudo make install
--- a/hack/build-containerd.sh
+++ b/hack/build-containerd.sh
@ -1,21 +1,12 @@
 #!/bin/bash
 export ARCH="amd64"
 echo "Downloading Go"
-# See pre-reqs:
+curl -SLsf https://dl.google.com/go/go1.12.14.linux-$ARCH.tar.gz --output /tmp/go.tgz
-# https://github.com/alexellis/containerd-arm
+sudo rm -rf /usr/local/go/
-
+sudo mkdir -p /usr/local/go/
-export ARCH="arm64"
+sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 if [ ! -d "/usr/local/go/bin" ]; then
    echo "Downloading Go.."
    curl -SLsf https://golang.org/dl/go1.16.6.linux-$ARCH.tar.gz --output /tmp/go.tgz
    sudo rm -rf /usr/local/go/
    sudo mkdir -p /usr/local/go/
    sudo tar -xvf /tmp/go.tgz -C /usr/local/go/ --strip-components=1
 else
    echo "Go already present, skipping."
 fi
 export GOPATH=$HOME/go/
 export PATH=$PATH:/usr/local/go/bin/
@ -30,7 +21,7 @@ git clone https://github.com/containerd/containerd
 cd containerd
 git fetch origin --tags
-git checkout v1.7.0
+git checkout v1.3.2
 make
 sudo make install
--- a/hack/faasd-provider.service
+++ b/hack/faasd-provider.service
@ -5,7 +5,6 @@ Description=faasd-provider
 MemoryLimit=500M
 Environment="secret_mount_path={{.SecretMountPath}}"
 Environment="basic_auth=true"
 Environment="hosts_dir=/var/lib/faasd"
 ExecStart=/usr/local/bin/faasd provider
 Restart=on-failure
 RestartSec=10s
--- a/hack/install.sh
+++ b/hack/install.sh
@ -1,28 +1,18 @@
 #!/bin/bash
-# Copyright OpenFaaS Author(s) 2022
+# Copyright OpenFaaS Author(s) 2020
-set -e -x -o pipefail
+#########################
 # Repo specific content #
 #########################
 export OWNER="openfaas"
 export REPO="faasd"
 # On CentOS /usr/local/bin is not included in the PATH when using sudo. 
 # Running arkade with sudo on CentOS requires the full path
 # to the arkade binary. 
 export ARKADE=/usr/local/bin/arkade
 # When running as a startup script (cloud-init), the HOME variable is not always set.
 # As it is required for arkade to properly download tools, 
 # set the variable to /usr/local so arkade will download binaries to /usr/local/.arkade
 if [ -z "${HOME}" ]; then
  export HOME=/usr/local
 fi
 version=""
 echo "Finding latest version from GitHub"
-version=$(curl -sI https://github.com/$OWNER/$REPO/releases/latest | grep -i "location:" | awk -F"/" '{ printf "%s", $NF }' | tr -d '\r')
+version=$(curl -sI https://github.com/$OWNER/$REPO/releases/latest | grep -i location | awk -F"/" '{ printf "%s", $NF }' | tr -d '\r')
 echo "$version"
 if [ ! $version ]; then
@ -49,55 +39,64 @@ has_apt_get() {
  [ -n "$(command -v apt-get)" ]
 }
 has_pacman() {
  [ -n "$(command -v pacman)" ]
 }
 install_required_packages() {
  if $(has_apt_get); then
    # Debian bullseye is missing iptables. Added to required packages
    # to get it working in raspberry pi. No such known issues in
    # other distros. Hence, adding only to this block.
    # reference: https://github.com/openfaas/faasd/pull/237
    $SUDO apt-get update -y
-    $SUDO apt-get install -y curl runc bridge-utils iptables
+    $SUDO apt-get install -y curl runc bridge-utils
  elif $(has_yum); then
    $SUDO yum check-update -y
-    $SUDO yum install -y curl runc iptables-services
+    $SUDO yum install -y curl runc
  elif $(has_pacman); then
    $SUDO pacman -Syy
    $SUDO pacman -Sy curl runc bridge-utils
  else
-    fatal "Could not find apt-get, yum, or pacman. Cannot install dependencies on this OS."
+    fatal "Could not find apt-get or yum. Cannot install dependencies on this OS."
    exit 1
  fi
 }
 install_arkade(){
  curl -sLS https://get.arkade.dev | $SUDO sh
  arkade --help
 }
 install_cni_plugins() {
-  cni_version=v0.9.1
+  cni_version=v0.8.5
-  $SUDO $ARKADE system install cni --version ${cni_version} --path /opt/cni/bin --progress=false
+  suffix=""
  arch=$(uname -m)
  case $arch in
  x86_64 | amd64)
    suffix=amd64
    ;;
  aarch64)
    suffix=arm64
    ;;
  arm*)
    suffix=arm
    ;;
  *)
    fatal "Unsupported architecture $arch"
    ;;
  esac
  $SUDO mkdir -p /opt/cni/bin
  curl -sSL https://github.com/containernetworking/plugins/releases/download/${cni_version}/cni-plugins-linux-${suffix}-${cni_version}.tgz | $SUDO tar -xvz -C /opt/cni/bin
 }
 install_containerd() {
  CONTAINERD_VER=1.7.0
  $SUDO systemctl unmask containerd || :
  arch=$(uname -m)
-  if [ $arch == "armv7l" ]; then
+  case $arch in
-    $SUDO curl -fSLs "https://github.com/alexellis/containerd-arm/releases/download/v${CONTAINERD_VER}/containerd-${CONTAINERD_VER}-linux-armhf.tar.gz" --output "/tmp/containerd.tar.gz"
+  x86_64 | amd64)
-    $SUDO tar -xvf /tmp/containerd.tar.gz -C /usr/local/bin/
+    curl -sLSf https://github.com/containerd/containerd/releases/download/v1.3.7/containerd-1.3.7-linux-amd64.tar.gz | $SUDO tar -xvz --strip-components=1 -C /usr/local/bin/
-    $SUDO curl -fSLs https://raw.githubusercontent.com/containerd/containerd/v${CONTAINERD_VER}/containerd.service --output "/etc/systemd/system/containerd.service"
+    ;;
-    $SUDO systemctl enable containerd
+  armv7l)
-    $SUDO systemctl start containerd
+    curl -sSL https://github.com/alexellis/containerd-arm/releases/download/v1.3.5/containerd-1.3.5-linux-armhf.tar.gz | $SUDO tar -xvz --strip-components=1 -C /usr/local/bin/
-  else
+    ;;
-    $SUDO $ARKADE system install containerd --systemd --version v${CONTAINERD_VER}  --progress=false
+  aarch64)
-  fi
+    curl -sSL https://github.com/alexellis/containerd-arm/releases/download/v1.3.5/containerd-1.3.5-linux-arm64.tar.gz | $SUDO tar -xvz --strip-components=1 -C /usr/local/bin/
-  
+    ;;
  *)
    fatal "Unsupported architecture $arch"
    ;;
  esac
  $SUDO systemctl unmask containerd || :
  $SUDO curl -SLfs https://raw.githubusercontent.com/containerd/containerd/v1.3.5/containerd.service --output /etc/systemd/system/containerd.service
  $SUDO systemctl enable containerd
  $SUDO systemctl start containerd
  sleep 5
 }
@ -134,12 +133,24 @@ install_faasd() {
 install_caddy() {
  if [ ! -z "${FAASD_DOMAIN}" ]; then
-    CADDY_VER=v2.4.3
+    arch=$(uname -m)
-    arkade get --progress=false caddy -v ${CADDY_VER}
+    case $arch in
-    
+    x86_64 | amd64)
-    # /usr/bin/caddy is specified in the upstream service file.
+      suffix="amd64"
-    $SUDO install -m 755 $HOME/.arkade/bin/caddy /usr/bin/caddy
+      ;;
    aarch64)
      suffix=-arm64
      ;;
    armv7l)
      suffix=-armv7
      ;;
    *)
      echo "Unsupported architecture $arch"
      exit 1
      ;;
    esac
    curl -sSL "https://github.com/caddyserver/caddy/releases/download/v2.2.1/caddy_2.2.1_linux_${suffix}.tar.gz" | $SUDO tar -xvz -C /usr/bin/ caddy
    $SUDO curl -fSLs https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service --output /etc/systemd/system/caddy.service
    $SUDO mkdir -p /etc/caddy
@ -172,17 +183,15 @@ EOF
 }
 install_faas_cli() {
-  arkade get --progress=false faas-cli
+  curl -sLS https://cli.openfaas.com | $SUDO sh
  $SUDO install -m 755 $HOME/.arkade/bin/faas-cli /usr/local/bin/
 }
 verify_system
 install_required_packages
-$SUDO /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
+/sbin/sysctl -w net.ipv4.conf.all.forwarding=1
 echo "net.ipv4.conf.all.forwarding=1" | $SUDO tee -a /etc/sysctl.conf
 install_arkade
 install_cni_plugins
 install_containerd
 install_faas_cli
--- a/pkg/cninetwork/cni_network.go
+++ b/pkg/cninetwork/cni_network.go
@ -1,7 +1,6 @@
 package cninetwork
 import (
 	"bufio"
 	"context"
 	"fmt"
 	"io"
@ -11,7 +10,6 @@ import (
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"github.com/containerd/containerd"
 	gocni "github.com/containerd/go-cni"
@ -21,31 +19,21 @@ import (
 const (
 	// CNIBinDir describes the directory where the CNI binaries are stored
 	CNIBinDir = "/opt/cni/bin"
 	// CNIConfDir describes the directory where the CNI plugin's configuration is stored
 	CNIConfDir = "/etc/cni/net.d"
 	// NetNSPathFmt gives the path to the a process network namespace, given the pid
 	NetNSPathFmt = "/proc/%d/ns/net"
-
+	// CNIResultsDir is the directory CNI stores allocated IP for containers
-	// CNIDataDir is the directory CNI stores allocated IP for containers
+	CNIResultsDir = "/var/lib/cni/results"
 	CNIDataDir = "/var/run/cni"
 	// defaultCNIConfFilename is the vanity filename of default CNI configuration file
 	defaultCNIConfFilename = "10-openfaas.conflist"
 	// defaultNetworkName names the "docker-bridge"-like CNI plugin-chain installed when no other CNI configuration is present.
 	// This value appears in iptables comments created by CNI.
 	defaultNetworkName = "openfaas-cni-bridge"
 	// defaultBridgeName is the default bridge device name used in the defaultCNIConf
 	defaultBridgeName = "openfaas0"
 	// defaultSubnet is the default subnet used in the defaultCNIConf -- this value is set to not collide with common container networking subnets:
 	defaultSubnet = "10.62.0.0/16"
 	// defaultIfPrefix is the interface name to be created in the container
 	defaultIfPrefix = "eth"
 )
 // defaultCNIConf is a CNI configuration that enables network access to containers (docker-bridge style)
@ -62,7 +50,6 @@ var defaultCNIConf = fmt.Sprintf(`
        "ipam": {
            "type": "host-local",
            "subnet": "%s",
            "dataDir": "%s",
            "routes": [
                { "dst": "0.0.0.0/0" }
            ]
@ -73,7 +60,7 @@ var defaultCNIConf = fmt.Sprintf(`
      }
    ]
 }
-`, defaultNetworkName, defaultBridgeName, defaultSubnet, CNIDataDir)
+`, defaultNetworkName, defaultBridgeName, defaultSubnet)
 // InitNetwork writes configlist file and initializes CNI network
 func InitNetwork() (gocni.CNI, error) {
@ -88,14 +75,11 @@ func InitNetwork() (gocni.CNI, error) {
 	netConfig := path.Join(CNIConfDir, defaultCNIConfFilename)
 	if err := ioutil.WriteFile(netConfig, []byte(defaultCNIConf), 644); err != nil {
 		return nil, fmt.Errorf("cannot write network config: %s", defaultCNIConfFilename)
 	}
 	}
 	// Initialize CNI library
-	cni, err := gocni.New(
+	cni, err := gocni.New(gocni.WithPluginConfDir(CNIConfDir),
-		gocni.WithPluginConfDir(CNIConfDir),
+		gocni.WithPluginDir([]string{CNIBinDir}))
 		gocni.WithPluginDir([]string{CNIBinDir}),
 		gocni.WithInterfacePrefix(defaultIfPrefix),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error initializing cni: %s", err)
@ -147,61 +131,43 @@ func DeleteCNINetwork(ctx context.Context, cni gocni.CNI, client *containerd.Cli
 	return errors.Wrapf(containerErr, "Unable to find container: %s, error: %s", name, containerErr)
 }
-// GetIPAddress returns the IP address from container based on container name and PID
+// GetIPAddress returns the IP address of the created container
-func GetIPAddress(container string, PID uint32) (string, error) {
+func GetIPAddress(result *gocni.CNIResult, task containerd.Task) (net.IP, error) {
-	CNIDir := path.Join(CNIDataDir, defaultNetworkName)
+	// Get the IP of the created interface
-
+	var ip net.IP
-	files, err := ioutil.ReadDir(CNIDir)
+	for ifName, config := range result.Interfaces {
-	if err != nil {
+		if config.Sandbox == netNamespace(task) {
-		return "", fmt.Errorf("failed to read CNI dir for container %s: %v", container, err)
+			for _, ipConfig := range config.IPConfigs {
-	}
+				if ifName != "lo" && ipConfig.IP.To4() != nil {
-
+					ip = ipConfig.IP
-	for _, file := range files {
+				}
-		// each fileName is an IP address
+			}
 		fileName := file.Name()
 		resultsFile := filepath.Join(CNIDir, fileName)
 		found, err := isCNIResultForPID(resultsFile, container, PID)
 		if err != nil {
 			return "", err
 		}
 		if found {
 			return fileName, nil
 		}
 	}
-
+	if ip == nil {
-	return "", fmt.Errorf("unable to get IP address for container: %s", container)
+		return nil, fmt.Errorf("unable to get IP address for: %s", task.ID())
 	}
 	return ip, nil
 }
-// isCNIResultForPID confirms if the CNI result file contains the
+func GetIPfromPID(pid int) (*net.IP, error) {
-// process name, PID and interface name
+	// https://github.com/weaveworks/weave/blob/master/net/netdev.go
 //
 // Example:
 //
 // /var/run/cni/openfaas-cni-bridge/10.62.0.2
 //
 // nats-621
 // eth1
 func isCNIResultForPID(fileName, container string, PID uint32) (bool, error) {
 	found := false
-	f, err := os.Open(fileName)
+	peerIDs, err := ConnectedToBridgeVethPeerIds(defaultBridgeName)
 	if err != nil {
-		return false, fmt.Errorf("failed to open CNI IP file for %s: %v", fileName, err)
+		return nil, fmt.Errorf("unable to find peers on: %s %s", defaultBridgeName, err)
 	}
 	defer f.Close()
 	reader := bufio.NewReader(f)
 	processLine, _ := reader.ReadString('\n')
 	if strings.Contains(processLine, fmt.Sprintf("%s-%d", container, PID)) {
 		ethNameLine, _ := reader.ReadString('\n')
 		if strings.Contains(ethNameLine, defaultIfPrefix) {
 			found = true
 		}
 	}
-	return found, nil
+	addrs, addrsErr := GetNetDevsByVethPeerIds(pid, peerIDs)
 	if addrsErr != nil {
 		return nil, fmt.Errorf("unable to find address for veth pair using: %v %s", peerIDs, addrsErr)
 	}
 	if len(addrs) > 0 && len(addrs[0].CIDRs) > 0 {
 		return &addrs[0].CIDRs[0].IP, nil
 	}
 	return nil, fmt.Errorf("no IP found for function")
 }
 // CNIGateway returns the gateway for default subnet
--- a/pkg/cninetwork/cni_network_test.go
+++ b/pkg/cninetwork/cni_network_test.go
@ -1,63 +0,0 @@
 package cninetwork
 import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 )
 func Test_isCNIResultForPID_Found(t *testing.T) {
 	body := `nats-621
 eth1`
 	fileName := `10.62.0.2`
 	container := "nats"
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)
 	err := ioutil.WriteFile(fullPath, []byte(body), 0700)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
 	defer func() {
 		os.Remove(fullPath)
 	}()
 	got, err := isCNIResultForPID(fullPath, container, PID)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
 	want := true
 	if got != want {
 		t.Fatalf("want %v, but got %v", want, got)
 	}
 }
 func Test_isCNIResultForPID_NoMatch(t *testing.T) {
 	body := `nats-621
 eth1`
 	fileName := `10.62.0.3`
 	container := "gateway"
 	PID := uint32(621)
 	fullPath := filepath.Join(os.TempDir(), fileName)
 	err := ioutil.WriteFile(fullPath, []byte(body), 0700)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
 	defer func() {
 		os.Remove(fullPath)
 	}()
 	got, err := isCNIResultForPID(fullPath, container, PID)
 	if err != nil {
 		t.Fatalf(err.Error())
 	}
 	want := false
 	if got != want {
 		t.Fatalf("want %v, but got %v", want, got)
 	}
 }
--- a/pkg/cninetwork/weave.go
+++ b/pkg/cninetwork/weave.go
@ -0,0 +1,118 @@
 // Copyright Weaveworks
 // github.com/weaveworks/weave/net
 package cninetwork
 import (
 	"fmt"
 	"net"
 	"os"
 	"github.com/vishvananda/netlink"
 	"github.com/vishvananda/netns"
 )
 type Dev struct {
 	Name  string           `json:"Name,omitempty"`
 	MAC   net.HardwareAddr `json:"MAC,omitempty"`
 	CIDRs []*net.IPNet     `json:"CIDRs,omitempty"`
 }
 // ConnectedToBridgeVethPeerIds returns peer indexes of veth links connected to
 // the given bridge. The peer index is used to query from a container netns
 // whether the container is connected to the bridge.
 func ConnectedToBridgeVethPeerIds(bridgeName string) ([]int, error) {
 	var ids []int
 	br, err := netlink.LinkByName(bridgeName)
 	if err != nil {
 		return nil, err
 	}
 	links, err := netlink.LinkList()
 	if err != nil {
 		return nil, err
 	}
 	for _, link := range links {
 		if _, isveth := link.(*netlink.Veth); isveth && link.Attrs().MasterIndex == br.Attrs().Index {
 			peerID := link.Attrs().ParentIndex
 			if peerID == 0 {
 				// perhaps running on an older kernel where ParentIndex doesn't work.
 				// as fall-back, assume the peers are consecutive
 				peerID = link.Attrs().Index - 1
 			}
 			ids = append(ids, peerID)
 		}
 	}
 	return ids, nil
 }
 // Lookup the weave interface of a container
 func GetWeaveNetDevs(processID int) ([]Dev, error) {
 	peerIDs, err := ConnectedToBridgeVethPeerIds("weave")
 	if err != nil {
 		return nil, err
 	}
 	return GetNetDevsByVethPeerIds(processID, peerIDs)
 }
 func GetNetDevsByVethPeerIds(processID int, peerIDs []int) ([]Dev, error) {
 	// Bail out if this container is running in the root namespace
 	netnsRoot, err := netns.GetFromPid(1)
 	if err != nil {
 		return nil, fmt.Errorf("unable to open root namespace: %s", err)
 	}
 	defer netnsRoot.Close()
 	netnsContainer, err := netns.GetFromPid(processID)
 	if err != nil {
 		// Unable to find a namespace for this process - just return nothing
 		if os.IsNotExist(err) {
 			return nil, nil
 		}
 		return nil, fmt.Errorf("unable to open process %d namespace: %s", processID, err)
 	}
 	defer netnsContainer.Close()
 	if netnsRoot.Equal(netnsContainer) {
 		return nil, nil
 	}
 	// convert list of peerIDs into a map for faster lookup
 	indexes := make(map[int]struct{})
 	for _, id := range peerIDs {
 		indexes[id] = struct{}{}
 	}
 	var netdevs []Dev
 	err = WithNetNS(netnsContainer, func() error {
 		links, err := netlink.LinkList()
 		if err != nil {
 			return err
 		}
 		for _, link := range links {
 			if _, found := indexes[link.Attrs().Index]; found {
 				netdev, err := linkToNetDev(link)
 				if err != nil {
 					return err
 				}
 				netdevs = append(netdevs, netdev)
 			}
 		}
 		return nil
 	})
 	return netdevs, err
 }
 // Get the weave bridge interface.
 // NB: Should be called from the root network namespace.
 func GetBridgeNetDev(bridgeName string) (Dev, error) {
 	link, err := netlink.LinkByName(bridgeName)
 	if err != nil {
 		return Dev{}, err
 	}
 	return linkToNetDev(link)
 }
--- a/pkg/cninetwork/weave_darwin.go
+++ b/pkg/cninetwork/weave_darwin.go
@ -0,0 +1,10 @@
 // +build darwin
 package cninetwork
 import "github.com/vishvananda/netlink"
 func linkToNetDev(link netlink.Link) (Dev, error) {
 	return Dev{}, nil
 }
--- a/pkg/cninetwork/weave_linux.go
+++ b/pkg/cninetwork/weave_linux.go
@ -0,0 +1,19 @@
 // +build linux
 package cninetwork
 import "github.com/vishvananda/netlink"
 func linkToNetDev(link netlink.Link) (Dev, error) {
 	addrs, err := netlink.AddrList(link, netlink.FAMILY_V4)
 	if err != nil {
 		return Dev{}, err
 	}
 	netDev := Dev{Name: link.Attrs().Name, MAC: link.Attrs().HardwareAddr}
 	for _, addr := range addrs {
 		netDev.CIDRs = append(netDev.CIDRs, addr.IPNet)
 	}
 	return netDev, nil
 }
--- a/pkg/constants.go
+++ b/pkg/constants.go
@ -1,16 +1,6 @@
 package pkg
 const (
-	// DefaultFunctionNamespace is the default containerd namespace functions are created
+	// FunctionNamespace is the default containerd namespace functions are created
-	DefaultFunctionNamespace = "openfaas-fn"
+	FunctionNamespace = "openfaas-fn"
 	// NamespaceLabel indicates that a namespace is managed by faasd
 	NamespaceLabel = "openfaas"
 	// FaasdNamespace is the containerd namespace services are created
 	FaasdNamespace = "openfaas"
 	faasServicesPullAlways = false
 	defaultSnapshotter = "overlayfs"
 )
--- a/pkg/logs/requestor.go
+++ b/pkg/logs/requestor.go
@ -71,7 +71,7 @@ func buildCmd(ctx context.Context, req logs.Request) *exec.Cmd {
 	namespace := req.Namespace
 	if namespace == "" {
-		namespace = faasd.DefaultFunctionNamespace
+		namespace = faasd.FunctionNamespace
 	}
 	// find the description of the fields here
--- a/pkg/provider/config/read.go
+++ b/pkg/provider/config/read.go
@ -20,11 +20,9 @@ func ReadFromEnv(hasEnv types.HasEnv) (*types.FaaSConfig, *ProviderConfig, error
 	serviceTimeout := types.ParseIntOrDurationValue(hasEnv.Getenv("service_timeout"), time.Second*60)
 	config.EnableHealth = true
 	config.ReadTimeout = serviceTimeout
 	config.WriteTimeout = serviceTimeout
 	config.EnableBasicAuth = true
 	config.MaxIdleConns = types.ParseIntValue(hasEnv.Getenv("max_idle_conns"), 1024)
 	config.MaxIdleConnsPerHost = types.ParseIntValue(hasEnv.Getenv("max_idle_conns_per_host"), 1024)
 	port := types.ParseIntValue(hasEnv.Getenv("port"), 8081)
 	config.TCPPort = &port
--- a/pkg/provider/handlers/delete.go
+++ b/pkg/provider/handlers/delete.go
@ -11,9 +11,9 @@ import (
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/namespaces"
 	gocni "github.com/containerd/go-cni"
 	"github.com/openfaas/faas/gateway/requests"
-	"github.com/openfaas/faas-provider/types"
+	faasd "github.com/openfaas/faasd/pkg"
 	"github.com/openfaas/faasd/pkg"
 	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 )
@ -32,7 +32,7 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 		body, _ := ioutil.ReadAll(r.Body)
 		log.Printf("[Delete] request: %s\n", string(body))
-		req := types.DeleteFunctionRequest{}
+		req := requests.DeleteFunctionRequest{}
 		err := json.Unmarshal(body, &req)
 		if err != nil {
 			log.Printf("[Delete] error parsing input: %s\n", err)
@ -41,27 +41,9 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 			return
 		}
 		// namespace moved from the querystring into the body
 		namespace := req.Namespace
 		if namespace == "" {
 			namespace = pkg.DefaultFunctionNamespace
 		}
 		// Check if namespace exists, and it has the openfaas label
 		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		name := req.FunctionName
-		function, err := GetFunction(client, name, namespace)
+		function, err := GetFunction(client, name)
 		if err != nil {
 			msg := fmt.Sprintf("service %s not found", name)
 			log.Printf("[Delete] %s\n", msg)
@ -69,7 +51,7 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 			return
 		}
-		ctx := namespaces.WithNamespace(context.Background(), namespace)
+		ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
 		// TODO: this needs to still happen if the task is paused
 		if function.replicas != 0 {
@ -79,9 +61,10 @@ func MakeDeleteHandler(client *containerd.Client, cni gocni.CNI) func(w http.Res
 			}
 		}
-		if err := service.Remove(ctx, client, name); err != nil {
+		containerErr := service.Remove(ctx, client, name)
-			log.Printf("[Delete] error removing %s, %s\n", name, err)
+		if containerErr != nil {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
+			log.Printf("[Delete] error removing %s, %s\n", name, containerErr)
 			http.Error(w, containerErr.Error(), http.StatusInternalServerError)
 			return
 		}
--- a/pkg/provider/handlers/deploy.go
+++ b/pkg/provider/handlers/deploy.go
@ -20,6 +20,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openfaas/faas-provider/types"
 	faasd "github.com/openfaas/faasd/pkg"
 	cninetwork "github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 	"github.com/pkg/errors"
@ -28,8 +29,8 @@ import (
 const annotationLabelPrefix = "com.openfaas.annotations."
 // MakeDeployHandler returns a handler to deploy a function
 func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath string, alwaysPull bool) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Body == nil {
@ -51,32 +52,15 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 			return
 		}
-		namespace := getRequestNamespace(req.Namespace)
+		err = validateSecrets(secretMountPath, req.Secrets)
 		// Check if namespace exists, and it has the openfaas label
 		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		namespaceSecretMountPath := getNamespaceSecretMountPath(secretMountPath, namespace)
 		err = validateSecrets(namespaceSecretMountPath, req.Secrets)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		name := req.Service
-		ctx := namespaces.WithNamespace(context.Background(), namespace)
+		ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
-		deployErr := deploy(ctx, req, client, cni, namespaceSecretMountPath, alwaysPull)
+		deployErr := deploy(ctx, req, client, cni, secretMountPath, alwaysPull)
 		if deployErr != nil {
 			log.Printf("[Deploy] error deploying %s, error: %s\n", name, deployErr)
 			http.Error(w, deployErr.Error(), http.StatusBadRequest)
@ -126,7 +110,7 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 	}
 	envs := prepareEnv(req.EnvProcess, req.EnvVars)
-	mounts := getOSMounts()
+	mounts := getMounts()
 	for _, secret := range req.Secrets {
 		mounts = append(mounts, specs.Mount{
@ -141,7 +125,7 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 	labels, err := buildLabels(&req)
 	if err != nil {
-		return fmt.Errorf("unable to apply labels to container: %s, error: %w", name, err)
+		return fmt.Errorf("Unable to apply labels to conatiner: %s, error: %s", name, err)
 	}
 	var memory *specs.LinuxMemory
@ -163,7 +147,6 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 		containerd.WithSnapshotter(snapshotter),
 		containerd.WithNewSnapshot(name+"-snapshot", image),
 		containerd.WithNewSpec(oci.WithImageConfig(image),
 			oci.WithHostname(name),
 			oci.WithCapabilities([]string{"CAP_NET_RAW"}),
 			oci.WithMounts(mounts),
 			oci.WithEnv(envs),
@ -172,10 +155,10 @@ func deploy(ctx context.Context, req types.FunctionDeployment, client *container
 	)
 	if err != nil {
-		return fmt.Errorf("unable to create container: %s, error: %w", name, err)
+		return fmt.Errorf("unable to create container: %s, error: %s", name, err)
 	}
-	return createTask(ctx, container, cni)
+	return createTask(ctx, client, container, cni)
 }
@ -203,31 +186,30 @@ func buildLabels(request *types.FunctionDeployment) (map[string]string, error) {
 	return labels, nil
 }
-func createTask(ctx context.Context, container containerd.Container, cni gocni.CNI) error {
+func createTask(ctx context.Context, client *containerd.Client, container containerd.Container, cni gocni.CNI) error {
 	name := container.ID()
 	task, taskErr := container.NewTask(ctx, cio.BinaryIO("/usr/local/bin/faasd", nil))
 	if taskErr != nil {
-		return fmt.Errorf("unable to start task: %s, error: %w", name, taskErr)
+		return fmt.Errorf("unable to start task: %s, error: %s", name, taskErr)
 	}
 	log.Printf("Container ID: %s\tTask ID %s:\tTask PID: %d\t\n", name, task.ID(), task.Pid())
 	labels := map[string]string{}
-	_, err := cninetwork.CreateCNINetwork(ctx, cni, task, labels)
+	network, err := cninetwork.CreateCNINetwork(ctx, cni, task, labels)
 	if err != nil {
 		return err
 	}
-	ip, err := cninetwork.GetIPAddress(name, task.Pid())
+	ip, err := cninetwork.GetIPAddress(network, task)
 	if err != nil {
 		return err
 	}
-
+	log.Printf("%s has IP: %s.\n", name, ip.String())
 	log.Printf("%s has IP: %s.\n", name, ip)
 	_, waitErr := task.Wait(ctx)
 	if waitErr != nil {
@ -262,28 +244,20 @@ func prepareEnv(envProcess string, reqEnvVars map[string]string) []string {
 	return envs
 }
-// getOSMounts provides a mount for os-specific files such
+func getMounts() []specs.Mount {
-// as the hosts file and resolv.conf
+	wd, _ := os.Getwd()
 func getOSMounts() []specs.Mount {
 	// Prior to hosts_dir env-var, this value was set to
 	// os.Getwd()
 	hostsDir := "/var/lib/faasd"
 	if v, ok := os.LookupEnv("hosts_dir"); ok && len(v) > 0 {
 		hostsDir = v
 	}
 	mounts := []specs.Mount{}
 	mounts = append(mounts, specs.Mount{
 		Destination: "/etc/resolv.conf",
 		Type:        "bind",
-		Source:      path.Join(hostsDir, "resolv.conf"),
+		Source:      path.Join(wd, "resolv.conf"),
 		Options:     []string{"rbind", "ro"},
 	})
 	mounts = append(mounts, specs.Mount{
 		Destination: "/etc/hosts",
 		Type:        "bind",
-		Source:      path.Join(hostsDir, "hosts"),
+		Source:      path.Join(wd, "hosts"),
 		Options:     []string{"rbind", "ro"},
 	})
 	return mounts
--- a/pkg/provider/handlers/deploy_test.go
+++ b/pkg/provider/handlers/deploy_test.go
@ -53,7 +53,7 @@ func Test_BuildLabels_WithAnnotations(t *testing.T) {
 			}
 			if !reflect.DeepEqual(val, tc.result) {
-				t.Errorf("Want: %s, got: %s", val, tc.result)
+				t.Errorf("Got: %s, expected %s", val, tc.result)
 			}
 		})
 	}
--- a/pkg/provider/handlers/functions.go
+++ b/pkg/provider/handlers/functions.go
@ -2,19 +2,15 @@ package handlers
 import (
 	"context"
 	"errors"
 	"fmt"
 	"log"
 	"strings"
 	"time"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/openfaas/faasd/pkg"
 	faasd "github.com/openfaas/faasd/pkg"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 	faasd "github.com/openfaas/faasd/pkg"
 )
 type Function struct {
@ -26,27 +22,11 @@ type Function struct {
 	IP          string
 	labels      map[string]string
 	annotations map[string]string
 	secrets     []string
 	envVars     map[string]string
 	envProcess  string
 	memoryLimit int64
 	createdAt   time.Time
 }
 // ListFunctions returns a map of all functions with running tasks on namespace
-func ListFunctions(client *containerd.Client, namespace string) (map[string]*Function, error) {
+func ListFunctions(client *containerd.Client) (map[string]*Function, error) {
-
+	ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
 	// Check if namespace exists, and it has the openfaas label
 	valid, err := validNamespace(client.NamespaceService(), namespace)
 	if err != nil {
 		return nil, err
 	}
 	if !valid {
 		return nil, errors.New("namespace not valid")
 	}
 	ctx := namespaces.WithNamespace(context.Background(), namespace)
 	functions := make(map[string]*Function)
 	containers, err := client.Containers(ctx)
@ -56,25 +36,25 @@ func ListFunctions(client *containerd.Client, namespace string) (map[string]*Fun
 	for _, c := range containers {
 		name := c.ID()
-		f, err := GetFunction(client, name, namespace)
+		f, err := GetFunction(client, name)
 		if err != nil {
-			log.Printf("skipping %s, error: %s", name, err)
+			log.Printf("error getting function %s: ", name)
-		} else {
+			return functions, err
 			functions[name] = &f
 		}
 		functions[name] = &f
 	}
 	return functions, nil
 }
 // GetFunction returns a function that matches name
-func GetFunction(client *containerd.Client, name string, namespace string) (Function, error) {
+func GetFunction(client *containerd.Client, name string) (Function, error) {
-	ctx := namespaces.WithNamespace(context.Background(), namespace)
+	ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
 	fn := Function{}
 	c, err := client.LoadContainer(ctx, name)
 	if err != nil {
-		return Function{}, fmt.Errorf("unable to find function: %s, error %w", name, err)
+		return Function{}, fmt.Errorf("unable to find function: %s, error %s", name, err)
 	}
 	image, err := c.Image(ctx)
@ -86,34 +66,16 @@ func GetFunction(client *containerd.Client, name string, namespace string) (Func
 	allLabels, labelErr := c.Labels(ctx)
 	if labelErr != nil {
-		log.Printf("cannot list container %s labels: %s", containerName, labelErr)
+		log.Printf("cannot list container %s labels: %s", containerName, labelErr.Error())
 	}
 	labels, annotations := buildLabelsAndAnnotations(allLabels)
 	spec, err := c.Spec(ctx)
 	if err != nil {
 		return Function{}, fmt.Errorf("unable to load function %s error: %w", name, err)
 	}
 	info, err := c.Info(ctx)
 	if err != nil {
 		return Function{}, fmt.Errorf("can't load info for: %s, error %w", name, err)
 	}
 	envVars, envProcess := readEnvFromProcessEnv(spec.Process.Env)
 	secrets := readSecretsFromMounts(spec.Mounts)
 	fn.name = containerName
-	fn.namespace = namespace
+	fn.namespace = faasd.FunctionNamespace
 	fn.image = image.Name()
 	fn.labels = labels
 	fn.annotations = annotations
 	fn.secrets = secrets
 	fn.envVars = envVars
 	fn.envProcess = envProcess
 	fn.createdAt = info.CreatedAt
 	fn.memoryLimit = readMemoryLimitFromSpec(spec)
 	replicas := 0
 	task, err := c.Task(ctx, nil)
@ -121,7 +83,7 @@ func GetFunction(client *containerd.Client, name string, namespace string) (Func
 		// Task for container exists
 		svc, err := task.Status(ctx)
 		if err != nil {
-			return Function{}, fmt.Errorf("unable to get task status for container: %s %w", name, err)
+			return Function{}, fmt.Errorf("unable to get task status for container: %s %s", name, err)
 		}
 		if svc.Status == "running" {
@ -129,11 +91,11 @@ func GetFunction(client *containerd.Client, name string, namespace string) (Func
 			fn.pid = task.Pid()
 			// Get container IP address
-			ip, err := cninetwork.GetIPAddress(name, task.Pid())
+			ip, err := cninetwork.GetIPfromPID(int(task.Pid()))
 			if err != nil {
 				return Function{}, err
 			}
-			fn.IP = ip
+			fn.IP = ip.String()
 		}
 	} else {
 		replicas = 0
@ -143,42 +105,6 @@ func GetFunction(client *containerd.Client, name string, namespace string) (Func
 	return fn, nil
 }
 func readEnvFromProcessEnv(env []string) (map[string]string, string) {
 	foundEnv := make(map[string]string)
 	fprocess := ""
 	for _, e := range env {
 		kv := strings.Split(e, "=")
 		if len(kv) == 1 {
 			continue
 		}
 		if kv[0] == "PATH" {
 			continue
 		}
 		if kv[0] == "fprocess" {
 			fprocess = kv[1]
 			continue
 		}
 		foundEnv[kv[0]] = kv[1]
 	}
 	return foundEnv, fprocess
 }
 func readSecretsFromMounts(mounts []specs.Mount) []string {
 	secrets := []string{}
 	for _, mnt := range mounts {
 		x := strings.Split(mnt.Destination, "/var/openfaas/secrets/")
 		if len(x) > 1 {
 			secrets = append(secrets, x[1])
 		}
 	}
 	return secrets
 }
 // buildLabelsAndAnnotations returns a separated list with labels first,
 // followed by annotations by checking each key of ctrLabels for a prefix.
 func buildLabelsAndAnnotations(ctrLabels map[string]string) (map[string]string, map[string]string) {
@ -195,48 +121,3 @@ func buildLabelsAndAnnotations(ctrLabels map[string]string) (map[string]string,
 	return labels, annotations
 }
 func ListNamespaces(client *containerd.Client) []string {
 	set := []string{}
 	store := client.NamespaceService()
 	namespaces, err := store.List(context.Background())
 	if err != nil {
 		log.Printf("Error listing namespaces: %s", err.Error())
 		set = append(set, faasd.DefaultFunctionNamespace)
 		return set
 	}
 	for _, namespace := range namespaces {
 		labels, err := store.Labels(context.Background(), namespace)
 		if err != nil {
 			log.Printf("Error listing label for namespace %s: %s", namespace, err.Error())
 			continue
 		}
 		if _, found := labels[pkg.NamespaceLabel]; found {
 			set = append(set, namespace)
 		}
 		if !findNamespace(faasd.DefaultFunctionNamespace, set) {
 			set = append(set, faasd.DefaultFunctionNamespace)
 		}
 	}
 	return set
 }
 func findNamespace(target string, items []string) bool {
 	for _, n := range items {
 		if n == target {
 			return true
 		}
 	}
 	return false
 }
 func readMemoryLimitFromSpec(spec *specs.Spec) int64 {
 	if spec.Linux == nil || spec.Linux.Resources == nil || spec.Linux.Resources.Memory == nil || spec.Linux.Resources.Memory.Limit == nil {
 		return 0
 	}
 	return *spec.Linux.Resources.Memory.Limit
 }
--- a/pkg/provider/handlers/functions_test.go
+++ b/pkg/provider/handlers/functions_test.go
@ -2,10 +2,7 @@ package handlers
 import (
 	"fmt"
 	"reflect"
 	"testing"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 func Test_BuildLabelsAndAnnotationsFromServiceSpec_Annotations(t *testing.T) {
@ -30,104 +27,3 @@ func Test_BuildLabelsAndAnnotationsFromServiceSpec_Annotations(t *testing.T) {
 		t.Errorf("want: '%s' entry in annotation map got: key not found", "current-time")
 	}
 }
 func Test_SplitMountToSecrets(t *testing.T) {
 	type testCase struct {
 		Name  string
 		Input []specs.Mount
 		Want  []string
 	}
 	tests := []testCase{
 		{Name: "No matching openfaas secrets", Input: []specs.Mount{{Destination: "/foo/"}}, Want: []string{}},
 		{Name: "Nil mounts", Input: nil, Want: []string{}},
 		{Name: "No Mounts", Input: []specs.Mount{{Destination: "/foo/"}}, Want: []string{}},
 		{Name: "One Mounts IS secret", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}}, Want: []string{"secret1"}},
 		{Name: "Multiple Mounts 1 secret", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}, {Destination: "/some/other/path"}}, Want: []string{"secret1"}},
 		{Name: "Multiple Mounts all secrets", Input: []specs.Mount{{Destination: "/var/openfaas/secrets/secret1"}, {Destination: "/var/openfaas/secrets/secret2"}}, Want: []string{"secret1", "secret2"}},
 	}
 	for _, tc := range tests {
 		t.Run(tc.Name, func(t *testing.T) {
 			got := readSecretsFromMounts(tc.Input)
 			if !reflect.DeepEqual(got, tc.Want) {
 				t.Fatalf("Want %s, got %s", tc.Want, got)
 			}
 		})
 	}
 }
 func Test_ProcessEnvToEnvVars(t *testing.T) {
 	type testCase struct {
 		Name     string
 		Input    []string
 		Want     map[string]string
 		fprocess string
 	}
 	tests := []testCase{
 		{Name: "No matching EnvVars", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "fprocess=python index.py"}, Want: make(map[string]string), fprocess: "python index.py"},
 		{Name: "No EnvVars", Input: []string{}, Want: make(map[string]string), fprocess: ""},
 		{Name: "One EnvVar", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "fprocess=python index.py", "env=this"}, Want: map[string]string{"env": "this"}, fprocess: "python index.py"},
 		{Name: "Multiple EnvVars", Input: []string{"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "this=that", "env=var", "fprocess=python index.py"}, Want: map[string]string{"this": "that", "env": "var"}, fprocess: "python index.py"},
 		{Name: "Nil EnvVars", Input: nil, Want: make(map[string]string)},
 	}
 	for _, tc := range tests {
 		t.Run(tc.Name, func(t *testing.T) {
 			got, fprocess := readEnvFromProcessEnv(tc.Input)
 			if !reflect.DeepEqual(got, tc.Want) {
 				t.Fatalf("Want: %s, got: %s", tc.Want, got)
 			}
 			if fprocess != tc.fprocess {
 				t.Fatalf("Want fprocess: %s, got: %s", tc.fprocess, got)
 			}
 		})
 	}
 }
 func Test_findNamespace(t *testing.T) {
 	type testCase struct {
 		Name            string
 		foundNamespaces []string
 		namespace       string
 		Want            bool
 	}
 	tests := []testCase{
 		{Name: "Namespace Found", namespace: "fn", foundNamespaces: []string{"fn", "openfaas-fn"}, Want: true},
 		{Name: "namespace Not Found", namespace: "fn", foundNamespaces: []string{"openfaas-fn"}, Want: false},
 	}
 	for _, tc := range tests {
 		t.Run(tc.Name, func(t *testing.T) {
 			got := findNamespace(tc.namespace, tc.foundNamespaces)
 			if got != tc.Want {
 				t.Fatalf("Want %t, got %t", tc.Want, got)
 			}
 		})
 	}
 }
 func Test_readMemoryLimitFromSpec(t *testing.T) {
 	type testCase struct {
 		Name string
 		Spec *specs.Spec
 		Want int64
 	}
 	testLimit := int64(64)
 	tests := []testCase{
 		{Name: "specs.Linux not found", Spec: &specs.Spec{Linux: nil}, Want: int64(0)},
 		{Name: "specs.LinuxResource not found", Spec: &specs.Spec{Linux: &specs.Linux{Resources: nil}}, Want: int64(0)},
 		{Name: "specs.LinuxMemory not found", Spec: &specs.Spec{Linux: &specs.Linux{Resources: &specs.LinuxResources{Memory: nil}}}, Want: int64(0)},
 		{Name: "specs.LinuxMemory.Limit not found", Spec: &specs.Spec{Linux: &specs.Linux{Resources: &specs.LinuxResources{Memory: &specs.LinuxMemory{Limit: nil}}}}, Want: int64(0)},
 		{Name: "Memory limit set as Want", Spec: &specs.Spec{Linux: &specs.Linux{Resources: &specs.LinuxResources{Memory: &specs.LinuxMemory{Limit: &testLimit}}}}, Want: int64(64)},
 	}
 	for _, tc := range tests {
 		t.Run(tc.Name, func(t *testing.T) {
 			got := readMemoryLimitFromSpec(tc.Spec)
 			if got != tc.Want {
 				t.Fatalf("Want %d, got %d", tc.Want, got)
 			}
 		})
 	}
 }
--- a/pkg/provider/handlers/info.go
+++ b/pkg/provider/handlers/info.go
@ -22,10 +22,10 @@ func MakeInfoHandler(version, sha string) http.HandlerFunc {
 			defer r.Body.Close()
 		}
-		infoResponse := types.ProviderInfo{
+		infoResponse := types.InfoResponse{
 			Orchestration: OrchestrationIdentifier,
-			Name:          ProviderName,
+			Provider:      ProviderName,
-			Version: &types.VersionInfo{
+			Version: types.ProviderVersion{
 				Release: version,
 				SHA:     sha,
 			},
--- a/pkg/provider/handlers/info_test.go
+++ b/pkg/provider/handlers/info_test.go
@ -15,14 +15,14 @@ func Test_InfoHandler(t *testing.T) {
 	r := httptest.NewRequest("GET", "/", nil)
 	handler(w, r)
-	resp := types.ProviderInfo{}
+	resp := types.InfoResponse{}
 	err := json.Unmarshal(w.Body.Bytes(), &resp)
 	if err != nil {
 		t.Fatalf("unexpected error unmarshalling the response")
 	}
-	if resp.Name != ProviderName {
+	if resp.Provider != ProviderName {
-		t.Fatalf("expected provider %q, got %q", ProviderName, resp.Name)
+		t.Fatalf("expected provider %q, got %q", ProviderName, resp.Provider)
 	}
 	if resp.Orchestration != OrchestrationIdentifier {
--- a/pkg/provider/handlers/invoke_resolver.go
+++ b/pkg/provider/handlers/invoke_resolver.go
@ -4,10 +4,8 @@ import (
 	"fmt"
 	"log"
 	"net/url"
 	"strings"
 	"github.com/containerd/containerd"
 	faasd "github.com/openfaas/faasd/pkg"
 )
 const watchdogPort = 8080
@ -21,18 +19,11 @@ func NewInvokeResolver(client *containerd.Client) *InvokeResolver {
 }
 func (i *InvokeResolver) Resolve(functionName string) (url.URL, error) {
-	actualFunctionName := functionName
+	log.Printf("Resolve: %q\n", functionName)
 	log.Printf("Resolve: %q\n", actualFunctionName)
-	namespace := getNamespaceOrDefault(functionName, faasd.DefaultFunctionNamespace)
+	function, err := GetFunction(i.client, functionName)
 	if strings.Contains(functionName, ".") {
 		actualFunctionName = strings.TrimSuffix(functionName, "."+namespace)
 	}
 	function, err := GetFunction(i.client, actualFunctionName, namespace)
 	if err != nil {
-		return url.URL{}, fmt.Errorf("%s not found", actualFunctionName)
+		return url.URL{}, fmt.Errorf("%s not found", functionName)
 	}
 	serviceIP := function.IP
@ -46,11 +37,3 @@ func (i *InvokeResolver) Resolve(functionName string) (url.URL, error) {
 	return *urlRes, nil
 }
 func getNamespaceOrDefault(name, defaultNamespace string) string {
 	namespace := defaultNamespace
 	if strings.Contains(name, ".") {
 		namespace = name[strings.LastIndexAny(name, ".")+1:]
 	}
 	return namespace
 }
--- a/pkg/provider/handlers/mutate_namespaces.go
+++ b/pkg/provider/handlers/mutate_namespaces.go
@ -1,285 +0,0 @@
 package handlers
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"strings"
 	"github.com/containerd/containerd"
 	"github.com/gorilla/mux"
 	"github.com/openfaas/faas-provider/types"
 )
 func MakeMutateNamespace(client *containerd.Client) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Body != nil {
 			defer r.Body.Close()
 		}
 		switch r.Method {
 		case http.MethodPost:
 			createNamespace(client, w, r)
 		case http.MethodGet:
 			getNamespace(client, w, r)
 		case http.MethodDelete:
 			deleteNamespace(client, w, r)
 		case http.MethodPut:
 			updateNamespace(client, w, r)
 		default:
 			w.WriteHeader(http.StatusMethodNotAllowed)
 		}
 	}
 }
 func updateNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	namespaceExists, err := namespaceExists(r.Context(), client, req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !namespaceExists {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	originalLabels, err := client.NamespaceService().Labels(r.Context(), req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !hasOpenFaaSLabel(originalLabels) {
 		http.Error(w, fmt.Sprintf("namespace %s is not an openfaas namespace", req.Name), http.StatusBadRequest)
 		return
 	}
 	var exclusions []string
 	// build exclusions
 	for key, _ := range originalLabels {
 		if _, ok := req.Labels[key]; !ok {
 			exclusions = append(exclusions, key)
 		}
 	}
 	// Call SetLabel with empty string if label is to be removed
 	for _, key := range exclusions {
 		if err := client.NamespaceService().SetLabel(r.Context(), req.Name, key, ""); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 	}
 	// Now add the new labels
 	for key, value := range req.Labels {
 		if err := client.NamespaceService().SetLabel(r.Context(), req.Name, key, value); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 	}
 	w.WriteHeader(http.StatusAccepted)
 }
 func deleteNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	if err := client.NamespaceService().Delete(r.Context(), req.Name); err != nil {
 		if strings.Contains(err.Error(), "not found") {
 			http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 			return
 		}
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	w.WriteHeader(http.StatusAccepted)
 }
 func namespaceExists(ctx context.Context, client *containerd.Client, name string) (bool, error) {
 	ns, err := client.NamespaceService().List(ctx)
 	if err != nil {
 		return false, err
 	}
 	found := false
 	for _, namespace := range ns {
 		if namespace == name {
 			found = true
 			break
 		}
 	}
 	return found, nil
 }
 func getNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	namespaceExists, err := namespaceExists(r.Context(), client, req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !namespaceExists {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	labels, err := client.NamespaceService().Labels(r.Context(), req.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !hasOpenFaaSLabel(labels) {
 		http.Error(w, fmt.Sprintf("namespace %s not found", req.Name), http.StatusNotFound)
 		return
 	}
 	res := types.FunctionNamespace{
 		Name:   req.Name,
 		Labels: labels,
 	}
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 	if err := json.NewEncoder(w).Encode(res); err != nil {
 		log.Printf("Get Namespace error: %s", err)
 	}
 }
 func createNamespace(client *containerd.Client, w http.ResponseWriter, r *http.Request) {
 	req, err := parseNamespaceRequest(r)
 	if err != nil {
 		http.Error(w, err.Error(), err.(*HttpError).Status)
 		return
 	}
 	// Check if namespace exists, and it has the openfaas label
 	namespaces, err := client.NamespaceService().List(r.Context())
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	found := false
 	for _, namespace := range namespaces {
 		if namespace == req.Name {
 			found = true
 			break
 		}
 	}
 	if found {
 		http.Error(w, fmt.Sprintf("namespace %s already exists", req.Name), http.StatusConflict)
 		return
 	}
 	if err := client.NamespaceService().Create(r.Context(), req.Name, req.Labels); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	w.WriteHeader(http.StatusCreated)
 }
 // getNamespace returns a namespace object or an error
 func parseNamespaceRequest(r *http.Request) (types.FunctionNamespace, error) {
 	var req types.FunctionNamespace
 	vars := mux.Vars(r)
 	namespaceInPath := vars["name"]
 	if r.Method == http.MethodGet {
 		if namespaceInPath == "" {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace not specified in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 		return types.FunctionNamespace{
 			Name: namespaceInPath,
 		}, nil
 	}
 	body, _ := io.ReadAll(r.Body)
 	if err := json.Unmarshal(body, &req); err != nil {
 		return req, &HttpError{
 			Err:    fmt.Errorf("error parsing request body: %s", err.Error()),
 			Status: http.StatusBadRequest,
 		}
 	}
 	if r.Method != http.MethodPost {
 		if namespaceInPath == "" {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace not specified in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 		if req.Name != namespaceInPath {
 			return req, &HttpError{
 				Err:    fmt.Errorf("namespace in request body does not match namespace in URL"),
 				Status: http.StatusBadRequest,
 			}
 		}
 	}
 	if req.Name == "" {
 		return req, &HttpError{
 			Err:    fmt.Errorf("namespace not specified in request body"),
 			Status: http.StatusBadRequest,
 		}
 	}
 	if ok := hasOpenFaaSLabel(req.Labels); !ok {
 		return req, &HttpError{
 			Err:    fmt.Errorf("request does not have openfaas=1 label"),
 			Status: http.StatusBadRequest,
 		}
 	}
 	return req, nil
 }
 func hasOpenFaaSLabel(labels map[string]string) bool {
 	if v, ok := labels["openfaas"]; ok && v == "1" {
 		return true
 	}
 	return false
 }
 type HttpError struct {
 	Err    error
 	Status int
 }
 func (e *HttpError) Error() string {
 	return e.Err.Error()
 }
--- a/pkg/provider/handlers/namespaces.go
+++ b/pkg/provider/handlers/namespaces.go
@ -1,18 +0,0 @@
 package handlers
 import (
 	"encoding/json"
 	"net/http"
 	"github.com/containerd/containerd"
 )
 func MakeNamespacesLister(client *containerd.Client) func(w http.ResponseWriter, r *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		list := ListNamespaces(client)
 		body, _ := json.Marshal(list)
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
 		w.Write(body)
 	}
 }
--- a/pkg/provider/handlers/read.go
+++ b/pkg/provider/handlers/read.go
@ -5,8 +5,6 @@ import (
 	"log"
 	"net/http"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"github.com/containerd/containerd"
 	"github.com/openfaas/faas-provider/types"
 )
@ -15,21 +13,8 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 	return func(w http.ResponseWriter, r *http.Request) {
 		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 		// Check if namespace exists, and it has the openfaas label
 		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		res := []types.FunctionStatus{}
-		fns, err := ListFunctions(client, lookupNamespace)
+		fns, err := ListFunctions(client)
 		if err != nil {
 			log.Printf("[Read] error listing functions. Error: %s\n", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
@ -39,33 +24,20 @@ func MakeReadHandler(client *containerd.Client) func(w http.ResponseWriter, r *h
 		for _, fn := range fns {
 			annotations := &fn.annotations
 			labels := &fn.labels
-			memory := resource.NewQuantity(fn.memoryLimit, resource.BinarySI)
+			res = append(res, types.FunctionStatus{
 			status := types.FunctionStatus{
 				Name:        fn.name,
 				Image:       fn.image,
 				Replicas:    uint64(fn.replicas),
 				Namespace:   fn.namespace,
 				Labels:      labels,
 				Annotations: annotations,
-				Secrets:     fn.secrets,
+			})
 				EnvVars:     fn.envVars,
 				EnvProcess:  fn.envProcess,
 				CreatedAt:   fn.createdAt,
 			}
 			// Do not remove below memory check for 0
 			// Memory limit should not be included in status until set explicitly
 			limit := &types.FunctionResources{Memory: memory.String()}
 			if limit.Memory != "0" {
 				status.Limits = limit
 			}
 			res = append(res, status)
 		}
 		body, _ := json.Marshal(res)
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
 		w.Write(body)
 	}
 }
--- a/pkg/provider/handlers/replicas.go
+++ b/pkg/provider/handlers/replicas.go
@ -14,33 +14,15 @@ func MakeReplicaReaderHandler(client *containerd.Client) func(w http.ResponseWri
 	return func(w http.ResponseWriter, r *http.Request) {
 		vars := mux.Vars(r)
 		functionName := vars["name"]
 		lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
-		// Check if namespace exists, and it has the openfaas label
+		if f, err := GetFunction(client, functionName); err == nil {
 		valid, err := validNamespace(client.NamespaceService(), lookupNamespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		if f, err := GetFunction(client, functionName, lookupNamespace); err == nil {
 			found := types.FunctionStatus{
 				Name:              functionName,
 				Image:             f.image,
 				AvailableReplicas: uint64(f.replicas),
 				Replicas:          uint64(f.replicas),
 				Namespace:         f.namespace,
 				Labels:            &f.labels,
 				Annotations:       &f.annotations,
 				Secrets:           f.secrets,
 				EnvVars:           f.envVars,
 				EnvProcess:        f.envProcess,
 				CreatedAt:         f.createdAt,
 			}
 			functionBytes, _ := json.Marshal(found)
--- a/pkg/provider/handlers/scale.go
+++ b/pkg/provider/handlers/scale.go
@ -13,7 +13,7 @@ import (
 	gocni "github.com/containerd/go-cni"
 	"github.com/openfaas/faas-provider/types"
-	"github.com/openfaas/faasd/pkg"
+	faasd "github.com/openfaas/faasd/pkg"
 )
 func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w http.ResponseWriter, r *http.Request) {
@ -31,40 +31,25 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		log.Printf("[Scale] request: %s\n", string(body))
 		req := types.ScaleServiceRequest{}
-		if err := json.Unmarshal(body, &req); err != nil {
+		err := json.Unmarshal(body, &req)
 		if err != nil {
 			log.Printf("[Scale] error parsing input: %s\n", err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		namespace := req.Namespace
 		if namespace == "" {
 			namespace = pkg.DefaultFunctionNamespace
 		}
 		// Check if namespace exists, and it has the openfaas label
 		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		name := req.ServiceName
-		if _, err := GetFunction(client, name, namespace); err != nil {
+		if _, err := GetFunction(client, name); err != nil {
 			msg := fmt.Sprintf("service %s not found", name)
 			log.Printf("[Scale] %s\n", msg)
 			http.Error(w, msg, http.StatusNotFound)
 			return
 		}
-		ctx := namespaces.WithNamespace(context.Background(), namespace)
+		ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
 		ctr, ctrErr := client.LoadContainer(ctx, name)
 		if ctrErr != nil {
@ -133,7 +118,7 @@ func MakeReplicaUpdateHandler(client *containerd.Client, cni gocni.CNI) func(w h
 		}
 		if createNewTask {
-			deployErr := createTask(ctx, ctr, cni)
+			deployErr := createTask(ctx, client, ctr, cni)
 			if deployErr != nil {
 				log.Printf("[Scale] error deploying %s, error: %s\n", name, deployErr)
 				http.Error(w, deployErr.Error(), http.StatusBadRequest)
--- a/pkg/provider/handlers/secret.go
+++ b/pkg/provider/handlers/secret.go
@ -10,14 +10,13 @@ import (
 	"path"
 	"strings"
 	"github.com/containerd/containerd"
 	"github.com/openfaas/faas-provider/types"
 	provider "github.com/openfaas/faasd/pkg/provider"
 )
 const secretFilePermission = 0644
 const secretDirPermission = 0755
-func MakeSecretHandler(store provider.Labeller, mountPath string) func(w http.ResponseWriter, r *http.Request) {
+func MakeSecretHandler(c *containerd.Client, mountPath string) func(w http.ResponseWriter, r *http.Request) {
 	err := os.MkdirAll(mountPath, secretFilePermission)
 	if err != nil {
@ -31,13 +30,13 @@ func MakeSecretHandler(store provider.Labeller, mountPath string) func(w http.Re
 		switch r.Method {
 		case http.MethodGet:
-			listSecrets(store, w, r, mountPath)
+			listSecrets(c, w, r, mountPath)
 		case http.MethodPost:
-			createSecret(w, r, mountPath)
+			createSecret(c, w, r, mountPath)
 		case http.MethodPut:
-			createSecret(w, r, mountPath)
+			createSecret(c, w, r, mountPath)
 		case http.MethodDelete:
-			deleteSecret(w, r, mountPath)
+			deleteSecret(c, w, r, mountPath)
 		default:
 			w.WriteHeader(http.StatusBadRequest)
 			return
@ -46,46 +45,23 @@ func MakeSecretHandler(store provider.Labeller, mountPath string) func(w http.Re
 	}
 }
-func listSecrets(store provider.Labeller, w http.ResponseWriter, r *http.Request, mountPath string) {
+func listSecrets(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
-
+	files, err := ioutil.ReadDir(mountPath)
 	lookupNamespace := getRequestNamespace(readNamespaceFromQuery(r))
 	// Check if namespace exists, and it has the openfaas label
 	valid, err := validNamespace(store, lookupNamespace)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	if !valid {
 		http.Error(w, "namespace not valid", http.StatusBadRequest)
 		return
 	}
 	mountPath = getNamespaceSecretMountPath(mountPath, lookupNamespace)
 	files, err := os.ReadDir(mountPath)
 	if os.IsNotExist(err) {
 		bytesOut, _ := json.Marshal([]types.Secret{})
 		w.Write(bytesOut)
 		return
 	}
 	if err != nil {
 		fmt.Printf("Error Occured: %s \n", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	secrets := []types.Secret{}
 	for _, f := range files {
-		secrets = append(secrets, types.Secret{Name: f.Name(), Namespace: lookupNamespace})
+		secrets = append(secrets, types.Secret{Name: f.Name()})
 	}
 	bytesOut, _ := json.Marshal(secrets)
 	w.Write(bytesOut)
 }
-func createSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
+func createSecret(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
 	secret, err := parseSecret(r)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
@ -93,30 +69,7 @@ func createSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 		return
 	}
-	err = validateSecret(secret)
+	err = ioutil.WriteFile(path.Join(mountPath, secret.Name), []byte(secret.Value), secretFilePermission)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	log.Printf("[secret] is valid: %q", secret.Name)
 	namespace := getRequestNamespace(secret.Namespace)
 	mountPath = getNamespaceSecretMountPath(mountPath, namespace)
 	err = os.MkdirAll(mountPath, secretDirPermission)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	data := secret.RawValue
 	if len(data) == 0 {
 		data = []byte(secret.Value)
 	}
 	err = ioutil.WriteFile(path.Join(mountPath, secret.Name), data, secretFilePermission)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
@ -125,7 +78,7 @@ func createSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 	}
 }
-func deleteSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
+func deleteSecret(c *containerd.Client, w http.ResponseWriter, r *http.Request, mountPath string) {
 	secret, err := parseSecret(r)
 	if err != nil {
 		log.Printf("[secret] error %s", err.Error())
@ -133,9 +86,6 @@ func deleteSecret(w http.ResponseWriter, r *http.Request, mountPath string) {
 		return
 	}
 	namespace := getRequestNamespace(readNamespaceFromQuery(r))
 	mountPath = getNamespaceSecretMountPath(mountPath, namespace)
 	err = os.Remove(path.Join(mountPath, secret.Name))
 	if err != nil {
@ -157,6 +107,10 @@ func parseSecret(r *http.Request) (types.Secret, error) {
 		return secret, err
 	}
 	if isTraversal(secret.Name) {
 		return secret, fmt.Errorf(traverseErrorSt)
 	}
 	return secret, err
 }
@ -166,13 +120,3 @@ func isTraversal(name string) bool {
 	return strings.Contains(name, fmt.Sprintf("%s", string(os.PathSeparator))) ||
 		strings.Contains(name, "..")
 }
 func validateSecret(secret types.Secret) error {
 	if strings.TrimSpace(secret.Name) == "" {
 		return fmt.Errorf("non-empty name is required")
 	}
 	if isTraversal(secret.Name) {
 		return fmt.Errorf(traverseErrorSt)
 	}
 	return nil
 }
--- a/pkg/provider/handlers/secret_test.go
+++ b/pkg/provider/handlers/secret_test.go
@ -1,252 +1,63 @@
 package handlers
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"reflect"
 	"strings"
 	"testing"
 	"github.com/openfaas/faas-provider/types"
 	"github.com/openfaas/faasd/pkg"
 	provider "github.com/openfaas/faasd/pkg/provider"
 )
-func Test_parseSecret(t *testing.T) {
+func Test_parseSecretValidName(t *testing.T) {
 	cases := []struct {
 		name      string
 		payload   string
 		expError  string
 		expSecret types.Secret
 	}{
 		{
 			name:      "no error when name is valid without extention and with no traversal",
 			payload:   `{"name": "authorized_keys", "value": "foo"}`,
 			expSecret: types.Secret{Name: "authorized_keys", Value: "foo"},
 		},
 		{
 			name:      "no error when name is valid and parses RawValue correctly",
 			payload:   `{"name": "authorized_keys", "rawValue": "YmFy"}`,
 			expSecret: types.Secret{Name: "authorized_keys", RawValue: []byte("bar")},
 		},
 		{
 			name:      "no error when name is valid with dot and with no traversal",
 			payload:   `{"name": "authorized.keys", "value": "foo"}`,
 			expSecret: types.Secret{Name: "authorized.keys", Value: "foo"},
 		},
 	}
-	for _, tc := range cases {
+	s := types.Secret{Name: "authorized_keys"}
-		t.Run(tc.name, func(t *testing.T) {
+	body, _ := json.Marshal(s)
-			reader := strings.NewReader(tc.payload)
+	reader := bytes.NewReader(body)
-			r := httptest.NewRequest(http.MethodPost, "/", reader)
+	r := httptest.NewRequest(http.MethodPost, "/", reader)
-			secret, err := parseSecret(r)
+	_, err := parseSecret(r)
 			if err != nil && tc.expError == "" {
 				t.Fatalf("unexpected error: %s", err)
 				return
 			}
 			if tc.expError != "" {
 				if err == nil {
 					t.Fatalf("expected error: %s, got nil", tc.expError)
 				}
 				if err.Error() != tc.expError {
 					t.Fatalf("expected error: %s, got: %s", tc.expError, err)
 				}
 				return
 			}
 			if !reflect.DeepEqual(secret, tc.expSecret) {
 				t.Fatalf("expected secret: %+v, got: %+v", tc.expSecret, secret)
 			}
 		})
 	}
 }
 func TestSecretCreation(t *testing.T) {
 	mountPath, err := os.MkdirTemp("", "test_secret_creation")
 	if err != nil {
-		t.Fatalf("unexpected error while creating temp directory: %s", err)
+		t.Fatalf("secret name is valid with no traversal characters")
 	}
 	defer os.RemoveAll(mountPath)
 	handler := MakeSecretHandler(nil, mountPath)
 	cases := []struct {
 		name       string
 		verb       string
 		payload    string
 		status     int
 		secretPath string
 		secret     string
 		err        string
 	}{
 		{
 			name:    "returns error when the name contains a traversal",
 			verb:    http.MethodPost,
 			payload: `{"name": "/root/.ssh/authorized_keys", "value": "foo"}`,
 			status:  http.StatusBadRequest,
 			err:     "directory traversal found in name\n",
 		},
 		{
 			name:    "returns error when the name contains a traversal",
 			verb:    http.MethodPost,
 			payload: `{"name": "..", "value": "foo"}`,
 			status:  http.StatusBadRequest,
 			err:     "directory traversal found in name\n",
 		},
 		{
 			name:    "empty request returns a validation error",
 			verb:    http.MethodPost,
 			payload: `{}`,
 			status:  http.StatusBadRequest,
 			err:     "non-empty name is required\n",
 		},
 		{
 			name:       "can create secret from string",
 			verb:       http.MethodPost,
 			payload:    `{"name": "foo", "value": "bar"}`,
 			status:     http.StatusOK,
 			secretPath: "/openfaas-fn/foo",
 			secret:     "bar",
 		},
 		{
 			name:       "can create secret from raw value",
 			verb:       http.MethodPost,
 			payload:    `{"name": "foo", "rawValue": "YmFy"}`,
 			status:     http.StatusOK,
 			secretPath: "/openfaas-fn/foo",
 			secret:     "bar",
 		},
 		{
 			name:       "can create secret in non-default namespace from raw value",
 			verb:       http.MethodPost,
 			payload:    `{"name": "pity", "rawValue": "dGhlIGZvbw==", "namespace": "a-team"}`,
 			status:     http.StatusOK,
 			secretPath: "/a-team/pity",
 			secret:     "the foo",
 		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			req := httptest.NewRequest(tc.verb, "http://example.com/foo", strings.NewReader(tc.payload))
 			w := httptest.NewRecorder()
 			handler(w, req)
 			resp := w.Result()
 			if resp.StatusCode != tc.status {
 				t.Logf("response body: %s", w.Body.String())
 				t.Fatalf("expected status: %d, got: %d", tc.status, resp.StatusCode)
 			}
 			if resp.StatusCode != http.StatusOK && w.Body.String() != tc.err {
 				t.Fatalf("expected error message: %q, got %q", tc.err, w.Body.String())
 			}
 			if tc.secretPath != "" {
 				data, err := os.ReadFile(filepath.Join(mountPath, tc.secretPath))
 				if err != nil {
 					t.Fatalf("can not read the secret from disk: %s", err)
 				}
 				if string(data) != tc.secret {
 					t.Fatalf("expected secret value: %s, got %s", tc.secret, string(data))
 				}
 			}
 		})
 	}
 }
-func TestListSecrets(t *testing.T) {
+func Test_parseSecretValidNameWithDot(t *testing.T) {
-	mountPath, err := os.MkdirTemp("", "test_secret_creation")
+
 	s := types.Secret{Name: "authorized.keys"}
 	body, _ := json.Marshal(s)
 	reader := bytes.NewReader(body)
 	r := httptest.NewRequest(http.MethodPost, "/", reader)
 	_, err := parseSecret(r)
 	if err != nil {
-		t.Fatalf("unexpected error while creating temp directory: %s", err)
+		t.Fatalf("secret name is valid with no traversal characters")
-	}
+	}
-
+}
-	defer os.RemoveAll(mountPath)
+
-
+func Test_parseSecretWithTraversalWithSlash(t *testing.T) {
-	cases := []struct {
+
-		name       string
+	s := types.Secret{Name: "/root/.ssh/authorized_keys"}
-		verb       string
+	body, _ := json.Marshal(s)
-		namespace  string
+	reader := bytes.NewReader(body)
-		labels     map[string]string
+	r := httptest.NewRequest(http.MethodPost, "/", reader)
-		status     int
+	_, err := parseSecret(r)
-		secretPath string
+
-		secret     string
+	if err == nil {
-		err        string
+		t.Fatalf("secret name should fail due to path traversal")
-		expected   []types.Secret
+	}
-	}{
+}
-		{
+
-			name:       "Get empty secret list for default namespace having no secret",
+func Test_parseSecretWithTraversalWithDoubleDot(t *testing.T) {
-			verb:       http.MethodGet,
+
-			status:     http.StatusOK,
+	s := types.Secret{Name: ".."}
-			secretPath: "/test-fn/foo",
+	body, _ := json.Marshal(s)
-			secret:     "bar",
+	reader := bytes.NewReader(body)
-			expected:   make([]types.Secret, 0),
+	r := httptest.NewRequest(http.MethodPost, "/", reader)
-		},
+	_, err := parseSecret(r)
-		{
+
-			name:       "Get empty secret list for non-default namespace having no secret",
+	if err == nil {
-			verb:       http.MethodGet,
+		t.Fatalf("secret name should fail due to path traversal")
 			status:     http.StatusOK,
 			secretPath: "/test-fn/foo",
 			secret:     "bar",
 			expected:   make([]types.Secret, 0),
 			namespace:  "other-ns",
 			labels: map[string]string{
 				pkg.NamespaceLabel: "true",
 			},
 		},
 	}
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
 			labelStore := provider.NewFakeLabeller(tc.labels)
 			handler := MakeSecretHandler(labelStore, mountPath)
 			path := "http://example.com/foo"
 			if len(tc.namespace) > 0 {
 				path = path + fmt.Sprintf("?namespace=%s", tc.namespace)
 			}
 			req := httptest.NewRequest(tc.verb, path, nil)
 			w := httptest.NewRecorder()
 			handler(w, req)
 			resp := w.Result()
 			if resp.StatusCode != tc.status {
 				t.Fatalf("want status: %d, but got: %d", tc.status, resp.StatusCode)
 			}
 			if resp.StatusCode != http.StatusOK && w.Body.String() != tc.err {
 				t.Fatalf("want error message: %q, but got %q", tc.err, w.Body.String())
 			}
 			body, err := ioutil.ReadAll(resp.Body)
 			if err != nil {
 				t.Fatalf("can't read response of list %v", err)
 			}
 			var res []types.Secret
 			err = json.Unmarshal(body, &res)
 			if err != nil {
 				t.Fatalf("unable to unmarshal %q, error: %v", string(body), err)
 			}
 			if !reflect.DeepEqual(res, tc.expected) {
 				t.Fatalf("want response: %v, but got: %v", tc.expected, res)
 			}
 		})
 	}
 }
--- a/pkg/provider/handlers/update.go
+++ b/pkg/provider/handlers/update.go
@ -13,6 +13,7 @@ import (
 	gocni "github.com/containerd/go-cni"
 	"github.com/openfaas/faas-provider/types"
 	faasd "github.com/openfaas/faasd/pkg"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 )
@ -40,23 +41,8 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 			return
 		}
 		name := req.Service
 		namespace := getRequestNamespace(req.Namespace)
-		// Check if namespace exists, and it has the openfaas label
+		function, err := GetFunction(client, name)
 		valid, err := validNamespace(client.NamespaceService(), namespace)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		if !valid {
 			http.Error(w, "namespace not valid", http.StatusBadRequest)
 			return
 		}
 		namespaceSecretMountPath := getNamespaceSecretMountPath(secretMountPath, namespace)
 		function, err := GetFunction(client, name, namespace)
 		if err != nil {
 			msg := fmt.Sprintf("service %s not found", name)
 			log.Printf("[Update] %s\n", msg)
@ -64,12 +50,12 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 			return
 		}
-		err = validateSecrets(namespaceSecretMountPath, req.Secrets)
+		err = validateSecrets(secretMountPath, req.Secrets)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 		}
-		ctx := namespaces.WithNamespace(context.Background(), namespace)
+		ctx := namespaces.WithNamespace(context.Background(), faasd.FunctionNamespace)
 		if _, err := prepull(ctx, req, client, alwaysPull); err != nil {
 			log.Printf("[Update] error with pre-pull: %s, %s\n", name, err)
@ -92,7 +78,7 @@ func MakeUpdateHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
 		// The pull has already been done in prepull, so we can force this pull to "false"
 		pull := false
-		if err := deploy(ctx, req, client, cni, namespaceSecretMountPath, pull); err != nil {
+		if err := deploy(ctx, req, client, cni, secretMountPath, pull); err != nil {
 			log.Printf("[Update] error deploying %s, error: %s\n", name, err)
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
--- a/pkg/provider/handlers/utils.go
+++ b/pkg/provider/handlers/utils.go
@ -1,48 +0,0 @@
 package handlers
 import (
 	"context"
 	"net/http"
 	"path"
 	"github.com/openfaas/faasd/pkg"
 	faasd "github.com/openfaas/faasd/pkg"
 	provider "github.com/openfaas/faasd/pkg/provider"
 )
 func getRequestNamespace(namespace string) string {
 	if len(namespace) > 0 {
 		return namespace
 	}
 	return faasd.DefaultFunctionNamespace
 }
 func readNamespaceFromQuery(r *http.Request) string {
 	q := r.URL.Query()
 	return q.Get("namespace")
 }
 func getNamespaceSecretMountPath(userSecretPath string, namespace string) string {
 	return path.Join(userSecretPath, namespace)
 }
 // validNamespace indicates whether the namespace is eligable to be
 // used for OpenFaaS functions.
 func validNamespace(store provider.Labeller, namespace string) (bool, error) {
 	if namespace == faasd.DefaultFunctionNamespace {
 		return true, nil
 	}
 	labels, err := store.Labels(context.Background(), namespace)
 	if err != nil {
 		return false, err
 	}
 	// check for true to keep it backward compatible
 	if value, found := labels[pkg.NamespaceLabel]; found && (value == "true" || value == "1") {
 		return true, nil
 	}
 	return false, nil
 }
--- a/pkg/provider/handlers/utils_test.go
+++ b/pkg/provider/handlers/utils_test.go
@ -1,75 +0,0 @@
 package handlers
 import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 	faasd "github.com/openfaas/faasd/pkg"
 )
 func Test_getRequestNamespace(t *testing.T) {
 	tables := []struct {
 		name              string
 		requestNamespace  string
 		expectedNamespace string
 	}{
 		{name: "RequestNamespace is not provided", requestNamespace: "", expectedNamespace: faasd.DefaultFunctionNamespace},
 		{name: "RequestNamespace is provided", requestNamespace: "user-namespace", expectedNamespace: "user-namespace"},
 	}
 	for _, tc := range tables {
 		t.Run(tc.name, func(t *testing.T) {
 			actualNamespace := getRequestNamespace(tc.requestNamespace)
 			if actualNamespace != tc.expectedNamespace {
 				t.Errorf("Want: %s, got: %s", actualNamespace, tc.expectedNamespace)
 			}
 		})
 	}
 }
 func Test_getNamespaceSecretMountPath(t *testing.T) {
 	userSecretPath := "/var/openfaas/secrets"
 	tables := []struct {
 		name               string
 		requestNamespace   string
 		expectedSecretPath string
 	}{
 		{name: "Default Namespace is provided", requestNamespace: faasd.DefaultFunctionNamespace, expectedSecretPath: "/var/openfaas/secrets/" + faasd.DefaultFunctionNamespace},
 		{name: "User Namespace is provided", requestNamespace: "user-namespace", expectedSecretPath: "/var/openfaas/secrets/user-namespace"},
 	}
 	for _, tc := range tables {
 		t.Run(tc.name, func(t *testing.T) {
 			actualNamespace := getNamespaceSecretMountPath(userSecretPath, tc.requestNamespace)
 			if actualNamespace != tc.expectedSecretPath {
 				t.Errorf("Want: %s, got: %s", actualNamespace, tc.expectedSecretPath)
 			}
 		})
 	}
 }
 func Test_readNamespaceFromQuery(t *testing.T) {
 	tables := []struct {
 		name              string
 		queryNamespace    string
 		expectedNamespace string
 	}{
 		{name: "No Namespace is provided", queryNamespace: "", expectedNamespace: ""},
 		{name: "User Namespace is provided", queryNamespace: "user-namespace", expectedNamespace: "user-namespace"},
 	}
 	for _, tc := range tables {
 		t.Run(tc.name, func(t *testing.T) {
 			url := fmt.Sprintf("/test?namespace=%s", tc.queryNamespace)
 			r := httptest.NewRequest(http.MethodGet, url, nil)
 			actualNamespace := readNamespaceFromQuery(r)
 			if actualNamespace != tc.expectedNamespace {
 				t.Errorf("Want: %s, got: %s", actualNamespace, tc.expectedNamespace)
 			}
 		})
 	}
 }
--- a/pkg/provider/labeller.go
+++ b/pkg/provider/labeller.go
@ -1,25 +0,0 @@
 package provider
 import "context"
 // Labeller can return labels for a namespace from containerd.
 type Labeller interface {
 	Labels(ctx context.Context, namespace string) (map[string]string, error)
 }
 //
 // FakeLabeller can be used to fake labels applied on namespace to mark
 // them valid/invalid for openfaas functions
 type FakeLabeller struct {
 	labels map[string]string
 }
 func NewFakeLabeller(labels map[string]string) Labeller {
 	return &FakeLabeller{
 		labels: labels,
 	}
 }
 func (s *FakeLabeller) Labels(ctx context.Context, namespace string) (map[string]string, error) {
 	return s.labels, nil
 }
--- a/pkg/service/service.go
+++ b/pkg/service/service.go
@ -27,34 +27,31 @@ func Remove(ctx context.Context, client *containerd.Client, name string) error {
 	container, containerErr := client.LoadContainer(ctx, name)
 	if containerErr == nil {
-		taskFound := true
+		found := true
 		t, err := container.Task(ctx, nil)
 		if err != nil {
 			if errdefs.IsNotFound(err) {
-				taskFound = false
+				found = false
 			} else {
-				return fmt.Errorf("unable to get task %w: ", err)
+				return fmt.Errorf("unable to get task %s: ", err)
 			}
 		}
-		if taskFound {
+		if found {
-			status, err := t.Status(ctx)
+			status, _ := t.Status(ctx)
 			fmt.Printf("Status of %s is: %s\n", name, status.Status)
 			log.Printf("Need to kill %s\n", name)
 			err := killTask(ctx, t)
 			if err != nil {
-				log.Printf("Unable to get status for: %s, error: %s", name, err.Error())
+				return fmt.Errorf("error killing task %s, %s, %s", container.ID(), name, err)
 			} else {
 				log.Printf("Status of %s is: %s\n", name, status.Status)
 			}
 			log.Printf("Need to kill task: %s\n", name)
 			if err = killTask(ctx, t); err != nil {
 				return fmt.Errorf("error killing task %s, %s, %w", container.ID(), name, err)
 			}
 		}
-		if err := container.Delete(ctx, containerd.WithSnapshotCleanup); err != nil {
+		err = container.Delete(ctx, containerd.WithSnapshotCleanup)
-			return fmt.Errorf("error deleting container %s, %s, %w", container.ID(), name, err)
+		if err != nil {
 			return fmt.Errorf("error deleting container %s, %s, %s", container.ID(), name, err)
 		}
 	} else {
 		service := client.SnapshotService("")
 		key := name + "snapshot"
@ -73,16 +70,14 @@ func killTask(ctx context.Context, task containerd.Task) error {
 	wg := &sync.WaitGroup{}
 	wg.Add(1)
 	var err error
 	go func() {
 		defer wg.Done()
 		if task != nil {
 			wait, err := task.Wait(ctx)
 			if err != nil {
-				log.Printf("error waiting on task: %s", err)
+				err = fmt.Errorf("error waiting on task: %s", err)
 				return
 			}
 			if err := task.Kill(ctx, unix.SIGTERM, containerd.WithKillAll); err != nil {
 				log.Printf("error killing container task: %s", err)
 			}
@ -119,7 +114,6 @@ func getResolver(ctx context.Context, configFile *configfile.ConfigFile) (remote
 		}
 		return ac.Username, ac.Password, nil
 	}
 	authOpts := []docker.AuthorizerOpt{docker.WithAuthCreds(credFunc)}
 	authorizer := docker.NewDockerAuthorizer(authOpts...)
 	opts := docker.ResolverOptions{
@ -134,7 +128,7 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		resolver remotes.Resolver
 	)
-	if _, statErr := os.Stat(filepath.Join(dockerConfigDir, config.ConfigFileName)); statErr == nil {
+	if _, stErr := os.Stat(filepath.Join(dockerConfigDir, config.ConfigFileName)); stErr == nil {
 		configFile, err := config.Load(dockerConfigDir)
 		if err != nil {
 			return nil, err
@ -143,8 +137,8 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		if err != nil {
 			return empty, err
 		}
-	} else if !os.IsNotExist(statErr) {
+	} else if !os.IsNotExist(stErr) {
-		return empty, statErr
+		return empty, stErr
 	}
 	var image containerd.Image
@ -156,6 +150,7 @@ func PrepareImage(ctx context.Context, client *containerd.Client, imageName, sna
 		image = img
 	} else {
 		img, err := client.GetImage(ctx, imageName)
 		if err != nil {
 			if !errdefs.IsNotFound(err) {
@ -192,11 +187,9 @@ func pullImage(ctx context.Context, client *containerd.Client, resolver remotes.
 	rOpts := []containerd.RemoteOpt{
 		containerd.WithPullUnpack,
 	}
 	if resolver != nil {
 		rOpts = append(rOpts, containerd.WithResolver(resolver))
 	}
 	img, err := client.Pull(ctx, imageName, rOpts...)
 	if err != nil {
 		return empty, fmt.Errorf("cannot pull: %s", err)
--- a/pkg/supervisor.go
+++ b/pkg/supervisor.go
@ -8,10 +8,8 @@ import (
 	"os"
 	"path"
 	"sort"
 	"strconv"
 	"strings"
-	"github.com/alexellis/arkade/pkg/env"
+	"github.com/alexellis/k3sup/pkg/env"
 	"github.com/compose-spec/compose-go/loader"
 	compose "github.com/compose-spec/compose-go/types"
 	"github.com/containerd/containerd"
@ -19,19 +17,20 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/oci"
 	gocni "github.com/containerd/go-cni"
 	"github.com/docker/distribution/reference"
 	"github.com/openfaas/faasd/pkg/cninetwork"
 	"github.com/openfaas/faasd/pkg/service"
 	"github.com/pkg/errors"
 	"github.com/containerd/containerd/namespaces"
 	units "github.com/docker/go-units"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 const (
-	// workingDirectoryPermission user read/write/execute, group and others: read-only
+	defaultSnapshotter         = "overlayfs"
-	workingDirectoryPermission = 0744
+	workingDirectoryPermission = 0644
 	// faasdNamespace is the containerd namespace services are created
 	faasdNamespace         = "default"
 	faasServicesPullAlways = false
 )
 type Service struct {
@ -57,14 +56,8 @@ type ServicePort struct {
 }
 type Mount struct {
-	// Src relative to the working directory for faasd
+	Src  string
 	Src string
 	// Dest is the absolute path within the container
 	Dest string
 	// ReadOnly when set to true indicates the mount will be set to "ro" instead of "rw"
 	ReadOnly bool
 }
 type Supervisor struct {
@ -90,7 +83,7 @@ func NewSupervisor(sock string) (*Supervisor, error) {
 }
 func (s *Supervisor) Start(svcs []Service) error {
-	ctx := namespaces.WithNamespace(context.Background(), FaasdNamespace)
+	ctx := namespaces.WithNamespace(context.Background(), faasdNamespace)
 	wd, _ := os.Getwd()
@ -114,20 +107,13 @@ func (s *Supervisor) Start(svcs []Service) error {
 	for _, svc := range svcs {
 		fmt.Printf("Preparing %s with image: %s\n", svc.Name, svc.Image)
-		r, err := reference.ParseNormalizedNamed(svc.Image)
+		img, err := service.PrepareImage(ctx, s.client, svc.Image, defaultSnapshotter, faasServicesPullAlways)
 		if err != nil {
 			return err
 		}
 		imgRef := reference.TagNameOnly(r).String()
 		img, err := service.PrepareImage(ctx, s.client, imgRef, defaultSnapshotter, faasServicesPullAlways)
 		if err != nil {
 			return err
 		}
 		images[svc.Name] = img
 		size, _ := img.Size(ctx)
-		fmt.Printf("Prepare done for: %s, %s\n", svc.Image, units.HumanSize(float64(size)))
+		fmt.Printf("Prepare done for: %s, %d bytes\n", svc.Image, size)
 	}
 	for _, svc := range svcs {
@ -157,41 +143,12 @@ func (s *Supervisor) Start(svcs []Service) error {
 		mounts := []specs.Mount{}
 		if len(svc.Mounts) > 0 {
 			for _, mnt := range svc.Mounts {
 				var options = []string{"rbind"}
 				if mnt.ReadOnly {
 					options = append(options, "ro")
 				} else {
 					options = append(options, "rw")
 				}
 				mounts = append(mounts, specs.Mount{
 					Source:      mnt.Src,
 					Destination: mnt.Dest,
 					Type:        "bind",
-					Options:     options,
+					Options:     []string{"rbind", "rw"},
 				})
 				// Only create directories, not files.
 				// Some files don't have a suffix, such as secrets.
 				if len(path.Ext(mnt.Src)) == 0 &&
 					!strings.HasPrefix(mnt.Src, "/var/lib/faasd/secrets/") {
 					// src is already prefixed with wd from an earlier step
 					src := mnt.Src
 					fmt.Printf("Creating local directory: %s\n", src)
 					if err := os.MkdirAll(src, workingDirectoryPermission); err != nil {
 						if !errors.Is(os.ErrExist, err) {
 							fmt.Printf("Unable to create: %s, %s\n", src, err)
 						}
 					}
 					if len(svc.User) > 0 {
 						uid, err := strconv.Atoi(svc.User)
 						if err == nil {
 							if err := os.Chown(src, uid, -1); err != nil {
 								fmt.Printf("Unable to chown: %s to %d, error: %s\n", src, uid, err)
 							}
 						}
 					}
 				}
 			}
 		}
@ -219,7 +176,6 @@ func (s *Supervisor) Start(svcs []Service) error {
 			containerd.WithImage(image),
 			containerd.WithNewSnapshot(svc.Name+"-snapshot", image),
 			containerd.WithNewSpec(oci.WithImageConfig(image),
 				oci.WithHostname(svc.Name),
 				withUserOrDefault(svc.User),
 				oci.WithCapabilities(svc.Caps),
 				oci.WithMounts(mounts),
@ -241,19 +197,19 @@ func (s *Supervisor) Start(svcs []Service) error {
 		}
 		labels := map[string]string{}
-		_, err = cninetwork.CreateCNINetwork(ctx, s.cni, task, labels)
+		network, err := cninetwork.CreateCNINetwork(ctx, s.cni, task, labels)
 		if err != nil {
 			log.Printf("Error creating CNI for %s: %s", svc.Name, err)
 			return err
 		}
-		ip, err := cninetwork.GetIPAddress(svc.Name, task.Pid())
+		ip, err := cninetwork.GetIPAddress(network, task)
 		if err != nil {
 			log.Printf("Error getting IP for %s: %s", svc.Name, err)
 			return err
 		}
-		log.Printf("%s has IP: %s\n", newContainer.ID(), ip)
+		log.Printf("%s has IP: %s\n", newContainer.ID(), ip.String())
 		hosts, err := ioutil.ReadFile("hosts")
 		if err != nil {
@ -290,7 +246,7 @@ func (s *Supervisor) Close() {
 }
 func (s *Supervisor) Remove(svcs []Service) error {
-	ctx := namespaces.WithNamespace(context.Background(), FaasdNamespace)
+	ctx := namespaces.WithNamespace(context.Background(), faasdNamespace)
 	for _, svc := range svcs {
 		err := cninetwork.DeleteCNINetwork(ctx, s.cni, s.client, svc.Name)
@ -355,9 +311,8 @@ func ParseCompose(config *compose.Config) ([]Service, error) {
 				return nil, errors.Errorf("unsupported volume mount type '%s' when parsing service '%s'", v.Type, s.Name)
 			}
 			mounts = append(mounts, Mount{
-				Src:      v.Source,
+				Src:  v.Source,
-				Dest:     v.Target,
+				Dest: v.Target,
 				ReadOnly: v.ReadOnly,
 			})
 		}
--- a/pkg/supervisor_test.go
+++ b/pkg/supervisor_test.go
@ -180,7 +180,7 @@ func equalMountSlice(t *testing.T, want, found []Mount) {
 	for i := range want {
 		if !reflect.DeepEqual(want[i], found[i]) {
-			t.Fatalf("unexpected value at postition %d: want %v, got %v", i, want[i], found[i])
+			t.Fatalf("unexpected value at postition %d: want %s, got %s", i, want[i], found[i])
 		}
 	}
 }
--- a/pkg/systemd/systemd.go
+++ b/pkg/systemd/systemd.go
@ -2,23 +2,21 @@ package systemd
 import (
 	"bytes"
 	"context"
 	"fmt"
 	"os"
 	"path/filepath"
 	"text/template"
-	execute "github.com/alexellis/go-execute/v2"
+	execute "github.com/alexellis/go-execute/pkg/v1"
 )
 func Enable(unit string) error {
-	task := execute.ExecTask{
+	task := execute.ExecTask{Command: "systemctl",
 		Command:     "systemctl",
 		Args:        []string{"enable", unit},
 		StreamStdio: false,
 	}
-	res, err := task.Execute(context.Background())
+	res, err := task.Execute()
 	if err != nil {
 		return err
 	}
@ -31,13 +29,12 @@ func Enable(unit string) error {
 }
 func Start(unit string) error {
-	task := execute.ExecTask{
+	task := execute.ExecTask{Command: "systemctl",
 		Command:     "systemctl",
 		Args:        []string{"start", unit},
 		StreamStdio: false,
 	}
-	res, err := task.Execute(context.Background())
+	res, err := task.Execute()
 	if err != nil {
 		return err
 	}
@ -50,13 +47,12 @@ func Start(unit string) error {
 }
 func DaemonReload() error {
-	task := execute.ExecTask{
+	task := execute.ExecTask{Command: "systemctl",
 		Command:     "systemctl",
 		Args:        []string{"daemon-reload"},
 		StreamStdio: false,
 	}
-	res, err := task.Execute(context.Background())
+	res, err := task.Execute()
 	if err != nil {
 		return err
 	}
@ -75,20 +71,23 @@ func InstallUnit(name string, tokens map[string]string) error {
 	tmplName := "./hack/" + name + ".service"
 	tmpl, err := template.ParseFiles(tmplName)
 	if err != nil {
 		return fmt.Errorf("error loading template %s, error %s", tmplName, err)
 	}
 	var tpl bytes.Buffer
-	if err := tmpl.Execute(&tpl, tokens); err != nil {
+	err = tmpl.Execute(&tpl, tokens)
 	if err != nil {
 		return err
 	}
-	if err := writeUnit(name+".service", tpl.Bytes()); err != nil {
+	err = writeUnit(name+".service", tpl.Bytes())
 	if err != nil {
 		return err
 	}
 	return nil
 }
@ -97,12 +96,7 @@ func writeUnit(name string, data []byte) error {
 	if err != nil {
 		return err
 	}
 	defer f.Close()
-
+	_, err = f.Write(data)
-	if _, err := f.Write(data); err != nil {
+	return err
 		return err
 	}
 	return nil
 }
--- a/prometheus.yml
+++ b/prometheus.yml
@ -26,7 +26,3 @@ scrape_configs:
  - job_name: 'gateway'
    static_configs:
    - targets: ['gateway:8082']
  - job_name: 'provider'
    static_configs:
    - targets: ['faasd-provider:8081']
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/README.md
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/README.md
@ -1,93 +0,0 @@
 # go-fuzz-headers
 This repository contains various helper functions for go fuzzing. It is mostly used in combination with [go-fuzz](https://github.com/dvyukov/go-fuzz), but compatibility with fuzzing in the standard library will also be supported. Any coverage guided fuzzing engine that provides an array or slice of bytes can be used with go-fuzz-headers.
 ## Usage
 Using go-fuzz-headers is easy. First create a new consumer with the bytes provided by the fuzzing engine:
 ```go
 import (
 	fuzz "github.com/AdaLogics/go-fuzz-headers"
 )
 data := []byte{'R', 'a', 'n', 'd', 'o', 'm'}
 f := fuzz.NewConsumer(data)
 ```
 This creates a `Consumer` that consumes the bytes of the input as it uses them to fuzz different types.
 After that, `f` can be used to easily create fuzzed instances of different types. Below are some examples:
 ### Structs
 One of the most useful features of go-fuzz-headers is its ability to fill structs with the data provided by the fuzzing engine. This is done with a single line:
 ```go
 type Person struct {
    Name string
    Age  int
 }
 p := Person{}
 // Fill p with values based on the data provided by the fuzzing engine:
 err := f.GenerateStruct(&p)
 ```
 This includes nested structs too. In this example, the fuzz Consumer will also insert values in `p.BestFriend`:
 ```go
 type PersonI struct {
    Name       string
    Age        int
    BestFriend PersonII
 }
 type PersonII struct {
    Name string
    Age  int
 }
 p := PersonI{}
 err := f.GenerateStruct(&p)
 ```
 If the consumer should insert values for unexported fields as well as exported, this can be enabled with:
 ```go
 f.AllowUnexportedFields()
 ```
 ...and disabled with:
 ```go
 f.DisallowUnexportedFields()
 ```
 ### Other types:
 Other useful APIs:
 ```go
 createdString, err := f.GetString() // Gets a string
 createdInt, err := f.GetInt() // Gets an integer
 createdByte, err := f.GetByte() // Gets a byte
 createdBytes, err := f.GetBytes() // Gets a byte slice
 createdBool, err := f.GetBool() // Gets a boolean
 err := f.FuzzMap(target_map) // Fills a map
 createdTarBytes, err := f.TarBytes() // Gets bytes of a valid tar archive
 err := f.CreateFiles(inThisDir) // Fills inThisDir with files
 createdString, err := f.GetStringFrom("anyCharInThisString", ofThisLength) // Gets a string that consists of chars from "anyCharInThisString" and has the exact length "ofThisLength"
 ```
 Most APIs are added as they are needed.
 ## Projects that use go-fuzz-headers
 - [runC](https://github.com/opencontainers/runc)
 - [Istio](https://github.com/istio/istio)
 - [Vitess](https://github.com/vitessio/vitess)
 - [Containerd](https://github.com/containerd/containerd)
 Feel free to add your own project to the list, if you use go-fuzz-headers to fuzz it.
 ## Status
 The project is under development and will be updated regularly.
 ## References
 go-fuzz-headers' approach to fuzzing structs is strongly inspired by [gofuzz](https://github.com/google/gofuzz).
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
@ -1,899 +0,0 @@
 // Copyright 2023 The go-fuzz-headers Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package gofuzzheaders
 import (
 	"archive/tar"
 	"bytes"
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"math"
 	"os"
 	"path/filepath"
 	"reflect"
 	"strings"
 	"time"
 	"unsafe"
 	securejoin "github.com/cyphar/filepath-securejoin"
 )
 var (
 	MaxTotalLen uint32 = 2000000
 	maxDepth           = 100
 )
 func SetMaxTotalLen(newLen uint32) {
 	MaxTotalLen = newLen
 }
 type ConsumeFuzzer struct {
 	data                 []byte
 	dataTotal            uint32
 	CommandPart          []byte
 	RestOfArray          []byte
 	NumberOfCalls        int
 	position             uint32
 	fuzzUnexportedFields bool
 	curDepth             int
 	Funcs                map[reflect.Type]reflect.Value
 }
 func IsDivisibleBy(n int, divisibleby int) bool {
 	return (n % divisibleby) == 0
 }
 func NewConsumer(fuzzData []byte) *ConsumeFuzzer {
 	return &ConsumeFuzzer{
 		data:      fuzzData,
 		dataTotal: uint32(len(fuzzData)),
 		Funcs:     make(map[reflect.Type]reflect.Value),
 		curDepth:  0,
 	}
 }
 func (f *ConsumeFuzzer) Split(minCalls, maxCalls int) error {
 	if f.dataTotal == 0 {
 		return errors.New("could not split")
 	}
 	numberOfCalls := int(f.data[0])
 	if numberOfCalls < minCalls || numberOfCalls > maxCalls {
 		return errors.New("bad number of calls")
 	}
 	if int(f.dataTotal) < numberOfCalls+numberOfCalls+1 {
 		return errors.New("length of data does not match required parameters")
 	}
 	// Define part 2 and 3 of the data array
 	commandPart := f.data[1 : numberOfCalls+1]
 	restOfArray := f.data[numberOfCalls+1:]
 	// Just a small check. It is necessary
 	if len(commandPart) != numberOfCalls {
 		return errors.New("length of commandPart does not match number of calls")
 	}
 	// Check if restOfArray is divisible by numberOfCalls
 	if !IsDivisibleBy(len(restOfArray), numberOfCalls) {
 		return errors.New("length of commandPart does not match number of calls")
 	}
 	f.CommandPart = commandPart
 	f.RestOfArray = restOfArray
 	f.NumberOfCalls = numberOfCalls
 	return nil
 }
 func (f *ConsumeFuzzer) AllowUnexportedFields() {
 	f.fuzzUnexportedFields = true
 }
 func (f *ConsumeFuzzer) DisallowUnexportedFields() {
 	f.fuzzUnexportedFields = false
 }
 func (f *ConsumeFuzzer) GenerateStruct(targetStruct interface{}) error {
 	e := reflect.ValueOf(targetStruct).Elem()
 	return f.fuzzStruct(e, false)
 }
 func (f *ConsumeFuzzer) setCustom(v reflect.Value) error {
 	// First: see if we have a fuzz function for it.
 	doCustom, ok := f.Funcs[v.Type()]
 	if !ok {
 		return fmt.Errorf("could not find a custom function")
 	}
 	switch v.Kind() {
 	case reflect.Ptr:
 		if v.IsNil() {
 			if !v.CanSet() {
 				return fmt.Errorf("could not use a custom function")
 			}
 			v.Set(reflect.New(v.Type().Elem()))
 		}
 	case reflect.Map:
 		if v.IsNil() {
 			if !v.CanSet() {
 				return fmt.Errorf("could not use a custom function")
 			}
 			v.Set(reflect.MakeMap(v.Type()))
 		}
 	default:
 		return fmt.Errorf("could not use a custom function")
 	}
 	verr := doCustom.Call([]reflect.Value{v, reflect.ValueOf(Continue{
 		F: f,
 	})})
 	// check if we return an error
 	if verr[0].IsNil() {
 		return nil
 	}
 	return fmt.Errorf("could not use a custom function")
 }
 func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error {
 	if f.curDepth >= maxDepth {
 		// return err or nil here?
 		return nil
 	}
 	f.curDepth++
 	defer func() { f.curDepth-- }()
 	// We check if we should check for custom functions
 	if customFunctions && e.IsValid() && e.CanAddr() {
 		err := f.setCustom(e.Addr())
 		if err != nil {
 			return err
 		}
 	}
 	switch e.Kind() {
 	case reflect.Struct:
 		for i := 0; i < e.NumField(); i++ {
 			var v reflect.Value
 			if !e.Field(i).CanSet() {
 				if f.fuzzUnexportedFields {
 					v = reflect.NewAt(e.Field(i).Type(), unsafe.Pointer(e.Field(i).UnsafeAddr())).Elem()
 				}
 				if err := f.fuzzStruct(v, customFunctions); err != nil {
 					return err
 				}
 			} else {
 				v = e.Field(i)
 				if err := f.fuzzStruct(v, customFunctions); err != nil {
 					return err
 				}
 			}
 		}
 	case reflect.String:
 		str, err := f.GetString()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetString(str)
 		}
 	case reflect.Slice:
 		var maxElements uint32
 		// Byte slices should not be restricted
 		if e.Type().String() == "[]uint8" {
 			maxElements = 10000000
 		} else {
 			maxElements = 50
 		}
 		randQty, err := f.GetUint32()
 		if err != nil {
 			return err
 		}
 		numOfElements := randQty % maxElements
 		if (f.dataTotal - f.position) < numOfElements {
 			numOfElements = f.dataTotal - f.position
 		}
 		uu := reflect.MakeSlice(e.Type(), int(numOfElements), int(numOfElements))
 		for i := 0; i < int(numOfElements); i++ {
 			// If we have more than 10, then we can proceed with that.
 			if err := f.fuzzStruct(uu.Index(i), customFunctions); err != nil {
 				if i >= 10 {
 					if e.CanSet() {
 						e.Set(uu)
 					}
 					return nil
 				} else {
 					return err
 				}
 			}
 		}
 		if e.CanSet() {
 			e.Set(uu)
 		}
 	case reflect.Uint16:
 		newInt, err := f.GetUint16()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetUint(uint64(newInt))
 		}
 	case reflect.Uint32:
 		newInt, err := f.GetUint32()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetUint(uint64(newInt))
 		}
 	case reflect.Uint64:
 		newInt, err := f.GetInt()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetUint(uint64(newInt))
 		}
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
 		newInt, err := f.GetInt()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetInt(int64(newInt))
 		}
 	case reflect.Float32:
 		newFloat, err := f.GetFloat32()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetFloat(float64(newFloat))
 		}
 	case reflect.Float64:
 		newFloat, err := f.GetFloat64()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetFloat(float64(newFloat))
 		}
 	case reflect.Map:
 		if e.CanSet() {
 			e.Set(reflect.MakeMap(e.Type()))
 			const maxElements = 50
 			randQty, err := f.GetInt()
 			if err != nil {
 				return err
 			}
 			numOfElements := randQty % maxElements
 			for i := 0; i < numOfElements; i++ {
 				key := reflect.New(e.Type().Key()).Elem()
 				if err := f.fuzzStruct(key, customFunctions); err != nil {
 					return err
 				}
 				val := reflect.New(e.Type().Elem()).Elem()
 				if err = f.fuzzStruct(val, customFunctions); err != nil {
 					return err
 				}
 				e.SetMapIndex(key, val)
 			}
 		}
 	case reflect.Ptr:
 		if e.CanSet() {
 			e.Set(reflect.New(e.Type().Elem()))
 			if err := f.fuzzStruct(e.Elem(), customFunctions); err != nil {
 				return err
 			}
 			return nil
 		}
 	case reflect.Uint8:
 		b, err := f.GetByte()
 		if err != nil {
 			return err
 		}
 		if e.CanSet() {
 			e.SetUint(uint64(b))
 		}
 	}
 	return nil
 }
 func (f *ConsumeFuzzer) GetStringArray() (reflect.Value, error) {
 	// The max size of the array:
 	const max uint32 = 20
 	arraySize := f.position
 	if arraySize > max {
 		arraySize = max
 	}
 	stringArray := reflect.MakeSlice(reflect.SliceOf(reflect.TypeOf("string")), int(arraySize), int(arraySize))
 	if f.position+arraySize >= f.dataTotal {
 		return stringArray, errors.New("could not make string array")
 	}
 	for i := 0; i < int(arraySize); i++ {
 		stringSize := uint32(f.data[f.position])
 		if f.position+stringSize >= f.dataTotal {
 			return stringArray, nil
 		}
 		stringToAppend := string(f.data[f.position : f.position+stringSize])
 		strVal := reflect.ValueOf(stringToAppend)
 		stringArray = reflect.Append(stringArray, strVal)
 		f.position += stringSize
 	}
 	return stringArray, nil
 }
 func (f *ConsumeFuzzer) GetInt() (int, error) {
 	if f.position >= f.dataTotal {
 		return 0, errors.New("not enough bytes to create int")
 	}
 	returnInt := int(f.data[f.position])
 	f.position++
 	return returnInt, nil
 }
 func (f *ConsumeFuzzer) GetByte() (byte, error) {
 	if f.position >= f.dataTotal {
 		return 0x00, errors.New("not enough bytes to get byte")
 	}
 	returnByte := f.data[f.position]
 	f.position++
 	return returnByte, nil
 }
 func (f *ConsumeFuzzer) GetNBytes(numberOfBytes int) ([]byte, error) {
 	if f.position >= f.dataTotal {
 		return nil, errors.New("not enough bytes to get byte")
 	}
 	returnBytes := make([]byte, 0, numberOfBytes)
 	for i := 0; i < numberOfBytes; i++ {
 		newByte, err := f.GetByte()
 		if err != nil {
 			return nil, err
 		}
 		returnBytes = append(returnBytes, newByte)
 	}
 	return returnBytes, nil
 }
 func (f *ConsumeFuzzer) GetUint16() (uint16, error) {
 	u16, err := f.GetNBytes(2)
 	if err != nil {
 		return 0, err
 	}
 	littleEndian, err := f.GetBool()
 	if err != nil {
 		return 0, err
 	}
 	if littleEndian {
 		return binary.LittleEndian.Uint16(u16), nil
 	}
 	return binary.BigEndian.Uint16(u16), nil
 }
 func (f *ConsumeFuzzer) GetUint32() (uint32, error) {
 	i, err := f.GetInt()
 	if err != nil {
 		return uint32(0), err
 	}
 	return uint32(i), nil
 }
 func (f *ConsumeFuzzer) GetUint64() (uint64, error) {
 	u64, err := f.GetNBytes(8)
 	if err != nil {
 		return 0, err
 	}
 	littleEndian, err := f.GetBool()
 	if err != nil {
 		return 0, err
 	}
 	if littleEndian {
 		return binary.LittleEndian.Uint64(u64), nil
 	}
 	return binary.BigEndian.Uint64(u64), nil
 }
 func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
 	if f.position >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	length, err := f.GetUint32()
 	if err != nil {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if f.position+length > MaxTotalLen {
 		return nil, errors.New("created too large a string")
 	}
 	byteBegin := f.position - 1
 	if byteBegin >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if length == 0 {
 		return nil, errors.New("zero-length is not supported")
 	}
 	if byteBegin+length >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if byteBegin+length < byteBegin {
 		return nil, errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
 	return f.data[byteBegin:f.position], nil
 }
 func (f *ConsumeFuzzer) GetString() (string, error) {
 	if f.position >= f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	length, err := f.GetUint32()
 	if err != nil {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	if f.position > MaxTotalLen {
 		return "nil", errors.New("created too large a string")
 	}
 	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	if byteBegin+length > f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	if byteBegin > byteBegin+length {
 		return "nil", errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
 	return string(f.data[byteBegin:f.position]), nil
 }
 func (f *ConsumeFuzzer) GetBool() (bool, error) {
 	if f.position >= f.dataTotal {
 		return false, errors.New("not enough bytes to create bool")
 	}
 	if IsDivisibleBy(int(f.data[f.position]), 2) {
 		f.position++
 		return true, nil
 	} else {
 		f.position++
 		return false, nil
 	}
 }
 func (f *ConsumeFuzzer) FuzzMap(m interface{}) error {
 	return f.GenerateStruct(m)
 }
 func returnTarBytes(buf []byte) ([]byte, error) {
 	// Count files
 	var fileCounter int
 	tr := tar.NewReader(bytes.NewReader(buf))
 	for {
 		_, err := tr.Next()
 		if err == io.EOF {
 			break
 		}
 		if err != nil {
 			return nil, err
 		}
 		fileCounter++
 	}
 	if fileCounter >= 1 {
 		return buf, nil
 	}
 	return nil, fmt.Errorf("not enough files were created\n")
 }
 func setTarHeaderFormat(hdr *tar.Header, f *ConsumeFuzzer) error {
 	ind, err := f.GetInt()
 	if err != nil {
 		return err
 	}
 	switch ind % 4 {
 	case 0:
 		hdr.Format = tar.FormatUnknown
 	case 1:
 		hdr.Format = tar.FormatUSTAR
 	case 2:
 		hdr.Format = tar.FormatPAX
 	case 3:
 		hdr.Format = tar.FormatGNU
 	}
 	return nil
 }
 func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error {
 	ind, err := f.GetInt()
 	if err != nil {
 		return err
 	}
 	switch ind % 13 {
 	case 0:
 		hdr.Typeflag = tar.TypeReg
 	case 1:
 		hdr.Typeflag = tar.TypeLink
 		linkname, err := f.GetString()
 		if err != nil {
 			return err
 		}
 		hdr.Linkname = linkname
 	case 2:
 		hdr.Typeflag = tar.TypeSymlink
 		linkname, err := f.GetString()
 		if err != nil {
 			return err
 		}
 		hdr.Linkname = linkname
 	case 3:
 		hdr.Typeflag = tar.TypeChar
 	case 4:
 		hdr.Typeflag = tar.TypeBlock
 	case 5:
 		hdr.Typeflag = tar.TypeDir
 	case 6:
 		hdr.Typeflag = tar.TypeFifo
 	case 7:
 		hdr.Typeflag = tar.TypeCont
 	case 8:
 		hdr.Typeflag = tar.TypeXHeader
 	case 9:
 		hdr.Typeflag = tar.TypeXGlobalHeader
 	case 10:
 		hdr.Typeflag = tar.TypeGNUSparse
 	case 11:
 		hdr.Typeflag = tar.TypeGNULongName
 	case 12:
 		hdr.Typeflag = tar.TypeGNULongLink
 	}
 	return nil
 }
 func tooSmallFileBody(length uint32) bool {
 	if length < 2 {
 		return true
 	}
 	if length < 4 {
 		return true
 	}
 	if length < 10 {
 		return true
 	}
 	if length < 100 {
 		return true
 	}
 	if length < 500 {
 		return true
 	}
 	if length < 1000 {
 		return true
 	}
 	if length < 2000 {
 		return true
 	}
 	if length < 4000 {
 		return true
 	}
 	if length < 8000 {
 		return true
 	}
 	if length < 16000 {
 		return true
 	}
 	if length < 32000 {
 		return true
 	}
 	if length < 64000 {
 		return true
 	}
 	if length < 128000 {
 		return true
 	}
 	if length < 264000 {
 		return true
 	}
 	return false
 }
 func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) {
 	length, err := f.GetUint32()
 	if err != nil {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	shouldUseLargeFileBody, err := f.GetBool()
 	if err != nil {
 		return nil, errors.New("not enough bytes to check long file body")
 	}
 	if shouldUseLargeFileBody && tooSmallFileBody(length) {
 		return nil, errors.New("File body was too small")
 	}
 	// A bit of optimization to attempt to create a file body
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
 	if remainingBytes == 0 {
 		return nil, errors.New("created too large a string")
 	}
 	if f.position+length > MaxTotalLen {
 		return nil, errors.New("created too large a string")
 	}
 	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if length == 0 {
 		return nil, errors.New("zero-length is not supported")
 	}
 	if byteBegin+length >= f.dataTotal {
 		return nil, errors.New("not enough bytes to create byte array")
 	}
 	if byteBegin+length < byteBegin {
 		return nil, errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
 	return f.data[byteBegin:f.position], nil
 }
 // getTarFileName is similar to GetString(), but creates string based
 // on the length of f.data to reduce the likelihood of overflowing
 // f.data.
 func (f *ConsumeFuzzer) getTarFilename() (string, error) {
 	length, err := f.GetUint32()
 	if err != nil {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	// A bit of optimization to attempt to create a file name
 	// when we don't have as many bytes left as "length"
 	remainingBytes := f.dataTotal - f.position
 	if remainingBytes == 0 {
 		return "nil", errors.New("created too large a string")
 	}
 	if remainingBytes < 50 {
 		length = length % remainingBytes
 	} else if f.dataTotal < 500 {
 		length = length % f.dataTotal
 	}
 	if f.position > MaxTotalLen {
 		return "nil", errors.New("created too large a string")
 	}
 	byteBegin := f.position
 	if byteBegin >= f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	if byteBegin+length > f.dataTotal {
 		return "nil", errors.New("not enough bytes to create string")
 	}
 	if byteBegin > byteBegin+length {
 		return "nil", errors.New("numbers overflow")
 	}
 	f.position = byteBegin + length
 	return string(f.data[byteBegin:f.position]), nil
 }
 // TarBytes returns valid bytes for a tar archive
 func (f *ConsumeFuzzer) TarBytes() ([]byte, error) {
 	numberOfFiles, err := f.GetInt()
 	if err != nil {
 		return nil, err
 	}
 	var buf bytes.Buffer
 	tw := tar.NewWriter(&buf)
 	defer tw.Close()
 	const maxNoOfFiles = 1000
 	for i := 0; i < numberOfFiles%maxNoOfFiles; i++ {
 		filename, err := f.getTarFilename()
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		filebody, err := f.createTarFileBody()
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		sec, err := f.GetInt()
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		nsec, err := f.GetInt()
 		if err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		hdr := &tar.Header{
 			Name:    filename,
 			Size:    int64(len(filebody)),
 			Mode:    0o600,
 			ModTime: time.Unix(int64(sec), int64(nsec)),
 		}
 		if err := setTarHeaderTypeflag(hdr, f); err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		if err := setTarHeaderFormat(hdr, f); err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		if err := tw.WriteHeader(hdr); err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 		if _, err := tw.Write(filebody); err != nil {
 			return returnTarBytes(buf.Bytes())
 		}
 	}
 	return buf.Bytes(), nil
 }
 // CreateFiles creates pseudo-random files in rootDir.
 // It creates subdirs and places the files there.
 // It is the callers responsibility to ensure that
 // rootDir exists.
 func (f *ConsumeFuzzer) CreateFiles(rootDir string) error {
 	numberOfFiles, err := f.GetInt()
 	if err != nil {
 		return err
 	}
 	maxNumberOfFiles := numberOfFiles % 4000 // This is completely arbitrary
 	if maxNumberOfFiles == 0 {
 		return errors.New("maxNumberOfFiles is nil")
 	}
 	var noOfCreatedFiles int
 	for i := 0; i < maxNumberOfFiles; i++ {
 		// The file to create:
 		fileName, err := f.GetString()
 		if err != nil {
 			if noOfCreatedFiles > 0 {
 				// If files have been created, we don't return an error.
 				break
 			} else {
 				return errors.New("could not get fileName")
 			}
 		}
 		fullFilePath, err := securejoin.SecureJoin(rootDir, fileName)
 		if err != nil {
 			return err
 		}
 		// Find the subdirectory of the file
 		if subDir := filepath.Dir(fileName); subDir != "" && subDir != "." {
 			// create the dir first; avoid going outside the root dir
 			if strings.Contains(subDir, "../") || (len(subDir) > 0 && subDir[0] == 47) || strings.Contains(subDir, "\\") {
 				continue
 			}
 			dirPath, err := securejoin.SecureJoin(rootDir, subDir)
 			if err != nil {
 				continue
 			}
 			if _, err := os.Stat(dirPath); os.IsNotExist(err) {
 				err2 := os.MkdirAll(dirPath, 0o777)
 				if err2 != nil {
 					continue
 				}
 			}
 			fullFilePath, err = securejoin.SecureJoin(dirPath, fileName)
 			if err != nil {
 				continue
 			}
 		} else {
 			// Create symlink
 			createSymlink, err := f.GetBool()
 			if err != nil {
 				if noOfCreatedFiles > 0 {
 					break
 				} else {
 					return errors.New("could not create the symlink")
 				}
 			}
 			if createSymlink {
 				symlinkTarget, err := f.GetString()
 				if err != nil {
 					return err
 				}
 				err = os.Symlink(symlinkTarget, fullFilePath)
 				if err != nil {
 					return err
 				}
 				// stop loop here, since a symlink needs no further action
 				noOfCreatedFiles++
 				continue
 			}
 			// We create a normal file
 			fileContents, err := f.GetBytes()
 			if err != nil {
 				if noOfCreatedFiles > 0 {
 					break
 				} else {
 					return errors.New("could not create the file")
 				}
 			}
 			err = os.WriteFile(fullFilePath, fileContents, 0o666)
 			if err != nil {
 				continue
 			}
 			noOfCreatedFiles++
 		}
 	}
 	return nil
 }
 // GetStringFrom returns a string that can only consist of characters
 // included in possibleChars. It returns an error if the created string
 // does not have the specified length.
 func (f *ConsumeFuzzer) GetStringFrom(possibleChars string, length int) (string, error) {
 	if (f.dataTotal - f.position) < uint32(length) {
 		return "", errors.New("not enough bytes to create a string")
 	}
 	output := make([]byte, 0, length)
 	for i := 0; i < length; i++ {
 		charIndex, err := f.GetInt()
 		if err != nil {
 			return string(output), err
 		}
 		output = append(output, possibleChars[charIndex%len(possibleChars)])
 	}
 	return string(output), nil
 }
 func (f *ConsumeFuzzer) GetRune() ([]rune, error) {
 	stringToConvert, err := f.GetString()
 	if err != nil {
 		return []rune("nil"), err
 	}
 	return []rune(stringToConvert), nil
 }
 func (f *ConsumeFuzzer) GetFloat32() (float32, error) {
 	u32, err := f.GetNBytes(4)
 	if err != nil {
 		return 0, err
 	}
 	littleEndian, err := f.GetBool()
 	if err != nil {
 		return 0, err
 	}
 	if littleEndian {
 		u32LE := binary.LittleEndian.Uint32(u32)
 		return math.Float32frombits(u32LE), nil
 	}
 	u32BE := binary.BigEndian.Uint32(u32)
 	return math.Float32frombits(u32BE), nil
 }
 func (f *ConsumeFuzzer) GetFloat64() (float64, error) {
 	u64, err := f.GetNBytes(8)
 	if err != nil {
 		return 0, err
 	}
 	littleEndian, err := f.GetBool()
 	if err != nil {
 		return 0, err
 	}
 	if littleEndian {
 		u64LE := binary.LittleEndian.Uint64(u64)
 		return math.Float64frombits(u64LE), nil
 	}
 	u64BE := binary.BigEndian.Uint64(u64)
 	return math.Float64frombits(u64BE), nil
 }
 func (f *ConsumeFuzzer) CreateSlice(targetSlice interface{}) error {
 	return f.GenerateStruct(targetSlice)
 }
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go
@ -1,62 +0,0 @@
 // Copyright 2023 The go-fuzz-headers Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package gofuzzheaders
 import (
 	"fmt"
 	"reflect"
 )
 type Continue struct {
 	F *ConsumeFuzzer
 }
 func (f *ConsumeFuzzer) AddFuncs(fuzzFuncs []interface{}) {
 	for i := range fuzzFuncs {
 		v := reflect.ValueOf(fuzzFuncs[i])
 		if v.Kind() != reflect.Func {
 			panic("Need only funcs!")
 		}
 		t := v.Type()
 		if t.NumIn() != 2 || t.NumOut() != 1 {
 			fmt.Println(t.NumIn(), t.NumOut())
 			panic("Need 2 in and 1 out params. In must be the type. Out must be an error")
 		}
 		argT := t.In(0)
 		switch argT.Kind() {
 		case reflect.Ptr, reflect.Map:
 		default:
 			panic("fuzzFunc must take pointer or map type")
 		}
 		if t.In(1) != reflect.TypeOf(Continue{}) {
 			panic("fuzzFunc's second parameter must be type Continue")
 		}
 		f.Funcs[argT] = v
 	}
 }
 func (f *ConsumeFuzzer) GenerateWithCustom(targetStruct interface{}) error {
 	e := reflect.ValueOf(targetStruct).Elem()
 	return f.fuzzStruct(e, true)
 }
 func (c Continue) GenerateStruct(targetStruct interface{}) error {
 	return c.F.GenerateStruct(targetStruct)
 }
 func (c Continue) GenerateStructWithCustom(targetStruct interface{}) error {
 	return c.F.GenerateWithCustom(targetStruct)
 }
--- a/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go
+++ b/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go
@ -1,556 +0,0 @@
 // Copyright 2023 The go-fuzz-headers Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package gofuzzheaders
 import (
 	"fmt"
 	"strings"
 )
 // returns a keyword by index
 func getKeyword(f *ConsumeFuzzer) (string, error) {
 	index, err := f.GetInt()
 	if err != nil {
 		return keywords[0], err
 	}
 	for i, k := range keywords {
 		if i == index {
 			return k, nil
 		}
 	}
 	return keywords[0], fmt.Errorf("could not get a kw")
 }
 // Simple utility function to check if a string
 // slice contains a string.
 func containsString(s []string, e string) bool {
 	for _, a := range s {
 		if a == e {
 			return true
 		}
 	}
 	return false
 }
 // These keywords are used specifically for fuzzing Vitess
 var keywords = []string{
 	"accessible", "action", "add", "after", "against", "algorithm",
 	"all", "alter", "always", "analyze", "and", "as", "asc", "asensitive",
 	"auto_increment", "avg_row_length", "before", "begin", "between",
 	"bigint", "binary", "_binary", "_utf8mb4", "_utf8", "_latin1", "bit",
 	"blob", "bool", "boolean", "both", "by", "call", "cancel", "cascade",
 	"cascaded", "case", "cast", "channel", "change", "char", "character",
 	"charset", "check", "checksum", "coalesce", "code", "collate", "collation",
 	"column", "columns", "comment", "committed", "commit", "compact", "complete",
 	"compressed", "compression", "condition", "connection", "constraint", "continue",
 	"convert", "copy", "cume_dist", "substr", "substring", "create", "cross",
 	"csv", "current_date", "current_time", "current_timestamp", "current_user",
 	"cursor", "data", "database", "databases", "day", "day_hour", "day_microsecond",
 	"day_minute", "day_second", "date", "datetime", "dec", "decimal", "declare",
 	"default", "definer", "delay_key_write", "delayed", "delete", "dense_rank",
 	"desc", "describe", "deterministic", "directory", "disable", "discard",
 	"disk", "distinct", "distinctrow", "div", "double", "do", "drop", "dumpfile",
 	"duplicate", "dynamic", "each", "else", "elseif", "empty", "enable",
 	"enclosed", "encryption", "end", "enforced", "engine", "engines", "enum",
 	"error", "escape", "escaped", "event", "exchange", "exclusive", "exists",
 	"exit", "explain", "expansion", "export", "extended", "extract", "false",
 	"fetch", "fields", "first", "first_value", "fixed", "float", "float4",
 	"float8", "flush", "for", "force", "foreign", "format", "from", "full",
 	"fulltext", "function", "general", "generated", "geometry", "geometrycollection",
 	"get", "global", "gtid_executed", "grant", "group", "grouping", "groups",
 	"group_concat", "having", "header", "high_priority", "hosts", "hour", "hour_microsecond",
 	"hour_minute", "hour_second", "if", "ignore", "import", "in", "index", "indexes",
 	"infile", "inout", "inner", "inplace", "insensitive", "insert", "insert_method",
 	"int", "int1", "int2", "int3", "int4", "int8", "integer", "interval",
 	"into", "io_after_gtids", "is", "isolation", "iterate", "invoker", "join",
 	"json", "json_table", "key", "keys", "keyspaces", "key_block_size", "kill", "lag",
 	"language", "last", "last_value", "last_insert_id", "lateral", "lead", "leading",
 	"leave", "left", "less", "level", "like", "limit", "linear", "lines",
 	"linestring", "load", "local", "localtime", "localtimestamp", "lock", "logs",
 	"long", "longblob", "longtext", "loop", "low_priority", "manifest",
 	"master_bind", "match", "max_rows", "maxvalue", "mediumblob", "mediumint",
 	"mediumtext", "memory", "merge", "microsecond", "middleint", "min_rows", "minute",
 	"minute_microsecond", "minute_second", "mod", "mode", "modify", "modifies",
 	"multilinestring", "multipoint", "multipolygon", "month", "name",
 	"names", "natural", "nchar", "next", "no", "none", "not", "no_write_to_binlog",
 	"nth_value", "ntile", "null", "numeric", "of", "off", "offset", "on",
 	"only", "open", "optimize", "optimizer_costs", "option", "optionally",
 	"or", "order", "out", "outer", "outfile", "over", "overwrite", "pack_keys",
 	"parser", "partition", "partitioning", "password", "percent_rank", "plugins",
 	"point", "polygon", "precision", "primary", "privileges", "processlist",
 	"procedure", "query", "quarter", "range", "rank", "read", "reads", "read_write",
 	"real", "rebuild", "recursive", "redundant", "references", "regexp", "relay",
 	"release", "remove", "rename", "reorganize", "repair", "repeat", "repeatable",
 	"replace", "require", "resignal", "restrict", "return", "retry", "revert",
 	"revoke", "right", "rlike", "rollback", "row", "row_format", "row_number",
 	"rows", "s3", "savepoint", "schema", "schemas", "second", "second_microsecond",
 	"security", "select", "sensitive", "separator", "sequence", "serializable",
 	"session", "set", "share", "shared", "show", "signal", "signed", "slow",
 	"smallint", "spatial", "specific", "sql", "sqlexception", "sqlstate",
 	"sqlwarning", "sql_big_result", "sql_cache", "sql_calc_found_rows",
 	"sql_no_cache", "sql_small_result", "ssl", "start", "starting",
 	"stats_auto_recalc", "stats_persistent", "stats_sample_pages", "status",
 	"storage", "stored", "straight_join", "stream", "system", "vstream",
 	"table", "tables", "tablespace", "temporary", "temptable", "terminated",
 	"text", "than", "then", "time", "timestamp", "timestampadd", "timestampdiff",
 	"tinyblob", "tinyint", "tinytext", "to", "trailing", "transaction", "tree",
 	"traditional", "trigger", "triggers", "true", "truncate", "uncommitted",
 	"undefined", "undo", "union", "unique", "unlock", "unsigned", "update",
 	"upgrade", "usage", "use", "user", "user_resources", "using", "utc_date",
 	"utc_time", "utc_timestamp", "validation", "values", "variables", "varbinary",
 	"varchar", "varcharacter", "varying", "vgtid_executed", "virtual", "vindex",
 	"vindexes", "view", "vitess", "vitess_keyspaces", "vitess_metadata",
 	"vitess_migration", "vitess_migrations", "vitess_replication_status",
 	"vitess_shards", "vitess_tablets", "vschema", "warnings", "when",
 	"where", "while", "window", "with", "without", "work", "write", "xor",
 	"year", "year_month", "zerofill",
 }
 // Keywords that could get an additional keyword
 var needCustomString = []string{
 	"DISTINCTROW", "FROM", // Select keywords:
 	"GROUP BY", "HAVING", "WINDOW",
 	"FOR",
 	"ORDER BY", "LIMIT",
 	"INTO", "PARTITION", "AS", // Insert Keywords:
 	"ON DUPLICATE KEY UPDATE",
 	"WHERE", "LIMIT", // Delete keywords
 	"INFILE", "INTO TABLE", "CHARACTER SET", // Load keywords
 	"TERMINATED BY", "ENCLOSED BY",
 	"ESCAPED BY", "STARTING BY",
 	"TERMINATED BY", "STARTING BY",
 	"IGNORE",
 	"VALUE", "VALUES", // Replace tokens
 	"SET",                                   // Update tokens
 	"ENGINE =",                              // Drop tokens
 	"DEFINER =", "ON SCHEDULE", "RENAME TO", // Alter tokens
 	"COMMENT", "DO", "INITIAL_SIZE = ", "OPTIONS",
 }
 var alterTableTokens = [][]string{
 	{"CUSTOM_FUZZ_STRING"},
 	{"CUSTOM_ALTTER_TABLE_OPTIONS"},
 	{"PARTITION_OPTIONS_FOR_ALTER_TABLE"},
 }
 var alterTokens = [][]string{
 	{
 		"DATABASE", "SCHEMA", "DEFINER = ", "EVENT", "FUNCTION", "INSTANCE",
 		"LOGFILE GROUP", "PROCEDURE", "SERVER",
 	},
 	{"CUSTOM_FUZZ_STRING"},
 	{
 		"ON SCHEDULE", "ON COMPLETION PRESERVE", "ON COMPLETION NOT PRESERVE",
 		"ADD UNDOFILE", "OPTIONS",
 	},
 	{"RENAME TO", "INITIAL_SIZE = "},
 	{"ENABLE", "DISABLE", "DISABLE ON SLAVE", "ENGINE"},
 	{"COMMENT"},
 	{"DO"},
 }
 var setTokens = [][]string{
 	{"CHARACTER SET", "CHARSET", "CUSTOM_FUZZ_STRING", "NAMES"},
 	{"CUSTOM_FUZZ_STRING", "DEFAULT", "="},
 	{"CUSTOM_FUZZ_STRING"},
 }
 var dropTokens = [][]string{
 	{"TEMPORARY", "UNDO"},
 	{
 		"DATABASE", "SCHEMA", "EVENT", "INDEX", "LOGFILE GROUP",
 		"PROCEDURE", "FUNCTION", "SERVER", "SPATIAL REFERENCE SYSTEM",
 		"TABLE", "TABLESPACE", "TRIGGER", "VIEW",
 	},
 	{"IF EXISTS"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"ON", "ENGINE = ", "RESTRICT", "CASCADE"},
 }
 var renameTokens = [][]string{
 	{"TABLE"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"TO"},
 	{"CUSTOM_FUZZ_STRING"},
 }
 var truncateTokens = [][]string{
 	{"TABLE"},
 	{"CUSTOM_FUZZ_STRING"},
 }
 var createTokens = [][]string{
 	{"OR REPLACE", "TEMPORARY", "UNDO"}, // For create spatial reference system
 	{
 		"UNIQUE", "FULLTEXT", "SPATIAL", "ALGORITHM = UNDEFINED", "ALGORITHM = MERGE",
 		"ALGORITHM = TEMPTABLE",
 	},
 	{
 		"DATABASE", "SCHEMA", "EVENT", "FUNCTION", "INDEX", "LOGFILE GROUP",
 		"PROCEDURE", "SERVER", "SPATIAL REFERENCE SYSTEM", "TABLE", "TABLESPACE",
 		"TRIGGER", "VIEW",
 	},
 	{"IF NOT EXISTS"},
 	{"CUSTOM_FUZZ_STRING"},
 }
 /*
 // For future use.
 var updateTokens = [][]string{
 	{"LOW_PRIORITY"},
 	{"IGNORE"},
 	{"SET"},
 	{"WHERE"},
 	{"ORDER BY"},
 	{"LIMIT"},
 }
 */
 var replaceTokens = [][]string{
 	{"LOW_PRIORITY", "DELAYED"},
 	{"INTO"},
 	{"PARTITION"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"VALUES", "VALUE"},
 }
 var loadTokens = [][]string{
 	{"DATA"},
 	{"LOW_PRIORITY", "CONCURRENT", "LOCAL"},
 	{"INFILE"},
 	{"REPLACE", "IGNORE"},
 	{"INTO TABLE"},
 	{"PARTITION"},
 	{"CHARACTER SET"},
 	{"FIELDS", "COLUMNS"},
 	{"TERMINATED BY"},
 	{"OPTIONALLY"},
 	{"ENCLOSED BY"},
 	{"ESCAPED BY"},
 	{"LINES"},
 	{"STARTING BY"},
 	{"TERMINATED BY"},
 	{"IGNORE"},
 	{"LINES", "ROWS"},
 	{"CUSTOM_FUZZ_STRING"},
 }
 // These Are everything that comes after "INSERT"
 var insertTokens = [][]string{
 	{"LOW_PRIORITY", "DELAYED", "HIGH_PRIORITY", "IGNORE"},
 	{"INTO"},
 	{"PARTITION"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"AS"},
 	{"ON DUPLICATE KEY UPDATE"},
 }
 // These are everything that comes after "SELECT"
 var selectTokens = [][]string{
 	{"*", "CUSTOM_FUZZ_STRING", "DISTINCTROW"},
 	{"HIGH_PRIORITY"},
 	{"STRAIGHT_JOIN"},
 	{"SQL_SMALL_RESULT", "SQL_BIG_RESULT", "SQL_BUFFER_RESULT"},
 	{"SQL_NO_CACHE", "SQL_CALC_FOUND_ROWS"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"FROM"},
 	{"WHERE"},
 	{"GROUP BY"},
 	{"HAVING"},
 	{"WINDOW"},
 	{"ORDER BY"},
 	{"LIMIT"},
 	{"CUSTOM_FUZZ_STRING"},
 	{"FOR"},
 }
 // These are everything that comes after "DELETE"
 var deleteTokens = [][]string{
 	{"LOW_PRIORITY", "QUICK", "IGNORE", "FROM", "AS"},
 	{"PARTITION"},
 	{"WHERE"},
 	{"ORDER BY"},
 	{"LIMIT"},
 }
 var alter_table_options = []string{
 	"ADD", "COLUMN", "FIRST", "AFTER", "INDEX", "KEY", "FULLTEXT", "SPATIAL",
 	"CONSTRAINT", "UNIQUE", "FOREIGN KEY", "CHECK", "ENFORCED", "DROP", "ALTER",
 	"NOT", "INPLACE", "COPY", "SET", "VISIBLE", "INVISIBLE", "DEFAULT", "CHANGE",
 	"CHARACTER SET", "COLLATE", "DISABLE", "ENABLE", "KEYS", "TABLESPACE", "LOCK",
 	"FORCE", "MODIFY", "SHARED", "EXCLUSIVE", "NONE", "ORDER BY", "RENAME COLUMN",
 	"AS", "=", "ASC", "DESC", "WITH", "WITHOUT", "VALIDATION", "ADD PARTITION",
 	"DROP PARTITION", "DISCARD PARTITION", "IMPORT PARTITION", "TRUNCATE PARTITION",
 	"COALESCE PARTITION", "REORGANIZE PARTITION", "EXCHANGE PARTITION",
 	"ANALYZE PARTITION", "CHECK PARTITION", "OPTIMIZE PARTITION", "REBUILD PARTITION",
 	"REPAIR PARTITION", "REMOVE PARTITIONING", "USING", "BTREE", "HASH", "COMMENT",
 	"KEY_BLOCK_SIZE", "WITH PARSER", "AUTOEXTEND_SIZE", "AUTO_INCREMENT", "AVG_ROW_LENGTH",
 	"CHECKSUM", "INSERT_METHOD", "ROW_FORMAT", "DYNAMIC", "FIXED", "COMPRESSED", "REDUNDANT",
 	"COMPACT", "SECONDARY_ENGINE_ATTRIBUTE", "STATS_AUTO_RECALC", "STATS_PERSISTENT",
 	"STATS_SAMPLE_PAGES", "ZLIB", "LZ4", "ENGINE_ATTRIBUTE", "KEY_BLOCK_SIZE", "MAX_ROWS",
 	"MIN_ROWS", "PACK_KEYS", "PASSWORD", "COMPRESSION", "CONNECTION", "DIRECTORY",
 	"DELAY_KEY_WRITE", "ENCRYPTION", "STORAGE", "DISK", "MEMORY", "UNION",
 }
 // Creates an 'alter table' statement. 'alter table' is an exception
 // in that it has its own function. The majority of statements
 // are created by 'createStmt()'.
 func createAlterTableStmt(f *ConsumeFuzzer) (string, error) {
 	maxArgs, err := f.GetInt()
 	if err != nil {
 		return "", err
 	}
 	maxArgs = maxArgs % 30
 	if maxArgs == 0 {
 		return "", fmt.Errorf("could not create alter table stmt")
 	}
 	var stmt strings.Builder
 	stmt.WriteString("ALTER TABLE ")
 	for i := 0; i < maxArgs; i++ {
 		// Calculate if we get existing token or custom string
 		tokenType, err := f.GetInt()
 		if err != nil {
 			return "", err
 		}
 		if tokenType%4 == 1 {
 			customString, err := f.GetString()
 			if err != nil {
 				return "", err
 			}
 			stmt.WriteString(" " + customString)
 		} else {
 			tokenIndex, err := f.GetInt()
 			if err != nil {
 				return "", err
 			}
 			stmt.WriteString(" " + alter_table_options[tokenIndex%len(alter_table_options)])
 		}
 	}
 	return stmt.String(), nil
 }
 func chooseToken(tokens []string, f *ConsumeFuzzer) (string, error) {
 	index, err := f.GetInt()
 	if err != nil {
 		return "", err
 	}
 	var token strings.Builder
 	token.WriteString(tokens[index%len(tokens)])
 	if token.String() == "CUSTOM_FUZZ_STRING" {
 		customFuzzString, err := f.GetString()
 		if err != nil {
 			return "", err
 		}
 		return customFuzzString, nil
 	}
 	// Check if token requires an argument
 	if containsString(needCustomString, token.String()) {
 		customFuzzString, err := f.GetString()
 		if err != nil {
 			return "", err
 		}
 		token.WriteString(" " + customFuzzString)
 	}
 	return token.String(), nil
 }
 var stmtTypes = map[string][][]string{
 	"DELETE":      deleteTokens,
 	"INSERT":      insertTokens,
 	"SELECT":      selectTokens,
 	"LOAD":        loadTokens,
 	"REPLACE":     replaceTokens,
 	"CREATE":      createTokens,
 	"DROP":        dropTokens,
 	"RENAME":      renameTokens,
 	"TRUNCATE":    truncateTokens,
 	"SET":         setTokens,
 	"ALTER":       alterTokens,
 	"ALTER TABLE": alterTableTokens, // ALTER TABLE has its own set of tokens
 }
 var stmtTypeEnum = map[int]string{
 	0:  "DELETE",
 	1:  "INSERT",
 	2:  "SELECT",
 	3:  "LOAD",
 	4:  "REPLACE",
 	5:  "CREATE",
 	6:  "DROP",
 	7:  "RENAME",
 	8:  "TRUNCATE",
 	9:  "SET",
 	10: "ALTER",
 	11: "ALTER TABLE",
 }
 func createStmt(f *ConsumeFuzzer) (string, error) {
 	stmtIndex, err := f.GetInt()
 	if err != nil {
 		return "", err
 	}
 	stmtIndex = stmtIndex % len(stmtTypes)
 	queryType := stmtTypeEnum[stmtIndex]
 	tokens := stmtTypes[queryType]
 	// We have custom creator for ALTER TABLE
 	if queryType == "ALTER TABLE" {
 		query, err := createAlterTableStmt(f)
 		if err != nil {
 			return "", err
 		}
 		return query, nil
 	}
 	// Here we are creating a query that is not
 	// an 'alter table' query. For available
 	// queries, see "stmtTypes"
 	// First specify the first query keyword:
 	var query strings.Builder
 	query.WriteString(queryType)
 	// Next create the args for the
 	queryArgs, err := createStmtArgs(tokens, f)
 	if err != nil {
 		return "", err
 	}
 	query.WriteString(" " + queryArgs)
 	return query.String(), nil
 }
 // Creates the arguments of a statements. In a select statement
 // that would be everything after "select".
 func createStmtArgs(tokenslice [][]string, f *ConsumeFuzzer) (string, error) {
 	var query, token strings.Builder
 	// We go through the tokens in the tokenslice,
 	// create the respective token and add it to
 	// "query"
 	for _, tokens := range tokenslice {
 		// For extra randomization, the fuzzer can
 		// choose to not include this token.
 		includeThisToken, err := f.GetBool()
 		if err != nil {
 			return "", err
 		}
 		if !includeThisToken {
 			continue
 		}
 		// There may be several tokens to choose from:
 		if len(tokens) > 1 {
 			chosenToken, err := chooseToken(tokens, f)
 			if err != nil {
 				return "", err
 			}
 			query.WriteString(" " + chosenToken)
 		} else {
 			token.WriteString(tokens[0])
 			// In case the token is "CUSTOM_FUZZ_STRING"
 			// we will then create a non-structured string
 			if token.String() == "CUSTOM_FUZZ_STRING" {
 				customFuzzString, err := f.GetString()
 				if err != nil {
 					return "", err
 				}
 				query.WriteString(" " + customFuzzString)
 				continue
 			}
 			// Check if token requires an argument.
 			// Tokens that take an argument can be found
 			// in 'needCustomString'. If so, we add a
 			// non-structured string to the token.
 			if containsString(needCustomString, token.String()) {
 				customFuzzString, err := f.GetString()
 				if err != nil {
 					return "", err
 				}
 				token.WriteString(fmt.Sprintf(" %s", customFuzzString))
 			}
 			query.WriteString(fmt.Sprintf(" %s", token.String()))
 		}
 	}
 	return query.String(), nil
 }
 // Creates a semi-structured query. It creates a string
 // that is a combination of the keywords and random strings.
 func createQuery(f *ConsumeFuzzer) (string, error) {
 	queryLen, err := f.GetInt()
 	if err != nil {
 		return "", err
 	}
 	maxLen := queryLen % 60
 	if maxLen == 0 {
 		return "", fmt.Errorf("could not create a query")
 	}
 	var query strings.Builder
 	for i := 0; i < maxLen; i++ {
 		// Get a new token:
 		useKeyword, err := f.GetBool()
 		if err != nil {
 			return "", err
 		}
 		if useKeyword {
 			keyword, err := getKeyword(f)
 			if err != nil {
 				return "", err
 			}
 			query.WriteString(" " + keyword)
 		} else {
 			customString, err := f.GetString()
 			if err != nil {
 				return "", err
 			}
 			query.WriteString(" " + customString)
 		}
 	}
 	if query.String() == "" {
 		return "", fmt.Errorf("could not create a query")
 	}
 	return query.String(), nil
 }
 // GetSQLString is the API that users interact with.
 //
 // Usage:
 //
 //	f := NewConsumer(data)
 //	sqlString, err := f.GetSQLString()
 func (f *ConsumeFuzzer) GetSQLString() (string, error) {
 	var query string
 	veryStructured, err := f.GetBool()
 	if err != nil {
 		return "", err
 	}
 	if veryStructured {
 		query, err = createStmt(f)
 		if err != nil {
 			return "", err
 		}
 	} else {
 		query, err = createQuery(f)
 		if err != nil {
 			return "", err
 		}
 	}
 	return query, nil
 }
--- a/vendor/github.com/AdamKorcz/go-118-fuzz-build/LICENSE
+++ b/vendor/github.com/AdamKorcz/go-118-fuzz-build/LICENSE
@ -1,201 +0,0 @@
                                 Apache License
                           Version 2.0, January 2004
                        http://www.apache.org/licenses/
   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
   1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
   2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
   3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
   4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
          Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
          distribution, then any Derivative Works that You distribute must
          include a readable copy of the attribution notices contained
          within such NOTICE file, excluding those notices that do not
          pertain to any part of the Derivative Works, in at least one
          of the following places: within a NOTICE text file distributed
          as part of the Derivative Works; within the Source form or
          documentation, if provided along with the Derivative Works; or,
          within a display generated by the Derivative Works, if and
          wherever such third-party notices normally appear. The contents
          of the NOTICE file are for informational purposes only and
          do not modify the License. You may add Your own attribution
          notices within Derivative Works that You distribute, alongside
          or as an addendum to the NOTICE text from the Work, provided
          that such additional attribution notices cannot be construed
          as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
   5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
   6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
   7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
   8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
   9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
   END OF TERMS AND CONDITIONS
   APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!)  The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
   Copyright [yyyy] [name of copyright owner]
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
--- a/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go
+++ b/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go
@ -1,207 +0,0 @@
 package testing
 import (
 	"fmt"
 	fuzz "github.com/AdaLogics/go-fuzz-headers"
 	"os"
 	"reflect"
 )
 type F struct {
 	Data     []byte
 	T        *T
 	FuzzFunc func(*T, any)
 }
 func (f *F) CleanupTempDirs() {
 	f.T.CleanupTempDirs()
 }
 func (f *F) Add(args ...any)                   {}
 func (c *F) Cleanup(f func())                  {}
 func (c *F) Error(args ...any)                 {}
 func (c *F) Errorf(format string, args ...any) {}
 func (f *F) Fail()                             {}
 func (c *F) FailNow()                          {}
 func (c *F) Failed() bool                      { return false }
 func (c *F) Fatal(args ...any)                 {}
 func (c *F) Fatalf(format string, args ...any) {}
 func (f *F) Fuzz(ff any) {
 	// we are assuming that ff is a func.
 	// TODO: Add a check for UX purposes
 	fn := reflect.ValueOf(ff)
 	fnType := fn.Type()
 	var types []reflect.Type
 	for i := 1; i < fnType.NumIn(); i++ {
 		t := fnType.In(i)
 		types = append(types, t)
 	}
 	args := []reflect.Value{reflect.ValueOf(f.T)}
 	fuzzConsumer := fuzz.NewConsumer(f.Data)
 	for _, v := range types {
 		switch v.String() {
 		case "[]uint8":
 			b, err := fuzzConsumer.GetBytes()
 			if err != nil {
 				return
 			}
 			newBytes := reflect.New(v)
 			newBytes.Elem().SetBytes(b)
 			args = append(args, newBytes.Elem())
 		case "string":
 			s, err := fuzzConsumer.GetString()
 			if err != nil {
 				return
 			}
 			newString := reflect.New(v)
 			newString.Elem().SetString(s)
 			args = append(args, newString.Elem())
 		case "int":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newInt := reflect.New(v)
 			newInt.Elem().SetInt(int64(randInt))
 			args = append(args, newInt.Elem())
 		case "int8":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newInt := reflect.New(v)
 			newInt.Elem().SetInt(int64(randInt))
 			args = append(args, newInt.Elem())
 		case "int16":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newInt := reflect.New(v)
 			newInt.Elem().SetInt(int64(randInt))
 			args = append(args, newInt.Elem())
 		case "int32":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newInt := reflect.New(v)
 			newInt.Elem().SetInt(int64(randInt))
 			args = append(args, newInt.Elem())
 		case "int64":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newInt := reflect.New(v)
 			newInt.Elem().SetInt(int64(randInt))
 			args = append(args, newInt.Elem())
 		case "uint":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newUint := reflect.New(v)
 			newUint.Elem().SetUint(uint64(randInt))
 			args = append(args, newUint.Elem())
 		case "uint8":
 			randInt, err := fuzzConsumer.GetInt()
 			if err != nil {
 				return
 			}
 			newUint := reflect.New(v)
 			newUint.Elem().SetUint(uint64(randInt))
 			args = append(args, newUint.Elem())
 		case "uint16":
 			randInt, err := fuzzConsumer.GetUint16()
 			if err != nil {
 				return
 			}
 			newUint16 := reflect.New(v)
 			newUint16.Elem().SetUint(uint64(randInt))
 			args = append(args, newUint16.Elem())
 		case "uint32":
 			randInt, err := fuzzConsumer.GetUint32()
 			if err != nil {
 				return
 			}
 			newUint32 := reflect.New(v)
 			newUint32.Elem().SetUint(uint64(randInt))
 			args = append(args, newUint32.Elem())
 		case "uint64":
 			randInt, err := fuzzConsumer.GetUint64()
 			if err != nil {
 				return
 			}
 			newUint64 := reflect.New(v)
 			newUint64.Elem().SetUint(uint64(randInt))
 			args = append(args, newUint64.Elem())
 		case "rune":
 			randRune, err := fuzzConsumer.GetRune()
 			if err != nil {
 				return
 			}
 			newRune := reflect.New(v)
 			newRune.Elem().Set(reflect.ValueOf(randRune))
 			args = append(args, newRune.Elem())
 		case "float32":
 			randFloat, err := fuzzConsumer.GetFloat32()
 			if err != nil {
 				return
 			}
 			newFloat := reflect.New(v)
 			newFloat.Elem().Set(reflect.ValueOf(randFloat))
 			args = append(args, newFloat.Elem())
 		case "float64":
 			randFloat, err := fuzzConsumer.GetFloat64()
 			if err != nil {
 				return
 			}
 			newFloat := reflect.New(v)
 			newFloat.Elem().Set(reflect.ValueOf(randFloat))
 			args = append(args, newFloat.Elem())
 		case "bool":
 			randBool, err := fuzzConsumer.GetBool()
 			if err != nil {
 				return
 			}
 			newBool := reflect.New(v)
 			newBool.Elem().Set(reflect.ValueOf(randBool))
 			args = append(args, newBool.Elem())
 		default:
 			fmt.Println(v.String())
 		}
 	}
 	fn.Call(args)
 }
 func (f *F) Helper() {}
 func (c *F) Log(args ...any) {
 	fmt.Println(args...)
 }
 func (c *F) Logf(format string, args ...any) {
 	fmt.Println(format, args)
 }
 func (c *F) Name() string             { return "libFuzzer" }
 func (c *F) Setenv(key, value string) {}
 func (c *F) Skip(args ...any) {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 func (c *F) SkipNow() {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 func (c *F) Skipf(format string, args ...any) {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 func (f *F) Skipped() bool { return false }
 func (f *F) TempDir() string {
 	dir, err := os.MkdirTemp("", "fuzzdir-")
 	if err != nil {
 		panic(err)
 	}
 	f.T.TempDirs = append(f.T.TempDirs, dir)
 	return dir
 }
--- a/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/t.go
+++ b/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/t.go
@ -1,129 +0,0 @@
 package testing
 import (
 	"fmt"
 	"os"
 	"strings"
 	"time"
 )
 // T can be used to terminate the current fuzz iteration
 // without terminating the whole fuzz run. To do so, simply
 // panic with the text "GO-FUZZ-BUILD-PANIC" and the fuzzer
 // will recover.
 type T struct {
 	TempDirs []string
 }
 func NewT() *T {
 	tempDirs := make([]string, 0)
 	return &T{TempDirs: tempDirs}
 }
 func unsupportedApi(name string) string {
 	plsOpenIss := "Please open an issue https://github.com/AdamKorcz/go-118-fuzz-build if you need this feature."
 	var b strings.Builder
 	b.WriteString(fmt.Sprintf("%s is not supported when fuzzing in libFuzzer mode\n.", name))
 	b.WriteString(plsOpenIss)
 	return b.String()
 }
 func (t *T) Cleanup(f func()) {
 	f()
 }
 func (t *T) Deadline() (deadline time.Time, ok bool) {
 	panic(unsupportedApi("t.Deadline()"))
 }
 func (t *T) Error(args ...any) {
 	fmt.Println(args...)
 	panic("error")
 }
 func (t *T) Errorf(format string, args ...any) {
 	fmt.Printf(format+"\n", args...)
 	panic("errorf")
 }
 func (t *T) Fail() {
 	panic("Called T.Fail()")
 }
 func (t *T) FailNow() {
 	panic("Called T.Fail()")
 	panic(unsupportedApi("t.FailNow()"))
 }
 func (t *T) Failed() bool {
 	panic(unsupportedApi("t.Failed()"))
 }
 func (t *T) Fatal(args ...any) {
 	fmt.Println(args...)
 	panic("fatal")
 }
 func (t *T) Fatalf(format string, args ...any) {
 	fmt.Printf(format+"\n", args...)
 	panic("fatal")
 }
 func (t *T) Helper() {
 	// We can't support it, but it also just impacts how failures are reported, so we can ignore it
 }
 func (t *T) Log(args ...any) {
 	fmt.Println(args...)
 }
 func (t *T) Logf(format string, args ...any) {
 	fmt.Println(format)
 	fmt.Println(args...)
 }
 func (t *T) Name() string {
 	return "libFuzzer"
 }
 func (t *T) Parallel() {
 	panic(unsupportedApi("t.Parallel()"))
 }
 func (t *T) Run(name string, f func(t *T)) bool {
 	panic(unsupportedApi("t.Run()"))
 }
 func (t *T) Setenv(key, value string) {
 }
 func (t *T) Skip(args ...any) {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 func (t *T) SkipNow() {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 // Is not really supported. We just skip instead
 // of printing any message. A log message can be
 // added if need be.
 func (t *T) Skipf(format string, args ...any) {
 	panic("GO-FUZZ-BUILD-PANIC")
 }
 func (t *T) Skipped() bool {
 	panic(unsupportedApi("t.Skipped()"))
 }
 func (t *T) TempDir() string {
 	dir, err := os.MkdirTemp("", "fuzzdir-")
 	if err != nil {
 		panic(err)
 	}
 	t.TempDirs = append(t.TempDirs, dir)
 	return dir
 }
 func (t *T) CleanupTempDirs() {
 	if len(t.TempDirs) > 0 {
 		for _, tempDir := range t.TempDirs {
 			os.RemoveAll(tempDir)
 		}
 	}
 }
--- a/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/unsupported_funcs.go
+++ b/vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/unsupported_funcs.go
@ -1,42 +0,0 @@
 package testing
 import (
 	"testing"
 )
 func AllocsPerRun(runs int, f func()) (avg float64) {
 	panic(unsupportedApi("testing.AllocsPerRun"))
 }
 func CoverMode() string {
 	panic(unsupportedApi("testing.CoverMode"))
 }
 func Coverage() float64 {
 	panic(unsupportedApi("testing.Coverage"))	
 }
 func Init() {
 	panic(unsupportedApi("testing.Init"))
 }
 func RegisterCover(c testing.Cover) {
 	panic(unsupportedApi("testing.RegisterCover"))
 }
 func RunExamples(matchString func(pat, str string) (bool, error), examples []testing.InternalExample) (ok bool) {
 	panic(unsupportedApi("testing.RunExamples"))
 }
 func RunTests(matchString func(pat, str string) (bool, error), tests []testing.InternalTest) (ok bool) {
 	panic(unsupportedApi("testing.RunTests"))
 }
 func Short() bool {
 	return false
 }
 func Verbose() bool {
 	panic(unsupportedApi("testing.Verbose"))
 }
 type M struct {}
 func (m *M) Run() (code int) {
 	panic("testing.M is not support in libFuzzer Mode")
 }
--- a/vendor/github.com/Microsoft/go-winio/.gitattributes
+++ b/vendor/github.com/Microsoft/go-winio/.gitattributes
@ -1 +0,0 @@
 * text=auto eol=lf
--- a/vendor/github.com/Microsoft/go-winio/.gitignore
+++ b/vendor/github.com/Microsoft/go-winio/.gitignore
@ -1,10 +1 @@
 .vscode/
 *.exe
 # testing
 testdata
 # go workspaces
 go.work
 go.work.sum
--- a/vendor/github.com/Microsoft/go-winio/.golangci.yml
+++ b/vendor/github.com/Microsoft/go-winio/.golangci.yml
@ -1,149 +0,0 @@
 run:
  skip-dirs:
    - pkg/etw/sample
 linters:
  enable:
    # style
    - containedctx # struct contains a context
    - dupl # duplicate code
    - errname # erorrs are named correctly
    - nolintlint # "//nolint" directives are properly explained
    - revive # golint replacement
    - unconvert # unnecessary conversions
    - wastedassign
    # bugs, performance, unused, etc ...
    - contextcheck # function uses a non-inherited context
    - errorlint # errors not wrapped for 1.13
    - exhaustive # check exhaustiveness of enum switch statements
    - gofmt # files are gofmt'ed
    - gosec # security
    - nilerr # returns nil even with non-nil error
    - unparam # unused function params
 issues:
  exclude-rules:
    # err is very often shadowed in nested scopes
    - linters:
        - govet
      text: '^shadow: declaration of "err" shadows declaration'
    # ignore long lines for skip autogen directives
    - linters:
        - revive
      text: "^line-length-limit: "
      source: "^//(go:generate|sys) "
    #TODO: remove after upgrading to go1.18
    # ignore comment spacing for nolint and sys directives
    - linters:
        - revive
      text: "^comment-spacings: no space between comment delimiter and comment text"
      source: "//(cspell:|nolint:|sys |todo)"
    # not on go 1.18 yet, so no any
    - linters:
        - revive
      text: "^use-any: since GO 1.18 'interface{}' can be replaced by 'any'"
    # allow unjustified ignores of error checks in defer statements
    - linters:
        - nolintlint
      text: "^directive `//nolint:errcheck` should provide explanation"
      source: '^\s*defer '
    # allow unjustified ignores of error lints for io.EOF
    - linters:
        - nolintlint
      text: "^directive `//nolint:errorlint` should provide explanation"
      source: '[=|!]= io.EOF'
 linters-settings:
  exhaustive:
    default-signifies-exhaustive: true
  govet:
    enable-all: true
    disable:
      # struct order is often for Win32 compat
      # also, ignore pointer bytes/GC issues for now until performance becomes an issue
      - fieldalignment
    check-shadowing: true
  nolintlint:
    allow-leading-space: false
    require-explanation: true
    require-specific: true
  revive:
    # revive is more configurable than static check, so likely the preferred alternative to static-check
    # (once the perf issue is solved: https://github.com/golangci/golangci-lint/issues/2997)
    enable-all-rules:
      true
      # https://github.com/mgechev/revive/blob/master/RULES_DESCRIPTIONS.md
    rules:
      # rules with required arguments
      - name: argument-limit
        disabled: true
      - name: banned-characters
        disabled: true
      - name: cognitive-complexity
        disabled: true
      - name: cyclomatic
        disabled: true
      - name: file-header
        disabled: true
      - name: function-length
        disabled: true
      - name: function-result-limit
        disabled: true
      - name: max-public-structs
        disabled: true
      # geneally annoying rules
      - name: add-constant # complains about any and all strings and integers
        disabled: true
      - name: confusing-naming # we frequently use "Foo()" and "foo()" together
        disabled: true
      - name: flag-parameter # excessive, and a common idiom we use
        disabled: true
      - name: unhandled-error # warns over common fmt.Print* and io.Close; rely on errcheck instead
        disabled: true
      # general config
      - name: line-length-limit
        arguments:
          - 140
      - name: var-naming
        arguments:
          - []
          - - CID
            - CRI
            - CTRD
            - DACL
            - DLL
            - DOS
            - ETW
            - FSCTL
            - GCS
            - GMSA
            - HCS
            - HV
            - IO
            - LCOW
            - LDAP
            - LPAC
            - LTSC
            - MMIO
            - NT
            - OCI
            - PMEM
            - PWSH
            - RX
            - SACl
            - SID
            - SMB
            - TX
            - VHD
            - VHDX
            - VMID
            - VPCI
            - WCOW
            - WIM
--- a/vendor/github.com/Microsoft/go-winio/CODEOWNERS
+++ b/vendor/github.com/Microsoft/go-winio/CODEOWNERS
@ -1 +0,0 @@
  * @microsoft/containerplat
--- a/vendor/github.com/Microsoft/go-winio/README.md
+++ b/vendor/github.com/Microsoft/go-winio/README.md
@ -1,4 +1,4 @@
-# go-winio [![Build Status](https://github.com/microsoft/go-winio/actions/workflows/ci.yml/badge.svg)](https://github.com/microsoft/go-winio/actions/workflows/ci.yml)
+# go-winio
 This repository contains utilities for efficiently performing Win32 IO operations in
 Go. Currently, this is focused on accessing named pipes and other file handles, and
@ -11,79 +11,12 @@ package.
 Please see the LICENSE file for licensing information.
-## Contributing
+This project has adopted the [Microsoft Open Source Code of
 Conduct](https://opensource.microsoft.com/codeofconduct/). For more information
 see the [Code of Conduct
 FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact
 [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional
 questions or comments.
-This project welcomes contributions and suggestions.
+Thanks to natefinch for the inspiration for this library. See https://github.com/natefinch/npipe
-Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that
+for another named pipe implementation.
 you have the right to, and actually do, grant us the rights to use your contribution.
 For details, visit [Microsoft CLA](https://cla.microsoft.com).
 When you submit a pull request, a CLA-bot will automatically determine whether you need to
 provide a CLA and decorate the PR appropriately (e.g., label, comment).
 Simply follow the instructions provided by the bot.
 You will only need to do this once across all repos using our CLA.
 Additionally, the pull request pipeline requires the following steps to be performed before
 mergining.
 ### Code Sign-Off
 We require that contributors sign their commits using [`git commit --signoff`][git-commit-s]
 to certify they either authored the work themselves or otherwise have permission to use it in this project.
 A range of commits can be signed off using [`git rebase --signoff`][git-rebase-s].
 Please see [the developer certificate](https://developercertificate.org) for more info,
 as well as to make sure that you can attest to the rules listed.
 Our CI uses the DCO Github app to ensure that all commits in a given PR are signed-off.
 ### Linting
 Code must pass a linting stage, which uses [`golangci-lint`][lint].
 The linting settings are stored in [`.golangci.yaml`](./.golangci.yaml), and can be run
 automatically with VSCode by adding the following to your workspace or folder settings:
 ```json
    "go.lintTool": "golangci-lint",
    "go.lintOnSave": "package",
 ```
 Additional editor [integrations options are also available][lint-ide].
 Alternatively, `golangci-lint` can be [installed locally][lint-install] and run from the repo root:
 ```shell
 # use . or specify a path to only lint a package
 # to show all lint errors, use flags "--max-issues-per-linter=0 --max-same-issues=0"
 > golangci-lint run ./...
 ```
 ### Go Generate
 The pipeline checks that auto-generated code, via `go generate`, are up to date.
 This can be done for the entire repo:
 ```shell
 > go generate ./...
 ```
 ## Code of Conduct
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
 For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
 contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
 ## Special Thanks
 Thanks to [natefinch][natefinch] for the inspiration for this library.
 See [npipe](https://github.com/natefinch/npipe) for another named pipe implementation.
 [lint]: https://golangci-lint.run/
 [lint-ide]: https://golangci-lint.run/usage/integrations/#editor-integration
 [lint-install]: https://golangci-lint.run/usage/install/#local-installation
 [git-commit-s]: https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s
 [git-rebase-s]: https://git-scm.com/docs/git-rebase#Documentation/git-rebase.txt---signoff
 [natefinch]: https://github.com/natefinch
--- a/vendor/github.com/Microsoft/go-winio/SECURITY.md
+++ b/vendor/github.com/Microsoft/go-winio/SECURITY.md
@ -1,41 +0,0 @@
 <!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
 ## Security
 Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
 ## Reporting Security Issues
 **Please do not report security vulnerabilities through public GitHub issues.**
 Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
 If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
 You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  * Full paths of source file(s) related to the manifestation of the issue
  * The location of the affected source code (tag/branch/commit or direct URL)
  * Any special configuration required to reproduce the issue
  * Step-by-step instructions to reproduce the issue
  * Proof-of-concept or exploit code (if possible)
  * Impact of the issue, including how an attacker might exploit the issue
 This information will help us triage your report more quickly.
 If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
 ## Preferred Languages
 We prefer all communications to be in English.
 ## Policy
 Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
 <!-- END MICROSOFT SECURITY.MD BLOCK -->
--- a/vendor/github.com/Microsoft/go-winio/backup.go
+++ b/vendor/github.com/Microsoft/go-winio/backup.go
@ -1,4 +1,3 @@
 //go:build windows
 // +build windows
 package winio
@ -8,12 +7,11 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
 	"os"
 	"runtime"
 	"syscall"
 	"unicode/utf16"
 	"golang.org/x/sys/windows"
 )
 //sys backupRead(h syscall.Handle, b []byte, bytesRead *uint32, abort bool, processSecurity bool, context *uintptr) (err error) = BackupRead
@ -26,7 +24,7 @@ const (
 	BackupAlternateData
 	BackupLink
 	BackupPropertyData
-	BackupObjectId //revive:disable-line:var-naming ID, not Id
+	BackupObjectId
 	BackupReparseData
 	BackupSparseBlock
 	BackupTxfsData
@ -36,16 +34,14 @@ const (
 	StreamSparseAttributes = uint32(8)
 )
 //nolint:revive // var-naming: ALL_CAPS
 const (
-	WRITE_DAC              = windows.WRITE_DAC
+	WRITE_DAC              = 0x40000
-	WRITE_OWNER            = windows.WRITE_OWNER
+	WRITE_OWNER            = 0x80000
-	ACCESS_SYSTEM_SECURITY = windows.ACCESS_SYSTEM_SECURITY
+	ACCESS_SYSTEM_SECURITY = 0x1000000
 )
 // BackupHeader represents a backup stream of a file.
 type BackupHeader struct {
 	//revive:disable-next-line:var-naming ID, not Id
 	Id         uint32 // The backup stream ID
 	Attributes uint32 // Stream attributes
 	Size       int64  // The size of the stream in bytes
@ -53,8 +49,8 @@ type BackupHeader struct {
 	Offset     int64  // The offset of the stream in the file (for BackupSparseBlock only).
 }
-type win32StreamID struct {
+type win32StreamId struct {
-	StreamID   uint32
+	StreamId   uint32
 	Attributes uint32
 	Size       uint64
 	NameSize   uint32
@ -75,7 +71,7 @@ func NewBackupStreamReader(r io.Reader) *BackupStreamReader {
 // Next returns the next backup stream and prepares for calls to Read(). It skips the remainder of the current stream if
 // it was not completely read.
 func (r *BackupStreamReader) Next() (*BackupHeader, error) {
-	if r.bytesLeft > 0 { //nolint:nestif // todo: flatten this
+	if r.bytesLeft > 0 {
 		if s, ok := r.r.(io.Seeker); ok {
 			// Make sure Seek on io.SeekCurrent sometimes succeeds
 			// before trying the actual seek.
@ -86,16 +82,16 @@ func (r *BackupStreamReader) Next() (*BackupHeader, error) {
 				r.bytesLeft = 0
 			}
 		}
-		if _, err := io.Copy(io.Discard, r); err != nil {
+		if _, err := io.Copy(ioutil.Discard, r); err != nil {
 			return nil, err
 		}
 	}
-	var wsi win32StreamID
+	var wsi win32StreamId
 	if err := binary.Read(r.r, binary.LittleEndian, &wsi); err != nil {
 		return nil, err
 	}
 	hdr := &BackupHeader{
-		Id:         wsi.StreamID,
+		Id:         wsi.StreamId,
 		Attributes: wsi.Attributes,
 		Size:       int64(wsi.Size),
 	}
@ -106,7 +102,7 @@ func (r *BackupStreamReader) Next() (*BackupHeader, error) {
 		}
 		hdr.Name = syscall.UTF16ToString(name)
 	}
-	if wsi.StreamID == BackupSparseBlock {
+	if wsi.StreamId == BackupSparseBlock {
 		if err := binary.Read(r.r, binary.LittleEndian, &hdr.Offset); err != nil {
 			return nil, err
 		}
@ -151,8 +147,8 @@ func (w *BackupStreamWriter) WriteHeader(hdr *BackupHeader) error {
 		return fmt.Errorf("missing %d bytes", w.bytesLeft)
 	}
 	name := utf16.Encode([]rune(hdr.Name))
-	wsi := win32StreamID{
+	wsi := win32StreamId{
-		StreamID:   hdr.Id,
+		StreamId:   hdr.Id,
 		Attributes: hdr.Attributes,
 		Size:       uint64(hdr.Size),
 		NameSize:   uint32(len(name) * 2),
@ -207,7 +203,7 @@ func (r *BackupFileReader) Read(b []byte) (int, error) {
 	var bytesRead uint32
 	err := backupRead(syscall.Handle(r.f.Fd()), b, &bytesRead, false, r.includeSecurity, &r.ctx)
 	if err != nil {
-		return 0, &os.PathError{Op: "BackupRead", Path: r.f.Name(), Err: err}
+		return 0, &os.PathError{"BackupRead", r.f.Name(), err}
 	}
 	runtime.KeepAlive(r.f)
 	if bytesRead == 0 {
@ -220,7 +216,7 @@ func (r *BackupFileReader) Read(b []byte) (int, error) {
 // the underlying file.
 func (r *BackupFileReader) Close() error {
 	if r.ctx != 0 {
-		_ = backupRead(syscall.Handle(r.f.Fd()), nil, nil, true, false, &r.ctx)
+		backupRead(syscall.Handle(r.f.Fd()), nil, nil, true, false, &r.ctx)
 		runtime.KeepAlive(r.f)
 		r.ctx = 0
 	}
@ -246,7 +242,7 @@ func (w *BackupFileWriter) Write(b []byte) (int, error) {
 	var bytesWritten uint32
 	err := backupWrite(syscall.Handle(w.f.Fd()), b, &bytesWritten, false, w.includeSecurity, &w.ctx)
 	if err != nil {
-		return 0, &os.PathError{Op: "BackupWrite", Path: w.f.Name(), Err: err}
+		return 0, &os.PathError{"BackupWrite", w.f.Name(), err}
 	}
 	runtime.KeepAlive(w.f)
 	if int(bytesWritten) != len(b) {
@ -259,7 +255,7 @@ func (w *BackupFileWriter) Write(b []byte) (int, error) {
 // close the underlying file.
 func (w *BackupFileWriter) Close() error {
 	if w.ctx != 0 {
-		_ = backupWrite(syscall.Handle(w.f.Fd()), nil, nil, true, false, &w.ctx)
+		backupWrite(syscall.Handle(w.f.Fd()), nil, nil, true, false, &w.ctx)
 		runtime.KeepAlive(w.f)
 		w.ctx = 0
 	}
@ -275,13 +271,7 @@ func OpenForBackup(path string, access uint32, share uint32, createmode uint32)
 	if err != nil {
 		return nil, err
 	}
-	h, err := syscall.CreateFile(&winPath[0],
+	h, err := syscall.CreateFile(&winPath[0], access, share, nil, createmode, syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OPEN_REPARSE_POINT, 0)
 		access,
 		share,
 		nil,
 		createmode,
 		syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OPEN_REPARSE_POINT,
 		0)
 	if err != nil {
 		err = &os.PathError{Op: "open", Path: path, Err: err}
 		return nil, err
--- a/vendor/github.com/Microsoft/go-winio/backuptar/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/doc.go
@ -1,3 +0,0 @@
 // This file only exists to allow go get on non-Windows platforms.
 package backuptar
--- a/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
+++ b/vendor/github.com/Microsoft/go-winio/backuptar/tar.go
@ -1,509 +0,0 @@
 //go:build windows
 // +build windows
 package backuptar
 import (
 	"archive/tar"
 	"encoding/base64"
 	"fmt"
 	"io"
 	"path/filepath"
 	"strconv"
 	"strings"
 	"syscall"
 	"time"
 	"github.com/Microsoft/go-winio"
 	"golang.org/x/sys/windows"
 )
 //nolint:deadcode,varcheck // keep unused constants for potential future use
 const (
 	cISUID  = 0004000 // Set uid
 	cISGID  = 0002000 // Set gid
 	cISVTX  = 0001000 // Save text (sticky bit)
 	cISDIR  = 0040000 // Directory
 	cISFIFO = 0010000 // FIFO
 	cISREG  = 0100000 // Regular file
 	cISLNK  = 0120000 // Symbolic link
 	cISBLK  = 0060000 // Block special file
 	cISCHR  = 0020000 // Character special file
 	cISSOCK = 0140000 // Socket
 )
 const (
 	hdrFileAttributes        = "MSWINDOWS.fileattr"
 	hdrSecurityDescriptor    = "MSWINDOWS.sd"
 	hdrRawSecurityDescriptor = "MSWINDOWS.rawsd"
 	hdrMountPoint            = "MSWINDOWS.mountpoint"
 	hdrEaPrefix              = "MSWINDOWS.xattr."
 	hdrCreationTime = "LIBARCHIVE.creationtime"
 )
 // zeroReader is an io.Reader that always returns 0s.
 type zeroReader struct{}
 func (zeroReader) Read(b []byte) (int, error) {
 	for i := range b {
 		b[i] = 0
 	}
 	return len(b), nil
 }
 func copySparse(t *tar.Writer, br *winio.BackupStreamReader) error {
 	curOffset := int64(0)
 	for {
 		bhdr, err := br.Next()
 		if err == io.EOF { //nolint:errorlint
 			err = io.ErrUnexpectedEOF
 		}
 		if err != nil {
 			return err
 		}
 		if bhdr.Id != winio.BackupSparseBlock {
 			return fmt.Errorf("unexpected stream %d", bhdr.Id)
 		}
 		// We can't seek backwards, since we have already written that data to the tar.Writer.
 		if bhdr.Offset < curOffset {
 			return fmt.Errorf("cannot seek back from %d to %d", curOffset, bhdr.Offset)
 		}
 		// archive/tar does not support writing sparse files
 		// so just write zeroes to catch up to the current offset.
 		if _, err = io.CopyN(t, zeroReader{}, bhdr.Offset-curOffset); err != nil {
 			return fmt.Errorf("seek to offset %d: %w", bhdr.Offset, err)
 		}
 		if bhdr.Size == 0 {
 			// A sparse block with size = 0 is used to mark the end of the sparse blocks.
 			break
 		}
 		n, err := io.Copy(t, br)
 		if err != nil {
 			return err
 		}
 		if n != bhdr.Size {
 			return fmt.Errorf("copied %d bytes instead of %d at offset %d", n, bhdr.Size, bhdr.Offset)
 		}
 		curOffset = bhdr.Offset + n
 	}
 	return nil
 }
 // BasicInfoHeader creates a tar header from basic file information.
 func BasicInfoHeader(name string, size int64, fileInfo *winio.FileBasicInfo) *tar.Header {
 	hdr := &tar.Header{
 		Format:     tar.FormatPAX,
 		Name:       filepath.ToSlash(name),
 		Size:       size,
 		Typeflag:   tar.TypeReg,
 		ModTime:    time.Unix(0, fileInfo.LastWriteTime.Nanoseconds()),
 		ChangeTime: time.Unix(0, fileInfo.ChangeTime.Nanoseconds()),
 		AccessTime: time.Unix(0, fileInfo.LastAccessTime.Nanoseconds()),
 		PAXRecords: make(map[string]string),
 	}
 	hdr.PAXRecords[hdrFileAttributes] = fmt.Sprintf("%d", fileInfo.FileAttributes)
 	hdr.PAXRecords[hdrCreationTime] = formatPAXTime(time.Unix(0, fileInfo.CreationTime.Nanoseconds()))
 	if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 {
 		hdr.Mode |= cISDIR
 		hdr.Size = 0
 		hdr.Typeflag = tar.TypeDir
 	}
 	return hdr
 }
 // SecurityDescriptorFromTarHeader reads the SDDL associated with the header of the current file
 // from the tar header and returns the security descriptor into a byte slice.
 func SecurityDescriptorFromTarHeader(hdr *tar.Header) ([]byte, error) {
 	if sdraw, ok := hdr.PAXRecords[hdrRawSecurityDescriptor]; ok {
 		sd, err := base64.StdEncoding.DecodeString(sdraw)
 		if err != nil {
 			// Not returning sd as-is in the error-case, as base64.DecodeString
 			// may return partially decoded data (not nil or empty slice) in case
 			// of a failure: https://github.com/golang/go/blob/go1.17.7/src/encoding/base64/base64.go#L382-L387
 			return nil, err
 		}
 		return sd, nil
 	}
 	// Maintaining old SDDL-based behavior for backward compatibility. All new
 	// tar headers written by this library will have raw binary for the security
 	// descriptor.
 	if sddl, ok := hdr.PAXRecords[hdrSecurityDescriptor]; ok {
 		return winio.SddlToSecurityDescriptor(sddl)
 	}
 	return nil, nil
 }
 // ExtendedAttributesFromTarHeader reads the EAs associated with the header of the
 // current file from the tar header and returns it as a byte slice.
 func ExtendedAttributesFromTarHeader(hdr *tar.Header) ([]byte, error) {
 	var eas []winio.ExtendedAttribute //nolint:prealloc // len(eas) <= len(hdr.PAXRecords); prealloc is wasteful
 	for k, v := range hdr.PAXRecords {
 		if !strings.HasPrefix(k, hdrEaPrefix) {
 			continue
 		}
 		data, err := base64.StdEncoding.DecodeString(v)
 		if err != nil {
 			return nil, err
 		}
 		eas = append(eas, winio.ExtendedAttribute{
 			Name:  k[len(hdrEaPrefix):],
 			Value: data,
 		})
 	}
 	var eaData []byte
 	var err error
 	if len(eas) != 0 {
 		eaData, err = winio.EncodeExtendedAttributes(eas)
 		if err != nil {
 			return nil, err
 		}
 	}
 	return eaData, nil
 }
 // EncodeReparsePointFromTarHeader reads the ReparsePoint structure from the tar header
 // and encodes it into a byte slice. The file for which this function is called must be a
 // symlink.
 func EncodeReparsePointFromTarHeader(hdr *tar.Header) []byte {
 	_, isMountPoint := hdr.PAXRecords[hdrMountPoint]
 	rp := winio.ReparsePoint{
 		Target:       filepath.FromSlash(hdr.Linkname),
 		IsMountPoint: isMountPoint,
 	}
 	return winio.EncodeReparsePoint(&rp)
 }
 // WriteTarFileFromBackupStream writes a file to a tar writer using data from a Win32 backup stream.
 //
 // This encodes Win32 metadata as tar pax vendor extensions starting with MSWINDOWS.
 //
 // The additional Win32 metadata is:
 //
 //   - MSWINDOWS.fileattr: The Win32 file attributes, as a decimal value
 //   - MSWINDOWS.rawsd: The Win32 security descriptor, in raw binary format
 //   - MSWINDOWS.mountpoint: If present, this is a mount point and not a symlink, even though the type is '2' (symlink)
 func WriteTarFileFromBackupStream(t *tar.Writer, r io.Reader, name string, size int64, fileInfo *winio.FileBasicInfo) error {
 	name = filepath.ToSlash(name)
 	hdr := BasicInfoHeader(name, size, fileInfo)
 	// If r can be seeked, then this function is two-pass: pass 1 collects the
 	// tar header data, and pass 2 copies the data stream. If r cannot be
 	// seeked, then some header data (in particular EAs) will be silently lost.
 	var (
 		restartPos int64
 		err        error
 	)
 	sr, readTwice := r.(io.Seeker)
 	if readTwice {
 		if restartPos, err = sr.Seek(0, io.SeekCurrent); err != nil {
 			readTwice = false
 		}
 	}
 	br := winio.NewBackupStreamReader(r)
 	var dataHdr *winio.BackupHeader
 	for dataHdr == nil {
 		bhdr, err := br.Next()
 		if err == io.EOF { //nolint:errorlint
 			break
 		}
 		if err != nil {
 			return err
 		}
 		switch bhdr.Id {
 		case winio.BackupData:
 			hdr.Mode |= cISREG
 			if !readTwice {
 				dataHdr = bhdr
 			}
 		case winio.BackupSecurity:
 			sd, err := io.ReadAll(br)
 			if err != nil {
 				return err
 			}
 			hdr.PAXRecords[hdrRawSecurityDescriptor] = base64.StdEncoding.EncodeToString(sd)
 		case winio.BackupReparseData:
 			hdr.Mode |= cISLNK
 			hdr.Typeflag = tar.TypeSymlink
 			reparseBuffer, _ := io.ReadAll(br)
 			rp, err := winio.DecodeReparsePoint(reparseBuffer)
 			if err != nil {
 				return err
 			}
 			if rp.IsMountPoint {
 				hdr.PAXRecords[hdrMountPoint] = "1"
 			}
 			hdr.Linkname = rp.Target
 		case winio.BackupEaData:
 			eab, err := io.ReadAll(br)
 			if err != nil {
 				return err
 			}
 			eas, err := winio.DecodeExtendedAttributes(eab)
 			if err != nil {
 				return err
 			}
 			for _, ea := range eas {
 				// Use base64 encoding for the binary value. Note that there
 				// is no way to encode the EA's flags, since their use doesn't
 				// make any sense for persisted EAs.
 				hdr.PAXRecords[hdrEaPrefix+ea.Name] = base64.StdEncoding.EncodeToString(ea.Value)
 			}
 		case winio.BackupAlternateData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
 			// ignore these streams
 		default:
 			return fmt.Errorf("%s: unknown stream ID %d", name, bhdr.Id)
 		}
 	}
 	err = t.WriteHeader(hdr)
 	if err != nil {
 		return err
 	}
 	if readTwice {
 		// Get back to the data stream.
 		if _, err = sr.Seek(restartPos, io.SeekStart); err != nil {
 			return err
 		}
 		for dataHdr == nil {
 			bhdr, err := br.Next()
 			if err == io.EOF { //nolint:errorlint
 				break
 			}
 			if err != nil {
 				return err
 			}
 			if bhdr.Id == winio.BackupData {
 				dataHdr = bhdr
 			}
 		}
 	}
 	// The logic for copying file contents is fairly complicated due to the need for handling sparse files,
 	// and the weird ways they are represented by BackupRead. A normal file will always either have a data stream
 	// with size and content, or no data stream at all (if empty). However, for a sparse file, the content can also
 	// be represented using a series of sparse block streams following the data stream. Additionally, the way sparse
 	// files are handled by BackupRead has changed in the OS recently. The specifics of the representation are described
 	// in the list at the bottom of this block comment.
 	//
 	// Sparse files can be represented in four different ways, based on the specifics of the file.
 	// - Size = 0:
 	//     Previously: BackupRead yields no data stream and no sparse block streams.
 	//     Recently: BackupRead yields a data stream with size = 0. There are no following sparse block streams.
 	// - Size > 0, no allocated ranges:
 	//     BackupRead yields a data stream with size = 0. Following is a single sparse block stream with
 	//     size = 0 and offset = <file size>.
 	// - Size > 0, one allocated range:
 	//     BackupRead yields a data stream with size = <file size> containing the file contents. There are no
 	//     sparse block streams. This is the case if you take a normal file with contents and simply set the
 	//     sparse flag on it.
 	// - Size > 0, multiple allocated ranges:
 	//     BackupRead yields a data stream with size = 0. Following are sparse block streams for each allocated
 	//     range of the file containing the range contents. Finally there is a sparse block stream with
 	//     size = 0 and offset = <file size>.
 	if dataHdr != nil { //nolint:nestif // todo: reduce nesting complexity
 		// A data stream was found. Copy the data.
 		// We assume that we will either have a data stream size > 0 XOR have sparse block streams.
 		if dataHdr.Size > 0 || (dataHdr.Attributes&winio.StreamSparseAttributes) == 0 {
 			if size != dataHdr.Size {
 				return fmt.Errorf("%s: mismatch between file size %d and header size %d", name, size, dataHdr.Size)
 			}
 			if _, err = io.Copy(t, br); err != nil {
 				return fmt.Errorf("%s: copying contents from data stream: %w", name, err)
 			}
 		} else if size > 0 {
 			// As of a recent OS change, BackupRead now returns a data stream for empty sparse files.
 			// These files have no sparse block streams, so skip the copySparse call if file size = 0.
 			if err = copySparse(t, br); err != nil {
 				return fmt.Errorf("%s: copying contents from sparse block stream: %w", name, err)
 			}
 		}
 	}
 	// Look for streams after the data stream. The only ones we handle are alternate data streams.
 	// Other streams may have metadata that could be serialized, but the tar header has already
 	// been written. In practice, this means that we don't get EA or TXF metadata.
 	for {
 		bhdr, err := br.Next()
 		if err == io.EOF { //nolint:errorlint
 			break
 		}
 		if err != nil {
 			return err
 		}
 		switch bhdr.Id {
 		case winio.BackupAlternateData:
 			if (bhdr.Attributes & winio.StreamSparseAttributes) != 0 {
 				// Unsupported for now, since the size of the alternate stream is not present
 				// in the backup stream until after the data has been read.
 				return fmt.Errorf("%s: tar of sparse alternate data streams is unsupported", name)
 			}
 			altName := strings.TrimSuffix(bhdr.Name, ":$DATA")
 			hdr = &tar.Header{
 				Format:     hdr.Format,
 				Name:       name + altName,
 				Mode:       hdr.Mode,
 				Typeflag:   tar.TypeReg,
 				Size:       bhdr.Size,
 				ModTime:    hdr.ModTime,
 				AccessTime: hdr.AccessTime,
 				ChangeTime: hdr.ChangeTime,
 			}
 			err = t.WriteHeader(hdr)
 			if err != nil {
 				return err
 			}
 			_, err = io.Copy(t, br)
 			if err != nil {
 				return err
 			}
 		case winio.BackupEaData, winio.BackupLink, winio.BackupPropertyData, winio.BackupObjectId, winio.BackupTxfsData:
 			// ignore these streams
 		default:
 			return fmt.Errorf("%s: unknown stream ID %d after data", name, bhdr.Id)
 		}
 	}
 	return nil
 }
 // FileInfoFromHeader retrieves basic Win32 file information from a tar header, using the additional metadata written by
 // WriteTarFileFromBackupStream.
 func FileInfoFromHeader(hdr *tar.Header) (name string, size int64, fileInfo *winio.FileBasicInfo, err error) {
 	name = hdr.Name
 	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
 		size = hdr.Size
 	}
 	fileInfo = &winio.FileBasicInfo{
 		LastAccessTime: windows.NsecToFiletime(hdr.AccessTime.UnixNano()),
 		LastWriteTime:  windows.NsecToFiletime(hdr.ModTime.UnixNano()),
 		ChangeTime:     windows.NsecToFiletime(hdr.ChangeTime.UnixNano()),
 		// Default to ModTime, we'll pull hdrCreationTime below if present
 		CreationTime: windows.NsecToFiletime(hdr.ModTime.UnixNano()),
 	}
 	if attrStr, ok := hdr.PAXRecords[hdrFileAttributes]; ok {
 		attr, err := strconv.ParseUint(attrStr, 10, 32)
 		if err != nil {
 			return "", 0, nil, err
 		}
 		fileInfo.FileAttributes = uint32(attr)
 	} else {
 		if hdr.Typeflag == tar.TypeDir {
 			fileInfo.FileAttributes |= syscall.FILE_ATTRIBUTE_DIRECTORY
 		}
 	}
 	if creationTimeStr, ok := hdr.PAXRecords[hdrCreationTime]; ok {
 		creationTime, err := parsePAXTime(creationTimeStr)
 		if err != nil {
 			return "", 0, nil, err
 		}
 		fileInfo.CreationTime = windows.NsecToFiletime(creationTime.UnixNano())
 	}
 	return name, size, fileInfo, err
 }
 // WriteBackupStreamFromTarFile writes a Win32 backup stream from the current tar file. Since this function may process multiple
 // tar file entries in order to collect all the alternate data streams for the file, it returns the next
 // tar file that was not processed, or io.EOF is there are no more.
 func WriteBackupStreamFromTarFile(w io.Writer, t *tar.Reader, hdr *tar.Header) (*tar.Header, error) {
 	bw := winio.NewBackupStreamWriter(w)
 	sd, err := SecurityDescriptorFromTarHeader(hdr)
 	if err != nil {
 		return nil, err
 	}
 	if len(sd) != 0 {
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupSecurity,
 			Size: int64(len(sd)),
 		}
 		err := bw.WriteHeader(&bhdr)
 		if err != nil {
 			return nil, err
 		}
 		_, err = bw.Write(sd)
 		if err != nil {
 			return nil, err
 		}
 	}
 	eadata, err := ExtendedAttributesFromTarHeader(hdr)
 	if err != nil {
 		return nil, err
 	}
 	if len(eadata) != 0 {
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupEaData,
 			Size: int64(len(eadata)),
 		}
 		err = bw.WriteHeader(&bhdr)
 		if err != nil {
 			return nil, err
 		}
 		_, err = bw.Write(eadata)
 		if err != nil {
 			return nil, err
 		}
 	}
 	if hdr.Typeflag == tar.TypeSymlink {
 		reparse := EncodeReparsePointFromTarHeader(hdr)
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupReparseData,
 			Size: int64(len(reparse)),
 		}
 		err := bw.WriteHeader(&bhdr)
 		if err != nil {
 			return nil, err
 		}
 		_, err = bw.Write(reparse)
 		if err != nil {
 			return nil, err
 		}
 	}
 	if hdr.Typeflag == tar.TypeReg || hdr.Typeflag == tar.TypeRegA {
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupData,
 			Size: hdr.Size,
 		}
 		err := bw.WriteHeader(&bhdr)
 		if err != nil {
 			return nil, err
 		}
 		_, err = io.Copy(bw, t)
 		if err != nil {
 			return nil, err
 		}
 	}
 	// Copy all the alternate data streams and return the next non-ADS header.
 	for {
 		ahdr, err := t.Next()
 		if err != nil {
 			return nil, err
 		}
 		if ahdr.Typeflag != tar.TypeReg || !strings.HasPrefix(ahdr.Name, hdr.Name+":") {
 			return ahdr, nil
 		}
 		bhdr := winio.BackupHeader{
 			Id:   winio.BackupAlternateData,
 			Size: ahdr.Size,
 			Name: ahdr.Name[len(hdr.Name):] + ":$DATA",
 		}
 		err = bw.WriteHeader(&bhdr)
 		if err != nil {
 			return nil, err
 		}
 		_, err = io.Copy(bw, t)
 		if err != nil {
 			return nil, err
 		}
 	}
 }
--- a/vendor/github.com/Microsoft/go-winio/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/doc.go
@ -1,22 +0,0 @@
 // This package provides utilities for efficiently performing Win32 IO operations in Go.
 // Currently, this package is provides support for genreal IO and management of
 //   - named pipes
 //   - files
 //   - [Hyper-V sockets]
 //
 // This code is similar to Go's [net] package, and uses IO completion ports to avoid
 // blocking IO on system threads, allowing Go to reuse the thread to schedule other goroutines.
 //
 // This limits support to Windows Vista and newer operating systems.
 //
 // Additionally, this package provides support for:
 //   - creating and managing GUIDs
 //   - writing to [ETW]
 //   - opening and manageing VHDs
 //   - parsing [Windows Image files]
 //   - auto-generating Win32 API code
 //
 // [Hyper-V sockets]: https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service
 // [ETW]: https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/event-tracing-for-windows--etw-
 // [Windows Image files]: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/work-with-windows-images
 package winio
--- a/vendor/github.com/Microsoft/go-winio/ea.go
+++ b/vendor/github.com/Microsoft/go-winio/ea.go
@ -33,7 +33,7 @@ func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
 	err = binary.Read(bytes.NewReader(b), binary.LittleEndian, &info)
 	if err != nil {
 		err = errInvalidEaBuffer
-		return ea, nb, err
+		return
 	}
 	nameOffset := fileFullEaInformationSize
@ -43,7 +43,7 @@ func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
 	nextOffset := int(info.NextEntryOffset)
 	if valueLen+valueOffset > len(b) || nextOffset < 0 || nextOffset > len(b) {
 		err = errInvalidEaBuffer
-		return ea, nb, err
+		return
 	}
 	ea.Name = string(b[nameOffset : nameOffset+nameLen])
@ -52,7 +52,7 @@ func parseEa(b []byte) (ea ExtendedAttribute, nb []byte, err error) {
 	if info.NextEntryOffset != 0 {
 		nb = b[info.NextEntryOffset:]
 	}
-	return ea, nb, err
+	return
 }
 // DecodeExtendedAttributes decodes a list of EAs from a FILE_FULL_EA_INFORMATION
@ -67,7 +67,7 @@ func DecodeExtendedAttributes(b []byte) (eas []ExtendedAttribute, err error) {
 		eas = append(eas, ea)
 		b = nb
 	}
-	return eas, err
+	return
 }
 func writeEa(buf *bytes.Buffer, ea *ExtendedAttribute, last bool) error {
--- a/vendor/github.com/Microsoft/go-winio/file.go
+++ b/vendor/github.com/Microsoft/go-winio/file.go
@ -1,4 +1,3 @@
 //go:build windows
 // +build windows
 package winio
@ -11,8 +10,6 @@ import (
 	"sync/atomic"
 	"syscall"
 	"time"
 	"golang.org/x/sys/windows"
 )
 //sys cancelIoEx(file syscall.Handle, o *syscall.Overlapped) (err error) = CancelIoEx
@ -26,8 +23,6 @@ type atomicBool int32
 func (b *atomicBool) isSet() bool { return atomic.LoadInt32((*int32)(b)) != 0 }
 func (b *atomicBool) setFalse()   { atomic.StoreInt32((*int32)(b), 0) }
 func (b *atomicBool) setTrue()    { atomic.StoreInt32((*int32)(b), 1) }
 //revive:disable-next-line:predeclared Keep "new" to maintain consistency with "atomic" pkg
 func (b *atomicBool) swap(new bool) bool {
 	var newInt int32
 	if new {
@ -36,6 +31,11 @@ func (b *atomicBool) swap(new bool) bool {
 	return atomic.SwapInt32((*int32)(b), newInt) == 1
 }
 const (
 	cFILE_SKIP_COMPLETION_PORT_ON_SUCCESS = 1
 	cFILE_SKIP_SET_EVENT_ON_HANDLE        = 2
 )
 var (
 	ErrFileClosed = errors.New("file has already been closed")
 	ErrTimeout    = &timeoutError{}
@ -43,28 +43,28 @@ var (
 type timeoutError struct{}
-func (*timeoutError) Error() string   { return "i/o timeout" }
+func (e *timeoutError) Error() string   { return "i/o timeout" }
-func (*timeoutError) Timeout() bool   { return true }
+func (e *timeoutError) Timeout() bool   { return true }
-func (*timeoutError) Temporary() bool { return true }
+func (e *timeoutError) Temporary() bool { return true }
 type timeoutChan chan struct{}
 var ioInitOnce sync.Once
 var ioCompletionPort syscall.Handle
-// ioResult contains the result of an asynchronous IO operation.
+// ioResult contains the result of an asynchronous IO operation
 type ioResult struct {
 	bytes uint32
 	err   error
 }
-// ioOperation represents an outstanding asynchronous Win32 IO.
+// ioOperation represents an outstanding asynchronous Win32 IO
 type ioOperation struct {
 	o  syscall.Overlapped
 	ch chan ioResult
 }
-func initIO() {
+func initIo() {
 	h, err := createIoCompletionPort(syscall.InvalidHandle, 0, 0, 0xffffffff)
 	if err != nil {
 		panic(err)
@ -93,15 +93,15 @@ type deadlineHandler struct {
 	timedout    atomicBool
 }
-// makeWin32File makes a new win32File from an existing file handle.
+// makeWin32File makes a new win32File from an existing file handle
 func makeWin32File(h syscall.Handle) (*win32File, error) {
 	f := &win32File{handle: h}
-	ioInitOnce.Do(initIO)
+	ioInitOnce.Do(initIo)
 	_, err := createIoCompletionPort(h, ioCompletionPort, 0, 0xffffffff)
 	if err != nil {
 		return nil, err
 	}
-	err = setFileCompletionNotificationModes(h, windows.FILE_SKIP_COMPLETION_PORT_ON_SUCCESS|windows.FILE_SKIP_SET_EVENT_ON_HANDLE)
+	err = setFileCompletionNotificationModes(h, cFILE_SKIP_COMPLETION_PORT_ON_SUCCESS|cFILE_SKIP_SET_EVENT_ON_HANDLE)
 	if err != nil {
 		return nil, err
 	}
@ -120,14 +120,14 @@ func MakeOpenFile(h syscall.Handle) (io.ReadWriteCloser, error) {
 	return f, nil
 }
-// closeHandle closes the resources associated with a Win32 handle.
+// closeHandle closes the resources associated with a Win32 handle
 func (f *win32File) closeHandle() {
 	f.wgLock.Lock()
 	// Atomically set that we are closing, releasing the resources only once.
 	if !f.closing.swap(true) {
 		f.wgLock.Unlock()
 		// cancel all IO and wait for it to complete
-		_ = cancelIoEx(f.handle, nil)
+		cancelIoEx(f.handle, nil)
 		f.wg.Wait()
 		// at this point, no new IO can start
 		syscall.Close(f.handle)
@ -143,14 +143,9 @@ func (f *win32File) Close() error {
 	return nil
 }
-// IsClosed checks if the file has been closed.
+// prepareIo prepares for a new IO operation.
 func (f *win32File) IsClosed() bool {
 	return f.closing.isSet()
 }
 // prepareIO prepares for a new IO operation.
 // The caller must call f.wg.Done() when the IO is finished, prior to Close() returning.
-func (f *win32File) prepareIO() (*ioOperation, error) {
+func (f *win32File) prepareIo() (*ioOperation, error) {
 	f.wgLock.RLock()
 	if f.closing.isSet() {
 		f.wgLock.RUnlock()
@ -163,7 +158,7 @@ func (f *win32File) prepareIO() (*ioOperation, error) {
 	return c, nil
 }
-// ioCompletionProcessor processes completed async IOs forever.
+// ioCompletionProcessor processes completed async IOs forever
 func ioCompletionProcessor(h syscall.Handle) {
 	for {
 		var bytes uint32
@ -177,17 +172,15 @@ func ioCompletionProcessor(h syscall.Handle) {
 	}
 }
-// todo: helsaawy - create an asyncIO version that takes a context
+// asyncIo processes the return value from ReadFile or WriteFile, blocking until
 // asyncIO processes the return value from ReadFile or WriteFile, blocking until
 // the operation has actually completed.
-func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, err error) (int, error) {
+func (f *win32File) asyncIo(c *ioOperation, d *deadlineHandler, bytes uint32, err error) (int, error) {
-	if err != syscall.ERROR_IO_PENDING { //nolint:errorlint // err is Errno
+	if err != syscall.ERROR_IO_PENDING {
 		return int(bytes), err
 	}
 	if f.closing.isSet() {
-		_ = cancelIoEx(f.handle, &c.o)
+		cancelIoEx(f.handle, &c.o)
 	}
 	var timeout timeoutChan
@ -201,7 +194,7 @@ func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, er
 	select {
 	case r = <-c.ch:
 		err = r.err
-		if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+		if err == syscall.ERROR_OPERATION_ABORTED {
 			if f.closing.isSet() {
 				err = ErrFileClosed
 			}
@ -211,10 +204,10 @@ func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, er
 			err = wsaGetOverlappedResult(f.handle, &c.o, &bytes, false, &flags)
 		}
 	case <-timeout:
-		_ = cancelIoEx(f.handle, &c.o)
+		cancelIoEx(f.handle, &c.o)
 		r = <-c.ch
 		err = r.err
-		if err == syscall.ERROR_OPERATION_ABORTED { //nolint:errorlint // err is Errno
+		if err == syscall.ERROR_OPERATION_ABORTED {
 			err = ErrTimeout
 		}
 	}
@ -222,14 +215,13 @@ func (f *win32File) asyncIO(c *ioOperation, d *deadlineHandler, bytes uint32, er
 	// runtime.KeepAlive is needed, as c is passed via native
 	// code to ioCompletionProcessor, c must remain alive
 	// until the channel read is complete.
 	// todo: (de)allocate *ioOperation via win32 heap functions, instead of needing to KeepAlive?
 	runtime.KeepAlive(c)
 	return int(r.bytes), err
 }
 // Read reads from a file handle.
 func (f *win32File) Read(b []byte) (int, error) {
-	c, err := f.prepareIO()
+	c, err := f.prepareIo()
 	if err != nil {
 		return 0, err
 	}
@ -241,13 +233,13 @@ func (f *win32File) Read(b []byte) (int, error) {
 	var bytes uint32
 	err = syscall.ReadFile(f.handle, b, &bytes, &c.o)
-	n, err := f.asyncIO(c, &f.readDeadline, bytes, err)
+	n, err := f.asyncIo(c, &f.readDeadline, bytes, err)
 	runtime.KeepAlive(b)
 	// Handle EOF conditions.
 	if err == nil && n == 0 && len(b) != 0 {
 		return 0, io.EOF
-	} else if err == syscall.ERROR_BROKEN_PIPE { //nolint:errorlint // err is Errno
+	} else if err == syscall.ERROR_BROKEN_PIPE {
 		return 0, io.EOF
 	} else {
 		return n, err
@ -256,7 +248,7 @@ func (f *win32File) Read(b []byte) (int, error) {
 // Write writes to a file handle.
 func (f *win32File) Write(b []byte) (int, error) {
-	c, err := f.prepareIO()
+	c, err := f.prepareIo()
 	if err != nil {
 		return 0, err
 	}
@ -268,7 +260,7 @@ func (f *win32File) Write(b []byte) (int, error) {
 	var bytes uint32
 	err = syscall.WriteFile(f.handle, b, &bytes, &c.o)
-	n, err := f.asyncIO(c, &f.writeDeadline, bytes, err)
+	n, err := f.asyncIo(c, &f.writeDeadline, bytes, err)
 	runtime.KeepAlive(b)
 	return n, err
 }
--- a/vendor/github.com/Microsoft/go-winio/fileinfo.go
+++ b/vendor/github.com/Microsoft/go-winio/fileinfo.go
@ -1,4 +1,3 @@
 //go:build windows
 // +build windows
 package winio
@ -6,27 +5,29 @@ package winio
 import (
 	"os"
 	"runtime"
 	"syscall"
 	"unsafe"
 )
-	"golang.org/x/sys/windows"
+//sys getFileInformationByHandleEx(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) = GetFileInformationByHandleEx
 //sys setFileInformationByHandle(h syscall.Handle, class uint32, buffer *byte, size uint32) (err error) = SetFileInformationByHandle
 const (
 	fileBasicInfo = 0
 	fileIDInfo    = 0x12
 )
 // FileBasicInfo contains file access time and file attributes information.
 type FileBasicInfo struct {
-	CreationTime, LastAccessTime, LastWriteTime, ChangeTime windows.Filetime
+	CreationTime, LastAccessTime, LastWriteTime, ChangeTime syscall.Filetime
 	FileAttributes                                          uint32
-	_                                                       uint32 // padding
+	pad                                                     uint32 // padding
 }
 // GetFileBasicInfo retrieves times and attributes for a file.
 func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
 	bi := &FileBasicInfo{}
-	if err := windows.GetFileInformationByHandleEx(
+	if err := getFileInformationByHandleEx(syscall.Handle(f.Fd()), fileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
 		windows.Handle(f.Fd()),
 		windows.FileBasicInfo,
 		(*byte)(unsafe.Pointer(bi)),
 		uint32(unsafe.Sizeof(*bi)),
 	); err != nil {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
@ -35,40 +36,13 @@ func GetFileBasicInfo(f *os.File) (*FileBasicInfo, error) {
 // SetFileBasicInfo sets times and attributes for a file.
 func SetFileBasicInfo(f *os.File, bi *FileBasicInfo) error {
-	if err := windows.SetFileInformationByHandle(
+	if err := setFileInformationByHandle(syscall.Handle(f.Fd()), fileBasicInfo, (*byte)(unsafe.Pointer(bi)), uint32(unsafe.Sizeof(*bi))); err != nil {
 		windows.Handle(f.Fd()),
 		windows.FileBasicInfo,
 		(*byte)(unsafe.Pointer(bi)),
 		uint32(unsafe.Sizeof(*bi)),
 	); err != nil {
 		return &os.PathError{Op: "SetFileInformationByHandle", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
 	return nil
 }
 // FileStandardInfo contains extended information for the file.
 // FILE_STANDARD_INFO in WinBase.h
 // https://docs.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-file_standard_info
 type FileStandardInfo struct {
 	AllocationSize, EndOfFile int64
 	NumberOfLinks             uint32
 	DeletePending, Directory  bool
 }
 // GetFileStandardInfo retrieves ended information for the file.
 func GetFileStandardInfo(f *os.File) (*FileStandardInfo, error) {
 	si := &FileStandardInfo{}
 	if err := windows.GetFileInformationByHandleEx(windows.Handle(f.Fd()),
 		windows.FileStandardInfo,
 		(*byte)(unsafe.Pointer(si)),
 		uint32(unsafe.Sizeof(*si))); err != nil {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
 	return si, nil
 }
 // FileIDInfo contains the volume serial number and file ID for a file. This pair should be
 // unique on a system.
 type FileIDInfo struct {
@ -79,12 +53,7 @@ type FileIDInfo struct {
 // GetFileID retrieves the unique (volume, file ID) pair for a file.
 func GetFileID(f *os.File) (*FileIDInfo, error) {
 	fileID := &FileIDInfo{}
-	if err := windows.GetFileInformationByHandleEx(
+	if err := getFileInformationByHandleEx(syscall.Handle(f.Fd()), fileIDInfo, (*byte)(unsafe.Pointer(fileID)), uint32(unsafe.Sizeof(*fileID))); err != nil {
 		windows.Handle(f.Fd()),
 		windows.FileIdInfo,
 		(*byte)(unsafe.Pointer(fileID)),
 		uint32(unsafe.Sizeof(*fileID)),
 	); err != nil {
 		return nil, &os.PathError{Op: "GetFileInformationByHandleEx", Path: f.Name(), Err: err}
 	}
 	runtime.KeepAlive(f)
--- a/vendor/github.com/Microsoft/go-winio/go.mod
+++ b/vendor/github.com/Microsoft/go-winio/go.mod
@ -0,0 +1,9 @@
 module github.com/Microsoft/go-winio
 go 1.12
 require (
 	github.com/pkg/errors v0.8.1
 	github.com/sirupsen/logrus v1.4.1
 	golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
 )
--- a/vendor/github.com/Microsoft/go-winio/go.sum
+++ b/vendor/github.com/Microsoft/go-winio/go.sum
@ -0,0 +1,16 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/vendor/github.com/Microsoft/go-winio/hvsock.go
+++ b/vendor/github.com/Microsoft/go-winio/hvsock.go
@ -1,11 +1,6 @@
 //go:build windows
 // +build windows
 package winio
 import (
 	"context"
 	"errors"
 	"fmt"
 	"io"
 	"net"
@ -14,87 +9,16 @@ import (
 	"time"
 	"unsafe"
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/socket"
 	"github.com/Microsoft/go-winio/pkg/guid"
 )
-const afHVSock = 34 // AF_HYPERV
+//sys bind(s syscall.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
-// Well known Service and VM IDs
+const (
-// https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/make-integration-service#vmid-wildcards
+	afHvSock = 34 // AF_HYPERV
-// HvsockGUIDWildcard is the wildcard VmId for accepting connections from all partitions.
+	socketError = ^uintptr(0)
-func HvsockGUIDWildcard() guid.GUID { // 00000000-0000-0000-0000-000000000000
+)
 	return guid.GUID{}
 }
 // HvsockGUIDBroadcast is the wildcard VmId for broadcasting sends to all partitions.
 func HvsockGUIDBroadcast() guid.GUID { // ffffffff-ffff-ffff-ffff-ffffffffffff
 	return guid.GUID{
 		Data1: 0xffffffff,
 		Data2: 0xffff,
 		Data3: 0xffff,
 		Data4: [8]uint8{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
 	}
 }
 // HvsockGUIDLoopback is the Loopback VmId for accepting connections to the same partition as the connector.
 func HvsockGUIDLoopback() guid.GUID { // e0e16197-dd56-4a10-9195-5ee7a155a838
 	return guid.GUID{
 		Data1: 0xe0e16197,
 		Data2: 0xdd56,
 		Data3: 0x4a10,
 		Data4: [8]uint8{0x91, 0x95, 0x5e, 0xe7, 0xa1, 0x55, 0xa8, 0x38},
 	}
 }
 // HvsockGUIDSiloHost is the address of a silo's host partition:
 //   - The silo host of a hosted silo is the utility VM.
 //   - The silo host of a silo on a physical host is the physical host.
 func HvsockGUIDSiloHost() guid.GUID { // 36bd0c5c-7276-4223-88ba-7d03b654c568
 	return guid.GUID{
 		Data1: 0x36bd0c5c,
 		Data2: 0x7276,
 		Data3: 0x4223,
 		Data4: [8]byte{0x88, 0xba, 0x7d, 0x03, 0xb6, 0x54, 0xc5, 0x68},
 	}
 }
 // HvsockGUIDChildren is the wildcard VmId for accepting connections from the connector's child partitions.
 func HvsockGUIDChildren() guid.GUID { // 90db8b89-0d35-4f79-8ce9-49ea0ac8b7cd
 	return guid.GUID{
 		Data1: 0x90db8b89,
 		Data2: 0xd35,
 		Data3: 0x4f79,
 		Data4: [8]uint8{0x8c, 0xe9, 0x49, 0xea, 0xa, 0xc8, 0xb7, 0xcd},
 	}
 }
 // HvsockGUIDParent is the wildcard VmId for accepting connections from the connector's parent partition.
 // Listening on this VmId accepts connection from:
 //   - Inside silos: silo host partition.
 //   - Inside hosted silo: host of the VM.
 //   - Inside VM: VM host.
 //   - Physical host: Not supported.
 func HvsockGUIDParent() guid.GUID { // a42e7cda-d03f-480c-9cc2-a4de20abb878
 	return guid.GUID{
 		Data1: 0xa42e7cda,
 		Data2: 0xd03f,
 		Data3: 0x480c,
 		Data4: [8]uint8{0x9c, 0xc2, 0xa4, 0xde, 0x20, 0xab, 0xb8, 0x78},
 	}
 }
 // hvsockVsockServiceTemplate is the Service GUID used for the VSOCK protocol.
 func hvsockVsockServiceTemplate() guid.GUID { // 00000000-facb-11e6-bd58-64006a7986d3
 	return guid.GUID{
 		Data2: 0xfacb,
 		Data3: 0x11e6,
 		Data4: [8]uint8{0xbd, 0x58, 0x64, 0x00, 0x6a, 0x79, 0x86, 0xd3},
 	}
 }
 // An HvsockAddr is an address for a AF_HYPERV socket.
 type HvsockAddr struct {
@ -109,10 +33,8 @@ type rawHvsockAddr struct {
 	ServiceID guid.GUID
 }
 var _ socket.RawSockaddr = &rawHvsockAddr{}
 // Network returns the address's network name, "hvsock".
-func (*HvsockAddr) Network() string {
+func (addr *HvsockAddr) Network() string {
 	return "hvsock"
 }
@ -122,14 +44,14 @@ func (addr *HvsockAddr) String() string {
 // VsockServiceID returns an hvsock service ID corresponding to the specified AF_VSOCK port.
 func VsockServiceID(port uint32) guid.GUID {
-	g := hvsockVsockServiceTemplate() // make a copy
+	g, _ := guid.FromString("00000000-facb-11e6-bd58-64006a7986d3")
 	g.Data1 = port
 	return g
 }
 func (addr *HvsockAddr) raw() rawHvsockAddr {
 	return rawHvsockAddr{
-		Family:    afHVSock,
+		Family:    afHvSock,
 		VMID:      addr.VMID,
 		ServiceID: addr.ServiceID,
 	}
@ -140,48 +62,20 @@ func (addr *HvsockAddr) fromRaw(raw *rawHvsockAddr) {
 	addr.ServiceID = raw.ServiceID
 }
 // Sockaddr returns a pointer to and the size of this struct.
 //
 // Implements the [socket.RawSockaddr] interface, and allows use in
 // [socket.Bind] and [socket.ConnectEx].
 func (r *rawHvsockAddr) Sockaddr() (unsafe.Pointer, int32, error) {
 	return unsafe.Pointer(r), int32(unsafe.Sizeof(rawHvsockAddr{})), nil
 }
 // Sockaddr interface allows use with `sockets.Bind()` and `.ConnectEx()`.
 func (r *rawHvsockAddr) FromBytes(b []byte) error {
 	n := int(unsafe.Sizeof(rawHvsockAddr{}))
 	if len(b) < n {
 		return fmt.Errorf("got %d, want %d: %w", len(b), n, socket.ErrBufferSize)
 	}
 	copy(unsafe.Slice((*byte)(unsafe.Pointer(r)), n), b[:n])
 	if r.Family != afHVSock {
 		return fmt.Errorf("got %d, want %d: %w", r.Family, afHVSock, socket.ErrAddrFamily)
 	}
 	return nil
 }
 // HvsockListener is a socket listener for the AF_HYPERV address family.
 type HvsockListener struct {
 	sock *win32File
 	addr HvsockAddr
 }
 var _ net.Listener = &HvsockListener{}
 // HvsockConn is a connected socket of the AF_HYPERV address family.
 type HvsockConn struct {
 	sock          *win32File
 	local, remote HvsockAddr
 }
-var _ net.Conn = &HvsockConn{}
+func newHvSocket() (*win32File, error) {
-
+	fd, err := syscall.Socket(afHvSock, syscall.SOCK_STREAM, 1)
 func newHVSocket() (*win32File, error) {
 	fd, err := syscall.Socket(afHVSock, syscall.SOCK_STREAM, 1)
 	if err != nil {
 		return nil, os.NewSyscallError("socket", err)
 	}
@ -197,12 +91,12 @@ func newHVSocket() (*win32File, error) {
 // ListenHvsock listens for connections on the specified hvsock address.
 func ListenHvsock(addr *HvsockAddr) (_ *HvsockListener, err error) {
 	l := &HvsockListener{addr: *addr}
-	sock, err := newHVSocket()
+	sock, err := newHvSocket()
 	if err != nil {
 		return nil, l.opErr("listen", err)
 	}
 	sa := addr.raw()
-	err = socket.Bind(windows.Handle(sock.handle), &sa)
+	err = bind(sock.handle, unsafe.Pointer(&sa), int32(unsafe.Sizeof(sa)))
 	if err != nil {
 		return nil, l.opErr("listen", os.NewSyscallError("socket", err))
 	}
@ -224,7 +118,7 @@ func (l *HvsockListener) Addr() net.Addr {
 // Accept waits for the next connection and returns it.
 func (l *HvsockListener) Accept() (_ net.Conn, err error) {
-	sock, err := newHVSocket()
+	sock, err := newHvSocket()
 	if err != nil {
 		return nil, l.opErr("accept", err)
 	}
@ -233,42 +127,27 @@ func (l *HvsockListener) Accept() (_ net.Conn, err error) {
 			sock.Close()
 		}
 	}()
-	c, err := l.sock.prepareIO()
+	c, err := l.sock.prepareIo()
 	if err != nil {
 		return nil, l.opErr("accept", err)
 	}
 	defer l.sock.wg.Done()
 	// AcceptEx, per documentation, requires an extra 16 bytes per address.
 	//
 	// https://docs.microsoft.com/en-us/windows/win32/api/mswsock/nf-mswsock-acceptex
 	const addrlen = uint32(16 + unsafe.Sizeof(rawHvsockAddr{}))
 	var addrbuf [addrlen * 2]byte
 	var bytes uint32
-	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0 /* rxdatalen */, addrlen, addrlen, &bytes, &c.o)
+	err = syscall.AcceptEx(l.sock.handle, sock.handle, &addrbuf[0], 0, addrlen, addrlen, &bytes, &c.o)
-	if _, err = l.sock.asyncIO(c, nil, bytes, err); err != nil {
+	_, err = l.sock.asyncIo(c, nil, bytes, err)
 	if err != nil {
 		return nil, l.opErr("accept", os.NewSyscallError("acceptex", err))
 	}
 	conn := &HvsockConn{
 		sock: sock,
 	}
 	// The local address returned in the AcceptEx buffer is the same as the Listener socket's
 	// address. However, the service GUID reported by GetSockName is different from the Listeners
 	// socket, and is sometimes the same as the local address of the socket that dialed the
 	// address, with the service GUID.Data1 incremented, but othertimes is different.
 	// todo: does the local address matter? is the listener's address or the actual address appropriate?
 	conn.local.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[0])))
 	conn.remote.fromRaw((*rawHvsockAddr)(unsafe.Pointer(&addrbuf[addrlen])))
 	// initialize the accepted socket and update its properties with those of the listening socket
 	if err = windows.Setsockopt(windows.Handle(sock.handle),
 		windows.SOL_SOCKET, windows.SO_UPDATE_ACCEPT_CONTEXT,
 		(*byte)(unsafe.Pointer(&l.sock.handle)), int32(unsafe.Sizeof(l.sock.handle))); err != nil {
 		return nil, conn.opErr("accept", os.NewSyscallError("setsockopt", err))
 	}
 	sock = nil
 	return conn, nil
 }
@ -278,171 +157,43 @@ func (l *HvsockListener) Close() error {
 	return l.sock.Close()
 }
-// HvsockDialer configures and dials a Hyper-V Socket (ie, [HvsockConn]).
+/* Need to finish ConnectEx handling
-type HvsockDialer struct {
+func DialHvsock(ctx context.Context, addr *HvsockAddr) (*HvsockConn, error) {
-	// Deadline is the time the Dial operation must connect before erroring.
+	sock, err := newHvSocket()
 	Deadline time.Time
 	// Retries is the number of additional connects to try if the connection times out, is refused,
 	// or the host is unreachable
 	Retries uint
 	// RetryWait is the time to wait after a connection error to retry
 	RetryWait time.Duration
 	rt *time.Timer // redial wait timer
 }
 // Dial the Hyper-V socket at addr.
 //
 // See [HvsockDialer.Dial] for more information.
 func Dial(ctx context.Context, addr *HvsockAddr) (conn *HvsockConn, err error) {
 	return (&HvsockDialer{}).Dial(ctx, addr)
 }
 // Dial attempts to connect to the Hyper-V socket at addr, and returns a connection if successful.
 // Will attempt (HvsockDialer).Retries if dialing fails, waiting (HvsockDialer).RetryWait between
 // retries.
 //
 // Dialing can be cancelled either by providing (HvsockDialer).Deadline, or cancelling ctx.
 func (d *HvsockDialer) Dial(ctx context.Context, addr *HvsockAddr) (conn *HvsockConn, err error) {
 	op := "dial"
 	// create the conn early to use opErr()
 	conn = &HvsockConn{
 		remote: *addr,
 	}
 	if !d.Deadline.IsZero() {
 		var cancel context.CancelFunc
 		ctx, cancel = context.WithDeadline(ctx, d.Deadline)
 		defer cancel()
 	}
 	// preemptive timeout/cancellation check
 	if err = ctx.Err(); err != nil {
 		return nil, conn.opErr(op, err)
 	}
 	sock, err := newHVSocket()
 	if err != nil {
-		return nil, conn.opErr(op, err)
+		return nil, err
 	}
 	defer func() {
 		if sock != nil {
 			sock.Close()
 		}
 	}()
-
+	c, err := sock.prepareIo()
 	sa := addr.raw()
 	err = socket.Bind(windows.Handle(sock.handle), &sa)
 	if err != nil {
-		return nil, conn.opErr(op, os.NewSyscallError("bind", err))
+		return nil, err
 	}
 	c, err := sock.prepareIO()
 	if err != nil {
 		return nil, conn.opErr(op, err)
 	}
 	defer sock.wg.Done()
 	var bytes uint32
-	for i := uint(0); i <= d.Retries; i++ {
+	err = windows.ConnectEx(windows.Handle(sock.handle), sa, nil, 0, &bytes, &c.o)
-		err = socket.ConnectEx(
+	_, err = sock.asyncIo(ctx, c, nil, bytes, err)
 			windows.Handle(sock.handle),
 			&sa,
 			nil, // sendBuf
 			0,   // sendDataLen
 			&bytes,
 			(*windows.Overlapped)(unsafe.Pointer(&c.o)))
 		_, err = sock.asyncIO(c, nil, bytes, err)
 		if i < d.Retries && canRedial(err) {
 			if err = d.redialWait(ctx); err == nil {
 				continue
 			}
 		}
 		break
 	}
 	if err != nil {
-		return nil, conn.opErr(op, os.NewSyscallError("connectex", err))
+		return nil, err
 	}
-
+	conn := &HvsockConn{
-	// update the connection properties, so shutdown can be used
+		sock:   sock,
-	if err = windows.Setsockopt(
+		remote: *addr,
 		windows.Handle(sock.handle),
 		windows.SOL_SOCKET,
 		windows.SO_UPDATE_CONNECT_CONTEXT,
 		nil, // optvalue
 		0,   // optlen
 	); err != nil {
 		return nil, conn.opErr(op, os.NewSyscallError("setsockopt", err))
 	}
 	// get the local name
 	var sal rawHvsockAddr
 	err = socket.GetSockName(windows.Handle(sock.handle), &sal)
 	if err != nil {
 		return nil, conn.opErr(op, os.NewSyscallError("getsockname", err))
 	}
 	conn.local.fromRaw(&sal)
 	// one last check for timeout, since asyncIO doesn't check the context
 	if err = ctx.Err(); err != nil {
 		return nil, conn.opErr(op, err)
 	}
 	conn.sock = sock
 	sock = nil
 	return conn, nil
 }
-
+*/
 // redialWait waits before attempting to redial, resetting the timer as appropriate.
 func (d *HvsockDialer) redialWait(ctx context.Context) (err error) {
 	if d.RetryWait == 0 {
 		return nil
 	}
 	if d.rt == nil {
 		d.rt = time.NewTimer(d.RetryWait)
 	} else {
 		// should already be stopped and drained
 		d.rt.Reset(d.RetryWait)
 	}
 	select {
 	case <-ctx.Done():
 	case <-d.rt.C:
 		return nil
 	}
 	// stop and drain the timer
 	if !d.rt.Stop() {
 		<-d.rt.C
 	}
 	return ctx.Err()
 }
 // assumes error is a plain, unwrapped syscall.Errno provided by direct syscall.
 func canRedial(err error) bool {
 	//nolint:errorlint // guaranteed to be an Errno
 	switch err {
 	case windows.WSAECONNREFUSED, windows.WSAENETUNREACH, windows.WSAETIMEDOUT,
 		windows.ERROR_CONNECTION_REFUSED, windows.ERROR_CONNECTION_UNAVAIL:
 		return true
 	default:
 		return false
 	}
 }
 func (conn *HvsockConn) opErr(op string, err error) error {
 	// translate from "file closed" to "socket closed"
 	if errors.Is(err, ErrFileClosed) {
 		err = socket.ErrSocketClosed
 	}
 	return &net.OpError{Op: op, Net: "hvsock", Source: &conn.local, Addr: &conn.remote, Err: err}
 }
 func (conn *HvsockConn) Read(b []byte) (int, error) {
-	c, err := conn.sock.prepareIO()
+	c, err := conn.sock.prepareIo()
 	if err != nil {
 		return 0, conn.opErr("read", err)
 	}
@ -450,11 +201,10 @@ func (conn *HvsockConn) Read(b []byte) (int, error) {
 	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
 	var flags, bytes uint32
 	err = syscall.WSARecv(conn.sock.handle, &buf, 1, &bytes, &flags, &c.o, nil)
-	n, err := conn.sock.asyncIO(c, &conn.sock.readDeadline, bytes, err)
+	n, err := conn.sock.asyncIo(c, &conn.sock.readDeadline, bytes, err)
 	if err != nil {
-		var eno windows.Errno
+		if _, ok := err.(syscall.Errno); ok {
-		if errors.As(err, &eno) {
+			err = os.NewSyscallError("wsarecv", err)
 			err = os.NewSyscallError("wsarecv", eno)
 		}
 		return 0, conn.opErr("read", err)
 	} else if n == 0 {
@ -477,7 +227,7 @@ func (conn *HvsockConn) Write(b []byte) (int, error) {
 }
 func (conn *HvsockConn) write(b []byte) (int, error) {
-	c, err := conn.sock.prepareIO()
+	c, err := conn.sock.prepareIo()
 	if err != nil {
 		return 0, conn.opErr("write", err)
 	}
@ -485,11 +235,10 @@ func (conn *HvsockConn) write(b []byte) (int, error) {
 	buf := syscall.WSABuf{Buf: &b[0], Len: uint32(len(b))}
 	var bytes uint32
 	err = syscall.WSASend(conn.sock.handle, &buf, 1, &bytes, 0, &c.o, nil)
-	n, err := conn.sock.asyncIO(c, &conn.sock.writeDeadline, bytes, err)
+	n, err := conn.sock.asyncIo(c, &conn.sock.writeDeadline, bytes, err)
 	if err != nil {
-		var eno windows.Errno
+		if _, ok := err.(syscall.Errno); ok {
-		if errors.As(err, &eno) {
+			err = os.NewSyscallError("wsasend", err)
 			err = os.NewSyscallError("wsasend", eno)
 		}
 		return 0, conn.opErr("write", err)
 	}
@ -501,43 +250,29 @@ func (conn *HvsockConn) Close() error {
 	return conn.sock.Close()
 }
 func (conn *HvsockConn) IsClosed() bool {
 	return conn.sock.IsClosed()
 }
 // shutdown disables sending or receiving on a socket.
 func (conn *HvsockConn) shutdown(how int) error {
-	if conn.IsClosed() {
+	err := syscall.Shutdown(conn.sock.handle, syscall.SHUT_RD)
 		return socket.ErrSocketClosed
 	}
 	err := syscall.Shutdown(conn.sock.handle, how)
 	if err != nil {
 		// If the connection was closed, shutdowns fail with "not connected"
 		if errors.Is(err, windows.WSAENOTCONN) ||
 			errors.Is(err, windows.WSAESHUTDOWN) {
 			err = socket.ErrSocketClosed
 		}
 		return os.NewSyscallError("shutdown", err)
 	}
 	return nil
 }
-// CloseRead shuts down the read end of the socket, preventing future read operations.
+// CloseRead shuts down the read end of the socket.
 func (conn *HvsockConn) CloseRead() error {
 	err := conn.shutdown(syscall.SHUT_RD)
 	if err != nil {
-		return conn.opErr("closeread", err)
+		return conn.opErr("close", err)
 	}
 	return nil
 }
-// CloseWrite shuts down the write end of the socket, preventing future write operations and
+// CloseWrite shuts down the write end of the socket, notifying the other endpoint that
-// notifying the other endpoint that no more data will be written.
+// no more data will be written.
 func (conn *HvsockConn) CloseWrite() error {
 	err := conn.shutdown(syscall.SHUT_WR)
 	if err != nil {
-		return conn.opErr("closewrite", err)
+		return conn.opErr("close", err)
 	}
 	return nil
 }
@ -554,13 +289,8 @@ func (conn *HvsockConn) RemoteAddr() net.Addr {
 // SetDeadline implements the net.Conn SetDeadline method.
 func (conn *HvsockConn) SetDeadline(t time.Time) error {
-	// todo: implement `SetDeadline` for `win32File`
+	conn.SetReadDeadline(t)
-	if err := conn.SetReadDeadline(t); err != nil {
+	conn.SetWriteDeadline(t)
 		return fmt.Errorf("set read deadline: %w", err)
 	}
 	if err := conn.SetWriteDeadline(t); err != nil {
 		return fmt.Errorf("set write deadline: %w", err)
 	}
 	return nil
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/doc.go
@ -1,2 +0,0 @@
 // This package contains Win32 filesystem functionality.
 package fs
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/fs.go
@ -1,202 +0,0 @@
 //go:build windows
 package fs
 import (
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/stringbuffer"
 )
 //go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go fs.go
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew
 //sys CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) [failretval==windows.InvalidHandle] = CreateFileW
 const NullHandle windows.Handle = 0
 // AccessMask defines standard, specific, and generic rights.
 //
 //	Bitmask:
 //	 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
 //	 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
 //	+---------------+---------------+-------------------------------+
 //	|G|G|G|G|Resvd|A| StandardRights|         SpecificRights        |
 //	|R|W|E|A|     |S|               |                               |
 //	+-+-------------+---------------+-------------------------------+
 //
 //	GR     Generic Read
 //	GW     Generic Write
 //	GE     Generic Exectue
 //	GA     Generic All
 //	Resvd  Reserved
 //	AS     Access Security System
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/access-mask
 //
 // https://learn.microsoft.com/en-us/windows/win32/secauthz/generic-access-rights
 //
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-access-rights-constants
 type AccessMask = windows.ACCESS_MASK
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// Not actually any.
 	//
 	// For CreateFile: "query certain metadata such as file, directory, or device attributes without accessing that file or device"
 	// https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilew#parameters
 	FILE_ANY_ACCESS AccessMask = 0
 	// Specific Object Access
 	// from ntioapi.h
 	FILE_READ_DATA      AccessMask = (0x0001) // file & pipe
 	FILE_LIST_DIRECTORY AccessMask = (0x0001) // directory
 	FILE_WRITE_DATA AccessMask = (0x0002) // file & pipe
 	FILE_ADD_FILE   AccessMask = (0x0002) // directory
 	FILE_APPEND_DATA          AccessMask = (0x0004) // file
 	FILE_ADD_SUBDIRECTORY     AccessMask = (0x0004) // directory
 	FILE_CREATE_PIPE_INSTANCE AccessMask = (0x0004) // named pipe
 	FILE_READ_EA         AccessMask = (0x0008) // file & directory
 	FILE_READ_PROPERTIES AccessMask = FILE_READ_EA
 	FILE_WRITE_EA         AccessMask = (0x0010) // file & directory
 	FILE_WRITE_PROPERTIES AccessMask = FILE_WRITE_EA
 	FILE_EXECUTE  AccessMask = (0x0020) // file
 	FILE_TRAVERSE AccessMask = (0x0020) // directory
 	FILE_DELETE_CHILD AccessMask = (0x0040) // directory
 	FILE_READ_ATTRIBUTES AccessMask = (0x0080) // all
 	FILE_WRITE_ATTRIBUTES AccessMask = (0x0100) // all
 	FILE_ALL_ACCESS      AccessMask = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
 	FILE_GENERIC_READ    AccessMask = (STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE)
 	FILE_GENERIC_WRITE   AccessMask = (STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE)
 	FILE_GENERIC_EXECUTE AccessMask = (STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE)
 	SPECIFIC_RIGHTS_ALL AccessMask = 0x0000FFFF
 	// Standard Access
 	// from ntseapi.h
 	DELETE       AccessMask = 0x0001_0000
 	READ_CONTROL AccessMask = 0x0002_0000
 	WRITE_DAC    AccessMask = 0x0004_0000
 	WRITE_OWNER  AccessMask = 0x0008_0000
 	SYNCHRONIZE  AccessMask = 0x0010_0000
 	STANDARD_RIGHTS_REQUIRED AccessMask = 0x000F_0000
 	STANDARD_RIGHTS_READ    AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_WRITE   AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_EXECUTE AccessMask = READ_CONTROL
 	STANDARD_RIGHTS_ALL AccessMask = 0x001F_0000
 )
 type FileShareMode uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	FILE_SHARE_NONE        FileShareMode = 0x00
 	FILE_SHARE_READ        FileShareMode = 0x01
 	FILE_SHARE_WRITE       FileShareMode = 0x02
 	FILE_SHARE_DELETE      FileShareMode = 0x04
 	FILE_SHARE_VALID_FLAGS FileShareMode = 0x07
 )
 type FileCreationDisposition uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	// from winbase.h
 	CREATE_NEW        FileCreationDisposition = 0x01
 	CREATE_ALWAYS     FileCreationDisposition = 0x02
 	OPEN_EXISTING     FileCreationDisposition = 0x03
 	OPEN_ALWAYS       FileCreationDisposition = 0x04
 	TRUNCATE_EXISTING FileCreationDisposition = 0x05
 )
 // CreateFile and co. take flags or attributes together as one parameter.
 // Define alias until we can use generics to allow both
 // https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
 type FileFlagOrAttribute uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const ( // from winnt.h
 	FILE_FLAG_WRITE_THROUGH       FileFlagOrAttribute = 0x8000_0000
 	FILE_FLAG_OVERLAPPED          FileFlagOrAttribute = 0x4000_0000
 	FILE_FLAG_NO_BUFFERING        FileFlagOrAttribute = 0x2000_0000
 	FILE_FLAG_RANDOM_ACCESS       FileFlagOrAttribute = 0x1000_0000
 	FILE_FLAG_SEQUENTIAL_SCAN     FileFlagOrAttribute = 0x0800_0000
 	FILE_FLAG_DELETE_ON_CLOSE     FileFlagOrAttribute = 0x0400_0000
 	FILE_FLAG_BACKUP_SEMANTICS    FileFlagOrAttribute = 0x0200_0000
 	FILE_FLAG_POSIX_SEMANTICS     FileFlagOrAttribute = 0x0100_0000
 	FILE_FLAG_OPEN_REPARSE_POINT  FileFlagOrAttribute = 0x0020_0000
 	FILE_FLAG_OPEN_NO_RECALL      FileFlagOrAttribute = 0x0010_0000
 	FILE_FLAG_FIRST_PIPE_INSTANCE FileFlagOrAttribute = 0x0008_0000
 )
 type FileSQSFlag = FileFlagOrAttribute
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const ( // from winbase.h
 	SECURITY_ANONYMOUS      FileSQSFlag = FileSQSFlag(SecurityAnonymous << 16)
 	SECURITY_IDENTIFICATION FileSQSFlag = FileSQSFlag(SecurityIdentification << 16)
 	SECURITY_IMPERSONATION  FileSQSFlag = FileSQSFlag(SecurityImpersonation << 16)
 	SECURITY_DELEGATION     FileSQSFlag = FileSQSFlag(SecurityDelegation << 16)
 	SECURITY_SQOS_PRESENT     FileSQSFlag = 0x00100000
 	SECURITY_VALID_SQOS_FLAGS FileSQSFlag = 0x001F0000
 )
 // GetFinalPathNameByHandle flags
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew#parameters
 type GetFinalPathFlag uint32
 //nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
 const (
 	GetFinalPathDefaultFlag GetFinalPathFlag = 0x0
 	FILE_NAME_NORMALIZED GetFinalPathFlag = 0x0
 	FILE_NAME_OPENED     GetFinalPathFlag = 0x8
 	VOLUME_NAME_DOS  GetFinalPathFlag = 0x0
 	VOLUME_NAME_GUID GetFinalPathFlag = 0x1
 	VOLUME_NAME_NT   GetFinalPathFlag = 0x2
 	VOLUME_NAME_NONE GetFinalPathFlag = 0x4
 )
 // getFinalPathNameByHandle facilitates calling the Windows API GetFinalPathNameByHandle
 // with the given handle and flags. It transparently takes care of creating a buffer of the
 // correct size for the call.
 //
 // https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-getfinalpathnamebyhandlew
 func GetFinalPathNameByHandle(h windows.Handle, flags GetFinalPathFlag) (string, error) {
 	b := stringbuffer.NewWString()
 	//TODO: can loop infinitely if Win32 keeps returning the same (or a larger) n?
 	for {
 		n, err := windows.GetFinalPathNameByHandle(h, b.Pointer(), b.Cap(), uint32(flags))
 		if err != nil {
 			return "", err
 		}
 		// If the buffer wasn't large enough, n will be the total size needed (including null terminator).
 		// Resize and try again.
 		if n > b.Cap() {
 			b.ResizeTo(n)
 			continue
 		}
 		// If the buffer is large enough, n will be the size not including the null terminator.
 		// Convert to a Go string and return.
 		return b.String(), nil
 	}
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/security.go
@ -1,12 +0,0 @@
 package fs
 // https://learn.microsoft.com/en-us/windows/win32/api/winnt/ne-winnt-security_impersonation_level
 type SecurityImpersonationLevel int32 // C default enums underlying type is `int`, which is Go `int32`
 // Impersonation levels
 const (
 	SecurityAnonymous      SecurityImpersonationLevel = 0
 	SecurityIdentification SecurityImpersonationLevel = 1
 	SecurityImpersonation  SecurityImpersonationLevel = 2
 	SecurityDelegation     SecurityImpersonationLevel = 3
 )
--- a/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go
@ -1,64 +0,0 @@
 //go:build windows
 // Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 package fs
 import (
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 	errERROR_EINVAL     error = syscall.EINVAL
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
 var (
 	modkernel32 = windows.NewLazySystemDLL("kernel32.dll")
 	procCreateFileW = modkernel32.NewProc("CreateFileW")
 )
 func CreateFile(name string, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	var _p0 *uint16
 	_p0, err = syscall.UTF16PtrFromString(name)
 	if err != nil {
 		return
 	}
 	return _CreateFile(_p0, access, mode, sa, createmode, attrs, templatefile)
 }
 func _CreateFile(name *uint16, access AccessMask, mode FileShareMode, sa *syscall.SecurityAttributes, createmode FileCreationDisposition, attrs FileFlagOrAttribute, templatefile windows.Handle) (handle windows.Handle, err error) {
 	r0, _, e1 := syscall.Syscall9(procCreateFileW.Addr(), 7, uintptr(unsafe.Pointer(name)), uintptr(access), uintptr(mode), uintptr(unsafe.Pointer(sa)), uintptr(createmode), uintptr(attrs), uintptr(templatefile), 0, 0)
 	handle = windows.Handle(r0)
 	if handle == windows.InvalidHandle {
 		err = errnoErr(e1)
 	}
 	return
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go
@ -1,20 +0,0 @@
 package socket
 import (
 	"unsafe"
 )
 // RawSockaddr allows structs to be used with [Bind] and [ConnectEx]. The
 // struct must meet the Win32 sockaddr requirements specified here:
 // https://docs.microsoft.com/en-us/windows/win32/winsock/sockaddr-2
 //
 // Specifically, the struct size must be least larger than an int16 (unsigned short)
 // for the address family.
 type RawSockaddr interface {
 	// Sockaddr returns a pointer to the RawSockaddr and its struct size, allowing
 	// for the RawSockaddr's data to be overwritten by syscalls (if necessary).
 	//
 	// It is the callers responsibility to validate that the values are valid; invalid
 	// pointers or size can cause a panic.
 	Sockaddr() (unsafe.Pointer, int32, error)
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/socket.go
@ -1,179 +0,0 @@
 //go:build windows
 package socket
 import (
 	"errors"
 	"fmt"
 	"net"
 	"sync"
 	"syscall"
 	"unsafe"
 	"github.com/Microsoft/go-winio/pkg/guid"
 	"golang.org/x/sys/windows"
 )
 //go:generate go run github.com/Microsoft/go-winio/tools/mkwinsyscall -output zsyscall_windows.go socket.go
 //sys getsockname(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) [failretval==socketError] = ws2_32.getsockname
 //sys getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) [failretval==socketError] = ws2_32.getpeername
 //sys bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) [failretval==socketError] = ws2_32.bind
 const socketError = uintptr(^uint32(0))
 var (
 	// todo(helsaawy): create custom error types to store the desired vs actual size and addr family?
 	ErrBufferSize     = errors.New("buffer size")
 	ErrAddrFamily     = errors.New("address family")
 	ErrInvalidPointer = errors.New("invalid pointer")
 	ErrSocketClosed   = fmt.Errorf("socket closed: %w", net.ErrClosed)
 )
 // todo(helsaawy): replace these with generics, ie: GetSockName[S RawSockaddr](s windows.Handle) (S, error)
 // GetSockName writes the local address of socket s to the [RawSockaddr] rsa.
 // If rsa is not large enough, the [windows.WSAEFAULT] is returned.
 func GetSockName(s windows.Handle, rsa RawSockaddr) error {
 	ptr, l, err := rsa.Sockaddr()
 	if err != nil {
 		return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
 	}
 	// although getsockname returns WSAEFAULT if the buffer is too small, it does not set
 	// &l to the correct size, so--apart from doubling the buffer repeatedly--there is no remedy
 	return getsockname(s, ptr, &l)
 }
 // GetPeerName returns the remote address the socket is connected to.
 //
 // See [GetSockName] for more information.
 func GetPeerName(s windows.Handle, rsa RawSockaddr) error {
 	ptr, l, err := rsa.Sockaddr()
 	if err != nil {
 		return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
 	}
 	return getpeername(s, ptr, &l)
 }
 func Bind(s windows.Handle, rsa RawSockaddr) (err error) {
 	ptr, l, err := rsa.Sockaddr()
 	if err != nil {
 		return fmt.Errorf("could not retrieve socket pointer and size: %w", err)
 	}
 	return bind(s, ptr, l)
 }
 // "golang.org/x/sys/windows".ConnectEx and .Bind only accept internal implementations of the
 // their sockaddr interface, so they cannot be used with HvsockAddr
 // Replicate functionality here from
 // https://cs.opensource.google/go/x/sys/+/master:windows/syscall_windows.go
 // The function pointers to `AcceptEx`, `ConnectEx` and `GetAcceptExSockaddrs` must be loaded at
 // runtime via a WSAIoctl call:
 // https://docs.microsoft.com/en-us/windows/win32/api/Mswsock/nc-mswsock-lpfn_connectex#remarks
 type runtimeFunc struct {
 	id   guid.GUID
 	once sync.Once
 	addr uintptr
 	err  error
 }
 func (f *runtimeFunc) Load() error {
 	f.once.Do(func() {
 		var s windows.Handle
 		s, f.err = windows.Socket(windows.AF_INET, windows.SOCK_STREAM, windows.IPPROTO_TCP)
 		if f.err != nil {
 			return
 		}
 		defer windows.CloseHandle(s) //nolint:errcheck
 		var n uint32
 		f.err = windows.WSAIoctl(s,
 			windows.SIO_GET_EXTENSION_FUNCTION_POINTER,
 			(*byte)(unsafe.Pointer(&f.id)),
 			uint32(unsafe.Sizeof(f.id)),
 			(*byte)(unsafe.Pointer(&f.addr)),
 			uint32(unsafe.Sizeof(f.addr)),
 			&n,
 			nil, // overlapped
 			0,   // completionRoutine
 		)
 	})
 	return f.err
 }
 var (
 	// todo: add `AcceptEx` and `GetAcceptExSockaddrs`
 	WSAID_CONNECTEX = guid.GUID{ //revive:disable-line:var-naming ALL_CAPS
 		Data1: 0x25a207b9,
 		Data2: 0xddf3,
 		Data3: 0x4660,
 		Data4: [8]byte{0x8e, 0xe9, 0x76, 0xe5, 0x8c, 0x74, 0x06, 0x3e},
 	}
 	connectExFunc = runtimeFunc{id: WSAID_CONNECTEX}
 )
 func ConnectEx(
 	fd windows.Handle,
 	rsa RawSockaddr,
 	sendBuf *byte,
 	sendDataLen uint32,
 	bytesSent *uint32,
 	overlapped *windows.Overlapped,
 ) error {
 	if err := connectExFunc.Load(); err != nil {
 		return fmt.Errorf("failed to load ConnectEx function pointer: %w", err)
 	}
 	ptr, n, err := rsa.Sockaddr()
 	if err != nil {
 		return err
 	}
 	return connectEx(fd, ptr, n, sendBuf, sendDataLen, bytesSent, overlapped)
 }
 // BOOL LpfnConnectex(
 //   [in]           SOCKET s,
 //   [in]           const sockaddr *name,
 //   [in]           int namelen,
 //   [in, optional] PVOID lpSendBuffer,
 //   [in]           DWORD dwSendDataLength,
 //   [out]          LPDWORD lpdwBytesSent,
 //   [in]           LPOVERLAPPED lpOverlapped
 // )
 func connectEx(
 	s windows.Handle,
 	name unsafe.Pointer,
 	namelen int32,
 	sendBuf *byte,
 	sendDataLen uint32,
 	bytesSent *uint32,
 	overlapped *windows.Overlapped,
 ) (err error) {
 	// todo: after upgrading to 1.18, switch from syscall.Syscall9 to syscall.SyscallN
 	r1, _, e1 := syscall.Syscall9(connectExFunc.addr,
 		7,
 		uintptr(s),
 		uintptr(name),
 		uintptr(namelen),
 		uintptr(unsafe.Pointer(sendBuf)),
 		uintptr(sendDataLen),
 		uintptr(unsafe.Pointer(bytesSent)),
 		uintptr(unsafe.Pointer(overlapped)),
 		0,
 		0)
 	if r1 == 0 {
 		if e1 != 0 {
 			err = error(e1)
 		} else {
 			err = syscall.EINVAL
 		}
 	}
 	return err
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go
@ -1,72 +0,0 @@
 //go:build windows
 // Code generated by 'go generate' using "github.com/Microsoft/go-winio/tools/mkwinsyscall"; DO NOT EDIT.
 package socket
 import (
 	"syscall"
 	"unsafe"
 	"golang.org/x/sys/windows"
 )
 var _ unsafe.Pointer
 // Do the interface allocations only once for common
 // Errno values.
 const (
 	errnoERROR_IO_PENDING = 997
 )
 var (
 	errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING)
 	errERROR_EINVAL     error = syscall.EINVAL
 )
 // errnoErr returns common boxed Errno values, to prevent
 // allocations at runtime.
 func errnoErr(e syscall.Errno) error {
 	switch e {
 	case 0:
 		return errERROR_EINVAL
 	case errnoERROR_IO_PENDING:
 		return errERROR_IO_PENDING
 	}
 	// TODO: add more here, after collecting data on the common
 	// error values see on Windows. (perhaps when running
 	// all.bat?)
 	return e
 }
 var (
 	modws2_32 = windows.NewLazySystemDLL("ws2_32.dll")
 	procbind        = modws2_32.NewProc("bind")
 	procgetpeername = modws2_32.NewProc("getpeername")
 	procgetsockname = modws2_32.NewProc("getsockname")
 )
 func bind(s windows.Handle, name unsafe.Pointer, namelen int32) (err error) {
 	r1, _, e1 := syscall.Syscall(procbind.Addr(), 3, uintptr(s), uintptr(name), uintptr(namelen))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
 	return
 }
 func getpeername(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
 	r1, _, e1 := syscall.Syscall(procgetpeername.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
 	return
 }
 func getsockname(s windows.Handle, name unsafe.Pointer, namelen *int32) (err error) {
 	r1, _, e1 := syscall.Syscall(procgetsockname.Addr(), 3, uintptr(s), uintptr(name), uintptr(unsafe.Pointer(namelen)))
 	if r1 == socketError {
 		err = errnoErr(e1)
 	}
 	return
 }
--- a/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
+++ b/vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go
@ -1,132 +0,0 @@
 package stringbuffer
 import (
 	"sync"
 	"unicode/utf16"
 )
 // TODO: worth exporting and using in mkwinsyscall?
 // Uint16BufferSize is the buffer size in the pool, chosen somewhat arbitrarily to accommodate
 // large path strings:
 // MAX_PATH (260) + size of volume GUID prefix (49) + null terminator = 310.
 const MinWStringCap = 310
 // use *[]uint16 since []uint16 creates an extra allocation where the slice header
 // is copied to heap and then referenced via pointer in the interface header that sync.Pool
 // stores.
 var pathPool = sync.Pool{ // if go1.18+ adds Pool[T], use that to store []uint16 directly
 	New: func() interface{} {
 		b := make([]uint16, MinWStringCap)
 		return &b
 	},
 }
 func newBuffer() []uint16 { return *(pathPool.Get().(*[]uint16)) }
 // freeBuffer copies the slice header data, and puts a pointer to that in the pool.
 // This avoids taking a pointer to the slice header in WString, which can be set to nil.
 func freeBuffer(b []uint16) { pathPool.Put(&b) }
 // WString is a wide string buffer ([]uint16) meant for storing UTF-16 encoded strings
 // for interacting with Win32 APIs.
 // Sizes are specified as uint32 and not int.
 //
 // It is not thread safe.
 type WString struct {
 	// type-def allows casting to []uint16 directly, use struct to prevent that and allow adding fields in the future.
 	// raw buffer
 	b []uint16
 }
 // NewWString returns a [WString] allocated from a shared pool with an
 // initial capacity of at least [MinWStringCap].
 // Since the buffer may have been previously used, its contents are not guaranteed to be empty.
 //
 // The buffer should be freed via [WString.Free]
 func NewWString() *WString {
 	return &WString{
 		b: newBuffer(),
 	}
 }
 func (b *WString) Free() {
 	if b.empty() {
 		return
 	}
 	freeBuffer(b.b)
 	b.b = nil
 }
 // ResizeTo grows the buffer to at least c and returns the new capacity, freeing the
 // previous buffer back into pool.
 func (b *WString) ResizeTo(c uint32) uint32 {
 	// allready sufficient (or n is 0)
 	if c <= b.Cap() {
 		return b.Cap()
 	}
 	if c <= MinWStringCap {
 		c = MinWStringCap
 	}
 	// allocate at-least double buffer size, as is done in [bytes.Buffer] and other places
 	if c <= 2*b.Cap() {
 		c = 2 * b.Cap()
 	}
 	b2 := make([]uint16, c)
 	if !b.empty() {
 		copy(b2, b.b)
 		freeBuffer(b.b)
 	}
 	b.b = b2
 	return c
 }
 // Buffer returns the underlying []uint16 buffer.
 func (b *WString) Buffer() []uint16 {
 	if b.empty() {
 		return nil
 	}
 	return b.b
 }
 // Pointer returns a pointer to the first uint16 in the buffer.
 // If the [WString.Free] has already been called, the pointer will be nil.
 func (b *WString) Pointer() *uint16 {
 	if b.empty() {
 		return nil
 	}
 	return &b.b[0]
 }
 // String returns the returns the UTF-8 encoding of the UTF-16 string in the buffer.
 //
 // It assumes that the data is null-terminated.
 func (b *WString) String() string {
 	// Using [windows.UTF16ToString] would require importing "golang.org/x/sys/windows"
 	// and would make this code Windows-only, which makes no sense.
 	// So copy UTF16ToString code into here.
 	// If other windows-specific code is added, switch to [windows.UTF16ToString]
 	s := b.b
 	for i, v := range s {
 		if v == 0 {
 			s = s[:i]
 			break
 		}
 	}
 	return string(utf16.Decode(s))
 }
 // Cap returns the underlying buffer capacity.
 func (b *WString) Cap() uint32 {
 	if b.empty() {
 		return 0
 	}
 	return b.cap()
 }
 func (b *WString) cap() uint32 { return uint32(cap(b.b)) }
 func (b *WString) empty() bool { return b == nil || b.cap() == 0 }
--- a/vendor/github.com/Microsoft/go-winio/pipe.go
+++ b/vendor/github.com/Microsoft/go-winio/pipe.go
@ -1,4 +1,3 @@
 //go:build windows
 // +build windows
 package winio
@ -14,21 +13,18 @@ import (
 	"syscall"
 	"time"
 	"unsafe"
 	"golang.org/x/sys/windows"
 	"github.com/Microsoft/go-winio/internal/fs"
 )
 //sys connectNamedPipe(pipe syscall.Handle, o *syscall.Overlapped) (err error) = ConnectNamedPipe
 //sys createNamedPipe(name string, flags uint32, pipeMode uint32, maxInstances uint32, outSize uint32, inSize uint32, defaultTimeout uint32, sa *syscall.SecurityAttributes) (handle syscall.Handle, err error)  [failretval==syscall.InvalidHandle] = CreateNamedPipeW
 //sys createFile(name string, access uint32, mode uint32, sa *syscall.SecurityAttributes, createmode uint32, attrs uint32, templatefile syscall.Handle) (handle syscall.Handle, err error) [failretval==syscall.InvalidHandle] = CreateFileW
 //sys getNamedPipeInfo(pipe syscall.Handle, flags *uint32, outSize *uint32, inSize *uint32, maxInstances *uint32) (err error) = GetNamedPipeInfo
 //sys getNamedPipeHandleState(pipe syscall.Handle, state *uint32, curInstances *uint32, maxCollectionCount *uint32, collectDataTimeout *uint32, userName *uint16, maxUserNameSize uint32) (err error) = GetNamedPipeHandleStateW
 //sys localAlloc(uFlags uint32, length uint32) (ptr uintptr) = LocalAlloc
-//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntStatus) = ntdll.NtCreateNamedPipeFile
+//sys ntCreateNamedPipeFile(pipe *syscall.Handle, access uint32, oa *objectAttributes, iosb *ioStatusBlock, share uint32, disposition uint32, options uint32, typ uint32, readMode uint32, completionMode uint32, maxInstances uint32, inboundQuota uint32, outputQuota uint32, timeout *int64) (status ntstatus) = ntdll.NtCreateNamedPipeFile
-//sys rtlNtStatusToDosError(status ntStatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
+//sys rtlNtStatusToDosError(status ntstatus) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb
-//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntStatus) = ntdll.RtlDosPathNameToNtPathName_U
+//sys rtlDosPathNameToNtPathName(name *uint16, ntName *unicodeString, filePart uintptr, reserved uintptr) (status ntstatus) = ntdll.RtlDosPathNameToNtPathName_U
-//sys rtlDefaultNpAcl(dacl *uintptr) (status ntStatus) = ntdll.RtlDefaultNpAcl
+//sys rtlDefaultNpAcl(dacl *uintptr) (status ntstatus) = ntdll.RtlDefaultNpAcl
 type ioStatusBlock struct {
 	Status, Information uintptr
@ -55,22 +51,45 @@ type securityDescriptor struct {
 	Control  uint16
 	Owner    uintptr
 	Group    uintptr
-	Sacl     uintptr //revive:disable-line:var-naming SACL, not Sacl
+	Sacl     uintptr
-	Dacl     uintptr //revive:disable-line:var-naming DACL, not Dacl
+	Dacl     uintptr
 }
-type ntStatus int32
+type ntstatus int32
-func (status ntStatus) Err() error {
+func (status ntstatus) Err() error {
 	if status >= 0 {
 		return nil
 	}
 	return rtlNtStatusToDosError(status)
 }
 const (
 	cERROR_PIPE_BUSY      = syscall.Errno(231)
 	cERROR_NO_DATA        = syscall.Errno(232)
 	cERROR_PIPE_CONNECTED = syscall.Errno(535)
 	cERROR_SEM_TIMEOUT    = syscall.Errno(121)
 	cSECURITY_SQOS_PRESENT = 0x100000
 	cSECURITY_ANONYMOUS    = 0
 	cPIPE_TYPE_MESSAGE = 4
 	cPIPE_READMODE_MESSAGE = 2
 	cFILE_OPEN   = 1
 	cFILE_CREATE = 2
 	cFILE_PIPE_MESSAGE_TYPE          = 1
 	cFILE_PIPE_REJECT_REMOTE_CLIENTS = 2
 	cSE_DACL_PRESENT = 4
 )
 var (
 	// ErrPipeListenerClosed is returned for pipe operations on listeners that have been closed.
-	ErrPipeListenerClosed = net.ErrClosed
+	// This error should match net.errClosing since docker takes a dependency on its text.
 	ErrPipeListenerClosed = errors.New("use of closed network connection")
 	errPipeWriteClosed = errors.New("pipe has been closed for write")
 )
@ -97,10 +116,9 @@ func (f *win32Pipe) RemoteAddr() net.Addr {
 }
 func (f *win32Pipe) SetDeadline(t time.Time) error {
-	if err := f.SetReadDeadline(t); err != nil {
+	f.SetReadDeadline(t)
-		return err
+	f.SetWriteDeadline(t)
-	}
+	return nil
 	return f.SetWriteDeadline(t)
 }
 // CloseWrite closes the write side of a message pipe in byte mode.
@ -139,14 +157,14 @@ func (f *win32MessageBytePipe) Read(b []byte) (int, error) {
 		return 0, io.EOF
 	}
 	n, err := f.win32File.Read(b)
-	if err == io.EOF { //nolint:errorlint
+	if err == io.EOF {
 		// If this was the result of a zero-byte read, then
 		// it is possible that the read was due to a zero-size
 		// message. Since we are simulating CloseWrite with a
 		// zero-byte message, ensure that all future Read() calls
 		// also return EOF.
 		f.readEOF = true
-	} else if err == syscall.ERROR_MORE_DATA { //nolint:errorlint // err is Errno
+	} else if err == syscall.ERROR_MORE_DATA {
 		// ERROR_MORE_DATA indicates that the pipe's read mode is message mode
 		// and the message still has more bytes. Treat this as a success, since
 		// this package presents all named pipes as byte streams.
@ -155,7 +173,7 @@ func (f *win32MessageBytePipe) Read(b []byte) (int, error) {
 	return n, err
 }
-func (pipeAddress) Network() string {
+func (s pipeAddress) Network() string {
 	return "pipe"
 }
@ -164,30 +182,22 @@ func (s pipeAddress) String() string {
 }
 // tryDialPipe attempts to dial the pipe at `path` until `ctx` cancellation or timeout.
-func tryDialPipe(ctx context.Context, path *string, access fs.AccessMask) (syscall.Handle, error) {
+func tryDialPipe(ctx context.Context, path *string) (syscall.Handle, error) {
 	for {
 		select {
 		case <-ctx.Done():
 			return syscall.Handle(0), ctx.Err()
 		default:
-			wh, err := fs.CreateFile(*path,
+			h, err := createFile(*path, syscall.GENERIC_READ|syscall.GENERIC_WRITE, 0, nil, syscall.OPEN_EXISTING, syscall.FILE_FLAG_OVERLAPPED|cSECURITY_SQOS_PRESENT|cSECURITY_ANONYMOUS, 0)
 				access,
 				0,   // mode
 				nil, // security attributes
 				fs.OPEN_EXISTING,
 				fs.FILE_FLAG_OVERLAPPED|fs.SECURITY_SQOS_PRESENT|fs.SECURITY_ANONYMOUS,
 				0, // template file handle
 			)
 			h := syscall.Handle(wh)
 			if err == nil {
 				return h, nil
 			}
-			if err != windows.ERROR_PIPE_BUSY { //nolint:errorlint // err is Errno
+			if err != cERROR_PIPE_BUSY {
 				return h, &os.PathError{Err: err, Op: "open", Path: *path}
 			}
 			// Wait 10 msec and try again. This is a rather simplistic
 			// view, as we always try each 10 milliseconds.
-			time.Sleep(10 * time.Millisecond)
+			time.Sleep(time.Millisecond * 10)
 		}
 	}
 }
@ -200,12 +210,11 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 	if timeout != nil {
 		absTimeout = time.Now().Add(*timeout)
 	} else {
-		absTimeout = time.Now().Add(2 * time.Second)
+		absTimeout = time.Now().Add(time.Second * 2)
 	}
-	ctx, cancel := context.WithDeadline(context.Background(), absTimeout)
+	ctx, _ := context.WithDeadline(context.Background(), absTimeout)
 	defer cancel()
 	conn, err := DialPipeContext(ctx, path)
-	if errors.Is(err, context.DeadlineExceeded) {
+	if err == context.DeadlineExceeded {
 		return nil, ErrTimeout
 	}
 	return conn, err
@ -214,15 +223,9 @@ func DialPipe(path string, timeout *time.Duration) (net.Conn, error) {
 // DialPipeContext attempts to connect to a named pipe by `path` until `ctx`
 // cancellation or timeout.
 func DialPipeContext(ctx context.Context, path string) (net.Conn, error) {
 	return DialPipeAccess(ctx, path, syscall.GENERIC_READ|syscall.GENERIC_WRITE)
 }
 // DialPipeAccess attempts to connect to a named pipe by `path` with `access` until `ctx`
 // cancellation or timeout.
 func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn, error) {
 	var err error
 	var h syscall.Handle
-	h, err = tryDialPipe(ctx, &path, fs.AccessMask(access))
+	h, err = tryDialPipe(ctx, &path)
 	if err != nil {
 		return nil, err
 	}
@ -241,7 +244,7 @@ func DialPipeAccess(ctx context.Context, path string, access uint32) (net.Conn,
 	// If the pipe is in message mode, return a message byte pipe, which
 	// supports CloseWrite().
-	if flags&windows.PIPE_TYPE_MESSAGE != 0 {
+	if flags&cPIPE_TYPE_MESSAGE != 0 {
 		return &win32MessageBytePipe{
 			win32Pipe: win32Pipe{win32File: f, path: path},
 		}, nil
@ -273,22 +276,17 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 	oa.Length = unsafe.Sizeof(oa)
 	var ntPath unicodeString
-	if err := rtlDosPathNameToNtPathName(&path16[0],
+	if err := rtlDosPathNameToNtPathName(&path16[0], &ntPath, 0, 0).Err(); err != nil {
 		&ntPath,
 		0,
 		0,
 	).Err(); err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
 	defer localFree(ntPath.Buffer)
 	oa.ObjectName = &ntPath
 	oa.Attributes = windows.OBJ_CASE_INSENSITIVE
 	// The security descriptor is only needed for the first pipe.
 	if first {
 		if sd != nil {
-			l := uint32(len(sd))
+			len := uint32(len(sd))
-			sdb := localAlloc(0, l)
+			sdb := localAlloc(0, len)
 			defer localFree(sdb)
 			copy((*[0xffff]byte)(unsafe.Pointer(sdb))[:], sd)
 			oa.SecurityDescriptor = (*securityDescriptor)(unsafe.Pointer(sdb))
@ -296,28 +294,28 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 			// Construct the default named pipe security descriptor.
 			var dacl uintptr
 			if err := rtlDefaultNpAcl(&dacl).Err(); err != nil {
-				return 0, fmt.Errorf("getting default named pipe ACL: %w", err)
+				return 0, fmt.Errorf("getting default named pipe ACL: %s", err)
 			}
 			defer localFree(dacl)
 			sdb := &securityDescriptor{
 				Revision: 1,
-				Control:  windows.SE_DACL_PRESENT,
+				Control:  cSE_DACL_PRESENT,
 				Dacl:     dacl,
 			}
 			oa.SecurityDescriptor = sdb
 		}
 	}
-	typ := uint32(windows.FILE_PIPE_REJECT_REMOTE_CLIENTS)
+	typ := uint32(cFILE_PIPE_REJECT_REMOTE_CLIENTS)
 	if c.MessageMode {
-		typ |= windows.FILE_PIPE_MESSAGE_TYPE
+		typ |= cFILE_PIPE_MESSAGE_TYPE
 	}
-	disposition := uint32(windows.FILE_OPEN)
+	disposition := uint32(cFILE_OPEN)
 	access := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | syscall.SYNCHRONIZE)
 	if first {
-		disposition = windows.FILE_CREATE
+		disposition = cFILE_CREATE
 		// By not asking for read or write access, the named pipe file system
 		// will put this pipe into an initially disconnected state, blocking
 		// client connections until the next call with first == false.
@ -330,20 +328,7 @@ func makeServerPipeHandle(path string, sd []byte, c *PipeConfig, first bool) (sy
 		h    syscall.Handle
 		iosb ioStatusBlock
 	)
-	err = ntCreateNamedPipeFile(&h,
+	err = ntCreateNamedPipeFile(&h, access, &oa, &iosb, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE, disposition, 0, typ, 0, 0, 0xffffffff, uint32(c.InputBufferSize), uint32(c.OutputBufferSize), &timeout).Err()
 		access,
 		&oa,
 		&iosb,
 		syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE,
 		disposition,
 		0,
 		typ,
 		0,
 		0,
 		0xffffffff,
 		uint32(c.InputBufferSize),
 		uint32(c.OutputBufferSize),
 		&timeout).Err()
 	if err != nil {
 		return 0, &os.PathError{Op: "open", Path: path, Err: err}
 	}
@ -388,7 +373,7 @@ func (l *win32PipeListener) makeConnectedServerPipe() (*win32File, error) {
 		p.Close()
 		p = nil
 		err = <-ch
-		if err == nil || err == ErrFileClosed { //nolint:errorlint // err is Errno
+		if err == nil || err == ErrFileClosed {
 			err = ErrPipeListenerClosed
 		}
 	}
@ -410,12 +395,12 @@ func (l *win32PipeListener) listenerRoutine() {
 				p, err = l.makeConnectedServerPipe()
 				// If the connection was immediately closed by the client, try
 				// again.
-				if err != windows.ERROR_NO_DATA { //nolint:errorlint // err is Errno
+				if err != cERROR_NO_DATA {
 					break
 				}
 			}
 			responseCh <- acceptResponse{p, err}
-			closed = err == ErrPipeListenerClosed //nolint:errorlint // err is Errno
+			closed = err == ErrPipeListenerClosed
 		}
 	}
 	syscall.Close(l.firstHandle)
@ -437,10 +422,10 @@ type PipeConfig struct {
 	// when the pipe is in message mode.
 	MessageMode bool
-	// InputBufferSize specifies the size of the input buffer, in bytes.
+	// InputBufferSize specifies the size the input buffer, in bytes.
 	InputBufferSize int32
-	// OutputBufferSize specifies the size of the output buffer, in bytes.
+	// OutputBufferSize specifies the size the input buffer, in bytes.
 	OutputBufferSize int32
 }
@ -477,15 +462,15 @@ func ListenPipe(path string, c *PipeConfig) (net.Listener, error) {
 }
 func connectPipe(p *win32File) error {
-	c, err := p.prepareIO()
+	c, err := p.prepareIo()
 	if err != nil {
 		return err
 	}
 	defer p.wg.Done()
 	err = connectNamedPipe(p.handle, &c.o)
-	_, err = p.asyncIO(c, nil, 0, err)
+	_, err = p.asyncIo(c, nil, 0, err)
-	if err != nil && err != windows.ERROR_PIPE_CONNECTED { //nolint:errorlint // err is Errno
+	if err != nil && err != cERROR_PIPE_CONNECTED {
 		return err
 	}
 	return nil
--- a/Show More
+++ b/Show More
		`@ -1,3 +0,0 @@`
			`// This file only exists to allow go get on non-Windows platforms.`

			`package backuptar`
		`@ -1,2 +0,0 @@`
			`// This package contains Win32 filesystem functionality.`
			`package fs`